Message	Id	Version	Qualifiers	Level	Task	Opcode	Keywords	RecordId	ProviderName	ProviderId	LogName	ProcessId	ThreadId	MachineName	UserId	TimeCreated	ActivityId	RelatedActivityId	ContainerLog	MatchedQueryIds	Bookmark	LevelDisplayName	OpcodeDisplayName	TaskDisplayName	KeywordsDisplayNames	Properties
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50ce6d8b-c9e0-4a29-9913-8d1efda8368d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA= EngineVersion=5.1.14393.1944 RunspaceId=2e9a8e21-683f-4311-b654-8f979c13d51f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3127	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50ce6d8b-c9e0-4a29-9913-8d1efda8368d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3126	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50ce6d8b-c9e0-4a29-9913-8d1efda8368d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3125	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50ce6d8b-c9e0-4a29-9913-8d1efda8368d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3124	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50ce6d8b-c9e0-4a29-9913-8d1efda8368d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3123	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50ce6d8b-c9e0-4a29-9913-8d1efda8368d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3122	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50ce6d8b-c9e0-4a29-9913-8d1efda8368d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3121	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=dcae30e3-be34-408f-932e-96f109073870 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a32666ef-7e49-48fc-853f-639d0fd2bd18 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	3120	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dcae30e3-be34-408f-932e-96f109073870 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a32666ef-7e49-48fc-853f-639d0fd2bd18 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3119	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dcae30e3-be34-408f-932e-96f109073870 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3118	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dcae30e3-be34-408f-932e-96f109073870 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3117	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dcae30e3-be34-408f-932e-96f109073870 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3116	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dcae30e3-be34-408f-932e-96f109073870 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3115	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dcae30e3-be34-408f-932e-96f109073870 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3114	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dcae30e3-be34-408f-932e-96f109073870 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3113	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dcae30e3-be34-408f-932e-96f109073870 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3112	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dcae30e3-be34-408f-932e-96f109073870 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3111	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2e48be9a-9a71-4a4c-ab7a-6ed27e9c71a1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7f1921ef-599c-4e91-9131-51536f33bef0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3110	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2e48be9a-9a71-4a4c-ab7a-6ed27e9c71a1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3109	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2e48be9a-9a71-4a4c-ab7a-6ed27e9c71a1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3108	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2e48be9a-9a71-4a4c-ab7a-6ed27e9c71a1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3107	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2e48be9a-9a71-4a4c-ab7a-6ed27e9c71a1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3106	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2e48be9a-9a71-4a4c-ab7a-6ed27e9c71a1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3105	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2e48be9a-9a71-4a4c-ab7a-6ed27e9c71a1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3104	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6e6e3d2-fa26-4648-ac62-dcc4ec9247b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA1AEEARABBAEEATQBBAEEAdQBBAEQAZwBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQA1AEEARABNAEEATwBBAEEAeQBBAEQASQBBAE4AdwBBADQAQQBEAEkAQQBNAGcAQQB6AEEARABrAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=96765f08-1d8c-4819-9348-ae670369a991 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3103	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5ed5b314-c622-4358-a0c3-303f95784278 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA5ADAAMAAuADgANwAtADIAMQA5ADMAOAAyADIANwA4ADIAMgAzADkANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=0f15488c-628b-4d6a-b4f1-509d858469bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3102	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5ed5b314-c622-4358-a0c3-303f95784278 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA5ADAAMAAuADgANwAtADIAMQA5ADMAOAAyADIANwA4ADIAMgAzADkANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=0f15488c-628b-4d6a-b4f1-509d858469bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3101	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5ed5b314-c622-4358-a0c3-303f95784278 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA5ADAAMAAuADgANwAtADIAMQA5ADMAOAAyADIANwA4ADIAMgAzADkANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3100	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5ed5b314-c622-4358-a0c3-303f95784278 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA5ADAAMAAuADgANwAtADIAMQA5ADMAOAAyADIANwA4ADIAMgAzADkANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3099	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5ed5b314-c622-4358-a0c3-303f95784278 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA5ADAAMAAuADgANwAtADIAMQA5ADMAOAAyADIANwA4ADIAMgAzADkANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3098	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5ed5b314-c622-4358-a0c3-303f95784278 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA5ADAAMAAuADgANwAtADIAMQA5ADMAOAAyADIANwA4ADIAMgAzADkANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3097	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5ed5b314-c622-4358-a0c3-303f95784278 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA5ADAAMAAuADgANwAtADIAMQA5ADMAOAAyADIANwA4ADIAMgAzADkANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3096	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5ed5b314-c622-4358-a0c3-303f95784278 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA5ADAAMAAuADgANwAtADIAMQA5ADMAOAAyADIANwA4ADIAMgAzADkANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3095	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6e6e3d2-fa26-4648-ac62-dcc4ec9247b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA1AEEARABBAEEATQBBAEEAdQBBAEQAZwBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQA1AEEARABNAEEATwBBAEEAeQBBAEQASQBBAE4AdwBBADQAQQBEAEkAQQBNAGcAQQB6AEEARABrAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=96765f08-1d8c-4819-9348-ae670369a991 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3094	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6e6e3d2-fa26-4648-ac62-dcc4ec9247b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA1AEEARABBAEEATQBBAEEAdQBBAEQAZwBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQA1AEEARABNAEEATwBBAEEAeQBBAEQASQBBAE4AdwBBADQAQQBEAEkAQQBNAGcAQQB6AEEARABrAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3093	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6e6e3d2-fa26-4648-ac62-dcc4ec9247b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA1AEEARABBAEEATQBBAEEAdQBBAEQAZwBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQA1AEEARABNAEEATwBBAEEAeQBBAEQASQBBAE4AdwBBADQAQQBEAEkAQQBNAGcAQQB6AEEARABrAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3092	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6e6e3d2-fa26-4648-ac62-dcc4ec9247b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA1AEEARABBAEEATQBBAEEAdQBBAEQAZwBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQA1AEEARABNAEEATwBBAEEAeQBBAEQASQBBAE4AdwBBADQAQQBEAEkAQQBNAGcAQQB6AEEARABrAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3091	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6e6e3d2-fa26-4648-ac62-dcc4ec9247b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA1AEEARABBAEEATQBBAEEAdQBBAEQAZwBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQA1AEEARABNAEEATwBBAEEAeQBBAEQASQBBAE4AdwBBADQAQQBEAEkAQQBNAGcAQQB6AEEARABrAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3090	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6e6e3d2-fa26-4648-ac62-dcc4ec9247b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA1AEEARABBAEEATQBBAEEAdQBBAEQAZwBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQA1AEEARABNAEEATwBBAEEAeQBBAEQASQBBAE4AdwBBADQAQQBEAEkAQQBNAGcAQQB6AEEARABrAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3089	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6e6e3d2-fa26-4648-ac62-dcc4ec9247b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA1AEEARABBAEEATQBBAEEAdQBBAEQAZwBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQA1AEEARABNAEEATwBBAEEAeQBBAEQASQBBAE4AdwBBADQAQQBEAEkAQQBNAGcAQQB6AEEARABrAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3088	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=55f4f556-08ac-4e11-b91a-cf03a0c75ab1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=414f14c8-acc5-4013-a3d0-ce589f547f9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3087	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bce2dc46-3052-4ddc-ab9b-8dd25bbda19a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a0f19cb4-3115-4cb4-87e1-c67eac4597cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3086	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bce2dc46-3052-4ddc-ab9b-8dd25bbda19a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3085	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bce2dc46-3052-4ddc-ab9b-8dd25bbda19a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3084	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bce2dc46-3052-4ddc-ab9b-8dd25bbda19a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3083	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bce2dc46-3052-4ddc-ab9b-8dd25bbda19a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3082	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bce2dc46-3052-4ddc-ab9b-8dd25bbda19a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3081	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bce2dc46-3052-4ddc-ab9b-8dd25bbda19a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3080	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bce2dc46-3052-4ddc-ab9b-8dd25bbda19a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3079	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bce2dc46-3052-4ddc-ab9b-8dd25bbda19a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3078	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=55f4f556-08ac-4e11-b91a-cf03a0c75ab1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=414f14c8-acc5-4013-a3d0-ce589f547f9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3077	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=55f4f556-08ac-4e11-b91a-cf03a0c75ab1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3076	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=55f4f556-08ac-4e11-b91a-cf03a0c75ab1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3075	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=55f4f556-08ac-4e11-b91a-cf03a0c75ab1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3074	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=55f4f556-08ac-4e11-b91a-cf03a0c75ab1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3073	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=55f4f556-08ac-4e11-b91a-cf03a0c75ab1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3072	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=55f4f556-08ac-4e11-b91a-cf03a0c75ab1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3071	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5691c709-78ac-4b53-8a4e-d839a8486a2e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA5ADAAMAAuADgANwAtADIAMQA5ADMAOAAyADIANwA4ADIAMgAzADkANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=7c47fe4e-a7c0-484c-be11-376b11bf6f9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3070	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5691c709-78ac-4b53-8a4e-d839a8486a2e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA5ADAAMAAuADgANwAtADIAMQA5ADMAOAAyADIANwA4ADIAMgAzADkANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=7c47fe4e-a7c0-484c-be11-376b11bf6f9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3069	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5691c709-78ac-4b53-8a4e-d839a8486a2e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA5ADAAMAAuADgANwAtADIAMQA5ADMAOAAyADIANwA4ADIAMgAzADkANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3068	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5691c709-78ac-4b53-8a4e-d839a8486a2e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA5ADAAMAAuADgANwAtADIAMQA5ADMAOAAyADIANwA4ADIAMgAzADkANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3067	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5691c709-78ac-4b53-8a4e-d839a8486a2e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA5ADAAMAAuADgANwAtADIAMQA5ADMAOAAyADIANwA4ADIAMgAzADkANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3066	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5691c709-78ac-4b53-8a4e-d839a8486a2e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA5ADAAMAAuADgANwAtADIAMQA5ADMAOAAyADIANwA4ADIAMgAzADkANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3065	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5691c709-78ac-4b53-8a4e-d839a8486a2e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA5ADAAMAAuADgANwAtADIAMQA5ADMAOAAyADIANwA4ADIAMgAzADkANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3064	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5691c709-78ac-4b53-8a4e-d839a8486a2e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA5ADAAMAAuADgANwAtADIAMQA5ADMAOAAyADIANwA4ADIAMgAzADkANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3063	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=321f7053-da69-4435-98ae-56ae1d954160 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d22fc6b6-baff-4f66-b179-fb4c119cc90b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3062	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0369040d-6a0d-4a50-b4d4-d1a2b2b47759 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a175139d-bb3a-44f3-bd8a-ac6969a6f665 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3061	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0369040d-6a0d-4a50-b4d4-d1a2b2b47759 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3060	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0369040d-6a0d-4a50-b4d4-d1a2b2b47759 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3059	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0369040d-6a0d-4a50-b4d4-d1a2b2b47759 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3058	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0369040d-6a0d-4a50-b4d4-d1a2b2b47759 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3057	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0369040d-6a0d-4a50-b4d4-d1a2b2b47759 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3056	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0369040d-6a0d-4a50-b4d4-d1a2b2b47759 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3055	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0369040d-6a0d-4a50-b4d4-d1a2b2b47759 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3054	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0369040d-6a0d-4a50-b4d4-d1a2b2b47759 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3053	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=321f7053-da69-4435-98ae-56ae1d954160 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d22fc6b6-baff-4f66-b179-fb4c119cc90b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3052	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=321f7053-da69-4435-98ae-56ae1d954160 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3051	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=321f7053-da69-4435-98ae-56ae1d954160 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3050	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=321f7053-da69-4435-98ae-56ae1d954160 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3049	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=321f7053-da69-4435-98ae-56ae1d954160 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3048	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=321f7053-da69-4435-98ae-56ae1d954160 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3047	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=321f7053-da69-4435-98ae-56ae1d954160 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3046	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6d8143c6-2dee-49b1-94fa-9fca1997955b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGsAQQBNAEEAQQB3AEEAQwA0AEEATwBBAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAGsAQQBNAHcAQQA0AEEARABJAEEATQBnAEEAMwBBAEQAZwBBAE0AZwBBAHkAQQBEAE0AQQBPAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=dc8a7dd2-8933-472e-a141-4ea54ef46ac4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3045	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=962ae89f-9bea-463d-84ac-ffde8014b242 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADkAMAAwAC4AOAA3AC0AMgAxADkAMwA4ADIAMgA3ADgAMgAyADMAOQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=2e3acb79-e39d-43fc-b4eb-dc720b07d133 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3044	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=962ae89f-9bea-463d-84ac-ffde8014b242 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADkAMAAwAC4AOAA3AC0AMgAxADkAMwA4ADIAMgA3ADgAMgAyADMAOQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=2e3acb79-e39d-43fc-b4eb-dc720b07d133 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3043	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=962ae89f-9bea-463d-84ac-ffde8014b242 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADkAMAAwAC4AOAA3AC0AMgAxADkAMwA4ADIAMgA3ADgAMgAyADMAOQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3042	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=962ae89f-9bea-463d-84ac-ffde8014b242 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADkAMAAwAC4AOAA3AC0AMgAxADkAMwA4ADIAMgA3ADgAMgAyADMAOQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3041	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=962ae89f-9bea-463d-84ac-ffde8014b242 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADkAMAAwAC4AOAA3AC0AMgAxADkAMwA4ADIAMgA3ADgAMgAyADMAOQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3040	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=962ae89f-9bea-463d-84ac-ffde8014b242 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADkAMAAwAC4AOAA3AC0AMgAxADkAMwA4ADIAMgA3ADgAMgAyADMAOQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3039	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=962ae89f-9bea-463d-84ac-ffde8014b242 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADkAMAAwAC4AOAA3AC0AMgAxADkAMwA4ADIAMgA3ADgAMgAyADMAOQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3038	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=962ae89f-9bea-463d-84ac-ffde8014b242 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADkAMAAwAC4AOAA3AC0AMgAxADkAMwA4ADIAMgA3ADgAMgAyADMAOQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3037	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6d8143c6-2dee-49b1-94fa-9fca1997955b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGsAQQBNAEEAQQB3AEEAQwA0AEEATwBBAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAGsAQQBNAHcAQQA0AEEARABJAEEATQBnAEEAMwBBAEQAZwBBAE0AZwBBAHkAQQBEAE0AQQBPAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=dc8a7dd2-8933-472e-a141-4ea54ef46ac4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3036	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6d8143c6-2dee-49b1-94fa-9fca1997955b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGsAQQBNAEEAQQB3AEEAQwA0AEEATwBBAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAGsAQQBNAHcAQQA0AEEARABJAEEATQBnAEEAMwBBAEQAZwBBAE0AZwBBAHkAQQBEAE0AQQBPAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3035	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6d8143c6-2dee-49b1-94fa-9fca1997955b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGsAQQBNAEEAQQB3AEEAQwA0AEEATwBBAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAGsAQQBNAHcAQQA0AEEARABJAEEATQBnAEEAMwBBAEQAZwBBAE0AZwBBAHkAQQBEAE0AQQBPAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3034	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6d8143c6-2dee-49b1-94fa-9fca1997955b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGsAQQBNAEEAQQB3AEEAQwA0AEEATwBBAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAGsAQQBNAHcAQQA0AEEARABJAEEATQBnAEEAMwBBAEQAZwBBAE0AZwBBAHkAQQBEAE0AQQBPAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3033	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6d8143c6-2dee-49b1-94fa-9fca1997955b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGsAQQBNAEEAQQB3AEEAQwA0AEEATwBBAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAGsAQQBNAHcAQQA0AEEARABJAEEATQBnAEEAMwBBAEQAZwBBAE0AZwBBAHkAQQBEAE0AQQBPAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3032	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6d8143c6-2dee-49b1-94fa-9fca1997955b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGsAQQBNAEEAQQB3AEEAQwA0AEEATwBBAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAGsAQQBNAHcAQQA0AEEARABJAEEATQBnAEEAMwBBAEQAZwBBAE0AZwBBAHkAQQBEAE0AQQBPAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3031	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6d8143c6-2dee-49b1-94fa-9fca1997955b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGsAQQBNAEEAQQB3AEEAQwA0AEEATwBBAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAGsAQQBNAHcAQQA0AEEARABJAEEATQBnAEEAMwBBAEQAZwBBAE0AZwBBAHkAQQBEAE0AQQBPAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3030	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a497ea36-4f90-409c-8d1e-e3db21550303 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA0AEEARABrAEEATgBnAEEAdQBBAEQAWQBBAE4AdwBBAHQAQQBEAEUAQQBNAEEAQQA0AEEARABJAEEATwBRAEEAMwBBAEQAYwBBAE8AUQBBADEAQQBEAEEAQQBPAFEAQQA0AEEARABBAEEATwBBAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=cc7f5a94-da50-494b-b1f7-7eb53fa1caa4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3029	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2670eb0b-8281-4ebd-8ddf-f35c336d6de6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkANgAuADYANwAtADEAMAA4ADIAOQA3ADcAOQA1ADAAOQA4ADAAOAAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=1ed698dd-7d64-4aa1-8c81-31f510d54613 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3028	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2670eb0b-8281-4ebd-8ddf-f35c336d6de6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkANgAuADYANwAtADEAMAA4ADIAOQA3ADcAOQA1ADAAOQA4ADAAOAAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=1ed698dd-7d64-4aa1-8c81-31f510d54613 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3027	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2670eb0b-8281-4ebd-8ddf-f35c336d6de6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkANgAuADYANwAtADEAMAA4ADIAOQA3ADcAOQA1ADAAOQA4ADAAOAAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3026	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2670eb0b-8281-4ebd-8ddf-f35c336d6de6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkANgAuADYANwAtADEAMAA4ADIAOQA3ADcAOQA1ADAAOQA4ADAAOAAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3025	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2670eb0b-8281-4ebd-8ddf-f35c336d6de6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkANgAuADYANwAtADEAMAA4ADIAOQA3ADcAOQA1ADAAOQA4ADAAOAAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3024	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2670eb0b-8281-4ebd-8ddf-f35c336d6de6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkANgAuADYANwAtADEAMAA4ADIAOQA3ADcAOQA1ADAAOQA4ADAAOAAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3023	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2670eb0b-8281-4ebd-8ddf-f35c336d6de6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkANgAuADYANwAtADEAMAA4ADIAOQA3ADcAOQA1ADAAOQA4ADAAOAAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3022	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2670eb0b-8281-4ebd-8ddf-f35c336d6de6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkANgAuADYANwAtADEAMAA4ADIAOQA3ADcAOQA1ADAAOQA4ADAAOAAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3021	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a497ea36-4f90-409c-8d1e-e3db21550303 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA0AEEARABrAEEATgBnAEEAdQBBAEQAWQBBAE4AdwBBAHQAQQBEAEUAQQBNAEEAQQA0AEEARABJAEEATwBRAEEAMwBBAEQAYwBBAE8AUQBBADEAQQBEAEEAQQBPAFEAQQA0AEEARABBAEEATwBBAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=cc7f5a94-da50-494b-b1f7-7eb53fa1caa4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3020	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a497ea36-4f90-409c-8d1e-e3db21550303 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA0AEEARABrAEEATgBnAEEAdQBBAEQAWQBBAE4AdwBBAHQAQQBEAEUAQQBNAEEAQQA0AEEARABJAEEATwBRAEEAMwBBAEQAYwBBAE8AUQBBADEAQQBEAEEAQQBPAFEAQQA0AEEARABBAEEATwBBAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3019	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a497ea36-4f90-409c-8d1e-e3db21550303 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA0AEEARABrAEEATgBnAEEAdQBBAEQAWQBBAE4AdwBBAHQAQQBEAEUAQQBNAEEAQQA0AEEARABJAEEATwBRAEEAMwBBAEQAYwBBAE8AUQBBADEAQQBEAEEAQQBPAFEAQQA0AEEARABBAEEATwBBAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3018	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a497ea36-4f90-409c-8d1e-e3db21550303 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA0AEEARABrAEEATgBnAEEAdQBBAEQAWQBBAE4AdwBBAHQAQQBEAEUAQQBNAEEAQQA0AEEARABJAEEATwBRAEEAMwBBAEQAYwBBAE8AUQBBADEAQQBEAEEAQQBPAFEAQQA0AEEARABBAEEATwBBAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3017	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a497ea36-4f90-409c-8d1e-e3db21550303 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA0AEEARABrAEEATgBnAEEAdQBBAEQAWQBBAE4AdwBBAHQAQQBEAEUAQQBNAEEAQQA0AEEARABJAEEATwBRAEEAMwBBAEQAYwBBAE8AUQBBADEAQQBEAEEAQQBPAFEAQQA0AEEARABBAEEATwBBAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3016	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a497ea36-4f90-409c-8d1e-e3db21550303 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA0AEEARABrAEEATgBnAEEAdQBBAEQAWQBBAE4AdwBBAHQAQQBEAEUAQQBNAEEAQQA0AEEARABJAEEATwBRAEEAMwBBAEQAYwBBAE8AUQBBADEAQQBEAEEAQQBPAFEAQQA0AEEARABBAEEATwBBAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3015	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a497ea36-4f90-409c-8d1e-e3db21550303 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA0AEEARABrAEEATgBnAEEAdQBBAEQAWQBBAE4AdwBBAHQAQQBEAEUAQQBNAEEAQQA0AEEARABJAEEATwBRAEEAMwBBAEQAYwBBAE8AUQBBADEAQQBEAEEAQQBPAFEAQQA0AEEARABBAEEATwBBAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3014	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c34189e4-d64e-4b07-a168-57704fd899b4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ad525b43-90a3-4682-9c42-470a4cdb2ce5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3013	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=437f00de-c9b6-458b-9ce7-0b2ad12e43c1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=68e4da51-a764-4c13-a262-ae8536da0e01 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3012	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=437f00de-c9b6-458b-9ce7-0b2ad12e43c1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3011	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=437f00de-c9b6-458b-9ce7-0b2ad12e43c1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3010	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=437f00de-c9b6-458b-9ce7-0b2ad12e43c1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3009	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=437f00de-c9b6-458b-9ce7-0b2ad12e43c1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3008	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=437f00de-c9b6-458b-9ce7-0b2ad12e43c1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3007	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=437f00de-c9b6-458b-9ce7-0b2ad12e43c1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3006	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=437f00de-c9b6-458b-9ce7-0b2ad12e43c1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3005	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=437f00de-c9b6-458b-9ce7-0b2ad12e43c1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3004	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c34189e4-d64e-4b07-a168-57704fd899b4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ad525b43-90a3-4682-9c42-470a4cdb2ce5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3003	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c34189e4-d64e-4b07-a168-57704fd899b4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3002	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c34189e4-d64e-4b07-a168-57704fd899b4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3001	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c34189e4-d64e-4b07-a168-57704fd899b4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3000	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c34189e4-d64e-4b07-a168-57704fd899b4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2999	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c34189e4-d64e-4b07-a168-57704fd899b4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2998	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c34189e4-d64e-4b07-a168-57704fd899b4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2997	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9493b24d-23c9-43d9-9acb-d5a1edd24714 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkANgAuADYANwAtADEAMAA4ADIAOQA3ADcAOQA1ADAAOQA4ADAAOAAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=c58acbc1-71b5-4542-9467-ee748ed227a2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2996	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9493b24d-23c9-43d9-9acb-d5a1edd24714 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkANgAuADYANwAtADEAMAA4ADIAOQA3ADcAOQA1ADAAOQA4ADAAOAAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=c58acbc1-71b5-4542-9467-ee748ed227a2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2995	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9493b24d-23c9-43d9-9acb-d5a1edd24714 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkANgAuADYANwAtADEAMAA4ADIAOQA3ADcAOQA1ADAAOQA4ADAAOAAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2994	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9493b24d-23c9-43d9-9acb-d5a1edd24714 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkANgAuADYANwAtADEAMAA4ADIAOQA3ADcAOQA1ADAAOQA4ADAAOAAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2993	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9493b24d-23c9-43d9-9acb-d5a1edd24714 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkANgAuADYANwAtADEAMAA4ADIAOQA3ADcAOQA1ADAAOQA4ADAAOAAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2992	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9493b24d-23c9-43d9-9acb-d5a1edd24714 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkANgAuADYANwAtADEAMAA4ADIAOQA3ADcAOQA1ADAAOQA4ADAAOAAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2991	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9493b24d-23c9-43d9-9acb-d5a1edd24714 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkANgAuADYANwAtADEAMAA4ADIAOQA3ADcAOQA1ADAAOQA4ADAAOAAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2990	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9493b24d-23c9-43d9-9acb-d5a1edd24714 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkANgAuADYANwAtADEAMAA4ADIAOQA3ADcAOQA1ADAAOQA4ADAAOAAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2989	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0cbf45b-4807-482c-a50f-211876193a35 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6680bc56-36d2-4e5f-abd8-a43bd278fde2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2988	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3f4d9fc0-82c1-45b6-899d-0aae35e04c19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=90a5b6be-942b-4a9a-b982-7b7987367168 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2987	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3f4d9fc0-82c1-45b6-899d-0aae35e04c19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2986	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3f4d9fc0-82c1-45b6-899d-0aae35e04c19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2985	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3f4d9fc0-82c1-45b6-899d-0aae35e04c19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2984	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3f4d9fc0-82c1-45b6-899d-0aae35e04c19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2983	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3f4d9fc0-82c1-45b6-899d-0aae35e04c19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2982	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3f4d9fc0-82c1-45b6-899d-0aae35e04c19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2981	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3f4d9fc0-82c1-45b6-899d-0aae35e04c19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2980	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3f4d9fc0-82c1-45b6-899d-0aae35e04c19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2979	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0cbf45b-4807-482c-a50f-211876193a35 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6680bc56-36d2-4e5f-abd8-a43bd278fde2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2978	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0cbf45b-4807-482c-a50f-211876193a35 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2977	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0cbf45b-4807-482c-a50f-211876193a35 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2976	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0cbf45b-4807-482c-a50f-211876193a35 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2975	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0cbf45b-4807-482c-a50f-211876193a35 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2974	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0cbf45b-4807-482c-a50f-211876193a35 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2973	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0cbf45b-4807-482c-a50f-211876193a35 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2972	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1f336731-1c93-4422-a77b-9cd2c9e10a7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGcAQQBPAFEAQQAyAEEAQwA0AEEATgBnAEEAMwBBAEMAMABBAE0AUQBBAHcAQQBEAGcAQQBNAGcAQQA1AEEARABjAEEATgB3AEEANQBBAEQAVQBBAE0AQQBBADUAQQBEAGcAQQBNAEEAQQA0AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=5244963d-3c45-4e33-9688-4759c2a5fb5c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2971	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37532965-0a6b-496c-8645-253cceea3227 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADgAOQA2AC4ANgA3AC0AMQAwADgAMgA5ADcANwA5ADUAMAA5ADgAMAA4ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=34ff5244-3c42-4ac1-98a9-95e943da1694 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2970	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37532965-0a6b-496c-8645-253cceea3227 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADgAOQA2AC4ANgA3AC0AMQAwADgAMgA5ADcANwA5ADUAMAA5ADgAMAA4ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=34ff5244-3c42-4ac1-98a9-95e943da1694 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2969	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37532965-0a6b-496c-8645-253cceea3227 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADgAOQA2AC4ANgA3AC0AMQAwADgAMgA5ADcANwA5ADUAMAA5ADgAMAA4ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2968	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37532965-0a6b-496c-8645-253cceea3227 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADgAOQA2AC4ANgA3AC0AMQAwADgAMgA5ADcANwA5ADUAMAA5ADgAMAA4ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2967	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37532965-0a6b-496c-8645-253cceea3227 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADgAOQA2AC4ANgA3AC0AMQAwADgAMgA5ADcANwA5ADUAMAA5ADgAMAA4ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2966	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37532965-0a6b-496c-8645-253cceea3227 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADgAOQA2AC4ANgA3AC0AMQAwADgAMgA5ADcANwA5ADUAMAA5ADgAMAA4ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2965	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37532965-0a6b-496c-8645-253cceea3227 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADgAOQA2AC4ANgA3AC0AMQAwADgAMgA5ADcANwA5ADUAMAA5ADgAMAA4ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2964	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37532965-0a6b-496c-8645-253cceea3227 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADgAOQA2AC4ANgA3AC0AMQAwADgAMgA5ADcANwA5ADUAMAA5ADgAMAA4ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2963	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1f336731-1c93-4422-a77b-9cd2c9e10a7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGcAQQBPAFEAQQAyAEEAQwA0AEEATgBnAEEAMwBBAEMAMABBAE0AUQBBAHcAQQBEAGcAQQBNAGcAQQA1AEEARABjAEEATgB3AEEANQBBAEQAVQBBAE0AQQBBADUAQQBEAGcAQQBNAEEAQQA0AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=5244963d-3c45-4e33-9688-4759c2a5fb5c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2962	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1f336731-1c93-4422-a77b-9cd2c9e10a7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGcAQQBPAFEAQQAyAEEAQwA0AEEATgBnAEEAMwBBAEMAMABBAE0AUQBBAHcAQQBEAGcAQQBNAGcAQQA1AEEARABjAEEATgB3AEEANQBBAEQAVQBBAE0AQQBBADUAQQBEAGcAQQBNAEEAQQA0AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2961	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1f336731-1c93-4422-a77b-9cd2c9e10a7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGcAQQBPAFEAQQAyAEEAQwA0AEEATgBnAEEAMwBBAEMAMABBAE0AUQBBAHcAQQBEAGcAQQBNAGcAQQA1AEEARABjAEEATgB3AEEANQBBAEQAVQBBAE0AQQBBADUAQQBEAGcAQQBNAEEAQQA0AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2960	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1f336731-1c93-4422-a77b-9cd2c9e10a7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGcAQQBPAFEAQQAyAEEAQwA0AEEATgBnAEEAMwBBAEMAMABBAE0AUQBBAHcAQQBEAGcAQQBNAGcAQQA1AEEARABjAEEATgB3AEEANQBBAEQAVQBBAE0AQQBBADUAQQBEAGcAQQBNAEEAQQA0AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2959	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1f336731-1c93-4422-a77b-9cd2c9e10a7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGcAQQBPAFEAQQAyAEEAQwA0AEEATgBnAEEAMwBBAEMAMABBAE0AUQBBAHcAQQBEAGcAQQBNAGcAQQA1AEEARABjAEEATgB3AEEANQBBAEQAVQBBAE0AQQBBADUAQQBEAGcAQQBNAEEAQQA0AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2958	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1f336731-1c93-4422-a77b-9cd2c9e10a7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGcAQQBPAFEAQQAyAEEAQwA0AEEATgBnAEEAMwBBAEMAMABBAE0AUQBBAHcAQQBEAGcAQQBNAGcAQQA1AEEARABjAEEATgB3AEEANQBBAEQAVQBBAE0AQQBBADUAQQBEAGcAQQBNAEEAQQA0AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2957	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1f336731-1c93-4422-a77b-9cd2c9e10a7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGcAQQBPAFEAQQAyAEEAQwA0AEEATgBnAEEAMwBBAEMAMABBAE0AUQBBAHcAQQBEAGcAQQBNAGcAQQA1AEEARABjAEEATgB3AEEANQBBAEQAVQBBAE0AQQBBADUAQQBEAGcAQQBNAEEAQQA0AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2956	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b937549b-298d-4751-80c5-3af67c7c52f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA0AEEARABrAEEATQBnAEEAdQBBAEQASQBBAE4AQQBBAHQAQQBEAE0AQQBNAHcAQQB4AEEARABVAEEATQBnAEEAMABBAEQAUQBBAE8AUQBBADQAQQBEAFkAQQBOAHcAQQB5AEEARABZAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=4acddb0e-0ebd-4ec9-b1e9-c2bc476deb83 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2955	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b4c80c6f-9c9b-4258-a0c1-2cacfbe1a358 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkAMgAuADIANAAtADMAMwAxADUAMgA0ADQAOQA4ADYANwAyADYAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=59518c9d-4406-4687-842b-0b6273574e73 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2954	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b4c80c6f-9c9b-4258-a0c1-2cacfbe1a358 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkAMgAuADIANAAtADMAMwAxADUAMgA0ADQAOQA4ADYANwAyADYAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=59518c9d-4406-4687-842b-0b6273574e73 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2953	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b4c80c6f-9c9b-4258-a0c1-2cacfbe1a358 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkAMgAuADIANAAtADMAMwAxADUAMgA0ADQAOQA4ADYANwAyADYAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2952	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b4c80c6f-9c9b-4258-a0c1-2cacfbe1a358 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkAMgAuADIANAAtADMAMwAxADUAMgA0ADQAOQA4ADYANwAyADYAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2951	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b4c80c6f-9c9b-4258-a0c1-2cacfbe1a358 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkAMgAuADIANAAtADMAMwAxADUAMgA0ADQAOQA4ADYANwAyADYAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2950	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b4c80c6f-9c9b-4258-a0c1-2cacfbe1a358 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkAMgAuADIANAAtADMAMwAxADUAMgA0ADQAOQA4ADYANwAyADYAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2949	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b4c80c6f-9c9b-4258-a0c1-2cacfbe1a358 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkAMgAuADIANAAtADMAMwAxADUAMgA0ADQAOQA4ADYANwAyADYAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2948	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b4c80c6f-9c9b-4258-a0c1-2cacfbe1a358 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkAMgAuADIANAAtADMAMwAxADUAMgA0ADQAOQA4ADYANwAyADYAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2947	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b937549b-298d-4751-80c5-3af67c7c52f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA0AEEARABrAEEATQBnAEEAdQBBAEQASQBBAE4AQQBBAHQAQQBEAE0AQQBNAHcAQQB4AEEARABVAEEATQBnAEEAMABBAEQAUQBBAE8AUQBBADQAQQBEAFkAQQBOAHcAQQB5AEEARABZAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=4acddb0e-0ebd-4ec9-b1e9-c2bc476deb83 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2946	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b937549b-298d-4751-80c5-3af67c7c52f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA0AEEARABrAEEATQBnAEEAdQBBAEQASQBBAE4AQQBBAHQAQQBEAE0AQQBNAHcAQQB4AEEARABVAEEATQBnAEEAMABBAEQAUQBBAE8AUQBBADQAQQBEAFkAQQBOAHcAQQB5AEEARABZAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2945	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b937549b-298d-4751-80c5-3af67c7c52f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA0AEEARABrAEEATQBnAEEAdQBBAEQASQBBAE4AQQBBAHQAQQBEAE0AQQBNAHcAQQB4AEEARABVAEEATQBnAEEAMABBAEQAUQBBAE8AUQBBADQAQQBEAFkAQQBOAHcAQQB5AEEARABZAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2944	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b937549b-298d-4751-80c5-3af67c7c52f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA0AEEARABrAEEATQBnAEEAdQBBAEQASQBBAE4AQQBBAHQAQQBEAE0AQQBNAHcAQQB4AEEARABVAEEATQBnAEEAMABBAEQAUQBBAE8AUQBBADQAQQBEAFkAQQBOAHcAQQB5AEEARABZAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2943	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b937549b-298d-4751-80c5-3af67c7c52f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA0AEEARABrAEEATQBnAEEAdQBBAEQASQBBAE4AQQBBAHQAQQBEAE0AQQBNAHcAQQB4AEEARABVAEEATQBnAEEAMABBAEQAUQBBAE8AUQBBADQAQQBEAFkAQQBOAHcAQQB5AEEARABZAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2942	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b937549b-298d-4751-80c5-3af67c7c52f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA0AEEARABrAEEATQBnAEEAdQBBAEQASQBBAE4AQQBBAHQAQQBEAE0AQQBNAHcAQQB4AEEARABVAEEATQBnAEEAMABBAEQAUQBBAE8AUQBBADQAQQBEAFkAQQBOAHcAQQB5AEEARABZAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2941	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b937549b-298d-4751-80c5-3af67c7c52f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFkAQQBNAFEAQQA0AEEARABrAEEATQBnAEEAdQBBAEQASQBBAE4AQQBBAHQAQQBEAE0AQQBNAHcAQQB4AEEARABVAEEATQBnAEEAMABBAEQAUQBBAE8AUQBBADQAQQBEAFkAQQBOAHcAQQB5AEEARABZAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2940	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f2c411df-78ec-42ae-b0ee-3ab5dc145ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d937e0c4-1d48-49a5-963a-335fba003347 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2939	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=24d6ed41-d260-48ad-879b-4615c7148a8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c122cad9-81f6-4571-9e51-30e4a3e91bb4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2938	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=24d6ed41-d260-48ad-879b-4615c7148a8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2937	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=24d6ed41-d260-48ad-879b-4615c7148a8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2936	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=24d6ed41-d260-48ad-879b-4615c7148a8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2935	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=24d6ed41-d260-48ad-879b-4615c7148a8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2934	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=24d6ed41-d260-48ad-879b-4615c7148a8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2933	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=24d6ed41-d260-48ad-879b-4615c7148a8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2932	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=24d6ed41-d260-48ad-879b-4615c7148a8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2931	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=24d6ed41-d260-48ad-879b-4615c7148a8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2930	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f2c411df-78ec-42ae-b0ee-3ab5dc145ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d937e0c4-1d48-49a5-963a-335fba003347 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2929	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f2c411df-78ec-42ae-b0ee-3ab5dc145ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2928	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f2c411df-78ec-42ae-b0ee-3ab5dc145ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2927	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f2c411df-78ec-42ae-b0ee-3ab5dc145ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2926	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f2c411df-78ec-42ae-b0ee-3ab5dc145ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2925	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f2c411df-78ec-42ae-b0ee-3ab5dc145ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2924	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f2c411df-78ec-42ae-b0ee-3ab5dc145ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2923	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec838742-2ada-4b60-81ae-ec104a06eed2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkAMgAuADIANAAtADMAMwAxADUAMgA0ADQAOQA4ADYANwAyADYAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=8b6614b1-3f59-4912-9ac2-89af71c15004 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2922	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec838742-2ada-4b60-81ae-ec104a06eed2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkAMgAuADIANAAtADMAMwAxADUAMgA0ADQAOQA4ADYANwAyADYAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=8b6614b1-3f59-4912-9ac2-89af71c15004 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2921	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec838742-2ada-4b60-81ae-ec104a06eed2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkAMgAuADIANAAtADMAMwAxADUAMgA0ADQAOQA4ADYANwAyADYAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2920	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec838742-2ada-4b60-81ae-ec104a06eed2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkAMgAuADIANAAtADMAMwAxADUAMgA0ADQAOQA4ADYANwAyADYAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2919	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec838742-2ada-4b60-81ae-ec104a06eed2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkAMgAuADIANAAtADMAMwAxADUAMgA0ADQAOQA4ADYANwAyADYAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2918	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec838742-2ada-4b60-81ae-ec104a06eed2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkAMgAuADIANAAtADMAMwAxADUAMgA0ADQAOQA4ADYANwAyADYAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2917	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec838742-2ada-4b60-81ae-ec104a06eed2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkAMgAuADIANAAtADMAMwAxADUAMgA0ADQAOQA4ADYANwAyADYAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2916	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec838742-2ada-4b60-81ae-ec104a06eed2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADYAMQA4ADkAMgAuADIANAAtADMAMwAxADUAMgA0ADQAOQA4ADYANwAyADYAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2915	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=256a8620-bb05-49c1-bc04-8130ee3ed718 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1b4fefff-482f-46c9-abd0-c92af3730095 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2914	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f6518d6-1893-4c3a-a418-57e1c30dbef4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1189b45a-0304-4996-b630-03bcd9e754ff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2913	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f6518d6-1893-4c3a-a418-57e1c30dbef4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2912	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f6518d6-1893-4c3a-a418-57e1c30dbef4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2911	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f6518d6-1893-4c3a-a418-57e1c30dbef4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2910	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f6518d6-1893-4c3a-a418-57e1c30dbef4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2909	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f6518d6-1893-4c3a-a418-57e1c30dbef4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2908	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f6518d6-1893-4c3a-a418-57e1c30dbef4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2907	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f6518d6-1893-4c3a-a418-57e1c30dbef4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2906	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f6518d6-1893-4c3a-a418-57e1c30dbef4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2905	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=256a8620-bb05-49c1-bc04-8130ee3ed718 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1b4fefff-482f-46c9-abd0-c92af3730095 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2904	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=256a8620-bb05-49c1-bc04-8130ee3ed718 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2903	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=256a8620-bb05-49c1-bc04-8130ee3ed718 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2902	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=256a8620-bb05-49c1-bc04-8130ee3ed718 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2901	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=256a8620-bb05-49c1-bc04-8130ee3ed718 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2900	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=256a8620-bb05-49c1-bc04-8130ee3ed718 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2899	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=256a8620-bb05-49c1-bc04-8130ee3ed718 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2898	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94807c8f-9761-4843-aa85-b416d09f90b7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGcAQQBPAFEAQQB5AEEAQwA0AEEATQBnAEEAMABBAEMAMABBAE0AdwBBAHoAQQBEAEUAQQBOAFEAQQB5AEEARABRAEEATgBBAEEANQBBAEQAZwBBAE4AZwBBADMAQQBEAEkAQQBOAGcAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=9871da7e-a717-41bb-9ddf-bcaa5e3bdb60 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2897	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f988edea-731e-4e3a-872e-f764aa92d41b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADgAOQAyAC4AMgA0AC0AMwAzADEANQAyADQANAA5ADgANgA3ADIANgAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=82c2f07b-fc98-47fa-9666-b1828d094937 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2896	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f988edea-731e-4e3a-872e-f764aa92d41b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADgAOQAyAC4AMgA0AC0AMwAzADEANQAyADQANAA5ADgANgA3ADIANgAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=82c2f07b-fc98-47fa-9666-b1828d094937 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2895	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f988edea-731e-4e3a-872e-f764aa92d41b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADgAOQAyAC4AMgA0AC0AMwAzADEANQAyADQANAA5ADgANgA3ADIANgAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2894	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f988edea-731e-4e3a-872e-f764aa92d41b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADgAOQAyAC4AMgA0AC0AMwAzADEANQAyADQANAA5ADgANgA3ADIANgAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2893	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f988edea-731e-4e3a-872e-f764aa92d41b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADgAOQAyAC4AMgA0AC0AMwAzADEANQAyADQANAA5ADgANgA3ADIANgAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2892	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f988edea-731e-4e3a-872e-f764aa92d41b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADgAOQAyAC4AMgA0AC0AMwAzADEANQAyADQANAA5ADgANgA3ADIANgAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2891	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f988edea-731e-4e3a-872e-f764aa92d41b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADgAOQAyAC4AMgA0AC0AMwAzADEANQAyADQANAA5ADgANgA3ADIANgAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2890	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f988edea-731e-4e3a-872e-f764aa92d41b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANgAxADgAOQAyAC4AMgA0AC0AMwAzADEANQAyADQANAA5ADgANgA3ADIANgAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2889	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94807c8f-9761-4843-aa85-b416d09f90b7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGcAQQBPAFEAQQB5AEEAQwA0AEEATQBnAEEAMABBAEMAMABBAE0AdwBBAHoAQQBEAEUAQQBOAFEAQQB5AEEARABRAEEATgBBAEEANQBBAEQAZwBBAE4AZwBBADMAQQBEAEkAQQBOAGcAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=9871da7e-a717-41bb-9ddf-bcaa5e3bdb60 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2888	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94807c8f-9761-4843-aa85-b416d09f90b7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGcAQQBPAFEAQQB5AEEAQwA0AEEATQBnAEEAMABBAEMAMABBAE0AdwBBAHoAQQBEAEUAQQBOAFEAQQB5AEEARABRAEEATgBBAEEANQBBAEQAZwBBAE4AZwBBADMAQQBEAEkAQQBOAGcAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2887	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94807c8f-9761-4843-aa85-b416d09f90b7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGcAQQBPAFEAQQB5AEEAQwA0AEEATQBnAEEAMABBAEMAMABBAE0AdwBBAHoAQQBEAEUAQQBOAFEAQQB5AEEARABRAEEATgBBAEEANQBBAEQAZwBBAE4AZwBBADMAQQBEAEkAQQBOAGcAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2886	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94807c8f-9761-4843-aa85-b416d09f90b7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGcAQQBPAFEAQQB5AEEAQwA0AEEATQBnAEEAMABBAEMAMABBAE0AdwBBAHoAQQBEAEUAQQBOAFEAQQB5AEEARABRAEEATgBBAEEANQBBAEQAZwBBAE4AZwBBADMAQQBEAEkAQQBOAGcAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2885	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94807c8f-9761-4843-aa85-b416d09f90b7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGcAQQBPAFEAQQB5AEEAQwA0AEEATQBnAEEAMABBAEMAMABBAE0AdwBBAHoAQQBEAEUAQQBOAFEAQQB5AEEARABRAEEATgBBAEEANQBBAEQAZwBBAE4AZwBBADMAQQBEAEkAQQBOAGcAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2884	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94807c8f-9761-4843-aa85-b416d09f90b7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGcAQQBPAFEAQQB5AEEAQwA0AEEATQBnAEEAMABBAEMAMABBAE0AdwBBAHoAQQBEAEUAQQBOAFEAQQB5AEEARABRAEEATgBBAEEANQBBAEQAZwBBAE4AZwBBADMAQQBEAEkAQQBOAGcAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2883	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94807c8f-9761-4843-aa85-b416d09f90b7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AZwBBAHgAQQBEAGcAQQBPAFEAQQB5AEEAQwA0AEEATQBnAEEAMABBAEMAMABBAE0AdwBBAHoAQQBEAEUAQQBOAFEAQQB5AEEARABRAEEATgBBAEEANQBBAEQAZwBBAE4AZwBBADMAQQBEAEkAQQBOAGcAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2882	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=36 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5a4d8a1-897b-47c0-b7a0-32a8e884bf50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=12265994-d160-4bb1-95e2-b4d841ca0375 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2881	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:38:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=34 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=1b4f9715-7bcf-4c81-9916-799798c27817 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c75386fd-8edd-48de-b576-948b5985d897 PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"	800		0	4	8		36028797018963968	2880	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:37:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1b4f9715-7bcf-4c81-9916-799798c27817 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c75386fd-8edd-48de-b576-948b5985d897 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2879	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:37:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1b4f9715-7bcf-4c81-9916-799798c27817 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2878	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:37:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1b4f9715-7bcf-4c81-9916-799798c27817 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2877	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:37:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1b4f9715-7bcf-4c81-9916-799798c27817 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2876	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:37:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1b4f9715-7bcf-4c81-9916-799798c27817 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2875	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:37:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1b4f9715-7bcf-4c81-9916-799798c27817 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2874	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:37:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1b4f9715-7bcf-4c81-9916-799798c27817 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2873	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:37:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1b4f9715-7bcf-4c81-9916-799798c27817 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2872	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:37:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1b4f9715-7bcf-4c81-9916-799798c27817 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2871	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:37:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5a4d8a1-897b-47c0-b7a0-32a8e884bf50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=12265994-d160-4bb1-95e2-b4d841ca0375 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2870	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:37:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5a4d8a1-897b-47c0-b7a0-32a8e884bf50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2869	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:37:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5a4d8a1-897b-47c0-b7a0-32a8e884bf50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2868	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:37:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5a4d8a1-897b-47c0-b7a0-32a8e884bf50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2867	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:37:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5a4d8a1-897b-47c0-b7a0-32a8e884bf50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2866	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:37:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5a4d8a1-897b-47c0-b7a0-32a8e884bf50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2865	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:37:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5a4d8a1-897b-47c0-b7a0-32a8e884bf50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2864	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 5:37:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=98cafbd8-c0bf-4f64-82b4-e3001249c09d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=bd2200e8-cbcb-4a36-89ca-840fa85df828 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2863	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9f64a5a7-b4f1-4599-a259-8207565f032d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion=5.1.14393.1944 RunspaceId=c5047f4e-624f-4b42-a528-b589da513912 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2862	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9f64a5a7-b4f1-4599-a259-8207565f032d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion=5.1.14393.1944 RunspaceId=c5047f4e-624f-4b42-a528-b589da513912 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2861	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9f64a5a7-b4f1-4599-a259-8207565f032d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2860	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9f64a5a7-b4f1-4599-a259-8207565f032d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2859	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9f64a5a7-b4f1-4599-a259-8207565f032d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2858	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9f64a5a7-b4f1-4599-a259-8207565f032d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2857	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9f64a5a7-b4f1-4599-a259-8207565f032d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2856	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9f64a5a7-b4f1-4599-a259-8207565f032d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2855	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=eaf920ed-4553-4b70-900a-3e73618f722a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6d68faeb-01da-4691-bba5-94879e00ba70 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2854	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=eaf920ed-4553-4b70-900a-3e73618f722a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6d68faeb-01da-4691-bba5-94879e00ba70 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2853	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=eaf920ed-4553-4b70-900a-3e73618f722a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2852	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=eaf920ed-4553-4b70-900a-3e73618f722a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2851	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=eaf920ed-4553-4b70-900a-3e73618f722a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2850	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=eaf920ed-4553-4b70-900a-3e73618f722a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2849	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=eaf920ed-4553-4b70-900a-3e73618f722a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2848	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=eaf920ed-4553-4b70-900a-3e73618f722a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2847	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=eaf920ed-4553-4b70-900a-3e73618f722a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2846	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=eaf920ed-4553-4b70-900a-3e73618f722a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2845	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=98cafbd8-c0bf-4f64-82b4-e3001249c09d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=bd2200e8-cbcb-4a36-89ca-840fa85df828 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2844	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=98cafbd8-c0bf-4f64-82b4-e3001249c09d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2843	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=98cafbd8-c0bf-4f64-82b4-e3001249c09d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2842	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=98cafbd8-c0bf-4f64-82b4-e3001249c09d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2841	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=98cafbd8-c0bf-4f64-82b4-e3001249c09d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2840	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=98cafbd8-c0bf-4f64-82b4-e3001249c09d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2839	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=98cafbd8-c0bf-4f64-82b4-e3001249c09d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2838	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=37 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f310e1-5fba-4fba-8e78-805589371a11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1f45ab6a-790a-4f7a-8dde-da324fc70d94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2837	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=35 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=d092398f-1e00-46ae-abf5-66cfa4736da3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=65679443-17cd-4cd6-9bc1-abce601b485d PipelineId=8 ScriptName= CommandLine= Add-Type -TypeDefinition $platform_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }"	800		0	4	8		36028797018963968	2836	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $link_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=d092398f-1e00-46ae-abf5-66cfa4736da3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=65679443-17cd-4cd6-9bc1-abce601b485d PipelineId=8 ScriptName= CommandLine= Add-Type -TypeDefinition $link_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }"	800		0	4	8		36028797018963968	2835	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d092398f-1e00-46ae-abf5-66cfa4736da3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=65679443-17cd-4cd6-9bc1-abce601b485d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2834	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d092398f-1e00-46ae-abf5-66cfa4736da3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2833	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d092398f-1e00-46ae-abf5-66cfa4736da3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2832	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d092398f-1e00-46ae-abf5-66cfa4736da3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2831	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d092398f-1e00-46ae-abf5-66cfa4736da3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2830	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d092398f-1e00-46ae-abf5-66cfa4736da3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2829	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d092398f-1e00-46ae-abf5-66cfa4736da3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2828	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d092398f-1e00-46ae-abf5-66cfa4736da3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2827	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d092398f-1e00-46ae-abf5-66cfa4736da3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2826	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f310e1-5fba-4fba-8e78-805589371a11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1f45ab6a-790a-4f7a-8dde-da324fc70d94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2825	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f310e1-5fba-4fba-8e78-805589371a11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2824	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f310e1-5fba-4fba-8e78-805589371a11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2823	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f310e1-5fba-4fba-8e78-805589371a11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2822	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f310e1-5fba-4fba-8e78-805589371a11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2821	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f310e1-5fba-4fba-8e78-805589371a11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2820	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f310e1-5fba-4fba-8e78-805589371a11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2819	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=599d148d-519f-4311-8f74-c5bd92a68a14 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a2773ddf-71aa-4c7e-b575-eb3b8201075e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2818	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a9b7c7f-023d-4d0e-8119-16bb70ee2759 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion=5.1.14393.1944 RunspaceId=751b788e-ff55-4255-a6d8-10810fdf60da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2817	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a9b7c7f-023d-4d0e-8119-16bb70ee2759 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion=5.1.14393.1944 RunspaceId=751b788e-ff55-4255-a6d8-10810fdf60da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2816	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a9b7c7f-023d-4d0e-8119-16bb70ee2759 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2815	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a9b7c7f-023d-4d0e-8119-16bb70ee2759 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2814	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a9b7c7f-023d-4d0e-8119-16bb70ee2759 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2813	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a9b7c7f-023d-4d0e-8119-16bb70ee2759 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2812	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a9b7c7f-023d-4d0e-8119-16bb70ee2759 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2811	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a9b7c7f-023d-4d0e-8119-16bb70ee2759 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2810	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=a98509bd-899f-46c2-9feb-d137fcf44db9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fecef498-4dc6-41ae-b6f1-40336449a155 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2809	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a98509bd-899f-46c2-9feb-d137fcf44db9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fecef498-4dc6-41ae-b6f1-40336449a155 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2808	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a98509bd-899f-46c2-9feb-d137fcf44db9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2807	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a98509bd-899f-46c2-9feb-d137fcf44db9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2806	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a98509bd-899f-46c2-9feb-d137fcf44db9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2805	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a98509bd-899f-46c2-9feb-d137fcf44db9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2804	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a98509bd-899f-46c2-9feb-d137fcf44db9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2803	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a98509bd-899f-46c2-9feb-d137fcf44db9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2802	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a98509bd-899f-46c2-9feb-d137fcf44db9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2801	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a98509bd-899f-46c2-9feb-d137fcf44db9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2800	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=599d148d-519f-4311-8f74-c5bd92a68a14 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a2773ddf-71aa-4c7e-b575-eb3b8201075e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2799	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=599d148d-519f-4311-8f74-c5bd92a68a14 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2798	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=599d148d-519f-4311-8f74-c5bd92a68a14 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2797	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=599d148d-519f-4311-8f74-c5bd92a68a14 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2796	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=599d148d-519f-4311-8f74-c5bd92a68a14 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2795	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=599d148d-519f-4311-8f74-c5bd92a68a14 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2794	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=599d148d-519f-4311-8f74-c5bd92a68a14 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2793	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=37 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06730bac-aec2-4d7a-9e9f-ab0bbeb17ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f033f2f0-dfc6-4fe8-ac55-e1c2376a4151 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2792	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=35 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=efdd6b4c-da50-45a1-ba7e-29d95efe0d13 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8726b185-2398-4018-8d2f-81d537a621bf PipelineId=8 ScriptName= CommandLine= Add-Type -TypeDefinition $platform_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }"	800		0	4	8		36028797018963968	2791	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $link_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=efdd6b4c-da50-45a1-ba7e-29d95efe0d13 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8726b185-2398-4018-8d2f-81d537a621bf PipelineId=8 ScriptName= CommandLine= Add-Type -TypeDefinition $link_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }"	800		0	4	8		36028797018963968	2790	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=efdd6b4c-da50-45a1-ba7e-29d95efe0d13 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8726b185-2398-4018-8d2f-81d537a621bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2789	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=efdd6b4c-da50-45a1-ba7e-29d95efe0d13 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2788	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=efdd6b4c-da50-45a1-ba7e-29d95efe0d13 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2787	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=efdd6b4c-da50-45a1-ba7e-29d95efe0d13 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2786	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=efdd6b4c-da50-45a1-ba7e-29d95efe0d13 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2785	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=efdd6b4c-da50-45a1-ba7e-29d95efe0d13 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2784	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=efdd6b4c-da50-45a1-ba7e-29d95efe0d13 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2783	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=efdd6b4c-da50-45a1-ba7e-29d95efe0d13 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2782	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=efdd6b4c-da50-45a1-ba7e-29d95efe0d13 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2781	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06730bac-aec2-4d7a-9e9f-ab0bbeb17ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f033f2f0-dfc6-4fe8-ac55-e1c2376a4151 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2780	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06730bac-aec2-4d7a-9e9f-ab0bbeb17ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2779	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06730bac-aec2-4d7a-9e9f-ab0bbeb17ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2778	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06730bac-aec2-4d7a-9e9f-ab0bbeb17ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2777	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06730bac-aec2-4d7a-9e9f-ab0bbeb17ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2776	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06730bac-aec2-4d7a-9e9f-ab0bbeb17ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2775	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06730bac-aec2-4d7a-9e9f-ab0bbeb17ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2774	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ad62aab7-fc92-4edd-93c9-1bf5ba5171ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6669213d-c6cf-41a8-988c-fdf9b6c05d0a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2773	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e8fb3c7-8380-4ea7-83c7-cde7401358c1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion=5.1.14393.1944 RunspaceId=72690740-19c5-4dd7-9471-ecfb329ae108 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2772	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e8fb3c7-8380-4ea7-83c7-cde7401358c1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion=5.1.14393.1944 RunspaceId=72690740-19c5-4dd7-9471-ecfb329ae108 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2771	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e8fb3c7-8380-4ea7-83c7-cde7401358c1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2770	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e8fb3c7-8380-4ea7-83c7-cde7401358c1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2769	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e8fb3c7-8380-4ea7-83c7-cde7401358c1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2768	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e8fb3c7-8380-4ea7-83c7-cde7401358c1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2767	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e8fb3c7-8380-4ea7-83c7-cde7401358c1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2766	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e8fb3c7-8380-4ea7-83c7-cde7401358c1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2765	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=a170cc65-7482-427e-9aca-1ddfced61675 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9f644c81-9131-4247-b8c0-71a49ce31e24 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2764	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a170cc65-7482-427e-9aca-1ddfced61675 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9f644c81-9131-4247-b8c0-71a49ce31e24 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2763	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a170cc65-7482-427e-9aca-1ddfced61675 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2762	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a170cc65-7482-427e-9aca-1ddfced61675 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2761	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a170cc65-7482-427e-9aca-1ddfced61675 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2760	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a170cc65-7482-427e-9aca-1ddfced61675 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2759	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a170cc65-7482-427e-9aca-1ddfced61675 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2758	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a170cc65-7482-427e-9aca-1ddfced61675 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2757	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a170cc65-7482-427e-9aca-1ddfced61675 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2756	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a170cc65-7482-427e-9aca-1ddfced61675 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2755	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ad62aab7-fc92-4edd-93c9-1bf5ba5171ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6669213d-c6cf-41a8-988c-fdf9b6c05d0a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2754	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ad62aab7-fc92-4edd-93c9-1bf5ba5171ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2753	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ad62aab7-fc92-4edd-93c9-1bf5ba5171ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2752	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ad62aab7-fc92-4edd-93c9-1bf5ba5171ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2751	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ad62aab7-fc92-4edd-93c9-1bf5ba5171ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2750	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ad62aab7-fc92-4edd-93c9-1bf5ba5171ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2749	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ad62aab7-fc92-4edd-93c9-1bf5ba5171ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2748	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=37 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eeaa8837-566c-4d37-8bb5-c493526057e9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3d509520-3a46-4940-9766-1b4ee2813559 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2747	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=35 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=72baa343-48bc-481d-9530-7e9d001f379b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=adf1a264-116f-4b81-8dcd-db31f21121bb PipelineId=8 ScriptName= CommandLine= Add-Type -TypeDefinition $platform_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }"	800		0	4	8		36028797018963968	2746	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $link_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=72baa343-48bc-481d-9530-7e9d001f379b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=adf1a264-116f-4b81-8dcd-db31f21121bb PipelineId=8 ScriptName= CommandLine= Add-Type -TypeDefinition $link_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }"	800		0	4	8		36028797018963968	2745	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=72baa343-48bc-481d-9530-7e9d001f379b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=adf1a264-116f-4b81-8dcd-db31f21121bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2744	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=72baa343-48bc-481d-9530-7e9d001f379b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2743	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=72baa343-48bc-481d-9530-7e9d001f379b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2742	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=72baa343-48bc-481d-9530-7e9d001f379b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2741	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=72baa343-48bc-481d-9530-7e9d001f379b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2740	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=72baa343-48bc-481d-9530-7e9d001f379b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2739	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=72baa343-48bc-481d-9530-7e9d001f379b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2738	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=72baa343-48bc-481d-9530-7e9d001f379b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2737	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=72baa343-48bc-481d-9530-7e9d001f379b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2736	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eeaa8837-566c-4d37-8bb5-c493526057e9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3d509520-3a46-4940-9766-1b4ee2813559 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2735	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eeaa8837-566c-4d37-8bb5-c493526057e9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2734	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eeaa8837-566c-4d37-8bb5-c493526057e9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2733	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eeaa8837-566c-4d37-8bb5-c493526057e9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2732	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eeaa8837-566c-4d37-8bb5-c493526057e9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2731	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eeaa8837-566c-4d37-8bb5-c493526057e9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2730	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eeaa8837-566c-4d37-8bb5-c493526057e9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2729	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:54:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=36 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1e8cf716-ce02-47de-bae7-5e00b55e7d0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fd0844b9-a148-426b-9ad6-3185d8d38b39 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2728	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:53:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=34 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=d19e440b-2c93-4b87-9d11-289bfa50073e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2b38063b-9141-46c9-9293-935dca28118e PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"	800		0	4	8		36028797018963968	2727	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:53:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d19e440b-2c93-4b87-9d11-289bfa50073e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2b38063b-9141-46c9-9293-935dca28118e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2726	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:53:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d19e440b-2c93-4b87-9d11-289bfa50073e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2725	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:53:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d19e440b-2c93-4b87-9d11-289bfa50073e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2724	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:53:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d19e440b-2c93-4b87-9d11-289bfa50073e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2723	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:53:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d19e440b-2c93-4b87-9d11-289bfa50073e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2722	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:53:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d19e440b-2c93-4b87-9d11-289bfa50073e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2721	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:53:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d19e440b-2c93-4b87-9d11-289bfa50073e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2720	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:53:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d19e440b-2c93-4b87-9d11-289bfa50073e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2719	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:53:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d19e440b-2c93-4b87-9d11-289bfa50073e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2718	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:53:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1e8cf716-ce02-47de-bae7-5e00b55e7d0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fd0844b9-a148-426b-9ad6-3185d8d38b39 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2717	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:53:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1e8cf716-ce02-47de-bae7-5e00b55e7d0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2716	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:53:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1e8cf716-ce02-47de-bae7-5e00b55e7d0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2715	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:53:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1e8cf716-ce02-47de-bae7-5e00b55e7d0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2714	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:53:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1e8cf716-ce02-47de-bae7-5e00b55e7d0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2713	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:53:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1e8cf716-ce02-47de-bae7-5e00b55e7d0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2712	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:53:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1e8cf716-ce02-47de-bae7-5e00b55e7d0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2711	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:53:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=34 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=93f216b5-93de-47c1-85c5-3f28c4bcf8c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8125dc28-86d9-4996-bc8c-a13c517c9f9a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2710	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bb8500b9-450f-48ad-b79c-c24ab77a545d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=253b602e-9f6f-4f29-892d-f6c27ea159e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2709	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bb8500b9-450f-48ad-b79c-c24ab77a545d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2708	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bb8500b9-450f-48ad-b79c-c24ab77a545d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2707	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bb8500b9-450f-48ad-b79c-c24ab77a545d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2706	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bb8500b9-450f-48ad-b79c-c24ab77a545d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2705	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bb8500b9-450f-48ad-b79c-c24ab77a545d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2704	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bb8500b9-450f-48ad-b79c-c24ab77a545d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2703	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bb8500b9-450f-48ad-b79c-c24ab77a545d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2702	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bb8500b9-450f-48ad-b79c-c24ab77a545d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2701	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=93f216b5-93de-47c1-85c5-3f28c4bcf8c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8125dc28-86d9-4996-bc8c-a13c517c9f9a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2700	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=93f216b5-93de-47c1-85c5-3f28c4bcf8c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2699	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=93f216b5-93de-47c1-85c5-3f28c4bcf8c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2698	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=93f216b5-93de-47c1-85c5-3f28c4bcf8c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2697	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=93f216b5-93de-47c1-85c5-3f28c4bcf8c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2696	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=93f216b5-93de-47c1-85c5-3f28c4bcf8c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2695	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=93f216b5-93de-47c1-85c5-3f28c4bcf8c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2694	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=34 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=974fe8c7-f946-4885-b863-78c4c63ee677 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1897632e-f5bc-4349-b36b-b7442a29d520 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2693	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4d2ac923-c33c-49d3-9bed-44005cabd37a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ad600a67-22a8-4078-8291-01f1cd422dce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2692	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4d2ac923-c33c-49d3-9bed-44005cabd37a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2691	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4d2ac923-c33c-49d3-9bed-44005cabd37a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2690	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4d2ac923-c33c-49d3-9bed-44005cabd37a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2689	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4d2ac923-c33c-49d3-9bed-44005cabd37a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2688	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4d2ac923-c33c-49d3-9bed-44005cabd37a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2687	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4d2ac923-c33c-49d3-9bed-44005cabd37a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2686	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4d2ac923-c33c-49d3-9bed-44005cabd37a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2685	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4d2ac923-c33c-49d3-9bed-44005cabd37a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2684	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=974fe8c7-f946-4885-b863-78c4c63ee677 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1897632e-f5bc-4349-b36b-b7442a29d520 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2683	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=974fe8c7-f946-4885-b863-78c4c63ee677 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2682	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=974fe8c7-f946-4885-b863-78c4c63ee677 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2681	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=974fe8c7-f946-4885-b863-78c4c63ee677 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2680	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=974fe8c7-f946-4885-b863-78c4c63ee677 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2679	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=974fe8c7-f946-4885-b863-78c4c63ee677 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2678	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=974fe8c7-f946-4885-b863-78c4c63ee677 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2677	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd7ca3f4-d6b0-4638-ad41-0848616010cc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=00ad4fbf-d483-4511-8e25-bd4a19395c27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2676	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13379d9f-f701-4b50-a244-a9c07e97cc07 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA= EngineVersion=5.1.14393.1944 RunspaceId=c894d770-d9a3-4e65-8c01-d2aecfefea2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2675	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13379d9f-f701-4b50-a244-a9c07e97cc07 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA= EngineVersion=5.1.14393.1944 RunspaceId=c894d770-d9a3-4e65-8c01-d2aecfefea2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2674	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13379d9f-f701-4b50-a244-a9c07e97cc07 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2673	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13379d9f-f701-4b50-a244-a9c07e97cc07 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2672	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13379d9f-f701-4b50-a244-a9c07e97cc07 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2671	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13379d9f-f701-4b50-a244-a9c07e97cc07 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2670	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13379d9f-f701-4b50-a244-a9c07e97cc07 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2669	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13379d9f-f701-4b50-a244-a9c07e97cc07 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2668	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=6aea3af6-9b2f-4ca4-a0dd-06f32c034942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=78e5ec8d-34d0-4dbd-ae0c-ebf55f6541f9 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2667	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6aea3af6-9b2f-4ca4-a0dd-06f32c034942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=78e5ec8d-34d0-4dbd-ae0c-ebf55f6541f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2666	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6aea3af6-9b2f-4ca4-a0dd-06f32c034942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2665	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6aea3af6-9b2f-4ca4-a0dd-06f32c034942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2664	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6aea3af6-9b2f-4ca4-a0dd-06f32c034942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2663	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6aea3af6-9b2f-4ca4-a0dd-06f32c034942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2662	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6aea3af6-9b2f-4ca4-a0dd-06f32c034942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2661	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6aea3af6-9b2f-4ca4-a0dd-06f32c034942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2660	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6aea3af6-9b2f-4ca4-a0dd-06f32c034942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2659	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6aea3af6-9b2f-4ca4-a0dd-06f32c034942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2658	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd7ca3f4-d6b0-4638-ad41-0848616010cc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=00ad4fbf-d483-4511-8e25-bd4a19395c27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2657	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd7ca3f4-d6b0-4638-ad41-0848616010cc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2656	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd7ca3f4-d6b0-4638-ad41-0848616010cc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2655	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd7ca3f4-d6b0-4638-ad41-0848616010cc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2654	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd7ca3f4-d6b0-4638-ad41-0848616010cc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2653	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd7ca3f4-d6b0-4638-ad41-0848616010cc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2652	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd7ca3f4-d6b0-4638-ad41-0848616010cc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2651	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f5ee08ab-92e6-4e42-ad9b-4bb807021851 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5141fd5c-5570-41b4-976c-5dc40716fd08 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2650	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8808bf99-a69f-4f33-ab20-3bfa183d8a34 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA EngineVersion=5.1.14393.1944 RunspaceId=100a2913-6588-46f8-803a-b9ba941de475 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2649	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8808bf99-a69f-4f33-ab20-3bfa183d8a34 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA EngineVersion=5.1.14393.1944 RunspaceId=100a2913-6588-46f8-803a-b9ba941de475 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2648	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8808bf99-a69f-4f33-ab20-3bfa183d8a34 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2647	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8808bf99-a69f-4f33-ab20-3bfa183d8a34 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2646	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8808bf99-a69f-4f33-ab20-3bfa183d8a34 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2645	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8808bf99-a69f-4f33-ab20-3bfa183d8a34 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2644	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8808bf99-a69f-4f33-ab20-3bfa183d8a34 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2643	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8808bf99-a69f-4f33-ab20-3bfa183d8a34 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2642	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=c3b648b9-8ceb-465d-8c46-124e49ccdc85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3f648fef-a11d-4d02-b007-a9e8531328b6 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2641	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c3b648b9-8ceb-465d-8c46-124e49ccdc85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3f648fef-a11d-4d02-b007-a9e8531328b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2640	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c3b648b9-8ceb-465d-8c46-124e49ccdc85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2639	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c3b648b9-8ceb-465d-8c46-124e49ccdc85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2638	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c3b648b9-8ceb-465d-8c46-124e49ccdc85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2637	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c3b648b9-8ceb-465d-8c46-124e49ccdc85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2636	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c3b648b9-8ceb-465d-8c46-124e49ccdc85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2635	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c3b648b9-8ceb-465d-8c46-124e49ccdc85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2634	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c3b648b9-8ceb-465d-8c46-124e49ccdc85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2633	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c3b648b9-8ceb-465d-8c46-124e49ccdc85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2632	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f5ee08ab-92e6-4e42-ad9b-4bb807021851 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5141fd5c-5570-41b4-976c-5dc40716fd08 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2631	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f5ee08ab-92e6-4e42-ad9b-4bb807021851 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2630	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f5ee08ab-92e6-4e42-ad9b-4bb807021851 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2629	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f5ee08ab-92e6-4e42-ad9b-4bb807021851 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2628	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f5ee08ab-92e6-4e42-ad9b-4bb807021851 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2627	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f5ee08ab-92e6-4e42-ad9b-4bb807021851 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2626	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f5ee08ab-92e6-4e42-ad9b-4bb807021851 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2625	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cdd40a97-ca99-421c-8b5e-f1e8e6b4c830 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b631bf6f-026d-415c-82b8-e779e7d7be10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2624	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4735286d-b0fd-498c-8ace-98ee3501c56f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA== EngineVersion=5.1.14393.1944 RunspaceId=c69e3a36-ced6-4be0-aa83-8f3b09a755ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2623	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4735286d-b0fd-498c-8ace-98ee3501c56f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA== EngineVersion=5.1.14393.1944 RunspaceId=c69e3a36-ced6-4be0-aa83-8f3b09a755ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2622	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4735286d-b0fd-498c-8ace-98ee3501c56f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2621	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4735286d-b0fd-498c-8ace-98ee3501c56f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2620	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4735286d-b0fd-498c-8ace-98ee3501c56f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2619	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4735286d-b0fd-498c-8ace-98ee3501c56f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2618	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4735286d-b0fd-498c-8ace-98ee3501c56f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2617	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4735286d-b0fd-498c-8ace-98ee3501c56f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2616	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=129bcd41-daa1-4fac-9ef6-f8b14af63e25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b6933d28-189d-4dd5-a6f6-b9c06807344a PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2615	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=129bcd41-daa1-4fac-9ef6-f8b14af63e25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b6933d28-189d-4dd5-a6f6-b9c06807344a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2614	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=129bcd41-daa1-4fac-9ef6-f8b14af63e25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2613	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=129bcd41-daa1-4fac-9ef6-f8b14af63e25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2612	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=129bcd41-daa1-4fac-9ef6-f8b14af63e25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2611	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=129bcd41-daa1-4fac-9ef6-f8b14af63e25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2610	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=129bcd41-daa1-4fac-9ef6-f8b14af63e25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2609	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=129bcd41-daa1-4fac-9ef6-f8b14af63e25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2608	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=129bcd41-daa1-4fac-9ef6-f8b14af63e25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2607	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=129bcd41-daa1-4fac-9ef6-f8b14af63e25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2606	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cdd40a97-ca99-421c-8b5e-f1e8e6b4c830 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b631bf6f-026d-415c-82b8-e779e7d7be10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2605	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cdd40a97-ca99-421c-8b5e-f1e8e6b4c830 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2604	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cdd40a97-ca99-421c-8b5e-f1e8e6b4c830 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2603	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cdd40a97-ca99-421c-8b5e-f1e8e6b4c830 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2602	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cdd40a97-ca99-421c-8b5e-f1e8e6b4c830 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2601	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cdd40a97-ca99-421c-8b5e-f1e8e6b4c830 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2600	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cdd40a97-ca99-421c-8b5e-f1e8e6b4c830 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2599	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=797e04f6-bcbc-440a-94a5-2070e3ae8d26 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=13e93f8b-fbc3-42bd-803e-0c4045f25101 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2598	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bedca4f-bbe5-42ae-8883-16441fb48430 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANQAxADgAMwAyAC0AMwAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA EngineVersion=5.1.14393.1944 RunspaceId=4e703240-3834-4f67-8e27-aebbb9507c99 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2597	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bedca4f-bbe5-42ae-8883-16441fb48430 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANQAxADgAMwAyAC0AMwAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA EngineVersion=5.1.14393.1944 RunspaceId=4e703240-3834-4f67-8e27-aebbb9507c99 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2596	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bedca4f-bbe5-42ae-8883-16441fb48430 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANQAxADgAMwAyAC0AMwAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2595	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bedca4f-bbe5-42ae-8883-16441fb48430 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANQAxADgAMwAyAC0AMwAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2594	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bedca4f-bbe5-42ae-8883-16441fb48430 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANQAxADgAMwAyAC0AMwAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2593	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bedca4f-bbe5-42ae-8883-16441fb48430 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANQAxADgAMwAyAC0AMwAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2592	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bedca4f-bbe5-42ae-8883-16441fb48430 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANQAxADgAMwAyAC0AMwAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2591	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bedca4f-bbe5-42ae-8883-16441fb48430 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANQAxADgAMwAyAC0AMwAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2590	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=508d7488-ea3e-442b-aa15-c299385d7e7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=934ef25b-47be-4261-871b-73d035e616a9 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2589	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=508d7488-ea3e-442b-aa15-c299385d7e7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=934ef25b-47be-4261-871b-73d035e616a9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2588	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=508d7488-ea3e-442b-aa15-c299385d7e7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2587	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=508d7488-ea3e-442b-aa15-c299385d7e7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2586	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=508d7488-ea3e-442b-aa15-c299385d7e7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2585	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=508d7488-ea3e-442b-aa15-c299385d7e7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2584	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=508d7488-ea3e-442b-aa15-c299385d7e7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2583	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=508d7488-ea3e-442b-aa15-c299385d7e7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2582	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=508d7488-ea3e-442b-aa15-c299385d7e7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2581	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=508d7488-ea3e-442b-aa15-c299385d7e7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2580	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=797e04f6-bcbc-440a-94a5-2070e3ae8d26 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=13e93f8b-fbc3-42bd-803e-0c4045f25101 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2579	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=797e04f6-bcbc-440a-94a5-2070e3ae8d26 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2578	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=797e04f6-bcbc-440a-94a5-2070e3ae8d26 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2577	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=797e04f6-bcbc-440a-94a5-2070e3ae8d26 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2576	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=797e04f6-bcbc-440a-94a5-2070e3ae8d26 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2575	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=797e04f6-bcbc-440a-94a5-2070e3ae8d26 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2574	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=797e04f6-bcbc-440a-94a5-2070e3ae8d26 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2573	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:52:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e499471c-9695-45b0-bb62-0937caf799ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA EngineVersion=5.1.14393.1944 RunspaceId=feaceeaa-944c-45e1-a559-7ea9ed837252 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2572	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:51:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e499471c-9695-45b0-bb62-0937caf799ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA EngineVersion=5.1.14393.1944 RunspaceId=feaceeaa-944c-45e1-a559-7ea9ed837252 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2571	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:51:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e499471c-9695-45b0-bb62-0937caf799ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2570	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:51:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e499471c-9695-45b0-bb62-0937caf799ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2569	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:51:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e499471c-9695-45b0-bb62-0937caf799ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2568	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:51:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e499471c-9695-45b0-bb62-0937caf799ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2567	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:51:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e499471c-9695-45b0-bb62-0937caf799ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2566	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:51:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e499471c-9695-45b0-bb62-0937caf799ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2565	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:51:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6681ee6f-3750-4e81-8cee-1e0fa31e4bae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion=5.1.14393.1944 RunspaceId=943fa5a2-bcb4-4680-b339-c7f76655fb68 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2564	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:51:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6681ee6f-3750-4e81-8cee-1e0fa31e4bae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion=5.1.14393.1944 RunspaceId=943fa5a2-bcb4-4680-b339-c7f76655fb68 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2563	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:51:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6681ee6f-3750-4e81-8cee-1e0fa31e4bae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2562	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:51:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6681ee6f-3750-4e81-8cee-1e0fa31e4bae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2561	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:51:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6681ee6f-3750-4e81-8cee-1e0fa31e4bae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2560	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:51:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6681ee6f-3750-4e81-8cee-1e0fa31e4bae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2559	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:51:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6681ee6f-3750-4e81-8cee-1e0fa31e4bae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2558	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:51:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6681ee6f-3750-4e81-8cee-1e0fa31e4bae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2557	PowerShell		Windows PowerShell			n-h1-851832-3.cbci-851832-3.local		8/2/2022 3:51:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb20ba08-5380-4cfd-a6bb-480da56f0c41 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion=5.1.14393.1944 RunspaceId=28b212fb-c381-4747-a17f-16fc883a68fa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2556	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb20ba08-5380-4cfd-a6bb-480da56f0c41 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion=5.1.14393.1944 RunspaceId=28b212fb-c381-4747-a17f-16fc883a68fa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2555	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb20ba08-5380-4cfd-a6bb-480da56f0c41 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2554	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb20ba08-5380-4cfd-a6bb-480da56f0c41 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2553	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb20ba08-5380-4cfd-a6bb-480da56f0c41 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2552	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb20ba08-5380-4cfd-a6bb-480da56f0c41 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2551	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb20ba08-5380-4cfd-a6bb-480da56f0c41 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2550	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb20ba08-5380-4cfd-a6bb-480da56f0c41 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2549	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6544410c-aa46-4586-8921-c3fcf25691c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion=5.1.14393.1944 RunspaceId=2ade9413-81fc-41bb-be0e-fdecc94543ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2548	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6544410c-aa46-4586-8921-c3fcf25691c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion=5.1.14393.1944 RunspaceId=2ade9413-81fc-41bb-be0e-fdecc94543ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2547	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6544410c-aa46-4586-8921-c3fcf25691c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2546	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6544410c-aa46-4586-8921-c3fcf25691c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2545	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6544410c-aa46-4586-8921-c3fcf25691c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2544	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6544410c-aa46-4586-8921-c3fcf25691c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2543	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6544410c-aa46-4586-8921-c3fcf25691c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2542	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6544410c-aa46-4586-8921-c3fcf25691c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2541	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=abdb89bf-6ec3-4d28-a577-31781d68b863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA= EngineVersion=5.1.14393.1944 RunspaceId=bd250796-4576-4612-bb1f-d616428cc527 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2540	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=abdb89bf-6ec3-4d28-a577-31781d68b863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA= EngineVersion=5.1.14393.1944 RunspaceId=bd250796-4576-4612-bb1f-d616428cc527 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2539	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=abdb89bf-6ec3-4d28-a577-31781d68b863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2538	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=abdb89bf-6ec3-4d28-a577-31781d68b863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2537	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=abdb89bf-6ec3-4d28-a577-31781d68b863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2536	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=abdb89bf-6ec3-4d28-a577-31781d68b863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2535	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=abdb89bf-6ec3-4d28-a577-31781d68b863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2534	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=abdb89bf-6ec3-4d28-a577-31781d68b863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2533	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2ec2b456-8fa1-4056-a29e-a715979047ae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion=5.1.14393.1944 RunspaceId=0fec602e-49cc-4a76-88a1-51dbd4ba9e5f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2532	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2ec2b456-8fa1-4056-a29e-a715979047ae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion=5.1.14393.1944 RunspaceId=0fec602e-49cc-4a76-88a1-51dbd4ba9e5f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2531	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2ec2b456-8fa1-4056-a29e-a715979047ae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2530	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2ec2b456-8fa1-4056-a29e-a715979047ae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2529	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2ec2b456-8fa1-4056-a29e-a715979047ae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2528	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2ec2b456-8fa1-4056-a29e-a715979047ae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2527	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2ec2b456-8fa1-4056-a29e-a715979047ae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2526	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2ec2b456-8fa1-4056-a29e-a715979047ae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2525	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=74eba211-cfeb-489a-bf00-6bb71b0cae9f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b4b45997-fcd3-4776-a4eb-f9c4ad6c582e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2524	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5bd38fed-f463-4e8f-bb9e-30a0031ede76 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1657788e-ef66-4949-aa45-766181c8e921 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2523	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5bd38fed-f463-4e8f-bb9e-30a0031ede76 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2522	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5bd38fed-f463-4e8f-bb9e-30a0031ede76 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2521	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5bd38fed-f463-4e8f-bb9e-30a0031ede76 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2520	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5bd38fed-f463-4e8f-bb9e-30a0031ede76 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2519	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5bd38fed-f463-4e8f-bb9e-30a0031ede76 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2518	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5bd38fed-f463-4e8f-bb9e-30a0031ede76 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2517	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5bd38fed-f463-4e8f-bb9e-30a0031ede76 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2516	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5bd38fed-f463-4e8f-bb9e-30a0031ede76 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2515	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=74eba211-cfeb-489a-bf00-6bb71b0cae9f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b4b45997-fcd3-4776-a4eb-f9c4ad6c582e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2514	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=74eba211-cfeb-489a-bf00-6bb71b0cae9f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2513	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=74eba211-cfeb-489a-bf00-6bb71b0cae9f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2512	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=74eba211-cfeb-489a-bf00-6bb71b0cae9f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2511	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=74eba211-cfeb-489a-bf00-6bb71b0cae9f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2510	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=74eba211-cfeb-489a-bf00-6bb71b0cae9f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2509	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=74eba211-cfeb-489a-bf00-6bb71b0cae9f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2508	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d7f56680-9475-4005-bdaa-ae7934478208 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=704eaa74-8374-4a3e-994d-39629ad4398a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2507	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=55d09414-23b2-409c-a323-4c9b1fc88c43 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4c680dad-7fa2-45ae-854c-cf2a1f710f1f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2506	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=55d09414-23b2-409c-a323-4c9b1fc88c43 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2505	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=55d09414-23b2-409c-a323-4c9b1fc88c43 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2504	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=55d09414-23b2-409c-a323-4c9b1fc88c43 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2503	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=55d09414-23b2-409c-a323-4c9b1fc88c43 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2502	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=55d09414-23b2-409c-a323-4c9b1fc88c43 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2501	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=55d09414-23b2-409c-a323-4c9b1fc88c43 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2500	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=55d09414-23b2-409c-a323-4c9b1fc88c43 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2499	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=55d09414-23b2-409c-a323-4c9b1fc88c43 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2498	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d7f56680-9475-4005-bdaa-ae7934478208 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=704eaa74-8374-4a3e-994d-39629ad4398a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2497	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d7f56680-9475-4005-bdaa-ae7934478208 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2496	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d7f56680-9475-4005-bdaa-ae7934478208 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2495	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d7f56680-9475-4005-bdaa-ae7934478208 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2494	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d7f56680-9475-4005-bdaa-ae7934478208 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2493	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d7f56680-9475-4005-bdaa-ae7934478208 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2492	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d7f56680-9475-4005-bdaa-ae7934478208 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2491	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06fe2aff-bcdf-4c01-b5ec-2e20af6ef13f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4e09cd7e-707d-481f-822f-73f1631bba81 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2490	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=84a27a7c-b29b-4cfb-a085-bfb39fca8cf2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA EngineVersion=5.1.14393.1944 RunspaceId=a007d375-5649-4848-9ac5-8816f527c78d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2489	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=84a27a7c-b29b-4cfb-a085-bfb39fca8cf2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA EngineVersion=5.1.14393.1944 RunspaceId=a007d375-5649-4848-9ac5-8816f527c78d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2488	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=84a27a7c-b29b-4cfb-a085-bfb39fca8cf2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2487	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=84a27a7c-b29b-4cfb-a085-bfb39fca8cf2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2486	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=84a27a7c-b29b-4cfb-a085-bfb39fca8cf2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2485	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=84a27a7c-b29b-4cfb-a085-bfb39fca8cf2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2484	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=84a27a7c-b29b-4cfb-a085-bfb39fca8cf2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2483	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=84a27a7c-b29b-4cfb-a085-bfb39fca8cf2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2482	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=1eded06c-0bd5-4ca8-b003-630ef2a42e1a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9b261a7a-abf5-4611-8eb2-fbf2213651e6 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2481	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1eded06c-0bd5-4ca8-b003-630ef2a42e1a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9b261a7a-abf5-4611-8eb2-fbf2213651e6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2480	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1eded06c-0bd5-4ca8-b003-630ef2a42e1a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2479	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1eded06c-0bd5-4ca8-b003-630ef2a42e1a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2478	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1eded06c-0bd5-4ca8-b003-630ef2a42e1a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2477	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1eded06c-0bd5-4ca8-b003-630ef2a42e1a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2476	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1eded06c-0bd5-4ca8-b003-630ef2a42e1a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2475	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1eded06c-0bd5-4ca8-b003-630ef2a42e1a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2474	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1eded06c-0bd5-4ca8-b003-630ef2a42e1a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2473	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1eded06c-0bd5-4ca8-b003-630ef2a42e1a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2472	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06fe2aff-bcdf-4c01-b5ec-2e20af6ef13f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4e09cd7e-707d-481f-822f-73f1631bba81 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2471	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06fe2aff-bcdf-4c01-b5ec-2e20af6ef13f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2470	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06fe2aff-bcdf-4c01-b5ec-2e20af6ef13f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2469	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06fe2aff-bcdf-4c01-b5ec-2e20af6ef13f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2468	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06fe2aff-bcdf-4c01-b5ec-2e20af6ef13f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2467	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06fe2aff-bcdf-4c01-b5ec-2e20af6ef13f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2466	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06fe2aff-bcdf-4c01-b5ec-2e20af6ef13f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2465	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=36 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=33780761-7a5f-4bee-9ed9-c04a345a3eb1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6556052a-a9c1-41a9-be9a-3d71d87111f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2464	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=34 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=36c1c2b7-896a-4916-828c-19592bebbca3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6fae3ba9-51ad-46e8-bff7-6d31f2166454 PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"	800		0	4	8		36028797018963968	2463	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=36c1c2b7-896a-4916-828c-19592bebbca3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6fae3ba9-51ad-46e8-bff7-6d31f2166454 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2462	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=36c1c2b7-896a-4916-828c-19592bebbca3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2461	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=36c1c2b7-896a-4916-828c-19592bebbca3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2460	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=36c1c2b7-896a-4916-828c-19592bebbca3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2459	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=36c1c2b7-896a-4916-828c-19592bebbca3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2458	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=36c1c2b7-896a-4916-828c-19592bebbca3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2457	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=36c1c2b7-896a-4916-828c-19592bebbca3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2456	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=36c1c2b7-896a-4916-828c-19592bebbca3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2455	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=36c1c2b7-896a-4916-828c-19592bebbca3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2454	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=33780761-7a5f-4bee-9ed9-c04a345a3eb1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6556052a-a9c1-41a9-be9a-3d71d87111f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2453	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=33780761-7a5f-4bee-9ed9-c04a345a3eb1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2452	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=33780761-7a5f-4bee-9ed9-c04a345a3eb1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2451	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=33780761-7a5f-4bee-9ed9-c04a345a3eb1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2450	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=33780761-7a5f-4bee-9ed9-c04a345a3eb1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2449	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=33780761-7a5f-4bee-9ed9-c04a345a3eb1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2448	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=33780761-7a5f-4bee-9ed9-c04a345a3eb1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2447	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:51:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1aa72e18-5b24-431f-94b1-e0f9d1885cff HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=439d2fb8-b6bb-4c83-bdea-7f238093809c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2446	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3b30530-91b1-4a35-817d-e9632e84b1e7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=0947d466-2ccb-4798-8f3e-e38f2130530b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2445	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3b30530-91b1-4a35-817d-e9632e84b1e7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2444	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3b30530-91b1-4a35-817d-e9632e84b1e7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2443	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3b30530-91b1-4a35-817d-e9632e84b1e7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2442	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3b30530-91b1-4a35-817d-e9632e84b1e7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2441	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3b30530-91b1-4a35-817d-e9632e84b1e7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2440	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3b30530-91b1-4a35-817d-e9632e84b1e7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2439	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3b30530-91b1-4a35-817d-e9632e84b1e7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2438	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3b30530-91b1-4a35-817d-e9632e84b1e7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2437	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1aa72e18-5b24-431f-94b1-e0f9d1885cff HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=439d2fb8-b6bb-4c83-bdea-7f238093809c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2436	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1aa72e18-5b24-431f-94b1-e0f9d1885cff HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2435	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1aa72e18-5b24-431f-94b1-e0f9d1885cff HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2434	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1aa72e18-5b24-431f-94b1-e0f9d1885cff HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2433	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1aa72e18-5b24-431f-94b1-e0f9d1885cff HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2432	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1aa72e18-5b24-431f-94b1-e0f9d1885cff HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2431	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1aa72e18-5b24-431f-94b1-e0f9d1885cff HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2430	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6caf1134-b02a-4e96-bc34-332595930e18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQAwAEEARABRAEEATQBRAEEAdQBBAEQATQBBAE0AdwBBAHQAQQBEAEUAQQBNAFEAQQB5AEEARABJAEEATQBRAEEAMwBBAEQAUQBBAE8AQQBBADEAQQBEAGMAQQBNAGcAQQB4AEEARABFAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=ed356a9b-5d18-447b-9659-dac571699354 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2429	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ac2957ec-2739-4ed2-976a-592f52840f27 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADQAMQAuADMAMwAtADEAMQAyADIAMQA3ADQAOAA1ADcAMgAxADEANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=f699d3f7-10ff-4822-b9a8-da7730d46498 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2428	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ac2957ec-2739-4ed2-976a-592f52840f27 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADQAMQAuADMAMwAtADEAMQAyADIAMQA3ADQAOAA1ADcAMgAxADEANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=f699d3f7-10ff-4822-b9a8-da7730d46498 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2427	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ac2957ec-2739-4ed2-976a-592f52840f27 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADQAMQAuADMAMwAtADEAMQAyADIAMQA3ADQAOAA1ADcAMgAxADEANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2426	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ac2957ec-2739-4ed2-976a-592f52840f27 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADQAMQAuADMAMwAtADEAMQAyADIAMQA3ADQAOAA1ADcAMgAxADEANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2425	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ac2957ec-2739-4ed2-976a-592f52840f27 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADQAMQAuADMAMwAtADEAMQAyADIAMQA3ADQAOAA1ADcAMgAxADEANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2424	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ac2957ec-2739-4ed2-976a-592f52840f27 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADQAMQAuADMAMwAtADEAMQAyADIAMQA3ADQAOAA1ADcAMgAxADEANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2423	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ac2957ec-2739-4ed2-976a-592f52840f27 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADQAMQAuADMAMwAtADEAMQAyADIAMQA3ADQAOAA1ADcAMgAxADEANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2422	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ac2957ec-2739-4ed2-976a-592f52840f27 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADQAMQAuADMAMwAtADEAMQAyADIAMQA3ADQAOAA1ADcAMgAxADEANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2421	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6caf1134-b02a-4e96-bc34-332595930e18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQAwAEEARABRAEEATQBRAEEAdQBBAEQATQBBAE0AdwBBAHQAQQBEAEUAQQBNAFEAQQB5AEEARABJAEEATQBRAEEAMwBBAEQAUQBBAE8AQQBBADEAQQBEAGMAQQBNAGcAQQB4AEEARABFAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=ed356a9b-5d18-447b-9659-dac571699354 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2420	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6caf1134-b02a-4e96-bc34-332595930e18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQAwAEEARABRAEEATQBRAEEAdQBBAEQATQBBAE0AdwBBAHQAQQBEAEUAQQBNAFEAQQB5AEEARABJAEEATQBRAEEAMwBBAEQAUQBBAE8AQQBBADEAQQBEAGMAQQBNAGcAQQB4AEEARABFAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2419	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6caf1134-b02a-4e96-bc34-332595930e18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQAwAEEARABRAEEATQBRAEEAdQBBAEQATQBBAE0AdwBBAHQAQQBEAEUAQQBNAFEAQQB5AEEARABJAEEATQBRAEEAMwBBAEQAUQBBAE8AQQBBADEAQQBEAGMAQQBNAGcAQQB4AEEARABFAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2418	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6caf1134-b02a-4e96-bc34-332595930e18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQAwAEEARABRAEEATQBRAEEAdQBBAEQATQBBAE0AdwBBAHQAQQBEAEUAQQBNAFEAQQB5AEEARABJAEEATQBRAEEAMwBBAEQAUQBBAE8AQQBBADEAQQBEAGMAQQBNAGcAQQB4AEEARABFAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2417	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6caf1134-b02a-4e96-bc34-332595930e18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQAwAEEARABRAEEATQBRAEEAdQBBAEQATQBBAE0AdwBBAHQAQQBEAEUAQQBNAFEAQQB5AEEARABJAEEATQBRAEEAMwBBAEQAUQBBAE8AQQBBADEAQQBEAGMAQQBNAGcAQQB4AEEARABFAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2416	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6caf1134-b02a-4e96-bc34-332595930e18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQAwAEEARABRAEEATQBRAEEAdQBBAEQATQBBAE0AdwBBAHQAQQBEAEUAQQBNAFEAQQB5AEEARABJAEEATQBRAEEAMwBBAEQAUQBBAE8AQQBBADEAQQBEAGMAQQBNAGcAQQB4AEEARABFAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2415	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6caf1134-b02a-4e96-bc34-332595930e18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQAwAEEARABRAEEATQBRAEEAdQBBAEQATQBBAE0AdwBBAHQAQQBEAEUAQQBNAFEAQQB5AEEARABJAEEATQBRAEEAMwBBAEQAUQBBAE8AQQBBADEAQQBEAGMAQQBNAGcAQQB4AEEARABFAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2414	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=99390a82-ccbd-4dea-882d-03abe5911760 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d3e9c830-7a6f-4bbb-81ae-bf78c5eb07ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2413	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5643636d-616f-46f9-a293-b673e5bd7b65 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c1620000-5109-4959-88fd-539dfe62553b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2412	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5643636d-616f-46f9-a293-b673e5bd7b65 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2411	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5643636d-616f-46f9-a293-b673e5bd7b65 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2410	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5643636d-616f-46f9-a293-b673e5bd7b65 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2409	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5643636d-616f-46f9-a293-b673e5bd7b65 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2408	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5643636d-616f-46f9-a293-b673e5bd7b65 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2407	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5643636d-616f-46f9-a293-b673e5bd7b65 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2406	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5643636d-616f-46f9-a293-b673e5bd7b65 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2405	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5643636d-616f-46f9-a293-b673e5bd7b65 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2404	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=99390a82-ccbd-4dea-882d-03abe5911760 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d3e9c830-7a6f-4bbb-81ae-bf78c5eb07ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2403	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=99390a82-ccbd-4dea-882d-03abe5911760 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2402	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=99390a82-ccbd-4dea-882d-03abe5911760 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2401	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=99390a82-ccbd-4dea-882d-03abe5911760 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2400	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=99390a82-ccbd-4dea-882d-03abe5911760 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2399	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=99390a82-ccbd-4dea-882d-03abe5911760 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2398	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=99390a82-ccbd-4dea-882d-03abe5911760 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2397	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e101ffca-dfee-4d44-b574-ecc975a98b85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADQAMQAuADMAMwAtADEAMQAyADIAMQA3ADQAOAA1ADcAMgAxADEANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=012010b1-172d-4bcd-bf6b-c98d84e20352 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2396	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e101ffca-dfee-4d44-b574-ecc975a98b85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADQAMQAuADMAMwAtADEAMQAyADIAMQA3ADQAOAA1ADcAMgAxADEANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=012010b1-172d-4bcd-bf6b-c98d84e20352 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2395	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e101ffca-dfee-4d44-b574-ecc975a98b85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADQAMQAuADMAMwAtADEAMQAyADIAMQA3ADQAOAA1ADcAMgAxADEANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2394	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e101ffca-dfee-4d44-b574-ecc975a98b85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADQAMQAuADMAMwAtADEAMQAyADIAMQA3ADQAOAA1ADcAMgAxADEANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2393	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e101ffca-dfee-4d44-b574-ecc975a98b85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADQAMQAuADMAMwAtADEAMQAyADIAMQA3ADQAOAA1ADcAMgAxADEANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2392	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e101ffca-dfee-4d44-b574-ecc975a98b85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADQAMQAuADMAMwAtADEAMQAyADIAMQA3ADQAOAA1ADcAMgAxADEANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2391	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e101ffca-dfee-4d44-b574-ecc975a98b85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADQAMQAuADMAMwAtADEAMQAyADIAMQA3ADQAOAA1ADcAMgAxADEANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2390	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e101ffca-dfee-4d44-b574-ecc975a98b85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADQAMQAuADMAMwAtADEAMQAyADIAMQA3ADQAOAA1ADcAMgAxADEANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2389	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=407de5e7-a856-4537-9923-4eb35a6cc305 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAFEAQQBOAEEAQQB4AEEAQwA0AEEATQB3AEEAegBBAEMAMABBAE0AUQBBAHgAQQBEAEkAQQBNAGcAQQB4AEEARABjAEEATgBBAEEANABBAEQAVQBBAE4AdwBBAHkAQQBEAEUAQQBNAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=25b2b19f-8950-4d0a-8609-80de52414b76 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2388	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0e986b6e-27be-426b-8c98-90cd0e83e0d9 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADQANAAxAC4AMwAzAC0AMQAxADIAMgAxADcANAA4ADUANwAyADEAMQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=622d1da5-62da-4321-9b8c-a550bde4d97d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2387	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0e986b6e-27be-426b-8c98-90cd0e83e0d9 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADQANAAxAC4AMwAzAC0AMQAxADIAMgAxADcANAA4ADUANwAyADEAMQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=622d1da5-62da-4321-9b8c-a550bde4d97d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2386	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0e986b6e-27be-426b-8c98-90cd0e83e0d9 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADQANAAxAC4AMwAzAC0AMQAxADIAMgAxADcANAA4ADUANwAyADEAMQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2385	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0e986b6e-27be-426b-8c98-90cd0e83e0d9 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADQANAAxAC4AMwAzAC0AMQAxADIAMgAxADcANAA4ADUANwAyADEAMQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2384	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0e986b6e-27be-426b-8c98-90cd0e83e0d9 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADQANAAxAC4AMwAzAC0AMQAxADIAMgAxADcANAA4ADUANwAyADEAMQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2383	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0e986b6e-27be-426b-8c98-90cd0e83e0d9 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADQANAAxAC4AMwAzAC0AMQAxADIAMgAxADcANAA4ADUANwAyADEAMQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2382	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0e986b6e-27be-426b-8c98-90cd0e83e0d9 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADQANAAxAC4AMwAzAC0AMQAxADIAMgAxADcANAA4ADUANwAyADEAMQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2381	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0e986b6e-27be-426b-8c98-90cd0e83e0d9 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADQANAAxAC4AMwAzAC0AMQAxADIAMgAxADcANAA4ADUANwAyADEAMQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2380	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=407de5e7-a856-4537-9923-4eb35a6cc305 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAFEAQQBOAEEAQQB4AEEAQwA0AEEATQB3AEEAegBBAEMAMABBAE0AUQBBAHgAQQBEAEkAQQBNAGcAQQB4AEEARABjAEEATgBBAEEANABBAEQAVQBBAE4AdwBBAHkAQQBEAEUAQQBNAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=25b2b19f-8950-4d0a-8609-80de52414b76 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2379	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=407de5e7-a856-4537-9923-4eb35a6cc305 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAFEAQQBOAEEAQQB4AEEAQwA0AEEATQB3AEEAegBBAEMAMABBAE0AUQBBAHgAQQBEAEkAQQBNAGcAQQB4AEEARABjAEEATgBBAEEANABBAEQAVQBBAE4AdwBBAHkAQQBEAEUAQQBNAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2378	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=407de5e7-a856-4537-9923-4eb35a6cc305 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAFEAQQBOAEEAQQB4AEEAQwA0AEEATQB3AEEAegBBAEMAMABBAE0AUQBBAHgAQQBEAEkAQQBNAGcAQQB4AEEARABjAEEATgBBAEEANABBAEQAVQBBAE4AdwBBAHkAQQBEAEUAQQBNAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2377	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=407de5e7-a856-4537-9923-4eb35a6cc305 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAFEAQQBOAEEAQQB4AEEAQwA0AEEATQB3AEEAegBBAEMAMABBAE0AUQBBAHgAQQBEAEkAQQBNAGcAQQB4AEEARABjAEEATgBBAEEANABBAEQAVQBBAE4AdwBBAHkAQQBEAEUAQQBNAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2376	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=407de5e7-a856-4537-9923-4eb35a6cc305 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAFEAQQBOAEEAQQB4AEEAQwA0AEEATQB3AEEAegBBAEMAMABBAE0AUQBBAHgAQQBEAEkAQQBNAGcAQQB4AEEARABjAEEATgBBAEEANABBAEQAVQBBAE4AdwBBAHkAQQBEAEUAQQBNAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2375	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=407de5e7-a856-4537-9923-4eb35a6cc305 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAFEAQQBOAEEAQQB4AEEAQwA0AEEATQB3AEEAegBBAEMAMABBAE0AUQBBAHgAQQBEAEkAQQBNAGcAQQB4AEEARABjAEEATgBBAEEANABBAEQAVQBBAE4AdwBBAHkAQQBEAEUAQQBNAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2374	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=407de5e7-a856-4537-9923-4eb35a6cc305 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAFEAQQBOAEEAQQB4AEEAQwA0AEEATQB3AEEAegBBAEMAMABBAE0AUQBBAHgAQQBEAEkAQQBNAGcAQQB4AEEARABjAEEATgBBAEEANABBAEQAVQBBAE4AdwBBAHkAQQBEAEUAQQBNAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2373	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e6478575-5cad-4dca-9f8b-5d88a78945f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=707432c7-55bc-4235-adff-a1d0f4dc08c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2372	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d36e71d2-89fa-4a35-a2e6-31f8dc5408c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f9e7febc-5610-41db-849e-6700b9266a19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2371	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d36e71d2-89fa-4a35-a2e6-31f8dc5408c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2370	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d36e71d2-89fa-4a35-a2e6-31f8dc5408c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2369	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d36e71d2-89fa-4a35-a2e6-31f8dc5408c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2368	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d36e71d2-89fa-4a35-a2e6-31f8dc5408c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2367	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d36e71d2-89fa-4a35-a2e6-31f8dc5408c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2366	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d36e71d2-89fa-4a35-a2e6-31f8dc5408c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2365	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d36e71d2-89fa-4a35-a2e6-31f8dc5408c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2364	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d36e71d2-89fa-4a35-a2e6-31f8dc5408c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2363	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e6478575-5cad-4dca-9f8b-5d88a78945f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=707432c7-55bc-4235-adff-a1d0f4dc08c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2362	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e6478575-5cad-4dca-9f8b-5d88a78945f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2361	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e6478575-5cad-4dca-9f8b-5d88a78945f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2360	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e6478575-5cad-4dca-9f8b-5d88a78945f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2359	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e6478575-5cad-4dca-9f8b-5d88a78945f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2358	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e6478575-5cad-4dca-9f8b-5d88a78945f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2357	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e6478575-5cad-4dca-9f8b-5d88a78945f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2356	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:34:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=be11bbcb-7a91-4270-a778-46fc3450d4d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3b4c3783-64c8-4bf3-987c-478a69bbb326 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2355	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8fb9206d-e44a-4cc8-9c3b-d9a33652c1a0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion=5.1.14393.1944 RunspaceId=41ddafc6-6bdf-484b-a65a-736c5876d21c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2354	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8fb9206d-e44a-4cc8-9c3b-d9a33652c1a0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion=5.1.14393.1944 RunspaceId=41ddafc6-6bdf-484b-a65a-736c5876d21c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2353	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8fb9206d-e44a-4cc8-9c3b-d9a33652c1a0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2352	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8fb9206d-e44a-4cc8-9c3b-d9a33652c1a0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2351	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8fb9206d-e44a-4cc8-9c3b-d9a33652c1a0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2350	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8fb9206d-e44a-4cc8-9c3b-d9a33652c1a0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2349	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8fb9206d-e44a-4cc8-9c3b-d9a33652c1a0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2348	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8fb9206d-e44a-4cc8-9c3b-d9a33652c1a0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2347	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=0371442c-0a1a-4890-b4b2-a9c5c3cf9c1c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d0580ea2-ce30-46b3-9927-58006404f181 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2346	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0371442c-0a1a-4890-b4b2-a9c5c3cf9c1c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d0580ea2-ce30-46b3-9927-58006404f181 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2345	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0371442c-0a1a-4890-b4b2-a9c5c3cf9c1c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2344	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0371442c-0a1a-4890-b4b2-a9c5c3cf9c1c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2343	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0371442c-0a1a-4890-b4b2-a9c5c3cf9c1c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2342	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0371442c-0a1a-4890-b4b2-a9c5c3cf9c1c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2341	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0371442c-0a1a-4890-b4b2-a9c5c3cf9c1c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2340	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0371442c-0a1a-4890-b4b2-a9c5c3cf9c1c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2339	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0371442c-0a1a-4890-b4b2-a9c5c3cf9c1c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2338	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0371442c-0a1a-4890-b4b2-a9c5c3cf9c1c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2337	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=be11bbcb-7a91-4270-a778-46fc3450d4d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3b4c3783-64c8-4bf3-987c-478a69bbb326 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2336	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=be11bbcb-7a91-4270-a778-46fc3450d4d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2335	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=be11bbcb-7a91-4270-a778-46fc3450d4d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2334	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=be11bbcb-7a91-4270-a778-46fc3450d4d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2333	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=be11bbcb-7a91-4270-a778-46fc3450d4d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2332	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=be11bbcb-7a91-4270-a778-46fc3450d4d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2331	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=be11bbcb-7a91-4270-a778-46fc3450d4d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2330	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=652da6f7-e70e-46d8-ba24-632a8c8b3280 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=0fb6e360-31ed-497d-b036-b9b6aa0fa412 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2329	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5db2f747-e0e4-40ae-af7a-503b1a031fbb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=cce5ae69-be6c-4bf7-a202-44383766e23a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2328	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5db2f747-e0e4-40ae-af7a-503b1a031fbb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2327	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5db2f747-e0e4-40ae-af7a-503b1a031fbb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2326	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5db2f747-e0e4-40ae-af7a-503b1a031fbb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2325	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5db2f747-e0e4-40ae-af7a-503b1a031fbb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2324	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5db2f747-e0e4-40ae-af7a-503b1a031fbb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2323	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5db2f747-e0e4-40ae-af7a-503b1a031fbb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2322	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5db2f747-e0e4-40ae-af7a-503b1a031fbb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2321	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5db2f747-e0e4-40ae-af7a-503b1a031fbb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2320	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=652da6f7-e70e-46d8-ba24-632a8c8b3280 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=0fb6e360-31ed-497d-b036-b9b6aa0fa412 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2319	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=652da6f7-e70e-46d8-ba24-632a8c8b3280 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2318	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=652da6f7-e70e-46d8-ba24-632a8c8b3280 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2317	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=652da6f7-e70e-46d8-ba24-632a8c8b3280 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2316	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=652da6f7-e70e-46d8-ba24-632a8c8b3280 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2315	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=652da6f7-e70e-46d8-ba24-632a8c8b3280 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2314	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=652da6f7-e70e-46d8-ba24-632a8c8b3280 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2313	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a62b6c40-7641-4cc3-82ce-15870f1027a7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f738c28b-db43-4b88-9700-d1cbd07024f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2312	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=043d1f99-dcae-4873-b341-8fa9e2d9f37a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion=5.1.14393.1944 RunspaceId=3960809c-c759-4d02-96b9-64a80b85050e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2311	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=043d1f99-dcae-4873-b341-8fa9e2d9f37a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion=5.1.14393.1944 RunspaceId=3960809c-c759-4d02-96b9-64a80b85050e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2310	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=043d1f99-dcae-4873-b341-8fa9e2d9f37a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2309	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=043d1f99-dcae-4873-b341-8fa9e2d9f37a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2308	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=043d1f99-dcae-4873-b341-8fa9e2d9f37a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2307	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=043d1f99-dcae-4873-b341-8fa9e2d9f37a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2306	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=043d1f99-dcae-4873-b341-8fa9e2d9f37a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2305	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=043d1f99-dcae-4873-b341-8fa9e2d9f37a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2304	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=375d0918-934c-4da9-a959-af950675dc04 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d710abcb-3272-4c7c-8590-02817a3cf280 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2303	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=375d0918-934c-4da9-a959-af950675dc04 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d710abcb-3272-4c7c-8590-02817a3cf280 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2302	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=375d0918-934c-4da9-a959-af950675dc04 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2301	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=375d0918-934c-4da9-a959-af950675dc04 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2300	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=375d0918-934c-4da9-a959-af950675dc04 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2299	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=375d0918-934c-4da9-a959-af950675dc04 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2298	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=375d0918-934c-4da9-a959-af950675dc04 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2297	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=375d0918-934c-4da9-a959-af950675dc04 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2296	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=375d0918-934c-4da9-a959-af950675dc04 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2295	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=375d0918-934c-4da9-a959-af950675dc04 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2294	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a62b6c40-7641-4cc3-82ce-15870f1027a7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f738c28b-db43-4b88-9700-d1cbd07024f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2293	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a62b6c40-7641-4cc3-82ce-15870f1027a7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2292	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a62b6c40-7641-4cc3-82ce-15870f1027a7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2291	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a62b6c40-7641-4cc3-82ce-15870f1027a7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2290	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a62b6c40-7641-4cc3-82ce-15870f1027a7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2289	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a62b6c40-7641-4cc3-82ce-15870f1027a7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2288	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a62b6c40-7641-4cc3-82ce-15870f1027a7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2287	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5b6735d1-e6b5-490d-8601-a3ba22b26641 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQAwAEEARABFAEEATgBRAEEAdQBBAEQAUQBBAE4AdwBBAHQAQQBEAEkAQQBNAHcAQQB4AEEARABJAEEATQB3AEEAMwBBAEQAVQBBAE8AUQBBAHkAQQBEAGsAQQBOAFEAQQA1AEEARABnAEEATQB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=aba6f119-99b4-414f-87e0-bd13e7cbb6c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2286	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51769c26-642a-47ba-930f-92b7497e0a47 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADEANQAuADQANwAtADIAMwAxADIAMwA3ADUAOQAyADkANQA5ADgAMwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=ccc678e7-ce87-4364-a57b-354d539be7a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2285	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51769c26-642a-47ba-930f-92b7497e0a47 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADEANQAuADQANwAtADIAMwAxADIAMwA3ADUAOQAyADkANQA5ADgAMwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=ccc678e7-ce87-4364-a57b-354d539be7a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2284	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51769c26-642a-47ba-930f-92b7497e0a47 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADEANQAuADQANwAtADIAMwAxADIAMwA3ADUAOQAyADkANQA5ADgAMwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2283	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51769c26-642a-47ba-930f-92b7497e0a47 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADEANQAuADQANwAtADIAMwAxADIAMwA3ADUAOQAyADkANQA5ADgAMwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2282	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51769c26-642a-47ba-930f-92b7497e0a47 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADEANQAuADQANwAtADIAMwAxADIAMwA3ADUAOQAyADkANQA5ADgAMwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2281	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51769c26-642a-47ba-930f-92b7497e0a47 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADEANQAuADQANwAtADIAMwAxADIAMwA3ADUAOQAyADkANQA5ADgAMwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2280	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51769c26-642a-47ba-930f-92b7497e0a47 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADEANQAuADQANwAtADIAMwAxADIAMwA3ADUAOQAyADkANQA5ADgAMwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2279	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51769c26-642a-47ba-930f-92b7497e0a47 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADEANQAuADQANwAtADIAMwAxADIAMwA3ADUAOQAyADkANQA5ADgAMwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2278	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5b6735d1-e6b5-490d-8601-a3ba22b26641 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQAwAEEARABFAEEATgBRAEEAdQBBAEQAUQBBAE4AdwBBAHQAQQBEAEkAQQBNAHcAQQB4AEEARABJAEEATQB3AEEAMwBBAEQAVQBBAE8AUQBBAHkAQQBEAGsAQQBOAFEAQQA1AEEARABnAEEATQB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=aba6f119-99b4-414f-87e0-bd13e7cbb6c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2277	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5b6735d1-e6b5-490d-8601-a3ba22b26641 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQAwAEEARABFAEEATgBRAEEAdQBBAEQAUQBBAE4AdwBBAHQAQQBEAEkAQQBNAHcAQQB4AEEARABJAEEATQB3AEEAMwBBAEQAVQBBAE8AUQBBAHkAQQBEAGsAQQBOAFEAQQA1AEEARABnAEEATQB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2276	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5b6735d1-e6b5-490d-8601-a3ba22b26641 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQAwAEEARABFAEEATgBRAEEAdQBBAEQAUQBBAE4AdwBBAHQAQQBEAEkAQQBNAHcAQQB4AEEARABJAEEATQB3AEEAMwBBAEQAVQBBAE8AUQBBAHkAQQBEAGsAQQBOAFEAQQA1AEEARABnAEEATQB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2275	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5b6735d1-e6b5-490d-8601-a3ba22b26641 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQAwAEEARABFAEEATgBRAEEAdQBBAEQAUQBBAE4AdwBBAHQAQQBEAEkAQQBNAHcAQQB4AEEARABJAEEATQB3AEEAMwBBAEQAVQBBAE8AUQBBAHkAQQBEAGsAQQBOAFEAQQA1AEEARABnAEEATQB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2274	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5b6735d1-e6b5-490d-8601-a3ba22b26641 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQAwAEEARABFAEEATgBRAEEAdQBBAEQAUQBBAE4AdwBBAHQAQQBEAEkAQQBNAHcAQQB4AEEARABJAEEATQB3AEEAMwBBAEQAVQBBAE8AUQBBAHkAQQBEAGsAQQBOAFEAQQA1AEEARABnAEEATQB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2273	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5b6735d1-e6b5-490d-8601-a3ba22b26641 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQAwAEEARABFAEEATgBRAEEAdQBBAEQAUQBBAE4AdwBBAHQAQQBEAEkAQQBNAHcAQQB4AEEARABJAEEATQB3AEEAMwBBAEQAVQBBAE8AUQBBAHkAQQBEAGsAQQBOAFEAQQA1AEEARABnAEEATQB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2272	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5b6735d1-e6b5-490d-8601-a3ba22b26641 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQAwAEEARABFAEEATgBRAEEAdQBBAEQAUQBBAE4AdwBBAHQAQQBEAEkAQQBNAHcAQQB4AEEARABJAEEATQB3AEEAMwBBAEQAVQBBAE8AUQBBAHkAQQBEAGsAQQBOAFEAQQA1AEEARABnAEEATQB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2271	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0b89003-c788-4d21-a582-23a48a6dfdba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7c2c7f85-59cc-4a5d-85af-820b6ce47af2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2270	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=275f1d93-eb86-42af-a791-ac26b14dab58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6682cf56-76c0-4550-a040-1b15902cff7a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2269	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=275f1d93-eb86-42af-a791-ac26b14dab58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2268	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=275f1d93-eb86-42af-a791-ac26b14dab58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2267	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=275f1d93-eb86-42af-a791-ac26b14dab58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2266	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=275f1d93-eb86-42af-a791-ac26b14dab58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2265	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=275f1d93-eb86-42af-a791-ac26b14dab58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2264	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=275f1d93-eb86-42af-a791-ac26b14dab58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2263	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=275f1d93-eb86-42af-a791-ac26b14dab58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2262	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=275f1d93-eb86-42af-a791-ac26b14dab58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2261	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0b89003-c788-4d21-a582-23a48a6dfdba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7c2c7f85-59cc-4a5d-85af-820b6ce47af2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2260	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0b89003-c788-4d21-a582-23a48a6dfdba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2259	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0b89003-c788-4d21-a582-23a48a6dfdba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2258	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0b89003-c788-4d21-a582-23a48a6dfdba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2257	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0b89003-c788-4d21-a582-23a48a6dfdba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2256	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0b89003-c788-4d21-a582-23a48a6dfdba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2255	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0b89003-c788-4d21-a582-23a48a6dfdba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2254	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f81016c8-4994-4b47-ad68-ccddbe58b02a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADEANQAuADQANwAtADIAMwAxADIAMwA3ADUAOQAyADkANQA5ADgAMwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=13285e20-a4f7-4833-b72d-3b804a1819bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2253	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f81016c8-4994-4b47-ad68-ccddbe58b02a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADEANQAuADQANwAtADIAMwAxADIAMwA3ADUAOQAyADkANQA5ADgAMwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=13285e20-a4f7-4833-b72d-3b804a1819bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2252	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f81016c8-4994-4b47-ad68-ccddbe58b02a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADEANQAuADQANwAtADIAMwAxADIAMwA3ADUAOQAyADkANQA5ADgAMwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2251	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f81016c8-4994-4b47-ad68-ccddbe58b02a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADEANQAuADQANwAtADIAMwAxADIAMwA3ADUAOQAyADkANQA5ADgAMwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2250	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f81016c8-4994-4b47-ad68-ccddbe58b02a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADEANQAuADQANwAtADIAMwAxADIAMwA3ADUAOQAyADkANQA5ADgAMwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2249	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f81016c8-4994-4b47-ad68-ccddbe58b02a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADEANQAuADQANwAtADIAMwAxADIAMwA3ADUAOQAyADkANQA5ADgAMwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2248	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f81016c8-4994-4b47-ad68-ccddbe58b02a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADEANQAuADQANwAtADIAMwAxADIAMwA3ADUAOQAyADkANQA5ADgAMwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2247	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f81016c8-4994-4b47-ad68-ccddbe58b02a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAA0ADEANQAuADQANwAtADIAMwAxADIAMwA3ADUAOQAyADkANQA5ADgAMwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2246	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=12f7dc2a-842f-4e86-abfb-23c001217192 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAFEAQQBNAFEAQQAxAEEAQwA0AEEATgBBAEEAMwBBAEMAMABBAE0AZwBBAHoAQQBEAEUAQQBNAGcAQQB6AEEARABjAEEATgBRAEEANQBBAEQASQBBAE8AUQBBADEAQQBEAGsAQQBPAEEAQQB6AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=113d353a-fd3c-49d6-be48-20753d0d84ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2245	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2b5ce595-7a02-4c83-921e-7dc1e0c45e31 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADQAMQA1AC4ANAA3AC0AMgAzADEAMgAzADcANQA5ADIAOQA1ADkAOAAzADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=637383f1-c488-4636-b7af-0d25c4ba98e3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2244	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2b5ce595-7a02-4c83-921e-7dc1e0c45e31 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADQAMQA1AC4ANAA3AC0AMgAzADEAMgAzADcANQA5ADIAOQA1ADkAOAAzADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=637383f1-c488-4636-b7af-0d25c4ba98e3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2243	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2b5ce595-7a02-4c83-921e-7dc1e0c45e31 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADQAMQA1AC4ANAA3AC0AMgAzADEAMgAzADcANQA5ADIAOQA1ADkAOAAzADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2242	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2b5ce595-7a02-4c83-921e-7dc1e0c45e31 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADQAMQA1AC4ANAA3AC0AMgAzADEAMgAzADcANQA5ADIAOQA1ADkAOAAzADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2241	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2b5ce595-7a02-4c83-921e-7dc1e0c45e31 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADQAMQA1AC4ANAA3AC0AMgAzADEAMgAzADcANQA5ADIAOQA1ADkAOAAzADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2240	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2b5ce595-7a02-4c83-921e-7dc1e0c45e31 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADQAMQA1AC4ANAA3AC0AMgAzADEAMgAzADcANQA5ADIAOQA1ADkAOAAzADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2239	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2b5ce595-7a02-4c83-921e-7dc1e0c45e31 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADQAMQA1AC4ANAA3AC0AMgAzADEAMgAzADcANQA5ADIAOQA1ADkAOAAzADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2238	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2b5ce595-7a02-4c83-921e-7dc1e0c45e31 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADQAMQA1AC4ANAA3AC0AMgAzADEAMgAzADcANQA5ADIAOQA1ADkAOAAzADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2237	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=12f7dc2a-842f-4e86-abfb-23c001217192 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAFEAQQBNAFEAQQAxAEEAQwA0AEEATgBBAEEAMwBBAEMAMABBAE0AZwBBAHoAQQBEAEUAQQBNAGcAQQB6AEEARABjAEEATgBRAEEANQBBAEQASQBBAE8AUQBBADEAQQBEAGsAQQBPAEEAQQB6AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=113d353a-fd3c-49d6-be48-20753d0d84ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2236	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=12f7dc2a-842f-4e86-abfb-23c001217192 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAFEAQQBNAFEAQQAxAEEAQwA0AEEATgBBAEEAMwBBAEMAMABBAE0AZwBBAHoAQQBEAEUAQQBNAGcAQQB6AEEARABjAEEATgBRAEEANQBBAEQASQBBAE8AUQBBADEAQQBEAGsAQQBPAEEAQQB6AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2235	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=12f7dc2a-842f-4e86-abfb-23c001217192 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAFEAQQBNAFEAQQAxAEEAQwA0AEEATgBBAEEAMwBBAEMAMABBAE0AZwBBAHoAQQBEAEUAQQBNAGcAQQB6AEEARABjAEEATgBRAEEANQBBAEQASQBBAE8AUQBBADEAQQBEAGsAQQBPAEEAQQB6AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2234	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=12f7dc2a-842f-4e86-abfb-23c001217192 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAFEAQQBNAFEAQQAxAEEAQwA0AEEATgBBAEEAMwBBAEMAMABBAE0AZwBBAHoAQQBEAEUAQQBNAGcAQQB6AEEARABjAEEATgBRAEEANQBBAEQASQBBAE8AUQBBADEAQQBEAGsAQQBPAEEAQQB6AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2233	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=12f7dc2a-842f-4e86-abfb-23c001217192 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAFEAQQBNAFEAQQAxAEEAQwA0AEEATgBBAEEAMwBBAEMAMABBAE0AZwBBAHoAQQBEAEUAQQBNAGcAQQB6AEEARABjAEEATgBRAEEANQBBAEQASQBBAE8AUQBBADEAQQBEAGsAQQBPAEEAQQB6AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2232	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=12f7dc2a-842f-4e86-abfb-23c001217192 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAFEAQQBNAFEAQQAxAEEAQwA0AEEATgBBAEEAMwBBAEMAMABBAE0AZwBBAHoAQQBEAEUAQQBNAGcAQQB6AEEARABjAEEATgBRAEEANQBBAEQASQBBAE8AUQBBADEAQQBEAGsAQQBPAEEAQQB6AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2231	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=12f7dc2a-842f-4e86-abfb-23c001217192 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAFEAQQBNAFEAQQAxAEEAQwA0AEEATgBBAEEAMwBBAEMAMABBAE0AZwBBAHoAQQBEAEUAQQBNAGcAQQB6AEEARABjAEEATgBRAEEANQBBAEQASQBBAE8AUQBBADEAQQBEAGsAQQBPAEEAQQB6AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2230	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8596501d-7ba2-4c3b-972d-a34dff9bd6c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d47eb5d2-96b0-4afb-90ec-291deb4d8336 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2229	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=625f2a0d-7608-4bbd-b39a-1e85622d6102 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5e17e0d4-6997-45de-8d7f-6e4fe0fa98e2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2228	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=625f2a0d-7608-4bbd-b39a-1e85622d6102 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2227	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=625f2a0d-7608-4bbd-b39a-1e85622d6102 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2226	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=625f2a0d-7608-4bbd-b39a-1e85622d6102 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2225	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=625f2a0d-7608-4bbd-b39a-1e85622d6102 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2224	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=625f2a0d-7608-4bbd-b39a-1e85622d6102 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2223	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=625f2a0d-7608-4bbd-b39a-1e85622d6102 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2222	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=625f2a0d-7608-4bbd-b39a-1e85622d6102 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2221	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=625f2a0d-7608-4bbd-b39a-1e85622d6102 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2220	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8596501d-7ba2-4c3b-972d-a34dff9bd6c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d47eb5d2-96b0-4afb-90ec-291deb4d8336 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2219	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8596501d-7ba2-4c3b-972d-a34dff9bd6c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2218	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8596501d-7ba2-4c3b-972d-a34dff9bd6c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2217	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8596501d-7ba2-4c3b-972d-a34dff9bd6c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2216	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8596501d-7ba2-4c3b-972d-a34dff9bd6c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2215	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8596501d-7ba2-4c3b-972d-a34dff9bd6c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2214	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8596501d-7ba2-4c3b-972d-a34dff9bd6c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2213	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6032a9c1-a956-4ee3-8b62-4c08fbef8604 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2ec44ef2-e42f-43ba-91d4-b5baace524ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2212	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=43798beb-3be2-4a05-92c8-e7b7d2f5b4fa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion=5.1.14393.1944 RunspaceId=79668b46-3e47-41a1-b0f8-dd7628844403 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2211	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=43798beb-3be2-4a05-92c8-e7b7d2f5b4fa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion=5.1.14393.1944 RunspaceId=79668b46-3e47-41a1-b0f8-dd7628844403 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2210	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=43798beb-3be2-4a05-92c8-e7b7d2f5b4fa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2209	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=43798beb-3be2-4a05-92c8-e7b7d2f5b4fa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2208	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=43798beb-3be2-4a05-92c8-e7b7d2f5b4fa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2207	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=43798beb-3be2-4a05-92c8-e7b7d2f5b4fa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2206	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=43798beb-3be2-4a05-92c8-e7b7d2f5b4fa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2205	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=43798beb-3be2-4a05-92c8-e7b7d2f5b4fa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2204	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=6c3b964f-e512-4ce1-a751-3d2999112ad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=bb2d39ba-fa1d-44d7-a865-9b8a32f169c4 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2203	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6c3b964f-e512-4ce1-a751-3d2999112ad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=bb2d39ba-fa1d-44d7-a865-9b8a32f169c4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2202	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6c3b964f-e512-4ce1-a751-3d2999112ad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2201	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6c3b964f-e512-4ce1-a751-3d2999112ad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2200	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6c3b964f-e512-4ce1-a751-3d2999112ad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2199	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6c3b964f-e512-4ce1-a751-3d2999112ad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2198	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6c3b964f-e512-4ce1-a751-3d2999112ad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2197	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6c3b964f-e512-4ce1-a751-3d2999112ad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2196	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6c3b964f-e512-4ce1-a751-3d2999112ad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2195	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6c3b964f-e512-4ce1-a751-3d2999112ad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2194	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6032a9c1-a956-4ee3-8b62-4c08fbef8604 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2ec44ef2-e42f-43ba-91d4-b5baace524ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2193	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6032a9c1-a956-4ee3-8b62-4c08fbef8604 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2192	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6032a9c1-a956-4ee3-8b62-4c08fbef8604 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2191	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6032a9c1-a956-4ee3-8b62-4c08fbef8604 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2190	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6032a9c1-a956-4ee3-8b62-4c08fbef8604 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2189	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6032a9c1-a956-4ee3-8b62-4c08fbef8604 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2188	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6032a9c1-a956-4ee3-8b62-4c08fbef8604 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2187	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bc227473-2daa-4adc-829d-76f34ab88ba4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fd285449-823d-4287-98f0-77e83c4062cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2186	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:33:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cccca40f-0445-4ef4-83b5-c412982edc48 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c4d08787-e594-4050-814e-0d917873071a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2185	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cccca40f-0445-4ef4-83b5-c412982edc48 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2184	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cccca40f-0445-4ef4-83b5-c412982edc48 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2183	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cccca40f-0445-4ef4-83b5-c412982edc48 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2182	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cccca40f-0445-4ef4-83b5-c412982edc48 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2181	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cccca40f-0445-4ef4-83b5-c412982edc48 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2180	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cccca40f-0445-4ef4-83b5-c412982edc48 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2179	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cccca40f-0445-4ef4-83b5-c412982edc48 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2178	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cccca40f-0445-4ef4-83b5-c412982edc48 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2177	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bc227473-2daa-4adc-829d-76f34ab88ba4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fd285449-823d-4287-98f0-77e83c4062cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2176	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bc227473-2daa-4adc-829d-76f34ab88ba4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2175	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bc227473-2daa-4adc-829d-76f34ab88ba4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2174	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bc227473-2daa-4adc-829d-76f34ab88ba4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2173	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bc227473-2daa-4adc-829d-76f34ab88ba4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2172	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bc227473-2daa-4adc-829d-76f34ab88ba4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2171	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bc227473-2daa-4adc-829d-76f34ab88ba4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2170	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef9a2cff-5f91-49be-8cc1-0ce1115e46c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ae34707a-45cc-40a6-95af-bc68de297a12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2169	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f753de7-0bb6-44bf-8af0-80bc3f5c10af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion=5.1.14393.1944 RunspaceId=8b5c1b2a-713a-4843-a81c-7da6c2637eb0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2168	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f753de7-0bb6-44bf-8af0-80bc3f5c10af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion=5.1.14393.1944 RunspaceId=8b5c1b2a-713a-4843-a81c-7da6c2637eb0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2167	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f753de7-0bb6-44bf-8af0-80bc3f5c10af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2166	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f753de7-0bb6-44bf-8af0-80bc3f5c10af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2165	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f753de7-0bb6-44bf-8af0-80bc3f5c10af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2164	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f753de7-0bb6-44bf-8af0-80bc3f5c10af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2163	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f753de7-0bb6-44bf-8af0-80bc3f5c10af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2162	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f753de7-0bb6-44bf-8af0-80bc3f5c10af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2161	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=69ad68d8-4b9e-4507-821e-849bfbf8490c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7ffa266b-5f41-45b2-aff8-4964dfa4ac12 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2160	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=69ad68d8-4b9e-4507-821e-849bfbf8490c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7ffa266b-5f41-45b2-aff8-4964dfa4ac12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2159	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=69ad68d8-4b9e-4507-821e-849bfbf8490c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2158	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=69ad68d8-4b9e-4507-821e-849bfbf8490c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2157	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=69ad68d8-4b9e-4507-821e-849bfbf8490c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2156	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=69ad68d8-4b9e-4507-821e-849bfbf8490c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2155	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=69ad68d8-4b9e-4507-821e-849bfbf8490c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2154	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=69ad68d8-4b9e-4507-821e-849bfbf8490c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2153	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=69ad68d8-4b9e-4507-821e-849bfbf8490c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2152	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=69ad68d8-4b9e-4507-821e-849bfbf8490c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2151	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef9a2cff-5f91-49be-8cc1-0ce1115e46c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ae34707a-45cc-40a6-95af-bc68de297a12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2150	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef9a2cff-5f91-49be-8cc1-0ce1115e46c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2149	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef9a2cff-5f91-49be-8cc1-0ce1115e46c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2148	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef9a2cff-5f91-49be-8cc1-0ce1115e46c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2147	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef9a2cff-5f91-49be-8cc1-0ce1115e46c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2146	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef9a2cff-5f91-49be-8cc1-0ce1115e46c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2145	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef9a2cff-5f91-49be-8cc1-0ce1115e46c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2144	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fe1f705b-f360-4a83-9913-4db9b35eead6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB6AEEARABjAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBAHQAQQBEAEUAQQBNAFEAQQAzAEEARABBAEEATgBBAEEAMABBAEQASQBBAE8AUQBBADMAQQBEAEkAQQBOAFEAQQB5AEEARABVAEEATgBnAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=19e92337-7285-4d3f-b26b-21dcf47560e8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2143	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25128470-0539-43c5-a47a-7a16f0116846 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAzADcAMQAuADIAMwAtADEAMQA3ADAANAA0ADIAOQA3ADIANQAyADUANgAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=d6595d33-e77d-4eb5-810f-15b405fec5cd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2142	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25128470-0539-43c5-a47a-7a16f0116846 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAzADcAMQAuADIAMwAtADEAMQA3ADAANAA0ADIAOQA3ADIANQAyADUANgAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=d6595d33-e77d-4eb5-810f-15b405fec5cd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2141	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25128470-0539-43c5-a47a-7a16f0116846 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAzADcAMQAuADIAMwAtADEAMQA3ADAANAA0ADIAOQA3ADIANQAyADUANgAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2140	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25128470-0539-43c5-a47a-7a16f0116846 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAzADcAMQAuADIAMwAtADEAMQA3ADAANAA0ADIAOQA3ADIANQAyADUANgAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2139	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25128470-0539-43c5-a47a-7a16f0116846 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAzADcAMQAuADIAMwAtADEAMQA3ADAANAA0ADIAOQA3ADIANQAyADUANgAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2138	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25128470-0539-43c5-a47a-7a16f0116846 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAzADcAMQAuADIAMwAtADEAMQA3ADAANAA0ADIAOQA3ADIANQAyADUANgAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2137	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25128470-0539-43c5-a47a-7a16f0116846 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAzADcAMQAuADIAMwAtADEAMQA3ADAANAA0ADIAOQA3ADIANQAyADUANgAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2136	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25128470-0539-43c5-a47a-7a16f0116846 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAzADcAMQAuADIAMwAtADEAMQA3ADAANAA0ADIAOQA3ADIANQAyADUANgAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2135	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fe1f705b-f360-4a83-9913-4db9b35eead6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB6AEEARABjAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBAHQAQQBEAEUAQQBNAFEAQQAzAEEARABBAEEATgBBAEEAMABBAEQASQBBAE8AUQBBADMAQQBEAEkAQQBOAFEAQQB5AEEARABVAEEATgBnAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=19e92337-7285-4d3f-b26b-21dcf47560e8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2134	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fe1f705b-f360-4a83-9913-4db9b35eead6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB6AEEARABjAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBAHQAQQBEAEUAQQBNAFEAQQAzAEEARABBAEEATgBBAEEAMABBAEQASQBBAE8AUQBBADMAQQBEAEkAQQBOAFEAQQB5AEEARABVAEEATgBnAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2133	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fe1f705b-f360-4a83-9913-4db9b35eead6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB6AEEARABjAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBAHQAQQBEAEUAQQBNAFEAQQAzAEEARABBAEEATgBBAEEAMABBAEQASQBBAE8AUQBBADMAQQBEAEkAQQBOAFEAQQB5AEEARABVAEEATgBnAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2132	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fe1f705b-f360-4a83-9913-4db9b35eead6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB6AEEARABjAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBAHQAQQBEAEUAQQBNAFEAQQAzAEEARABBAEEATgBBAEEAMABBAEQASQBBAE8AUQBBADMAQQBEAEkAQQBOAFEAQQB5AEEARABVAEEATgBnAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2131	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fe1f705b-f360-4a83-9913-4db9b35eead6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB6AEEARABjAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBAHQAQQBEAEUAQQBNAFEAQQAzAEEARABBAEEATgBBAEEAMABBAEQASQBBAE8AUQBBADMAQQBEAEkAQQBOAFEAQQB5AEEARABVAEEATgBnAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2130	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fe1f705b-f360-4a83-9913-4db9b35eead6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB6AEEARABjAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBAHQAQQBEAEUAQQBNAFEAQQAzAEEARABBAEEATgBBAEEAMABBAEQASQBBAE8AUQBBADMAQQBEAEkAQQBOAFEAQQB5AEEARABVAEEATgBnAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2129	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fe1f705b-f360-4a83-9913-4db9b35eead6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB6AEEARABjAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBAHQAQQBEAEUAQQBNAFEAQQAzAEEARABBAEEATgBBAEEAMABBAEQASQBBAE8AUQBBADMAQQBEAEkAQQBOAFEAQQB5AEEARABVAEEATgBnAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2128	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=887ceb42-75f0-4ca9-b505-7cc7cf2fd100 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1f306ba4-ff58-4caa-bf1d-74b82e6d142f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2127	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=89f77a65-839c-4b9f-baa5-abed347318be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5c3094da-fa2d-4ebd-95a1-08c71fb32435 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2126	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=89f77a65-839c-4b9f-baa5-abed347318be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2125	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=89f77a65-839c-4b9f-baa5-abed347318be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2124	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=89f77a65-839c-4b9f-baa5-abed347318be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2123	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=89f77a65-839c-4b9f-baa5-abed347318be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2122	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=89f77a65-839c-4b9f-baa5-abed347318be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2121	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=89f77a65-839c-4b9f-baa5-abed347318be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2120	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=89f77a65-839c-4b9f-baa5-abed347318be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2119	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=89f77a65-839c-4b9f-baa5-abed347318be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2118	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=887ceb42-75f0-4ca9-b505-7cc7cf2fd100 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1f306ba4-ff58-4caa-bf1d-74b82e6d142f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2117	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=887ceb42-75f0-4ca9-b505-7cc7cf2fd100 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2116	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=887ceb42-75f0-4ca9-b505-7cc7cf2fd100 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2115	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=887ceb42-75f0-4ca9-b505-7cc7cf2fd100 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2114	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=887ceb42-75f0-4ca9-b505-7cc7cf2fd100 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2113	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=887ceb42-75f0-4ca9-b505-7cc7cf2fd100 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2112	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=887ceb42-75f0-4ca9-b505-7cc7cf2fd100 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2111	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cfc7996-5607-498a-8f99-7b0a6c9ad2ec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAzADcAMQAuADIAMwAtADEAMQA3ADAANAA0ADIAOQA3ADIANQAyADUANgAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=0fa3d9eb-c6db-4876-9ead-e6e3c2a9e76b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2110	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cfc7996-5607-498a-8f99-7b0a6c9ad2ec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAzADcAMQAuADIAMwAtADEAMQA3ADAANAA0ADIAOQA3ADIANQAyADUANgAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=0fa3d9eb-c6db-4876-9ead-e6e3c2a9e76b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2109	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cfc7996-5607-498a-8f99-7b0a6c9ad2ec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAzADcAMQAuADIAMwAtADEAMQA3ADAANAA0ADIAOQA3ADIANQAyADUANgAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2108	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cfc7996-5607-498a-8f99-7b0a6c9ad2ec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAzADcAMQAuADIAMwAtADEAMQA3ADAANAA0ADIAOQA3ADIANQAyADUANgAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2107	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cfc7996-5607-498a-8f99-7b0a6c9ad2ec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAzADcAMQAuADIAMwAtADEAMQA3ADAANAA0ADIAOQA3ADIANQAyADUANgAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2106	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cfc7996-5607-498a-8f99-7b0a6c9ad2ec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAzADcAMQAuADIAMwAtADEAMQA3ADAANAA0ADIAOQA3ADIANQAyADUANgAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2105	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cfc7996-5607-498a-8f99-7b0a6c9ad2ec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAzADcAMQAuADIAMwAtADEAMQA3ADAANAA0ADIAOQA3ADIANQAyADUANgAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2104	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cfc7996-5607-498a-8f99-7b0a6c9ad2ec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAzADcAMQAuADIAMwAtADEAMQA3ADAANAA0ADIAOQA3ADIANQAyADUANgAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2103	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ae9041e5-6302-4ba9-921e-a23b0c0094f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAE0AQQBOAHcAQQB4AEEAQwA0AEEATQBnAEEAegBBAEMAMABBAE0AUQBBAHgAQQBEAGMAQQBNAEEAQQAwAEEARABRAEEATQBnAEEANQBBAEQAYwBBAE0AZwBBADEAQQBEAEkAQQBOAFEAQQAyAEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=27da4020-8f8c-467e-a91b-c0f2acade191 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2102	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=672648f6-93af-4cc4-8761-7d134daa006c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADMANwAxAC4AMgAzAC0AMQAxADcAMAA0ADQAMgA5ADcAMgA1ADIANQA2ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=2fa7c439-16b5-4782-9c88-b2e9c2582c71 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2101	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=672648f6-93af-4cc4-8761-7d134daa006c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADMANwAxAC4AMgAzAC0AMQAxADcAMAA0ADQAMgA5ADcAMgA1ADIANQA2ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=2fa7c439-16b5-4782-9c88-b2e9c2582c71 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2100	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=672648f6-93af-4cc4-8761-7d134daa006c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADMANwAxAC4AMgAzAC0AMQAxADcAMAA0ADQAMgA5ADcAMgA1ADIANQA2ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2099	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=672648f6-93af-4cc4-8761-7d134daa006c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADMANwAxAC4AMgAzAC0AMQAxADcAMAA0ADQAMgA5ADcAMgA1ADIANQA2ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2098	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=672648f6-93af-4cc4-8761-7d134daa006c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADMANwAxAC4AMgAzAC0AMQAxADcAMAA0ADQAMgA5ADcAMgA1ADIANQA2ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2097	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=672648f6-93af-4cc4-8761-7d134daa006c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADMANwAxAC4AMgAzAC0AMQAxADcAMAA0ADQAMgA5ADcAMgA1ADIANQA2ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2096	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=672648f6-93af-4cc4-8761-7d134daa006c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADMANwAxAC4AMgAzAC0AMQAxADcAMAA0ADQAMgA5ADcAMgA1ADIANQA2ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2095	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=672648f6-93af-4cc4-8761-7d134daa006c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADMANwAxAC4AMgAzAC0AMQAxADcAMAA0ADQAMgA5ADcAMgA1ADIANQA2ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2094	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ae9041e5-6302-4ba9-921e-a23b0c0094f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAE0AQQBOAHcAQQB4AEEAQwA0AEEATQBnAEEAegBBAEMAMABBAE0AUQBBAHgAQQBEAGMAQQBNAEEAQQAwAEEARABRAEEATQBnAEEANQBBAEQAYwBBAE0AZwBBADEAQQBEAEkAQQBOAFEAQQAyAEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=27da4020-8f8c-467e-a91b-c0f2acade191 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2093	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ae9041e5-6302-4ba9-921e-a23b0c0094f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAE0AQQBOAHcAQQB4AEEAQwA0AEEATQBnAEEAegBBAEMAMABBAE0AUQBBAHgAQQBEAGMAQQBNAEEAQQAwAEEARABRAEEATQBnAEEANQBBAEQAYwBBAE0AZwBBADEAQQBEAEkAQQBOAFEAQQAyAEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2092	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ae9041e5-6302-4ba9-921e-a23b0c0094f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAE0AQQBOAHcAQQB4AEEAQwA0AEEATQBnAEEAegBBAEMAMABBAE0AUQBBAHgAQQBEAGMAQQBNAEEAQQAwAEEARABRAEEATQBnAEEANQBBAEQAYwBBAE0AZwBBADEAQQBEAEkAQQBOAFEAQQAyAEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2091	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ae9041e5-6302-4ba9-921e-a23b0c0094f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAE0AQQBOAHcAQQB4AEEAQwA0AEEATQBnAEEAegBBAEMAMABBAE0AUQBBAHgAQQBEAGMAQQBNAEEAQQAwAEEARABRAEEATQBnAEEANQBBAEQAYwBBAE0AZwBBADEAQQBEAEkAQQBOAFEAQQAyAEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2090	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ae9041e5-6302-4ba9-921e-a23b0c0094f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAE0AQQBOAHcAQQB4AEEAQwA0AEEATQBnAEEAegBBAEMAMABBAE0AUQBBAHgAQQBEAGMAQQBNAEEAQQAwAEEARABRAEEATQBnAEEANQBBAEQAYwBBAE0AZwBBADEAQQBEAEkAQQBOAFEAQQAyAEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2089	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ae9041e5-6302-4ba9-921e-a23b0c0094f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAE0AQQBOAHcAQQB4AEEAQwA0AEEATQBnAEEAegBBAEMAMABBAE0AUQBBAHgAQQBEAGMAQQBNAEEAQQAwAEEARABRAEEATQBnAEEANQBBAEQAYwBBAE0AZwBBADEAQQBEAEkAQQBOAFEAQQAyAEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2088	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ae9041e5-6302-4ba9-921e-a23b0c0094f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAE0AQQBOAHcAQQB4AEEAQwA0AEEATQBnAEEAegBBAEMAMABBAE0AUQBBAHgAQQBEAGMAQQBNAEEAQQAwAEEARABRAEEATQBnAEEANQBBAEQAYwBBAE0AZwBBADEAQQBEAEkAQQBOAFEAQQAyAEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2087	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0763022c-5498-470a-8461-b5d23b1aa6e6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=61c3574a-ecf7-447c-a909-141c0edcbd67 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2086	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=08d450f3-400b-437e-b11c-ca6e60847504 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5c40eba3-2304-4d72-8a91-2a1eddf03109 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2085	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=08d450f3-400b-437e-b11c-ca6e60847504 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2084	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=08d450f3-400b-437e-b11c-ca6e60847504 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2083	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=08d450f3-400b-437e-b11c-ca6e60847504 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2082	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=08d450f3-400b-437e-b11c-ca6e60847504 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2081	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=08d450f3-400b-437e-b11c-ca6e60847504 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2080	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=08d450f3-400b-437e-b11c-ca6e60847504 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2079	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=08d450f3-400b-437e-b11c-ca6e60847504 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2078	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=08d450f3-400b-437e-b11c-ca6e60847504 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2077	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0763022c-5498-470a-8461-b5d23b1aa6e6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=61c3574a-ecf7-447c-a909-141c0edcbd67 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2076	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0763022c-5498-470a-8461-b5d23b1aa6e6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2075	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0763022c-5498-470a-8461-b5d23b1aa6e6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2074	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0763022c-5498-470a-8461-b5d23b1aa6e6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2073	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0763022c-5498-470a-8461-b5d23b1aa6e6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2072	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0763022c-5498-470a-8461-b5d23b1aa6e6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2071	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0763022c-5498-470a-8461-b5d23b1aa6e6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2070	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53bf1570-42d9-46ff-868a-d9f4f15af9a3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ed517f3b-f312-4f5c-9d14-a5f793efcd70 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2069	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=546dcd19-6090-4c24-b122-c0b3e18efbbe HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion=5.1.14393.1944 RunspaceId=a4c9ca48-e5d2-4e87-858b-93dd74c19ce1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2068	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:32:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=546dcd19-6090-4c24-b122-c0b3e18efbbe HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion=5.1.14393.1944 RunspaceId=a4c9ca48-e5d2-4e87-858b-93dd74c19ce1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2067	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=546dcd19-6090-4c24-b122-c0b3e18efbbe HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2066	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=546dcd19-6090-4c24-b122-c0b3e18efbbe HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2065	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=546dcd19-6090-4c24-b122-c0b3e18efbbe HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2064	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=546dcd19-6090-4c24-b122-c0b3e18efbbe HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2063	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=546dcd19-6090-4c24-b122-c0b3e18efbbe HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2062	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=546dcd19-6090-4c24-b122-c0b3e18efbbe HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2061	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=749d1237-f1ae-4a0a-806f-6a1eb8ae2784 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f931f9af-5eef-4c6b-b06c-29868a479d6f PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2060	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=749d1237-f1ae-4a0a-806f-6a1eb8ae2784 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f931f9af-5eef-4c6b-b06c-29868a479d6f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2059	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=749d1237-f1ae-4a0a-806f-6a1eb8ae2784 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2058	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=749d1237-f1ae-4a0a-806f-6a1eb8ae2784 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2057	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=749d1237-f1ae-4a0a-806f-6a1eb8ae2784 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2056	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=749d1237-f1ae-4a0a-806f-6a1eb8ae2784 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2055	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=749d1237-f1ae-4a0a-806f-6a1eb8ae2784 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2054	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=749d1237-f1ae-4a0a-806f-6a1eb8ae2784 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2053	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=749d1237-f1ae-4a0a-806f-6a1eb8ae2784 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2052	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=749d1237-f1ae-4a0a-806f-6a1eb8ae2784 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2051	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53bf1570-42d9-46ff-868a-d9f4f15af9a3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ed517f3b-f312-4f5c-9d14-a5f793efcd70 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2050	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53bf1570-42d9-46ff-868a-d9f4f15af9a3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2049	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53bf1570-42d9-46ff-868a-d9f4f15af9a3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2048	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53bf1570-42d9-46ff-868a-d9f4f15af9a3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2047	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53bf1570-42d9-46ff-868a-d9f4f15af9a3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2046	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53bf1570-42d9-46ff-868a-d9f4f15af9a3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2045	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53bf1570-42d9-46ff-868a-d9f4f15af9a3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2044	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=18695d29-36c1-4e1f-a3b0-f439abc57fe6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c5a2c154-ba90-414e-9675-71b24e63fb89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2043	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=94638430-ba14-4f8f-9563-5906cc51a44b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4dd36d6d-a080-4bec-8f34-c6ed0d3f665f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2042	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=94638430-ba14-4f8f-9563-5906cc51a44b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2041	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=94638430-ba14-4f8f-9563-5906cc51a44b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2040	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=94638430-ba14-4f8f-9563-5906cc51a44b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2039	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=94638430-ba14-4f8f-9563-5906cc51a44b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2038	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=94638430-ba14-4f8f-9563-5906cc51a44b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2037	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=94638430-ba14-4f8f-9563-5906cc51a44b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2036	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=94638430-ba14-4f8f-9563-5906cc51a44b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2035	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=94638430-ba14-4f8f-9563-5906cc51a44b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2034	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=18695d29-36c1-4e1f-a3b0-f439abc57fe6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c5a2c154-ba90-414e-9675-71b24e63fb89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2033	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=18695d29-36c1-4e1f-a3b0-f439abc57fe6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2032	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=18695d29-36c1-4e1f-a3b0-f439abc57fe6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2031	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=18695d29-36c1-4e1f-a3b0-f439abc57fe6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2030	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=18695d29-36c1-4e1f-a3b0-f439abc57fe6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2029	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=18695d29-36c1-4e1f-a3b0-f439abc57fe6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2028	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=18695d29-36c1-4e1f-a3b0-f439abc57fe6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2027	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=31819b47-a709-49d1-9606-1f620ac31653 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d06b2da9-c26a-455a-a961-976ca30b0d81 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2026	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=df00b4c0-9274-4067-89cf-3ff3895e178f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion=5.1.14393.1944 RunspaceId=645a018f-55f5-4cf0-b660-daaa33eb50f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2025	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=df00b4c0-9274-4067-89cf-3ff3895e178f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion=5.1.14393.1944 RunspaceId=645a018f-55f5-4cf0-b660-daaa33eb50f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2024	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=df00b4c0-9274-4067-89cf-3ff3895e178f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2023	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=df00b4c0-9274-4067-89cf-3ff3895e178f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2022	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=df00b4c0-9274-4067-89cf-3ff3895e178f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2021	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=df00b4c0-9274-4067-89cf-3ff3895e178f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2020	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=df00b4c0-9274-4067-89cf-3ff3895e178f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2019	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=df00b4c0-9274-4067-89cf-3ff3895e178f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2018	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=1e49de51-78df-45af-b8eb-412be7d3e8b9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=48af9a49-e37e-4923-9a50-c05d9684a280 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2017	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1e49de51-78df-45af-b8eb-412be7d3e8b9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=48af9a49-e37e-4923-9a50-c05d9684a280 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2016	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1e49de51-78df-45af-b8eb-412be7d3e8b9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2015	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1e49de51-78df-45af-b8eb-412be7d3e8b9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2014	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1e49de51-78df-45af-b8eb-412be7d3e8b9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2013	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1e49de51-78df-45af-b8eb-412be7d3e8b9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2012	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1e49de51-78df-45af-b8eb-412be7d3e8b9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2011	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1e49de51-78df-45af-b8eb-412be7d3e8b9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2010	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1e49de51-78df-45af-b8eb-412be7d3e8b9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2009	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1e49de51-78df-45af-b8eb-412be7d3e8b9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2008	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=31819b47-a709-49d1-9606-1f620ac31653 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d06b2da9-c26a-455a-a961-976ca30b0d81 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2007	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=31819b47-a709-49d1-9606-1f620ac31653 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2006	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=31819b47-a709-49d1-9606-1f620ac31653 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2005	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=31819b47-a709-49d1-9606-1f620ac31653 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2004	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=31819b47-a709-49d1-9606-1f620ac31653 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2003	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=31819b47-a709-49d1-9606-1f620ac31653 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2002	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=31819b47-a709-49d1-9606-1f620ac31653 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2001	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0e4983f7-9598-4bfa-88fb-18cdcfa68397 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB5AEEARABZAEEATgBBAEEAdQBBAEQAQQBBAE8AUQBBAHQAQQBEAEUAQQBPAFEAQQAwAEEARABrAEEATQB3AEEAeABBAEQAZwBBAE4AUQBBAHcAQQBEAGcAQQBNAGcAQQAxAEEARABVAEEATQBnAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=dadd8d3c-da18-456c-a370-87dd1683d74d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2000	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0356a5ff-4b7b-42a0-b9ec-507b8d67c664 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAyADYANAAuADAAOQAtADEAOQA0ADkAMwAxADgANQAwADgAMgA1ADUAMgAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=a6a07366-4235-4549-8451-2acf2ea502db PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1999	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0356a5ff-4b7b-42a0-b9ec-507b8d67c664 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAyADYANAAuADAAOQAtADEAOQA0ADkAMwAxADgANQAwADgAMgA1ADUAMgAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=a6a07366-4235-4549-8451-2acf2ea502db PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1998	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0356a5ff-4b7b-42a0-b9ec-507b8d67c664 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAyADYANAAuADAAOQAtADEAOQA0ADkAMwAxADgANQAwADgAMgA1ADUAMgAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1997	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0356a5ff-4b7b-42a0-b9ec-507b8d67c664 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAyADYANAAuADAAOQAtADEAOQA0ADkAMwAxADgANQAwADgAMgA1ADUAMgAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1996	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0356a5ff-4b7b-42a0-b9ec-507b8d67c664 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAyADYANAAuADAAOQAtADEAOQA0ADkAMwAxADgANQAwADgAMgA1ADUAMgAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1995	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0356a5ff-4b7b-42a0-b9ec-507b8d67c664 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAyADYANAAuADAAOQAtADEAOQA0ADkAMwAxADgANQAwADgAMgA1ADUAMgAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1994	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0356a5ff-4b7b-42a0-b9ec-507b8d67c664 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAyADYANAAuADAAOQAtADEAOQA0ADkAMwAxADgANQAwADgAMgA1ADUAMgAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1993	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0356a5ff-4b7b-42a0-b9ec-507b8d67c664 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAyADYANAAuADAAOQAtADEAOQA0ADkAMwAxADgANQAwADgAMgA1ADUAMgAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1992	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0e4983f7-9598-4bfa-88fb-18cdcfa68397 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB5AEEARABZAEEATgBBAEEAdQBBAEQAQQBBAE8AUQBBAHQAQQBEAEUAQQBPAFEAQQAwAEEARABrAEEATQB3AEEAeABBAEQAZwBBAE4AUQBBAHcAQQBEAGcAQQBNAGcAQQAxAEEARABVAEEATQBnAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=dadd8d3c-da18-456c-a370-87dd1683d74d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1991	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0e4983f7-9598-4bfa-88fb-18cdcfa68397 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB5AEEARABZAEEATgBBAEEAdQBBAEQAQQBBAE8AUQBBAHQAQQBEAEUAQQBPAFEAQQAwAEEARABrAEEATQB3AEEAeABBAEQAZwBBAE4AUQBBAHcAQQBEAGcAQQBNAGcAQQAxAEEARABVAEEATQBnAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1990	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0e4983f7-9598-4bfa-88fb-18cdcfa68397 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB5AEEARABZAEEATgBBAEEAdQBBAEQAQQBBAE8AUQBBAHQAQQBEAEUAQQBPAFEAQQAwAEEARABrAEEATQB3AEEAeABBAEQAZwBBAE4AUQBBAHcAQQBEAGcAQQBNAGcAQQAxAEEARABVAEEATQBnAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1989	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0e4983f7-9598-4bfa-88fb-18cdcfa68397 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB5AEEARABZAEEATgBBAEEAdQBBAEQAQQBBAE8AUQBBAHQAQQBEAEUAQQBPAFEAQQAwAEEARABrAEEATQB3AEEAeABBAEQAZwBBAE4AUQBBAHcAQQBEAGcAQQBNAGcAQQAxAEEARABVAEEATQBnAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1988	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0e4983f7-9598-4bfa-88fb-18cdcfa68397 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB5AEEARABZAEEATgBBAEEAdQBBAEQAQQBBAE8AUQBBAHQAQQBEAEUAQQBPAFEAQQAwAEEARABrAEEATQB3AEEAeABBAEQAZwBBAE4AUQBBAHcAQQBEAGcAQQBNAGcAQQAxAEEARABVAEEATQBnAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1987	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0e4983f7-9598-4bfa-88fb-18cdcfa68397 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB5AEEARABZAEEATgBBAEEAdQBBAEQAQQBBAE8AUQBBAHQAQQBEAEUAQQBPAFEAQQAwAEEARABrAEEATQB3AEEAeABBAEQAZwBBAE4AUQBBAHcAQQBEAGcAQQBNAGcAQQAxAEEARABVAEEATQBnAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1986	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0e4983f7-9598-4bfa-88fb-18cdcfa68397 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB5AEEARABZAEEATgBBAEEAdQBBAEQAQQBBAE8AUQBBAHQAQQBEAEUAQQBPAFEAQQAwAEEARABrAEEATQB3AEEAeABBAEQAZwBBAE4AUQBBAHcAQQBEAGcAQQBNAGcAQQAxAEEARABVAEEATQBnAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1985	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6718761-c969-4eaf-b4da-836ac865e21a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c8a2833a-a276-4466-92be-2311adfeef0c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1984	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7d1b0068-e74b-467a-b54d-18c0dd4055be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a03dcc88-3f23-4e91-adba-cd409e256ac0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1983	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7d1b0068-e74b-467a-b54d-18c0dd4055be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1982	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7d1b0068-e74b-467a-b54d-18c0dd4055be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1981	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7d1b0068-e74b-467a-b54d-18c0dd4055be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1980	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7d1b0068-e74b-467a-b54d-18c0dd4055be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1979	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7d1b0068-e74b-467a-b54d-18c0dd4055be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1978	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7d1b0068-e74b-467a-b54d-18c0dd4055be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1977	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7d1b0068-e74b-467a-b54d-18c0dd4055be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1976	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7d1b0068-e74b-467a-b54d-18c0dd4055be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1975	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6718761-c969-4eaf-b4da-836ac865e21a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c8a2833a-a276-4466-92be-2311adfeef0c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1974	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6718761-c969-4eaf-b4da-836ac865e21a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1973	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6718761-c969-4eaf-b4da-836ac865e21a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1972	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6718761-c969-4eaf-b4da-836ac865e21a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1971	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6718761-c969-4eaf-b4da-836ac865e21a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1970	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6718761-c969-4eaf-b4da-836ac865e21a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1969	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6718761-c969-4eaf-b4da-836ac865e21a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1968	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3546f45c-de52-42be-a0d5-12ddfc8ba74c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAyADYANAAuADAAOQAtADEAOQA0ADkAMwAxADgANQAwADgAMgA1ADUAMgAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=439bb9df-f9e8-432d-b0b4-265349ffedeb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1967	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3546f45c-de52-42be-a0d5-12ddfc8ba74c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAyADYANAAuADAAOQAtADEAOQA0ADkAMwAxADgANQAwADgAMgA1ADUAMgAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=439bb9df-f9e8-432d-b0b4-265349ffedeb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1966	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3546f45c-de52-42be-a0d5-12ddfc8ba74c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAyADYANAAuADAAOQAtADEAOQA0ADkAMwAxADgANQAwADgAMgA1ADUAMgAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1965	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3546f45c-de52-42be-a0d5-12ddfc8ba74c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAyADYANAAuADAAOQAtADEAOQA0ADkAMwAxADgANQAwADgAMgA1ADUAMgAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1964	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3546f45c-de52-42be-a0d5-12ddfc8ba74c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAyADYANAAuADAAOQAtADEAOQA0ADkAMwAxADgANQAwADgAMgA1ADUAMgAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1963	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3546f45c-de52-42be-a0d5-12ddfc8ba74c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAyADYANAAuADAAOQAtADEAOQA0ADkAMwAxADgANQAwADgAMgA1ADUAMgAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1962	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3546f45c-de52-42be-a0d5-12ddfc8ba74c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAyADYANAAuADAAOQAtADEAOQA0ADkAMwAxADgANQAwADgAMgA1ADUAMgAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1961	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3546f45c-de52-42be-a0d5-12ddfc8ba74c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAyADYANAAuADAAOQAtADEAOQA0ADkAMwAxADgANQAwADgAMgA1ADUAMgAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1960	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=59e40ca4-4e0c-4b62-94f3-d00358844c5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAEkAQQBOAGcAQQAwAEEAQwA0AEEATQBBAEEANQBBAEMAMABBAE0AUQBBADUAQQBEAFEAQQBPAFEAQQB6AEEARABFAEEATwBBAEEAMQBBAEQAQQBBAE8AQQBBAHkAQQBEAFUAQQBOAFEAQQB5AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=7b999ac1-07fe-428a-b833-e349f20aae44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1959	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b692dc9-cbd5-4290-b24c-804ee4d2a7de HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADIANgA0AC4AMAA5AC0AMQA5ADQAOQAzADEAOAA1ADAAOAAyADUANQAyADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=2c9ab82c-dde8-4911-a318-d55cf0e38a3f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1958	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b692dc9-cbd5-4290-b24c-804ee4d2a7de HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADIANgA0AC4AMAA5AC0AMQA5ADQAOQAzADEAOAA1ADAAOAAyADUANQAyADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=2c9ab82c-dde8-4911-a318-d55cf0e38a3f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1957	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b692dc9-cbd5-4290-b24c-804ee4d2a7de HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADIANgA0AC4AMAA5AC0AMQA5ADQAOQAzADEAOAA1ADAAOAAyADUANQAyADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1956	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b692dc9-cbd5-4290-b24c-804ee4d2a7de HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADIANgA0AC4AMAA5AC0AMQA5ADQAOQAzADEAOAA1ADAAOAAyADUANQAyADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1955	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b692dc9-cbd5-4290-b24c-804ee4d2a7de HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADIANgA0AC4AMAA5AC0AMQA5ADQAOQAzADEAOAA1ADAAOAAyADUANQAyADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1954	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b692dc9-cbd5-4290-b24c-804ee4d2a7de HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADIANgA0AC4AMAA5AC0AMQA5ADQAOQAzADEAOAA1ADAAOAAyADUANQAyADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1953	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b692dc9-cbd5-4290-b24c-804ee4d2a7de HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADIANgA0AC4AMAA5AC0AMQA5ADQAOQAzADEAOAA1ADAAOAAyADUANQAyADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1952	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b692dc9-cbd5-4290-b24c-804ee4d2a7de HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADIANgA0AC4AMAA5AC0AMQA5ADQAOQAzADEAOAA1ADAAOAAyADUANQAyADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1951	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=59e40ca4-4e0c-4b62-94f3-d00358844c5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAEkAQQBOAGcAQQAwAEEAQwA0AEEATQBBAEEANQBBAEMAMABBAE0AUQBBADUAQQBEAFEAQQBPAFEAQQB6AEEARABFAEEATwBBAEEAMQBBAEQAQQBBAE8AQQBBAHkAQQBEAFUAQQBOAFEAQQB5AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=7b999ac1-07fe-428a-b833-e349f20aae44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1950	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=59e40ca4-4e0c-4b62-94f3-d00358844c5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAEkAQQBOAGcAQQAwAEEAQwA0AEEATQBBAEEANQBBAEMAMABBAE0AUQBBADUAQQBEAFEAQQBPAFEAQQB6AEEARABFAEEATwBBAEEAMQBBAEQAQQBBAE8AQQBBAHkAQQBEAFUAQQBOAFEAQQB5AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1949	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=59e40ca4-4e0c-4b62-94f3-d00358844c5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAEkAQQBOAGcAQQAwAEEAQwA0AEEATQBBAEEANQBBAEMAMABBAE0AUQBBADUAQQBEAFEAQQBPAFEAQQB6AEEARABFAEEATwBBAEEAMQBBAEQAQQBBAE8AQQBBAHkAQQBEAFUAQQBOAFEAQQB5AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1948	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=59e40ca4-4e0c-4b62-94f3-d00358844c5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAEkAQQBOAGcAQQAwAEEAQwA0AEEATQBBAEEANQBBAEMAMABBAE0AUQBBADUAQQBEAFEAQQBPAFEAQQB6AEEARABFAEEATwBBAEEAMQBBAEQAQQBBAE8AQQBBAHkAQQBEAFUAQQBOAFEAQQB5AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1947	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=59e40ca4-4e0c-4b62-94f3-d00358844c5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAEkAQQBOAGcAQQAwAEEAQwA0AEEATQBBAEEANQBBAEMAMABBAE0AUQBBADUAQQBEAFEAQQBPAFEAQQB6AEEARABFAEEATwBBAEEAMQBBAEQAQQBBAE8AQQBBAHkAQQBEAFUAQQBOAFEAQQB5AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1946	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=59e40ca4-4e0c-4b62-94f3-d00358844c5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAEkAQQBOAGcAQQAwAEEAQwA0AEEATQBBAEEANQBBAEMAMABBAE0AUQBBADUAQQBEAFEAQQBPAFEAQQB6AEEARABFAEEATwBBAEEAMQBBAEQAQQBBAE8AQQBBAHkAQQBEAFUAQQBOAFEAQQB5AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1945	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=59e40ca4-4e0c-4b62-94f3-d00358844c5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAEkAQQBOAGcAQQAwAEEAQwA0AEEATQBBAEEANQBBAEMAMABBAE0AUQBBADUAQQBEAFEAQQBPAFEAQQB6AEEARABFAEEATwBBAEEAMQBBAEQAQQBBAE8AQQBBAHkAQQBEAFUAQQBOAFEAQQB5AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1944	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd4bf439-6bf7-4b94-b508-6c34d6ff7964 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f29b90d7-fe59-4588-a602-ae072665ff25 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1943	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=381ae68b-8f52-4e6b-8116-4c46ef54fd67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1c81d556-c382-4955-b8a1-aedc9b4ac138 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1942	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=381ae68b-8f52-4e6b-8116-4c46ef54fd67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1941	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=381ae68b-8f52-4e6b-8116-4c46ef54fd67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1940	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=381ae68b-8f52-4e6b-8116-4c46ef54fd67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1939	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=381ae68b-8f52-4e6b-8116-4c46ef54fd67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1938	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=381ae68b-8f52-4e6b-8116-4c46ef54fd67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1937	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=381ae68b-8f52-4e6b-8116-4c46ef54fd67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1936	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=381ae68b-8f52-4e6b-8116-4c46ef54fd67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1935	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=381ae68b-8f52-4e6b-8116-4c46ef54fd67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1934	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd4bf439-6bf7-4b94-b508-6c34d6ff7964 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f29b90d7-fe59-4588-a602-ae072665ff25 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1933	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd4bf439-6bf7-4b94-b508-6c34d6ff7964 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1932	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd4bf439-6bf7-4b94-b508-6c34d6ff7964 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1931	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd4bf439-6bf7-4b94-b508-6c34d6ff7964 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1930	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd4bf439-6bf7-4b94-b508-6c34d6ff7964 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1929	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd4bf439-6bf7-4b94-b508-6c34d6ff7964 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1928	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd4bf439-6bf7-4b94-b508-6c34d6ff7964 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1927	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:31:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1eba5a1c-b17a-49e8-bf5f-fb8d26d4b735 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1baad44d-406b-4552-a673-432276897edf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1926	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:30:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=534de88a-d1b1-4c00-b34d-adb01ba32157 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion=5.1.14393.1944 RunspaceId=774ad38f-ce96-448c-9b01-146bdc6fdc1c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1925	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:30:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=534de88a-d1b1-4c00-b34d-adb01ba32157 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion=5.1.14393.1944 RunspaceId=774ad38f-ce96-448c-9b01-146bdc6fdc1c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1924	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=534de88a-d1b1-4c00-b34d-adb01ba32157 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1923	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=534de88a-d1b1-4c00-b34d-adb01ba32157 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1922	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=534de88a-d1b1-4c00-b34d-adb01ba32157 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1921	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=534de88a-d1b1-4c00-b34d-adb01ba32157 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1920	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=534de88a-d1b1-4c00-b34d-adb01ba32157 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1919	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=534de88a-d1b1-4c00-b34d-adb01ba32157 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1918	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=320324a8-557a-4aa2-913f-b3fcc1d1118b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=0bd46273-74f2-42e0-87d7-e0ea1d699901 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1917	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=320324a8-557a-4aa2-913f-b3fcc1d1118b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=0bd46273-74f2-42e0-87d7-e0ea1d699901 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1916	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=320324a8-557a-4aa2-913f-b3fcc1d1118b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1915	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=320324a8-557a-4aa2-913f-b3fcc1d1118b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1914	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=320324a8-557a-4aa2-913f-b3fcc1d1118b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1913	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=320324a8-557a-4aa2-913f-b3fcc1d1118b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1912	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=320324a8-557a-4aa2-913f-b3fcc1d1118b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1911	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=320324a8-557a-4aa2-913f-b3fcc1d1118b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1910	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=320324a8-557a-4aa2-913f-b3fcc1d1118b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1909	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=320324a8-557a-4aa2-913f-b3fcc1d1118b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1908	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1eba5a1c-b17a-49e8-bf5f-fb8d26d4b735 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1baad44d-406b-4552-a673-432276897edf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1907	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1eba5a1c-b17a-49e8-bf5f-fb8d26d4b735 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1906	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1eba5a1c-b17a-49e8-bf5f-fb8d26d4b735 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1905	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1eba5a1c-b17a-49e8-bf5f-fb8d26d4b735 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1904	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1eba5a1c-b17a-49e8-bf5f-fb8d26d4b735 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1903	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1eba5a1c-b17a-49e8-bf5f-fb8d26d4b735 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1902	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1eba5a1c-b17a-49e8-bf5f-fb8d26d4b735 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1901	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8f2df3be-2b1c-4111-b0a5-4329ae44a275 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f2797206-e2a0-4f82-9696-9258ccf9e30d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1900	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5a5e7ce7-2452-4d22-8ef8-ebc5ebaeaf7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5458b992-9603-4b8e-b1ee-61d1dd2ec297 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1899	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5a5e7ce7-2452-4d22-8ef8-ebc5ebaeaf7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1898	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5a5e7ce7-2452-4d22-8ef8-ebc5ebaeaf7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1897	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5a5e7ce7-2452-4d22-8ef8-ebc5ebaeaf7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1896	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5a5e7ce7-2452-4d22-8ef8-ebc5ebaeaf7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1895	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5a5e7ce7-2452-4d22-8ef8-ebc5ebaeaf7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1894	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5a5e7ce7-2452-4d22-8ef8-ebc5ebaeaf7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1893	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5a5e7ce7-2452-4d22-8ef8-ebc5ebaeaf7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1892	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5a5e7ce7-2452-4d22-8ef8-ebc5ebaeaf7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1891	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8f2df3be-2b1c-4111-b0a5-4329ae44a275 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f2797206-e2a0-4f82-9696-9258ccf9e30d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1890	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8f2df3be-2b1c-4111-b0a5-4329ae44a275 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1889	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8f2df3be-2b1c-4111-b0a5-4329ae44a275 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1888	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8f2df3be-2b1c-4111-b0a5-4329ae44a275 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1887	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8f2df3be-2b1c-4111-b0a5-4329ae44a275 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1886	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8f2df3be-2b1c-4111-b0a5-4329ae44a275 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1885	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8f2df3be-2b1c-4111-b0a5-4329ae44a275 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1884	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b04095a1-d5a9-4c72-82cf-6732321e7211 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=974524a9-6f34-467b-93be-63eb0c28510a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1883	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53ee510b-fe2c-4313-9c37-1fe415e6222d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion=5.1.14393.1944 RunspaceId=1436a84b-9b50-49e2-bdf7-8dc364266e7b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1882	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53ee510b-fe2c-4313-9c37-1fe415e6222d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion=5.1.14393.1944 RunspaceId=1436a84b-9b50-49e2-bdf7-8dc364266e7b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1881	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53ee510b-fe2c-4313-9c37-1fe415e6222d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1880	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53ee510b-fe2c-4313-9c37-1fe415e6222d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1879	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53ee510b-fe2c-4313-9c37-1fe415e6222d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1878	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53ee510b-fe2c-4313-9c37-1fe415e6222d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1877	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53ee510b-fe2c-4313-9c37-1fe415e6222d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1876	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53ee510b-fe2c-4313-9c37-1fe415e6222d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1875	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=552f3362-fdaa-41c1-a402-a97c999cadb4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d455ac59-1421-4b23-a7a9-684a25226851 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1874	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=552f3362-fdaa-41c1-a402-a97c999cadb4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d455ac59-1421-4b23-a7a9-684a25226851 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1873	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=552f3362-fdaa-41c1-a402-a97c999cadb4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1872	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=552f3362-fdaa-41c1-a402-a97c999cadb4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1871	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=552f3362-fdaa-41c1-a402-a97c999cadb4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1870	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=552f3362-fdaa-41c1-a402-a97c999cadb4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1869	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=552f3362-fdaa-41c1-a402-a97c999cadb4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1868	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=552f3362-fdaa-41c1-a402-a97c999cadb4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1867	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=552f3362-fdaa-41c1-a402-a97c999cadb4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1866	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=552f3362-fdaa-41c1-a402-a97c999cadb4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1865	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b04095a1-d5a9-4c72-82cf-6732321e7211 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=974524a9-6f34-467b-93be-63eb0c28510a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1864	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b04095a1-d5a9-4c72-82cf-6732321e7211 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1863	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b04095a1-d5a9-4c72-82cf-6732321e7211 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1862	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b04095a1-d5a9-4c72-82cf-6732321e7211 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1861	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b04095a1-d5a9-4c72-82cf-6732321e7211 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1860	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b04095a1-d5a9-4c72-82cf-6732321e7211 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1859	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b04095a1-d5a9-4c72-82cf-6732321e7211 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1858	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2805a817-2051-4dd7-8160-ba15d65b9e9a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB3AEEARABRAEEATgBRAEEAdQBBAEQAVQBBAEwAUQBBAHkAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATwBBAEEAeABBAEQAawBBAE8AQQBBAHkAQQBEAE0AQQBOAEEAQQA0AEEARABrAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=69e04823-6ef4-461c-847c-cf9d7a634208 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1857	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8fbe1fc6-e344-4021-9d1b-d072662bbcf6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAwADQANQAuADUALQAyADEAMAAxADAAOAAxADkAOAAyADMANAA4ADkAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=308eb828-1e59-4268-ac25-89fc437fd41e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1856	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8fbe1fc6-e344-4021-9d1b-d072662bbcf6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAwADQANQAuADUALQAyADEAMAAxADAAOAAxADkAOAAyADMANAA4ADkAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=308eb828-1e59-4268-ac25-89fc437fd41e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1855	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8fbe1fc6-e344-4021-9d1b-d072662bbcf6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAwADQANQAuADUALQAyADEAMAAxADAAOAAxADkAOAAyADMANAA4ADkAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1854	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8fbe1fc6-e344-4021-9d1b-d072662bbcf6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAwADQANQAuADUALQAyADEAMAAxADAAOAAxADkAOAAyADMANAA4ADkAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1853	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8fbe1fc6-e344-4021-9d1b-d072662bbcf6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAwADQANQAuADUALQAyADEAMAAxADAAOAAxADkAOAAyADMANAA4ADkAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1852	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8fbe1fc6-e344-4021-9d1b-d072662bbcf6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAwADQANQAuADUALQAyADEAMAAxADAAOAAxADkAOAAyADMANAA4ADkAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1851	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8fbe1fc6-e344-4021-9d1b-d072662bbcf6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAwADQANQAuADUALQAyADEAMAAxADAAOAAxADkAOAAyADMANAA4ADkAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1850	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8fbe1fc6-e344-4021-9d1b-d072662bbcf6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAwADQANQAuADUALQAyADEAMAAxADAAOAAxADkAOAAyADMANAA4ADkAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1849	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2805a817-2051-4dd7-8160-ba15d65b9e9a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB3AEEARABRAEEATgBRAEEAdQBBAEQAVQBBAEwAUQBBAHkAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATwBBAEEAeABBAEQAawBBAE8AQQBBAHkAQQBEAE0AQQBOAEEAQQA0AEEARABrAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=69e04823-6ef4-461c-847c-cf9d7a634208 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1848	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2805a817-2051-4dd7-8160-ba15d65b9e9a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB3AEEARABRAEEATgBRAEEAdQBBAEQAVQBBAEwAUQBBAHkAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATwBBAEEAeABBAEQAawBBAE8AQQBBAHkAQQBEAE0AQQBOAEEAQQA0AEEARABrAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1847	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2805a817-2051-4dd7-8160-ba15d65b9e9a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB3AEEARABRAEEATgBRAEEAdQBBAEQAVQBBAEwAUQBBAHkAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATwBBAEEAeABBAEQAawBBAE8AQQBBAHkAQQBEAE0AQQBOAEEAQQA0AEEARABrAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1846	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2805a817-2051-4dd7-8160-ba15d65b9e9a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB3AEEARABRAEEATgBRAEEAdQBBAEQAVQBBAEwAUQBBAHkAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATwBBAEEAeABBAEQAawBBAE8AQQBBAHkAQQBEAE0AQQBOAEEAQQA0AEEARABrAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1845	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2805a817-2051-4dd7-8160-ba15d65b9e9a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB3AEEARABRAEEATgBRAEEAdQBBAEQAVQBBAEwAUQBBAHkAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATwBBAEEAeABBAEQAawBBAE8AQQBBAHkAQQBEAE0AQQBOAEEAQQA0AEEARABrAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1844	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2805a817-2051-4dd7-8160-ba15d65b9e9a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB3AEEARABRAEEATgBRAEEAdQBBAEQAVQBBAEwAUQBBAHkAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATwBBAEEAeABBAEQAawBBAE8AQQBBAHkAQQBEAE0AQQBOAEEAQQA0AEEARABrAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1843	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2805a817-2051-4dd7-8160-ba15d65b9e9a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBOAEEAQQB3AEEARABRAEEATgBRAEEAdQBBAEQAVQBBAEwAUQBBAHkAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATwBBAEEAeABBAEQAawBBAE8AQQBBAHkAQQBEAE0AQQBOAEEAQQA0AEEARABrAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1842	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b95a662c-bb91-45dd-afb1-1cd339be381a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c0f5ae94-c194-4d12-b878-4e206db35d21 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1841	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f13fd426-e951-419e-9456-0b06dc6f3ea2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e814e4d7-e00f-43e7-af3d-16c44d7a2bde PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1840	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f13fd426-e951-419e-9456-0b06dc6f3ea2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1839	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f13fd426-e951-419e-9456-0b06dc6f3ea2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1838	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f13fd426-e951-419e-9456-0b06dc6f3ea2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1837	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f13fd426-e951-419e-9456-0b06dc6f3ea2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1836	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f13fd426-e951-419e-9456-0b06dc6f3ea2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1835	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f13fd426-e951-419e-9456-0b06dc6f3ea2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1834	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f13fd426-e951-419e-9456-0b06dc6f3ea2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1833	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f13fd426-e951-419e-9456-0b06dc6f3ea2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1832	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b95a662c-bb91-45dd-afb1-1cd339be381a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c0f5ae94-c194-4d12-b878-4e206db35d21 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1831	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b95a662c-bb91-45dd-afb1-1cd339be381a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1830	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b95a662c-bb91-45dd-afb1-1cd339be381a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1829	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b95a662c-bb91-45dd-afb1-1cd339be381a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1828	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b95a662c-bb91-45dd-afb1-1cd339be381a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1827	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b95a662c-bb91-45dd-afb1-1cd339be381a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1826	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b95a662c-bb91-45dd-afb1-1cd339be381a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1825	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c92f6d7e-5afc-457a-ad04-2285d4a6550f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAwADQANQAuADUALQAyADEAMAAxADAAOAAxADkAOAAyADMANAA4ADkAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=db1185f8-841f-4a7d-83eb-23b03780a8db PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1824	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c92f6d7e-5afc-457a-ad04-2285d4a6550f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAwADQANQAuADUALQAyADEAMAAxADAAOAAxADkAOAAyADMANAA4ADkAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=db1185f8-841f-4a7d-83eb-23b03780a8db PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1823	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c92f6d7e-5afc-457a-ad04-2285d4a6550f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAwADQANQAuADUALQAyADEAMAAxADAAOAAxADkAOAAyADMANAA4ADkAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1822	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c92f6d7e-5afc-457a-ad04-2285d4a6550f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAwADQANQAuADUALQAyADEAMAAxADAAOAAxADkAOAAyADMANAA4ADkAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1821	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c92f6d7e-5afc-457a-ad04-2285d4a6550f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAwADQANQAuADUALQAyADEAMAAxADAAOAAxADkAOAAyADMANAA4ADkAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1820	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c92f6d7e-5afc-457a-ad04-2285d4a6550f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAwADQANQAuADUALQAyADEAMAAxADAAOAAxADkAOAAyADMANAA4ADkAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1819	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c92f6d7e-5afc-457a-ad04-2285d4a6550f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAwADQANQAuADUALQAyADEAMAAxADAAOAAxADkAOAAyADMANAA4ADkAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1818	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c92f6d7e-5afc-457a-ad04-2285d4a6550f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUANAAwADQANQAuADUALQAyADEAMAAxADAAOAAxADkAOAAyADMANAA4ADkAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1817	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3d66052-b614-4e96-9009-19b8cea46677 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAEEAQQBOAEEAQQAxAEEAQwA0AEEATgBRAEEAdABBAEQASQBBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQA0AEEARABFAEEATwBRAEEANABBAEQASQBBAE0AdwBBADAAQQBEAGcAQQBPAFEAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=1fca3df5-c66b-421d-bbf0-7964d294d5ef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1816	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=62653914-af68-4248-8f80-961fbfb97951 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADAANAA1AC4ANQAtADIAMQAwADEAMAA4ADEAOQA4ADIAMwA0ADgAOQAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=6633e49b-b07a-4f5d-9334-753316823b7a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1815	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=62653914-af68-4248-8f80-961fbfb97951 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADAANAA1AC4ANQAtADIAMQAwADEAMAA4ADEAOQA4ADIAMwA0ADgAOQAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=6633e49b-b07a-4f5d-9334-753316823b7a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1814	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=62653914-af68-4248-8f80-961fbfb97951 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADAANAA1AC4ANQAtADIAMQAwADEAMAA4ADEAOQA4ADIAMwA0ADgAOQAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1813	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=62653914-af68-4248-8f80-961fbfb97951 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADAANAA1AC4ANQAtADIAMQAwADEAMAA4ADEAOQA4ADIAMwA0ADgAOQAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1812	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=62653914-af68-4248-8f80-961fbfb97951 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADAANAA1AC4ANQAtADIAMQAwADEAMAA4ADEAOQA4ADIAMwA0ADgAOQAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1811	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=62653914-af68-4248-8f80-961fbfb97951 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADAANAA1AC4ANQAtADIAMQAwADEAMAA4ADEAOQA4ADIAMwA0ADgAOQAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1810	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=62653914-af68-4248-8f80-961fbfb97951 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADAANAA1AC4ANQAtADIAMQAwADEAMAA4ADEAOQA4ADIAMwA0ADgAOQAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1809	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=62653914-af68-4248-8f80-961fbfb97951 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQA0ADAANAA1AC4ANQAtADIAMQAwADEAMAA4ADEAOQA4ADIAMwA0ADgAOQAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1808	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3d66052-b614-4e96-9009-19b8cea46677 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAEEAQQBOAEEAQQAxAEEAQwA0AEEATgBRAEEAdABBAEQASQBBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQA0AEEARABFAEEATwBRAEEANABBAEQASQBBAE0AdwBBADAAQQBEAGcAQQBPAFEAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=1fca3df5-c66b-421d-bbf0-7964d294d5ef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1807	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3d66052-b614-4e96-9009-19b8cea46677 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAEEAQQBOAEEAQQAxAEEAQwA0AEEATgBRAEEAdABBAEQASQBBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQA0AEEARABFAEEATwBRAEEANABBAEQASQBBAE0AdwBBADAAQQBEAGcAQQBPAFEAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1806	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3d66052-b614-4e96-9009-19b8cea46677 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAEEAQQBOAEEAQQAxAEEAQwA0AEEATgBRAEEAdABBAEQASQBBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQA0AEEARABFAEEATwBRAEEANABBAEQASQBBAE0AdwBBADAAQQBEAGcAQQBPAFEAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1805	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3d66052-b614-4e96-9009-19b8cea46677 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAEEAQQBOAEEAQQAxAEEAQwA0AEEATgBRAEEAdABBAEQASQBBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQA0AEEARABFAEEATwBRAEEANABBAEQASQBBAE0AdwBBADAAQQBEAGcAQQBPAFEAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1804	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3d66052-b614-4e96-9009-19b8cea46677 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAEEAQQBOAEEAQQAxAEEAQwA0AEEATgBRAEEAdABBAEQASQBBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQA0AEEARABFAEEATwBRAEEANABBAEQASQBBAE0AdwBBADAAQQBEAGcAQQBPAFEAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1803	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3d66052-b614-4e96-9009-19b8cea46677 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAEEAQQBOAEEAQQAxAEEAQwA0AEEATgBRAEEAdABBAEQASQBBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQA0AEEARABFAEEATwBRAEEANABBAEQASQBBAE0AdwBBADAAQQBEAGcAQQBPAFEAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1802	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3d66052-b614-4e96-9009-19b8cea46677 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBADAAQQBEAEEAQQBOAEEAQQAxAEEAQwA0AEEATgBRAEEAdABBAEQASQBBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQA0AEEARABFAEEATwBRAEEANABBAEQASQBBAE0AdwBBADAAQQBEAGcAQQBPAFEAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1801	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fd315ea-ee80-4c36-b5c1-cee7ef1f3afd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=90738080-c76f-4112-8f4a-091a4368bcc8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1800	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4c7b4bce-e230-4e52-8e41-26f807735efc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f61c94b2-c81b-45ca-a3b9-9bf0c4dd9085 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1799	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4c7b4bce-e230-4e52-8e41-26f807735efc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1798	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4c7b4bce-e230-4e52-8e41-26f807735efc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1797	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4c7b4bce-e230-4e52-8e41-26f807735efc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1796	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4c7b4bce-e230-4e52-8e41-26f807735efc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1795	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4c7b4bce-e230-4e52-8e41-26f807735efc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1794	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4c7b4bce-e230-4e52-8e41-26f807735efc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1793	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4c7b4bce-e230-4e52-8e41-26f807735efc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1792	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4c7b4bce-e230-4e52-8e41-26f807735efc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1791	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fd315ea-ee80-4c36-b5c1-cee7ef1f3afd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=90738080-c76f-4112-8f4a-091a4368bcc8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1790	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fd315ea-ee80-4c36-b5c1-cee7ef1f3afd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1789	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fd315ea-ee80-4c36-b5c1-cee7ef1f3afd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1788	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fd315ea-ee80-4c36-b5c1-cee7ef1f3afd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1787	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fd315ea-ee80-4c36-b5c1-cee7ef1f3afd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1786	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fd315ea-ee80-4c36-b5c1-cee7ef1f3afd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1785	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fd315ea-ee80-4c36-b5c1-cee7ef1f3afd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1784	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66a5ae2a-edf0-496b-b8d0-372536a94af0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6bcd0860-3c6e-4a41-bfc6-9d9528c048c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1783	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fdae67c-d470-448a-b3a8-ca4935286a76 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion=5.1.14393.1944 RunspaceId=a4826302-e1a8-4ada-8486-de7b8b683185 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1782	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:27:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fdae67c-d470-448a-b3a8-ca4935286a76 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion=5.1.14393.1944 RunspaceId=a4826302-e1a8-4ada-8486-de7b8b683185 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1781	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fdae67c-d470-448a-b3a8-ca4935286a76 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1780	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fdae67c-d470-448a-b3a8-ca4935286a76 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1779	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fdae67c-d470-448a-b3a8-ca4935286a76 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1778	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fdae67c-d470-448a-b3a8-ca4935286a76 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1777	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fdae67c-d470-448a-b3a8-ca4935286a76 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1776	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fdae67c-d470-448a-b3a8-ca4935286a76 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1775	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=7bb415a6-764a-4b37-9db6-d8ba69cbce3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c7762c75-b731-43cf-b176-b662c5f1e81b PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1774	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7bb415a6-764a-4b37-9db6-d8ba69cbce3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c7762c75-b731-43cf-b176-b662c5f1e81b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1773	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7bb415a6-764a-4b37-9db6-d8ba69cbce3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1772	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7bb415a6-764a-4b37-9db6-d8ba69cbce3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1771	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7bb415a6-764a-4b37-9db6-d8ba69cbce3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1770	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7bb415a6-764a-4b37-9db6-d8ba69cbce3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1769	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7bb415a6-764a-4b37-9db6-d8ba69cbce3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1768	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7bb415a6-764a-4b37-9db6-d8ba69cbce3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1767	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7bb415a6-764a-4b37-9db6-d8ba69cbce3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1766	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7bb415a6-764a-4b37-9db6-d8ba69cbce3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1765	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66a5ae2a-edf0-496b-b8d0-372536a94af0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6bcd0860-3c6e-4a41-bfc6-9d9528c048c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1764	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66a5ae2a-edf0-496b-b8d0-372536a94af0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1763	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66a5ae2a-edf0-496b-b8d0-372536a94af0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1762	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66a5ae2a-edf0-496b-b8d0-372536a94af0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1761	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66a5ae2a-edf0-496b-b8d0-372536a94af0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1760	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66a5ae2a-edf0-496b-b8d0-372536a94af0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1759	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66a5ae2a-edf0-496b-b8d0-372536a94af0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1758	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=26bb7f57-c054-46d6-b6e6-7004ae803152 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b1a88e50-12ba-4682-ae03-36fd299d5970 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1757	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=706e9917-b73d-4a0b-9478-9ec8b2ed01bb HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion=5.1.14393.1944 RunspaceId=ae2565a0-6833-44a4-8617-4632328162c4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1756	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=706e9917-b73d-4a0b-9478-9ec8b2ed01bb HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion=5.1.14393.1944 RunspaceId=ae2565a0-6833-44a4-8617-4632328162c4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1755	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=706e9917-b73d-4a0b-9478-9ec8b2ed01bb HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1754	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=706e9917-b73d-4a0b-9478-9ec8b2ed01bb HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1753	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=706e9917-b73d-4a0b-9478-9ec8b2ed01bb HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1752	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=706e9917-b73d-4a0b-9478-9ec8b2ed01bb HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1751	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=706e9917-b73d-4a0b-9478-9ec8b2ed01bb HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1750	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=706e9917-b73d-4a0b-9478-9ec8b2ed01bb HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1749	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=6becefad-7431-493a-8731-148227f5a5a6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ebcb7a51-71c0-4da2-9f3c-1ac8c76b1d27 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1748	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6becefad-7431-493a-8731-148227f5a5a6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ebcb7a51-71c0-4da2-9f3c-1ac8c76b1d27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1747	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6becefad-7431-493a-8731-148227f5a5a6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1746	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6becefad-7431-493a-8731-148227f5a5a6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1745	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6becefad-7431-493a-8731-148227f5a5a6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1744	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6becefad-7431-493a-8731-148227f5a5a6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1743	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6becefad-7431-493a-8731-148227f5a5a6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1742	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6becefad-7431-493a-8731-148227f5a5a6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1741	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6becefad-7431-493a-8731-148227f5a5a6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1740	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6becefad-7431-493a-8731-148227f5a5a6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1739	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=26bb7f57-c054-46d6-b6e6-7004ae803152 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b1a88e50-12ba-4682-ae03-36fd299d5970 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1738	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=26bb7f57-c054-46d6-b6e6-7004ae803152 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1737	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=26bb7f57-c054-46d6-b6e6-7004ae803152 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1736	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=26bb7f57-c054-46d6-b6e6-7004ae803152 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1735	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=26bb7f57-c054-46d6-b6e6-7004ae803152 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1734	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=26bb7f57-c054-46d6-b6e6-7004ae803152 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1733	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=26bb7f57-c054-46d6-b6e6-7004ae803152 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1732	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a62f6861-5f1e-4e96-8dcc-08019624d905 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3ea1d252-0ee2-461a-bc59-bcda8e6a6563 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1731	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=537d61ed-9e8a-4d49-b5c9-3c6b9282fd58 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion=5.1.14393.1944 RunspaceId=fe1b1774-7966-4e7d-a2c5-c8c8705b514f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1730	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=537d61ed-9e8a-4d49-b5c9-3c6b9282fd58 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion=5.1.14393.1944 RunspaceId=fe1b1774-7966-4e7d-a2c5-c8c8705b514f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1729	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=537d61ed-9e8a-4d49-b5c9-3c6b9282fd58 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1728	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=537d61ed-9e8a-4d49-b5c9-3c6b9282fd58 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1727	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=537d61ed-9e8a-4d49-b5c9-3c6b9282fd58 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1726	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=537d61ed-9e8a-4d49-b5c9-3c6b9282fd58 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1725	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=537d61ed-9e8a-4d49-b5c9-3c6b9282fd58 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1724	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=537d61ed-9e8a-4d49-b5c9-3c6b9282fd58 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1723	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=76fc187d-4f56-4f59-8f9f-0fb27601cfdb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=061496c0-fbf4-49e2-93f8-1888ea6a8710 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1722	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=76fc187d-4f56-4f59-8f9f-0fb27601cfdb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=061496c0-fbf4-49e2-93f8-1888ea6a8710 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1721	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=76fc187d-4f56-4f59-8f9f-0fb27601cfdb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1720	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=76fc187d-4f56-4f59-8f9f-0fb27601cfdb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1719	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=76fc187d-4f56-4f59-8f9f-0fb27601cfdb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1718	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=76fc187d-4f56-4f59-8f9f-0fb27601cfdb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1717	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=76fc187d-4f56-4f59-8f9f-0fb27601cfdb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1716	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=76fc187d-4f56-4f59-8f9f-0fb27601cfdb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1715	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=76fc187d-4f56-4f59-8f9f-0fb27601cfdb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1714	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=76fc187d-4f56-4f59-8f9f-0fb27601cfdb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1713	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a62f6861-5f1e-4e96-8dcc-08019624d905 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3ea1d252-0ee2-461a-bc59-bcda8e6a6563 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1712	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a62f6861-5f1e-4e96-8dcc-08019624d905 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1711	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a62f6861-5f1e-4e96-8dcc-08019624d905 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1710	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a62f6861-5f1e-4e96-8dcc-08019624d905 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1709	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a62f6861-5f1e-4e96-8dcc-08019624d905 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1708	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a62f6861-5f1e-4e96-8dcc-08019624d905 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1707	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a62f6861-5f1e-4e96-8dcc-08019624d905 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1706	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8d379bf-3dd8-48a5-a8f2-238412f74b0f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1aa8d7bb-8132-44d6-b6bc-cd14d772e554 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1705	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e92dfe4d-6d08-49aa-8be9-f36febbbcb96 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion=5.1.14393.1944 RunspaceId=18b48b90-d26d-4e8f-9bad-8e90a04d545e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1704	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e92dfe4d-6d08-49aa-8be9-f36febbbcb96 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion=5.1.14393.1944 RunspaceId=18b48b90-d26d-4e8f-9bad-8e90a04d545e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1703	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e92dfe4d-6d08-49aa-8be9-f36febbbcb96 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1702	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e92dfe4d-6d08-49aa-8be9-f36febbbcb96 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1701	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e92dfe4d-6d08-49aa-8be9-f36febbbcb96 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1700	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e92dfe4d-6d08-49aa-8be9-f36febbbcb96 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1699	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e92dfe4d-6d08-49aa-8be9-f36febbbcb96 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1698	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e92dfe4d-6d08-49aa-8be9-f36febbbcb96 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1697	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=a44dfd7d-ecfb-42f2-abe9-01fc1deca81d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4abfd1f0-d8b2-4599-95d1-9eee67bb1fdc PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1696	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a44dfd7d-ecfb-42f2-abe9-01fc1deca81d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4abfd1f0-d8b2-4599-95d1-9eee67bb1fdc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1695	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a44dfd7d-ecfb-42f2-abe9-01fc1deca81d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1694	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a44dfd7d-ecfb-42f2-abe9-01fc1deca81d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1693	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a44dfd7d-ecfb-42f2-abe9-01fc1deca81d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1692	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a44dfd7d-ecfb-42f2-abe9-01fc1deca81d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1691	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a44dfd7d-ecfb-42f2-abe9-01fc1deca81d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1690	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a44dfd7d-ecfb-42f2-abe9-01fc1deca81d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1689	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a44dfd7d-ecfb-42f2-abe9-01fc1deca81d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1688	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a44dfd7d-ecfb-42f2-abe9-01fc1deca81d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1687	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8d379bf-3dd8-48a5-a8f2-238412f74b0f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1aa8d7bb-8132-44d6-b6bc-cd14d772e554 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1686	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8d379bf-3dd8-48a5-a8f2-238412f74b0f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1685	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8d379bf-3dd8-48a5-a8f2-238412f74b0f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1684	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8d379bf-3dd8-48a5-a8f2-238412f74b0f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1683	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8d379bf-3dd8-48a5-a8f2-238412f74b0f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1682	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8d379bf-3dd8-48a5-a8f2-238412f74b0f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1681	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8d379bf-3dd8-48a5-a8f2-238412f74b0f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1680	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:26:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=27988e0b-aec6-404f-aef9-1483cb1fdffa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=50b40c9a-d039-4d72-a65a-eb1ce469de4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1679	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=babd9090-3d7b-4df2-a89c-a1769a84a20b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA EngineVersion=5.1.14393.1944 RunspaceId=98b55b2b-43ee-4294-a638-9e6c0bc0d41c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1678	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=babd9090-3d7b-4df2-a89c-a1769a84a20b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA EngineVersion=5.1.14393.1944 RunspaceId=98b55b2b-43ee-4294-a638-9e6c0bc0d41c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1677	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=babd9090-3d7b-4df2-a89c-a1769a84a20b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1676	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=babd9090-3d7b-4df2-a89c-a1769a84a20b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1675	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=babd9090-3d7b-4df2-a89c-a1769a84a20b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1674	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=babd9090-3d7b-4df2-a89c-a1769a84a20b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1673	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=babd9090-3d7b-4df2-a89c-a1769a84a20b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1672	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=babd9090-3d7b-4df2-a89c-a1769a84a20b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1671	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=84e802bb-f3d8-4c69-8192-5cbf8f041efe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3360bd4c-64d3-4a95-bfb2-650794b4dda5 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1670	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84e802bb-f3d8-4c69-8192-5cbf8f041efe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3360bd4c-64d3-4a95-bfb2-650794b4dda5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1669	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84e802bb-f3d8-4c69-8192-5cbf8f041efe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1668	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84e802bb-f3d8-4c69-8192-5cbf8f041efe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1667	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84e802bb-f3d8-4c69-8192-5cbf8f041efe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1666	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84e802bb-f3d8-4c69-8192-5cbf8f041efe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1665	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84e802bb-f3d8-4c69-8192-5cbf8f041efe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1664	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84e802bb-f3d8-4c69-8192-5cbf8f041efe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1663	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84e802bb-f3d8-4c69-8192-5cbf8f041efe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1662	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84e802bb-f3d8-4c69-8192-5cbf8f041efe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1661	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=27988e0b-aec6-404f-aef9-1483cb1fdffa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=50b40c9a-d039-4d72-a65a-eb1ce469de4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1660	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=27988e0b-aec6-404f-aef9-1483cb1fdffa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1659	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=27988e0b-aec6-404f-aef9-1483cb1fdffa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1658	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=27988e0b-aec6-404f-aef9-1483cb1fdffa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1657	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=27988e0b-aec6-404f-aef9-1483cb1fdffa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1656	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=27988e0b-aec6-404f-aef9-1483cb1fdffa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1655	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=27988e0b-aec6-404f-aef9-1483cb1fdffa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1654	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=147d02c8-1a90-451d-a0a8-2344d80666f7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQA1AEEARABVAEEATQBRAEEAdQBBAEQAZwBBAE4AQQBBAHQAQQBEAEkAQQBOAHcAQQB6AEEARABFAEEATQBBAEEAeQBBAEQAQQBBAE8AUQBBAHgAQQBEAE0AQQBNAFEAQQB6AEEARABjAEEATQBBAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=7fb9c36a-75fd-4980-b76f-eed249cdb4ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1653	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6895bf18-d74c-4edf-891d-ec6c79b00eef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwA5ADUAMQAuADgANAAtADIANwAzADEAMAAyADAAOQAxADMAMQAzADcAMAAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=7e3a25c1-c960-48bd-9b1f-084b2d6b5b5b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1652	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6895bf18-d74c-4edf-891d-ec6c79b00eef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwA5ADUAMQAuADgANAAtADIANwAzADEAMAAyADAAOQAxADMAMQAzADcAMAAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=7e3a25c1-c960-48bd-9b1f-084b2d6b5b5b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1651	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6895bf18-d74c-4edf-891d-ec6c79b00eef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwA5ADUAMQAuADgANAAtADIANwAzADEAMAAyADAAOQAxADMAMQAzADcAMAAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1650	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6895bf18-d74c-4edf-891d-ec6c79b00eef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwA5ADUAMQAuADgANAAtADIANwAzADEAMAAyADAAOQAxADMAMQAzADcAMAAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1649	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6895bf18-d74c-4edf-891d-ec6c79b00eef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwA5ADUAMQAuADgANAAtADIANwAzADEAMAAyADAAOQAxADMAMQAzADcAMAAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1648	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6895bf18-d74c-4edf-891d-ec6c79b00eef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwA5ADUAMQAuADgANAAtADIANwAzADEAMAAyADAAOQAxADMAMQAzADcAMAAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1647	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6895bf18-d74c-4edf-891d-ec6c79b00eef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwA5ADUAMQAuADgANAAtADIANwAzADEAMAAyADAAOQAxADMAMQAzADcAMAAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1646	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6895bf18-d74c-4edf-891d-ec6c79b00eef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwA5ADUAMQAuADgANAAtADIANwAzADEAMAAyADAAOQAxADMAMQAzADcAMAAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1645	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=147d02c8-1a90-451d-a0a8-2344d80666f7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQA1AEEARABVAEEATQBRAEEAdQBBAEQAZwBBAE4AQQBBAHQAQQBEAEkAQQBOAHcAQQB6AEEARABFAEEATQBBAEEAeQBBAEQAQQBBAE8AUQBBAHgAQQBEAE0AQQBNAFEAQQB6AEEARABjAEEATQBBAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=7fb9c36a-75fd-4980-b76f-eed249cdb4ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1644	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=147d02c8-1a90-451d-a0a8-2344d80666f7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQA1AEEARABVAEEATQBRAEEAdQBBAEQAZwBBAE4AQQBBAHQAQQBEAEkAQQBOAHcAQQB6AEEARABFAEEATQBBAEEAeQBBAEQAQQBBAE8AUQBBAHgAQQBEAE0AQQBNAFEAQQB6AEEARABjAEEATQBBAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1643	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=147d02c8-1a90-451d-a0a8-2344d80666f7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQA1AEEARABVAEEATQBRAEEAdQBBAEQAZwBBAE4AQQBBAHQAQQBEAEkAQQBOAHcAQQB6AEEARABFAEEATQBBAEEAeQBBAEQAQQBBAE8AUQBBAHgAQQBEAE0AQQBNAFEAQQB6AEEARABjAEEATQBBAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1642	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=147d02c8-1a90-451d-a0a8-2344d80666f7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQA1AEEARABVAEEATQBRAEEAdQBBAEQAZwBBAE4AQQBBAHQAQQBEAEkAQQBOAHcAQQB6AEEARABFAEEATQBBAEEAeQBBAEQAQQBBAE8AUQBBAHgAQQBEAE0AQQBNAFEAQQB6AEEARABjAEEATQBBAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1641	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=147d02c8-1a90-451d-a0a8-2344d80666f7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQA1AEEARABVAEEATQBRAEEAdQBBAEQAZwBBAE4AQQBBAHQAQQBEAEkAQQBOAHcAQQB6AEEARABFAEEATQBBAEEAeQBBAEQAQQBBAE8AUQBBAHgAQQBEAE0AQQBNAFEAQQB6AEEARABjAEEATQBBAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1640	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=147d02c8-1a90-451d-a0a8-2344d80666f7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQA1AEEARABVAEEATQBRAEEAdQBBAEQAZwBBAE4AQQBBAHQAQQBEAEkAQQBOAHcAQQB6AEEARABFAEEATQBBAEEAeQBBAEQAQQBBAE8AUQBBAHgAQQBEAE0AQQBNAFEAQQB6AEEARABjAEEATQBBAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1639	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=147d02c8-1a90-451d-a0a8-2344d80666f7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQA1AEEARABVAEEATQBRAEEAdQBBAEQAZwBBAE4AQQBBAHQAQQBEAEkAQQBOAHcAQQB6AEEARABFAEEATQBBAEEAeQBBAEQAQQBBAE8AUQBBAHgAQQBEAE0AQQBNAFEAQQB6AEEARABjAEEATQBBAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1638	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=797aaa04-809a-45b4-8723-aa6dc28879df HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6ec20e3b-2661-4080-a065-3e6fc32781d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1637	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=75d09914-1bcb-450f-969e-a884c7b54952 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=82acc4d5-cf85-491a-8e01-b43117e6671a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1636	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=75d09914-1bcb-450f-969e-a884c7b54952 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1635	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=75d09914-1bcb-450f-969e-a884c7b54952 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1634	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=75d09914-1bcb-450f-969e-a884c7b54952 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1633	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=75d09914-1bcb-450f-969e-a884c7b54952 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1632	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=75d09914-1bcb-450f-969e-a884c7b54952 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1631	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=75d09914-1bcb-450f-969e-a884c7b54952 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1630	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=75d09914-1bcb-450f-969e-a884c7b54952 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1629	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=75d09914-1bcb-450f-969e-a884c7b54952 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1628	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=797aaa04-809a-45b4-8723-aa6dc28879df HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6ec20e3b-2661-4080-a065-3e6fc32781d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1627	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=797aaa04-809a-45b4-8723-aa6dc28879df HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1626	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=797aaa04-809a-45b4-8723-aa6dc28879df HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1625	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=797aaa04-809a-45b4-8723-aa6dc28879df HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1624	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=797aaa04-809a-45b4-8723-aa6dc28879df HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1623	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=797aaa04-809a-45b4-8723-aa6dc28879df HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1622	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=797aaa04-809a-45b4-8723-aa6dc28879df HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1621	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8b4c472-272d-4436-8b96-b73bae4e88c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwA5ADUAMQAuADgANAAtADIANwAzADEAMAAyADAAOQAxADMAMQAzADcAMAAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=c21a27bd-665c-4d80-80fc-43dde2fbea1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1620	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8b4c472-272d-4436-8b96-b73bae4e88c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwA5ADUAMQAuADgANAAtADIANwAzADEAMAAyADAAOQAxADMAMQAzADcAMAAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=c21a27bd-665c-4d80-80fc-43dde2fbea1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1619	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8b4c472-272d-4436-8b96-b73bae4e88c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwA5ADUAMQAuADgANAAtADIANwAzADEAMAAyADAAOQAxADMAMQAzADcAMAAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1618	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8b4c472-272d-4436-8b96-b73bae4e88c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwA5ADUAMQAuADgANAAtADIANwAzADEAMAAyADAAOQAxADMAMQAzADcAMAAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1617	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8b4c472-272d-4436-8b96-b73bae4e88c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwA5ADUAMQAuADgANAAtADIANwAzADEAMAAyADAAOQAxADMAMQAzADcAMAAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1616	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8b4c472-272d-4436-8b96-b73bae4e88c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwA5ADUAMQAuADgANAAtADIANwAzADEAMAAyADAAOQAxADMAMQAzADcAMAAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1615	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8b4c472-272d-4436-8b96-b73bae4e88c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwA5ADUAMQAuADgANAAtADIANwAzADEAMAAyADAAOQAxADMAMQAzADcAMAAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1614	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8b4c472-272d-4436-8b96-b73bae4e88c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwA5ADUAMQAuADgANAAtADIANwAzADEAMAAyADAAOQAxADMAMQAzADcAMAAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1613	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=693e497d-a1aa-4104-ad50-971f0efcfcba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAGsAQQBOAFEAQQB4AEEAQwA0AEEATwBBAEEAMABBAEMAMABBAE0AZwBBADMAQQBEAE0AQQBNAFEAQQB3AEEARABJAEEATQBBAEEANQBBAEQARQBBAE0AdwBBAHgAQQBEAE0AQQBOAHcAQQB3AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=54f9377f-ed6d-4780-9e12-a07611d63b59 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1612	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52ee32a9-7f19-42f3-9d9c-5b984712d474 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADkANQAxAC4AOAA0AC0AMgA3ADMAMQAwADIAMAA5ADEAMwAxADMANwAwADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=838be5af-489c-4d11-8b01-12f8e562dde6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1611	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52ee32a9-7f19-42f3-9d9c-5b984712d474 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADkANQAxAC4AOAA0AC0AMgA3ADMAMQAwADIAMAA5ADEAMwAxADMANwAwADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=838be5af-489c-4d11-8b01-12f8e562dde6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1610	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52ee32a9-7f19-42f3-9d9c-5b984712d474 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADkANQAxAC4AOAA0AC0AMgA3ADMAMQAwADIAMAA5ADEAMwAxADMANwAwADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1609	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52ee32a9-7f19-42f3-9d9c-5b984712d474 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADkANQAxAC4AOAA0AC0AMgA3ADMAMQAwADIAMAA5ADEAMwAxADMANwAwADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1608	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52ee32a9-7f19-42f3-9d9c-5b984712d474 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADkANQAxAC4AOAA0AC0AMgA3ADMAMQAwADIAMAA5ADEAMwAxADMANwAwADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1607	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52ee32a9-7f19-42f3-9d9c-5b984712d474 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADkANQAxAC4AOAA0AC0AMgA3ADMAMQAwADIAMAA5ADEAMwAxADMANwAwADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1606	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52ee32a9-7f19-42f3-9d9c-5b984712d474 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADkANQAxAC4AOAA0AC0AMgA3ADMAMQAwADIAMAA5ADEAMwAxADMANwAwADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1605	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52ee32a9-7f19-42f3-9d9c-5b984712d474 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADkANQAxAC4AOAA0AC0AMgA3ADMAMQAwADIAMAA5ADEAMwAxADMANwAwADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1604	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=693e497d-a1aa-4104-ad50-971f0efcfcba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAGsAQQBOAFEAQQB4AEEAQwA0AEEATwBBAEEAMABBAEMAMABBAE0AZwBBADMAQQBEAE0AQQBNAFEAQQB3AEEARABJAEEATQBBAEEANQBBAEQARQBBAE0AdwBBAHgAQQBEAE0AQQBOAHcAQQB3AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=54f9377f-ed6d-4780-9e12-a07611d63b59 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1603	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=693e497d-a1aa-4104-ad50-971f0efcfcba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAGsAQQBOAFEAQQB4AEEAQwA0AEEATwBBAEEAMABBAEMAMABBAE0AZwBBADMAQQBEAE0AQQBNAFEAQQB3AEEARABJAEEATQBBAEEANQBBAEQARQBBAE0AdwBBAHgAQQBEAE0AQQBOAHcAQQB3AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1602	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=693e497d-a1aa-4104-ad50-971f0efcfcba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAGsAQQBOAFEAQQB4AEEAQwA0AEEATwBBAEEAMABBAEMAMABBAE0AZwBBADMAQQBEAE0AQQBNAFEAQQB3AEEARABJAEEATQBBAEEANQBBAEQARQBBAE0AdwBBAHgAQQBEAE0AQQBOAHcAQQB3AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1601	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=693e497d-a1aa-4104-ad50-971f0efcfcba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAGsAQQBOAFEAQQB4AEEAQwA0AEEATwBBAEEAMABBAEMAMABBAE0AZwBBADMAQQBEAE0AQQBNAFEAQQB3AEEARABJAEEATQBBAEEANQBBAEQARQBBAE0AdwBBAHgAQQBEAE0AQQBOAHcAQQB3AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1600	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=693e497d-a1aa-4104-ad50-971f0efcfcba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAGsAQQBOAFEAQQB4AEEAQwA0AEEATwBBAEEAMABBAEMAMABBAE0AZwBBADMAQQBEAE0AQQBNAFEAQQB3AEEARABJAEEATQBBAEEANQBBAEQARQBBAE0AdwBBAHgAQQBEAE0AQQBOAHcAQQB3AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1599	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=693e497d-a1aa-4104-ad50-971f0efcfcba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAGsAQQBOAFEAQQB4AEEAQwA0AEEATwBBAEEAMABBAEMAMABBAE0AZwBBADMAQQBEAE0AQQBNAFEAQQB3AEEARABJAEEATQBBAEEANQBBAEQARQBBAE0AdwBBAHgAQQBEAE0AQQBOAHcAQQB3AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1598	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=693e497d-a1aa-4104-ad50-971f0efcfcba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAGsAQQBOAFEAQQB4AEEAQwA0AEEATwBBAEEAMABBAEMAMABBAE0AZwBBADMAQQBEAE0AQQBNAFEAQQB3AEEARABJAEEATQBBAEEANQBBAEQARQBBAE0AdwBBAHgAQQBEAE0AQQBOAHcAQQB3AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1597	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bfc43306-9062-4ba3-b911-c867a7b03937 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5d56ab8a-66af-4565-92d3-2e644d2f0904 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1596	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3656a9f9-5dd8-4dd1-a756-30d3aebea3d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d20595dd-67f5-492c-b41d-b5728cbf5be8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1595	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3656a9f9-5dd8-4dd1-a756-30d3aebea3d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1594	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3656a9f9-5dd8-4dd1-a756-30d3aebea3d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1593	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3656a9f9-5dd8-4dd1-a756-30d3aebea3d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1592	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3656a9f9-5dd8-4dd1-a756-30d3aebea3d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1591	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3656a9f9-5dd8-4dd1-a756-30d3aebea3d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1590	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3656a9f9-5dd8-4dd1-a756-30d3aebea3d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1589	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3656a9f9-5dd8-4dd1-a756-30d3aebea3d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1588	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3656a9f9-5dd8-4dd1-a756-30d3aebea3d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1587	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bfc43306-9062-4ba3-b911-c867a7b03937 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5d56ab8a-66af-4565-92d3-2e644d2f0904 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1586	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bfc43306-9062-4ba3-b911-c867a7b03937 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1585	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bfc43306-9062-4ba3-b911-c867a7b03937 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1584	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bfc43306-9062-4ba3-b911-c867a7b03937 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1583	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bfc43306-9062-4ba3-b911-c867a7b03937 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1582	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bfc43306-9062-4ba3-b911-c867a7b03937 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1581	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bfc43306-9062-4ba3-b911-c867a7b03937 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1580	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3206c998-51e4-439d-87e5-9a9d7393f28f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=316eb168-a9f7-491c-b2c3-553198e237d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1579	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7f7fc532-4e9e-4866-b7f0-7d0a514b712d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgA2ADYAMABkADYANQBhADgAZQA5ADkANQA0ADYANgA1ADkANgA3AGYANwA5ADQANAAwADkAYgA5ADMAYwBmADQAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A EngineVersion=5.1.14393.1944 RunspaceId=db487240-2e46-4c10-afc4-1d6de32489c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1578	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:25:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7f7fc532-4e9e-4866-b7f0-7d0a514b712d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgA2ADYAMABkADYANQBhADgAZQA5ADkANQA0ADYANgA1ADkANgA3AGYANwA5ADQANAAwADkAYgA5ADMAYwBmADQAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A EngineVersion=5.1.14393.1944 RunspaceId=db487240-2e46-4c10-afc4-1d6de32489c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1577	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7f7fc532-4e9e-4866-b7f0-7d0a514b712d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgA2ADYAMABkADYANQBhADgAZQA5ADkANQA0ADYANgA1ADkANgA3AGYANwA5ADQANAAwADkAYgA5ADMAYwBmADQAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1576	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7f7fc532-4e9e-4866-b7f0-7d0a514b712d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgA2ADYAMABkADYANQBhADgAZQA5ADkANQA0ADYANgA1ADkANgA3AGYANwA5ADQANAAwADkAYgA5ADMAYwBmADQAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1575	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7f7fc532-4e9e-4866-b7f0-7d0a514b712d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgA2ADYAMABkADYANQBhADgAZQA5ADkANQA0ADYANgA1ADkANgA3AGYANwA5ADQANAAwADkAYgA5ADMAYwBmADQAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1574	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7f7fc532-4e9e-4866-b7f0-7d0a514b712d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgA2ADYAMABkADYANQBhADgAZQA5ADkANQA0ADYANgA1ADkANgA3AGYANwA5ADQANAAwADkAYgA5ADMAYwBmADQAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1573	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7f7fc532-4e9e-4866-b7f0-7d0a514b712d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgA2ADYAMABkADYANQBhADgAZQA5ADkANQA0ADYANgA1ADkANgA3AGYANwA5ADQANAAwADkAYgA5ADMAYwBmADQAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1572	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7f7fc532-4e9e-4866-b7f0-7d0a514b712d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgA2ADYAMABkADYANQBhADgAZQA5ADkANQA0ADYANgA1ADkANgA3AGYANwA5ADQANAAwADkAYgA5ADMAYwBmADQAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1571	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=0abb4faa-7983-4c2e-8ec5-8759fb75f44f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5a9a5338-df0c-4357-a677-2c170515a00c PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1570	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0abb4faa-7983-4c2e-8ec5-8759fb75f44f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5a9a5338-df0c-4357-a677-2c170515a00c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1569	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0abb4faa-7983-4c2e-8ec5-8759fb75f44f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1568	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0abb4faa-7983-4c2e-8ec5-8759fb75f44f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1567	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0abb4faa-7983-4c2e-8ec5-8759fb75f44f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1566	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0abb4faa-7983-4c2e-8ec5-8759fb75f44f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1565	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0abb4faa-7983-4c2e-8ec5-8759fb75f44f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1564	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0abb4faa-7983-4c2e-8ec5-8759fb75f44f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1563	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0abb4faa-7983-4c2e-8ec5-8759fb75f44f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1562	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0abb4faa-7983-4c2e-8ec5-8759fb75f44f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1561	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3206c998-51e4-439d-87e5-9a9d7393f28f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=316eb168-a9f7-491c-b2c3-553198e237d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1560	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3206c998-51e4-439d-87e5-9a9d7393f28f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1559	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3206c998-51e4-439d-87e5-9a9d7393f28f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1558	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3206c998-51e4-439d-87e5-9a9d7393f28f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1557	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3206c998-51e4-439d-87e5-9a9d7393f28f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1556	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3206c998-51e4-439d-87e5-9a9d7393f28f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1555	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3206c998-51e4-439d-87e5-9a9d7393f28f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1554	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9ab2fdd-b91a-4195-aba8-12f0ce0c51ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB6AEEARABjAEEATwBBAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEUAQQBOAFEAQQAxAEEARABZAEEATgB3AEEAMABBAEQATQBBAE0AdwBBAHcAQQBEAFkAQQBOAEEAQQB5AEEARABFAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=9418981b-f218-4a6e-9aa0-974f57dcb10f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1553	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4507fd34-9444-434e-bb56-4eaeae268e7e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAzADcAOAAuADUANgAtADEANQA1ADYANwA0ADMAMwAwADYANAAyADEAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=7f211eb4-483f-4939-b39c-063a82cd6dc9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1552	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4507fd34-9444-434e-bb56-4eaeae268e7e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAzADcAOAAuADUANgAtADEANQA1ADYANwA0ADMAMwAwADYANAAyADEAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=7f211eb4-483f-4939-b39c-063a82cd6dc9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1551	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4507fd34-9444-434e-bb56-4eaeae268e7e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAzADcAOAAuADUANgAtADEANQA1ADYANwA0ADMAMwAwADYANAAyADEAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1550	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4507fd34-9444-434e-bb56-4eaeae268e7e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAzADcAOAAuADUANgAtADEANQA1ADYANwA0ADMAMwAwADYANAAyADEAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1549	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4507fd34-9444-434e-bb56-4eaeae268e7e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAzADcAOAAuADUANgAtADEANQA1ADYANwA0ADMAMwAwADYANAAyADEAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1548	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4507fd34-9444-434e-bb56-4eaeae268e7e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAzADcAOAAuADUANgAtADEANQA1ADYANwA0ADMAMwAwADYANAAyADEAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1547	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4507fd34-9444-434e-bb56-4eaeae268e7e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAzADcAOAAuADUANgAtADEANQA1ADYANwA0ADMAMwAwADYANAAyADEAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1546	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4507fd34-9444-434e-bb56-4eaeae268e7e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAzADcAOAAuADUANgAtADEANQA1ADYANwA0ADMAMwAwADYANAAyADEAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1545	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9ab2fdd-b91a-4195-aba8-12f0ce0c51ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB6AEEARABjAEEATwBBAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEUAQQBOAFEAQQAxAEEARABZAEEATgB3AEEAMABBAEQATQBBAE0AdwBBAHcAQQBEAFkAQQBOAEEAQQB5AEEARABFAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=9418981b-f218-4a6e-9aa0-974f57dcb10f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1544	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9ab2fdd-b91a-4195-aba8-12f0ce0c51ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB6AEEARABjAEEATwBBAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEUAQQBOAFEAQQAxAEEARABZAEEATgB3AEEAMABBAEQATQBBAE0AdwBBAHcAQQBEAFkAQQBOAEEAQQB5AEEARABFAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1543	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9ab2fdd-b91a-4195-aba8-12f0ce0c51ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB6AEEARABjAEEATwBBAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEUAQQBOAFEAQQAxAEEARABZAEEATgB3AEEAMABBAEQATQBBAE0AdwBBAHcAQQBEAFkAQQBOAEEAQQB5AEEARABFAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1542	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9ab2fdd-b91a-4195-aba8-12f0ce0c51ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB6AEEARABjAEEATwBBAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEUAQQBOAFEAQQAxAEEARABZAEEATgB3AEEAMABBAEQATQBBAE0AdwBBAHcAQQBEAFkAQQBOAEEAQQB5AEEARABFAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1541	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9ab2fdd-b91a-4195-aba8-12f0ce0c51ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB6AEEARABjAEEATwBBAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEUAQQBOAFEAQQAxAEEARABZAEEATgB3AEEAMABBAEQATQBBAE0AdwBBAHcAQQBEAFkAQQBOAEEAQQB5AEEARABFAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1540	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9ab2fdd-b91a-4195-aba8-12f0ce0c51ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB6AEEARABjAEEATwBBAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEUAQQBOAFEAQQAxAEEARABZAEEATgB3AEEAMABBAEQATQBBAE0AdwBBAHcAQQBEAFkAQQBOAEEAQQB5AEEARABFAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1539	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9ab2fdd-b91a-4195-aba8-12f0ce0c51ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB6AEEARABjAEEATwBBAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEUAQQBOAFEAQQAxAEEARABZAEEATgB3AEEAMABBAEQATQBBAE0AdwBBAHcAQQBEAFkAQQBOAEEAQQB5AEEARABFAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1538	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b5dd151-0d1d-4866-bdd4-d59ca8068b5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=89d5bc03-647d-41ed-9fcd-37a713765f55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1537	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8d051da2-10cb-432f-858e-3c1234a5823a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c09656c7-50d8-45ae-8000-9461ac32854a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1536	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8d051da2-10cb-432f-858e-3c1234a5823a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1535	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8d051da2-10cb-432f-858e-3c1234a5823a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1534	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8d051da2-10cb-432f-858e-3c1234a5823a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1533	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8d051da2-10cb-432f-858e-3c1234a5823a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1532	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8d051da2-10cb-432f-858e-3c1234a5823a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1531	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8d051da2-10cb-432f-858e-3c1234a5823a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1530	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8d051da2-10cb-432f-858e-3c1234a5823a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1529	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8d051da2-10cb-432f-858e-3c1234a5823a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1528	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b5dd151-0d1d-4866-bdd4-d59ca8068b5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=89d5bc03-647d-41ed-9fcd-37a713765f55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1527	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b5dd151-0d1d-4866-bdd4-d59ca8068b5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1526	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b5dd151-0d1d-4866-bdd4-d59ca8068b5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1525	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b5dd151-0d1d-4866-bdd4-d59ca8068b5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1524	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b5dd151-0d1d-4866-bdd4-d59ca8068b5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1523	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b5dd151-0d1d-4866-bdd4-d59ca8068b5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1522	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b5dd151-0d1d-4866-bdd4-d59ca8068b5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1521	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ff57f4c2-f603-448e-90fe-ecddcd50b772 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAzADcAOAAuADUANgAtADEANQA1ADYANwA0ADMAMwAwADYANAAyADEAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=cd229697-edfd-4c37-9d2c-fe762b912e57 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1520	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ff57f4c2-f603-448e-90fe-ecddcd50b772 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAzADcAOAAuADUANgAtADEANQA1ADYANwA0ADMAMwAwADYANAAyADEAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=cd229697-edfd-4c37-9d2c-fe762b912e57 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1519	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ff57f4c2-f603-448e-90fe-ecddcd50b772 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAzADcAOAAuADUANgAtADEANQA1ADYANwA0ADMAMwAwADYANAAyADEAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1518	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ff57f4c2-f603-448e-90fe-ecddcd50b772 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAzADcAOAAuADUANgAtADEANQA1ADYANwA0ADMAMwAwADYANAAyADEAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1517	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ff57f4c2-f603-448e-90fe-ecddcd50b772 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAzADcAOAAuADUANgAtADEANQA1ADYANwA0ADMAMwAwADYANAAyADEAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1516	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ff57f4c2-f603-448e-90fe-ecddcd50b772 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAzADcAOAAuADUANgAtADEANQA1ADYANwA0ADMAMwAwADYANAAyADEAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1515	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ff57f4c2-f603-448e-90fe-ecddcd50b772 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAzADcAOAAuADUANgAtADEANQA1ADYANwA0ADMAMwAwADYANAAyADEAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1514	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ff57f4c2-f603-448e-90fe-ecddcd50b772 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAzADcAOAAuADUANgAtADEANQA1ADYANwA0ADMAMwAwADYANAAyADEAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1513	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d8717798-d798-49fa-bceb-e49b6640d5c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAE0AQQBOAHcAQQA0AEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AUQBBADEAQQBEAFUAQQBOAGcAQQAzAEEARABRAEEATQB3AEEAegBBAEQAQQBBAE4AZwBBADAAQQBEAEkAQQBNAFEAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=b762bb91-3bb6-43af-958b-f9e9febe2125 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1512	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b1c89f2a-a671-4c8c-a465-fc256fed2a5b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADMANwA4AC4ANQA2AC0AMQA1ADUANgA3ADQAMwAzADAANgA0ADIAMQA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=d553bf81-60cd-43fd-8733-19aec31a90fa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1511	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b1c89f2a-a671-4c8c-a465-fc256fed2a5b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADMANwA4AC4ANQA2AC0AMQA1ADUANgA3ADQAMwAzADAANgA0ADIAMQA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=d553bf81-60cd-43fd-8733-19aec31a90fa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1510	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b1c89f2a-a671-4c8c-a465-fc256fed2a5b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADMANwA4AC4ANQA2AC0AMQA1ADUANgA3ADQAMwAzADAANgA0ADIAMQA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1509	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b1c89f2a-a671-4c8c-a465-fc256fed2a5b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADMANwA4AC4ANQA2AC0AMQA1ADUANgA3ADQAMwAzADAANgA0ADIAMQA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1508	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b1c89f2a-a671-4c8c-a465-fc256fed2a5b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADMANwA4AC4ANQA2AC0AMQA1ADUANgA3ADQAMwAzADAANgA0ADIAMQA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1507	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b1c89f2a-a671-4c8c-a465-fc256fed2a5b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADMANwA4AC4ANQA2AC0AMQA1ADUANgA3ADQAMwAzADAANgA0ADIAMQA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1506	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b1c89f2a-a671-4c8c-a465-fc256fed2a5b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADMANwA4AC4ANQA2AC0AMQA1ADUANgA3ADQAMwAzADAANgA0ADIAMQA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1505	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b1c89f2a-a671-4c8c-a465-fc256fed2a5b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADMANwA4AC4ANQA2AC0AMQA1ADUANgA3ADQAMwAzADAANgA0ADIAMQA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1504	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d8717798-d798-49fa-bceb-e49b6640d5c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAE0AQQBOAHcAQQA0AEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AUQBBADEAQQBEAFUAQQBOAGcAQQAzAEEARABRAEEATQB3AEEAegBBAEQAQQBBAE4AZwBBADAAQQBEAEkAQQBNAFEAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=b762bb91-3bb6-43af-958b-f9e9febe2125 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1503	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d8717798-d798-49fa-bceb-e49b6640d5c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAE0AQQBOAHcAQQA0AEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AUQBBADEAQQBEAFUAQQBOAGcAQQAzAEEARABRAEEATQB3AEEAegBBAEQAQQBBAE4AZwBBADAAQQBEAEkAQQBNAFEAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1502	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d8717798-d798-49fa-bceb-e49b6640d5c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAE0AQQBOAHcAQQA0AEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AUQBBADEAQQBEAFUAQQBOAGcAQQAzAEEARABRAEEATQB3AEEAegBBAEQAQQBBAE4AZwBBADAAQQBEAEkAQQBNAFEAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1501	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d8717798-d798-49fa-bceb-e49b6640d5c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAE0AQQBOAHcAQQA0AEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AUQBBADEAQQBEAFUAQQBOAGcAQQAzAEEARABRAEEATQB3AEEAegBBAEQAQQBBAE4AZwBBADAAQQBEAEkAQQBNAFEAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1500	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d8717798-d798-49fa-bceb-e49b6640d5c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAE0AQQBOAHcAQQA0AEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AUQBBADEAQQBEAFUAQQBOAGcAQQAzAEEARABRAEEATQB3AEEAegBBAEQAQQBBAE4AZwBBADAAQQBEAEkAQQBNAFEAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1499	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d8717798-d798-49fa-bceb-e49b6640d5c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAE0AQQBOAHcAQQA0AEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AUQBBADEAQQBEAFUAQQBOAGcAQQAzAEEARABRAEEATQB3AEEAegBBAEQAQQBBAE4AZwBBADAAQQBEAEkAQQBNAFEAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1498	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d8717798-d798-49fa-bceb-e49b6640d5c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAE0AQQBOAHcAQQA0AEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AUQBBADEAQQBEAFUAQQBOAGcAQQAzAEEARABRAEEATQB3AEEAegBBAEQAQQBBAE4AZwBBADAAQQBEAEkAQQBNAFEAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1497	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3aa7d36-ab58-41f0-8bec-45afced5c288 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=18cf1ad4-6537-44f6-9629-9b9a8e0522a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1496	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=53467167-9d28-443a-a8a8-91443109d0d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=eae2cff5-41c2-43e3-9e64-dc2941a4cd2a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1495	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=53467167-9d28-443a-a8a8-91443109d0d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1494	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=53467167-9d28-443a-a8a8-91443109d0d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1493	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=53467167-9d28-443a-a8a8-91443109d0d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1492	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=53467167-9d28-443a-a8a8-91443109d0d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1491	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=53467167-9d28-443a-a8a8-91443109d0d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1490	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=53467167-9d28-443a-a8a8-91443109d0d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1489	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=53467167-9d28-443a-a8a8-91443109d0d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1488	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=53467167-9d28-443a-a8a8-91443109d0d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1487	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3aa7d36-ab58-41f0-8bec-45afced5c288 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=18cf1ad4-6537-44f6-9629-9b9a8e0522a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1486	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3aa7d36-ab58-41f0-8bec-45afced5c288 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1485	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3aa7d36-ab58-41f0-8bec-45afced5c288 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1484	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3aa7d36-ab58-41f0-8bec-45afced5c288 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1483	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3aa7d36-ab58-41f0-8bec-45afced5c288 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1482	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3aa7d36-ab58-41f0-8bec-45afced5c288 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1481	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3aa7d36-ab58-41f0-8bec-45afced5c288 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1480	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6652ca6-1d2f-4cf6-b760-1b3a5885a82e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=70663e57-a669-47e0-8a36-e7f343e2667d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1479	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7316b4a-a4ec-463a-8618-3f8651aac3fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=28e94084-d652-4941-8228-c917ede1d10a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1478	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7316b4a-a4ec-463a-8618-3f8651aac3fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1477	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7316b4a-a4ec-463a-8618-3f8651aac3fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1476	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7316b4a-a4ec-463a-8618-3f8651aac3fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1475	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7316b4a-a4ec-463a-8618-3f8651aac3fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1474	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7316b4a-a4ec-463a-8618-3f8651aac3fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1473	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7316b4a-a4ec-463a-8618-3f8651aac3fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1472	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7316b4a-a4ec-463a-8618-3f8651aac3fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1471	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7316b4a-a4ec-463a-8618-3f8651aac3fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1470	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6652ca6-1d2f-4cf6-b760-1b3a5885a82e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=70663e57-a669-47e0-8a36-e7f343e2667d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1469	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6652ca6-1d2f-4cf6-b760-1b3a5885a82e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1468	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6652ca6-1d2f-4cf6-b760-1b3a5885a82e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1467	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6652ca6-1d2f-4cf6-b760-1b3a5885a82e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1466	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6652ca6-1d2f-4cf6-b760-1b3a5885a82e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1465	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6652ca6-1d2f-4cf6-b760-1b3a5885a82e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1464	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6652ca6-1d2f-4cf6-b760-1b3a5885a82e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1463	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=450a8843-b468-4e04-986e-b1ad61ec8fca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=150ce117-379d-47c5-a0d7-1b383d385edb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1462	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:16:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=2908a04f-5c30-4b16-bd0a-03cc5fae6c28 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3b7df753-f073-4c8a-a0a8-702541a51562 PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"	800		0	4	8		36028797018963968	1461	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2908a04f-5c30-4b16-bd0a-03cc5fae6c28 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3b7df753-f073-4c8a-a0a8-702541a51562 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1460	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2908a04f-5c30-4b16-bd0a-03cc5fae6c28 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1459	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2908a04f-5c30-4b16-bd0a-03cc5fae6c28 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1458	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2908a04f-5c30-4b16-bd0a-03cc5fae6c28 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1457	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2908a04f-5c30-4b16-bd0a-03cc5fae6c28 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1456	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2908a04f-5c30-4b16-bd0a-03cc5fae6c28 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1455	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2908a04f-5c30-4b16-bd0a-03cc5fae6c28 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1454	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2908a04f-5c30-4b16-bd0a-03cc5fae6c28 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1453	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2908a04f-5c30-4b16-bd0a-03cc5fae6c28 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1452	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=450a8843-b468-4e04-986e-b1ad61ec8fca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=150ce117-379d-47c5-a0d7-1b383d385edb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1451	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=450a8843-b468-4e04-986e-b1ad61ec8fca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1450	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=450a8843-b468-4e04-986e-b1ad61ec8fca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1449	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=450a8843-b468-4e04-986e-b1ad61ec8fca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1448	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=450a8843-b468-4e04-986e-b1ad61ec8fca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1447	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=450a8843-b468-4e04-986e-b1ad61ec8fca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1446	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=450a8843-b468-4e04-986e-b1ad61ec8fca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1445	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=590dbb73-bce5-4833-bd52-833ad756ceeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ae665f22-47cd-4b6f-959d-f95749cd0598 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1444	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=13153181-a33c-415d-8674-3946fbec1b5b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f1b42ea0-b0ab-4e7e-b74b-03a361d273de PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $webclient_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } }"	800		0	4	8		36028797018963968	1443	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=13153181-a33c-415d-8674-3946fbec1b5b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f1b42ea0-b0ab-4e7e-b74b-03a361d273de PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1442	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=13153181-a33c-415d-8674-3946fbec1b5b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1441	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=13153181-a33c-415d-8674-3946fbec1b5b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1440	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=13153181-a33c-415d-8674-3946fbec1b5b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1439	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=13153181-a33c-415d-8674-3946fbec1b5b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1438	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=13153181-a33c-415d-8674-3946fbec1b5b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1437	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=13153181-a33c-415d-8674-3946fbec1b5b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1436	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=13153181-a33c-415d-8674-3946fbec1b5b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1435	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=13153181-a33c-415d-8674-3946fbec1b5b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1434	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=590dbb73-bce5-4833-bd52-833ad756ceeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ae665f22-47cd-4b6f-959d-f95749cd0598 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1433	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=590dbb73-bce5-4833-bd52-833ad756ceeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1432	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=590dbb73-bce5-4833-bd52-833ad756ceeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1431	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=590dbb73-bce5-4833-bd52-833ad756ceeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1430	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=590dbb73-bce5-4833-bd52-833ad756ceeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1429	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=590dbb73-bce5-4833-bd52-833ad756ceeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1428	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=590dbb73-bce5-4833-bd52-833ad756ceeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1427	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=49b36180-1894-4d4e-b3b4-c967228c25af HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9f8f045c-e9e0-45f3-a069-3e1ce606cedd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1426	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e4d22e4d-0b6d-44c7-b5bd-f97335b57f6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=67431b01-94a2-4c0f-842c-46f0021156d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1425	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e4d22e4d-0b6d-44c7-b5bd-f97335b57f6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1424	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e4d22e4d-0b6d-44c7-b5bd-f97335b57f6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1423	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e4d22e4d-0b6d-44c7-b5bd-f97335b57f6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1422	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e4d22e4d-0b6d-44c7-b5bd-f97335b57f6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1421	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e4d22e4d-0b6d-44c7-b5bd-f97335b57f6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1420	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e4d22e4d-0b6d-44c7-b5bd-f97335b57f6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1419	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e4d22e4d-0b6d-44c7-b5bd-f97335b57f6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1418	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e4d22e4d-0b6d-44c7-b5bd-f97335b57f6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1417	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=49b36180-1894-4d4e-b3b4-c967228c25af HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9f8f045c-e9e0-45f3-a069-3e1ce606cedd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1416	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=49b36180-1894-4d4e-b3b4-c967228c25af HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1415	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=49b36180-1894-4d4e-b3b4-c967228c25af HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1414	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=49b36180-1894-4d4e-b3b4-c967228c25af HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1413	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=49b36180-1894-4d4e-b3b4-c967228c25af HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1412	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=49b36180-1894-4d4e-b3b4-c967228c25af HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1411	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=49b36180-1894-4d4e-b3b4-c967228c25af HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1410	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7299ba71-f70f-44d6-a12c-c5d64baaaf97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4c9f8ebd-ed9c-4694-a62d-4287d0667f7b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1409	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbc31ad3-fcb4-4d7b-bd73-00c039bf0568 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion=5.1.14393.1944 RunspaceId=e145c0b5-c082-4659-b847-c1f7d37e88a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1408	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbc31ad3-fcb4-4d7b-bd73-00c039bf0568 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion=5.1.14393.1944 RunspaceId=e145c0b5-c082-4659-b847-c1f7d37e88a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1407	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbc31ad3-fcb4-4d7b-bd73-00c039bf0568 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1406	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbc31ad3-fcb4-4d7b-bd73-00c039bf0568 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1405	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbc31ad3-fcb4-4d7b-bd73-00c039bf0568 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1404	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbc31ad3-fcb4-4d7b-bd73-00c039bf0568 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1403	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbc31ad3-fcb4-4d7b-bd73-00c039bf0568 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1402	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbc31ad3-fcb4-4d7b-bd73-00c039bf0568 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1401	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=da3f56bb-e1cf-4689-9a1a-c188a86f0c0c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2dcbb155-5537-4cdb-9659-fc889ee8577a PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1400	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da3f56bb-e1cf-4689-9a1a-c188a86f0c0c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2dcbb155-5537-4cdb-9659-fc889ee8577a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1399	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da3f56bb-e1cf-4689-9a1a-c188a86f0c0c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1398	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da3f56bb-e1cf-4689-9a1a-c188a86f0c0c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1397	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da3f56bb-e1cf-4689-9a1a-c188a86f0c0c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1396	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da3f56bb-e1cf-4689-9a1a-c188a86f0c0c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1395	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da3f56bb-e1cf-4689-9a1a-c188a86f0c0c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1394	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da3f56bb-e1cf-4689-9a1a-c188a86f0c0c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1393	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da3f56bb-e1cf-4689-9a1a-c188a86f0c0c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1392	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da3f56bb-e1cf-4689-9a1a-c188a86f0c0c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1391	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7299ba71-f70f-44d6-a12c-c5d64baaaf97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4c9f8ebd-ed9c-4694-a62d-4287d0667f7b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1390	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7299ba71-f70f-44d6-a12c-c5d64baaaf97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1389	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7299ba71-f70f-44d6-a12c-c5d64baaaf97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1388	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7299ba71-f70f-44d6-a12c-c5d64baaaf97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1387	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7299ba71-f70f-44d6-a12c-c5d64baaaf97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1386	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7299ba71-f70f-44d6-a12c-c5d64baaaf97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1385	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7299ba71-f70f-44d6-a12c-c5d64baaaf97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1384	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=368bab69-9e2e-4dd3-adbd-b65f1abbd967 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=779e7430-dadd-464a-9daa-8caf69dc78b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1383	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=229adc57-927f-4611-9d8a-26e984703a65 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion=5.1.14393.1944 RunspaceId=b5f3db91-b51f-4f98-821d-1624048dd2fb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1382	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=229adc57-927f-4611-9d8a-26e984703a65 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion=5.1.14393.1944 RunspaceId=b5f3db91-b51f-4f98-821d-1624048dd2fb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1381	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=229adc57-927f-4611-9d8a-26e984703a65 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1380	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=229adc57-927f-4611-9d8a-26e984703a65 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1379	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=229adc57-927f-4611-9d8a-26e984703a65 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1378	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=229adc57-927f-4611-9d8a-26e984703a65 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1377	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=229adc57-927f-4611-9d8a-26e984703a65 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1376	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=229adc57-927f-4611-9d8a-26e984703a65 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1375	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=4ce3ea05-df7e-4bd7-bc64-f2926bd6072b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=337deaa9-c120-4e13-829b-bc6d959371d6 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1374	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4ce3ea05-df7e-4bd7-bc64-f2926bd6072b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=337deaa9-c120-4e13-829b-bc6d959371d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1373	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4ce3ea05-df7e-4bd7-bc64-f2926bd6072b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1372	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4ce3ea05-df7e-4bd7-bc64-f2926bd6072b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1371	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4ce3ea05-df7e-4bd7-bc64-f2926bd6072b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1370	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4ce3ea05-df7e-4bd7-bc64-f2926bd6072b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1369	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4ce3ea05-df7e-4bd7-bc64-f2926bd6072b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1368	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4ce3ea05-df7e-4bd7-bc64-f2926bd6072b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1367	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4ce3ea05-df7e-4bd7-bc64-f2926bd6072b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1366	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4ce3ea05-df7e-4bd7-bc64-f2926bd6072b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1365	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=368bab69-9e2e-4dd3-adbd-b65f1abbd967 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=779e7430-dadd-464a-9daa-8caf69dc78b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1364	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=368bab69-9e2e-4dd3-adbd-b65f1abbd967 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1363	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=368bab69-9e2e-4dd3-adbd-b65f1abbd967 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1362	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=368bab69-9e2e-4dd3-adbd-b65f1abbd967 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1361	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=368bab69-9e2e-4dd3-adbd-b65f1abbd967 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1360	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=368bab69-9e2e-4dd3-adbd-b65f1abbd967 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1359	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=368bab69-9e2e-4dd3-adbd-b65f1abbd967 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1358	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2dc55a29-28a3-488a-af0e-37fadedd83f8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9d830145-0210-4df5-94ee-6b427c0c6218 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1357	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=84615f8d-6abc-4b42-af03-8ff2f263af44 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=879ae273-a7fe-4f6b-b06b-3c75294d38c3 PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"	800		0	4	8		36028797018963968	1356	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84615f8d-6abc-4b42-af03-8ff2f263af44 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=879ae273-a7fe-4f6b-b06b-3c75294d38c3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1355	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84615f8d-6abc-4b42-af03-8ff2f263af44 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1354	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84615f8d-6abc-4b42-af03-8ff2f263af44 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1353	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84615f8d-6abc-4b42-af03-8ff2f263af44 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1352	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84615f8d-6abc-4b42-af03-8ff2f263af44 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1351	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84615f8d-6abc-4b42-af03-8ff2f263af44 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1350	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84615f8d-6abc-4b42-af03-8ff2f263af44 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1349	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84615f8d-6abc-4b42-af03-8ff2f263af44 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1348	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84615f8d-6abc-4b42-af03-8ff2f263af44 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1347	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2dc55a29-28a3-488a-af0e-37fadedd83f8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9d830145-0210-4df5-94ee-6b427c0c6218 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1346	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2dc55a29-28a3-488a-af0e-37fadedd83f8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1345	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2dc55a29-28a3-488a-af0e-37fadedd83f8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1344	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2dc55a29-28a3-488a-af0e-37fadedd83f8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1343	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2dc55a29-28a3-488a-af0e-37fadedd83f8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1342	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2dc55a29-28a3-488a-af0e-37fadedd83f8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1341	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2dc55a29-28a3-488a-af0e-37fadedd83f8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1340	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d834ebf8-f429-4c60-99e2-23ef697e5ed1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4546b50e-068b-4989-b393-3a30b608fa2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1339	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=9bb040d4-7ae9-4984-a067-8662d756951e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1b562e56-806b-4204-b5ae-0531498123e3 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $webclient_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } }"	800		0	4	8		36028797018963968	1338	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9bb040d4-7ae9-4984-a067-8662d756951e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1b562e56-806b-4204-b5ae-0531498123e3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1337	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9bb040d4-7ae9-4984-a067-8662d756951e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1336	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9bb040d4-7ae9-4984-a067-8662d756951e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1335	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9bb040d4-7ae9-4984-a067-8662d756951e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1334	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9bb040d4-7ae9-4984-a067-8662d756951e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1333	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9bb040d4-7ae9-4984-a067-8662d756951e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1332	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9bb040d4-7ae9-4984-a067-8662d756951e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1331	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9bb040d4-7ae9-4984-a067-8662d756951e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1330	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9bb040d4-7ae9-4984-a067-8662d756951e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1329	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d834ebf8-f429-4c60-99e2-23ef697e5ed1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4546b50e-068b-4989-b393-3a30b608fa2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1328	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d834ebf8-f429-4c60-99e2-23ef697e5ed1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1327	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d834ebf8-f429-4c60-99e2-23ef697e5ed1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1326	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d834ebf8-f429-4c60-99e2-23ef697e5ed1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1325	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d834ebf8-f429-4c60-99e2-23ef697e5ed1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1324	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d834ebf8-f429-4c60-99e2-23ef697e5ed1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1323	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d834ebf8-f429-4c60-99e2-23ef697e5ed1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1322	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fc04b9c8-fa5c-41cd-bb02-e0bac50a7235 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=42b7fb5f-816e-4e0f-acd3-3fd11c650496 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1321	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d781c760-75fb-4593-bbad-2ebe1bb0963e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c5882099-c4f7-41ce-b5a9-c0c218a25838 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1320	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d781c760-75fb-4593-bbad-2ebe1bb0963e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1319	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d781c760-75fb-4593-bbad-2ebe1bb0963e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1318	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d781c760-75fb-4593-bbad-2ebe1bb0963e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1317	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d781c760-75fb-4593-bbad-2ebe1bb0963e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1316	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d781c760-75fb-4593-bbad-2ebe1bb0963e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1315	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d781c760-75fb-4593-bbad-2ebe1bb0963e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1314	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d781c760-75fb-4593-bbad-2ebe1bb0963e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1313	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d781c760-75fb-4593-bbad-2ebe1bb0963e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1312	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fc04b9c8-fa5c-41cd-bb02-e0bac50a7235 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=42b7fb5f-816e-4e0f-acd3-3fd11c650496 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1311	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fc04b9c8-fa5c-41cd-bb02-e0bac50a7235 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1310	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fc04b9c8-fa5c-41cd-bb02-e0bac50a7235 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1309	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fc04b9c8-fa5c-41cd-bb02-e0bac50a7235 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1308	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fc04b9c8-fa5c-41cd-bb02-e0bac50a7235 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1307	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fc04b9c8-fa5c-41cd-bb02-e0bac50a7235 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1306	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fc04b9c8-fa5c-41cd-bb02-e0bac50a7235 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1305	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=467a2c5d-4058-4467-8ba3-2276ad4ae627 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=47d1d52b-439b-4bac-9175-050ac051d49c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1304	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6616186d-6b12-4a14-aa2b-96ae5dfb6a9c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion=5.1.14393.1944 RunspaceId=626931b4-2c7e-47ac-a411-6ae37d906445 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1303	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6616186d-6b12-4a14-aa2b-96ae5dfb6a9c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion=5.1.14393.1944 RunspaceId=626931b4-2c7e-47ac-a411-6ae37d906445 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1302	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6616186d-6b12-4a14-aa2b-96ae5dfb6a9c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1301	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6616186d-6b12-4a14-aa2b-96ae5dfb6a9c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1300	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6616186d-6b12-4a14-aa2b-96ae5dfb6a9c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1299	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6616186d-6b12-4a14-aa2b-96ae5dfb6a9c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1298	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6616186d-6b12-4a14-aa2b-96ae5dfb6a9c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1297	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6616186d-6b12-4a14-aa2b-96ae5dfb6a9c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1296	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2054dd1-f2e0-4102-9fa6-3c8947fc9863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=32400c4c-cf8e-43a8-82bf-a92f5b0963d7 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1295	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2054dd1-f2e0-4102-9fa6-3c8947fc9863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=32400c4c-cf8e-43a8-82bf-a92f5b0963d7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1294	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2054dd1-f2e0-4102-9fa6-3c8947fc9863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1293	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2054dd1-f2e0-4102-9fa6-3c8947fc9863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1292	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2054dd1-f2e0-4102-9fa6-3c8947fc9863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1291	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2054dd1-f2e0-4102-9fa6-3c8947fc9863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1290	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2054dd1-f2e0-4102-9fa6-3c8947fc9863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1289	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2054dd1-f2e0-4102-9fa6-3c8947fc9863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1288	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2054dd1-f2e0-4102-9fa6-3c8947fc9863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1287	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2054dd1-f2e0-4102-9fa6-3c8947fc9863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1286	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=467a2c5d-4058-4467-8ba3-2276ad4ae627 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=47d1d52b-439b-4bac-9175-050ac051d49c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1285	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=467a2c5d-4058-4467-8ba3-2276ad4ae627 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1284	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=467a2c5d-4058-4467-8ba3-2276ad4ae627 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1283	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=467a2c5d-4058-4467-8ba3-2276ad4ae627 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1282	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=467a2c5d-4058-4467-8ba3-2276ad4ae627 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1281	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=467a2c5d-4058-4467-8ba3-2276ad4ae627 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1280	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=467a2c5d-4058-4467-8ba3-2276ad4ae627 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1279	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=179e1c1f-1daa-4fe7-ba16-43c547ef95c1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=19f05f66-3c66-4c0b-8cd9-1745339bfd87 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1278	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=129b56fe-4ee4-40fd-988e-a73cef407fb8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e5b4dc39-12d9-4d85-9fd3-f145c8826e37 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $webclient_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } }"	800		0	4	8		36028797018963968	1277	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=129b56fe-4ee4-40fd-988e-a73cef407fb8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e5b4dc39-12d9-4d85-9fd3-f145c8826e37 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1276	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=129b56fe-4ee4-40fd-988e-a73cef407fb8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1275	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=129b56fe-4ee4-40fd-988e-a73cef407fb8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1274	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=129b56fe-4ee4-40fd-988e-a73cef407fb8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1273	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=129b56fe-4ee4-40fd-988e-a73cef407fb8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1272	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=129b56fe-4ee4-40fd-988e-a73cef407fb8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1271	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=129b56fe-4ee4-40fd-988e-a73cef407fb8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1270	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=129b56fe-4ee4-40fd-988e-a73cef407fb8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1269	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=129b56fe-4ee4-40fd-988e-a73cef407fb8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1268	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=179e1c1f-1daa-4fe7-ba16-43c547ef95c1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=19f05f66-3c66-4c0b-8cd9-1745339bfd87 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1267	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=179e1c1f-1daa-4fe7-ba16-43c547ef95c1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1266	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=179e1c1f-1daa-4fe7-ba16-43c547ef95c1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1265	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=179e1c1f-1daa-4fe7-ba16-43c547ef95c1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1264	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=179e1c1f-1daa-4fe7-ba16-43c547ef95c1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1263	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=179e1c1f-1daa-4fe7-ba16-43c547ef95c1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1262	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=179e1c1f-1daa-4fe7-ba16-43c547ef95c1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1261	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=89df0d1d-4af2-414d-ae7b-36a0030b537f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=dfa15d72-8857-4f39-b5d8-a11a512480d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1260	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=382f05b6-dddd-4c6b-bacf-54002efc46ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=37bc89ec-6a61-4e9e-bb46-e27465e46f08 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1259	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=382f05b6-dddd-4c6b-bacf-54002efc46ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1258	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=382f05b6-dddd-4c6b-bacf-54002efc46ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1257	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=382f05b6-dddd-4c6b-bacf-54002efc46ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1256	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=382f05b6-dddd-4c6b-bacf-54002efc46ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1255	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=382f05b6-dddd-4c6b-bacf-54002efc46ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1254	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=382f05b6-dddd-4c6b-bacf-54002efc46ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1253	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=382f05b6-dddd-4c6b-bacf-54002efc46ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1252	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=382f05b6-dddd-4c6b-bacf-54002efc46ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1251	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=89df0d1d-4af2-414d-ae7b-36a0030b537f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=dfa15d72-8857-4f39-b5d8-a11a512480d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1250	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=89df0d1d-4af2-414d-ae7b-36a0030b537f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1249	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=89df0d1d-4af2-414d-ae7b-36a0030b537f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1248	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=89df0d1d-4af2-414d-ae7b-36a0030b537f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1247	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=89df0d1d-4af2-414d-ae7b-36a0030b537f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1246	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=89df0d1d-4af2-414d-ae7b-36a0030b537f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1245	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=89df0d1d-4af2-414d-ae7b-36a0030b537f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1244	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5ad098e7-0d3e-4ead-b795-0f176423a8ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=79fff9c3-a27c-4350-9a16-526ae509dfd9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1243	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d98edc0a-52d5-4edf-a8dc-29d0bc696254 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion=5.1.14393.1944 RunspaceId=90e4ef4d-c7b7-471e-b81f-d0bb043d20d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1242	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d98edc0a-52d5-4edf-a8dc-29d0bc696254 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion=5.1.14393.1944 RunspaceId=90e4ef4d-c7b7-471e-b81f-d0bb043d20d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1241	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d98edc0a-52d5-4edf-a8dc-29d0bc696254 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1240	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d98edc0a-52d5-4edf-a8dc-29d0bc696254 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1239	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d98edc0a-52d5-4edf-a8dc-29d0bc696254 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1238	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d98edc0a-52d5-4edf-a8dc-29d0bc696254 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1237	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d98edc0a-52d5-4edf-a8dc-29d0bc696254 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1236	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d98edc0a-52d5-4edf-a8dc-29d0bc696254 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1235	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=f699691d-e66f-4689-9ef7-b46e702c637a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=63a31238-61a1-450d-b119-925fb3db9700 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1234	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f699691d-e66f-4689-9ef7-b46e702c637a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=63a31238-61a1-450d-b119-925fb3db9700 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1233	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f699691d-e66f-4689-9ef7-b46e702c637a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1232	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f699691d-e66f-4689-9ef7-b46e702c637a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1231	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f699691d-e66f-4689-9ef7-b46e702c637a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1230	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f699691d-e66f-4689-9ef7-b46e702c637a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1229	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f699691d-e66f-4689-9ef7-b46e702c637a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1228	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f699691d-e66f-4689-9ef7-b46e702c637a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1227	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f699691d-e66f-4689-9ef7-b46e702c637a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1226	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f699691d-e66f-4689-9ef7-b46e702c637a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1225	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5ad098e7-0d3e-4ead-b795-0f176423a8ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=79fff9c3-a27c-4350-9a16-526ae509dfd9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1224	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5ad098e7-0d3e-4ead-b795-0f176423a8ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1223	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5ad098e7-0d3e-4ead-b795-0f176423a8ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1222	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5ad098e7-0d3e-4ead-b795-0f176423a8ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1221	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5ad098e7-0d3e-4ead-b795-0f176423a8ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1220	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5ad098e7-0d3e-4ead-b795-0f176423a8ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1219	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5ad098e7-0d3e-4ead-b795-0f176423a8ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1218	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0389ae86-7818-4f8d-a9e9-2a27736872eb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=21765805-aef4-4be6-b2c3-976f7136da0c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1217	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=afc8ee01-8760-4540-a6d4-f6366434f4e3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1c28b6ad-84c0-43fb-848a-12c726cfa0a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1216	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=afc8ee01-8760-4540-a6d4-f6366434f4e3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1215	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=afc8ee01-8760-4540-a6d4-f6366434f4e3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1214	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=afc8ee01-8760-4540-a6d4-f6366434f4e3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1213	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=afc8ee01-8760-4540-a6d4-f6366434f4e3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1212	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=afc8ee01-8760-4540-a6d4-f6366434f4e3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1211	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=afc8ee01-8760-4540-a6d4-f6366434f4e3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1210	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=afc8ee01-8760-4540-a6d4-f6366434f4e3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1209	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=afc8ee01-8760-4540-a6d4-f6366434f4e3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1208	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0389ae86-7818-4f8d-a9e9-2a27736872eb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=21765805-aef4-4be6-b2c3-976f7136da0c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1207	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0389ae86-7818-4f8d-a9e9-2a27736872eb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1206	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0389ae86-7818-4f8d-a9e9-2a27736872eb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1205	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0389ae86-7818-4f8d-a9e9-2a27736872eb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1204	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0389ae86-7818-4f8d-a9e9-2a27736872eb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1203	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0389ae86-7818-4f8d-a9e9-2a27736872eb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1202	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0389ae86-7818-4f8d-a9e9-2a27736872eb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1201	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=193b0977-a08d-46be-a098-86b0bcee8f0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d3bed865-8778-44dc-8031-b5224d61da24 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1200	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:13:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=48938b92-7f35-499a-b24e-ce3ecc16449b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion=5.1.14393.1944 RunspaceId=c6e03164-eefe-4eef-9dd2-8fae5374e90a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1199	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=48938b92-7f35-499a-b24e-ce3ecc16449b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion=5.1.14393.1944 RunspaceId=c6e03164-eefe-4eef-9dd2-8fae5374e90a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1198	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=48938b92-7f35-499a-b24e-ce3ecc16449b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1197	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=48938b92-7f35-499a-b24e-ce3ecc16449b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1196	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=48938b92-7f35-499a-b24e-ce3ecc16449b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1195	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=48938b92-7f35-499a-b24e-ce3ecc16449b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1194	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=48938b92-7f35-499a-b24e-ce3ecc16449b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1193	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=48938b92-7f35-499a-b24e-ce3ecc16449b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1192	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=afea10ad-6603-4e0d-81cb-1421c2078ed9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c83c39ff-83bf-4bda-b9c7-4a60a66effe3 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1191	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=afea10ad-6603-4e0d-81cb-1421c2078ed9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c83c39ff-83bf-4bda-b9c7-4a60a66effe3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1190	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=afea10ad-6603-4e0d-81cb-1421c2078ed9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1189	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=afea10ad-6603-4e0d-81cb-1421c2078ed9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1188	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=afea10ad-6603-4e0d-81cb-1421c2078ed9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1187	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=afea10ad-6603-4e0d-81cb-1421c2078ed9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1186	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=afea10ad-6603-4e0d-81cb-1421c2078ed9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1185	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=afea10ad-6603-4e0d-81cb-1421c2078ed9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1184	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=afea10ad-6603-4e0d-81cb-1421c2078ed9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1183	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=afea10ad-6603-4e0d-81cb-1421c2078ed9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1182	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=193b0977-a08d-46be-a098-86b0bcee8f0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d3bed865-8778-44dc-8031-b5224d61da24 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1181	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=193b0977-a08d-46be-a098-86b0bcee8f0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1180	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=193b0977-a08d-46be-a098-86b0bcee8f0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1179	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=193b0977-a08d-46be-a098-86b0bcee8f0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1178	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=193b0977-a08d-46be-a098-86b0bcee8f0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1177	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=193b0977-a08d-46be-a098-86b0bcee8f0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1176	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=193b0977-a08d-46be-a098-86b0bcee8f0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1175	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7dfda0ed-4a04-4b13-a1e1-f836a2b55090 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=59696488-96bc-40cd-aee8-ef2b9b35f6fb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1174	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa8c86ba-56ad-4d28-92d3-29bd6ad4877d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2b30d12a-85e5-49e9-ae6c-e2c68ed31049 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $webclient_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } }"	800		0	4	8		36028797018963968	1173	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa8c86ba-56ad-4d28-92d3-29bd6ad4877d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2b30d12a-85e5-49e9-ae6c-e2c68ed31049 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1172	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa8c86ba-56ad-4d28-92d3-29bd6ad4877d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1171	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa8c86ba-56ad-4d28-92d3-29bd6ad4877d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1170	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa8c86ba-56ad-4d28-92d3-29bd6ad4877d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1169	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa8c86ba-56ad-4d28-92d3-29bd6ad4877d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1168	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa8c86ba-56ad-4d28-92d3-29bd6ad4877d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1167	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa8c86ba-56ad-4d28-92d3-29bd6ad4877d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1166	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa8c86ba-56ad-4d28-92d3-29bd6ad4877d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1165	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa8c86ba-56ad-4d28-92d3-29bd6ad4877d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1164	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7dfda0ed-4a04-4b13-a1e1-f836a2b55090 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=59696488-96bc-40cd-aee8-ef2b9b35f6fb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1163	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7dfda0ed-4a04-4b13-a1e1-f836a2b55090 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1162	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7dfda0ed-4a04-4b13-a1e1-f836a2b55090 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1161	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7dfda0ed-4a04-4b13-a1e1-f836a2b55090 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1160	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7dfda0ed-4a04-4b13-a1e1-f836a2b55090 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1159	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7dfda0ed-4a04-4b13-a1e1-f836a2b55090 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1158	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7dfda0ed-4a04-4b13-a1e1-f836a2b55090 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1157	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aab25efc-0d3c-4421-9ffa-dd2826d33fa5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b5426f69-c5b1-4208-b90a-bcc1a7eaa7a7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1156	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ab69a1fb-b2e6-4739-8029-5e239860cddc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5d2c65d4-abf8-43ee-b6b6-38a560792c25 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1155	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ab69a1fb-b2e6-4739-8029-5e239860cddc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1154	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ab69a1fb-b2e6-4739-8029-5e239860cddc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1153	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ab69a1fb-b2e6-4739-8029-5e239860cddc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1152	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ab69a1fb-b2e6-4739-8029-5e239860cddc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1151	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ab69a1fb-b2e6-4739-8029-5e239860cddc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1150	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ab69a1fb-b2e6-4739-8029-5e239860cddc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1149	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ab69a1fb-b2e6-4739-8029-5e239860cddc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1148	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ab69a1fb-b2e6-4739-8029-5e239860cddc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1147	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aab25efc-0d3c-4421-9ffa-dd2826d33fa5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b5426f69-c5b1-4208-b90a-bcc1a7eaa7a7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1146	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aab25efc-0d3c-4421-9ffa-dd2826d33fa5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1145	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aab25efc-0d3c-4421-9ffa-dd2826d33fa5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1144	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aab25efc-0d3c-4421-9ffa-dd2826d33fa5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1143	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aab25efc-0d3c-4421-9ffa-dd2826d33fa5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1142	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aab25efc-0d3c-4421-9ffa-dd2826d33fa5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1141	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aab25efc-0d3c-4421-9ffa-dd2826d33fa5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1140	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1e53fa0-2970-40b1-a6f1-1cd7fd15a5ba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB4AEEARABRAEEATQB3AEEAdQBBAEQAUQBBAE8AUQBBAHQAQQBEAFEAQQBNAHcAQQAwAEEARABJAEEATgBRAEEANABBAEQAVQBBAE4AZwBBADQAQQBEAGsAQQBPAFEAQQB6AEEARABJAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=a88cb4aa-1cfe-4614-9bac-7f30ce229ee8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1139	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0fafd3ba-7a11-4375-b0c1-9dcb7c43cb38 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADQAMwAuADQAOQAtADQAMwA0ADIANQA4ADUANgA4ADkAOQAzADIAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=5ca7d07b-f4b2-425a-b5a3-c3974a613bb4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1138	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0fafd3ba-7a11-4375-b0c1-9dcb7c43cb38 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADQAMwAuADQAOQAtADQAMwA0ADIANQA4ADUANgA4ADkAOQAzADIAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=5ca7d07b-f4b2-425a-b5a3-c3974a613bb4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1137	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0fafd3ba-7a11-4375-b0c1-9dcb7c43cb38 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADQAMwAuADQAOQAtADQAMwA0ADIANQA4ADUANgA4ADkAOQAzADIAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1136	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0fafd3ba-7a11-4375-b0c1-9dcb7c43cb38 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADQAMwAuADQAOQAtADQAMwA0ADIANQA4ADUANgA4ADkAOQAzADIAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1135	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0fafd3ba-7a11-4375-b0c1-9dcb7c43cb38 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADQAMwAuADQAOQAtADQAMwA0ADIANQA4ADUANgA4ADkAOQAzADIAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1134	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0fafd3ba-7a11-4375-b0c1-9dcb7c43cb38 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADQAMwAuADQAOQAtADQAMwA0ADIANQA4ADUANgA4ADkAOQAzADIAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1133	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0fafd3ba-7a11-4375-b0c1-9dcb7c43cb38 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADQAMwAuADQAOQAtADQAMwA0ADIANQA4ADUANgA4ADkAOQAzADIAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1132	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0fafd3ba-7a11-4375-b0c1-9dcb7c43cb38 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADQAMwAuADQAOQAtADQAMwA0ADIANQA4ADUANgA4ADkAOQAzADIAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1131	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1e53fa0-2970-40b1-a6f1-1cd7fd15a5ba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB4AEEARABRAEEATQB3AEEAdQBBAEQAUQBBAE8AUQBBAHQAQQBEAFEAQQBNAHcAQQAwAEEARABJAEEATgBRAEEANABBAEQAVQBBAE4AZwBBADQAQQBEAGsAQQBPAFEAQQB6AEEARABJAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=a88cb4aa-1cfe-4614-9bac-7f30ce229ee8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1130	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1e53fa0-2970-40b1-a6f1-1cd7fd15a5ba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB4AEEARABRAEEATQB3AEEAdQBBAEQAUQBBAE8AUQBBAHQAQQBEAFEAQQBNAHcAQQAwAEEARABJAEEATgBRAEEANABBAEQAVQBBAE4AZwBBADQAQQBEAGsAQQBPAFEAQQB6AEEARABJAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1129	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1e53fa0-2970-40b1-a6f1-1cd7fd15a5ba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB4AEEARABRAEEATQB3AEEAdQBBAEQAUQBBAE8AUQBBAHQAQQBEAFEAQQBNAHcAQQAwAEEARABJAEEATgBRAEEANABBAEQAVQBBAE4AZwBBADQAQQBEAGsAQQBPAFEAQQB6AEEARABJAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1128	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1e53fa0-2970-40b1-a6f1-1cd7fd15a5ba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB4AEEARABRAEEATQB3AEEAdQBBAEQAUQBBAE8AUQBBAHQAQQBEAFEAQQBNAHcAQQAwAEEARABJAEEATgBRAEEANABBAEQAVQBBAE4AZwBBADQAQQBEAGsAQQBPAFEAQQB6AEEARABJAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1127	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1e53fa0-2970-40b1-a6f1-1cd7fd15a5ba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB4AEEARABRAEEATQB3AEEAdQBBAEQAUQBBAE8AUQBBAHQAQQBEAFEAQQBNAHcAQQAwAEEARABJAEEATgBRAEEANABBAEQAVQBBAE4AZwBBADQAQQBEAGsAQQBPAFEAQQB6AEEARABJAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1126	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1e53fa0-2970-40b1-a6f1-1cd7fd15a5ba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB4AEEARABRAEEATQB3AEEAdQBBAEQAUQBBAE8AUQBBAHQAQQBEAFEAQQBNAHcAQQAwAEEARABJAEEATgBRAEEANABBAEQAVQBBAE4AZwBBADQAQQBEAGsAQQBPAFEAQQB6AEEARABJAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1125	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1e53fa0-2970-40b1-a6f1-1cd7fd15a5ba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB4AEEARABRAEEATQB3AEEAdQBBAEQAUQBBAE8AUQBBAHQAQQBEAFEAQQBNAHcAQQAwAEEARABJAEEATgBRAEEANABBAEQAVQBBAE4AZwBBADQAQQBEAGsAQQBPAFEAQQB6AEEARABJAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1124	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=96990bb8-730f-49cc-a5d3-48b18f266ed1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4c141d55-bfe1-4cfa-aab1-955c5f8cdf89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1123	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fa730f64-57e7-42cb-94c3-d2822318c5bb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=581d2b78-89fa-425f-90c6-6252d6ea8b78 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1122	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fa730f64-57e7-42cb-94c3-d2822318c5bb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1121	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fa730f64-57e7-42cb-94c3-d2822318c5bb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1120	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fa730f64-57e7-42cb-94c3-d2822318c5bb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1119	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fa730f64-57e7-42cb-94c3-d2822318c5bb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1118	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fa730f64-57e7-42cb-94c3-d2822318c5bb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1117	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fa730f64-57e7-42cb-94c3-d2822318c5bb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1116	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fa730f64-57e7-42cb-94c3-d2822318c5bb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1115	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fa730f64-57e7-42cb-94c3-d2822318c5bb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1114	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=96990bb8-730f-49cc-a5d3-48b18f266ed1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4c141d55-bfe1-4cfa-aab1-955c5f8cdf89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1113	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=96990bb8-730f-49cc-a5d3-48b18f266ed1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1112	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=96990bb8-730f-49cc-a5d3-48b18f266ed1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1111	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=96990bb8-730f-49cc-a5d3-48b18f266ed1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1110	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=96990bb8-730f-49cc-a5d3-48b18f266ed1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1109	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=96990bb8-730f-49cc-a5d3-48b18f266ed1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1108	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=96990bb8-730f-49cc-a5d3-48b18f266ed1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1107	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=af23ebac-270d-4e81-a952-8ab101c27c64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADQAMwAuADQAOQAtADQAMwA0ADIANQA4ADUANgA4ADkAOQAzADIAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=502c70db-9409-4066-8a8d-7a1afd4c2631 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1106	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=af23ebac-270d-4e81-a952-8ab101c27c64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADQAMwAuADQAOQAtADQAMwA0ADIANQA4ADUANgA4ADkAOQAzADIAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=502c70db-9409-4066-8a8d-7a1afd4c2631 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1105	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=af23ebac-270d-4e81-a952-8ab101c27c64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADQAMwAuADQAOQAtADQAMwA0ADIANQA4ADUANgA4ADkAOQAzADIAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1104	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=af23ebac-270d-4e81-a952-8ab101c27c64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADQAMwAuADQAOQAtADQAMwA0ADIANQA4ADUANgA4ADkAOQAzADIAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1103	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=af23ebac-270d-4e81-a952-8ab101c27c64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADQAMwAuADQAOQAtADQAMwA0ADIANQA4ADUANgA4ADkAOQAzADIAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1102	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=af23ebac-270d-4e81-a952-8ab101c27c64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADQAMwAuADQAOQAtADQAMwA0ADIANQA4ADUANgA4ADkAOQAzADIAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1101	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=af23ebac-270d-4e81-a952-8ab101c27c64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADQAMwAuADQAOQAtADQAMwA0ADIANQA4ADUANgA4ADkAOQAzADIAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1100	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=af23ebac-270d-4e81-a952-8ab101c27c64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADQAMwAuADQAOQAtADQAMwA0ADIANQA4ADUANgA4ADkAOQAzADIAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1099	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6c83eb2-5b44-435c-8853-2a0d9236c757 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEUAQQBOAEEAQQB6AEEAQwA0AEEATgBBAEEANQBBAEMAMABBAE4AQQBBAHoAQQBEAFEAQQBNAGcAQQAxAEEARABnAEEATgBRAEEAMgBBAEQAZwBBAE8AUQBBADUAQQBEAE0AQQBNAGcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=cfeed219-67c3-41f2-b8d6-90f1d9a9a2cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1098	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ee4b469e-9983-4c07-a337-19a48ae8221a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADEANAAzAC4ANAA5AC0ANAAzADQAMgA1ADgANQA2ADgAOQA5ADMAMgAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=1c25e9ac-13da-46fd-af30-cde2d0c5a56c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1097	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ee4b469e-9983-4c07-a337-19a48ae8221a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADEANAAzAC4ANAA5AC0ANAAzADQAMgA1ADgANQA2ADgAOQA5ADMAMgAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=1c25e9ac-13da-46fd-af30-cde2d0c5a56c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1096	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ee4b469e-9983-4c07-a337-19a48ae8221a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADEANAAzAC4ANAA5AC0ANAAzADQAMgA1ADgANQA2ADgAOQA5ADMAMgAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1095	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ee4b469e-9983-4c07-a337-19a48ae8221a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADEANAAzAC4ANAA5AC0ANAAzADQAMgA1ADgANQA2ADgAOQA5ADMAMgAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1094	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ee4b469e-9983-4c07-a337-19a48ae8221a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADEANAAzAC4ANAA5AC0ANAAzADQAMgA1ADgANQA2ADgAOQA5ADMAMgAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1093	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ee4b469e-9983-4c07-a337-19a48ae8221a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADEANAAzAC4ANAA5AC0ANAAzADQAMgA1ADgANQA2ADgAOQA5ADMAMgAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1092	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ee4b469e-9983-4c07-a337-19a48ae8221a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADEANAAzAC4ANAA5AC0ANAAzADQAMgA1ADgANQA2ADgAOQA5ADMAMgAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1091	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ee4b469e-9983-4c07-a337-19a48ae8221a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADEANAAzAC4ANAA5AC0ANAAzADQAMgA1ADgANQA2ADgAOQA5ADMAMgAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1090	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6c83eb2-5b44-435c-8853-2a0d9236c757 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEUAQQBOAEEAQQB6AEEAQwA0AEEATgBBAEEANQBBAEMAMABBAE4AQQBBAHoAQQBEAFEAQQBNAGcAQQAxAEEARABnAEEATgBRAEEAMgBBAEQAZwBBAE8AUQBBADUAQQBEAE0AQQBNAGcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=cfeed219-67c3-41f2-b8d6-90f1d9a9a2cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1089	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6c83eb2-5b44-435c-8853-2a0d9236c757 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEUAQQBOAEEAQQB6AEEAQwA0AEEATgBBAEEANQBBAEMAMABBAE4AQQBBAHoAQQBEAFEAQQBNAGcAQQAxAEEARABnAEEATgBRAEEAMgBBAEQAZwBBAE8AUQBBADUAQQBEAE0AQQBNAGcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1088	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6c83eb2-5b44-435c-8853-2a0d9236c757 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEUAQQBOAEEAQQB6AEEAQwA0AEEATgBBAEEANQBBAEMAMABBAE4AQQBBAHoAQQBEAFEAQQBNAGcAQQAxAEEARABnAEEATgBRAEEAMgBBAEQAZwBBAE8AUQBBADUAQQBEAE0AQQBNAGcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1087	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6c83eb2-5b44-435c-8853-2a0d9236c757 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEUAQQBOAEEAQQB6AEEAQwA0AEEATgBBAEEANQBBAEMAMABBAE4AQQBBAHoAQQBEAFEAQQBNAGcAQQAxAEEARABnAEEATgBRAEEAMgBBAEQAZwBBAE8AUQBBADUAQQBEAE0AQQBNAGcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1086	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6c83eb2-5b44-435c-8853-2a0d9236c757 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEUAQQBOAEEAQQB6AEEAQwA0AEEATgBBAEEANQBBAEMAMABBAE4AQQBBAHoAQQBEAFEAQQBNAGcAQQAxAEEARABnAEEATgBRAEEAMgBBAEQAZwBBAE8AUQBBADUAQQBEAE0AQQBNAGcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1085	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6c83eb2-5b44-435c-8853-2a0d9236c757 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEUAQQBOAEEAQQB6AEEAQwA0AEEATgBBAEEANQBBAEMAMABBAE4AQQBBAHoAQQBEAFEAQQBNAGcAQQAxAEEARABnAEEATgBRAEEAMgBBAEQAZwBBAE8AUQBBADUAQQBEAE0AQQBNAGcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1084	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6c83eb2-5b44-435c-8853-2a0d9236c757 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEUAQQBOAEEAQQB6AEEAQwA0AEEATgBBAEEANQBBAEMAMABBAE4AQQBBAHoAQQBEAFEAQQBNAGcAQQAxAEEARABnAEEATgBRAEEAMgBBAEQAZwBBAE8AUQBBADUAQQBEAE0AQQBNAGcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1083	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=71e94e56-687e-4e6b-a0e2-cd7f2482ba45 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=0475f183-dc82-4c66-ba16-142d080da4a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1082	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3ae1904d-16b1-4411-bb21-08b6a1b94afa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b19e222e-17e2-4c6e-a223-599815aad7e8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1081	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3ae1904d-16b1-4411-bb21-08b6a1b94afa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1080	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3ae1904d-16b1-4411-bb21-08b6a1b94afa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1079	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3ae1904d-16b1-4411-bb21-08b6a1b94afa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1078	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3ae1904d-16b1-4411-bb21-08b6a1b94afa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1077	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3ae1904d-16b1-4411-bb21-08b6a1b94afa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1076	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3ae1904d-16b1-4411-bb21-08b6a1b94afa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1075	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3ae1904d-16b1-4411-bb21-08b6a1b94afa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1074	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3ae1904d-16b1-4411-bb21-08b6a1b94afa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1073	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=71e94e56-687e-4e6b-a0e2-cd7f2482ba45 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=0475f183-dc82-4c66-ba16-142d080da4a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1072	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=71e94e56-687e-4e6b-a0e2-cd7f2482ba45 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1071	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=71e94e56-687e-4e6b-a0e2-cd7f2482ba45 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1070	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=71e94e56-687e-4e6b-a0e2-cd7f2482ba45 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1069	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=71e94e56-687e-4e6b-a0e2-cd7f2482ba45 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1068	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=71e94e56-687e-4e6b-a0e2-cd7f2482ba45 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1067	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=71e94e56-687e-4e6b-a0e2-cd7f2482ba45 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1066	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ab5c2d57-e185-4929-8add-551ea78718c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ac72117a-4f55-4105-b23a-ec3da83ec61a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1065	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=421e8ed3-3b5a-48f0-b0f5-7efb07714644 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA= EngineVersion=5.1.14393.1944 RunspaceId=2b17bcd9-412b-44c0-adb7-1e5d93ac8f87 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1064	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=421e8ed3-3b5a-48f0-b0f5-7efb07714644 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA= EngineVersion=5.1.14393.1944 RunspaceId=2b17bcd9-412b-44c0-adb7-1e5d93ac8f87 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1063	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=421e8ed3-3b5a-48f0-b0f5-7efb07714644 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1062	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=421e8ed3-3b5a-48f0-b0f5-7efb07714644 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1061	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=421e8ed3-3b5a-48f0-b0f5-7efb07714644 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1060	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=421e8ed3-3b5a-48f0-b0f5-7efb07714644 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1059	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=421e8ed3-3b5a-48f0-b0f5-7efb07714644 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1058	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=421e8ed3-3b5a-48f0-b0f5-7efb07714644 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1057	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1907800-2f04-4248-aec3-16ca6c96d1e9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=36227fa6-47e5-43ee-847e-71f4f74f9e66 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1056	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1907800-2f04-4248-aec3-16ca6c96d1e9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=36227fa6-47e5-43ee-847e-71f4f74f9e66 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1055	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1907800-2f04-4248-aec3-16ca6c96d1e9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1054	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1907800-2f04-4248-aec3-16ca6c96d1e9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1053	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1907800-2f04-4248-aec3-16ca6c96d1e9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1052	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1907800-2f04-4248-aec3-16ca6c96d1e9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1051	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1907800-2f04-4248-aec3-16ca6c96d1e9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1050	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1907800-2f04-4248-aec3-16ca6c96d1e9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1049	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1907800-2f04-4248-aec3-16ca6c96d1e9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1048	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1907800-2f04-4248-aec3-16ca6c96d1e9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1047	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ab5c2d57-e185-4929-8add-551ea78718c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ac72117a-4f55-4105-b23a-ec3da83ec61a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1046	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ab5c2d57-e185-4929-8add-551ea78718c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1045	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ab5c2d57-e185-4929-8add-551ea78718c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1044	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ab5c2d57-e185-4929-8add-551ea78718c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1043	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ab5c2d57-e185-4929-8add-551ea78718c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1042	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ab5c2d57-e185-4929-8add-551ea78718c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1041	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ab5c2d57-e185-4929-8add-551ea78718c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1040	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90419f66-fd0c-4e98-83a4-5f5309a6987f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB4AEEARABFAEEATwBBAEEAdQBBAEQAQQBBAE8AQQBBAHQAQQBEAFUAQQBNAFEAQQB5AEEARABBAEEATQBnAEEAeQBBAEQAYwBBAE4AQQBBADMAQQBEAFEAQQBOAFEAQQB4AEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=584c9d1a-af1b-4fe8-930e-f1cd7ada3208 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1039	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=968f9afc-0a6c-425d-80bd-d3962ce3ee83 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADEAOAAuADAAOAAtADUAMQAyADAAMgAyADcANAA3ADQANQAxADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=4ef75d53-aefe-43ae-b7cd-36dc84be43b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1038	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=968f9afc-0a6c-425d-80bd-d3962ce3ee83 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADEAOAAuADAAOAAtADUAMQAyADAAMgAyADcANAA3ADQANQAxADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=4ef75d53-aefe-43ae-b7cd-36dc84be43b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1037	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=968f9afc-0a6c-425d-80bd-d3962ce3ee83 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADEAOAAuADAAOAAtADUAMQAyADAAMgAyADcANAA3ADQANQAxADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1036	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=968f9afc-0a6c-425d-80bd-d3962ce3ee83 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADEAOAAuADAAOAAtADUAMQAyADAAMgAyADcANAA3ADQANQAxADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1035	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=968f9afc-0a6c-425d-80bd-d3962ce3ee83 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADEAOAAuADAAOAAtADUAMQAyADAAMgAyADcANAA3ADQANQAxADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1034	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=968f9afc-0a6c-425d-80bd-d3962ce3ee83 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADEAOAAuADAAOAAtADUAMQAyADAAMgAyADcANAA3ADQANQAxADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1033	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=968f9afc-0a6c-425d-80bd-d3962ce3ee83 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADEAOAAuADAAOAAtADUAMQAyADAAMgAyADcANAA3ADQANQAxADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1032	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=968f9afc-0a6c-425d-80bd-d3962ce3ee83 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADEAOAAuADAAOAAtADUAMQAyADAAMgAyADcANAA3ADQANQAxADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1031	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90419f66-fd0c-4e98-83a4-5f5309a6987f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB4AEEARABFAEEATwBBAEEAdQBBAEQAQQBBAE8AQQBBAHQAQQBEAFUAQQBNAFEAQQB5AEEARABBAEEATQBnAEEAeQBBAEQAYwBBAE4AQQBBADMAQQBEAFEAQQBOAFEAQQB4AEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=584c9d1a-af1b-4fe8-930e-f1cd7ada3208 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1030	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90419f66-fd0c-4e98-83a4-5f5309a6987f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB4AEEARABFAEEATwBBAEEAdQBBAEQAQQBBAE8AQQBBAHQAQQBEAFUAQQBNAFEAQQB5AEEARABBAEEATQBnAEEAeQBBAEQAYwBBAE4AQQBBADMAQQBEAFEAQQBOAFEAQQB4AEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1029	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90419f66-fd0c-4e98-83a4-5f5309a6987f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB4AEEARABFAEEATwBBAEEAdQBBAEQAQQBBAE8AQQBBAHQAQQBEAFUAQQBNAFEAQQB5AEEARABBAEEATQBnAEEAeQBBAEQAYwBBAE4AQQBBADMAQQBEAFEAQQBOAFEAQQB4AEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1028	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90419f66-fd0c-4e98-83a4-5f5309a6987f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB4AEEARABFAEEATwBBAEEAdQBBAEQAQQBBAE8AQQBBAHQAQQBEAFUAQQBNAFEAQQB5AEEARABBAEEATQBnAEEAeQBBAEQAYwBBAE4AQQBBADMAQQBEAFEAQQBOAFEAQQB4AEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1027	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90419f66-fd0c-4e98-83a4-5f5309a6987f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB4AEEARABFAEEATwBBAEEAdQBBAEQAQQBBAE8AQQBBAHQAQQBEAFUAQQBNAFEAQQB5AEEARABBAEEATQBnAEEAeQBBAEQAYwBBAE4AQQBBADMAQQBEAFEAQQBOAFEAQQB4AEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1026	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90419f66-fd0c-4e98-83a4-5f5309a6987f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB4AEEARABFAEEATwBBAEEAdQBBAEQAQQBBAE8AQQBBAHQAQQBEAFUAQQBNAFEAQQB5AEEARABBAEEATQBnAEEAeQBBAEQAYwBBAE4AQQBBADMAQQBEAFEAQQBOAFEAQQB4AEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1025	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90419f66-fd0c-4e98-83a4-5f5309a6987f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB4AEEARABFAEEATwBBAEEAdQBBAEQAQQBBAE8AQQBBAHQAQQBEAFUAQQBNAFEAQQB5AEEARABBAEEATQBnAEEAeQBBAEQAYwBBAE4AQQBBADMAQQBEAFEAQQBOAFEAQQB4AEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1024	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1283f05e-5e8b-469e-9e98-8f40b1a14638 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=66e7da7c-6961-4b37-868b-6b506229b74e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1023	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dc2fdc7d-19c7-44c5-a1f0-374549cce54d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=42e13aa3-8d7f-423c-ad3c-c9fa90eef00f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1022	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dc2fdc7d-19c7-44c5-a1f0-374549cce54d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1021	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dc2fdc7d-19c7-44c5-a1f0-374549cce54d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1020	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dc2fdc7d-19c7-44c5-a1f0-374549cce54d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1019	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dc2fdc7d-19c7-44c5-a1f0-374549cce54d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1018	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dc2fdc7d-19c7-44c5-a1f0-374549cce54d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1017	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dc2fdc7d-19c7-44c5-a1f0-374549cce54d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1016	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dc2fdc7d-19c7-44c5-a1f0-374549cce54d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1015	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dc2fdc7d-19c7-44c5-a1f0-374549cce54d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1014	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:12:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1283f05e-5e8b-469e-9e98-8f40b1a14638 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=66e7da7c-6961-4b37-868b-6b506229b74e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1013	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1283f05e-5e8b-469e-9e98-8f40b1a14638 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1012	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1283f05e-5e8b-469e-9e98-8f40b1a14638 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1011	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1283f05e-5e8b-469e-9e98-8f40b1a14638 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1010	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1283f05e-5e8b-469e-9e98-8f40b1a14638 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1009	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1283f05e-5e8b-469e-9e98-8f40b1a14638 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1008	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1283f05e-5e8b-469e-9e98-8f40b1a14638 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1007	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a9c5e1fb-a720-46aa-9cbb-aeaff4ff4d78 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADEAOAAuADAAOAAtADUAMQAyADAAMgAyADcANAA3ADQANQAxADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=0d9a7cad-c750-45ea-9fed-00fe2deeda52 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1006	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a9c5e1fb-a720-46aa-9cbb-aeaff4ff4d78 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADEAOAAuADAAOAAtADUAMQAyADAAMgAyADcANAA3ADQANQAxADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=0d9a7cad-c750-45ea-9fed-00fe2deeda52 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1005	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a9c5e1fb-a720-46aa-9cbb-aeaff4ff4d78 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADEAOAAuADAAOAAtADUAMQAyADAAMgAyADcANAA3ADQANQAxADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1004	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a9c5e1fb-a720-46aa-9cbb-aeaff4ff4d78 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADEAOAAuADAAOAAtADUAMQAyADAAMgAyADcANAA3ADQANQAxADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1003	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a9c5e1fb-a720-46aa-9cbb-aeaff4ff4d78 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADEAOAAuADAAOAAtADUAMQAyADAAMgAyADcANAA3ADQANQAxADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1002	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a9c5e1fb-a720-46aa-9cbb-aeaff4ff4d78 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADEAOAAuADAAOAAtADUAMQAyADAAMgAyADcANAA3ADQANQAxADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1001	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a9c5e1fb-a720-46aa-9cbb-aeaff4ff4d78 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADEAOAAuADAAOAAtADUAMQAyADAAMgAyADcANAA3ADQANQAxADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1000	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a9c5e1fb-a720-46aa-9cbb-aeaff4ff4d78 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAxADEAOAAuADAAOAAtADUAMQAyADAAMgAyADcANAA3ADQANQAxADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	999	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9ebb7741-0017-4feb-a2c2-beb431b3c576 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEUAQQBNAFEAQQA0AEEAQwA0AEEATQBBAEEANABBAEMAMABBAE4AUQBBAHgAQQBEAEkAQQBNAEEAQQB5AEEARABJAEEATgB3AEEAMABBAEQAYwBBAE4AQQBBADEAQQBEAEUAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=0068ffc3-8bcd-48e8-86d5-e2579241a5df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	998	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=941052c6-0e41-4587-b403-2a9a933f4c0a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADEAMQA4AC4AMAA4AC0ANQAxADIAMAAyADIANwA0ADcANAA1ADEANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=e8386461-9cc4-4d86-96c6-78779cd5f6fa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	997	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=941052c6-0e41-4587-b403-2a9a933f4c0a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADEAMQA4AC4AMAA4AC0ANQAxADIAMAAyADIANwA0ADcANAA1ADEANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=e8386461-9cc4-4d86-96c6-78779cd5f6fa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	996	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=941052c6-0e41-4587-b403-2a9a933f4c0a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADEAMQA4AC4AMAA4AC0ANQAxADIAMAAyADIANwA0ADcANAA1ADEANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	995	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=941052c6-0e41-4587-b403-2a9a933f4c0a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADEAMQA4AC4AMAA4AC0ANQAxADIAMAAyADIANwA0ADcANAA1ADEANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	994	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=941052c6-0e41-4587-b403-2a9a933f4c0a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADEAMQA4AC4AMAA4AC0ANQAxADIAMAAyADIANwA0ADcANAA1ADEANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	993	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=941052c6-0e41-4587-b403-2a9a933f4c0a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADEAMQA4AC4AMAA4AC0ANQAxADIAMAAyADIANwA0ADcANAA1ADEANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	992	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=941052c6-0e41-4587-b403-2a9a933f4c0a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADEAMQA4AC4AMAA4AC0ANQAxADIAMAAyADIANwA0ADcANAA1ADEANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	991	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=941052c6-0e41-4587-b403-2a9a933f4c0a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADEAMQA4AC4AMAA4AC0ANQAxADIAMAAyADIANwA0ADcANAA1ADEANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	990	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9ebb7741-0017-4feb-a2c2-beb431b3c576 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEUAQQBNAFEAQQA0AEEAQwA0AEEATQBBAEEANABBAEMAMABBAE4AUQBBAHgAQQBEAEkAQQBNAEEAQQB5AEEARABJAEEATgB3AEEAMABBAEQAYwBBAE4AQQBBADEAQQBEAEUAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=0068ffc3-8bcd-48e8-86d5-e2579241a5df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	989	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9ebb7741-0017-4feb-a2c2-beb431b3c576 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEUAQQBNAFEAQQA0AEEAQwA0AEEATQBBAEEANABBAEMAMABBAE4AUQBBAHgAQQBEAEkAQQBNAEEAQQB5AEEARABJAEEATgB3AEEAMABBAEQAYwBBAE4AQQBBADEAQQBEAEUAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	988	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9ebb7741-0017-4feb-a2c2-beb431b3c576 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEUAQQBNAFEAQQA0AEEAQwA0AEEATQBBAEEANABBAEMAMABBAE4AUQBBAHgAQQBEAEkAQQBNAEEAQQB5AEEARABJAEEATgB3AEEAMABBAEQAYwBBAE4AQQBBADEAQQBEAEUAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	987	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9ebb7741-0017-4feb-a2c2-beb431b3c576 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEUAQQBNAFEAQQA0AEEAQwA0AEEATQBBAEEANABBAEMAMABBAE4AUQBBAHgAQQBEAEkAQQBNAEEAQQB5AEEARABJAEEATgB3AEEAMABBAEQAYwBBAE4AQQBBADEAQQBEAEUAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	986	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9ebb7741-0017-4feb-a2c2-beb431b3c576 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEUAQQBNAFEAQQA0AEEAQwA0AEEATQBBAEEANABBAEMAMABBAE4AUQBBAHgAQQBEAEkAQQBNAEEAQQB5AEEARABJAEEATgB3AEEAMABBAEQAYwBBAE4AQQBBADEAQQBEAEUAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	985	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9ebb7741-0017-4feb-a2c2-beb431b3c576 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEUAQQBNAFEAQQA0AEEAQwA0AEEATQBBAEEANABBAEMAMABBAE4AUQBBAHgAQQBEAEkAQQBNAEEAQQB5AEEARABJAEEATgB3AEEAMABBAEQAYwBBAE4AQQBBADEAQQBEAEUAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	984	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9ebb7741-0017-4feb-a2c2-beb431b3c576 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEUAQQBNAFEAQQA0AEEAQwA0AEEATQBBAEEANABBAEMAMABBAE4AUQBBAHgAQQBEAEkAQQBNAEEAQQB5AEEARABJAEEATgB3AEEAMABBAEQAYwBBAE4AQQBBADEAQQBEAEUAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	983	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5a3aca54-2b69-433e-b474-18474e401383 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e7b19dd4-41e9-44ea-93ff-a1a2675b0ef5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	982	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c2554fe0-2d4b-47e1-b8de-78b44fd6948b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=52df845b-a59b-4281-b602-c10ec3dc5458 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	981	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c2554fe0-2d4b-47e1-b8de-78b44fd6948b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	980	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c2554fe0-2d4b-47e1-b8de-78b44fd6948b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	979	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c2554fe0-2d4b-47e1-b8de-78b44fd6948b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	978	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c2554fe0-2d4b-47e1-b8de-78b44fd6948b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	977	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c2554fe0-2d4b-47e1-b8de-78b44fd6948b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	976	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c2554fe0-2d4b-47e1-b8de-78b44fd6948b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	975	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c2554fe0-2d4b-47e1-b8de-78b44fd6948b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	974	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c2554fe0-2d4b-47e1-b8de-78b44fd6948b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	973	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5a3aca54-2b69-433e-b474-18474e401383 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e7b19dd4-41e9-44ea-93ff-a1a2675b0ef5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	972	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5a3aca54-2b69-433e-b474-18474e401383 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	971	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5a3aca54-2b69-433e-b474-18474e401383 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	970	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5a3aca54-2b69-433e-b474-18474e401383 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	969	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5a3aca54-2b69-433e-b474-18474e401383 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	968	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5a3aca54-2b69-433e-b474-18474e401383 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	967	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5a3aca54-2b69-433e-b474-18474e401383 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	966	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d5c214fb-55d5-445c-b030-0abde1549364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b5c27244-5872-481a-b63f-04156be5b51a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	965	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=ce39801a-d4d6-42ea-9715-69473ac98e10 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e38e774a-341f-453d-a89b-71a748034a06 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $webclient_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } }"	800		0	4	8		36028797018963968	964	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ce39801a-d4d6-42ea-9715-69473ac98e10 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e38e774a-341f-453d-a89b-71a748034a06 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	963	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ce39801a-d4d6-42ea-9715-69473ac98e10 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	962	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ce39801a-d4d6-42ea-9715-69473ac98e10 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	961	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ce39801a-d4d6-42ea-9715-69473ac98e10 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	960	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ce39801a-d4d6-42ea-9715-69473ac98e10 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	959	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ce39801a-d4d6-42ea-9715-69473ac98e10 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	958	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ce39801a-d4d6-42ea-9715-69473ac98e10 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	957	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ce39801a-d4d6-42ea-9715-69473ac98e10 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	956	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ce39801a-d4d6-42ea-9715-69473ac98e10 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	955	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d5c214fb-55d5-445c-b030-0abde1549364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b5c27244-5872-481a-b63f-04156be5b51a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	954	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d5c214fb-55d5-445c-b030-0abde1549364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	953	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d5c214fb-55d5-445c-b030-0abde1549364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	952	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d5c214fb-55d5-445c-b030-0abde1549364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	951	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d5c214fb-55d5-445c-b030-0abde1549364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	950	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d5c214fb-55d5-445c-b030-0abde1549364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	949	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d5c214fb-55d5-445c-b030-0abde1549364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	948	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b328807e-2797-4d69-a06a-828c9a7a56ed HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f7759d41-e08c-41b6-9645-d7b581fdc4ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	947	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=598a1dc6-dc46-4e22-b669-734b490e703c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=679caa17-6d6b-44d7-9930-51386fa962b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	946	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=598a1dc6-dc46-4e22-b669-734b490e703c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	945	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=598a1dc6-dc46-4e22-b669-734b490e703c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	944	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=598a1dc6-dc46-4e22-b669-734b490e703c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	943	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=598a1dc6-dc46-4e22-b669-734b490e703c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	942	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=598a1dc6-dc46-4e22-b669-734b490e703c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	941	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=598a1dc6-dc46-4e22-b669-734b490e703c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	940	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=598a1dc6-dc46-4e22-b669-734b490e703c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	939	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=598a1dc6-dc46-4e22-b669-734b490e703c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	938	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b328807e-2797-4d69-a06a-828c9a7a56ed HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f7759d41-e08c-41b6-9645-d7b581fdc4ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	937	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b328807e-2797-4d69-a06a-828c9a7a56ed HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	936	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b328807e-2797-4d69-a06a-828c9a7a56ed HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	935	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b328807e-2797-4d69-a06a-828c9a7a56ed HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	934	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b328807e-2797-4d69-a06a-828c9a7a56ed HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	933	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b328807e-2797-4d69-a06a-828c9a7a56ed HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	932	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b328807e-2797-4d69-a06a-828c9a7a56ed HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	931	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=295e1da0-cf6d-4e54-a905-f9b248a669b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=797706b1-b19f-45af-a9f5-bf0ccc2cf553 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	930	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:11:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=38ee8b79-b4ac-49e1-b3f0-92acd77e195f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=865a9fd2-84d2-43a2-9ff7-33d7dc884406 PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"	800		0	4	8		36028797018963968	929	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=38ee8b79-b4ac-49e1-b3f0-92acd77e195f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=865a9fd2-84d2-43a2-9ff7-33d7dc884406 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	928	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=38ee8b79-b4ac-49e1-b3f0-92acd77e195f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	927	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=38ee8b79-b4ac-49e1-b3f0-92acd77e195f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	926	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=38ee8b79-b4ac-49e1-b3f0-92acd77e195f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	925	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=38ee8b79-b4ac-49e1-b3f0-92acd77e195f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	924	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=38ee8b79-b4ac-49e1-b3f0-92acd77e195f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	923	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=38ee8b79-b4ac-49e1-b3f0-92acd77e195f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	922	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=38ee8b79-b4ac-49e1-b3f0-92acd77e195f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	921	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=38ee8b79-b4ac-49e1-b3f0-92acd77e195f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	920	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=295e1da0-cf6d-4e54-a905-f9b248a669b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=797706b1-b19f-45af-a9f5-bf0ccc2cf553 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	919	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=295e1da0-cf6d-4e54-a905-f9b248a669b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	918	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=295e1da0-cf6d-4e54-a905-f9b248a669b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	917	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=295e1da0-cf6d-4e54-a905-f9b248a669b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	916	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=295e1da0-cf6d-4e54-a905-f9b248a669b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	915	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=295e1da0-cf6d-4e54-a905-f9b248a669b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	914	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=295e1da0-cf6d-4e54-a905-f9b248a669b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	913	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5839574-9235-4c7c-8c21-edffcaab7871 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7d804ce9-1db3-408e-b6e5-4b85f1833813 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	912	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=384896ef-cf6c-4a74-bc39-47bd87f9aeeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1e03e1bf-e594-4161-94f9-93653c00d854 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $webclient_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } }"	800		0	4	8		36028797018963968	911	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=384896ef-cf6c-4a74-bc39-47bd87f9aeeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1e03e1bf-e594-4161-94f9-93653c00d854 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	910	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=384896ef-cf6c-4a74-bc39-47bd87f9aeeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	909	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=384896ef-cf6c-4a74-bc39-47bd87f9aeeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	908	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=384896ef-cf6c-4a74-bc39-47bd87f9aeeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	907	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=384896ef-cf6c-4a74-bc39-47bd87f9aeeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	906	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=384896ef-cf6c-4a74-bc39-47bd87f9aeeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	905	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=384896ef-cf6c-4a74-bc39-47bd87f9aeeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	904	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=384896ef-cf6c-4a74-bc39-47bd87f9aeeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	903	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=384896ef-cf6c-4a74-bc39-47bd87f9aeeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	902	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5839574-9235-4c7c-8c21-edffcaab7871 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7d804ce9-1db3-408e-b6e5-4b85f1833813 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	901	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5839574-9235-4c7c-8c21-edffcaab7871 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	900	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5839574-9235-4c7c-8c21-edffcaab7871 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	899	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5839574-9235-4c7c-8c21-edffcaab7871 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	898	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5839574-9235-4c7c-8c21-edffcaab7871 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	897	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5839574-9235-4c7c-8c21-edffcaab7871 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	896	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5839574-9235-4c7c-8c21-edffcaab7871 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	895	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79d40539-08a8-4c0f-811f-569b72e0fdc1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=705ac8df-1820-48bf-84ac-1d35a5be771b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	894	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7bd03c51-2858-42f0-b2f7-d99fddadbadb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2887f96e-adfd-41e8-95bd-010d8238aed8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	893	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7bd03c51-2858-42f0-b2f7-d99fddadbadb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	892	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7bd03c51-2858-42f0-b2f7-d99fddadbadb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	891	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7bd03c51-2858-42f0-b2f7-d99fddadbadb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	890	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7bd03c51-2858-42f0-b2f7-d99fddadbadb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	889	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7bd03c51-2858-42f0-b2f7-d99fddadbadb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	888	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7bd03c51-2858-42f0-b2f7-d99fddadbadb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	887	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7bd03c51-2858-42f0-b2f7-d99fddadbadb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	886	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7bd03c51-2858-42f0-b2f7-d99fddadbadb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	885	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79d40539-08a8-4c0f-811f-569b72e0fdc1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=705ac8df-1820-48bf-84ac-1d35a5be771b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	884	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79d40539-08a8-4c0f-811f-569b72e0fdc1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	883	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79d40539-08a8-4c0f-811f-569b72e0fdc1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	882	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79d40539-08a8-4c0f-811f-569b72e0fdc1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	881	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79d40539-08a8-4c0f-811f-569b72e0fdc1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	880	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79d40539-08a8-4c0f-811f-569b72e0fdc1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	879	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79d40539-08a8-4c0f-811f-569b72e0fdc1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	878	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82892ae4-d3c3-4189-9344-da179f11eeaf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9393a669-1e0e-432a-a664-6f9d834c5420 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	877	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f240afb9-10d9-4779-b948-d40a8d78d6d0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=0b1e8051-9ee5-47dc-8142-0ce1b226f07d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	876	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f240afb9-10d9-4779-b948-d40a8d78d6d0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	875	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f240afb9-10d9-4779-b948-d40a8d78d6d0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	874	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f240afb9-10d9-4779-b948-d40a8d78d6d0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	873	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f240afb9-10d9-4779-b948-d40a8d78d6d0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	872	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f240afb9-10d9-4779-b948-d40a8d78d6d0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	871	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f240afb9-10d9-4779-b948-d40a8d78d6d0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	870	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f240afb9-10d9-4779-b948-d40a8d78d6d0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	869	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f240afb9-10d9-4779-b948-d40a8d78d6d0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	868	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82892ae4-d3c3-4189-9344-da179f11eeaf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9393a669-1e0e-432a-a664-6f9d834c5420 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	867	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82892ae4-d3c3-4189-9344-da179f11eeaf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	866	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82892ae4-d3c3-4189-9344-da179f11eeaf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	865	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82892ae4-d3c3-4189-9344-da179f11eeaf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	864	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82892ae4-d3c3-4189-9344-da179f11eeaf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	863	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82892ae4-d3c3-4189-9344-da179f11eeaf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	862	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82892ae4-d3c3-4189-9344-da179f11eeaf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	861	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=26dca4b6-49ad-4530-bc21-49f04d9f1fb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7e4263bd-5eaa-4735-9c5b-dadb1942eaf2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	860	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3edb44d-1ab0-43d9-a69b-0ff1900a1863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=dbda8397-46e4-46f3-bb31-477a966a1b47 PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"	800		0	4	8		36028797018963968	859	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3edb44d-1ab0-43d9-a69b-0ff1900a1863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=dbda8397-46e4-46f3-bb31-477a966a1b47 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	858	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3edb44d-1ab0-43d9-a69b-0ff1900a1863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	857	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3edb44d-1ab0-43d9-a69b-0ff1900a1863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	856	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3edb44d-1ab0-43d9-a69b-0ff1900a1863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	855	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3edb44d-1ab0-43d9-a69b-0ff1900a1863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	854	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3edb44d-1ab0-43d9-a69b-0ff1900a1863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	853	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3edb44d-1ab0-43d9-a69b-0ff1900a1863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	852	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3edb44d-1ab0-43d9-a69b-0ff1900a1863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	851	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3edb44d-1ab0-43d9-a69b-0ff1900a1863 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	850	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=26dca4b6-49ad-4530-bc21-49f04d9f1fb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7e4263bd-5eaa-4735-9c5b-dadb1942eaf2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	849	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=26dca4b6-49ad-4530-bc21-49f04d9f1fb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	848	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=26dca4b6-49ad-4530-bc21-49f04d9f1fb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	847	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=26dca4b6-49ad-4530-bc21-49f04d9f1fb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	846	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=26dca4b6-49ad-4530-bc21-49f04d9f1fb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	845	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=26dca4b6-49ad-4530-bc21-49f04d9f1fb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	844	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=26dca4b6-49ad-4530-bc21-49f04d9f1fb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	843	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b050b6a-4f7d-48f2-8429-297f60915a5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b8060fbc-950c-43c2-8149-17a6360e02c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	842	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=52b4e427-32c2-433b-9a80-7a7e8f3e4abf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ff07810c-d234-435d-84b4-f4af7b27d2b0 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $webclient_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } }"	800		0	4	8		36028797018963968	841	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52b4e427-32c2-433b-9a80-7a7e8f3e4abf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ff07810c-d234-435d-84b4-f4af7b27d2b0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	840	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52b4e427-32c2-433b-9a80-7a7e8f3e4abf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	839	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52b4e427-32c2-433b-9a80-7a7e8f3e4abf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	838	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52b4e427-32c2-433b-9a80-7a7e8f3e4abf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	837	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52b4e427-32c2-433b-9a80-7a7e8f3e4abf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	836	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52b4e427-32c2-433b-9a80-7a7e8f3e4abf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	835	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52b4e427-32c2-433b-9a80-7a7e8f3e4abf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	834	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52b4e427-32c2-433b-9a80-7a7e8f3e4abf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	833	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52b4e427-32c2-433b-9a80-7a7e8f3e4abf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	832	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b050b6a-4f7d-48f2-8429-297f60915a5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b8060fbc-950c-43c2-8149-17a6360e02c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	831	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b050b6a-4f7d-48f2-8429-297f60915a5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	830	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b050b6a-4f7d-48f2-8429-297f60915a5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	829	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b050b6a-4f7d-48f2-8429-297f60915a5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	828	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b050b6a-4f7d-48f2-8429-297f60915a5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	827	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b050b6a-4f7d-48f2-8429-297f60915a5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	826	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b050b6a-4f7d-48f2-8429-297f60915a5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	825	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2c178fc2-a200-4cd3-8ea2-8b7cadeafd25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3dbd62ed-d3d7-4a1c-ac8a-ff9732ae4658 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	824	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9186b343-d687-499d-a76d-7f91778a8a93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5b81d386-c73e-4acd-813e-4fbde0b744b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	823	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9186b343-d687-499d-a76d-7f91778a8a93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	822	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9186b343-d687-499d-a76d-7f91778a8a93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	821	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9186b343-d687-499d-a76d-7f91778a8a93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	820	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9186b343-d687-499d-a76d-7f91778a8a93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	819	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9186b343-d687-499d-a76d-7f91778a8a93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	818	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9186b343-d687-499d-a76d-7f91778a8a93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	817	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9186b343-d687-499d-a76d-7f91778a8a93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	816	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9186b343-d687-499d-a76d-7f91778a8a93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	815	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2c178fc2-a200-4cd3-8ea2-8b7cadeafd25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3dbd62ed-d3d7-4a1c-ac8a-ff9732ae4658 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	814	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2c178fc2-a200-4cd3-8ea2-8b7cadeafd25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	813	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2c178fc2-a200-4cd3-8ea2-8b7cadeafd25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	812	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2c178fc2-a200-4cd3-8ea2-8b7cadeafd25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	811	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2c178fc2-a200-4cd3-8ea2-8b7cadeafd25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	810	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2c178fc2-a200-4cd3-8ea2-8b7cadeafd25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	809	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2c178fc2-a200-4cd3-8ea2-8b7cadeafd25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	808	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5afc9748-5115-45b1-a18b-dc523c114767 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABJAEEATQB3AEEAdQBBAEQAawBBAE0AUQBBAHQAQQBEAEkAQQBOAEEAQQAyAEEARABZAEEATgB3AEEAMgBBAEQAVQBBAE0AdwBBADAAQQBEAFUAQQBOAFEAQQB6AEEAQwBJAEEASQBBAEEAdABBAEUAWQBBAGIAdwBCAHkAQQBHAE0AQQBaAFEAQQBnAEEAQwAwAEEAVQBnAEIAbABBAEcATQBBAGQAUQBCAHkAQQBIAE0AQQBaAFEAQQA3AEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0A EngineVersion=5.1.14393.1944 RunspaceId=ef7dd0cf-122c-43d3-9d72-28cef878dd4c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	807	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=15b72674-0498-45f0-aab9-9f571ac694fa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADIAMwAuADkAMQAtADIANAA2ADYANwA2ADUAMwA0ADUANQAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=3ecff353-60de-4ffd-82dd-cdebfd6c8baf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	806	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=15b72674-0498-45f0-aab9-9f571ac694fa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADIAMwAuADkAMQAtADIANAA2ADYANwA2ADUAMwA0ADUANQAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=3ecff353-60de-4ffd-82dd-cdebfd6c8baf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	805	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=15b72674-0498-45f0-aab9-9f571ac694fa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADIAMwAuADkAMQAtADIANAA2ADYANwA2ADUAMwA0ADUANQAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	804	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=15b72674-0498-45f0-aab9-9f571ac694fa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADIAMwAuADkAMQAtADIANAA2ADYANwA2ADUAMwA0ADUANQAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	803	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=15b72674-0498-45f0-aab9-9f571ac694fa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADIAMwAuADkAMQAtADIANAA2ADYANwA2ADUAMwA0ADUANQAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	802	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=15b72674-0498-45f0-aab9-9f571ac694fa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADIAMwAuADkAMQAtADIANAA2ADYANwA2ADUAMwA0ADUANQAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	801	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=15b72674-0498-45f0-aab9-9f571ac694fa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADIAMwAuADkAMQAtADIANAA2ADYANwA2ADUAMwA0ADUANQAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	800	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=15b72674-0498-45f0-aab9-9f571ac694fa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADIAMwAuADkAMQAtADIANAA2ADYANwA2ADUAMwA0ADUANQAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	799	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5afc9748-5115-45b1-a18b-dc523c114767 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABJAEEATQB3AEEAdQBBAEQAawBBAE0AUQBBAHQAQQBEAEkAQQBOAEEAQQAyAEEARABZAEEATgB3AEEAMgBBAEQAVQBBAE0AdwBBADAAQQBEAFUAQQBOAFEAQQB6AEEAQwBJAEEASQBBAEEAdABBAEUAWQBBAGIAdwBCAHkAQQBHAE0AQQBaAFEAQQBnAEEAQwAwAEEAVQBnAEIAbABBAEcATQBBAGQAUQBCAHkAQQBIAE0AQQBaAFEAQQA3AEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0A EngineVersion=5.1.14393.1944 RunspaceId=ef7dd0cf-122c-43d3-9d72-28cef878dd4c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	798	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5afc9748-5115-45b1-a18b-dc523c114767 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABJAEEATQB3AEEAdQBBAEQAawBBAE0AUQBBAHQAQQBEAEkAQQBOAEEAQQAyAEEARABZAEEATgB3AEEAMgBBAEQAVQBBAE0AdwBBADAAQQBEAFUAQQBOAFEAQQB6AEEAQwBJAEEASQBBAEEAdABBAEUAWQBBAGIAdwBCAHkAQQBHAE0AQQBaAFEAQQBnAEEAQwAwAEEAVQBnAEIAbABBAEcATQBBAGQAUQBCAHkAQQBIAE0AQQBaAFEAQQA3AEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	797	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5afc9748-5115-45b1-a18b-dc523c114767 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABJAEEATQB3AEEAdQBBAEQAawBBAE0AUQBBAHQAQQBEAEkAQQBOAEEAQQAyAEEARABZAEEATgB3AEEAMgBBAEQAVQBBAE0AdwBBADAAQQBEAFUAQQBOAFEAQQB6AEEAQwBJAEEASQBBAEEAdABBAEUAWQBBAGIAdwBCAHkAQQBHAE0AQQBaAFEAQQBnAEEAQwAwAEEAVQBnAEIAbABBAEcATQBBAGQAUQBCAHkAQQBIAE0AQQBaAFEAQQA3AEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	796	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5afc9748-5115-45b1-a18b-dc523c114767 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABJAEEATQB3AEEAdQBBAEQAawBBAE0AUQBBAHQAQQBEAEkAQQBOAEEAQQAyAEEARABZAEEATgB3AEEAMgBBAEQAVQBBAE0AdwBBADAAQQBEAFUAQQBOAFEAQQB6AEEAQwBJAEEASQBBAEEAdABBAEUAWQBBAGIAdwBCAHkAQQBHAE0AQQBaAFEAQQBnAEEAQwAwAEEAVQBnAEIAbABBAEcATQBBAGQAUQBCAHkAQQBIAE0AQQBaAFEAQQA3AEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	795	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5afc9748-5115-45b1-a18b-dc523c114767 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABJAEEATQB3AEEAdQBBAEQAawBBAE0AUQBBAHQAQQBEAEkAQQBOAEEAQQAyAEEARABZAEEATgB3AEEAMgBBAEQAVQBBAE0AdwBBADAAQQBEAFUAQQBOAFEAQQB6AEEAQwBJAEEASQBBAEEAdABBAEUAWQBBAGIAdwBCAHkAQQBHAE0AQQBaAFEAQQBnAEEAQwAwAEEAVQBnAEIAbABBAEcATQBBAGQAUQBCAHkAQQBIAE0AQQBaAFEAQQA3AEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	794	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5afc9748-5115-45b1-a18b-dc523c114767 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABJAEEATQB3AEEAdQBBAEQAawBBAE0AUQBBAHQAQQBEAEkAQQBOAEEAQQAyAEEARABZAEEATgB3AEEAMgBBAEQAVQBBAE0AdwBBADAAQQBEAFUAQQBOAFEAQQB6AEEAQwBJAEEASQBBAEEAdABBAEUAWQBBAGIAdwBCAHkAQQBHAE0AQQBaAFEAQQBnAEEAQwAwAEEAVQBnAEIAbABBAEcATQBBAGQAUQBCAHkAQQBIAE0AQQBaAFEAQQA3AEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	793	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5afc9748-5115-45b1-a18b-dc523c114767 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABJAEEATQB3AEEAdQBBAEQAawBBAE0AUQBBAHQAQQBEAEkAQQBOAEEAQQAyAEEARABZAEEATgB3AEEAMgBBAEQAVQBBAE0AdwBBADAAQQBEAFUAQQBOAFEAQQB6AEEAQwBJAEEASQBBAEEAdABBAEUAWQBBAGIAdwBCAHkAQQBHAE0AQQBaAFEAQQBnAEEAQwAwAEEAVQBnAEIAbABBAEcATQBBAGQAUQBCAHkAQQBIAE0AQQBaAFEAQQA3AEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	792	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32f91b4c-7a04-4b70-b0a6-1002fadabff6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=85f95c8a-2325-4e42-88bd-a41b061d7276 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	791	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e50e51e1-1580-4474-a341-ca05267b7aeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=487c4ced-cdde-47f5-9fef-9e8727422a8e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	790	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e50e51e1-1580-4474-a341-ca05267b7aeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	789	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e50e51e1-1580-4474-a341-ca05267b7aeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	788	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e50e51e1-1580-4474-a341-ca05267b7aeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	787	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e50e51e1-1580-4474-a341-ca05267b7aeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	786	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e50e51e1-1580-4474-a341-ca05267b7aeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	785	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e50e51e1-1580-4474-a341-ca05267b7aeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	784	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e50e51e1-1580-4474-a341-ca05267b7aeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	783	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e50e51e1-1580-4474-a341-ca05267b7aeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	782	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32f91b4c-7a04-4b70-b0a6-1002fadabff6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=85f95c8a-2325-4e42-88bd-a41b061d7276 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	781	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32f91b4c-7a04-4b70-b0a6-1002fadabff6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	780	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32f91b4c-7a04-4b70-b0a6-1002fadabff6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	779	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32f91b4c-7a04-4b70-b0a6-1002fadabff6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	778	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32f91b4c-7a04-4b70-b0a6-1002fadabff6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	777	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32f91b4c-7a04-4b70-b0a6-1002fadabff6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	776	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32f91b4c-7a04-4b70-b0a6-1002fadabff6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	775	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0b369fd9-b8c4-4cf6-982d-3480b53a0846 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADIAMwAuADkAMQAtADIANAA2ADYANwA2ADUAMwA0ADUANQAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=834fe4ef-0d4e-47b9-a800-9e6c7799e804 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	774	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0b369fd9-b8c4-4cf6-982d-3480b53a0846 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADIAMwAuADkAMQAtADIANAA2ADYANwA2ADUAMwA0ADUANQAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=834fe4ef-0d4e-47b9-a800-9e6c7799e804 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	773	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0b369fd9-b8c4-4cf6-982d-3480b53a0846 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADIAMwAuADkAMQAtADIANAA2ADYANwA2ADUAMwA0ADUANQAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	772	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0b369fd9-b8c4-4cf6-982d-3480b53a0846 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADIAMwAuADkAMQAtADIANAA2ADYANwA2ADUAMwA0ADUANQAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	771	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0b369fd9-b8c4-4cf6-982d-3480b53a0846 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADIAMwAuADkAMQAtADIANAA2ADYANwA2ADUAMwA0ADUANQAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	770	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0b369fd9-b8c4-4cf6-982d-3480b53a0846 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADIAMwAuADkAMQAtADIANAA2ADYANwA2ADUAMwA0ADUANQAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	769	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0b369fd9-b8c4-4cf6-982d-3480b53a0846 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADIAMwAuADkAMQAtADIANAA2ADYANwA2ADUAMwA0ADUANQAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	768	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0b369fd9-b8c4-4cf6-982d-3480b53a0846 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADIAMwAuADkAMQAtADIANAA2ADYANwA2ADUAMwA0ADUANQAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	767	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e0a3254d-e478-483f-b0de-7deacb955e58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=61c4b3d8-d769-4959-b915-eb0b9db930da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	766	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=78a70906-6361-4b8c-8c4c-aa229d0b2444 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1dda2c49-a45a-4510-97dc-fbabfd9f32c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	765	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=78a70906-6361-4b8c-8c4c-aa229d0b2444 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	764	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=78a70906-6361-4b8c-8c4c-aa229d0b2444 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	763	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=78a70906-6361-4b8c-8c4c-aa229d0b2444 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	762	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=78a70906-6361-4b8c-8c4c-aa229d0b2444 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	761	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=78a70906-6361-4b8c-8c4c-aa229d0b2444 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	760	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=78a70906-6361-4b8c-8c4c-aa229d0b2444 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	759	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=78a70906-6361-4b8c-8c4c-aa229d0b2444 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	758	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=78a70906-6361-4b8c-8c4c-aa229d0b2444 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	757	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e0a3254d-e478-483f-b0de-7deacb955e58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=61c4b3d8-d769-4959-b915-eb0b9db930da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	756	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e0a3254d-e478-483f-b0de-7deacb955e58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	755	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e0a3254d-e478-483f-b0de-7deacb955e58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	754	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e0a3254d-e478-483f-b0de-7deacb955e58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	753	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e0a3254d-e478-483f-b0de-7deacb955e58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	752	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e0a3254d-e478-483f-b0de-7deacb955e58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	751	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e0a3254d-e478-483f-b0de-7deacb955e58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	750	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=87bde31c-3693-43c9-8001-c418ce36c4e3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAGcAQQB6AEEAQwA0AEEATwBRAEEAeABBAEMAMABBAE0AZwBBADAAQQBEAFkAQQBOAGcAQQAzAEEARABZAEEATgBRAEEAegBBAEQAUQBBAE4AUQBBADEAQQBEAE0AQQBKAHcAQQBLAEEARgBjAEEAYwBnAEIAcABBAEgAUQBBAFoAUQBBAHQAQQBFADgAQQBkAFEAQgAwAEEASABBAEEAZABRAEIAMABBAEMAQQBBAEwAUQBCAEoAQQBHADQAQQBjAEEAQgAxAEEASABRAEEAVAB3AEIAaQBBAEcAbwBBAFoAUQBCAGoAQQBIAFEAQQBJAEEAQQBrAEEASABRAEEAYgBRAEIAdwBBAEMANABBAFIAZwBCADEAQQBHAHcAQQBiAEEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=683ceb41-c0d2-4990-8917-b84b6f96d180 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	749	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fc3e576-8fb0-467d-9811-39e54f4126c6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMgAzAC4AOQAxAC0AMgA0ADYANgA3ADYANQAzADQANQA1ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=2c456be0-ea72-4d98-a7e8-88244cd52103 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	748	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fc3e576-8fb0-467d-9811-39e54f4126c6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMgAzAC4AOQAxAC0AMgA0ADYANgA3ADYANQAzADQANQA1ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=2c456be0-ea72-4d98-a7e8-88244cd52103 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	747	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fc3e576-8fb0-467d-9811-39e54f4126c6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMgAzAC4AOQAxAC0AMgA0ADYANgA3ADYANQAzADQANQA1ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	746	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fc3e576-8fb0-467d-9811-39e54f4126c6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMgAzAC4AOQAxAC0AMgA0ADYANgA3ADYANQAzADQANQA1ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	745	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fc3e576-8fb0-467d-9811-39e54f4126c6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMgAzAC4AOQAxAC0AMgA0ADYANgA3ADYANQAzADQANQA1ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	744	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fc3e576-8fb0-467d-9811-39e54f4126c6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMgAzAC4AOQAxAC0AMgA0ADYANgA3ADYANQAzADQANQA1ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	743	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fc3e576-8fb0-467d-9811-39e54f4126c6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMgAzAC4AOQAxAC0AMgA0ADYANgA3ADYANQAzADQANQA1ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	742	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fc3e576-8fb0-467d-9811-39e54f4126c6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMgAzAC4AOQAxAC0AMgA0ADYANgA3ADYANQAzADQANQA1ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	741	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=87bde31c-3693-43c9-8001-c418ce36c4e3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAGcAQQB6AEEAQwA0AEEATwBRAEEAeABBAEMAMABBAE0AZwBBADAAQQBEAFkAQQBOAGcAQQAzAEEARABZAEEATgBRAEEAegBBAEQAUQBBAE4AUQBBADEAQQBEAE0AQQBKAHcAQQBLAEEARgBjAEEAYwBnAEIAcABBAEgAUQBBAFoAUQBBAHQAQQBFADgAQQBkAFEAQgAwAEEASABBAEEAZABRAEIAMABBAEMAQQBBAEwAUQBCAEoAQQBHADQAQQBjAEEAQgAxAEEASABRAEEAVAB3AEIAaQBBAEcAbwBBAFoAUQBCAGoAQQBIAFEAQQBJAEEAQQBrAEEASABRAEEAYgBRAEIAdwBBAEMANABBAFIAZwBCADEAQQBHAHcAQQBiAEEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=683ceb41-c0d2-4990-8917-b84b6f96d180 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	740	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=87bde31c-3693-43c9-8001-c418ce36c4e3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAGcAQQB6AEEAQwA0AEEATwBRAEEAeABBAEMAMABBAE0AZwBBADAAQQBEAFkAQQBOAGcAQQAzAEEARABZAEEATgBRAEEAegBBAEQAUQBBAE4AUQBBADEAQQBEAE0AQQBKAHcAQQBLAEEARgBjAEEAYwBnAEIAcABBAEgAUQBBAFoAUQBBAHQAQQBFADgAQQBkAFEAQgAwAEEASABBAEEAZABRAEIAMABBAEMAQQBBAEwAUQBCAEoAQQBHADQAQQBjAEEAQgAxAEEASABRAEEAVAB3AEIAaQBBAEcAbwBBAFoAUQBCAGoAQQBIAFEAQQBJAEEAQQBrAEEASABRAEEAYgBRAEIAdwBBAEMANABBAFIAZwBCADEAQQBHAHcAQQBiAEEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	739	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=87bde31c-3693-43c9-8001-c418ce36c4e3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAGcAQQB6AEEAQwA0AEEATwBRAEEAeABBAEMAMABBAE0AZwBBADAAQQBEAFkAQQBOAGcAQQAzAEEARABZAEEATgBRAEEAegBBAEQAUQBBAE4AUQBBADEAQQBEAE0AQQBKAHcAQQBLAEEARgBjAEEAYwBnAEIAcABBAEgAUQBBAFoAUQBBAHQAQQBFADgAQQBkAFEAQgAwAEEASABBAEEAZABRAEIAMABBAEMAQQBBAEwAUQBCAEoAQQBHADQAQQBjAEEAQgAxAEEASABRAEEAVAB3AEIAaQBBAEcAbwBBAFoAUQBCAGoAQQBIAFEAQQBJAEEAQQBrAEEASABRAEEAYgBRAEIAdwBBAEMANABBAFIAZwBCADEAQQBHAHcAQQBiAEEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	738	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=87bde31c-3693-43c9-8001-c418ce36c4e3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAGcAQQB6AEEAQwA0AEEATwBRAEEAeABBAEMAMABBAE0AZwBBADAAQQBEAFkAQQBOAGcAQQAzAEEARABZAEEATgBRAEEAegBBAEQAUQBBAE4AUQBBADEAQQBEAE0AQQBKAHcAQQBLAEEARgBjAEEAYwBnAEIAcABBAEgAUQBBAFoAUQBBAHQAQQBFADgAQQBkAFEAQgAwAEEASABBAEEAZABRAEIAMABBAEMAQQBBAEwAUQBCAEoAQQBHADQAQQBjAEEAQgAxAEEASABRAEEAVAB3AEIAaQBBAEcAbwBBAFoAUQBCAGoAQQBIAFEAQQBJAEEAQQBrAEEASABRAEEAYgBRAEIAdwBBAEMANABBAFIAZwBCADEAQQBHAHcAQQBiAEEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	737	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=87bde31c-3693-43c9-8001-c418ce36c4e3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAGcAQQB6AEEAQwA0AEEATwBRAEEAeABBAEMAMABBAE0AZwBBADAAQQBEAFkAQQBOAGcAQQAzAEEARABZAEEATgBRAEEAegBBAEQAUQBBAE4AUQBBADEAQQBEAE0AQQBKAHcAQQBLAEEARgBjAEEAYwBnAEIAcABBAEgAUQBBAFoAUQBBAHQAQQBFADgAQQBkAFEAQgAwAEEASABBAEEAZABRAEIAMABBAEMAQQBBAEwAUQBCAEoAQQBHADQAQQBjAEEAQgAxAEEASABRAEEAVAB3AEIAaQBBAEcAbwBBAFoAUQBCAGoAQQBIAFEAQQBJAEEAQQBrAEEASABRAEEAYgBRAEIAdwBBAEMANABBAFIAZwBCADEAQQBHAHcAQQBiAEEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	736	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=87bde31c-3693-43c9-8001-c418ce36c4e3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAGcAQQB6AEEAQwA0AEEATwBRAEEAeABBAEMAMABBAE0AZwBBADAAQQBEAFkAQQBOAGcAQQAzAEEARABZAEEATgBRAEEAegBBAEQAUQBBAE4AUQBBADEAQQBEAE0AQQBKAHcAQQBLAEEARgBjAEEAYwBnAEIAcABBAEgAUQBBAFoAUQBBAHQAQQBFADgAQQBkAFEAQgAwAEEASABBAEEAZABRAEIAMABBAEMAQQBBAEwAUQBCAEoAQQBHADQAQQBjAEEAQgAxAEEASABRAEEAVAB3AEIAaQBBAEcAbwBBAFoAUQBCAGoAQQBIAFEAQQBJAEEAQQBrAEEASABRAEEAYgBRAEIAdwBBAEMANABBAFIAZwBCADEAQQBHAHcAQQBiAEEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	735	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=87bde31c-3693-43c9-8001-c418ce36c4e3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAGcAQQB6AEEAQwA0AEEATwBRAEEAeABBAEMAMABBAE0AZwBBADAAQQBEAFkAQQBOAGcAQQAzAEEARABZAEEATgBRAEEAegBBAEQAUQBBAE4AUQBBADEAQQBEAE0AQQBKAHcAQQBLAEEARgBjAEEAYwBnAEIAcABBAEgAUQBBAFoAUQBBAHQAQQBFADgAQQBkAFEAQgAwAEEASABBAEEAZABRAEIAMABBAEMAQQBBAEwAUQBCAEoAQQBHADQAQQBjAEEAQgAxAEEASABRAEEAVAB3AEIAaQBBAEcAbwBBAFoAUQBCAGoAQQBIAFEAQQBJAEEAQQBrAEEASABRAEEAYgBRAEIAdwBBAEMANABBAFIAZwBCADEAQQBHAHcAQQBiAEEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	734	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=530b3d9f-ad1a-45ef-a152-d7582ba0ca40 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABFAEEATwBBAEEAdQBBAEQARQBBAE4AZwBBAHQAQQBEAGcAQQBNAEEAQQB3AEEARABRAEEATQBRAEEAMABBAEQAVQBBAE4AUQBBADEAQQBEAEkAQQBOAFEAQQAyAEEARABNAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=341dbf0d-624b-4762-b152-4eaad6fad970 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	733	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec8a85db-12bf-4115-82e8-9687ec97fefa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAOAAuADEANgAtADgAMAAwADQAMQA0ADUANQA1ADIANQA2ADMAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=fa319a91-dc9d-4dc6-a659-a731775c73fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	732	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec8a85db-12bf-4115-82e8-9687ec97fefa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAOAAuADEANgAtADgAMAAwADQAMQA0ADUANQA1ADIANQA2ADMAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=fa319a91-dc9d-4dc6-a659-a731775c73fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	731	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec8a85db-12bf-4115-82e8-9687ec97fefa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAOAAuADEANgAtADgAMAAwADQAMQA0ADUANQA1ADIANQA2ADMAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	730	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec8a85db-12bf-4115-82e8-9687ec97fefa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAOAAuADEANgAtADgAMAAwADQAMQA0ADUANQA1ADIANQA2ADMAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	729	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec8a85db-12bf-4115-82e8-9687ec97fefa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAOAAuADEANgAtADgAMAAwADQAMQA0ADUANQA1ADIANQA2ADMAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	728	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec8a85db-12bf-4115-82e8-9687ec97fefa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAOAAuADEANgAtADgAMAAwADQAMQA0ADUANQA1ADIANQA2ADMAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	727	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec8a85db-12bf-4115-82e8-9687ec97fefa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAOAAuADEANgAtADgAMAAwADQAMQA0ADUANQA1ADIANQA2ADMAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	726	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec8a85db-12bf-4115-82e8-9687ec97fefa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAOAAuADEANgAtADgAMAAwADQAMQA0ADUANQA1ADIANQA2ADMAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	725	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=530b3d9f-ad1a-45ef-a152-d7582ba0ca40 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABFAEEATwBBAEEAdQBBAEQARQBBAE4AZwBBAHQAQQBEAGcAQQBNAEEAQQB3AEEARABRAEEATQBRAEEAMABBAEQAVQBBAE4AUQBBADEAQQBEAEkAQQBOAFEAQQAyAEEARABNAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=341dbf0d-624b-4762-b152-4eaad6fad970 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	724	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=530b3d9f-ad1a-45ef-a152-d7582ba0ca40 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABFAEEATwBBAEEAdQBBAEQARQBBAE4AZwBBAHQAQQBEAGcAQQBNAEEAQQB3AEEARABRAEEATQBRAEEAMABBAEQAVQBBAE4AUQBBADEAQQBEAEkAQQBOAFEAQQAyAEEARABNAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	723	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=530b3d9f-ad1a-45ef-a152-d7582ba0ca40 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABFAEEATwBBAEEAdQBBAEQARQBBAE4AZwBBAHQAQQBEAGcAQQBNAEEAQQB3AEEARABRAEEATQBRAEEAMABBAEQAVQBBAE4AUQBBADEAQQBEAEkAQQBOAFEAQQAyAEEARABNAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	722	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=530b3d9f-ad1a-45ef-a152-d7582ba0ca40 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABFAEEATwBBAEEAdQBBAEQARQBBAE4AZwBBAHQAQQBEAGcAQQBNAEEAQQB3AEEARABRAEEATQBRAEEAMABBAEQAVQBBAE4AUQBBADEAQQBEAEkAQQBOAFEAQQAyAEEARABNAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	721	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=530b3d9f-ad1a-45ef-a152-d7582ba0ca40 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABFAEEATwBBAEEAdQBBAEQARQBBAE4AZwBBAHQAQQBEAGcAQQBNAEEAQQB3AEEARABRAEEATQBRAEEAMABBAEQAVQBBAE4AUQBBADEAQQBEAEkAQQBOAFEAQQAyAEEARABNAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	720	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=530b3d9f-ad1a-45ef-a152-d7582ba0ca40 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABFAEEATwBBAEEAdQBBAEQARQBBAE4AZwBBAHQAQQBEAGcAQQBNAEEAQQB3AEEARABRAEEATQBRAEEAMABBAEQAVQBBAE4AUQBBADEAQQBEAEkAQQBOAFEAQQAyAEEARABNAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	719	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=530b3d9f-ad1a-45ef-a152-d7582ba0ca40 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABFAEEATwBBAEEAdQBBAEQARQBBAE4AZwBBAHQAQQBEAGcAQQBNAEEAQQB3AEEARABRAEEATQBRAEEAMABBAEQAVQBBAE4AUQBBADEAQQBEAEkAQQBOAFEAQQAyAEEARABNAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	718	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ff683a03-289d-44b8-a4b9-16bad8bac87f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=23eede60-2895-4d90-b4ce-2cde91c908c4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	717	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=283f1934-496d-42a7-a4fa-d0c43403b84c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fc92472c-abdc-4f4b-b1a3-ff0ff640efc9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	716	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=283f1934-496d-42a7-a4fa-d0c43403b84c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	715	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=283f1934-496d-42a7-a4fa-d0c43403b84c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	714	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=283f1934-496d-42a7-a4fa-d0c43403b84c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	713	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=283f1934-496d-42a7-a4fa-d0c43403b84c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	712	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=283f1934-496d-42a7-a4fa-d0c43403b84c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	711	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=283f1934-496d-42a7-a4fa-d0c43403b84c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	710	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=283f1934-496d-42a7-a4fa-d0c43403b84c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	709	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=283f1934-496d-42a7-a4fa-d0c43403b84c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	708	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ff683a03-289d-44b8-a4b9-16bad8bac87f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=23eede60-2895-4d90-b4ce-2cde91c908c4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	707	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ff683a03-289d-44b8-a4b9-16bad8bac87f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	706	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ff683a03-289d-44b8-a4b9-16bad8bac87f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	705	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ff683a03-289d-44b8-a4b9-16bad8bac87f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	704	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ff683a03-289d-44b8-a4b9-16bad8bac87f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	703	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ff683a03-289d-44b8-a4b9-16bad8bac87f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	702	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ff683a03-289d-44b8-a4b9-16bad8bac87f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	701	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94bd10df-b20a-48e3-add4-104385a247ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAOAAuADEANgAtADgAMAAwADQAMQA0ADUANQA1ADIANQA2ADMAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=c68c5cdb-0195-4679-8d83-9b1d101d74a2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	700	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94bd10df-b20a-48e3-add4-104385a247ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAOAAuADEANgAtADgAMAAwADQAMQA0ADUANQA1ADIANQA2ADMAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=c68c5cdb-0195-4679-8d83-9b1d101d74a2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	699	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94bd10df-b20a-48e3-add4-104385a247ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAOAAuADEANgAtADgAMAAwADQAMQA0ADUANQA1ADIANQA2ADMAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	698	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94bd10df-b20a-48e3-add4-104385a247ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAOAAuADEANgAtADgAMAAwADQAMQA0ADUANQA1ADIANQA2ADMAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	697	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94bd10df-b20a-48e3-add4-104385a247ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAOAAuADEANgAtADgAMAAwADQAMQA0ADUANQA1ADIANQA2ADMAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	696	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94bd10df-b20a-48e3-add4-104385a247ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAOAAuADEANgAtADgAMAAwADQAMQA0ADUANQA1ADIANQA2ADMAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	695	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94bd10df-b20a-48e3-add4-104385a247ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAOAAuADEANgAtADgAMAAwADQAMQA0ADUANQA1ADIANQA2ADMAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	694	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94bd10df-b20a-48e3-add4-104385a247ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAOAAuADEANgAtADgAMAAwADQAMQA0ADUANQA1ADIANQA2ADMAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	693	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4aa8eae3-d650-4474-ae45-4013ce9933ea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7b8561b0-b13b-4e5a-8756-602817801cdf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	692	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=029c0116-b99b-4246-b865-e5eedb8247f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b06a5f60-226a-451a-b5fc-d5befc44a4fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	691	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=029c0116-b99b-4246-b865-e5eedb8247f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	690	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=029c0116-b99b-4246-b865-e5eedb8247f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	689	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=029c0116-b99b-4246-b865-e5eedb8247f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	688	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=029c0116-b99b-4246-b865-e5eedb8247f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	687	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=029c0116-b99b-4246-b865-e5eedb8247f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	686	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=029c0116-b99b-4246-b865-e5eedb8247f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	685	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=029c0116-b99b-4246-b865-e5eedb8247f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	684	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=029c0116-b99b-4246-b865-e5eedb8247f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	683	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4aa8eae3-d650-4474-ae45-4013ce9933ea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7b8561b0-b13b-4e5a-8756-602817801cdf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	682	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4aa8eae3-d650-4474-ae45-4013ce9933ea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	681	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4aa8eae3-d650-4474-ae45-4013ce9933ea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	680	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4aa8eae3-d650-4474-ae45-4013ce9933ea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	679	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4aa8eae3-d650-4474-ae45-4013ce9933ea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	678	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4aa8eae3-d650-4474-ae45-4013ce9933ea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	677	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4aa8eae3-d650-4474-ae45-4013ce9933ea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	676	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a674ef74-a1fd-460b-9016-8419c7035945 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAFEAQQA0AEEAQwA0AEEATQBRAEEAMgBBAEMAMABBAE8AQQBBAHcAQQBEAEEAQQBOAEEAQQB4AEEARABRAEEATgBRAEEAMQBBAEQAVQBBAE0AZwBBADEAQQBEAFkAQQBNAHcAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=ae67422c-5e49-48dc-9246-277653bceae7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	675	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e669c3b0-bc6f-495e-a8a5-c068d8a46156 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMQA4AC4AMQA2AC0AOAAwADAANAAxADQANQA1ADUAMgA1ADYAMwAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=9de0050b-c4e5-4686-885c-ef11da0abcca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	674	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e669c3b0-bc6f-495e-a8a5-c068d8a46156 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMQA4AC4AMQA2AC0AOAAwADAANAAxADQANQA1ADUAMgA1ADYAMwAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=9de0050b-c4e5-4686-885c-ef11da0abcca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	673	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e669c3b0-bc6f-495e-a8a5-c068d8a46156 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMQA4AC4AMQA2AC0AOAAwADAANAAxADQANQA1ADUAMgA1ADYAMwAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	672	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e669c3b0-bc6f-495e-a8a5-c068d8a46156 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMQA4AC4AMQA2AC0AOAAwADAANAAxADQANQA1ADUAMgA1ADYAMwAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	671	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e669c3b0-bc6f-495e-a8a5-c068d8a46156 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMQA4AC4AMQA2AC0AOAAwADAANAAxADQANQA1ADUAMgA1ADYAMwAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	670	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e669c3b0-bc6f-495e-a8a5-c068d8a46156 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMQA4AC4AMQA2AC0AOAAwADAANAAxADQANQA1ADUAMgA1ADYAMwAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	669	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e669c3b0-bc6f-495e-a8a5-c068d8a46156 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMQA4AC4AMQA2AC0AOAAwADAANAAxADQANQA1ADUAMgA1ADYAMwAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	668	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e669c3b0-bc6f-495e-a8a5-c068d8a46156 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMQA4AC4AMQA2AC0AOAAwADAANAAxADQANQA1ADUAMgA1ADYAMwAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	667	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a674ef74-a1fd-460b-9016-8419c7035945 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAFEAQQA0AEEAQwA0AEEATQBRAEEAMgBBAEMAMABBAE8AQQBBAHcAQQBEAEEAQQBOAEEAQQB4AEEARABRAEEATgBRAEEAMQBBAEQAVQBBAE0AZwBBADEAQQBEAFkAQQBNAHcAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=ae67422c-5e49-48dc-9246-277653bceae7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	666	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a674ef74-a1fd-460b-9016-8419c7035945 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAFEAQQA0AEEAQwA0AEEATQBRAEEAMgBBAEMAMABBAE8AQQBBAHcAQQBEAEEAQQBOAEEAQQB4AEEARABRAEEATgBRAEEAMQBBAEQAVQBBAE0AZwBBADEAQQBEAFkAQQBNAHcAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	665	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a674ef74-a1fd-460b-9016-8419c7035945 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAFEAQQA0AEEAQwA0AEEATQBRAEEAMgBBAEMAMABBAE8AQQBBAHcAQQBEAEEAQQBOAEEAQQB4AEEARABRAEEATgBRAEEAMQBBAEQAVQBBAE0AZwBBADEAQQBEAFkAQQBNAHcAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	664	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a674ef74-a1fd-460b-9016-8419c7035945 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAFEAQQA0AEEAQwA0AEEATQBRAEEAMgBBAEMAMABBAE8AQQBBAHcAQQBEAEEAQQBOAEEAQQB4AEEARABRAEEATgBRAEEAMQBBAEQAVQBBAE0AZwBBADEAQQBEAFkAQQBNAHcAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	663	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a674ef74-a1fd-460b-9016-8419c7035945 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAFEAQQA0AEEAQwA0AEEATQBRAEEAMgBBAEMAMABBAE8AQQBBAHcAQQBEAEEAQQBOAEEAQQB4AEEARABRAEEATgBRAEEAMQBBAEQAVQBBAE0AZwBBADEAQQBEAFkAQQBNAHcAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	662	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a674ef74-a1fd-460b-9016-8419c7035945 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAFEAQQA0AEEAQwA0AEEATQBRAEEAMgBBAEMAMABBAE8AQQBBAHcAQQBEAEEAQQBOAEEAQQB4AEEARABRAEEATgBRAEEAMQBBAEQAVQBBAE0AZwBBADEAQQBEAFkAQQBNAHcAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	661	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a674ef74-a1fd-460b-9016-8419c7035945 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAFEAQQA0AEEAQwA0AEEATQBRAEEAMgBBAEMAMABBAE8AQQBBAHcAQQBEAEEAQQBOAEEAQQB4AEEARABRAEEATgBRAEEAMQBBAEQAVQBBAE0AZwBBADEAQQBEAFkAQQBNAHcAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	660	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4abeef27-3bb3-4966-be70-4b670298d5fa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABFAEEATQBnAEEAdQBBAEQAVQBBAE0AUQBBAHQAQQBEAEkAQQBNAHcAQQAyAEEARABVAEEATgB3AEEAMgBBAEQAUQBBAE4AQQBBADQAQQBEAFUAQQBNAGcAQQA1AEEARABFAEEATQBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=cb4e88d2-e724-457d-a615-c7efe41487bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	659	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1e33958a-6354-4c61-9ca9-55cd97d764c2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAMgAuADUAMQAtADIAMwA2ADUANwA2ADQANAA4ADUAMgA5ADEAMAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=8f9e7918-d820-46ef-bbd0-c3b14e571ad6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	658	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1e33958a-6354-4c61-9ca9-55cd97d764c2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAMgAuADUAMQAtADIAMwA2ADUANwA2ADQANAA4ADUAMgA5ADEAMAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=8f9e7918-d820-46ef-bbd0-c3b14e571ad6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	657	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1e33958a-6354-4c61-9ca9-55cd97d764c2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAMgAuADUAMQAtADIAMwA2ADUANwA2ADQANAA4ADUAMgA5ADEAMAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	656	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1e33958a-6354-4c61-9ca9-55cd97d764c2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAMgAuADUAMQAtADIAMwA2ADUANwA2ADQANAA4ADUAMgA5ADEAMAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	655	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1e33958a-6354-4c61-9ca9-55cd97d764c2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAMgAuADUAMQAtADIAMwA2ADUANwA2ADQANAA4ADUAMgA5ADEAMAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	654	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1e33958a-6354-4c61-9ca9-55cd97d764c2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAMgAuADUAMQAtADIAMwA2ADUANwA2ADQANAA4ADUAMgA5ADEAMAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	653	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1e33958a-6354-4c61-9ca9-55cd97d764c2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAMgAuADUAMQAtADIAMwA2ADUANwA2ADQANAA4ADUAMgA5ADEAMAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	652	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1e33958a-6354-4c61-9ca9-55cd97d764c2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAMgAuADUAMQAtADIAMwA2ADUANwA2ADQANAA4ADUAMgA5ADEAMAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	651	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4abeef27-3bb3-4966-be70-4b670298d5fa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABFAEEATQBnAEEAdQBBAEQAVQBBAE0AUQBBAHQAQQBEAEkAQQBNAHcAQQAyAEEARABVAEEATgB3AEEAMgBBAEQAUQBBAE4AQQBBADQAQQBEAFUAQQBNAGcAQQA1AEEARABFAEEATQBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=cb4e88d2-e724-457d-a615-c7efe41487bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	650	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4abeef27-3bb3-4966-be70-4b670298d5fa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABFAEEATQBnAEEAdQBBAEQAVQBBAE0AUQBBAHQAQQBEAEkAQQBNAHcAQQAyAEEARABVAEEATgB3AEEAMgBBAEQAUQBBAE4AQQBBADQAQQBEAFUAQQBNAGcAQQA1AEEARABFAEEATQBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	649	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4abeef27-3bb3-4966-be70-4b670298d5fa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABFAEEATQBnAEEAdQBBAEQAVQBBAE0AUQBBAHQAQQBEAEkAQQBNAHcAQQAyAEEARABVAEEATgB3AEEAMgBBAEQAUQBBAE4AQQBBADQAQQBEAFUAQQBNAGcAQQA1AEEARABFAEEATQBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	648	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4abeef27-3bb3-4966-be70-4b670298d5fa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABFAEEATQBnAEEAdQBBAEQAVQBBAE0AUQBBAHQAQQBEAEkAQQBNAHcAQQAyAEEARABVAEEATgB3AEEAMgBBAEQAUQBBAE4AQQBBADQAQQBEAFUAQQBNAGcAQQA1AEEARABFAEEATQBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	647	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4abeef27-3bb3-4966-be70-4b670298d5fa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABFAEEATQBnAEEAdQBBAEQAVQBBAE0AUQBBAHQAQQBEAEkAQQBNAHcAQQAyAEEARABVAEEATgB3AEEAMgBBAEQAUQBBAE4AQQBBADQAQQBEAFUAQQBNAGcAQQA1AEEARABFAEEATQBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	646	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4abeef27-3bb3-4966-be70-4b670298d5fa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABFAEEATQBnAEEAdQBBAEQAVQBBAE0AUQBBAHQAQQBEAEkAQQBNAHcAQQAyAEEARABVAEEATgB3AEEAMgBBAEQAUQBBAE4AQQBBADQAQQBEAFUAQQBNAGcAQQA1AEEARABFAEEATQBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	645	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4abeef27-3bb3-4966-be70-4b670298d5fa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AUQBBADAAQQBEAFUAQQBNAHcAQQB3AEEARABFAEEATQBnAEEAdQBBAEQAVQBBAE0AUQBBAHQAQQBEAEkAQQBNAHcAQQAyAEEARABVAEEATgB3AEEAMgBBAEQAUQBBAE4AQQBBADQAQQBEAFUAQQBNAGcAQQA1AEEARABFAEEATQBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	644	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c1a86d3-50e5-42ae-b049-4a6ecc4d9165 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fd47bcbe-817f-4d6f-9361-9e47fcc49b9e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	643	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0c6324fb-5f0b-48a7-bcc9-8f64e7ed01fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ea324af6-3fa0-4a17-a93d-9d2dc2b2f1bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	642	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0c6324fb-5f0b-48a7-bcc9-8f64e7ed01fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	641	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0c6324fb-5f0b-48a7-bcc9-8f64e7ed01fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	640	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0c6324fb-5f0b-48a7-bcc9-8f64e7ed01fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	639	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0c6324fb-5f0b-48a7-bcc9-8f64e7ed01fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	638	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0c6324fb-5f0b-48a7-bcc9-8f64e7ed01fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	637	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0c6324fb-5f0b-48a7-bcc9-8f64e7ed01fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	636	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0c6324fb-5f0b-48a7-bcc9-8f64e7ed01fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	635	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0c6324fb-5f0b-48a7-bcc9-8f64e7ed01fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	634	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c1a86d3-50e5-42ae-b049-4a6ecc4d9165 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fd47bcbe-817f-4d6f-9361-9e47fcc49b9e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	633	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c1a86d3-50e5-42ae-b049-4a6ecc4d9165 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	632	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c1a86d3-50e5-42ae-b049-4a6ecc4d9165 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	631	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c1a86d3-50e5-42ae-b049-4a6ecc4d9165 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	630	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c1a86d3-50e5-42ae-b049-4a6ecc4d9165 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	629	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c1a86d3-50e5-42ae-b049-4a6ecc4d9165 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	628	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c1a86d3-50e5-42ae-b049-4a6ecc4d9165 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	627	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a376a011-8cc9-4023-b10b-e3d5395dfb49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAMgAuADUAMQAtADIAMwA2ADUANwA2ADQANAA4ADUAMgA5ADEAMAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=ce602f66-28aa-4f84-834a-7b8a9ca14706 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	626	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a376a011-8cc9-4023-b10b-e3d5395dfb49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAMgAuADUAMQAtADIAMwA2ADUANwA2ADQANAA4ADUAMgA5ADEAMAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=ce602f66-28aa-4f84-834a-7b8a9ca14706 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	625	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a376a011-8cc9-4023-b10b-e3d5395dfb49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAMgAuADUAMQAtADIAMwA2ADUANwA2ADQANAA4ADUAMgA5ADEAMAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	624	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a376a011-8cc9-4023-b10b-e3d5395dfb49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAMgAuADUAMQAtADIAMwA2ADUANwA2ADQANAA4ADUAMgA5ADEAMAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	623	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a376a011-8cc9-4023-b10b-e3d5395dfb49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAMgAuADUAMQAtADIAMwA2ADUANwA2ADQANAA4ADUAMgA5ADEAMAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	622	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a376a011-8cc9-4023-b10b-e3d5395dfb49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAMgAuADUAMQAtADIAMwA2ADUANwA2ADQANAA4ADUAMgA5ADEAMAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	621	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a376a011-8cc9-4023-b10b-e3d5395dfb49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAMgAuADUAMQAtADIAMwA2ADUANwA2ADQANAA4ADUAMgA5ADEAMAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	620	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a376a011-8cc9-4023-b10b-e3d5395dfb49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOQA0ADUAMwAwADEAMgAuADUAMQAtADIAMwA2ADUANwA2ADQANAA4ADUAMgA5ADEAMAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	619	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=353f99f1-9a4f-430f-8ce4-ad794d9d7657 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=de08b199-7bb6-4fd1-a3ef-033bf35dd3cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	618	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=496cdc68-5ec4-4337-ba47-ef07961586b0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b71b4cd9-113b-4b6e-92d9-2393216741bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	617	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=496cdc68-5ec4-4337-ba47-ef07961586b0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	616	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=496cdc68-5ec4-4337-ba47-ef07961586b0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	615	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=496cdc68-5ec4-4337-ba47-ef07961586b0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	614	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=496cdc68-5ec4-4337-ba47-ef07961586b0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	613	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=496cdc68-5ec4-4337-ba47-ef07961586b0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	612	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=496cdc68-5ec4-4337-ba47-ef07961586b0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	611	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=496cdc68-5ec4-4337-ba47-ef07961586b0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	610	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=496cdc68-5ec4-4337-ba47-ef07961586b0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	609	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=353f99f1-9a4f-430f-8ce4-ad794d9d7657 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=de08b199-7bb6-4fd1-a3ef-033bf35dd3cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	608	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=353f99f1-9a4f-430f-8ce4-ad794d9d7657 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	607	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=353f99f1-9a4f-430f-8ce4-ad794d9d7657 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	606	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=353f99f1-9a4f-430f-8ce4-ad794d9d7657 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	605	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=353f99f1-9a4f-430f-8ce4-ad794d9d7657 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	604	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=353f99f1-9a4f-430f-8ce4-ad794d9d7657 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	603	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=353f99f1-9a4f-430f-8ce4-ad794d9d7657 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	602	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec484c8a-34ed-4b39-8998-92aa788e1758 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAFEAQQB5AEEAQwA0AEEATgBRAEEAeABBAEMAMABBAE0AZwBBAHoAQQBEAFkAQQBOAFEAQQAzAEEARABZAEEATgBBAEEAMABBAEQAZwBBAE4AUQBBAHkAQQBEAGsAQQBNAFEAQQB3AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=38778cd5-e805-4f94-9b92-f64c0756cb30 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	601	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=295786fa-b237-4777-b311-0622351a129a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMQAyAC4ANQAxAC0AMgAzADYANQA3ADYANAA0ADgANQAyADkAMQAwADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=64e6c85b-5386-4d91-9704-760caa619f0e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	600	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=295786fa-b237-4777-b311-0622351a129a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMQAyAC4ANQAxAC0AMgAzADYANQA3ADYANAA0ADgANQAyADkAMQAwADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=64e6c85b-5386-4d91-9704-760caa619f0e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	599	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=295786fa-b237-4777-b311-0622351a129a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMQAyAC4ANQAxAC0AMgAzADYANQA3ADYANAA0ADgANQAyADkAMQAwADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	598	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=295786fa-b237-4777-b311-0622351a129a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMQAyAC4ANQAxAC0AMgAzADYANQA3ADYANAA0ADgANQAyADkAMQAwADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	597	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=295786fa-b237-4777-b311-0622351a129a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMQAyAC4ANQAxAC0AMgAzADYANQA3ADYANAA0ADgANQAyADkAMQAwADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	596	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=295786fa-b237-4777-b311-0622351a129a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMQAyAC4ANQAxAC0AMgAzADYANQA3ADYANAA0ADgANQAyADkAMQAwADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	595	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=295786fa-b237-4777-b311-0622351a129a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMQAyAC4ANQAxAC0AMgAzADYANQA3ADYANAA0ADgANQAyADkAMQAwADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	594	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=295786fa-b237-4777-b311-0622351a129a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA5ADQANQAzADAAMQAyAC4ANQAxAC0AMgAzADYANQA3ADYANAA0ADgANQAyADkAMQAwADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	593	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec484c8a-34ed-4b39-8998-92aa788e1758 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAFEAQQB5AEEAQwA0AEEATgBRAEEAeABBAEMAMABBAE0AZwBBAHoAQQBEAFkAQQBOAFEAQQAzAEEARABZAEEATgBBAEEAMABBAEQAZwBBAE4AUQBBAHkAQQBEAGsAQQBNAFEAQQB3AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=38778cd5-e805-4f94-9b92-f64c0756cb30 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	592	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec484c8a-34ed-4b39-8998-92aa788e1758 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAFEAQQB5AEEAQwA0AEEATgBRAEEAeABBAEMAMABBAE0AZwBBAHoAQQBEAFkAQQBOAFEAQQAzAEEARABZAEEATgBBAEEAMABBAEQAZwBBAE4AUQBBAHkAQQBEAGsAQQBNAFEAQQB3AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	591	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec484c8a-34ed-4b39-8998-92aa788e1758 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAFEAQQB5AEEAQwA0AEEATgBRAEEAeABBAEMAMABBAE0AZwBBAHoAQQBEAFkAQQBOAFEAQQAzAEEARABZAEEATgBBAEEAMABBAEQAZwBBAE4AUQBBAHkAQQBEAGsAQQBNAFEAQQB3AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	590	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec484c8a-34ed-4b39-8998-92aa788e1758 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAFEAQQB5AEEAQwA0AEEATgBRAEEAeABBAEMAMABBAE0AZwBBAHoAQQBEAFkAQQBOAFEAQQAzAEEARABZAEEATgBBAEEAMABBAEQAZwBBAE4AUQBBAHkAQQBEAGsAQQBNAFEAQQB3AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	589	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec484c8a-34ed-4b39-8998-92aa788e1758 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAFEAQQB5AEEAQwA0AEEATgBRAEEAeABBAEMAMABBAE0AZwBBAHoAQQBEAFkAQQBOAFEAQQAzAEEARABZAEEATgBBAEEAMABBAEQAZwBBAE4AUQBBAHkAQQBEAGsAQQBNAFEAQQB3AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	588	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec484c8a-34ed-4b39-8998-92aa788e1758 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAFEAQQB5AEEAQwA0AEEATgBRAEEAeABBAEMAMABBAE0AZwBBAHoAQQBEAFkAQQBOAFEAQQAzAEEARABZAEEATgBBAEEAMABBAEQAZwBBAE4AUQBBAHkAQQBEAGsAQQBNAFEAQQB3AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	587	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec484c8a-34ed-4b39-8998-92aa788e1758 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANQBBAEQAUQBBAE4AUQBBAHoAQQBEAEEAQQBNAFEAQQB5AEEAQwA0AEEATgBRAEEAeABBAEMAMABBAE0AZwBBAHoAQQBEAFkAQQBOAFEAQQAzAEEARABZAEEATgBBAEEAMABBAEQAZwBBAE4AUQBBAHkAQQBEAGsAQQBNAFEAQQB3AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	586	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a963fb70-9e11-4098-b43c-7496a29f4354 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9376f589-aede-4096-894a-fdd45ed4c2a7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	585	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=af5e05d4-609b-483c-bccc-d5e8f676fa86 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=64c4ce10-89f7-4bc6-b213-aec643c9578f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	584	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=af5e05d4-609b-483c-bccc-d5e8f676fa86 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	583	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=af5e05d4-609b-483c-bccc-d5e8f676fa86 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	582	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=af5e05d4-609b-483c-bccc-d5e8f676fa86 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	581	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=af5e05d4-609b-483c-bccc-d5e8f676fa86 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	580	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=af5e05d4-609b-483c-bccc-d5e8f676fa86 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	579	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=af5e05d4-609b-483c-bccc-d5e8f676fa86 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	578	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=af5e05d4-609b-483c-bccc-d5e8f676fa86 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	577	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=af5e05d4-609b-483c-bccc-d5e8f676fa86 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	576	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a963fb70-9e11-4098-b43c-7496a29f4354 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9376f589-aede-4096-894a-fdd45ed4c2a7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	575	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a963fb70-9e11-4098-b43c-7496a29f4354 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	574	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a963fb70-9e11-4098-b43c-7496a29f4354 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	573	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a963fb70-9e11-4098-b43c-7496a29f4354 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	572	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a963fb70-9e11-4098-b43c-7496a29f4354 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	571	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a963fb70-9e11-4098-b43c-7496a29f4354 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	570	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a963fb70-9e11-4098-b43c-7496a29f4354 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	569	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1ba46a4d-a5c9-49a5-a38b-872408f7b3c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=917f1bef-fbb4-43df-9f20-c83593d0fd1f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	568	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=990eb603-d713-49b8-beb2-c62b0a9712f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=810133dc-740c-481c-8f14-27e758aa7f55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	567	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=990eb603-d713-49b8-beb2-c62b0a9712f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	566	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=990eb603-d713-49b8-beb2-c62b0a9712f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	565	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=990eb603-d713-49b8-beb2-c62b0a9712f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	564	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=990eb603-d713-49b8-beb2-c62b0a9712f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	563	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=990eb603-d713-49b8-beb2-c62b0a9712f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	562	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=990eb603-d713-49b8-beb2-c62b0a9712f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	561	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=990eb603-d713-49b8-beb2-c62b0a9712f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	560	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=990eb603-d713-49b8-beb2-c62b0a9712f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	559	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1ba46a4d-a5c9-49a5-a38b-872408f7b3c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=917f1bef-fbb4-43df-9f20-c83593d0fd1f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	558	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1ba46a4d-a5c9-49a5-a38b-872408f7b3c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	557	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1ba46a4d-a5c9-49a5-a38b-872408f7b3c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	556	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1ba46a4d-a5c9-49a5-a38b-872408f7b3c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	555	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1ba46a4d-a5c9-49a5-a38b-872408f7b3c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	554	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1ba46a4d-a5c9-49a5-a38b-872408f7b3c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	553	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1ba46a4d-a5c9-49a5-a38b-872408f7b3c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	552	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3d185d6-e769-4577-8f19-0d0147833b17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a48d2d46-660a-4975-a028-79c599680670 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	551	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=5a7adb09-ed27-404e-9b8b-a80a15495c61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=dac08d74-3878-4583-93d9-ed049df2867d PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	550	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5a7adb09-ed27-404e-9b8b-a80a15495c61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=dac08d74-3878-4583-93d9-ed049df2867d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	549	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5a7adb09-ed27-404e-9b8b-a80a15495c61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	548	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5a7adb09-ed27-404e-9b8b-a80a15495c61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	547	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5a7adb09-ed27-404e-9b8b-a80a15495c61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	546	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5a7adb09-ed27-404e-9b8b-a80a15495c61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	545	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5a7adb09-ed27-404e-9b8b-a80a15495c61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	544	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5a7adb09-ed27-404e-9b8b-a80a15495c61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	543	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5a7adb09-ed27-404e-9b8b-a80a15495c61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	542	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5a7adb09-ed27-404e-9b8b-a80a15495c61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	541	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3d185d6-e769-4577-8f19-0d0147833b17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a48d2d46-660a-4975-a028-79c599680670 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	540	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3d185d6-e769-4577-8f19-0d0147833b17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	539	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3d185d6-e769-4577-8f19-0d0147833b17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	538	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3d185d6-e769-4577-8f19-0d0147833b17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	537	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3d185d6-e769-4577-8f19-0d0147833b17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	536	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3d185d6-e769-4577-8f19-0d0147833b17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	535	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3d185d6-e769-4577-8f19-0d0147833b17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	534	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f325cf64-1e9c-4819-871e-a5edbd5971c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=461a43d7-bdf7-42f0-a067-1c63e077b730 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	533	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1c51f0b8-344f-4435-8777-cc66d98714c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=57caca8d-dcc4-475e-bdfb-75463d4259c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	532	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1c51f0b8-344f-4435-8777-cc66d98714c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	531	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1c51f0b8-344f-4435-8777-cc66d98714c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	530	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1c51f0b8-344f-4435-8777-cc66d98714c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	529	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1c51f0b8-344f-4435-8777-cc66d98714c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	528	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1c51f0b8-344f-4435-8777-cc66d98714c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	527	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1c51f0b8-344f-4435-8777-cc66d98714c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	526	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1c51f0b8-344f-4435-8777-cc66d98714c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	525	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1c51f0b8-344f-4435-8777-cc66d98714c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	524	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f325cf64-1e9c-4819-871e-a5edbd5971c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=461a43d7-bdf7-42f0-a067-1c63e077b730 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	523	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f325cf64-1e9c-4819-871e-a5edbd5971c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	522	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f325cf64-1e9c-4819-871e-a5edbd5971c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	521	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f325cf64-1e9c-4819-871e-a5edbd5971c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	520	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f325cf64-1e9c-4819-871e-a5edbd5971c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	519	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f325cf64-1e9c-4819-871e-a5edbd5971c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	518	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f325cf64-1e9c-4819-871e-a5edbd5971c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	517	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=375a4602-791b-43dd-a723-6b1c3c3006d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1245c07c-383e-4fec-85f7-19e686526533 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	516	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:10:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0f7bcec9-1d1e-4fff-8370-9ea3c8c2c71b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=55217e18-4473-483b-a0e0-e1000e9774df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	515	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0f7bcec9-1d1e-4fff-8370-9ea3c8c2c71b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	514	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0f7bcec9-1d1e-4fff-8370-9ea3c8c2c71b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	513	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0f7bcec9-1d1e-4fff-8370-9ea3c8c2c71b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	512	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0f7bcec9-1d1e-4fff-8370-9ea3c8c2c71b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	511	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0f7bcec9-1d1e-4fff-8370-9ea3c8c2c71b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	510	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0f7bcec9-1d1e-4fff-8370-9ea3c8c2c71b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	509	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0f7bcec9-1d1e-4fff-8370-9ea3c8c2c71b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	508	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0f7bcec9-1d1e-4fff-8370-9ea3c8c2c71b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	507	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=375a4602-791b-43dd-a723-6b1c3c3006d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1245c07c-383e-4fec-85f7-19e686526533 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	506	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=375a4602-791b-43dd-a723-6b1c3c3006d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	505	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=375a4602-791b-43dd-a723-6b1c3c3006d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	504	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=375a4602-791b-43dd-a723-6b1c3c3006d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	503	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=375a4602-791b-43dd-a723-6b1c3c3006d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	502	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=375a4602-791b-43dd-a723-6b1c3c3006d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	501	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=375a4602-791b-43dd-a723-6b1c3c3006d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	500	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=104cb200-9d83-4d9b-96c5-ac945f2a5ba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6ec9bfa9-e295-43a5-b5fe-594c65e84630 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	499	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7875054d-2bdd-41a6-b516-ded90c0359b7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a92616c9-978a-439e-9017-a71537675e44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	498	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7875054d-2bdd-41a6-b516-ded90c0359b7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	497	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7875054d-2bdd-41a6-b516-ded90c0359b7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	496	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7875054d-2bdd-41a6-b516-ded90c0359b7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	495	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7875054d-2bdd-41a6-b516-ded90c0359b7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	494	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7875054d-2bdd-41a6-b516-ded90c0359b7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	493	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7875054d-2bdd-41a6-b516-ded90c0359b7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	492	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7875054d-2bdd-41a6-b516-ded90c0359b7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	491	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7875054d-2bdd-41a6-b516-ded90c0359b7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	490	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=104cb200-9d83-4d9b-96c5-ac945f2a5ba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6ec9bfa9-e295-43a5-b5fe-594c65e84630 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	489	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=104cb200-9d83-4d9b-96c5-ac945f2a5ba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	488	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=104cb200-9d83-4d9b-96c5-ac945f2a5ba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	487	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=104cb200-9d83-4d9b-96c5-ac945f2a5ba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	486	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=104cb200-9d83-4d9b-96c5-ac945f2a5ba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	485	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=104cb200-9d83-4d9b-96c5-ac945f2a5ba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	484	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=104cb200-9d83-4d9b-96c5-ac945f2a5ba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	483	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c7c16283-69e1-4671-8668-047c86da1926 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=54fb3882-c37c-44f9-b181-8999623ececd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	482	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fdabee32-636c-46ab-999c-ecdf58906a01 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=68f4a4f9-a4b6-442f-985f-069b93965625 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	481	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fdabee32-636c-46ab-999c-ecdf58906a01 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	480	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fdabee32-636c-46ab-999c-ecdf58906a01 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	479	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fdabee32-636c-46ab-999c-ecdf58906a01 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	478	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fdabee32-636c-46ab-999c-ecdf58906a01 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	477	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fdabee32-636c-46ab-999c-ecdf58906a01 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	476	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fdabee32-636c-46ab-999c-ecdf58906a01 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	475	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fdabee32-636c-46ab-999c-ecdf58906a01 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	474	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fdabee32-636c-46ab-999c-ecdf58906a01 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	473	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c7c16283-69e1-4671-8668-047c86da1926 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=54fb3882-c37c-44f9-b181-8999623ececd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	472	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c7c16283-69e1-4671-8668-047c86da1926 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	471	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c7c16283-69e1-4671-8668-047c86da1926 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	470	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c7c16283-69e1-4671-8668-047c86da1926 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	469	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c7c16283-69e1-4671-8668-047c86da1926 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	468	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c7c16283-69e1-4671-8668-047c86da1926 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	467	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c7c16283-69e1-4671-8668-047c86da1926 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	466	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1591dfd-04ef-4eea-9513-e43bb3619b00 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=091019dd-a331-4703-8d80-0b647aecd78b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	465	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=34e14ef6-a0dc-4cc9-b5af-fc9d5a501a50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=07a9dc33-82f6-4002-b901-44b72d11a6de PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	464	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=34e14ef6-a0dc-4cc9-b5af-fc9d5a501a50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	463	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=34e14ef6-a0dc-4cc9-b5af-fc9d5a501a50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	462	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=34e14ef6-a0dc-4cc9-b5af-fc9d5a501a50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	461	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=34e14ef6-a0dc-4cc9-b5af-fc9d5a501a50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	460	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=34e14ef6-a0dc-4cc9-b5af-fc9d5a501a50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	459	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=34e14ef6-a0dc-4cc9-b5af-fc9d5a501a50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	458	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=34e14ef6-a0dc-4cc9-b5af-fc9d5a501a50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	457	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=34e14ef6-a0dc-4cc9-b5af-fc9d5a501a50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	456	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1591dfd-04ef-4eea-9513-e43bb3619b00 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=091019dd-a331-4703-8d80-0b647aecd78b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	455	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1591dfd-04ef-4eea-9513-e43bb3619b00 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	454	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1591dfd-04ef-4eea-9513-e43bb3619b00 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	453	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1591dfd-04ef-4eea-9513-e43bb3619b00 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	452	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1591dfd-04ef-4eea-9513-e43bb3619b00 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	451	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1591dfd-04ef-4eea-9513-e43bb3619b00 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	450	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1591dfd-04ef-4eea-9513-e43bb3619b00 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	449	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f33e4133-6a2d-4781-911b-6ca3c8ba98fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4ad06c78-47da-4d7d-8421-c5c56ae4ca7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	448	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=16fc71a0-8edd-4a5b-b2e5-64c71b6b514d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b539ae8b-e7c9-46b2-bf78-618a8f81ed27 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	447	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=16fc71a0-8edd-4a5b-b2e5-64c71b6b514d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b539ae8b-e7c9-46b2-bf78-618a8f81ed27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	446	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=16fc71a0-8edd-4a5b-b2e5-64c71b6b514d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	445	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=16fc71a0-8edd-4a5b-b2e5-64c71b6b514d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	444	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=16fc71a0-8edd-4a5b-b2e5-64c71b6b514d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	443	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=16fc71a0-8edd-4a5b-b2e5-64c71b6b514d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	442	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=16fc71a0-8edd-4a5b-b2e5-64c71b6b514d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	441	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=16fc71a0-8edd-4a5b-b2e5-64c71b6b514d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	440	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=16fc71a0-8edd-4a5b-b2e5-64c71b6b514d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	439	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=16fc71a0-8edd-4a5b-b2e5-64c71b6b514d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	438	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f33e4133-6a2d-4781-911b-6ca3c8ba98fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4ad06c78-47da-4d7d-8421-c5c56ae4ca7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	437	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f33e4133-6a2d-4781-911b-6ca3c8ba98fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	436	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f33e4133-6a2d-4781-911b-6ca3c8ba98fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	435	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f33e4133-6a2d-4781-911b-6ca3c8ba98fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	434	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f33e4133-6a2d-4781-911b-6ca3c8ba98fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	433	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f33e4133-6a2d-4781-911b-6ca3c8ba98fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	432	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f33e4133-6a2d-4781-911b-6ca3c8ba98fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	431	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=93e35388-9c06-496b-932b-8d062709be9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b9ac584b-bd99-4bcc-a9fe-86f7f6e55b4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	430	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=8bdee5ae-66bb-4508-8e36-4dc36785118b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=dcbfd210-65ee-41e0-8747-877545078346 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	429	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8bdee5ae-66bb-4508-8e36-4dc36785118b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=dcbfd210-65ee-41e0-8747-877545078346 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	428	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8bdee5ae-66bb-4508-8e36-4dc36785118b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	427	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8bdee5ae-66bb-4508-8e36-4dc36785118b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	426	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8bdee5ae-66bb-4508-8e36-4dc36785118b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	425	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8bdee5ae-66bb-4508-8e36-4dc36785118b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	424	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8bdee5ae-66bb-4508-8e36-4dc36785118b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	423	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8bdee5ae-66bb-4508-8e36-4dc36785118b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	422	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8bdee5ae-66bb-4508-8e36-4dc36785118b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	421	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8bdee5ae-66bb-4508-8e36-4dc36785118b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	420	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=93e35388-9c06-496b-932b-8d062709be9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b9ac584b-bd99-4bcc-a9fe-86f7f6e55b4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	419	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=93e35388-9c06-496b-932b-8d062709be9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	418	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=93e35388-9c06-496b-932b-8d062709be9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	417	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=93e35388-9c06-496b-932b-8d062709be9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	416	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=93e35388-9c06-496b-932b-8d062709be9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	415	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=93e35388-9c06-496b-932b-8d062709be9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	414	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=93e35388-9c06-496b-932b-8d062709be9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	413	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=761968bb-443f-49db-b76d-570c77e13386 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=22f36e90-79d6-401e-be06-59a829e4ade5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	412	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=d4044a24-b9f4-4c93-81fd-be31e697af3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b568f095-03a3-4e33-9f7e-be5387b54e72 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	411	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d4044a24-b9f4-4c93-81fd-be31e697af3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b568f095-03a3-4e33-9f7e-be5387b54e72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	410	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d4044a24-b9f4-4c93-81fd-be31e697af3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	409	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d4044a24-b9f4-4c93-81fd-be31e697af3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	408	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d4044a24-b9f4-4c93-81fd-be31e697af3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	407	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d4044a24-b9f4-4c93-81fd-be31e697af3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	406	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d4044a24-b9f4-4c93-81fd-be31e697af3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	405	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d4044a24-b9f4-4c93-81fd-be31e697af3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	404	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d4044a24-b9f4-4c93-81fd-be31e697af3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	403	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d4044a24-b9f4-4c93-81fd-be31e697af3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	402	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=761968bb-443f-49db-b76d-570c77e13386 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=22f36e90-79d6-401e-be06-59a829e4ade5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	401	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=761968bb-443f-49db-b76d-570c77e13386 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	400	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=761968bb-443f-49db-b76d-570c77e13386 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	399	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=761968bb-443f-49db-b76d-570c77e13386 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	398	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=761968bb-443f-49db-b76d-570c77e13386 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	397	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=761968bb-443f-49db-b76d-570c77e13386 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	396	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=761968bb-443f-49db-b76d-570c77e13386 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	395	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90957a24-33c8-4ac5-ac91-07c4a2a6bf73 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=64e59ce4-1498-431a-9c2f-a5c977d828bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	394	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=86bc2901-f576-4115-82dd-61690a0b5719 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=05a9e7f5-40ae-47cd-baf0-6e26ef2e531a PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	393	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=86bc2901-f576-4115-82dd-61690a0b5719 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=05a9e7f5-40ae-47cd-baf0-6e26ef2e531a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	392	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=86bc2901-f576-4115-82dd-61690a0b5719 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	391	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=86bc2901-f576-4115-82dd-61690a0b5719 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	390	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=86bc2901-f576-4115-82dd-61690a0b5719 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	389	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=86bc2901-f576-4115-82dd-61690a0b5719 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	388	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=86bc2901-f576-4115-82dd-61690a0b5719 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	387	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=86bc2901-f576-4115-82dd-61690a0b5719 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	386	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=86bc2901-f576-4115-82dd-61690a0b5719 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	385	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=86bc2901-f576-4115-82dd-61690a0b5719 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	384	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90957a24-33c8-4ac5-ac91-07c4a2a6bf73 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=64e59ce4-1498-431a-9c2f-a5c977d828bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	383	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90957a24-33c8-4ac5-ac91-07c4a2a6bf73 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	382	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90957a24-33c8-4ac5-ac91-07c4a2a6bf73 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	381	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90957a24-33c8-4ac5-ac91-07c4a2a6bf73 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	380	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90957a24-33c8-4ac5-ac91-07c4a2a6bf73 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	379	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90957a24-33c8-4ac5-ac91-07c4a2a6bf73 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	378	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90957a24-33c8-4ac5-ac91-07c4a2a6bf73 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	377	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=415f400a-f213-409c-aea0-002dd23bd041 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=00d9e145-395e-4146-92a8-0594d1ce7350 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	376	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=394e8c15-22aa-4502-bc89-5bb093acb6c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=47cc0dd4-24da-4353-a184-694b0dbaa64f PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	375	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=394e8c15-22aa-4502-bc89-5bb093acb6c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=47cc0dd4-24da-4353-a184-694b0dbaa64f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	374	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=394e8c15-22aa-4502-bc89-5bb093acb6c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	373	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=394e8c15-22aa-4502-bc89-5bb093acb6c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	372	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=394e8c15-22aa-4502-bc89-5bb093acb6c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	371	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=394e8c15-22aa-4502-bc89-5bb093acb6c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	370	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=394e8c15-22aa-4502-bc89-5bb093acb6c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	369	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=394e8c15-22aa-4502-bc89-5bb093acb6c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	368	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=394e8c15-22aa-4502-bc89-5bb093acb6c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	367	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=394e8c15-22aa-4502-bc89-5bb093acb6c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	366	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=415f400a-f213-409c-aea0-002dd23bd041 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=00d9e145-395e-4146-92a8-0594d1ce7350 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	365	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=415f400a-f213-409c-aea0-002dd23bd041 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	364	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=415f400a-f213-409c-aea0-002dd23bd041 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	363	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=415f400a-f213-409c-aea0-002dd23bd041 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	362	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=415f400a-f213-409c-aea0-002dd23bd041 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	361	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=415f400a-f213-409c-aea0-002dd23bd041 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	360	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=415f400a-f213-409c-aea0-002dd23bd041 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	359	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d4903693-63d1-473c-9b0c-a4aef90bc816 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=dc24ac14-7fed-407e-9bab-ff16ef00276f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	358	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=cde96f92-a137-40ba-92ef-fd2e134b9923 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7ab8c9a0-0b7e-4217-94d4-8535cda028b0 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	357	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cde96f92-a137-40ba-92ef-fd2e134b9923 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7ab8c9a0-0b7e-4217-94d4-8535cda028b0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	356	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cde96f92-a137-40ba-92ef-fd2e134b9923 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	355	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cde96f92-a137-40ba-92ef-fd2e134b9923 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	354	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cde96f92-a137-40ba-92ef-fd2e134b9923 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	353	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cde96f92-a137-40ba-92ef-fd2e134b9923 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	352	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cde96f92-a137-40ba-92ef-fd2e134b9923 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	351	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cde96f92-a137-40ba-92ef-fd2e134b9923 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	350	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cde96f92-a137-40ba-92ef-fd2e134b9923 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	349	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cde96f92-a137-40ba-92ef-fd2e134b9923 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	348	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d4903693-63d1-473c-9b0c-a4aef90bc816 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=dc24ac14-7fed-407e-9bab-ff16ef00276f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	347	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d4903693-63d1-473c-9b0c-a4aef90bc816 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	346	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d4903693-63d1-473c-9b0c-a4aef90bc816 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	345	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d4903693-63d1-473c-9b0c-a4aef90bc816 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	344	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d4903693-63d1-473c-9b0c-a4aef90bc816 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	343	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d4903693-63d1-473c-9b0c-a4aef90bc816 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	342	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d4903693-63d1-473c-9b0c-a4aef90bc816 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	341	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4675557-58c8-40fe-807a-0508d7b6ff4c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d6fa097e-dd31-4bd6-af32-8e9cd685f904 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	340	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=486bc0f6-5324-4606-a069-0c8ed80d1ad8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2cd19347-c706-4612-a4a4-706157e58aa5 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	339	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=486bc0f6-5324-4606-a069-0c8ed80d1ad8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2cd19347-c706-4612-a4a4-706157e58aa5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	338	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=486bc0f6-5324-4606-a069-0c8ed80d1ad8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	337	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=486bc0f6-5324-4606-a069-0c8ed80d1ad8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	336	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=486bc0f6-5324-4606-a069-0c8ed80d1ad8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	335	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=486bc0f6-5324-4606-a069-0c8ed80d1ad8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	334	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=486bc0f6-5324-4606-a069-0c8ed80d1ad8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	333	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=486bc0f6-5324-4606-a069-0c8ed80d1ad8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	332	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=486bc0f6-5324-4606-a069-0c8ed80d1ad8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	331	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=486bc0f6-5324-4606-a069-0c8ed80d1ad8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	330	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4675557-58c8-40fe-807a-0508d7b6ff4c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d6fa097e-dd31-4bd6-af32-8e9cd685f904 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	329	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4675557-58c8-40fe-807a-0508d7b6ff4c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	328	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4675557-58c8-40fe-807a-0508d7b6ff4c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	327	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4675557-58c8-40fe-807a-0508d7b6ff4c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	326	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4675557-58c8-40fe-807a-0508d7b6ff4c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	325	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4675557-58c8-40fe-807a-0508d7b6ff4c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	324	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4675557-58c8-40fe-807a-0508d7b6ff4c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	323	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=789623f6-3070-43cd-b372-26872963d2f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1eee0fbe-44b2-44c9-bc72-4d035f92ff5c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	322	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3418ecf-1462-4ad9-bc73-3d1e3a8ec488 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=93d7531e-dbb2-4bf5-b626-f567a6b9f643 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	321	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3418ecf-1462-4ad9-bc73-3d1e3a8ec488 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=93d7531e-dbb2-4bf5-b626-f567a6b9f643 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	320	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3418ecf-1462-4ad9-bc73-3d1e3a8ec488 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	319	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3418ecf-1462-4ad9-bc73-3d1e3a8ec488 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	318	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3418ecf-1462-4ad9-bc73-3d1e3a8ec488 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	317	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3418ecf-1462-4ad9-bc73-3d1e3a8ec488 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	316	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3418ecf-1462-4ad9-bc73-3d1e3a8ec488 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	315	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3418ecf-1462-4ad9-bc73-3d1e3a8ec488 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	314	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3418ecf-1462-4ad9-bc73-3d1e3a8ec488 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	313	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3418ecf-1462-4ad9-bc73-3d1e3a8ec488 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	312	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=789623f6-3070-43cd-b372-26872963d2f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1eee0fbe-44b2-44c9-bc72-4d035f92ff5c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	311	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=789623f6-3070-43cd-b372-26872963d2f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	310	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=789623f6-3070-43cd-b372-26872963d2f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	309	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=789623f6-3070-43cd-b372-26872963d2f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	308	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=789623f6-3070-43cd-b372-26872963d2f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	307	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=789623f6-3070-43cd-b372-26872963d2f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	306	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=789623f6-3070-43cd-b372-26872963d2f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	305	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=80a2680b-da09-4a5b-8e39-8f787a18ac65 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3a2d9a8f-3adf-437e-90b9-cc0e5d284b6b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	304	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=60059e04-b93f-431c-b477-a502cd93e13b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9c65d5ae-2554-4d34-abbc-60714ec68200 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	303	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=60059e04-b93f-431c-b477-a502cd93e13b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9c65d5ae-2554-4d34-abbc-60714ec68200 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	302	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=60059e04-b93f-431c-b477-a502cd93e13b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	301	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=60059e04-b93f-431c-b477-a502cd93e13b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	300	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=60059e04-b93f-431c-b477-a502cd93e13b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	299	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=60059e04-b93f-431c-b477-a502cd93e13b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	298	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=60059e04-b93f-431c-b477-a502cd93e13b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	297	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=60059e04-b93f-431c-b477-a502cd93e13b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	296	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=60059e04-b93f-431c-b477-a502cd93e13b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	295	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=60059e04-b93f-431c-b477-a502cd93e13b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	294	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=80a2680b-da09-4a5b-8e39-8f787a18ac65 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3a2d9a8f-3adf-437e-90b9-cc0e5d284b6b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	293	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=80a2680b-da09-4a5b-8e39-8f787a18ac65 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	292	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=80a2680b-da09-4a5b-8e39-8f787a18ac65 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	291	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=80a2680b-da09-4a5b-8e39-8f787a18ac65 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	290	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=80a2680b-da09-4a5b-8e39-8f787a18ac65 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	289	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=80a2680b-da09-4a5b-8e39-8f787a18ac65 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	288	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=80a2680b-da09-4a5b-8e39-8f787a18ac65 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	287	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=49bb5d92-3284-49e3-8e80-65bd2fa27a7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e4e22b2d-0ba8-4487-a7be-12169cad4581 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	286	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=767823a3-8ad3-46fd-b43d-f9c511e28318 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6130cd1c-d6b4-4dc8-8fe8-8d3636d540d4 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	285	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=767823a3-8ad3-46fd-b43d-f9c511e28318 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6130cd1c-d6b4-4dc8-8fe8-8d3636d540d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	284	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=767823a3-8ad3-46fd-b43d-f9c511e28318 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	283	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=767823a3-8ad3-46fd-b43d-f9c511e28318 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	282	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=767823a3-8ad3-46fd-b43d-f9c511e28318 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	281	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=767823a3-8ad3-46fd-b43d-f9c511e28318 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	280	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=767823a3-8ad3-46fd-b43d-f9c511e28318 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	279	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=767823a3-8ad3-46fd-b43d-f9c511e28318 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	278	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=767823a3-8ad3-46fd-b43d-f9c511e28318 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	277	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=767823a3-8ad3-46fd-b43d-f9c511e28318 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	276	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=49bb5d92-3284-49e3-8e80-65bd2fa27a7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e4e22b2d-0ba8-4487-a7be-12169cad4581 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	275	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=49bb5d92-3284-49e3-8e80-65bd2fa27a7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	274	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=49bb5d92-3284-49e3-8e80-65bd2fa27a7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	273	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=49bb5d92-3284-49e3-8e80-65bd2fa27a7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	272	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=49bb5d92-3284-49e3-8e80-65bd2fa27a7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	271	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=49bb5d92-3284-49e3-8e80-65bd2fa27a7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	270	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=49bb5d92-3284-49e3-8e80-65bd2fa27a7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	269	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9617d3c-18fc-4875-91ee-ed67c6d295a9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2d5105ad-b1fd-4d03-84d3-cc782c5ca7aa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	268	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=387d36cc-3d30-47aa-9fce-1eceed82ceb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=403c7254-52bf-461f-b631-b70d328ba844 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	267	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=387d36cc-3d30-47aa-9fce-1eceed82ceb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=403c7254-52bf-461f-b631-b70d328ba844 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	266	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=387d36cc-3d30-47aa-9fce-1eceed82ceb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	265	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=387d36cc-3d30-47aa-9fce-1eceed82ceb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	264	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=387d36cc-3d30-47aa-9fce-1eceed82ceb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	263	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=387d36cc-3d30-47aa-9fce-1eceed82ceb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	262	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=387d36cc-3d30-47aa-9fce-1eceed82ceb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	261	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=387d36cc-3d30-47aa-9fce-1eceed82ceb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	260	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=387d36cc-3d30-47aa-9fce-1eceed82ceb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	259	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=387d36cc-3d30-47aa-9fce-1eceed82ceb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	258	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9617d3c-18fc-4875-91ee-ed67c6d295a9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2d5105ad-b1fd-4d03-84d3-cc782c5ca7aa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	257	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9617d3c-18fc-4875-91ee-ed67c6d295a9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	256	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9617d3c-18fc-4875-91ee-ed67c6d295a9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	255	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9617d3c-18fc-4875-91ee-ed67c6d295a9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	254	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9617d3c-18fc-4875-91ee-ed67c6d295a9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	253	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9617d3c-18fc-4875-91ee-ed67c6d295a9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	252	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9617d3c-18fc-4875-91ee-ed67c6d295a9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	251	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3e13e6d5-b555-4ac8-9361-2296c0fd1073 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=cc6d46b2-5fce-4006-bc35-b6a09ff85df2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	250	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=001fe8b0-ffbe-46b4-9702-deb3e0cbdbac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ff7008b8-d103-4a19-9c9b-01a8d07b612d PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	249	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=001fe8b0-ffbe-46b4-9702-deb3e0cbdbac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ff7008b8-d103-4a19-9c9b-01a8d07b612d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	248	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=001fe8b0-ffbe-46b4-9702-deb3e0cbdbac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	247	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=001fe8b0-ffbe-46b4-9702-deb3e0cbdbac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	246	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=001fe8b0-ffbe-46b4-9702-deb3e0cbdbac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	245	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=001fe8b0-ffbe-46b4-9702-deb3e0cbdbac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	244	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=001fe8b0-ffbe-46b4-9702-deb3e0cbdbac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	243	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=001fe8b0-ffbe-46b4-9702-deb3e0cbdbac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	242	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=001fe8b0-ffbe-46b4-9702-deb3e0cbdbac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	241	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=001fe8b0-ffbe-46b4-9702-deb3e0cbdbac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	240	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3e13e6d5-b555-4ac8-9361-2296c0fd1073 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=cc6d46b2-5fce-4006-bc35-b6a09ff85df2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	239	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3e13e6d5-b555-4ac8-9361-2296c0fd1073 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	238	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3e13e6d5-b555-4ac8-9361-2296c0fd1073 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	237	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3e13e6d5-b555-4ac8-9361-2296c0fd1073 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	236	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3e13e6d5-b555-4ac8-9361-2296c0fd1073 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	235	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3e13e6d5-b555-4ac8-9361-2296c0fd1073 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	234	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3e13e6d5-b555-4ac8-9361-2296c0fd1073 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	233	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=089b10bd-e4b1-4408-9871-5f85550ee5ea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9c1329e0-ae68-475c-9e57-03aee8aa6c2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	232	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37a4c6a8-d106-41e4-904a-16d1d9c3bbc0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion=5.1.14393.1944 RunspaceId=c100d626-20c9-48df-b078-bf057aead8df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	231	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37a4c6a8-d106-41e4-904a-16d1d9c3bbc0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion=5.1.14393.1944 RunspaceId=c100d626-20c9-48df-b078-bf057aead8df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	230	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37a4c6a8-d106-41e4-904a-16d1d9c3bbc0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	229	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37a4c6a8-d106-41e4-904a-16d1d9c3bbc0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	228	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37a4c6a8-d106-41e4-904a-16d1d9c3bbc0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	227	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37a4c6a8-d106-41e4-904a-16d1d9c3bbc0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	226	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37a4c6a8-d106-41e4-904a-16d1d9c3bbc0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	225	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37a4c6a8-d106-41e4-904a-16d1d9c3bbc0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	224	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=210f850d-3166-41ad-be9c-b3b524f050c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7e71ecea-905e-441c-a3ec-1011ddd08dd5 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	223	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=210f850d-3166-41ad-be9c-b3b524f050c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7e71ecea-905e-441c-a3ec-1011ddd08dd5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	222	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=210f850d-3166-41ad-be9c-b3b524f050c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	221	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=210f850d-3166-41ad-be9c-b3b524f050c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	220	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=210f850d-3166-41ad-be9c-b3b524f050c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	219	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=210f850d-3166-41ad-be9c-b3b524f050c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	218	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=210f850d-3166-41ad-be9c-b3b524f050c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	217	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=210f850d-3166-41ad-be9c-b3b524f050c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	216	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=210f850d-3166-41ad-be9c-b3b524f050c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	215	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=210f850d-3166-41ad-be9c-b3b524f050c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	214	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=089b10bd-e4b1-4408-9871-5f85550ee5ea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9c1329e0-ae68-475c-9e57-03aee8aa6c2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	213	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=089b10bd-e4b1-4408-9871-5f85550ee5ea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	212	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=089b10bd-e4b1-4408-9871-5f85550ee5ea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	211	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=089b10bd-e4b1-4408-9871-5f85550ee5ea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	210	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=089b10bd-e4b1-4408-9871-5f85550ee5ea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	209	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=089b10bd-e4b1-4408-9871-5f85550ee5ea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	208	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=089b10bd-e4b1-4408-9871-5f85550ee5ea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	207	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=539e8022-dbbf-47b5-9627-c9038a81c18c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=90ca88ae-d531-4d86-b106-cd2a3ea8e8f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	206	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=57a5711d-2c89-4073-9865-6e571ba7f78a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=daee4581-5641-4d9d-8148-0d40c2079a79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	205	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=57a5711d-2c89-4073-9865-6e571ba7f78a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	204	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=57a5711d-2c89-4073-9865-6e571ba7f78a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	203	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=57a5711d-2c89-4073-9865-6e571ba7f78a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	202	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=57a5711d-2c89-4073-9865-6e571ba7f78a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	201	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=57a5711d-2c89-4073-9865-6e571ba7f78a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	200	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=57a5711d-2c89-4073-9865-6e571ba7f78a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	199	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=57a5711d-2c89-4073-9865-6e571ba7f78a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	198	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=57a5711d-2c89-4073-9865-6e571ba7f78a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	197	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=539e8022-dbbf-47b5-9627-c9038a81c18c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=90ca88ae-d531-4d86-b106-cd2a3ea8e8f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	196	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=539e8022-dbbf-47b5-9627-c9038a81c18c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	195	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=539e8022-dbbf-47b5-9627-c9038a81c18c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	194	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=539e8022-dbbf-47b5-9627-c9038a81c18c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	193	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=539e8022-dbbf-47b5-9627-c9038a81c18c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	192	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=539e8022-dbbf-47b5-9627-c9038a81c18c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	191	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=539e8022-dbbf-47b5-9627-c9038a81c18c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	190	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=36 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e31704fc-fa4f-43ae-b089-7a1f547b77fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=246a50cc-1b8e-4b20-9598-229f65d3b922 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	189	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=34 UserId=N-H1-851832-3\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=6384de4d-f63e-45e3-ab29-603391f5f94a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=57408104-2ea5-4c95-b9a6-fe6ccd0a1527 PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"	800		0	4	8		36028797018963968	188	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:09:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6384de4d-f63e-45e3-ab29-603391f5f94a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=57408104-2ea5-4c95-b9a6-fe6ccd0a1527 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	187	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:08:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6384de4d-f63e-45e3-ab29-603391f5f94a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	186	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:08:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6384de4d-f63e-45e3-ab29-603391f5f94a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	185	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:08:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6384de4d-f63e-45e3-ab29-603391f5f94a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	184	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:08:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6384de4d-f63e-45e3-ab29-603391f5f94a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	183	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:08:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6384de4d-f63e-45e3-ab29-603391f5f94a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	182	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:08:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6384de4d-f63e-45e3-ab29-603391f5f94a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	181	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:08:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6384de4d-f63e-45e3-ab29-603391f5f94a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	180	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:08:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6384de4d-f63e-45e3-ab29-603391f5f94a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	179	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:08:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e31704fc-fa4f-43ae-b089-7a1f547b77fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=246a50cc-1b8e-4b20-9598-229f65d3b922 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	178	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:08:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e31704fc-fa4f-43ae-b089-7a1f547b77fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	177	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:08:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e31704fc-fa4f-43ae-b089-7a1f547b77fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	176	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:08:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e31704fc-fa4f-43ae-b089-7a1f547b77fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	175	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:08:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e31704fc-fa4f-43ae-b089-7a1f547b77fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	174	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:08:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e31704fc-fa4f-43ae-b089-7a1f547b77fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	173	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:08:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e31704fc-fa4f-43ae-b089-7a1f547b77fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	172	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:08:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6af6654-1e6f-443d-be27-176352759fcb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=22e1db93-bbb5-4852-8232-da50c785db20 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	171	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:07:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=04d03228-0a1b-44b2-b91e-73a315b110c5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9efb49c9-bae7-4268-86f3-904fbac54a2e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	170	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:07:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=04d03228-0a1b-44b2-b91e-73a315b110c5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	169	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:07:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=04d03228-0a1b-44b2-b91e-73a315b110c5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	168	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:07:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=04d03228-0a1b-44b2-b91e-73a315b110c5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	167	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:07:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=04d03228-0a1b-44b2-b91e-73a315b110c5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	166	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:07:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=04d03228-0a1b-44b2-b91e-73a315b110c5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	165	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:07:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=04d03228-0a1b-44b2-b91e-73a315b110c5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	164	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:07:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=04d03228-0a1b-44b2-b91e-73a315b110c5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	163	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:07:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=04d03228-0a1b-44b2-b91e-73a315b110c5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	162	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:07:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6af6654-1e6f-443d-be27-176352759fcb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=22e1db93-bbb5-4852-8232-da50c785db20 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	161	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:07:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6af6654-1e6f-443d-be27-176352759fcb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	160	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:07:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6af6654-1e6f-443d-be27-176352759fcb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	159	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:07:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6af6654-1e6f-443d-be27-176352759fcb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	158	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:07:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6af6654-1e6f-443d-be27-176352759fcb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	157	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:07:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6af6654-1e6f-443d-be27-176352759fcb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	156	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:07:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6af6654-1e6f-443d-be27-176352759fcb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	155	PowerShell		Windows PowerShell			n-h1-851832-3		8/2/2022 3:07:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion=5.1.14393.1944 RunspaceId=7daab07d-0651-4522-8638-68cfa15aacea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	154	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	153	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=13 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	152	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	151	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	150	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	149	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	148	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	147	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	146	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=5.1.14393.1944 RunspaceId=aec94911-82d5-4605-ada7-e49055ea6007 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	145	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:41:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	144	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:41:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	143	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:41:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	142	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:41:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	141	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:41:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	140	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:41:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	139	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:41:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=5.1.14393.1944 RunspaceId=8db922f0-0511-49c4-b38a-fbdb0b2889c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	138	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:27:28 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	137	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:27:28 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	136	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:27:28 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	135	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:27:28 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	134	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:27:28 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	133	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:27:28 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	132	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:27:28 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2011431-ed26-493a-9d87-2110cadf0708 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=5.1.14393.1944 RunspaceId=f313b4cd-0f39-498d-9ea1-7d6a0388a78e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	131	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:23:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2011431-ed26-493a-9d87-2110cadf0708 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	130	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:23:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2011431-ed26-493a-9d87-2110cadf0708 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	129	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:23:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2011431-ed26-493a-9d87-2110cadf0708 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	128	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:23:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2011431-ed26-493a-9d87-2110cadf0708 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	127	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:23:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2011431-ed26-493a-9d87-2110cadf0708 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	126	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:23:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2011431-ed26-493a-9d87-2110cadf0708 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	125	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:23:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=5.1.14393.1944 RunspaceId=36a249c5-de3e-419e-a7df-98ad369b2d9e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	124	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:19:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	123	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:19:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	122	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:19:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	121	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:19:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	120	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:19:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	119	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:19:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	118	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:19:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=19 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=52ed0133-95ba-4d7e-a2ba-ec8c934216bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	117	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:11:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}. Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=98467050-eab8-4e58-97d4-7e9397ff0dd0 PipelineId=1 ScriptName= CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"	800		0	4	8		36028797018963968	116	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:07 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=98467050-eab8-4e58-97d4-7e9397ff0dd0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	115	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:06 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	114	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:05 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	113	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:05 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	112	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:05 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	111	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:05 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	110	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:05 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	109	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:05 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=52ed0133-95ba-4d7e-a2ba-ec8c934216bb PipelineId=1 ScriptName=C:\UnattendResources\ini.psm1 CommandLine=Add-Type -TypeDefinition $Source -Language CSharp Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp"	800		0	4	8		36028797018963968	108	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:05 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=52ed0133-95ba-4d7e-a2ba-ec8c934216bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	107	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:03 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	106	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:03 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	105	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:03 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	104	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:03 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	103	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:03 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	102	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:03 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	101	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:03 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=17 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=4d6fad3d-f0b3-4bbe-8ad9-b26d9ec7292f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	100	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:54:38 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}. Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=a4a0a07f-06ac-4a2d-86a2-f4c056fed0a8 PipelineId=1 ScriptName= CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"	800		0	4	8		36028797018963968	99	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:16 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=a4a0a07f-06ac-4a2d-86a2-f4c056fed0a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	98	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	97	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	96	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	95	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	94	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	93	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	92	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=4d6fad3d-f0b3-4bbe-8ad9-b26d9ec7292f PipelineId=1 ScriptName=C:\UnattendResources\ini.psm1 CommandLine=Add-Type -TypeDefinition $Source -Language CSharp Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp"	800		0	4	8		36028797018963968	91	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=4d6fad3d-f0b3-4bbe-8ad9-b26d9ec7292f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	90	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:11 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	89	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:10 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	88	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:10 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	87	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:10 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	86	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:10 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	85	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:10 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	84	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:10 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=17 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=c332c739-15b8-4812-b056-a474dd9993ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	83	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:45:55 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}. Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=27951a80-e512-49a7-b578-8a8c4c59ae5e PipelineId=1 ScriptName= CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"	800		0	4	8		36028797018963968	82	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:16 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=27951a80-e512-49a7-b578-8a8c4c59ae5e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	81	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	80	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	79	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	78	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	77	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	76	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	75	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=c332c739-15b8-4812-b056-a474dd9993ce PipelineId=1 ScriptName=C:\UnattendResources\ini.psm1 CommandLine=Add-Type -TypeDefinition $Source -Language CSharp Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp"	800		0	4	8		36028797018963968	74	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=c332c739-15b8-4812-b056-a474dd9993ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	73	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	72	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	71	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	70	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	69	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	68	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	67	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}. Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=4d7d6ea6-001a-4f6f-8ec6-2fb1c9710a0b PipelineId=1 ScriptName= CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"	800		0	4	8		36028797018963968	66	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=4d7d6ea6-001a-4f6f-8ec6-2fb1c9710a0b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	65	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	64	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	63	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	62	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	61	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	60	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	59	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=0abd4cfa-d693-4f23-b0cc-b5ff1c872ac6 PipelineId=1 ScriptName=C:\UnattendResources\ini.psm1 CommandLine=Add-Type -TypeDefinition $Source -Language CSharp Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp"	800		0	4	8		36028797018963968	58	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=0abd4cfa-d693-4f23-b0cc-b5ff1c872ac6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	57	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	56	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	55	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	54	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	53	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	52	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	51	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=17 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=21324846-87d1-4add-8e96-8b8ecf3baec5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	50	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:02:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}. Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=435f43b7-5ec6-41ea-9e53-9b93107b8d41 PipelineId=1 ScriptName= CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"	800		0	4	8		36028797018963968	49	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=435f43b7-5ec6-41ea-9e53-9b93107b8d41 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	48	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	47	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	46	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	45	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	44	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	43	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	42	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=21324846-87d1-4add-8e96-8b8ecf3baec5 PipelineId=1 ScriptName=C:\UnattendResources\ini.psm1 CommandLine=Add-Type -TypeDefinition $Source -Language CSharp Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp"	800		0	4	8		36028797018963968	41	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=21324846-87d1-4add-8e96-8b8ecf3baec5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	40	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	39	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	38	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	37	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	36	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	35	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	34	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=17 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.0 RunspaceId=9f172a18-8cea-4b39-aef6-cb820c01f9d3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	33	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:35:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}. Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.0 RunspaceId=e01d735e-b2d6-4538-b5bc-96db397d918b PipelineId=1 ScriptName= CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"	800		0	4	8		36028797018963968	32	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.0 RunspaceId=e01d735e-b2d6-4538-b5bc-96db397d918b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	31	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	30	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	29	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	28	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	27	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	26	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	25	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.0 RunspaceId=9f172a18-8cea-4b39-aef6-cb820c01f9d3 PipelineId=1 ScriptName=C:\UnattendResources\ini.psm1 CommandLine=Add-Type -TypeDefinition $Source -Language CSharp Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp"	800		0	4	8		36028797018963968	24	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.0 RunspaceId=9f172a18-8cea-4b39-aef6-cb820c01f9d3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	23	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	22	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	21	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	20	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	19	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	18	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	17	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion=5.1.14393.0 RunspaceId=8cefcba8-87f3-4fed-b96a-f2c105b2f3da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	16	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion=5.1.14393.0 RunspaceId=8cefcba8-87f3-4fed-b96a-f2c105b2f3da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	15	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	14	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	13	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	12	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	11	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	10	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	9	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion=5.1.14393.0 RunspaceId=16e771eb-c367-43f8-b362-2bd303750968 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	8	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion=5.1.14393.0 RunspaceId=16e771eb-c367-43f8-b362-2bd303750968 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	7	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	6	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	5	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	4	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]