10/14/2021 06:51:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598172
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 62549e8a-3c47-4676-9887-3c38ee65d0dd
Path:
10/14/2021 06:51:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598167
Keywords=None
Message=Creating Scriptblock text (1 of 1):
setspn.exe
ScriptBlock ID: c51ef6db-2869-4af2-a190-b44eab751689
Path:
10/14/2021 06:51:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598184
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 476e81ff-d162-4050-b33e-c0dd4013cb0d
Path:
10/14/2021 06:51:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598179
Keywords=None
Message=Creating Scriptblock text (1 of 1):
setspn -q
ScriptBlock ID: 44c6b85f-a558-4ec3-8f2c-48ba6ac800d9
Path:
10/14/2021 06:51:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598196
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 37981804-fa70-4e2a-a529-d381b86d8cb6
Path:
10/14/2021 06:51:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598191
Keywords=None
Message=Creating Scriptblock text (1 of 1):
setspn -Q
ScriptBlock ID: a5f78c0a-d7a4-4b95-8c92-65afb4aaf8d9
Path:
10/14/2021 06:51:29 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598203
Keywords=None
Message=Creating Scriptblock text (1 of 1):
setspn -T bar -F -Q */daserver
ScriptBlock ID: b2ba4784-6081-4f4f-8980-ef3fe7770538
Path:
10/14/2021 06:51:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598208
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: b324150e-14e5-434e-b880-557f554c8d4e
Path:
10/14/2021 06:51:38 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598215
Keywords=None
Message=Creating Scriptblock text (1 of 1):
setspn -T bar -F -Q */localhost
ScriptBlock ID: b4049a2b-4639-4c95-b317-83ba939d05f2
Path:
10/14/2021 06:51:43 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598220
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: c496881c-ea7e-481f-b269-df34fa737a3d
Path:
10/14/2021 06:51:47 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598232
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 346bd9d1-1574-487c-bab5-c67092a03c72
Path:
10/14/2021 06:51:47 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598227
Keywords=None
Message=Creating Scriptblock text (1 of 1):
setspn -x
ScriptBlock ID: 6969e0b9-757a-4c89-897e-51dfd44b8a23
Path:
10/14/2021 06:52:23 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598244
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 501dae77-0713-414c-81b4-f08d29650cec
Path:
10/14/2021 06:52:23 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598239
Keywords=None
Message=Creating Scriptblock text (1 of 1):
setspn -T attackrange.local
ScriptBlock ID: 375b9393-9e92-41c7-82a9-164a99d96c12
Path:
10/14/2021 06:52:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598256
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: a792d2bc-d583-4e18-a567-8acb1d3ac617
Path:
10/14/2021 06:52:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598251
Keywords=None
Message=Creating Scriptblock text (1 of 1):
hostname
ScriptBlock ID: 03363b86-e524-4714-ae83-8cd779ba0708
Path:
10/14/2021 06:52:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598268
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: ff07524b-8d6a-456c-8ac6-7fc9e1b78b04
Path:
10/14/2021 06:52:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598263
Keywords=None
Message=Creating Scriptblock text (1 of 1):
setspn -T attackrange
ScriptBlock ID: b3a8fd77-c0ee-4dce-b1f9-534fb92a1385
Path:
10/14/2021 06:52:38 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598280
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: b382a515-cd27-482e-b56b-7ee7c4a521a1
Path:
10/14/2021 06:52:38 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598275
Keywords=None
Message=Creating Scriptblock text (1 of 1):
setspn -T attackrange -Q */*
ScriptBlock ID: 7aec32fe-d927-4b7a-ba50-4002a2e0bdd5
Path:
10/14/2021 06:53:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598292
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: b0222790-8232-4f46-b259-36a0d14de432
Path:
10/14/2021 06:53:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598287
Keywords=None
Message=Creating Scriptblock text (1 of 1):
cd .\Desktop\
ScriptBlock ID: d38bc4f8-0ef0-4688-b4e5-75c97311aa71
Path:
10/14/2021 06:54:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598320
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: b931159d-3f5f-4896-a7f1-1bcc5e456e73
Path:
10/14/2021 06:54:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598314
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{[datetime]::fromFileTime($result.Properties["pwdlastset"][0])}
ScriptBlock ID: addc7b14-4b4f-475b-b0e1-22853e8a5831
Path: C:\Users\Administrator\Desktop\getuserspns.ps1
10/14/2021 06:54:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598311
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{$result.Properties["memberof"][0].ToString()}
ScriptBlock ID: 0da8d7ed-4845-4426-9fba-189247128932
Path: C:\Users\Administrator\Desktop\getuserspns.ps1
10/14/2021 06:54:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598308
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{$result.Properties["samaccountname"][0].ToString()}
ScriptBlock ID: 7495e0ff-4080-4e88-82a5-9c505819e522
Path: C:\Users\Administrator\Desktop\getuserspns.ps1
10/14/2021 06:54:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598305
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{$result.Properties["name"][0].ToString()}
ScriptBlock ID: d58a1338-45d5-4214-b5cd-cf13f0508ee3
Path: C:\Users\Administrator\Desktop\getuserspns.ps1
10/14/2021 06:54:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598302
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{$spn.ToString()}
ScriptBlock ID: c2a32474-027c-4e62-9ddf-9f854316320c
Path: C:\Users\Administrator\Desktop\getuserspns.ps1
10/14/2021 06:54:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598299
Keywords=None
Message=Creating Scriptblock text (1 of 1):
. .\getuserspns.ps1
ScriptBlock ID: 464c3e4c-85f1-4f64-8cb6-397f012c489a
Path:
10/14/2021 06:54:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598343
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 90843389-2661-46d8-88f6-753569c0a4b3
Path:
10/14/2021 06:54:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598327
Keywords=None
Message=Creating Scriptblock text (1 of 1):
. .\getuserspns.ps1 -UniqueAccounts
ScriptBlock ID: fa54c9e9-0716-49bc-af39-ae73e7da9e4c
Path:
10/14/2021 06:57:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598358
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: fcc3ab97-69d9-42a6-9858-4d85e04ba3db
Path:
10/14/2021 06:57:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598352
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Invoke-SPLPowerShellAuditLogging {
<#
.SYNOPSIS
A simple script to assist with enabling PowerShell Script Block, Module and Transcript logging.
.DESCRIPTION
The following functions are meant to make it easy to enable PowerShell Logging and Splunk it.
This particular method is not meant to be something deployed across an enterprise, which is why we have GPOs. This is meant to help with "testing" out PowerShell logging to determine proof of value in such a rich dataset.
.PARAMETER Method
Specifies the method of Logging you would like to enable.
ScriptBlockLogging
ModuleLogging
TranscriptLogging
EnableAllLogging
DisableAllLogging
ProcessCreateWithCmdline
.PARAMETER InputsFilePath
Specifies the path you would like the App to be installed at.
Default is C:\Program Files\SplunkUniversalForwarder\etc\apps
.PARAMETER TransactionLogPath
Specifies the path you would like Transaction logs to be stored.
Default is C:\pstransactions\
.EXAMPLE
Invoke-SPLPowerShellAuditLogging -method ScriptBlockLogging
Enable only ScriptBlockLogging
.EXAMPLE
Invoke-SPLPowerShellAuditLogging -method EnableAllLogging
Enable all logging
.EXAMPLE
Invoke-SPLPowerShellAuditLogging -method DisableAllLogging
Disable all logging and delete the transcript log directory.
.EXAMPLE
Invoke-SPLPowerShellAuditLogging -method EnableAllLogging -TransactionLogPath C:\Temp\
Enable all logging and place Transport logs in a specified path.
.LINK
Code originated from: https://raw.githubusercontent.com/timip/splunk/master/powershell_logging.ps1
Reference: https://hurricanelabs.com/splunk-tutorials/how-to-use-powershell-transcription-logs-in-splunk/
Original script from Tim Ip - https://github.com/timip/splunk/blob/master/powershell_logging.ps1
.NOTES
#>
param (
[Parameter(Mandatory)]
[String]
[ValidateSet('ScriptBlockLogging','ModuleLogging','TranscriptLogging','EnableAllLogging','DisableAllLogging','ProcessCreateWithCmdline','CreateInputs')]
$method,
[Parameter()]
[String]
$InputsFilePath = 'C:\Program Files\SplunkUniversalForwarder\etc\apps',
[Parameter()]
[String]
$TransactionLogPath = "C:\pstransactions\"
)
$ascii = @"
__
.-.__ \ .-. ___ __|_|
'--.-.-( \/\;;\_\.-._______.-.
(-)___ \ \ .-\ \;;\( \ \ \
Y '---._\_((Q)) \;;\\ .-\ __(_)
I __'-' / .--.((Q))---' \,
I ___.-: \| | \'-'_ \
A .-' \ .-.\ \ \ \ '--.__ '\
| |____.----((Q))\ \__|--\_ \ '
( ) '-' \_ : \-' '--.___\
Y \ \ \ \(_)
I \ \ \ \,
I \ \ \ \
A \ \ \ '\
| snd \ \__| '
\_:. \
\ \ \
\ \ \
\_\_|
"@
$ascii
function Invoke-SPLScriptBlockLogging {
Write-Host "Enabling PowerShell Script Block Logging"
$registryPath = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging"
$Name = "EnableScriptBlockLogging"
$value = "1"
IF (!(Test-Path $registryPath)) {
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
} ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
}
$registryPath = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging"
$Name = "EnableScriptBlockInvocationLogging"
$value = "1"
IF (!(Test-Path $registryPath)) {
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
} ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
}
}
function Invoke-SPLModuleLogging {
Write-Host "Enabling PowerShell Module Logging"
$registryPath = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging"
$Name = "EnableModuleLogging"
$value = "1"
IF (!(Test-Path $registryPath)) {
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
} ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
}
$registryPath = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames"
$Name = "*"
$value = "*"
IF (!(Test-Path $registryPath)) {
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value -Force | Out-Null
} ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value -Force | Out-Null
}
}
function Invoke-SPLTranscriptLogging {
Write-Host "Enabling PowerShell Transcript Logging"
$registryPath = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\Transcription"
$Name = "EnableInvocationHeader"
$value = "1"
IF (!(Test-Path $registryPath)) {
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
} ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
}
$registryPath = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\Transcription"
$Name = "EnableTranscripting"
$value = "1"
IF (!(Test-Path $registryPath)) {
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
} ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
}
$registryPath = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\Transcription"
$Name = "OutputDirectory"
$value = $TransactionLogPath
IF (!(Test-Path $TransactionLogPath)) {
New-Item -Path $TransactionLogPath -ItemType Directory -Force | Out-Null
} ELSE {
Write-Host "Unable to create directory $TransactionLogPath"
}
IF (!(Test-Path $registryPath)) {
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value -Force | Out-Null
} ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value -Force | Out-Null
}
}
function Invoke-SPLProcessCreationIncludeCmdLine {
Write-Host "Enabling Process Creation Include CmdLine"
auditpol /set /category:"detailed tracking" /subcategory:"Process Creation" /success:enable | Out-Null
$registryPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit"
$Name = "ProcessCreationIncludeCmdLine_Enabled"
$value = "1"
IF (!(Test-Path $registryPath)) {
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
} ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
}
}
function Invoke-SPLPSLogging {
Write-Host "Invoking all PowerShell Logging Methods" -ForegroundColor Green
Invoke-SPLScriptBlockLogging
Invoke-SPLModuleLogging
Invoke-SPLTranscriptLogging
Invoke-SPLProcessCreationIncludeCmdLine
Write-Host "All Logging is Enabled. May the force be with you." -ForegroundColor Green
}
function Invoke-SPLInputs {
$InputsConf=@"
[WinEventLog://Microsoft-Windows-PowerShell/Operational]
disabled = false
index = win
[monitor://$TransactionLogPath]
sourcetype = powershell:transcript
disabled = false
multiline_event_extra_waittime = true
time_before_close = 300
index = win
"@
$InputsConfFile = "$InputsFilePath\SPLAuditLogging\local\inputs.conf"
IF (!(Test-Path $InputsConfFile)) {
new-item -Path $InputsFilePath\SPLAuditLogging\local\ -itemtype directory -Force
new-item -Path $InputsConfFile -ItemType File -Force
Add-Content -Path $InputsConfFile -Value $InputsConf -Force -WarningAction Ignore
Write-Host "Restarting SplunkForwarder" -ForegroundColor Green
Restart-Service SplunkForwarder -Force
Write-Host "$InputsConfFile has been created and SplunkForwarder restarted." -ForegroundColor Green
} ELSE {
Write-Host "The $InputsConfFile is already created." -ForegroundColor Red
}
}
function Invoke-SPLDisableAllLogging {
$registryPath = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging"
$Name = "EnableScriptBlockLogging"
IF (Test-Path $registryPath) {
Remove-ItemProperty -Path $registryPath -Name $name -Force -WarningAction Ignore
} ELSE {
Write-Host "Unable to remove $registryPath and key $Name"
}
$registryPath = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging"
$Name = "EnableScriptBlockInvocationLogging"
IF (Test-Path $registryPath) {
Remove-ItemProperty -Path $registryPath -Name $name -Force
} ELSE {
Write-Host "Unable to remove $registryPath and key $Name"
}
$registryPath = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging"
$Name = "EnableModuleLogging"
IF (Test-Path $registryPath) {
Remove-ItemProperty -Path $registryPath -Name $name -Force
} ELSE {
Write-Host "Unable to remove $registryPath and key $Name"
}
$registryPath = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames"
$Name = "*"
IF (Test-Path $registryPath) {
Remove-ItemProperty -Path $registryPath -Name $name -Force
} ELSE {
Write-Host "Unable to remove $registryPath and key $Name"
}
$registryPath = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\Transcription"
$Name = "EnableInvocationHeader"
IF (Test-Path $registryPath) {
Remove-ItemProperty -Path $registryPath -Name $name -Force
} ELSE {
Write-Host "Unable to remove $registryPath and key $Name"
}
$registryPath = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\Transcription"
$Name = "EnableTranscripting"
IF (Test-Path $registryPath) {
Remove-ItemProperty -Path $registryPath -Name $name -Force
} ELSE {
Write-Host "Unable to remove $registryPath and key $Name"
}
$registryPath = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\Transcription"
$Name = "OutputDirectory"
IF (Test-Path $registryPath) {
Remove-ItemProperty -Path $registryPath -Name $name -Force
} ELSE {
Write-Host "Unable to remove $registryPath and key $Name"
}
$registryPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit"
$Name = "ProcessCreationIncludeCmdLine_Enabled"
IF (Test-Path $registryPath) {
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
} ELSE {
Write-Host "Unable to remove $registryPath and key $Name"
}
IF (Test-Path $TransactionLogPath) {
Remove-Item -Path $TransactionLogPath -Recurse -Force -WarningAction Ignore
} ELSE {
Write-Host "Unable to remove $TransactionLogPath"
}
}
switch ($method) {
'ScriptBlockLogging' { Invoke-SPLScriptBlockLogging }
'ModuleLogging' { Invoke-SPlModuleLogging }
'TranscriptLogging' { Invoke-SPLTranscriptLogging }
'EnableAllLogging' { Invoke-SPLPSLogging }
'DisableAllLogging' { Invoke-SPLDisableAllLogging }
'ProcessCreateWithCmdline' { Invoke-SPLProcessCreationIncludeCmdLine }
'CreateInputs' { Invoke-SPLInputs }
}
}
ScriptBlock ID: 8f5ab344-de09-418e-87ea-ce1d7bc531af
Path: C:\Users\Administrator\Desktop\invoke-splpowershellauditlogging.ps1
10/14/2021 06:57:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598350
Keywords=None
Message=Creating Scriptblock text (1 of 1):
. .\invoke-splpowershellauditlogging.ps1
ScriptBlock ID: 1f797747-aefb-4a7e-ab91-4629a54422d2
Path:
10/14/2021 06:57:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598365
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Invoke-SPLPowerShellAuditLogging
ScriptBlock ID: a3525c9a-c4bb-40a1-ae28-1122929f5961
Path:
10/14/2021 06:57:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598384
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: d98fea9b-67f1-4ba6-9017-c9f05f57fd6e
Path:
10/14/2021 06:57:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598377
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 3270ab7e-5dea-4072-ae11-e26f766bb2b0
Path:
10/14/2021 06:57:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598370
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: de6fe0c5-6af8-4a90-8c95-422d074f80d2
Path:
10/14/2021 06:57:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598411
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 2de34700-9ea5-44da-acd3-2550c6253156
Path:
10/14/2021 06:57:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598404
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Invoke-SPLProcessCreationIncludeCmdLine {
Write-Host "Enabling Process Creation Include CmdLine"
auditpol /set /category:"detailed tracking" /subcategory:"Process Creation" /success:enable | Out-Null
$registryPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit"
$Name = "ProcessCreationIncludeCmdLine_Enabled"
$value = "1"
IF (!(Test-Path $registryPath)) {
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
} ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
}
}
ScriptBlock ID: 50ef9dda-fff1-4367-ae8a-45e688a3249b
Path: C:\Users\Administrator\Desktop\invoke-splpowershellauditlogging.ps1
10/14/2021 06:57:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598401
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Invoke-SPLTranscriptLogging {
Write-Host "Enabling PowerShell Transcript Logging"
$registryPath = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\Transcription"
$Name = "EnableInvocationHeader"
$value = "1"
IF (!(Test-Path $registryPath)) {
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
} ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
}
$registryPath = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\Transcription"
$Name = "EnableTranscripting"
$value = "1"
IF (!(Test-Path $registryPath)) {
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
} ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
}
$registryPath = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\Transcription"
$Name = "OutputDirectory"
$value = $TransactionLogPath
IF (!(Test-Path $TransactionLogPath)) {
New-Item -Path $TransactionLogPath -ItemType Directory -Force | Out-Null
} ELSE {
Write-Host "Unable to create directory $TransactionLogPath"
}
IF (!(Test-Path $registryPath)) {
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value -Force | Out-Null
} ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value -Force | Out-Null
}
}
ScriptBlock ID: a9d6df27-2b43-49f0-9d14-396041c3650a
Path: C:\Users\Administrator\Desktop\invoke-splpowershellauditlogging.ps1
10/14/2021 06:57:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598398
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Invoke-SPLModuleLogging {
Write-Host "Enabling PowerShell Module Logging"
$registryPath = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging"
$Name = "EnableModuleLogging"
$value = "1"
IF (!(Test-Path $registryPath)) {
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
} ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
}
$registryPath = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames"
$Name = "*"
$value = "*"
IF (!(Test-Path $registryPath)) {
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value -Force | Out-Null
} ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value -Force | Out-Null
}
}
ScriptBlock ID: f76fb8ab-8fb7-44ba-9f69-ba5207fa638c
Path: C:\Users\Administrator\Desktop\invoke-splpowershellauditlogging.ps1
10/14/2021 06:57:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598395
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Invoke-SPLScriptBlockLogging {
Write-Host "Enabling PowerShell Script Block Logging"
$registryPath = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging"
$Name = "EnableScriptBlockLogging"
$value = "1"
IF (!(Test-Path $registryPath)) {
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
} ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
}
$registryPath = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging"
$Name = "EnableScriptBlockInvocationLogging"
$value = "1"
IF (!(Test-Path $registryPath)) {
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
} ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
}
}
ScriptBlock ID: 5a6c3d2b-61db-4ae4-82ed-d4e5aebf0226
Path: C:\Users\Administrator\Desktop\invoke-splpowershellauditlogging.ps1
10/14/2021 06:57:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598393
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Invoke-SPLPSLogging {
Write-Host "Invoking all PowerShell Logging Methods" -ForegroundColor Green
Invoke-SPLScriptBlockLogging
Invoke-SPLModuleLogging
Invoke-SPLTranscriptLogging
Invoke-SPLProcessCreationIncludeCmdLine
Write-Host "All Logging is Enabled. May the force be with you." -ForegroundColor Green
}
ScriptBlock ID: ee9ce4bd-c4bb-4d0c-8a6f-0fd2a19b4e9b
Path: C:\Users\Administrator\Desktop\invoke-splpowershellauditlogging.ps1
10/14/2021 06:57:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598391
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Invoke-SPLPowerShellAuditLogging -method EnableAllLogging
ScriptBlock ID: db0ddb2a-2598-4964-b668-79af36d2b1bb
Path:
10/14/2021 06:57:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598420
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Invoke-SPLInputs {
$InputsConf=@"
[WinEventLog://Microsoft-Windows-PowerShell/Operational]
disabled = false
index = win
[monitor://$TransactionLogPath]
sourcetype = powershell:transcript
disabled = false
multiline_event_extra_waittime = true
time_before_close = 300
index = win
"@
$InputsConfFile = "$InputsFilePath\SPLAuditLogging\local\inputs.conf"
IF (!(Test-Path $InputsConfFile)) {
new-item -Path $InputsFilePath\SPLAuditLogging\local\ -itemtype directory -Force
new-item -Path $InputsConfFile -ItemType File -Force
Add-Content -Path $InputsConfFile -Value $InputsConf -Force -WarningAction Ignore
Write-Host "Restarting SplunkForwarder" -ForegroundColor Green
Restart-Service SplunkForwarder -Force
Write-Host "$InputsConfFile has been created and SplunkForwarder restarted." -ForegroundColor Green
} ELSE {
Write-Host "The $InputsConfFile is already created." -ForegroundColor Red
}
}
ScriptBlock ID: 6b3b6f88-3978-4662-a12c-f8b2fe00d7c6
Path: C:\Users\Administrator\Desktop\invoke-splpowershellauditlogging.ps1
10/14/2021 06:57:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598418
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Invoke-SPLPowerShellAuditLogging -method CreateInputs
ScriptBlock ID: 0b1952ea-5049-45a3-9be3-504caab4d9af
Path:
10/14/2021 06:57:38 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598434
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 855aecbb-511b-4e04-9167-91ad45471711
Path:
10/14/2021 07:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598457
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 68ae4d26-6b66-4b15-9450-fedd4c08fa7c
Path:
10/14/2021 07:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598441
Keywords=None
Message=Creating Scriptblock text (1 of 1):
. .\getuserspns.ps1 -UniqueAccounts
ScriptBlock ID: 0e548056-3d9f-42cb-8bb4-8dd48132ca12
Path:
10/14/2021 07:04:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598486
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: d1663d6b-bc81-4160-bce4-64a798201dc9
Path:
10/14/2021 07:04:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598479
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }
ScriptBlock ID: 61568eb3-cd33-4abd-80d8-0ddb9400ae1a
Path:
10/14/2021 07:04:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598476
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }
ScriptBlock ID: 8191401e-b507-4b1c-b05c-b347077e571e
Path:
10/14/2021 07:04:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598469
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }
ScriptBlock ID: 470bf7d9-ed0c-4800-bc0b-5960176c8b06
Path:
10/14/2021 07:04:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598464
Keywords=None
Message=Creating Scriptblock text (1 of 1):
. .\getuseAdd-Type -AssemblyName System.IdentityModel rspns.ps1 -UniqueAccounts
ScriptBlock ID: ba13327d-1db1-415e-b506-5daa457815f6
Path:
10/14/2021 07:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598499
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: eea6fa1d-49e4-46a8-96c6-66255c791eee
Path:
10/14/2021 07:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598493
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Add-Type -AssemblyName System.IdentityModel
ScriptBlock ID: 0abec2d1-d1cb-401b-8493-80bbc6f05800
Path:
10/14/2021 07:04:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598529
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: f85ba359-b9c7-4ca7-bc90-4968b6f9c4b6
Path:
10/14/2021 07:04:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598522
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }
ScriptBlock ID: a1d12da6-a824-430e-a5b4-a616caaa498d
Path:
10/14/2021 07:04:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598519
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }
ScriptBlock ID: cdd8d028-af70-4759-b542-c36b80d03794
Path:
10/14/2021 07:04:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598512
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }
ScriptBlock ID: ffd8cf59-88f7-4514-9125-542e446662ad
Path:
10/14/2021 07:04:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598506
Keywords=None
Message=Creating Scriptblock text (1 of 1):
New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "HTTP/web01.medin.local"
ScriptBlock ID: ab9556af-326d-4aa7-bcef-e2033ce18bf4
Path:
10/14/2021 07:06:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598548
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: b25cc486-8e16-4953-b2d6-913a6428763a
Path:
10/14/2021 07:06:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598538
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $_.Context.PostContext[0].Trim() }
ScriptBlock ID: bf7c4de6-c892-46d8-b38f-f8a738c21360
Path:
10/14/2021 07:06:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598536
Keywords=None
Message=Creating Scriptblock text (1 of 1):
setspn.exe -T attackrange.local -Q */* | Select-String '^CN' -Context 0,1 | % { New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $_.Context.PostContext[0].Trim() }
ScriptBlock ID: d7f41a92-e9c2-444e-919c-4ee6016ebde1
Path:
10/14/2021 07:07:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598578
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 13a978a9-8403-49ee-aed4-fd2fa2ba61cc
Path:
10/14/2021 07:07:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598571
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }
ScriptBlock ID: 640d69cf-a0ac-4723-974c-a17083f83baf
Path:
10/14/2021 07:07:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598568
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }
ScriptBlock ID: 0a50d293-902e-412b-89e8-edafb5346837
Path:
10/14/2021 07:07:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598561
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }
ScriptBlock ID: f2de9e7a-e329-40b4-9cc0-0d9f89751d56
Path:
10/14/2021 07:07:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598555
Keywords=None
Message=Creating Scriptblock text (1 of 1):
New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "HTTP/attackrange.local"
ScriptBlock ID: bfc7d8c7-72d9-49f2-b39a-11d721e18ecd
Path:
10/14/2021 07:08:23 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598604
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $_.Context.PostContext[0].Trim() }
ScriptBlock ID: 1d48961e-8688-4960-9478-0870e1298936
Path:
10/14/2021 07:08:23 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598600
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }
ScriptBlock ID: 5f654fd6-65d0-422f-aa96-dce42576dbb9
Path:
10/14/2021 07:08:23 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598597
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }
ScriptBlock ID: 8b835720-df9d-43fa-b710-1c19e3279854
Path:
10/14/2021 07:08:23 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598590
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }
ScriptBlock ID: a2815064-b92f-45ca-8bd9-1fcc8ad93cba
Path:
10/14/2021 07:08:23 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598585
Keywords=None
Message=Creating Scriptblock text (1 of 1):
New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "HTTP/web01.medin.local" New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "HTTP/web01.attackrange.local"
setspn.exe -T attackrange.local -Q */* | Select-String '^CN' -Context 0,1 | % { New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $_.Context.PostContext[0].Trim() }
ScriptBlock ID: b8d62f40-537c-4a8f-b3fc-b88865828ff8
Path:
10/14/2021 07:08:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598614
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: bd3304c7-84a8-4dcd-91ea-cccd4b0908df
Path:
10/14/2021 07:08:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598642
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 64c12c6a-020d-4785-8791-078431ae1222
Path:
10/14/2021 07:08:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598635
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: f7f49aee-3ce6-41f3-87a9-f7d4995e7707
Path:
10/14/2021 07:08:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598628
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 0db0082b-3458-42fd-a35c-8dc8108ae281
Path:
10/14/2021 07:08:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598621
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 2af28066-7182-425f-85da-25dd9fdc85ff
Path:
10/14/2021 07:08:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598649
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: ed224de1-5caf-4411-9656-06a247a143ef
Path:
10/14/2021 07:08:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598685
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: d02b8457-6561-46a2-977e-e33a18c9f9f0
Path:
10/14/2021 07:08:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598675
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $_.Context.PostContext[0].Trim() }
ScriptBlock ID: 08215104-4032-44a7-8814-0c07eb113200
Path:
10/14/2021 07:08:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598671
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }
ScriptBlock ID: c6161c0f-f70b-4d22-a7c4-605e9c72539e
Path:
10/14/2021 07:08:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598668
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }
ScriptBlock ID: 1e76d2ce-cbf4-475f-8f90-d91dd0e620b0
Path:
10/14/2021 07:08:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598661
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }
ScriptBlock ID: 6a4e8be2-b5ab-417d-aa24-e6a1796cefd0
Path:
10/14/2021 07:08:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598656
Keywords=None
Message=Creating Scriptblock text (1 of 1):
New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "HTTP/web01.medin.local" New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "HTTP/web01.attackrange.local"
setspn.exe -T attackrange.local -Q */* | Select-String '^CN' -Context 0,1 | % { New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $_.Context.PostContext[0].Trim() }
ScriptBlock ID: 604d0da1-548b-40c8-9d8b-0f2d38ffd6c1
Path:
10/14/2021 07:09:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598698
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: a7d133d0-83a8-4862-9477-41a1bd3fb690
Path:
10/14/2021 07:09:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598888
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }
ScriptBlock ID: f7656020-3781-469d-b52a-1694b2d8b371
Path:
10/14/2021 07:09:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598884
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }
ScriptBlock ID: 4547c1f3-efe9-4508-ba88-c1ac18fdfa2c
Path:
10/14/2021 07:09:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598878
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails }
ScriptBlock ID: d40f1024-f1c6-47ed-8636-9cea571c5187
Path:
10/14/2021 07:09:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598874
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }
ScriptBlock ID: 8b43eb23-fcff-49bc-84d8-282353895513
Path:
10/14/2021 07:09:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598839
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }
ScriptBlock ID: c460e119-fcd7-4fc8-a796-cfa385fbc500
Path:
10/14/2021 07:09:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598835
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }
ScriptBlock ID: 24b852c8-e85f-4406-a316-1a5ba71750f4
Path:
10/14/2021 07:09:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598829
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails }
ScriptBlock ID: cb940892-5332-4a90-aa04-21b77f34f41a
Path:
10/14/2021 07:09:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598825
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }
ScriptBlock ID: 40dcb1db-5993-4fa6-bd90-a875013125b3
Path:
10/14/2021 07:09:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598790
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }
ScriptBlock ID: a414a499-9437-4fbc-8113-9fd3e90f1af5
Path:
10/14/2021 07:09:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598786
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }
ScriptBlock ID: a151efae-3fd3-45bf-bdfb-2797dc3645e1
Path:
10/14/2021 07:09:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598780
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails }
ScriptBlock ID: ee5cbba1-181a-4681-88cf-0dde4958f880
Path:
10/14/2021 07:09:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598776
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }
ScriptBlock ID: 10b54905-dcb6-4fcb-9484-ec9a77e8fb26
Path:
10/14/2021 07:09:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598765
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $_.Context.PostContext[0].Trim() }
ScriptBlock ID: 2494afa1-029c-47e8-97cf-b3de3bd99495
Path:
10/14/2021 07:09:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598760
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }
ScriptBlock ID: 546793d9-39f4-4ffe-b7ce-619ca0718be4
Path:
10/14/2021 07:09:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598756
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }
ScriptBlock ID: f9df3e9b-cf8d-441e-96df-af22dafbe030
Path:
10/14/2021 07:09:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598750
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails }
ScriptBlock ID: e86f0330-e98a-4149-a2b5-3f71345f0fc8
Path:
10/14/2021 07:09:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598746
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }
ScriptBlock ID: 2fb68305-ba0c-4a49-99ef-5b8d45db3904
Path:
10/14/2021 07:09:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598737
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }
ScriptBlock ID: 165108f2-fd30-47a6-854e-834803ae3fa6
Path:
10/14/2021 07:09:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598733
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }
ScriptBlock ID: 0128c869-fe7c-43fc-8d5f-7e0e2ac3ebf7
Path:
10/14/2021 07:09:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598727
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails }
ScriptBlock ID: adc44d2d-0631-4493-9132-e5794476a982
Path:
10/14/2021 07:09:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598723
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }
ScriptBlock ID: 96171b9a-1124-4eb8-a47d-4e12c58dd1bd
Path:
10/14/2021 07:09:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598712
Keywords=None
Message=Creating Scriptblock text (1 of 1):
New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "HTTP/web01.attackrange.local"
setspn.exe -T attackrange.local -Q */* | Select-String '^CN' -Context 0,1 | % { New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $_.Context.PostContext[0].Trim() }
ScriptBlock ID: 4a213473-c892-4262-b37c-72374f9bbaa5
Path:
10/14/2021 07:09:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598918
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 8cf00297-dde2-420f-8ac5-c7d5646a9546
Path:
10/14/2021 07:09:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598980
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $_.Context.PostContext[0].Trim() }
ScriptBlock ID: ad9b3a0e-4035-4123-b6cd-682fd82e8eb1
Path:
10/14/2021 07:09:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598975
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }
ScriptBlock ID: 7d1437f4-0a2f-4639-a502-0c5710a35469
Path:
10/14/2021 07:09:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598971
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }
ScriptBlock ID: 264069c8-cb8f-4594-9326-5a59a1dfaeb3
Path:
10/14/2021 07:09:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598962
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }
ScriptBlock ID: 62e7af79-0863-44cf-bb4a-86487f5602ef
Path:
10/14/2021 07:09:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598953
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }
ScriptBlock ID: 59ac920e-8160-4666-af49-d78b3cda0f5a
Path:
10/14/2021 07:09:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598949
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }
ScriptBlock ID: d582970c-5a59-46fa-96c7-6035bd04e902
Path:
10/14/2021 07:09:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598943
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails }
ScriptBlock ID: 3403d8f2-e5f9-44cb-9787-2f15b7e847ce
Path:
10/14/2021 07:09:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598939
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }
ScriptBlock ID: 08828f20-d9da-4f5b-bda0-836480db3d90
Path:
10/14/2021 07:09:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598927
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Add-Type -AssemblyName System.IdentityModel
New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "HTTP/web01.attackrange.local"
setspn.exe -T attackrange.local -Q */* | Select-String '^CN' -Context 0,1 | % { New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $_.Context.PostContext[0].Trim() }
ScriptBlock ID: 166a446e-8220-48c2-ab40-8b8a87df1ceb
Path:
10/14/2021 07:09:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=598995
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 1566722d-4d8f-4fc3-bf73-bd1aada7c6d5
Path:
10/14/2021 07:10:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599072
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: ed7c359b-3867-45f1-83e3-4c2f0756a1a3
Path:
10/14/2021 07:10:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599057
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $_.Context.PostContext[0].Trim() }
ScriptBlock ID: 54f13112-be1f-42d9-9104-d182be73de0b
Path:
10/14/2021 07:10:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599052
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }
ScriptBlock ID: 406f795a-6695-44f8-acd0-bd2e953edd87
Path:
10/14/2021 07:10:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599048
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }
ScriptBlock ID: b893deb0-e034-4b4d-9fc5-3a2b6b787451
Path:
10/14/2021 07:10:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599039
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }
ScriptBlock ID: 7d9bc710-84a9-4452-b688-180b32408fc1
Path:
10/14/2021 07:10:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599030
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }
ScriptBlock ID: ad919068-f97a-49b9-84ec-38f5dac87543
Path:
10/14/2021 07:10:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599026
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }
ScriptBlock ID: 4f292abb-caa9-42f0-96cf-f7e498f00499
Path:
10/14/2021 07:10:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599020
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails }
ScriptBlock ID: 126d5895-99a7-452f-8436-545de0f842fc
Path:
10/14/2021 07:10:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599016
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }
ScriptBlock ID: 87acd683-afb9-462f-be48-c38f5702773a
Path:
10/14/2021 07:10:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599004
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Add-Type -AssemblyName System.IdentityModel
New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "HTTP/web01.haag.local"
setspn.exe -T attackrange.local -Q */* | Select-String '^CN' -Context 0,1 | % { New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $_.Context.PostContext[0].Trim() }
ScriptBlock ID: 7d7c9c6d-1c45-4ff0-b83f-cebd3f078df4
Path:
10/14/2021 07:11:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599081
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Add-Type -AssemblyName System.IdentityModel
setspn.exe -T medin.local -Q */* | Select-String '^CN' -Context 0,1 | % { New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $_.Context.PostContext[0].Trim() }
ScriptBlock ID: dba46b98-57d2-4a16-8b3a-dd7eb351812b
Path:
10/14/2021 07:11:28 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599099
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: f17d138b-ecb7-4435-8fdf-8083abf32ef6
Path:
10/14/2021 07:11:28 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599084
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $_.Context.PostContext[0].Trim() }
ScriptBlock ID: 30252a62-878f-45a8-b0e4-5d60e356b69d
Path:
10/14/2021 07:15:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599114
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 2a9290bd-545e-48fd-a87a-65aa94a7a31b
Path:
10/14/2021 07:15:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599108
Keywords=None
Message=Creating Scriptblock text (1 of 1):
hostname
ScriptBlock ID: 7ac0fb62-520d-428a-9d51-f9bfcde6599a
Path:
10/14/2021 07:15:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599131
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 8707602d-55fb-4066-b89f-d3590b4421ef
Path:
10/14/2021 07:15:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599123
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Add-Type -AssemblyName System.IdentityModel
New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "HTTP/win-dc-469.attackrange.local"
ScriptBlock ID: 148c192c-894e-4d07-95ea-d627e212894e
Path:
10/14/2021 07:18:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599146
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 5b3b97ed-7c4e-4c91-b1b9-4c22687286b0
Path:
10/14/2021 07:18:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599140
Keywords=None
Message=Creating Scriptblock text (1 of 1):
setspn -T attackrange.local -Q */*
ScriptBlock ID: 630fa660-4560-487a-b349-54d949365f48
Path:
10/14/2021 07:19:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599161
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: d6ba45a3-7bba-433c-a182-68a3a92346f3
Path:
10/14/2021 07:19:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599155
Keywords=None
Message=Creating Scriptblock text (1 of 1):
setspn
ScriptBlock ID: 7dad97cb-476d-4814-ba05-d7fa9c2fd626
Path:
10/14/2021 07:25:01 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599178
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 8653b704-bcb1-4b32-bdda-f127c1027d12
Path:
10/14/2021 07:25:01 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599170
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Add-Type -AssemblyName System.IdentityModel
New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "HTTP/win-dc-469.attackrange.local"
ScriptBlock ID: 67a496ef-808e-4419-82d3-3a39ea9c3a8a
Path:
10/14/2021 07:33:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599193
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 2e2ce57f-ba8d-402f-a921-d15193798744
Path:
10/14/2021 07:33:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599187
Keywords=None
Message=Creating Scriptblock text (1 of 1):
net user atomic password /add /domain
setspn -s smb/purplehaze.offense:445 atomic
ScriptBlock ID: 7e5f2bfc-0180-4cd2-9aec-ed53a3ad22df
Path:
10/14/2021 07:33:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599257
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: bbdc1ed4-60e6-4d8d-a6b9-d95d3f0dd3f9
Path:
10/14/2021 07:33:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599247
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }
ScriptBlock ID: 9e5c54a4-f1d0-4cf7-90c2-cfe5be6e1cd7
Path:
10/14/2021 07:33:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599243
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }
ScriptBlock ID: b7b1b183-c064-4684-93ad-f5be22e66814
Path:
10/14/2021 07:33:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599234
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }
ScriptBlock ID: c40afc5f-18bd-401c-89fa-ef7f3d25c8a1
Path:
10/14/2021 07:33:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599225
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }
ScriptBlock ID: 34765363-ddf3-4439-87a7-f22547175779
Path:
10/14/2021 07:33:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599221
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }
ScriptBlock ID: e82d7876-c6c9-43d1-a94f-cbbcd02c9a52
Path:
10/14/2021 07:33:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599215
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails }
ScriptBlock ID: 42406dc6-ff05-4657-8276-7cfbd9b21a58
Path:
10/14/2021 07:33:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599211
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }
ScriptBlock ID: 7db9109f-511c-4497-b914-e2f538a33fce
Path:
10/14/2021 07:33:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599202
Keywords=None
Message=Creating Scriptblock text (1 of 1):
setpsn
ScriptBlock ID: 29d8537d-6125-42c9-9fdb-7e3d14208dd2
Path:
10/14/2021 07:33:30 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599272
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: d86037f9-c68e-4ba7-a05d-36c38158df94
Path:
10/14/2021 07:33:30 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599266
Keywords=None
Message=Creating Scriptblock text (1 of 1):
setspn
ScriptBlock ID: 95336630-c2a5-4705-a1c5-bd8b3b72bb5f
Path:
10/14/2021 07:45:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599287
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 2d96c38a-e3e4-46ff-93e7-aed5a138b721
Path:
10/14/2021 07:45:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599281
Keywords=None
Message=Creating Scriptblock text (1 of 1):
setspn -T global.mydomain.local -F -Q MSSQLSvc/*
ScriptBlock ID: 587a5b45-b438-4c2f-b411-7da6a2c286b6
Path:
10/14/2021 07:45:44 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599302
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 36b7273b-b3a5-473e-8293-ffed721b2e2b
Path:
10/14/2021 07:45:44 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599296
Keywords=None
Message=Creating Scriptblock text (1 of 1):
setspn -T attackrange.local -F -Q MSSQLSvc/*
ScriptBlock ID: 9ff19dc3-d441-442b-9a3c-61d8a7d8920b
Path:
10/14/2021 08:25:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599317
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: 04b461fe-0fc6-4249-a728-50b1b84a1dc2
Path:
10/14/2021 08:25:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-469.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3946589728-3102711660-3528854901-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=599311
Keywords=None
Message=Creating Scriptblock text (1 of 1):
setspn
ScriptBlock ID: ca944b3e-e3e0-419a-a243-13caa3318d69
Path:
10/14/2021 09:31:44 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88570
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: d32591fb-ceba-40af-8616-d3102de35331
Path:
10/14/2021 09:31:45 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88606
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt
ScriptBlock ID: d5a5ef56-9850-42a0-b05f-ac62d4afe285
Path:
10/14/2021 09:31:45 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88599
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }
ScriptBlock ID: fc4fffea-9b17-438a-93fd-5022e2c9582b
Path:
10/14/2021 09:31:45 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88596
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }
ScriptBlock ID: 5a0ff2ec-8206-48c9-bf43-3f0b21f0f06a
Path:
10/14/2021 09:31:45 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88591
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails }
ScriptBlock ID: 7b817c58-de7d-4030-a968-4753bd63e212
Path:
10/14/2021 09:31:45 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88588
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }
ScriptBlock ID: 46238d59-4c8b-4aea-ac75-3f084e7b726c
Path:
10/14/2021 09:31:45 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88581
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Add-Type -AssemblyName System.IdentityModel
New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "HTTP/win-dc-469.attackrange.local"
ScriptBlock ID: 767137e6-929d-4358-960b-db98fce67df1
Path:
10/14/2021 09:31:47 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88617
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
@{
# Script module or binary module file associated with this manifest.
RootModule = 'Ec2Launch.psm1'
# Version number of this module.
ModuleVersion = '1.3.2003411'
# ID used to uniquely identify this module
GUID = 'b83c8f5d-5096-43d4-aa08-0e7e886f6da7'
# Author of this module
Author = 'Amazon Inc.'
# Company or vendor of this module
CompanyName = 'Amazon'
# Copyright statement for this module
Copyright = 'Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.'
# Description of the functionality provided by this module
Description = 'PowerShell module to initialize Ec2 instance during launch'
# Minimum version of the Windows PowerShell engine required by this module
PowerShellVersion = '3.0'
# Functions to export from this module
FunctionsToExport = '*'
# Cmdlets to export from this module
CmdletsToExport = '*'
# Variables to export from this module
VariablesToExport = '*'
# Aliases to export from this module
AliasesToExport = '*'
# Private data to pass to the module specified in RootModule/ModuleToProcess.
PrivateData = @{
PSData = @{
} # End of PSData hashtable
} # End of PrivateData hashtable
}
# SIG # Begin signature block
# MIIc9QYJKoZIhvcNAQcCoIIc5jCCHOICAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAbzcezFI+5taMS
# LPDAIQo4+FmCZz7s2CHU9z2HLkawsqCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+sMIIP
# qAIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIFw/hBRFfMqKbjAbXd+PhKpStLzKloO/GQo/spw07s+AMA0GCSqGSIb3DQEB
# AQUABIIBACyFzd7GBVGHZL1jWilGjIlo+XVvz4VtRt/xpW0F5DXBekS69xCiv3pR
# lXP0KZCfYbWyn8RH5mFEjDibKPGEPHsCZezje7YXPTv6G8QCinXnuGKe5PtPgVlp
# mDEdtuarYPpZ8RBa+Fkj5fIp8X8OyJ+UJQkGTVCo0KJtL71nkeuxweYDGXW9MME8
# lRPkfGi9ddA9ylgYWp45aQsGIIjwBACijqhxARYKEJLvIh6gMlxC3xYOZpM3Ye+r
# CBqK0hXwt1LJ9qPA3GYqp2LGPvYxO/BKVf5qhwnmQZL4bIcDTmQMSdle/oB1yiVf
# Q0PsFG0SgCT9XM5/Uim/Xr88inI8PeOhgg1+MIINegYKKwYBBAGCNwMDATGCDWow
# gg1mBgkqhkiG9w0BBwKggg1XMIINUwIBAzEPMA0GCWCGSAFlAwQCAQUAMHgGCyqG
# SIb3DQEJEAEEoGkEZzBlAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# CniohYA5rp9k0cqBRsM4TGJujYOMWJ7KgyValc2OatkCEQCDqQgNMVtHWe1AUzTZ
# G0wPGA8yMDIxMDgwNDE4MzgzNVqgggo3MIIE/jCCA+agAwIBAgIQDUJK4L46iP9g
# QCHOFADw3TANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
# RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQD
# EyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBMB4XDTIx
# MDEwMTAwMDAwMFoXDTMxMDEwNjAwMDAwMFowSDELMAkGA1UEBhMCVVMxFzAVBgNV
# BAoTDkRpZ2lDZXJ0LCBJbmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAg
# MjAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLmYYRnxYr1DQik
# Rcpja1HXOhFCvQp1dU2UtAxQtSYQ/h3Ib5FrDJbnGlxI70Tlv5thzRWRYlq4/2cL
# nGP9NmqB+in43Stwhd4CGPN4bbx9+cdtCT2+anaH6Yq9+IRdHnbJ5MZ2djpT0dHT
# WjaPxqPhLxs6t2HWc+xObTOKfF1FLUuxUOZBOjdWhtyTI433UCXoZObd048vV7WH
# IOsOjizVI9r0TXhG4wODMSlKXAwxikqMiMX3MFr5FK8VX2xDSQn9JiNT9o1j6Bqr
# W7EdMMKbaYK02/xWVLwfoYervnpbCiAvSwnJlaeNsvrWY4tOpXIc7p96AXP4Gdb+
# DUmEvQECAwEAAaOCAbgwggG0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA
# MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEEGA1UdIAQ6MDgwNgYJYIZIAYb9bAcB
# MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAfBgNV
# HSMEGDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUNkSGjqS6sGa+
# vCgtHUQ23eNqerwwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNl
# cnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRp
# Z2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcw
# JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcw
# AoZDaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3Vy
# ZWRJRFRpbWVzdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEASBzctema
# I7znGucgDo5nRv1CclF0CiNHo6uS0iXEcFm+FKDlJ4GlTRQVGQd58NEEw4bZO73+
# RAJmTe1ppA/2uHDPYuj1UUp4eTZ6J7fz51Kfk6ftQ55757TdQSKJ+4eiRgNO/PT+
# t2R3Y18jUmmDgvoaU+2QzI2hF3MN9PNlOXBL85zWenvaDLw9MtAby/Vh/HUIAHa8
# gQ74wOFcz8QRcucbZEnYIpp1FUL1LTI4gdr0YKK6tFL7XOBhJCVPst/JKahzQ1Ha
# vWPWH1ub9y4bTxMd90oNcX6Xt/Q/hOvB46NJofrOp79Wz7pZdmGJX36ntI5nePk2
# mOHLKNpbh6aKLzCCBTEwggQZoAMCAQICEAqhJdbWMht+QeQF2jaXwhUwDQYJKoZI
# hvcNAQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
# MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNz
# dXJlZCBJRCBSb290IENBMB4XDTE2MDEwNzEyMDAwMFoXDTMxMDEwNzEyMDAwMFow
# cjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVk
# IElEIFRpbWVzdGFtcGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
# ggEBAL3QMu5LzY9/3am6gpnFOVQoV7YjSsQOB0UzURB90Pl9TWh+57ag9I2ziOSX
# v2MhkJi/E7xX08PhfgjWahQAOPcuHjvuzKb2Mln+X2U/4Jvr40ZHBhpVfgsnfsCi
# 9aDg3iI/Dv9+lfvzo7oiPhisEeTwmQNtO4V8CdPuXciaC1TjqAlxa+DPIhAPdc9x
# ck4Krd9AOly3UeGheRTGTSQjMF287DxgaqwvB8z98OpH2YhQXv1mblZhJymJhFHm
# gudGUP2UKiyn5HU+upgPhH+fMRTWrdXyZMt7HgXQhBlyF/EXBu89zdZN7wZC/aJT
# Kk+FHcQdPK/P2qwQ9d2srOlW/5MCAwEAAaOCAc4wggHKMB0GA1UdDgQWBBT0tuEg
# Hf4prtLkYaWyoiWyyBc1bjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAK
# BggrBgEFBQcDCDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHow
# eDA6oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJl
# ZElEUm9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp
# Z2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDBQBgNVHSAESTBHMDgGCmCGSAGG/WwA
# AgQwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAL
# BglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggEBAHGVEulRh1Zpze/d2nyqY3qz
# eM8GN0CE70uEv8rPAwL9xafDDiBCLK938ysfDCFaKrcFNB1qrpn4J6JmvwmqYN92
# pDqTD/iy0dh8GWLoXoIlHsS6HHssIeLWWywUNUMEaLLbdQLgcseY1jxk5R9IEBhf
# iThhTWJGJIdjjJFSLK8pieV4H9YLFKWA1xJHcLN11ZOFk362kmf7U2GJqPVrlsD0
# WGkNfMgBsbkodbeZY4UijGHKeZR+WfyMD+NvtQEmtmyl7odRIeRYYJu6DC0rbaLE
# frvEJStHAgh8Sa4TtuF8QkIoxhhWz0E0tmZdtnR79VYzIi8iNrJLokqV2PWmjlIx
# ggKGMIICggIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
# SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2Vy
# dCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhANQkrgvjqI/2BAIc4U
# APDdMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB
# BDAcBgkqhkiG9w0BCQUxDxcNMjEwODA0MTgzODM1WjArBgsqhkiG9w0BCRACDDEc
# MBowGDAWBBTh14Ko4ZG+72vKFpG1qrSUpiSb8zAvBgkqhkiG9w0BCQQxIgQgnGRI
# cRvLkvyKgMtIXqbFycPK03rDBBlDzAmoA+tdkrcwNwYLKoZIhvcNAQkQAi8xKDAm
# MCQwIgQgsxCQBrwK2YMHkVcp4EQDQVyD4ykrYU8mlkyNNXHs9akwDQYJKoZIhvcN
# AQEBBQAEggEAmb/7e1KNj9/GGwgDCL/7ImFCo7gX46WGQoV/Ty3MQ6DiDUlDeQis
# +WV2zmwI6v52CWdEYPYz9x+EpVYGNShKGSRjRDDNtjAxX1afFJn095iWPftDnPLh
# +wcQU69g2K9Wpuq5sLVuQxaIDbx2KTtRkqftmCAk1Y8+zIENCjMMKMTPtHgmnQpV
# 8xCvusp2EQu90UyUq/5qzX5gH814e6WGLwDo3H4RjPiLIXLH24n99Dw+DoTaJl9W
# /gQ74x7IRYswotgHN57j1GUZI7i5jU8Akd2iHuo4qBx5XPx/qQdTPOhdXxnRjiuJ
# L5Tdh4HhwYgNd4ThVqRvh+uSi5sH6kH+AA==
# SIG # End signature block
ScriptBlock ID: 323d24b8-9633-41c1-bfd6-5ec37aea93c9
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psd1
10/14/2021 09:31:47 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88615
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Import-Module C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psd1; Set-Wallpaper -Initial
ScriptBlock ID: 10cdbf5c-1604-4a1b-b5e6-b7d44f6f2363
Path:
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88846
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Set-Alias -Name gcls -Value Get-CimClass -Option ReadOnly, AllScope -ErrorAction SilentlyContinue
ScriptBlock ID: 3070f405-1749-4049-9d50-6eab4210d0a5
Path:
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88844
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Set-Alias -Name ncso -Value New-CimSessionOption -Option ReadOnly, AllScope -ErrorAction SilentlyContinue
ScriptBlock ID: 50bedde9-63ad-44c8-bf1e-da3272f3e39a
Path:
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88842
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Set-Alias -Name gcms -Value Get-CimSession -Option ReadOnly, AllScope -ErrorAction SilentlyContinue
ScriptBlock ID: 437b118f-8be6-471c-88c4-c496ba57f25d
Path:
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88840
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Set-Alias -Name rcms -Value Remove-cimSession -Option ReadOnly, AllScope -ErrorAction SilentlyContinue
ScriptBlock ID: 8a431f07-3bbe-4254-9b43-46f8f320b765
Path:
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88838
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Set-Alias -Name ncms -Value New-CimSession -Option ReadOnly, AllScope -ErrorAction SilentlyContinue
ScriptBlock ID: b4f41936-3bae-4ea5-b8fb-17bcfd8b78a1
Path:
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88836
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Set-Alias -Name rcie -Value Register-CimIndicationEvent -Option ReadOnly, AllScope -ErrorAction SilentlyContinue
ScriptBlock ID: 734f99ec-2163-40c8-9c22-5df32dac84ab
Path:
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88834
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Set-Alias -Name gcai -Value Get-CimAssociatedInstance -Option ReadOnly, AllScope -ErrorAction SilentlyContinue
ScriptBlock ID: c4ef219a-b8ff-496a-bd09-cec08696fbbc
Path:
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88832
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Set-Alias -Name icim -Value Invoke-CimMethod -Option ReadOnly, AllScope -ErrorAction SilentlyContinue
ScriptBlock ID: e72d5e6b-f306-4d13-b971-4751403efd03
Path:
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88830
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Set-Alias -Name rcim -Value Remove-cimInstance -Option ReadOnly, AllScope -ErrorAction SilentlyContinue
ScriptBlock ID: bf2493f9-618a-4457-80b3-d3a5dd6a6609
Path:
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88828
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Set-Alias -Name ncim -Value New-CimInstance -Option ReadOnly, AllScope -ErrorAction SilentlyContinue
ScriptBlock ID: afd17b5c-03e2-464e-8c33-0a0fc7950945
Path:
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88826
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Set-Alias -Name scim -Value Set-CimInstance -Option ReadOnly, AllScope -ErrorAction SilentlyContinue
ScriptBlock ID: da27382c-7953-4bd9-8712-7786398fb5d1
Path:
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88824
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Set-Alias -Name gcim -Value Get-CimInstance -Option ReadOnly, AllScope -ErrorAction SilentlyContinue
ScriptBlock ID: 2aa8eac0-48fe-4462-b48f-ab34eff35640
Path:
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88820
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Test-NanoServer
{
try
{
if (-not $script:skuNumber)
{
Set-Variable skuNumber -Option Constant -Scope Script -Value ((Get-CimInstance -ClassName Win32_OperatingSystem | select OperatingSystemSKU).OperatingSystemSKU)
}
return $script:skuNumber -eq 143 -or $script:skuNumber -eq 144
}
catch
{
return $false
}
}
ScriptBlock ID: 7f343de9-93aa-4b4c-8739-c3b7d5822d1d
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Test-NanoServer.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88816
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Write-Log logs given message to file and console if the argument is provided.
-------------------------------------------------------------------------------------------------------------#>
function Write-Log
{
param (
# Message is a mandatory argument.
[Parameter(Mandatory=$true, Position=0)]
[string] $Message,
# LogToConsole is to log the message to both file and console.
[Parameter(Mandatory=$false)]
[switch] $LogToConsole = $false
)
# Initialize-Log function must be called first prior to calling this function.
if (-not $script:logSettingStack -or $script:logSettingStack.Count -eq 0)
{
return
}
$logSetting = $script:logSettingStack.Peek()
$logFilename = $logSetting.LogFilename
$allowLogToConsole = $logSetting.AllowLogToConsole
# Set log file path with log filename set by Initialize-Log.
if (-not (Test-Path $script:logPath))
{
New-Item -Path $script:logPath -Type directory | Out-Null
}
$filePath = Join-Path $script:logPath -ChildPath $logFilename
if (-not (Test-Path $filePath))
{
New-Item -Path $filePath -Type file | Out-Null
}
# Every message must include a timestamp in the following format.
try
{
$newMessage = "{0}: {1}" -f (Get-Date).ToUniversalTime().ToString("yyyy'/'MM'/'dd HH':'mm':'ss'Z'"), $Message
$newMessage | Out-File -Filepath $filePath -Append
}
catch
{
}
# If LogToConsole is allowed and is provided, it displays the message to console.
if ($allowLogToConsole -and $LogToConsole)
{
try
{
# Open COM port and write message to console
Send-Message -Message $newMessage
}
catch
{
Write-Log ("Failed to log to console: {0}" -f $_.Exception)
}
}
}
# SIG # Begin signature block
# MIIc9QYJKoZIhvcNAQcCoIIc5jCCHOICAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCaIRQaobntZHjt
# OAXv7Yt5XqOaFtlGm9F48/n11rmxnaCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+sMIIP
# qAIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEID9QjO/+4IDblc+bElKvIvtDqhzPmvEQp0dn5ewsfzzjMA0GCSqGSIb3DQEB
# AQUABIIBADqMyVasmG2xdNF4AGJHytGNdS9kDMTQLHAKRe0qL3MpIvWBguEJ7w4I
# eF7MxwuladGv4UpGv3ENSPoFbs6GgeBwwYNluEv8K4pJ4bqkKEFrqetgkZ+OGexh
# nACAUoXG9agVAKe+EDZ51Iqymywg1m9HSJj8e2a5aiUYepbRzaIZVzXgGP3TsoFU
# oB4u+pzDKESJKpAnOXLHNDa3NWaSMFyV+gjiJgLEu0PzO4e9uOq/GY44F2vL+SJZ
# /4dr3wyjkPjdTAbAH4nWFf73RYXX5ds7CyW22ZlVh6bSdgGX1NBk99oC4yHpEhqb
# 4fjfZPWuNHPcuhlbYADoD29KZlKTvBShgg1+MIINegYKKwYBBAGCNwMDATGCDWow
# gg1mBgkqhkiG9w0BBwKggg1XMIINUwIBAzEPMA0GCWCGSAFlAwQCAQUAMHgGCyqG
# SIb3DQEJEAEEoGkEZzBlAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# GPqaTJ44eVzUW/bvtdiPFgJZUIrK9NtfGKaTjknvd7wCEQDlb+2sUkIbQhUxs2U0
# xo2+GA8yMDIxMDgwNDE4MzI0M1qgggo3MIIE/jCCA+agAwIBAgIQDUJK4L46iP9g
# QCHOFADw3TANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
# RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQD
# EyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBMB4XDTIx
# MDEwMTAwMDAwMFoXDTMxMDEwNjAwMDAwMFowSDELMAkGA1UEBhMCVVMxFzAVBgNV
# BAoTDkRpZ2lDZXJ0LCBJbmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAg
# MjAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLmYYRnxYr1DQik
# Rcpja1HXOhFCvQp1dU2UtAxQtSYQ/h3Ib5FrDJbnGlxI70Tlv5thzRWRYlq4/2cL
# nGP9NmqB+in43Stwhd4CGPN4bbx9+cdtCT2+anaH6Yq9+IRdHnbJ5MZ2djpT0dHT
# WjaPxqPhLxs6t2HWc+xObTOKfF1FLUuxUOZBOjdWhtyTI433UCXoZObd048vV7WH
# IOsOjizVI9r0TXhG4wODMSlKXAwxikqMiMX3MFr5FK8VX2xDSQn9JiNT9o1j6Bqr
# W7EdMMKbaYK02/xWVLwfoYervnpbCiAvSwnJlaeNsvrWY4tOpXIc7p96AXP4Gdb+
# DUmEvQECAwEAAaOCAbgwggG0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA
# MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEEGA1UdIAQ6MDgwNgYJYIZIAYb9bAcB
# MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAfBgNV
# HSMEGDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUNkSGjqS6sGa+
# vCgtHUQ23eNqerwwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNl
# cnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRp
# Z2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcw
# JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcw
# AoZDaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3Vy
# ZWRJRFRpbWVzdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEASBzctema
# I7znGucgDo5nRv1CclF0CiNHo6uS0iXEcFm+FKDlJ4GlTRQVGQd58NEEw4bZO73+
# RAJmTe1ppA/2uHDPYuj1UUp4eTZ6J7fz51Kfk6ftQ55757TdQSKJ+4eiRgNO/PT+
# t2R3Y18jUmmDgvoaU+2QzI2hF3MN9PNlOXBL85zWenvaDLw9MtAby/Vh/HUIAHa8
# gQ74wOFcz8QRcucbZEnYIpp1FUL1LTI4gdr0YKK6tFL7XOBhJCVPst/JKahzQ1Ha
# vWPWH1ub9y4bTxMd90oNcX6Xt/Q/hOvB46NJofrOp79Wz7pZdmGJX36ntI5nePk2
# mOHLKNpbh6aKLzCCBTEwggQZoAMCAQICEAqhJdbWMht+QeQF2jaXwhUwDQYJKoZI
# hvcNAQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
# MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNz
# dXJlZCBJRCBSb290IENBMB4XDTE2MDEwNzEyMDAwMFoXDTMxMDEwNzEyMDAwMFow
# cjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVk
# IElEIFRpbWVzdGFtcGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
# ggEBAL3QMu5LzY9/3am6gpnFOVQoV7YjSsQOB0UzURB90Pl9TWh+57ag9I2ziOSX
# v2MhkJi/E7xX08PhfgjWahQAOPcuHjvuzKb2Mln+X2U/4Jvr40ZHBhpVfgsnfsCi
# 9aDg3iI/Dv9+lfvzo7oiPhisEeTwmQNtO4V8CdPuXciaC1TjqAlxa+DPIhAPdc9x
# ck4Krd9AOly3UeGheRTGTSQjMF287DxgaqwvB8z98OpH2YhQXv1mblZhJymJhFHm
# gudGUP2UKiyn5HU+upgPhH+fMRTWrdXyZMt7HgXQhBlyF/EXBu89zdZN7wZC/aJT
# Kk+FHcQdPK/P2qwQ9d2srOlW/5MCAwEAAaOCAc4wggHKMB0GA1UdDgQWBBT0tuEg
# Hf4prtLkYaWyoiWyyBc1bjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAK
# BggrBgEFBQcDCDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHow
# eDA6oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJl
# ZElEUm9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp
# Z2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDBQBgNVHSAESTBHMDgGCmCGSAGG/WwA
# AgQwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAL
# BglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggEBAHGVEulRh1Zpze/d2nyqY3qz
# eM8GN0CE70uEv8rPAwL9xafDDiBCLK938ysfDCFaKrcFNB1qrpn4J6JmvwmqYN92
# pDqTD/iy0dh8GWLoXoIlHsS6HHssIeLWWywUNUMEaLLbdQLgcseY1jxk5R9IEBhf
# iThhTWJGJIdjjJFSLK8pieV4H9YLFKWA1xJHcLN11ZOFk362kmf7U2GJqPVrlsD0
# WGkNfMgBsbkodbeZY4UijGHKeZR+WfyMD+NvtQEmtmyl7odRIeRYYJu6DC0rbaLE
# frvEJStHAgh8Sa4TtuF8QkIoxhhWz0E0tmZdtnR79VYzIi8iNrJLokqV2PWmjlIx
# ggKGMIICggIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
# SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2Vy
# dCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhANQkrgvjqI/2BAIc4U
# APDdMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB
# BDAcBgkqhkiG9w0BCQUxDxcNMjEwODA0MTgzMjQzWjArBgsqhkiG9w0BCRACDDEc
# MBowGDAWBBTh14Ko4ZG+72vKFpG1qrSUpiSb8zAvBgkqhkiG9w0BCQQxIgQgrTMK
# 2Na8tHXOH+XTFJJex2m16nQ8qpRLkYRMmpB+zfcwNwYLKoZIhvcNAQkQAi8xKDAm
# MCQwIgQgsxCQBrwK2YMHkVcp4EQDQVyD4ykrYU8mlkyNNXHs9akwDQYJKoZIhvcN
# AQEBBQAEggEAku+Wv5J4rFcpuvf2V7sWgH+aifuIMnVKOAsrBEhcexDBSCMue4xB
# r+wFaHiKBUZrtZesYpruY/sNxSwULnS1dGPgV7HDH/OyN2bfHkSDiMlAr5bIyxFu
# R1GMVEjpsCi/BWAIlHl9JFzCXZ8DepLPNv5N4HrVbVUGosVmyhxNo8qwNGIPbrx0
# 6o/gYdnBLbBfwy9VF32un7s++DrNIwHP2FEpWtm7GEWS5u7QKbx5zf5Pg9jWQt8y
# uiZrVasCgirAhQhSAHLV7NOrHGzSOobSNXKgeVBBvf/rOwWcGIUqX4DdElO4EH8i
# y8CwHbeemklxir15BiROmbrJ8mXzHMtVew==
# SIG # End signature block
ScriptBlock ID: 766d174a-f21f-4906-9bd4-52c666ab1863
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Write-Log.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88813
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Wait-Sysprep repeatedly checks for sysprep completion by checking registry key.
Script always must wait for sysprep to be complete for the first stage.
-------------------------------------------------------------------------------------------------------------#>
function Wait-Sysprep
{
# Nano Server doesn't support Sysprep. So we need to check if current platform is Nano Server.
# Otherwise, it will fall into infinite loop if it is Nano Server.
if (Test-NanoServer)
{
return
}
$expectedState = "IMAGE_STATE_COMPLETE"
$setupStateKey = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State"
$sleepTime = 1
$count = 0
while ($true)
{
try
{
# Sysprep state must be IMAGE_STATE_COMPLETE to continue.
$currentImageState = (Get-ItemProperty -Path $setupStateKey).ImageState
if ($currentImageState -eq $expectedState)
{
Write-Log "Windows sysprep configuration complete." -LogToConsole
break
}
}
catch
{
Write-Log "Warning: Unable to determine SysprepState"
}
if ($count -eq 0)
{
Write-Log ("Windows is being configured. SysprepState={0}" -f $currentImageState) -LogToConsole
}
elseif (($count * $sleepTime) % 60 -eq 0)
{
# This message will be logged to log file every 1 minute
Write-Log ("Windows is still being configured. SysprepState={0}" -f $currentImageState)
}
Start-Sleep -seconds $sleepTime
$count++
}
}
# SIG # Begin signature block
# MIIc9QYJKoZIhvcNAQcCoIIc5jCCHOICAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBQSvBCj5YJ06QJ
# YbBSUzoZ8BNrqtANvlJM5pRoM/SSTKCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+sMIIP
# qAIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEILGFaF4XWXnmxjng5S9eOxke/+h4H2QAhdTpRuP/dfoVMA0GCSqGSIb3DQEB
# AQUABIIBADOV59muD3vayxeF5V4EWCMPGpaBLZ2rdt99DPTSunKWO3x4GSevLLpa
# bMwjF3kg3cVJhsNrXKLoOoqRDp71P0dLJTU9oMKvpmHTGJwaF91YsHULMWDOX/Pa
# xNuobb38245/VNbJMK6i4nRKX3DCCZmVD7STGinlfRQ+YG9mDC5EDGB7D67CaN+n
# 1F3CNq2nD3NxK6+Q2VM0C04a1aMpSregnxLvYkZnpd/FBw3GJP8ssf9wh+/QX3Jm
# XRoLMpnzPjartf7qf7KipkxumJ5bnLZO/IlrudMnwitcvk+1zq4sLT90ST6S3W/R
# dnRHmIRlcYiUbb+Fh9yXTyNuKBHkt12hgg1+MIINegYKKwYBBAGCNwMDATGCDWow
# gg1mBgkqhkiG9w0BBwKggg1XMIINUwIBAzEPMA0GCWCGSAFlAwQCAQUAMHgGCyqG
# SIb3DQEJEAEEoGkEZzBlAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# /FZpvy7wFBZXmk3b3xYAxf885I1sv4IVB7xwRM5XyuECEQCmh30cHkPdXyghhu/V
# Zk8cGA8yMDIxMDgwNDE4MzU1Mlqgggo3MIIE/jCCA+agAwIBAgIQDUJK4L46iP9g
# QCHOFADw3TANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
# RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQD
# EyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBMB4XDTIx
# MDEwMTAwMDAwMFoXDTMxMDEwNjAwMDAwMFowSDELMAkGA1UEBhMCVVMxFzAVBgNV
# BAoTDkRpZ2lDZXJ0LCBJbmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAg
# MjAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLmYYRnxYr1DQik
# Rcpja1HXOhFCvQp1dU2UtAxQtSYQ/h3Ib5FrDJbnGlxI70Tlv5thzRWRYlq4/2cL
# nGP9NmqB+in43Stwhd4CGPN4bbx9+cdtCT2+anaH6Yq9+IRdHnbJ5MZ2djpT0dHT
# WjaPxqPhLxs6t2HWc+xObTOKfF1FLUuxUOZBOjdWhtyTI433UCXoZObd048vV7WH
# IOsOjizVI9r0TXhG4wODMSlKXAwxikqMiMX3MFr5FK8VX2xDSQn9JiNT9o1j6Bqr
# W7EdMMKbaYK02/xWVLwfoYervnpbCiAvSwnJlaeNsvrWY4tOpXIc7p96AXP4Gdb+
# DUmEvQECAwEAAaOCAbgwggG0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA
# MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEEGA1UdIAQ6MDgwNgYJYIZIAYb9bAcB
# MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAfBgNV
# HSMEGDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUNkSGjqS6sGa+
# vCgtHUQ23eNqerwwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNl
# cnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRp
# Z2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcw
# JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcw
# AoZDaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3Vy
# ZWRJRFRpbWVzdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEASBzctema
# I7znGucgDo5nRv1CclF0CiNHo6uS0iXEcFm+FKDlJ4GlTRQVGQd58NEEw4bZO73+
# RAJmTe1ppA/2uHDPYuj1UUp4eTZ6J7fz51Kfk6ftQ55757TdQSKJ+4eiRgNO/PT+
# t2R3Y18jUmmDgvoaU+2QzI2hF3MN9PNlOXBL85zWenvaDLw9MtAby/Vh/HUIAHa8
# gQ74wOFcz8QRcucbZEnYIpp1FUL1LTI4gdr0YKK6tFL7XOBhJCVPst/JKahzQ1Ha
# vWPWH1ub9y4bTxMd90oNcX6Xt/Q/hOvB46NJofrOp79Wz7pZdmGJX36ntI5nePk2
# mOHLKNpbh6aKLzCCBTEwggQZoAMCAQICEAqhJdbWMht+QeQF2jaXwhUwDQYJKoZI
# hvcNAQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
# MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNz
# dXJlZCBJRCBSb290IENBMB4XDTE2MDEwNzEyMDAwMFoXDTMxMDEwNzEyMDAwMFow
# cjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVk
# IElEIFRpbWVzdGFtcGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
# ggEBAL3QMu5LzY9/3am6gpnFOVQoV7YjSsQOB0UzURB90Pl9TWh+57ag9I2ziOSX
# v2MhkJi/E7xX08PhfgjWahQAOPcuHjvuzKb2Mln+X2U/4Jvr40ZHBhpVfgsnfsCi
# 9aDg3iI/Dv9+lfvzo7oiPhisEeTwmQNtO4V8CdPuXciaC1TjqAlxa+DPIhAPdc9x
# ck4Krd9AOly3UeGheRTGTSQjMF287DxgaqwvB8z98OpH2YhQXv1mblZhJymJhFHm
# gudGUP2UKiyn5HU+upgPhH+fMRTWrdXyZMt7HgXQhBlyF/EXBu89zdZN7wZC/aJT
# Kk+FHcQdPK/P2qwQ9d2srOlW/5MCAwEAAaOCAc4wggHKMB0GA1UdDgQWBBT0tuEg
# Hf4prtLkYaWyoiWyyBc1bjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAK
# BggrBgEFBQcDCDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHow
# eDA6oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJl
# ZElEUm9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp
# Z2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDBQBgNVHSAESTBHMDgGCmCGSAGG/WwA
# AgQwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAL
# BglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggEBAHGVEulRh1Zpze/d2nyqY3qz
# eM8GN0CE70uEv8rPAwL9xafDDiBCLK938ysfDCFaKrcFNB1qrpn4J6JmvwmqYN92
# pDqTD/iy0dh8GWLoXoIlHsS6HHssIeLWWywUNUMEaLLbdQLgcseY1jxk5R9IEBhf
# iThhTWJGJIdjjJFSLK8pieV4H9YLFKWA1xJHcLN11ZOFk362kmf7U2GJqPVrlsD0
# WGkNfMgBsbkodbeZY4UijGHKeZR+WfyMD+NvtQEmtmyl7odRIeRYYJu6DC0rbaLE
# frvEJStHAgh8Sa4TtuF8QkIoxhhWz0E0tmZdtnR79VYzIi8iNrJLokqV2PWmjlIx
# ggKGMIICggIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
# SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2Vy
# dCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhANQkrgvjqI/2BAIc4U
# APDdMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB
# BDAcBgkqhkiG9w0BCQUxDxcNMjEwODA0MTgzNTUyWjArBgsqhkiG9w0BCRACDDEc
# MBowGDAWBBTh14Ko4ZG+72vKFpG1qrSUpiSb8zAvBgkqhkiG9w0BCQQxIgQgodBx
# I59tK5QpT3Ik/S5EuxlP6qrUtyqMdmkMAIDIqCIwNwYLKoZIhvcNAQkQAi8xKDAm
# MCQwIgQgsxCQBrwK2YMHkVcp4EQDQVyD4ykrYU8mlkyNNXHs9akwDQYJKoZIhvcN
# AQEBBQAEggEAKp8R7Ej7ZDNBFG2xIjiQugYDS5HqjFnPqrpqiJ2YsciL1AZ/Ov8+
# qXnt5Ya1bfCE1712Jf+iRilBc3xkk/ef/mU3Rj2rrkUw9shFmLgimxOJDDRssPck
# msj3hPA19lua2VG/CZ0Vd+f+FvunOVh+QN7K3x9os0cy+7ewOeiFuCDBCLVDEKxL
# R6vx6iI1cpkbZRx4gRPDEZZP/cyMVXlyJOc9Xu3nuLxUfBq/NELa8NXfolL6nyyI
# aRig3bIUGw7gHCDI1KD8w1CtiqXAmgr4/d3ZLiqgNocFv9B2+FfEsZjkVznVbQ1r
# 1QXM+wQT690syoVZskTOBN4RbOoYkNu5Gw==
# SIG # End signature block
ScriptBlock ID: 72aa9e3b-7c51-4001-a9e4-6b6cfd73da81
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Wait-Sysprep.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88810
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Wait-Metadata repeatedly attempts to get metadata.
Many tasks use the metadata, so it is important to wait for metadata.
-------------------------------------------------------------------------------------------------------------#>
function Wait-Metadata
{
Write-Log "Message: Waiting for meta-data accessibility..." -LogToConsole
$sleepTime = 5
$count = 0
while ($true)
{
try
{
# If getting metadata doesn't throw an exception, it is available.
#
# Don't use IMDS V2 when checking if metadata is available, use V1 because
# if we don't get a response from IMDS we want to know its because its not
# available yet, and not due to the hop limit that IMDS V2 has
Get-Metadata -UrlFragment "meta-data/" -AttemptV2 $false | Out-Null
Write-Log "Message: Meta-data is now available." -LogToConsole
break
}
catch
{
Write-Log ("Failed to load metadata {0}" -f $_.Exception.Message)
}
# It logs the status to console every 2 minutes.
if (($count * $sleepTime) % 120 -eq 0)
{
Write-Log "Message: Still waiting for meta-data accessibility..." -LogToConsole
}
Start-Sleep -seconds $sleepTime
$count ++
}
}
# SIG # Begin signature block
# MIIc9AYJKoZIhvcNAQcCoIIc5TCCHOECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCSBVEslvYaJTMH
# Aip4jhkHBfyCGwmH7HVrTR3xUTedT6CCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+rMIIP
# pwIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEII68Ef2Ui492Q2xSeJS0pmj44My8JWRRXo+vq4Ybo671MA0GCSqGSIb3DQEB
# AQUABIIBAHuV/KYDJp+kXMQ7pM13ndCC6YyY7OXqsz45YSL4cIutpCn1deKZ477U
# +jWOZr5+76bkNcRo/7+1czWAoqBw/rv/zt2/KbjrKcrvyJYRztRG4Ez4qvmoMBce
# neSggeRqAJbAPiq2v88BlTPDIYXKnal1lutD2/galnNgfUn1YqeybN50k9ZYNbnc
# XE2xEl7nic9Ttkp20NtEbcNvICZjR77WvtHPhE1KqBZo+Sv/sA5aQVxZDowFSwuV
# ey5UXwwyiNQkpLdX+PdUoZOt48xgk7E5sR1jKIAB4wnqS+bQeDExrpFGpD6eUYSU
# 8XUqcemhbbhkhgGYm5zoXsn4S8WFyNqhgg19MIINeQYKKwYBBAGCNwMDATGCDWkw
# gg1lBgkqhkiG9w0BBwKggg1WMIINUgIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqG
# SIb3DQEJEAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# ECiyBy5EyU7Y0KlaBYW+VHlMadsGrXzDDj0NmcxJOiYCEDgT/qgct2cQMeE/ts9d
# rEsYDzIwMjEwODA0MTgzNDIzWqCCCjcwggT+MIID5qADAgECAhANQkrgvjqI/2BA
# Ic4UAPDdMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE
# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMT
# KERpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMjEw
# MTAxMDAwMDAwWhcNMzEwMTA2MDAwMDAwWjBIMQswCQYDVQQGEwJVUzEXMBUGA1UE
# ChMORGlnaUNlcnQsIEluYy4xIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAy
# MDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZhhGfFivUNCKRF
# ymNrUdc6EUK9CnV1TZS0DFC1JhD+HchvkWsMlucaXEjvROW/m2HNFZFiWrj/Zwuc
# Y/02aoH6KfjdK3CF3gIY83htvH35x20JPb5qdofpir34hF0edsnkxnZ2OlPR0dNa
# No/Go+EvGzq3YdZz7E5tM4p8XUUtS7FQ5kE6N1aG3JMjjfdQJehk5t3Tjy9XtYcg
# 6w6OLNUj2vRNeEbjA4MxKUpcDDGKSoyIxfcwWvkUrxVfbENJCf0mI1P2jWPoGqtb
# sR0wwptpgrTb/FZUvB+hh6u+elsKIC9LCcmVp42y+tZji06lchzun3oBc/gZ1v4N
# SYS9AQIDAQABo4IBuDCCAbQwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAw
# FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwQQYDVR0gBDowODA2BglghkgBhv1sBwEw
# KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB8GA1Ud
# IwQYMBaAFPS24SAd/imu0uRhpbKiJbLIFzVuMB0GA1UdDgQWBBQ2RIaOpLqwZr68
# KC0dRDbd42p6vDBxBgNVHR8EajBoMDKgMKAuhixodHRwOi8vY3JsMy5kaWdpY2Vy
# dC5jb20vc2hhMi1hc3N1cmVkLXRzLmNybDAyoDCgLoYsaHR0cDovL2NybDQuZGln
# aWNlcnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwgYUGCCsGAQUFBwEBBHkwdzAk
# BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAC
# hkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJl
# ZElEVGltZXN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQBIHNy16Zoj
# vOca5yAOjmdG/UJyUXQKI0ejq5LSJcRwWb4UoOUngaVNFBUZB3nw0QTDhtk7vf5E
# AmZN7WmkD/a4cM9i6PVRSnh5Nnont/PnUp+Tp+1DnnvntN1BIon7h6JGA0789P63
# ZHdjXyNSaYOC+hpT7ZDMjaEXcw3082U5cEvznNZ6e9oMvD0y0BvL9WH8dQgAdryB
# DvjA4VzPxBFy5xtkSdgimnUVQvUtMjiB2vRgorq0Uvtc4GEkJU+y38kpqHNDUdq9
# Y9YfW5v3LhtPEx33Sg1xfpe39D+E68Hjo0mh+s6nv1bPull2YYlffqe0jmd4+TaY
# 4cso2luHpoovMIIFMTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG
# 9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
# cmVkIElEIFJvb3QgQ0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjBy
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
# SUQgVGltZXN0YW1waW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
# AQEAvdAy7kvNj3/dqbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/
# YyGQmL8TvFfTw+F+CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1
# oODeIj8O/36V+/OjuiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3Fy
# Tgqt30A6XLdR4aF5FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC
# 50ZQ/ZQqLKfkdT66mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMq
# T4UdxB08r8/arBD13ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd
# /imu0uRhpbKiJbLIFzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoG
# CCsGAQUFBwMIMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29j
# c3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4
# MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
# SURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAAC
# BDAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsG
# CWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4
# zwY3QITvS4S/ys8DAv3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33ak
# OpMP+LLR2HwZYuhegiUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+J
# OGFNYkYkh2OMkVIsrymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRY
# aQ18yAGxuSh1t5ljhSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+
# u8QlK0cCCHxJrhO24XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGC
# AoYwggKCAgEBMIGGMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0
# IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0ECEA1CSuC+Ooj/YEAhzhQA
# 8N0wDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE
# MBwGCSqGSIb3DQEJBTEPFw0yMTA4MDQxODM0MjNaMCsGCyqGSIb3DQEJEAIMMRww
# GjAYMBYEFOHXgqjhkb7va8oWkbWqtJSmJJvzMC8GCSqGSIb3DQEJBDEiBCDJIfRm
# 1TUpLgVQhwboF0ehBqVAIv089EU3Kznf0e+E1zA3BgsqhkiG9w0BCRACLzEoMCYw
# JDAiBCCzEJAGvArZgweRVyngRANBXIPjKSthTyaWTI01cez1qTANBgkqhkiG9w0B
# AQEFAASCAQBJW+/vKJD9EcqDkepym6wLOor1Bdj3+SWlZDGQqwv05XrrBg+bMxw0
# VvX6LNIF48uqliWZZA44N9bPuY3YUfkLFEF46imtBwKI+hxC1klVd8JMOqpu9RzV
# dX/HXDD+vY2cJaNcYsUR+0XpBjqfZfExI2+sMLhIFzUDy3jEnjRgeBKcmvYkfO3z
# Zm3KYBk5mT4Y9qRADKzrehtvVpvj55pgVIkt9loW2PCjliD3c716Kwhb2lXMv+/H
# mM+orx90lpib4/QeGPTkNFeL+2YaxsiIeoxYnDgx0qfdybBcQP5kegTD487wY0en
# MTCHDKWvMXo41VdltQG0XsxCebrvLCTN
# SIG # End signature block
ScriptBlock ID: ec40d521-64c8-4fd8-8661-08a2cc777b09
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Wait-Metadata.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88807
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Test-NanoServer retreives the OS Sku number and check if it is 143 or 144 which represents nano server.
-------------------------------------------------------------------------------------------------------------#>
function Test-NanoServer
{
try
{
if (-not $script:skuNumber)
{
Set-Variable skuNumber -Option Constant -Scope Script -Value ((Get-CimInstance -ClassName Win32_OperatingSystem | select OperatingSystemSKU).OperatingSystemSKU)
}
return $script:skuNumber -eq 143 -or $script:skuNumber -eq 144
}
catch
{
return $false
}
}
# SIG # Begin signature block
# MIIc9QYJKoZIhvcNAQcCoIIc5jCCHOICAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAHgHFaZD4+dxvE
# evQeAkxWSj2BrO7Y+qZZZDXBMPagH6CCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+sMIIP
# qAIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIHWlLouE//RgXKqAAtlA9N74SEHuR+LG6eZn/RbV2zTZMA0GCSqGSIb3DQEB
# AQUABIIBACm0+HvOHaAPVwr+v4/ti/10ec2n7fTXMEYUp6hIBfVagGIEGBImIOam
# DJBwg9KEL0fwPxRbylrpvomh0oQ+sAwaziMs4RRV4JIEtEMyc4sFmdfHMqefsy/9
# 7QByR4vt7+b56mBxn3zdDz0AkNa8OaLhMPj+pjAZOU8QoFgUp1nPuUbS+/Ej0WLz
# k2/Zt3yOp/4ETQCXoapLiGIRsBoat0hrPgwTPOk9SGbdyRgYj1Vv5Q7j+tri3gdm
# Z6xnQ/vlFLE+hw8pRjehujFlLUdK74hKLaAdtGr2dzyJR8b9SY/QtTyCzYNnMQlU
# MXEKT7/9Rlc7U6MZ52CV4P99ngVERCuhgg1+MIINegYKKwYBBAGCNwMDATGCDWow
# gg1mBgkqhkiG9w0BBwKggg1XMIINUwIBAzEPMA0GCWCGSAFlAwQCAQUAMHgGCyqG
# SIb3DQEJEAEEoGkEZzBlAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# km6xVt28mjKLO+480RFmJsmsNiHUpYFoEdyZC/MoDh0CEQCjVNPnOvYtX2A3sfv1
# zRnmGA8yMDIxMDgwNDE4MzUyNFqgggo3MIIE/jCCA+agAwIBAgIQDUJK4L46iP9g
# QCHOFADw3TANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
# RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQD
# EyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBMB4XDTIx
# MDEwMTAwMDAwMFoXDTMxMDEwNjAwMDAwMFowSDELMAkGA1UEBhMCVVMxFzAVBgNV
# BAoTDkRpZ2lDZXJ0LCBJbmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAg
# MjAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLmYYRnxYr1DQik
# Rcpja1HXOhFCvQp1dU2UtAxQtSYQ/h3Ib5FrDJbnGlxI70Tlv5thzRWRYlq4/2cL
# nGP9NmqB+in43Stwhd4CGPN4bbx9+cdtCT2+anaH6Yq9+IRdHnbJ5MZ2djpT0dHT
# WjaPxqPhLxs6t2HWc+xObTOKfF1FLUuxUOZBOjdWhtyTI433UCXoZObd048vV7WH
# IOsOjizVI9r0TXhG4wODMSlKXAwxikqMiMX3MFr5FK8VX2xDSQn9JiNT9o1j6Bqr
# W7EdMMKbaYK02/xWVLwfoYervnpbCiAvSwnJlaeNsvrWY4tOpXIc7p96AXP4Gdb+
# DUmEvQECAwEAAaOCAbgwggG0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA
# MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEEGA1UdIAQ6MDgwNgYJYIZIAYb9bAcB
# MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAfBgNV
# HSMEGDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUNkSGjqS6sGa+
# vCgtHUQ23eNqerwwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNl
# cnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRp
# Z2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcw
# JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcw
# AoZDaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3Vy
# ZWRJRFRpbWVzdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEASBzctema
# I7znGucgDo5nRv1CclF0CiNHo6uS0iXEcFm+FKDlJ4GlTRQVGQd58NEEw4bZO73+
# RAJmTe1ppA/2uHDPYuj1UUp4eTZ6J7fz51Kfk6ftQ55757TdQSKJ+4eiRgNO/PT+
# t2R3Y18jUmmDgvoaU+2QzI2hF3MN9PNlOXBL85zWenvaDLw9MtAby/Vh/HUIAHa8
# gQ74wOFcz8QRcucbZEnYIpp1FUL1LTI4gdr0YKK6tFL7XOBhJCVPst/JKahzQ1Ha
# vWPWH1ub9y4bTxMd90oNcX6Xt/Q/hOvB46NJofrOp79Wz7pZdmGJX36ntI5nePk2
# mOHLKNpbh6aKLzCCBTEwggQZoAMCAQICEAqhJdbWMht+QeQF2jaXwhUwDQYJKoZI
# hvcNAQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
# MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNz
# dXJlZCBJRCBSb290IENBMB4XDTE2MDEwNzEyMDAwMFoXDTMxMDEwNzEyMDAwMFow
# cjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVk
# IElEIFRpbWVzdGFtcGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
# ggEBAL3QMu5LzY9/3am6gpnFOVQoV7YjSsQOB0UzURB90Pl9TWh+57ag9I2ziOSX
# v2MhkJi/E7xX08PhfgjWahQAOPcuHjvuzKb2Mln+X2U/4Jvr40ZHBhpVfgsnfsCi
# 9aDg3iI/Dv9+lfvzo7oiPhisEeTwmQNtO4V8CdPuXciaC1TjqAlxa+DPIhAPdc9x
# ck4Krd9AOly3UeGheRTGTSQjMF287DxgaqwvB8z98OpH2YhQXv1mblZhJymJhFHm
# gudGUP2UKiyn5HU+upgPhH+fMRTWrdXyZMt7HgXQhBlyF/EXBu89zdZN7wZC/aJT
# Kk+FHcQdPK/P2qwQ9d2srOlW/5MCAwEAAaOCAc4wggHKMB0GA1UdDgQWBBT0tuEg
# Hf4prtLkYaWyoiWyyBc1bjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAK
# BggrBgEFBQcDCDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHow
# eDA6oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJl
# ZElEUm9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp
# Z2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDBQBgNVHSAESTBHMDgGCmCGSAGG/WwA
# AgQwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAL
# BglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggEBAHGVEulRh1Zpze/d2nyqY3qz
# eM8GN0CE70uEv8rPAwL9xafDDiBCLK938ysfDCFaKrcFNB1qrpn4J6JmvwmqYN92
# pDqTD/iy0dh8GWLoXoIlHsS6HHssIeLWWywUNUMEaLLbdQLgcseY1jxk5R9IEBhf
# iThhTWJGJIdjjJFSLK8pieV4H9YLFKWA1xJHcLN11ZOFk362kmf7U2GJqPVrlsD0
# WGkNfMgBsbkodbeZY4UijGHKeZR+WfyMD+NvtQEmtmyl7odRIeRYYJu6DC0rbaLE
# frvEJStHAgh8Sa4TtuF8QkIoxhhWz0E0tmZdtnR79VYzIi8iNrJLokqV2PWmjlIx
# ggKGMIICggIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
# SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2Vy
# dCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhANQkrgvjqI/2BAIc4U
# APDdMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB
# BDAcBgkqhkiG9w0BCQUxDxcNMjEwODA0MTgzNTI0WjArBgsqhkiG9w0BCRACDDEc
# MBowGDAWBBTh14Ko4ZG+72vKFpG1qrSUpiSb8zAvBgkqhkiG9w0BCQQxIgQgRRRB
# E198u5YmRu0oTuNHMX9/aYi3hohEZ/J3ZM3rtRQwNwYLKoZIhvcNAQkQAi8xKDAm
# MCQwIgQgsxCQBrwK2YMHkVcp4EQDQVyD4ykrYU8mlkyNNXHs9akwDQYJKoZIhvcN
# AQEBBQAEggEAwdd6IS4b+tXavP8UPUpzCVUaBfZC+EERL9TyDWIS/CzNzJeN3hKx
# PlNvUNRzSE+pIgZAyuEDIzuHsi0PW8pukbtc2/S/jQwkCFXZVbFCSVwuVg+k+IBf
# ydPQgUH52txi8PBlxGHqApT1MtAXY4Lk/WN0SkbCqfLuXiK3xmCb+6xPT+N6N/SI
# 1R6f94JOoE1rNr9SFypCwDcuxe+sLHMFLYpzvYxncAu4QMWbixYzHj4Uvs4FbN7Q
# bwgNk2by4YqYhjt4wIN8WvaY0/KifO+os8tMdyECgf7aHh+34RDwU2FnrgiTmy74
# w0R21aHHyGdA9cQxBrsbLYECjg1u4igq/g==
# SIG # End signature block
ScriptBlock ID: 8a26c48a-3190-402e-94f3-3cd9a2cfe471
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Test-NanoServer.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88804
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
function Test-EphemeralDisk
{
param (
[parameter(Mandatory=$false)]
[int] $DiskIndex,
[parameter(Mandatory=$false)]
[int] $DiskSCSITargetId
)
$isEphemeral = $false
try
{
# Special check: For NVMe disk types, we only want to mark cordite drives as ephemeral
$disk = Get-Disk | Where-Object { $_.Number -eq $DiskIndex }
if($disk.BusType -eq 'NVMe' -and $disk.SerialNumber -like "AWS*")
{
return $true
}
if (-not $script:blockDriveMapping)
{
# BlockDriveMapping mapping is used to find if each drive is ephemeral or non-ephemeral.
Set-Variable blockDriveMapping -Scope Script -Value (Get-BlockDriveMapping)
if ($script:blockDriveMapping.Length -eq 0)
{
throw New-Object System.InvalidOperationException("Could not get the block drive mapping info from metadata")
}
}
# This is to determine whether disk is ephemeral, which needs to be labeled as temporary storage.
# BlockDeviceMapping from metadata is used to find this info.
# But it is only applicable if the system is using Citrix PV Driver.
$driveName = ""
if ($DiskIndex -eq 0)
{
$driveName = "/dev/sda1"
}
else
{
$driveName = "xvd"
$offset = $DiskSCSITargetId
if ($DiskSCSITargetId -gt 25)
{
$math = [Int][Math]::Floor($DiskSCSITargetId / 26)
$offset = $DiskSCSITargetId - (26 * $math)
$driveName += [Char] (97 + ($math - 1))
}
$driveName += [Char] (97 + $offset)
}
$matchingBlockDrive = $script:blockDriveMapping | where { $_.MountPoint -eq $driveName }
if ($matchingBlockDrive.Length -ne 0)
{
$isEphemeral = $matchingBlockDrive[0].IsEphemeral
}
}
catch
{
Write-Log ("Failed to test ephemeral disk: {0}" -f $_.Exception.Message)
}
return $isEphemeral
}
# SIG # Begin signature block
# MIIc9QYJKoZIhvcNAQcCoIIc5jCCHOICAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBfS/dVrZ1O58qK
# jQjImSAdIeejqeERR+4KhBgpQOay6aCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+sMIIP
# qAIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIPk/OgbnP6cvdWgpZkhzMF+Q62pgavKmbmCRmRvHCD/QMA0GCSqGSIb3DQEB
# AQUABIIBAFE5j5qKh1puxSKg3SfMBAldhKFXNUvhEuMQaLvx92K2bm/9FY6FD/zF
# y6xxVmEJENBz+I6IraED1CZNi92t0uPlBjdKI7YJ5MYm5SqtBDUbKAAAYVRVLyPi
# nyRoPCFvFH/kCjzYuSCTe3rpCsi8EE7KvxPjsUjzIr2y6wkn5hCDB8U+ii9mn8Nm
# jtQpVE++I3v3YQd9N3uS5tzu4swni3NNru3oq2Np9MXHbQuGaFqs63i6fya1wMi9
# ajMc4y1kW4N2grheGbBZ1T/yhM3B+fm20D1Wki/bjjgHRa+sA0mrQ6ddEjGLLITl
# Rz3f6WhQRhAJu3eK7Xso3SSU0u1H62qhgg1+MIINegYKKwYBBAGCNwMDATGCDWow
# gg1mBgkqhkiG9w0BBwKggg1XMIINUwIBAzEPMA0GCWCGSAFlAwQCAQUAMHgGCyqG
# SIb3DQEJEAEEoGkEZzBlAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# S4oEZmx1TnmYuCQ3peVyOUWTjaOcjPXwPBEis7Fbp7oCEQDFd+QMBpkVvDllWkTh
# 3FMzGA8yMDIxMDgwNDE4MzMwNVqgggo3MIIE/jCCA+agAwIBAgIQDUJK4L46iP9g
# QCHOFADw3TANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
# RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQD
# EyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBMB4XDTIx
# MDEwMTAwMDAwMFoXDTMxMDEwNjAwMDAwMFowSDELMAkGA1UEBhMCVVMxFzAVBgNV
# BAoTDkRpZ2lDZXJ0LCBJbmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAg
# MjAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLmYYRnxYr1DQik
# Rcpja1HXOhFCvQp1dU2UtAxQtSYQ/h3Ib5FrDJbnGlxI70Tlv5thzRWRYlq4/2cL
# nGP9NmqB+in43Stwhd4CGPN4bbx9+cdtCT2+anaH6Yq9+IRdHnbJ5MZ2djpT0dHT
# WjaPxqPhLxs6t2HWc+xObTOKfF1FLUuxUOZBOjdWhtyTI433UCXoZObd048vV7WH
# IOsOjizVI9r0TXhG4wODMSlKXAwxikqMiMX3MFr5FK8VX2xDSQn9JiNT9o1j6Bqr
# W7EdMMKbaYK02/xWVLwfoYervnpbCiAvSwnJlaeNsvrWY4tOpXIc7p96AXP4Gdb+
# DUmEvQECAwEAAaOCAbgwggG0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA
# MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEEGA1UdIAQ6MDgwNgYJYIZIAYb9bAcB
# MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAfBgNV
# HSMEGDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUNkSGjqS6sGa+
# vCgtHUQ23eNqerwwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNl
# cnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRp
# Z2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcw
# JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcw
# AoZDaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3Vy
# ZWRJRFRpbWVzdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEASBzctema
# I7znGucgDo5nRv1CclF0CiNHo6uS0iXEcFm+FKDlJ4GlTRQVGQd58NEEw4bZO73+
# RAJmTe1ppA/2uHDPYuj1UUp4eTZ6J7fz51Kfk6ftQ55757TdQSKJ+4eiRgNO/PT+
# t2R3Y18jUmmDgvoaU+2QzI2hF3MN9PNlOXBL85zWenvaDLw9MtAby/Vh/HUIAHa8
# gQ74wOFcz8QRcucbZEnYIpp1FUL1LTI4gdr0YKK6tFL7XOBhJCVPst/JKahzQ1Ha
# vWPWH1ub9y4bTxMd90oNcX6Xt/Q/hOvB46NJofrOp79Wz7pZdmGJX36ntI5nePk2
# mOHLKNpbh6aKLzCCBTEwggQZoAMCAQICEAqhJdbWMht+QeQF2jaXwhUwDQYJKoZI
# hvcNAQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
# MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNz
# dXJlZCBJRCBSb290IENBMB4XDTE2MDEwNzEyMDAwMFoXDTMxMDEwNzEyMDAwMFow
# cjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVk
# IElEIFRpbWVzdGFtcGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
# ggEBAL3QMu5LzY9/3am6gpnFOVQoV7YjSsQOB0UzURB90Pl9TWh+57ag9I2ziOSX
# v2MhkJi/E7xX08PhfgjWahQAOPcuHjvuzKb2Mln+X2U/4Jvr40ZHBhpVfgsnfsCi
# 9aDg3iI/Dv9+lfvzo7oiPhisEeTwmQNtO4V8CdPuXciaC1TjqAlxa+DPIhAPdc9x
# ck4Krd9AOly3UeGheRTGTSQjMF287DxgaqwvB8z98OpH2YhQXv1mblZhJymJhFHm
# gudGUP2UKiyn5HU+upgPhH+fMRTWrdXyZMt7HgXQhBlyF/EXBu89zdZN7wZC/aJT
# Kk+FHcQdPK/P2qwQ9d2srOlW/5MCAwEAAaOCAc4wggHKMB0GA1UdDgQWBBT0tuEg
# Hf4prtLkYaWyoiWyyBc1bjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAK
# BggrBgEFBQcDCDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHow
# eDA6oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJl
# ZElEUm9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp
# Z2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDBQBgNVHSAESTBHMDgGCmCGSAGG/WwA
# AgQwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAL
# BglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggEBAHGVEulRh1Zpze/d2nyqY3qz
# eM8GN0CE70uEv8rPAwL9xafDDiBCLK938ysfDCFaKrcFNB1qrpn4J6JmvwmqYN92
# pDqTD/iy0dh8GWLoXoIlHsS6HHssIeLWWywUNUMEaLLbdQLgcseY1jxk5R9IEBhf
# iThhTWJGJIdjjJFSLK8pieV4H9YLFKWA1xJHcLN11ZOFk362kmf7U2GJqPVrlsD0
# WGkNfMgBsbkodbeZY4UijGHKeZR+WfyMD+NvtQEmtmyl7odRIeRYYJu6DC0rbaLE
# frvEJStHAgh8Sa4TtuF8QkIoxhhWz0E0tmZdtnR79VYzIi8iNrJLokqV2PWmjlIx
# ggKGMIICggIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
# SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2Vy
# dCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhANQkrgvjqI/2BAIc4U
# APDdMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB
# BDAcBgkqhkiG9w0BCQUxDxcNMjEwODA0MTgzMzA1WjArBgsqhkiG9w0BCRACDDEc
# MBowGDAWBBTh14Ko4ZG+72vKFpG1qrSUpiSb8zAvBgkqhkiG9w0BCQQxIgQg7HeT
# bGpmFKVe4U5wE5qOdb0DOtlt4CbOLMW1vTV9QWkwNwYLKoZIhvcNAQkQAi8xKDAm
# MCQwIgQgsxCQBrwK2YMHkVcp4EQDQVyD4ykrYU8mlkyNNXHs9akwDQYJKoZIhvcN
# AQEBBQAEggEAS30hqzBd3KzSGEGFa/OyZY+qKwqoddRwZwCLEpAdjNVNbbI18ggC
# AAYNc4GPZvDfNf4OEfxhyNMfwR8w1IvRkczsRMpoG5GGt73wQOnPkAx9X1rTU2r+
# CmiYaWed9ComIphNCYXZut8/DHVFRzSvPDFiiHC23sW03rRj7bHZ5O+Y0lv1qeP1
# xhvyOd6gTGdo1U3q8c9kVLL+IjNiebLenNNPW1Zd67YToh2NMd5PYIvIy/I+ejnx
# tSr6UTziA/OQfLIul6GYJby6v1vRyBzgHTBj6jcgvUwL9y0hd0DYuqLvGfONVrZu
# 5oHGeT/w6Q8MmCCcmiNL8bkbJQ8t+Pol9Q==
# SIG # End signature block
ScriptBlock ID: eca1033d-7bef-4129-9ed0-45444c0a6977
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Test-EphemeralDisk.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88801
Keywords=None
Message=Creating Scriptblock text (4 of 4):
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
# AQEAvdAy7kvNj3/dqbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/
# YyGQmL8TvFfTw+F+CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1
# oODeIj8O/36V+/OjuiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3Fy
# Tgqt30A6XLdR4aF5FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC
# 50ZQ/ZQqLKfkdT66mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMq
# T4UdxB08r8/arBD13ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd
# /imu0uRhpbKiJbLIFzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoG
# CCsGAQUFBwMIMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29j
# c3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4
# MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
# SURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAAC
# BDAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsG
# CWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4
# zwY3QITvS4S/ys8DAv3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33ak
# OpMP+LLR2HwZYuhegiUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+J
# OGFNYkYkh2OMkVIsrymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRY
# aQ18yAGxuSh1t5ljhSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+
# u8QlK0cCCHxJrhO24XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGC
# AoYwggKCAgEBMIGGMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0
# IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0ECEA1CSuC+Ooj/YEAhzhQA
# 8N0wDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE
# MBwGCSqGSIb3DQEJBTEPFw0yMTA4MDQxODMzMTFaMCsGCyqGSIb3DQEJEAIMMRww
# GjAYMBYEFOHXgqjhkb7va8oWkbWqtJSmJJvzMC8GCSqGSIb3DQEJBDEiBCAR/AQ7
# XPHKYPm7J7mAPxrySxIE+1F7e3hHhiDRMinFqTA3BgsqhkiG9w0BCRACLzEoMCYw
# JDAiBCCzEJAGvArZgweRVyngRANBXIPjKSthTyaWTI01cez1qTANBgkqhkiG9w0B
# AQEFAASCAQDBKAI9b/UbQXt7dirin/o3KpQ7COaUIbyFbbBU1WhuGrn2hsa+7ONL
# GoN73pN35dccVMSsJ+YcY1H0XhFDFKLzxa+CebsWxmM3LcdJJZSxgFB2/3l5LpVi
# Q72RpjNIvrvNwp+fl59kU1fYMo54pdeI60z18Ed3Lpcxp64WbOVivQhKR/qTsEAu
# d0GtnIkCUc7/g3L4vhEdRO5q23dnPsAIIzQ5rGkZSbAWQQKJYCh40mRMrN7rpIfU
# Cr68RhyK/nnZJmgASRfCgxlEtI6bVuVpTTBFa2sEmlpCCx5l+LDtZnwJ8FD69McP
# IdYuI44EZL2rEHHmOjshANm8LlprWaHA
# SIG # End signature block
ScriptBlock ID: 8bb17e0f-33f1-48da-b13c-a6afba81380e
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-Wallpaper.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88800
Keywords=None
Message=Creating Scriptblock text (3 of 4):
5a.large"; Memory="4096 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="g4dn.8xlarge"; Memory="131072 MB"; NetworkPerformance="50 Gigabit" }
@{ Type="p3dn.24xlarge"; Memory="786432 MB"; NetworkPerformance="100 Gigabit" }
@{ Type="g4dn.4xlarge"; Memory="65536 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="m6g.2xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="d2.xlarge"; Memory="31232 MB"; NetworkPerformance="Moderate" }
@{ Type="cc2.8xlarge"; Memory="61952 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="t3a.xlarge"; Memory="16384 MB"; NetworkPerformance="Up to 5 Gigabit" }
@{ Type="c6gd.8xlarge"; Memory="65536 MB"; NetworkPerformance="12 Gigabit" }
@{ Type="g2.8xlarge"; Memory="61440 MB"; NetworkPerformance="High" }
@{ Type="m1.small"; Memory="1740 MB"; NetworkPerformance="Low" }
@{ Type="r5dn.24xlarge"; Memory="786432 MB"; NetworkPerformance="100 Gigabit" }
@{ Type="c6gd.12xlarge"; Memory="98304 MB"; NetworkPerformance="20 Gigabit" }
@{ Type="i3en.6xlarge"; Memory="196608 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="m5a.12xlarge"; Memory="196608 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="i3en.metal"; Memory="786432 MB"; NetworkPerformance="100 Gigabit" }
@{ Type="c6gd.large"; Memory="4096 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="g4dn.2xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="c5.18xlarge"; Memory="147456 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="c5d.9xlarge"; Memory="73728 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="c6g.metal"; Memory="131072 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="r5n.large"; Memory="16384 MB"; NetworkPerformance="Up to 25 Gigabit" }
)
$infos = @()
$instanceSize = ""
# Before calling any function, initialize the log with filename
Initialize-Log -Filename "WallpaperSetup.log"
Write-Log "Setting up wallpaper begins"
Write-Log "Getting instance information to render it on wallpaper"
# Get current hostname.
$infos += "Hostname: {0}" -f [System.Net.Dns]::GetHostName()
# Get each information from metadata list defined above.
foreach ($data in $metadata)
{
try
{
$value = (Get-Metadata -UrlFragment $data.Source).Trim()
$infos += "{0}: {1}" -f $data.Name, $value
if ($data.Name -eq "Instance Size")
{
$instanceSize = $value
}
Write-Log ("Successfully retrieved {0} from metadata" -f $data.Name)
}
catch
{
Write-Log ("Failed to retrieve {0} from metadata: {1}" -f $data.Name, $_.Exception.Message)
}
}
# Get architecture chip information from registry key.
$envRegRes = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" -ErrorAction SilentlyContinue
if ($envRegRes -and $envRegRes.PROCESSOR_ARCHITECTURE)
{
$infos += "Architecture: {0}" -f $envRegRes.PROCESSOR_ARCHITECTURE
Write-Log ("Successfully retrieved architecture chip from registry key" -f $data.Name)
}
else
{
Write-Log "Failed to retrieve architecture chip from registry key"
}
# Set instance type information if instance size was found from metadata above
if ($instanceSize)
{
$instanceType = $instanceTypes | Where-Object {$_.Type.Equals($instanceSize)}
if ($instanceType)
{
$infos += "Total Memory: {0}" -f $instanceType.Memory
$infos += "Network Performance: {0}" -f $instanceType.NetworkPerformance
Write-Log ("Successfully found instance type information for instance size {0}" -f $instanceSize)
}
else
{
Write-Log ("Failed to find instance type information for instance size {0}" -f $instanceSize)
}
}
# Check if message contains any information about the instance
if ($infos.Length -eq 0)
{
throw New-Object System.Exception("Failed to get instance information.")
}
# Create a message from the infos
$message = ""
foreach ($info in $infos)
{
$message += $info + [Environment]::NewLine
}
Write-Log ("Successfully fetched instance information: {0}" -f $message)
try
{
Add-Type -AssemblyName System.Windows.Forms
$fontStyle = "Calibri"
$fontSize = 12
Write-Log "Rendering instance information on wallpaper"
$width = [System.Windows.Forms.SystemInformation]::PrimaryMonitorSize.Width
$height = [System.Windows.Forms.SystemInformation]::PrimaryMonitorSize.Height
$textfont = New-object System.Drawing.Font($fontStyle, $fontSize, [System.Drawing.FontStyle]::Regular)
$textBrush = New-Object Drawing.SolidBrush ([System.Drawing.Color]::White)
$proposedSize = New-Object System.Drawing.Size([int]$width, [int]$height)
$messageSize = [System.Windows.Forms.TextRenderer]::MeasureText($message, $textfont, $proposedSize)
if (-not $currentWallpaperPath)
{
# Check and create a new wallpaper if no wallpaper is set in current system.
Write-Log "No wallpaper is set.. Setting wallpaper with custom color"
$bgrRectangle = New-Object Drawing.Rectangle(0, 0, [int]$width, [int]$height)
$bgrBrush = New-Object System.Drawing.SolidBrush([System.Drawing.Color]::Navy)
$bmp = New-object System.Drawing.Bitmap([int]$width, [int]$height)
$graphics = [System.Drawing.Graphics]::FromImage($bmp)
$graphics.FillRectangle($bgrBrush, $bgrRectangle)
}
else
{
# Get the bitmap from the current wallpaper and set the size to be fit in screen.
Write-Log "Wallpaper found.. Rendering instance information on current wallpaper"
$srcBmp = [System.Drawing.Bitmap]::FromFile($originalWallpaperPath)
$bmp = New-Object System.Drawing.Bitmap($srcBmp, $width, $height)
$graphics = [System.Drawing.Graphics]::FromImage($bmp)
$srcBmp.Dispose()
}
# Set the position and size of the text box with rectangle.
$rec = New-Object System.Drawing.RectangleF(($width - $messageSize.Width - 20), 30, ($messageSize.Width + 20), $messageSize.Height)
$graphics.TextRenderingHint = [System.Drawing.Text.TextRenderingHint]::AntiAlias
$graphics.DrawString($message, $textfont, $textBrush, $rec)
# Save the new wallpaper in destination defined above.
$bmp.Save($customWallpaperPath, [System.Drawing.Imaging.ImageFormat]::Jpeg)
# Finally, set the wallpaper!
[WallpaperUtil.Helper]::SetWallpaper($customWallpaperPath)
Write-Log "Successfully rendered instance information on wallpaper"
}
catch
{
Write-Log ("Failed to render instance information on wallpaper {0}" -f $_.Exception.Message)
}
finally
{
if ($graphics)
{
$graphics.Dispose()
}
if ($bmp)
{
$bmp.Dispose()
}
}
# Before finishing the script, complete the log.
Complete-Log
}
# SIG # Begin signature block
# MIIc9AYJKoZIhvcNAQcCoIIc5TCCHOECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCXHx1GhA0k1lQ5
# 24LACYLtU2zqS3c6eCQ8Tq46eubs3KCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+rMIIP
# pwIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIOL544U46/A40u7Ffi4wYQnHrfgCGoy/6A5VyMuGEDQqMA0GCSqGSIb3DQEB
# AQUABIIBAAhHbW6l+sXO7XIW9f0P3GubtSFbXbt5dl9zT9o1y8yS1y3BZ0GMrEJF
# MceoRtkK+Momw2Tdwzc5BUuCRLJEVDxpY+dyDliV3S1X6WMUuJTQ0rfcCf6/rsuy
# R1Bo48HMtWlNQkhHiw0agUGUnakD9rKsDWZivV7w9MilyXzKvsMNuosSSq7bXvLE
# ow6gQMC+sFHII9GJ/aeLGnk48vHkwweFE71I68wyp0Ea85iPcjtJbedFlaWIblh2
# Isu2InOGxBAibOG8C582cta26TuYwOQbCqwFSTe4cviEqvRHrUfmQ+CXLJOwSSa1
# R2v6Z2PzRMn/UbYqeaZQjmChTEX4NXuhgg19MIINeQYKKwYBBAGCNwMDATGCDWkw
# gg1lBgkqhkiG9w0BBwKggg1WMIINUgIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqG
# SIb3DQEJEAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# kk2sfkKh4Y5Ad9LlQEmMgvZHbE8UWE8uevJ5YCk27MsCEDLaS7rDSoHvGBykFSwt
# VsYYDzIwMjEwODA0MTgzMzExWqCCCjcwggT+MIID5qADAgECAhANQkrgvjqI/2BA
# Ic4UAPDdMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE
# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMT
# KERpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMjEw
# MTAxMDAwMDAwWhcNMzEwMTA2MDAwMDAwWjBIMQswCQYDVQQGEwJVUzEXMBUGA1UE
# ChMORGlnaUNlcnQsIEluYy4xIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAy
# MDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZhhGfFivUNCKRF
# ymNrUdc6EUK9CnV1TZS0DFC1JhD+HchvkWsMlucaXEjvROW/m2HNFZFiWrj/Zwuc
# Y/02aoH6KfjdK3CF3gIY83htvH35x20JPb5qdofpir34hF0edsnkxnZ2OlPR0dNa
# No/Go+EvGzq3YdZz7E5tM4p8XUUtS7FQ5kE6N1aG3JMjjfdQJehk5t3Tjy9XtYcg
# 6w6OLNUj2vRNeEbjA4MxKUpcDDGKSoyIxfcwWvkUrxVfbENJCf0mI1P2jWPoGqtb
# sR0wwptpgrTb/FZUvB+hh6u+elsKIC9LCcmVp42y+tZji06lchzun3oBc/gZ1v4N
# SYS9AQIDAQABo4IBuDCCAbQwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAw
# FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwQQYDVR0gBDowODA2BglghkgBhv1sBwEw
# KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB8GA1Ud
# IwQYMBaAFPS24SAd/imu0uRhpbKiJbLIFzVuMB0GA1UdDgQWBBQ2RIaOpLqwZr68
# KC0dRDbd42p6vDBxBgNVHR8EajBoMDKgMKAuhixodHRwOi8vY3JsMy5kaWdpY2Vy
# dC5jb20vc2hhMi1hc3N1cmVkLXRzLmNybDAyoDCgLoYsaHR0cDovL2NybDQuZGln
# aWNlcnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwgYUGCCsGAQUFBwEBBHkwdzAk
# BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAC
# hkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJl
# ZElEVGltZXN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQBIHNy16Zoj
# vOca5yAOjmdG/UJyUXQKI0ejq5LSJcRwWb4UoOUngaVNFBUZB3nw0QTDhtk7vf5E
# AmZN7WmkD/a4cM9i6PVRSnh5Nnont/PnUp+Tp+1DnnvntN1BIon7h6JGA0789P63
# ZHdjXyNSaYOC+hpT7ZDMjaEXcw3082U5cEvznNZ6e9oMvD0y0BvL9WH8dQgAdryB
# DvjA4VzPxBFy5xtkSdgimnUVQvUtMjiB2vRgorq0Uvtc4GEkJU+y38kpqHNDUdq9
# Y9YfW5v3LhtPEx33Sg1xfpe39D+E68Hjo0mh+s6nv1bPull2YYlffqe0jmd4+TaY
# 4cso2luHpoovMIIFMTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG
# 9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
# cmVkIElEIFJvb3QgQ0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjBy
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
# SUQgVGltZXN0YW1waW5nIENBMIIB
ScriptBlock ID: 8bb17e0f-33f1-48da-b13c-a6afba81380e
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-Wallpaper.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88799
Keywords=None
Message=Creating Scriptblock text (2 of 4):
ory="262144 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="r5a.4xlarge"; Memory="131072 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="c5d.18xlarge"; Memory="147456 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="a1.2xlarge"; Memory="16384 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r6gd.metal"; Memory="524288 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="m1.xlarge"; Memory="15360 MB"; NetworkPerformance="High" }
@{ Type="r5n.16xlarge"; Memory="524288 MB"; NetworkPerformance="75 Gigabit" }
@{ Type="r3.2xlarge"; Memory="62464 MB"; NetworkPerformance="High" }
@{ Type="a1.large"; Memory="4096 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r3.4xlarge"; Memory="124928 MB"; NetworkPerformance="High" }
@{ Type="i3.xlarge"; Memory="31232 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5n.4xlarge"; Memory="65536 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="g3.8xlarge"; Memory="249856 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="g2.2xlarge"; Memory="15360 MB"; NetworkPerformance="Moderate" }
@{ Type="r5n.24xlarge"; Memory="786432 MB"; NetworkPerformance="100 Gigabit" }
@{ Type="c5a.xlarge"; Memory="8192 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="c5n.9xlarge"; Memory="98304 MB"; NetworkPerformance="50 Gigabit" }
@{ Type="r6gd.8xlarge"; Memory="262144 MB"; NetworkPerformance="12 Gigabit" }
@{ Type="c6gd.16xlarge"; Memory="131072 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="h1.8xlarge"; Memory="131072 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="r5ad.large"; Memory="16384 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="inf1.2xlarge"; Memory="16384 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="r5d.2xlarge"; Memory="65536 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r5.metal"; Memory="786432 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="c5a.16xlarge"; Memory="131072 MB"; NetworkPerformance="20 Gigabit" }
@{ Type="m4.xlarge"; Memory="16384 MB"; NetworkPerformance="High" }
@{ Type="r4.2xlarge"; Memory="62464 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="t3.large"; Memory="8192 MB"; NetworkPerformance="Up to 5 Gigabit" }
@{ Type="c5a.24xlarge"; Memory="196608 MB"; NetworkPerformance="20 Gigabit" }
@{ Type="r5n.2xlarge"; Memory="65536 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="z1d.12xlarge"; Memory="393216 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="r5d.4xlarge"; Memory="131072 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="t3.micro"; Memory="1024 MB"; NetworkPerformance="Up to 5 Gigabit" }
@{ Type="c5.9xlarge"; Memory="73728 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="c5.metal"; Memory="196608 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="m5ad.24xlarge"; Memory="393216 MB"; NetworkPerformance="20 Gigabit" }
@{ Type="t3a.large"; Memory="8192 MB"; NetworkPerformance="Up to 5 Gigabit" }
@{ Type="r6gd.4xlarge"; Memory="131072 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m4.16xlarge"; Memory="262144 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="r5d.16xlarge"; Memory="524288 MB"; NetworkPerformance="20 Gigabit" }
@{ Type="a1.metal"; Memory="32768 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5n.12xlarge"; Memory="196608 MB"; NetworkPerformance="50 Gigabit" }
@{ Type="m6g.12xlarge"; Memory="196608 MB"; NetworkPerformance="20 Gigabit" }
@{ Type="r5ad.16xlarge"; Memory="524288 MB"; NetworkPerformance="12 Gigabit" }
@{ Type="c5n.18xlarge"; Memory="196608 MB"; NetworkPerformance="100 Gigabit" }
@{ Type="r5.large"; Memory="16384 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="c5a.2xlarge"; Memory="16384 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="c5.24xlarge"; Memory="196608 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="h1.16xlarge"; Memory="262144 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="r5dn.large"; Memory="16384 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="c1.medium"; Memory="1740 MB"; NetworkPerformance="Moderate" }
@{ Type="g4dn.xlarge"; Memory="16384 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="m3.xlarge"; Memory="15360 MB"; NetworkPerformance="High" }
@{ Type="m6g.large"; Memory="8192 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="c6g.large"; Memory="4096 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="t3.medium"; Memory="4096 MB"; NetworkPerformance="Up to 5 Gigabit" }
@{ Type="t2.micro"; Memory="1024 MB"; NetworkPerformance="Low to Moderate" }
@{ Type="c4.xlarge"; Memory="7680 MB"; NetworkPerformance="High" }
@{ Type="t3.nano"; Memory="512 MB"; NetworkPerformance="Up to 5 Gigabit" }
@{ Type="t3a.medium"; Memory="4096 MB"; NetworkPerformance="Up to 5 Gigabit" }
@{ Type="r5.8xlarge"; Memory="262144 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="r5.xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="z1d.metal"; Memory="393216 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="r5d.large"; Memory="16384 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r5ad.2xlarge"; Memory="65536 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="inf1.6xlarge"; Memory="49152 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="r4.xlarge"; Memory="31232 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="c6gd.xlarge"; Memory="8192 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m6g.8xlarge"; Memory="131072 MB"; NetworkPerformance="12 Gigabit" }
@{ Type="c4.2xlarge"; Memory="15360 MB"; NetworkPerformance="High" }
@{ Type="p3.2xlarge"; Memory="62464 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="c1.xlarge"; Memory="7168 MB"; NetworkPerformance="High" }
@{ Type="m5.4xlarge"; Memory="65536 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="t2.large"; Memory="8192 MB"; NetworkPerformance="Low to Moderate" }
@{ Type="i2.xlarge"; Memory="31232 MB"; NetworkPerformance="Moderate" }
@{ Type="r5.16xlarge"; Memory="524288 MB"; NetworkPerformance="20 Gigabit" }
@{ Type="r6g.4xlarge"; Memory="131072 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="g3.4xlarge"; Memory="124928 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r5.12xlarge"; Memory="393216 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="m5n.xlarge"; Memory="16384 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="t2.nano"; Memory="512 MB"; NetworkPerformance="Low to Moderate" }
@{ Type="x1e.xlarge"; Memory="124928 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="i2.4xlarge"; Memory="124928 MB"; NetworkPerformance="High" }
@{ Type="c3.2xlarge"; Memory="15360 MB"; NetworkPerformance="High" }
@{ Type="r6gd.16xlarge"; Memory="524288 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="c6gd.4xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="i3.metal"; Memory="524288 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="p3.8xlarge"; Memory="249856 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="m5.16xlarge"; Memory="262144 MB"; NetworkPerformance="20 Gigabit" }
@{ Type="r6gd.12xlarge"; Memory="393216 MB"; NetworkPerformance="20 Gigabit" }
@{ Type="c5.2xlarge"; Memory="16384 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="g4dn.16xlarge"; Memory="262144 MB"; NetworkPerformance="50 Gigabit" }
@{ Type="m6gd.large"; Memory="8192 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5d.4xlarge"; Memory="65536 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r5ad.4xlarge"; Memory="131072 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="i3.16xlarge"; Memory="499712 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="r5dn.2xlarge"; Memory="65536 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="r6g.2xlarge"; Memory="65536 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="c5.large"; Memory="4096 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m2.xlarge"; Memory="17510 MB"; NetworkPerformance="Moderate" }
@{ Type="t3a.nano"; Memory="512 MB"; NetworkPerformance="Up to 5 Gigabit" }
@{ Type="r5d.metal"; Memory="786432 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="inf1.24xlarge"; Memory="196608 MB"; NetworkPerformance="100 Gigabit" }
@{ Type="t2.small"; Memory="2048 MB"; NetworkPerformance="Low to Moderate" }
@{ Type="r5n.xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="i3.4xlarge"; Memory="124928 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m4.2xlarge"; Memory="32768 MB"; NetworkPerformance="High" }
@{ Type="c6g.2xlarge"; Memory="16384 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="i3en.xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="c6gd.2xlarge"; Memory="16384 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5a.24xlarge"; Memory="393216 MB"; NetworkPerformance="20 Gigabit" }
@{ Type="c5d.metal"; Memory="196608 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="c6gd.medium"; Memory="2048 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5dn.16xlarge"; Memory="262144 MB"; NetworkPerformance="75 Gigabit" }
@{ Type="r5a.24xlarge"; Memory="786432 MB"; NetworkPerformance="20 Gigabit" }
@{ Type="p3.16xlarge"; Memory="499712 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="x1e.16xlarge"; Memory="1998848 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="t3.small"; Memory="2048 MB"; NetworkPerformance="Up to 5 Gigabit" }
@{ Type="g3s.xlarge"; Memory="31232 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r6g.metal"; Memory="524288 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="p2.16xlarge"; Memory="749568 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="m6g.medium"; Memory="4096 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5.large"; Memory="8192 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5a.xlarge"; Memory="16384 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5dn.4xlarge"; Memory="65536 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="c6g.medium"; Memory="2048 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="d2.4xlarge"; Memory="124928 MB"; NetworkPerformance="High" }
@{ Type="i3.large"; Memory="15616 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r4.large"; Memory="15616 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="c5n.xlarge"; Memory="10752 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="r5a.8xlarge"; Memory="262144 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r5dn.12xlarge"; Memory="393216 MB"; NetworkPerformance="50 Gigabit" }
@{ Type="r4.4xlarge"; Memory="124928 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5n.2xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="m4.10xlarge"; Memory="163840 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="i3en.large"; Memory="16384 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="m6gd.8xlarge"; Memory="131072 MB"; NetworkPerformance="12 Gigabit" }
@{ Type="r6g.xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="x1e.4xlarge"; Memory="499712 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r5d.12xlarge"; Memory="393216 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="r4.8xlarge"; Memory="249856 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="a1.4xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="z1d.3xlarge"; Memory="98304 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5dn.24xlarge"; Memory="393216 MB"; NetworkPerformance="100 Gigabit" }
@{ Type="t2.xlarge"; Memory="16384 MB"; NetworkPerformance="Moderate" }
@{ Type="i3.2xlarge"; Memory="62464 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="c5n.metal"; Memory="196608 MB"; NetworkPerformance="100 Gigabit" }
@{ Type="m5.2xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r5dn.16xlarge"; Memory="524288 MB"; NetworkPerformance="75 Gigabit" }
@{ Type="i2.8xlarge"; Memory="249856 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="m5n.24xlarge"; Memory="393216 MB"; NetworkPerformance="100 Gigabit" }
@{ Type="p2.xlarge"; Memory="62464 MB"; NetworkPerformance="High" }
@{ Type="x1.32xlarge"; Memory="1998848 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="c6g.8xlarge"; Memory="65536 MB"; NetworkPerformance="12 Gigabit" }
@{ Type="z1d.large"; Memory="16384 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r5dn.4xlarge"; Memory="131072 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="i3.8xlarge"; Memory="249856 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="m5d.12xlarge"; Memory="196608 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="i3en.2xlarge"; Memory="65536 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="c6g.4xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5a.large"; Memory="8192 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r5n.8xlarge"; Memory="262144 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="z1d.6xlarge"; Memory="196608 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="f1.16xlarge"; Memory="999424 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="m5ad.16xlarge"; Memory="262144 MB"; NetworkPerformance="12 Gigabit" }
@{ Type="c5a.8xlarge"; Memory="65536 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="c5d.xlarge"; Memory="8192 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="t2.medium"; Memory="4096 MB"; NetworkPerformance="Low to Moderate" }
@{ Type="m6g.16xlarge"; Memory="262144 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="r5ad.xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r5.2xlarge"; Memory="65536 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m3.large"; Memory="7680 MB"; NetworkPerformance="Moderate" }
@{ Type="m3.2xlarge"; Memory="30720 MB"; NetworkPerformance="High" }
@{ Type="m5d.2xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="c3.4xlarge"; Memory="30720 MB"; NetworkPerformance="High" }
@{ Type="m6gd.2xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="f1.4xlarge"; Memory="249856 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m3.medium"; Memory="3840 MB"; NetworkPerformance="Moderate" }
@{ Type="t3a.micro"; Memory="1024 MB"; NetworkPerformance="Up to 5 Gigabit" }
@{ Type="m1.medium"; Memory="3788 MB"; NetworkPerformance="Moderate" }
@{ Type="m1.large"; Memory="7680 MB"; NetworkPerformance="Moderate" }
@{ Type="c
ScriptBlock ID: 8bb17e0f-33f1-48da-b13c-a6afba81380e
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-Wallpaper.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88798
Keywords=None
Message=Creating Scriptblock text (1 of 4):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Set-Wallpaper sets the instance information on current wallpaper.
If not wallpaper is set, it creates one with custom color.
-------------------------------------------------------------------------------------------------------------#>
function Set-Wallpaper
{
param (
[Parameter(Position=0)]
[switch] $Initial
)
if (Test-NanoServer)
{
return
}
# Import the wallpaper util methods.
Import-WallpaperUtil
# Keep both original wallpaper and modified wallpaper in the following directories.
$originalWallpaperPath = Join-Path $env:LOCALAPPDATA -ChildPath $script:originalWallpaperName
$customWallpaperPath = Join-Path $env:LOCALAPPDATA -ChildPath $script:customWallpaperName
# Get the current wallpaper path.
$currentWallpaperPath = [WallpaperUtil.Helper]::GetWallpaper()
# This is the initial wallpaper setting prepration at first time boot for the current user.
if ($Initial)
{
# If wallpaper is still set to old custom wallpaper path, set it to original wallpaper.
# This is a scenario for user profiles created before sysprep because Clear-Wallpaper
# does not clear things for all users.
if ($currentWallpaperPath -ieq $customWallpaperPath)
{
# If original wallpaper path exists, set the current wallpaper path to be it.
# Otherwise, set the current wallpaper path to empty string.
if (Test-Path $originalWallpaperPath)
{
$currentWallpaperPath = $originalWallpaperPath
}
else
{
$currentWallpaperPath = ""
}
}
else
{
# If the current wallpaper path is under LOCALAPPDATA as Ec2Wallpaper, but not in the current user's path, copy the original wallpaper.
if ((Test-Path $currentWallpaperPath) -and (Get-Item $currentWallpaperPath).Name -eq $script:customWallpaperName -and $currentWallpaperPath -ne $customWallpaperPath)
{
$temp = Join-Path (Get-Item $currentWallpaperPath).Directory.FullName -ChildPath $script:originalWallpaperName
if (Test-Path $temp)
{
$currentWallpaperPath = $temp
}
else
{
$currentWallpaperPath = ""
}
}
# If the current wallpaper path is not the custom wallpaper path,
# copy the original file to the current user's LOCALAPPDATA.
Copy-Item -Path $currentWallpaperPath -Destination $originalWallpaperPath -Force
}
}
else
{
# If this is not the initial wallpaper setting, check if the wallpaper has changed since the initial setting.
if ($currentWallpaperPath -ne $customWallpaperPath)
{
# If wallpaper has changed after the initial setting by user, wallpaper setting is over.
# Delete the wallpaper setup file in the current user's startup directory.
$userStartupPath = "C:\Users\{0}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" -f $env:USERNAME
$wallpaperSetupPath = Join-Path $userStartupPath -ChildPath $script:wallpaperSetupName
if (Test-Path $wallpaperSetupPath)
{
Remove-Item -Path $wallpaperSetupPath -Force -Confirm:$false
}
if (Test-Path $customWallpaperPath)
{
# Also delete the custom wallpaper for the current user.
Remove-Item -Path $customWallpaperPath -Force -Confirm:$false
}
# At the end, finish it.
return
}
}
# Some information is fetched from metadata.
$metadata = @(
@{ Name="Instance ID"; Source="meta-data/instance-id" }
@{ Name="Public IP Address"; Source="meta-data/public-ipv4" }
@{ Name="Private IP Address"; Source="meta-data/local-ipv4" }
@{ Name="Instance Size"; Source="meta-data/instance-type" }
@{ Name="Availability Zone"; Source="meta-data/placement/availability-zone" }
)
# These include all generations, both latest and older types.
$instanceTypes = @(
@{ Type="m5d.16xlarge"; Memory="262144 MB"; NetworkPerformance="20 Gigabit" }
@{ Type="r5a.16xlarge"; Memory="524288 MB"; NetworkPerformance="12 Gigabit" }
@{ Type="r5a.xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r6g.16xlarge"; Memory="524288 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="c4.8xlarge"; Memory="61440 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="m5d.xlarge"; Memory="16384 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="c5n.4xlarge"; Memory="43008 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="r5.24xlarge"; Memory="786432 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="g4dn.12xlarge"; Memory="196608 MB"; NetworkPerformance="50 Gigabit" }
@{ Type="c4.4xlarge"; Memory="30720 MB"; NetworkPerformance="High" }
@{ Type="x1e.32xlarge"; Memory="3997696 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="m5d.large"; Memory="8192 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="i3en.3xlarge"; Memory="98304 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="g3.16xlarge"; Memory="499712 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="t2.2xlarge"; Memory="32768 MB"; NetworkPerformance="Moderate" }
@{ Type="m5dn.large"; Memory="8192 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="c5d.12xlarge"; Memory="98304 MB"; NetworkPerformance="12 Gigabit" }
@{ Type="m5a.16xlarge"; Memory="262144 MB"; NetworkPerformance="12 Gigabit" }
@{ Type="x1e.8xlarge"; Memory="999424 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="c6g.16xlarge"; Memory="131072 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="r5n.12xlarge"; Memory="393216 MB"; NetworkPerformance="50 Gigabit" }
@{ Type="m6gd.12xlarge"; Memory="196608 MB"; NetworkPerformance="20 Gigabit" }
@{ Type="m5a.2xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="t3.2xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 5 Gigabit" }
@{ Type="r5a.12xlarge"; Memory="393216 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="c6g.12xlarge"; Memory="98304 MB"; NetworkPerformance="20 Gigabit" }
@{ Type="r6gd.xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m6gd.4xlarge"; Memory="65536 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5d.8xlarge"; Memory="131072 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="c3.large"; Memory="3840 MB"; NetworkPerformance="Moderate" }
@{ Type="m5ad.large"; Memory="8192 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="a1.medium"; Memory="2048 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="c3.8xlarge"; Memory="61440 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="c6g.xlarge"; Memory="8192 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r5ad.8xlarge"; Memory="262144 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5dn.2xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="i3en.12xlarge"; Memory="393216 MB"; NetworkPerformance="50 Gigabit" }
@{ Type="m6gd.xlarge"; Memory="16384 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5ad.8xlarge"; Memory="131072 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5ad.2xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="x1.16xlarge"; Memory="999424 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="m6gd.metal"; Memory="262144 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="g4dn.metal"; Memory="393216 MB"; NetworkPerformance="100 Gigabit" }
@{ Type="r6gd.2xlarge"; Memory="65536 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m6g.xlarge"; Memory="16384 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5dn.8xlarge"; Memory="131072 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="p2.8xlarge"; Memory="499712 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="r6g.large"; Memory="16384 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="z1d.xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="i3en.24xlarge"; Memory="786432 MB"; NetworkPerformance="100 Gigabit" }
@{ Type="r3.large"; Memory="15360 MB"; NetworkPerformance="Moderate" }
@{ Type="d2.2xlarge"; Memory="62464 MB"; NetworkPerformance="High" }
@{ Type="r6g.medium"; Memory="8192 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m6g.metal"; Memory="262144 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="r5ad.24xlarge"; Memory="786432 MB"; NetworkPerformance="20 Gigabit" }
@{ Type="c5a.4xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5ad.12xlarge"; Memory="196608 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="r6gd.large"; Memory="16384 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5.24xlarge"; Memory="393216 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="t3a.small"; Memory="2048 MB"; NetworkPerformance="Up to 5 Gigabit" }
@{ Type="m5.8xlarge"; Memory="131072 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="m5a.4xlarge"; Memory="65536 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="c5.xlarge"; Memory="8192 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5.metal"; Memory="393216 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="c5n.large"; Memory="5376 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="m5.12xlarge"; Memory="196608 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="c5d.large"; Memory="4096 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m2.4xlarge"; Memory="70041 MB"; NetworkPerformance="High" }
@{ Type="m5dn.12xlarge"; Memory="196608 MB"; NetworkPerformance="50 Gigabit" }
@{ Type="m5.xlarge"; Memory="16384 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="x1e.2xlarge"; Memory="249856 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5n.16xlarge"; Memory="262144 MB"; NetworkPerformance="75 Gigabit" }
@{ Type="r5ad.12xlarge"; Memory="393216 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="c5a.12xlarge"; Memory="98304 MB"; NetworkPerformance="12 Gigabit" }
@{ Type="c6gd.metal"; Memory="131072 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="t3.xlarge"; Memory="16384 MB"; NetworkPerformance="Up to 5 Gigabit" }
@{ Type="f1.2xlarge"; Memory="124928 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r6gd.medium"; Memory="8192 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r5a.large"; Memory="16384 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r5dn.8xlarge"; Memory="262144 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="c5n.2xlarge"; Memory="21504 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="t1.micro"; Memory="627 MB"; NetworkPerformance="Very Low" }
@{ Type="r3.8xlarge"; Memory="249856 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="z1d.2xlarge"; Memory="65536 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r5a.2xlarge"; Memory="65536 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="c5d.2xlarge"; Memory="16384 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="inf1.xlarge"; Memory="8192 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="t3a.2xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 5 Gigabit" }
@{ Type="m5ad.4xlarge"; Memory="65536 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m4.4xlarge"; Memory="65536 MB"; NetworkPerformance="High" }
@{ Type="r5n.4xlarge"; Memory="131072 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="i2.2xlarge"; Memory="62464 MB"; NetworkPerformance="High" }
@{ Type="m2.2xlarge"; Memory="35020 MB"; NetworkPerformance="Moderate" }
@{ Type="m5dn.xlarge"; Memory="16384 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="m6gd.medium"; Memory="4096 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5d.metal"; Memory="393216 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="r4.16xlarge"; Memory="499712 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="c5.4xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r6g.8xlarge"; Memory="262144 MB"; NetworkPerformance="12 Gigabit" }
@{ Type="d2.8xlarge"; Memory="249856 MB"; NetworkPerformance="10 Gigabit" }
@{ Type="m5n.8xlarge"; Memory="131072 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="r5d.24xlarge"; Memory="786432 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="r3.xlarge"; Memory="31232 MB"; NetworkPerformance="Moderate" }
@{ Type="c3.xlarge"; Memory="7680 MB"; NetworkPerformance="Moderate" }
@{ Type="c5.12xlarge"; Memory="98304 MB"; NetworkPerformance="12 Gigabit" }
@{ Type="r6g.12xlarge"; Memory="393216 MB"; NetworkPerformance="20 Gigabit" }
@{ Type="c5d.4xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m6g.4xlarge"; Memory="65536 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5n.large"; Memory="8192 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="h1.4xlarge"; Memory="65536 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r5d.xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5d.24xlarge"; Memory="393216 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="c5d.24xlarge"; Memory="196608 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="m4.large"; Memory="8192 MB"; NetworkPerformance="Moderate" }
@{ Type="m5a.8xlarge"; Memory="131072 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="m5ad.xlarge"; Memory="16384 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="a1.xlarge"; Memory="8192 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r5.4xlarge"; Memory="131072 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="h1.2xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 10 Gigabit" }
@{ Type="r5dn.xlarge"; Memory="32768 MB"; NetworkPerformance="Up to 25 Gigabit" }
@{ Type="m6gd.16xlarge"; Memory="262144 MB"; NetworkPerformance="25 Gigabit" }
@{ Type="c4.large"; Memory="3840 MB"; NetworkPerformance="Moderate" }
@{ Type="r5d.8xlarge"; Mem
ScriptBlock ID: 8bb17e0f-33f1-48da-b13c-a6afba81380e
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-Wallpaper.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88795
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
function Set-Trim
{
param (
[parameter(Mandatory=$false)]
[bool] $Enable
)
$output = fsutil behavior query DisableDeleteNotify NTFS
$wasTrimEnabled = $output.Contains("DisableDeleteNotify = 0")
if ($Enable)
{
Write-Log "Enable TRIM"
fsutil behavior set DisableDeleteNotify NTFS 0 | Out-Null
}
else
{
Write-Log "Disable TRIM"
fsutil behavior set DisableDeleteNotify NTFS 1 | Out-Null
}
return $wasTrimEnabled
}
# SIG # Begin signature block
# MIIc9QYJKoZIhvcNAQcCoIIc5jCCHOICAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCB+2IKXsc4Gg6Mr
# jtD7fs4OBivgD1VTyvJGn4n+pyuRyKCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+sMIIP
# qAIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIEWFYWpyVes32Op1Tq4FM0MO/SvelWj5QLKuGvc3QJN+MA0GCSqGSIb3DQEB
# AQUABIIBAFgwJ2ed+0PglwNaesdA55o5vxQUFKU5QNuyfPuvanOsjeb6iVqO8KpY
# T71peSXWhrgw2CW9H/O4fM1ScSm4IO7UxVs8Sy/a2kB0d036BBKTapFReag6HqS1
# C2OLY1xvHSjTD7PCn3YomBq2O7gdtjCNVOWqOUbM/dwkmywCOjMtzWnxRhBafK3V
# yB96pt/fWC7Uz3Lo3FIi0y9IuQMEmLx2YKnnNHKy0cj+3jYwClnvdRX0Sb3W+Fmw
# t2KzLrUBRt4mGUn8HIFGgH/tbCSTh8lnUibJMqWQfoKm2ebK0fuCnQn904hS/+/z
# 4rACcoXVDPsEavFUXbK+gOJTcxG2JZ2hgg1+MIINegYKKwYBBAGCNwMDATGCDWow
# gg1mBgkqhkiG9w0BBwKggg1XMIINUwIBAzEPMA0GCWCGSAFlAwQCAQUAMHgGCyqG
# SIb3DQEJEAEEoGkEZzBlAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# 5bCzDtmHEv+pZhl0SipgPiugdf/SUEqCVt8Atn/1WN8CEQDE+h+7SStyn2ybgBCa
# bK/mGA8yMDIxMDgwNDE4MzQ1Nlqgggo3MIIE/jCCA+agAwIBAgIQDUJK4L46iP9g
# QCHOFADw3TANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
# RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQD
# EyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBMB4XDTIx
# MDEwMTAwMDAwMFoXDTMxMDEwNjAwMDAwMFowSDELMAkGA1UEBhMCVVMxFzAVBgNV
# BAoTDkRpZ2lDZXJ0LCBJbmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAg
# MjAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLmYYRnxYr1DQik
# Rcpja1HXOhFCvQp1dU2UtAxQtSYQ/h3Ib5FrDJbnGlxI70Tlv5thzRWRYlq4/2cL
# nGP9NmqB+in43Stwhd4CGPN4bbx9+cdtCT2+anaH6Yq9+IRdHnbJ5MZ2djpT0dHT
# WjaPxqPhLxs6t2HWc+xObTOKfF1FLUuxUOZBOjdWhtyTI433UCXoZObd048vV7WH
# IOsOjizVI9r0TXhG4wODMSlKXAwxikqMiMX3MFr5FK8VX2xDSQn9JiNT9o1j6Bqr
# W7EdMMKbaYK02/xWVLwfoYervnpbCiAvSwnJlaeNsvrWY4tOpXIc7p96AXP4Gdb+
# DUmEvQECAwEAAaOCAbgwggG0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA
# MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEEGA1UdIAQ6MDgwNgYJYIZIAYb9bAcB
# MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAfBgNV
# HSMEGDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUNkSGjqS6sGa+
# vCgtHUQ23eNqerwwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNl
# cnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRp
# Z2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcw
# JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcw
# AoZDaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3Vy
# ZWRJRFRpbWVzdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEASBzctema
# I7znGucgDo5nRv1CclF0CiNHo6uS0iXEcFm+FKDlJ4GlTRQVGQd58NEEw4bZO73+
# RAJmTe1ppA/2uHDPYuj1UUp4eTZ6J7fz51Kfk6ftQ55757TdQSKJ+4eiRgNO/PT+
# t2R3Y18jUmmDgvoaU+2QzI2hF3MN9PNlOXBL85zWenvaDLw9MtAby/Vh/HUIAHa8
# gQ74wOFcz8QRcucbZEnYIpp1FUL1LTI4gdr0YKK6tFL7XOBhJCVPst/JKahzQ1Ha
# vWPWH1ub9y4bTxMd90oNcX6Xt/Q/hOvB46NJofrOp79Wz7pZdmGJX36ntI5nePk2
# mOHLKNpbh6aKLzCCBTEwggQZoAMCAQICEAqhJdbWMht+QeQF2jaXwhUwDQYJKoZI
# hvcNAQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
# MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNz
# dXJlZCBJRCBSb290IENBMB4XDTE2MDEwNzEyMDAwMFoXDTMxMDEwNzEyMDAwMFow
# cjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVk
# IElEIFRpbWVzdGFtcGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
# ggEBAL3QMu5LzY9/3am6gpnFOVQoV7YjSsQOB0UzURB90Pl9TWh+57ag9I2ziOSX
# v2MhkJi/E7xX08PhfgjWahQAOPcuHjvuzKb2Mln+X2U/4Jvr40ZHBhpVfgsnfsCi
# 9aDg3iI/Dv9+lfvzo7oiPhisEeTwmQNtO4V8CdPuXciaC1TjqAlxa+DPIhAPdc9x
# ck4Krd9AOly3UeGheRTGTSQjMF287DxgaqwvB8z98OpH2YhQXv1mblZhJymJhFHm
# gudGUP2UKiyn5HU+upgPhH+fMRTWrdXyZMt7HgXQhBlyF/EXBu89zdZN7wZC/aJT
# Kk+FHcQdPK/P2qwQ9d2srOlW/5MCAwEAAaOCAc4wggHKMB0GA1UdDgQWBBT0tuEg
# Hf4prtLkYaWyoiWyyBc1bjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAK
# BggrBgEFBQcDCDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHow
# eDA6oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJl
# ZElEUm9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp
# Z2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDBQBgNVHSAESTBHMDgGCmCGSAGG/WwA
# AgQwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAL
# BglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggEBAHGVEulRh1Zpze/d2nyqY3qz
# eM8GN0CE70uEv8rPAwL9xafDDiBCLK938ysfDCFaKrcFNB1qrpn4J6JmvwmqYN92
# pDqTD/iy0dh8GWLoXoIlHsS6HHssIeLWWywUNUMEaLLbdQLgcseY1jxk5R9IEBhf
# iThhTWJGJIdjjJFSLK8pieV4H9YLFKWA1xJHcLN11ZOFk362kmf7U2GJqPVrlsD0
# WGkNfMgBsbkodbeZY4UijGHKeZR+WfyMD+NvtQEmtmyl7odRIeRYYJu6DC0rbaLE
# frvEJStHAgh8Sa4TtuF8QkIoxhhWz0E0tmZdtnR79VYzIi8iNrJLokqV2PWmjlIx
# ggKGMIICggIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
# SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2Vy
# dCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhANQkrgvjqI/2BAIc4U
# APDdMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB
# BDAcBgkqhkiG9w0BCQUxDxcNMjEwODA0MTgzNDU2WjArBgsqhkiG9w0BCRACDDEc
# MBowGDAWBBTh14Ko4ZG+72vKFpG1qrSUpiSb8zAvBgkqhkiG9w0BCQQxIgQg2ZWf
# zRqjRT7GK2jsOXoiX+ex9TTkdms1QKUltQeyu44wNwYLKoZIhvcNAQkQAi8xKDAm
# MCQwIgQgsxCQBrwK2YMHkVcp4EQDQVyD4ykrYU8mlkyNNXHs9akwDQYJKoZIhvcN
# AQEBBQAEggEAaDr2PPe/9Bep5zbfTpWWP1WuHt+x09rLQ9irtQXjg19AGOEUYKvU
# g190kWvpB3jdzOOeIxgNXmBhiAbBBYURAF8PAAD7SUJmSeEhOFa1gT7aw2D9ADIe
# /N1eZYJ5ny9OJQabLrQFq/boHt90vCqdsu3zhheM92Jz6trXaM2cv8c9uAWZFu7p
# RArpLra8LQVFBNRZnKy4jnvklWqpdSzmuxyTm/9sSArb/lYsoCn/5u2jfpWvGRHk
# YotniWP5Gt/wVEa1DSXCyDkD3V6MGjm2C1rcHCbvAyc78sailX78THXkU4IQRFGX
# DtxEhW5RAfoZU7naMinupzV+CWZ9KqRclg==
# SIG # End signature block
ScriptBlock ID: 69c3554d-a6ee-4d47-8630-fb1de7bd4200
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-Trim.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88792
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Set-SerialPort sets serial port COM1 to be available.
-------------------------------------------------------------------------------------------------------------#>
function Set-SerialPort
{
$Name = "Communications Port"
$Port = "COM1"
$ComDB = "ComDB"
$DeviceParameters = "Device Parameters"
$CCSEnumRegPath = "HKLM:\SYSTEM\CurrentControlSet\Enum"
$COMInfoRegPath = "HKLM:\SYSTEM\CurrentControlSet\Control\COM Name Arbiter"
Write-Log "Checking Serial Port COM1"
# If serial port COM1 is already detected by system, return false.
$SP = Get-CimInstance Win32_SerialPort
if($SP -and ($SP.DeviceID -eq $Port)) {
Write-Log "Serial Port COM1 is already set. No reboot queued."
return $false
}
Write-Log "Serial Port COM1 is not set... Setting it"
# Check if Communications Port is available.
$CP = Get-CimInstance Win32_PnPEntity | Where Description -Contains $Name
$DeviceId = $CP.DeviceID
# Check if device info contains FriendlyName.
$DeviceInfoRegPath = Join-Path $CCSEnumRegPath -ChildPath $DeviceId
$DeviceInfo = Get-ItemProperty -Path $DeviceInfoRegPath
if(-not $DeviceInfo.FriendlyName) {
$FriendlyName = "{0} ({1})" -f $Name, $Port
New-ItemProperty -Path $DeviceInfoRegPath -Name "FriendlyName" -Value $FriendlyName
}
# Check if port info contains PortName.
$PortInfoRegPath = Join-Path $DeviceInfoRegPath -ChildPath $DeviceParameters
$PortInfo = Get-ItemProperty -Path $PortInfoRegPath
if(-not $PortInfo.PortName) {
New-ItemProperty -Path $PortInfoRegPath -Name "PortName" -Value $Port
}
# Check if COM info contains COM DB and COM1 as 1.
$COMInfo = Get-ItemProperty -Path $COMInfoRegPath
if(-not $COMInfo.ComDB) {
$ComArray = New-Object Byte[] 32
$ComArray[0] = 1
New-ItemProperty -Path $COMInfoRegPath -Name $ComDB -Value ([byte[]] $ComArray)
} elseif(($COMInfo.ComDB[0] -band 1) -eq 0) {
$ComArray = $COMInfo.ComDB
$ComArray[0] = $ComArray[0] -bor 1
Set-ItemProperty -Path $COMInfoRegPath -Name $ComDB -Value ([byte[]] $ComArray)
}
return $true
}
# SIG # Begin signature block
# MIIc9AYJKoZIhvcNAQcCoIIc5TCCHOECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCC6krDby5RBnbRE
# G6CA72q7UQXuQ+ADXV2znFKXVHxVZ6CCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+rMIIP
# pwIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIJA40aSfR6BW+6EVqVTVHEXcuGzABqTSWi3FzjB5HHYcMA0GCSqGSIb3DQEB
# AQUABIIBAH5qHL0euZJpUZvLQUmnop44kvErbBezFXsh047zI8vA/wdKBEkvJmab
# evsEMauyRha1CXPqdl5pb9GluFadl0jvEyQo+o7R/c6YVz+oQzhEbikgkTYtPuhC
# Fbih47y4yNbDXaqKGqjn8ISf4/OX1/4mWxIxBw+vKBtMp6QHMyRKZ/q5KbvuyOWt
# j/vgKYk4Mzd3P/nbQ48hlF932AFQJm0E309Ii1u2/BdwIQhVaSb4Fl2Wvvbd0MW7
# VKTFA4m71cJYnc+ePYLB4ifx8WWnr+Ji3ok+H1hyDZLUVnsjy47WbVRQ1f3KmZNO
# dhCJNTAZzcXxH7XreBoLRWchx9UdlMOhgg19MIINeQYKKwYBBAGCNwMDATGCDWkw
# gg1lBgkqhkiG9w0BBwKggg1WMIINUgIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqG
# SIb3DQEJEAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# B4mnmdK8Kt+4NDwO97E+lEj0xjJ0L8Kv9sgrdMhm8WECEAyGXvbNd8exP030Nc2s
# 4FgYDzIwMjEwODA0MTgzNTQxWqCCCjcwggT+MIID5qADAgECAhANQkrgvjqI/2BA
# Ic4UAPDdMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE
# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMT
# KERpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMjEw
# MTAxMDAwMDAwWhcNMzEwMTA2MDAwMDAwWjBIMQswCQYDVQQGEwJVUzEXMBUGA1UE
# ChMORGlnaUNlcnQsIEluYy4xIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAy
# MDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZhhGfFivUNCKRF
# ymNrUdc6EUK9CnV1TZS0DFC1JhD+HchvkWsMlucaXEjvROW/m2HNFZFiWrj/Zwuc
# Y/02aoH6KfjdK3CF3gIY83htvH35x20JPb5qdofpir34hF0edsnkxnZ2OlPR0dNa
# No/Go+EvGzq3YdZz7E5tM4p8XUUtS7FQ5kE6N1aG3JMjjfdQJehk5t3Tjy9XtYcg
# 6w6OLNUj2vRNeEbjA4MxKUpcDDGKSoyIxfcwWvkUrxVfbENJCf0mI1P2jWPoGqtb
# sR0wwptpgrTb/FZUvB+hh6u+elsKIC9LCcmVp42y+tZji06lchzun3oBc/gZ1v4N
# SYS9AQIDAQABo4IBuDCCAbQwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAw
# FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwQQYDVR0gBDowODA2BglghkgBhv1sBwEw
# KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB8GA1Ud
# IwQYMBaAFPS24SAd/imu0uRhpbKiJbLIFzVuMB0GA1UdDgQWBBQ2RIaOpLqwZr68
# KC0dRDbd42p6vDBxBgNVHR8EajBoMDKgMKAuhixodHRwOi8vY3JsMy5kaWdpY2Vy
# dC5jb20vc2hhMi1hc3N1cmVkLXRzLmNybDAyoDCgLoYsaHR0cDovL2NybDQuZGln
# aWNlcnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwgYUGCCsGAQUFBwEBBHkwdzAk
# BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAC
# hkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJl
# ZElEVGltZXN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQBIHNy16Zoj
# vOca5yAOjmdG/UJyUXQKI0ejq5LSJcRwWb4UoOUngaVNFBUZB3nw0QTDhtk7vf5E
# AmZN7WmkD/a4cM9i6PVRSnh5Nnont/PnUp+Tp+1DnnvntN1BIon7h6JGA0789P63
# ZHdjXyNSaYOC+hpT7ZDMjaEXcw3082U5cEvznNZ6e9oMvD0y0BvL9WH8dQgAdryB
# DvjA4VzPxBFy5xtkSdgimnUVQvUtMjiB2vRgorq0Uvtc4GEkJU+y38kpqHNDUdq9
# Y9YfW5v3LhtPEx33Sg1xfpe39D+E68Hjo0mh+s6nv1bPull2YYlffqe0jmd4+TaY
# 4cso2luHpoovMIIFMTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG
# 9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
# cmVkIElEIFJvb3QgQ0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjBy
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
# SUQgVGltZXN0YW1waW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
# AQEAvdAy7kvNj3/dqbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/
# YyGQmL8TvFfTw+F+CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1
# oODeIj8O/36V+/OjuiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3Fy
# Tgqt30A6XLdR4aF5FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC
# 50ZQ/ZQqLKfkdT66mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMq
# T4UdxB08r8/arBD13ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd
# /imu0uRhpbKiJbLIFzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoG
# CCsGAQUFBwMIMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29j
# c3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4
# MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
# SURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAAC
# BDAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsG
# CWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4
# zwY3QITvS4S/ys8DAv3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33ak
# OpMP+LLR2HwZYuhegiUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+J
# OGFNYkYkh2OMkVIsrymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRY
# aQ18yAGxuSh1t5ljhSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+
# u8QlK0cCCHxJrhO24XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGC
# AoYwggKCAgEBMIGGMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0
# IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0ECEA1CSuC+Ooj/YEAhzhQA
# 8N0wDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE
# MBwGCSqGSIb3DQEJBTEPFw0yMTA4MDQxODM1NDFaMCsGCyqGSIb3DQEJEAIMMRww
# GjAYMBYEFOHXgqjhkb7va8oWkbWqtJSmJJvzMC8GCSqGSIb3DQEJBDEiBCBXkHNS
# W4bfnyZoixtuKFJdGedbmk1mlSl4wWTZMgM3rDA3BgsqhkiG9w0BCRACLzEoMCYw
# JDAiBCCzEJAGvArZgweRVyngRANBXIPjKSthTyaWTI01cez1qTANBgkqhkiG9w0B
# AQEFAASCAQC9DOOZQjFJQF0u1/WVhtZMgsyzryxiIfq6hIMQjFWy9Uv+1Woptkfs
# jmiVf5+8UqNzpQ1rnflrZsAYwnGWLBxQtcWAeReM/R2qxIdVRrOD1amz5lwkRef8
# dw/WfaPEzBTvtl8lPy0cFEJLzL/791wZfMpb9LzgQqp3c5A2/MZ6A1N801fsHPtf
# ht4IR/7BJjdrt14rl7Ki86VGrGAQYpHEJZqgsN95FVwNgpc04lOg56nw7oKam7j5
# ZoWYsXjhU/CseAjZzSb0KNsukk+TPIw/JppiOvwBlbPxKJnpXK8uvjTZmmpJc7M6
# ysG89WKhprNq+ZNAFa1w6cIho4jhN/a0
# SIG # End signature block
ScriptBlock ID: 599e37d2-7474-4d64-9784-b58453152d83
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-SerialPort.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88789
Keywords=None
Message=Creating Scriptblock text (1 of 1):
#----------------------------------------------------------------------------------------------------
#
# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Customer Agreement (the "License").
#
# You may not use this file except in compliance with the License.
#
# A copy of the License is located at
#
# http://aws.amazon.com/agreement
#
# or in the "license" file accompanying this file.
#
# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
# either express or implied. See the License for the specific language governing permissions
# and limitations under the License.
#
#----------------------------------------------------------------------------------------------------
function ActivatePowerPlan() {
param(
[Parameter(Mandatory=$true, Position=0)]
[string] $PowerPlanUuid
)
powercfg /setactive $PowerPlanUuid
}
<#-----------------------------------------------------------------------------------------------------------
Set-PowerPlanValue will set the given value for all power settings that match the instance id regex.
-------------------------------------------------------------------------------------------------------------#>
function Set-PowerPlanValue() {
param(
[Parameter(Mandatory=$true, Position=0)]
[string] $PowerSettingInstanceIdRegex,
[Parameter(Mandatory=$true, Position=1)]
[string] $PowerSettingValue
)
$powerPlans = Get-CimInstance -Namespace "root\cimv2\power" -Class Win32_PowerPlan
$activePlan = $powerPlans | Where-Object {$_.IsActive}
$planSleepSettings = $powerPlans |
Get-CimAssociatedInstance -ResultClass Win32_PowerSettingDataIndex |
Where {$_.InstanceID -Match $PowerSettingInstanceIdRegex}
$planSleepSettings | ForEach {
Set-CimInstance -InputObject $_ -Property @{ SettingIndexValue = $PowerSettingValue }
}
# As per Win32_PowerSettingDataIndex docs, we need to re-activate the current power plan to have settings take effect, see https://msdn.microsoft.com/en-us/library/dd904534(v=vs.85).aspx
#
# Windows 2019 does not contain this method for some reason, fallback to powercfg
$planUuidRegex = [regex] "{(.+)}$"
$activePlanUuid = $planUuidRegex.Match($activePlan.InstanceID).groups[1].Value
ActivatePowerPlan -PowerPlanUuid $activePlanUuid
}
# SIG # Begin signature block
# MIIc9QYJKoZIhvcNAQcCoIIc5jCCHOICAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCFDGfxd3nQc5hz
# GVuEQCLtD7w08iXLtvkVhySQ0WZb1KCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+sMIIP
# qAIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIIlg6wCiBCVTXGe2ez+cIJwfdCq6foacY8rs1Ys9z1S1MA0GCSqGSIb3DQEB
# AQUABIIBAJpFw7KKUHnO1GWiwqp5sNuhegXNg5Evuv59aeTlJsx/+ON2sGZzIPi5
# jMdROxnAMYhl+WgQb1Rh6KGhIToFoEnInYMO3KRzR+fg/1S48wKHgrhCFRq/rUSK
# tmj1BiwXfMwsY/yaMxh+oCoaglvFzYdZ357GA9TMiKy2akfr/A4/KGKdqq4VCCcZ
# zdAHkZJTuQGp759aZmfa2yQm9xPXQim6xHGJzNsHYkxCrEzpnECTfMUFaGPygFKQ
# Fx+vA2kFTpWN4DIm13mZ483s/3IRj8dt3ZpkI9myO7Ow2Rf4Bm4+F+ogi+ZcfuFW
# w+vJe3onLclwQYa1RAoCwDb/jd1+5fmhgg1+MIINegYKKwYBBAGCNwMDATGCDWow
# gg1mBgkqhkiG9w0BBwKggg1XMIINUwIBAzEPMA0GCWCGSAFlAwQCAQUAMHgGCyqG
# SIb3DQEJEAEEoGkEZzBlAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# Pn9GIfpQylAZUMQNh0QyL7mJW37NxykGAcNLuSoP2FsCEQDDeGYO9VL+8HMYsyti
# KZm6GA8yMDIxMDgwNDE4MzgwMFqgggo3MIIE/jCCA+agAwIBAgIQDUJK4L46iP9g
# QCHOFADw3TANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
# RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQD
# EyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBMB4XDTIx
# MDEwMTAwMDAwMFoXDTMxMDEwNjAwMDAwMFowSDELMAkGA1UEBhMCVVMxFzAVBgNV
# BAoTDkRpZ2lDZXJ0LCBJbmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAg
# MjAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLmYYRnxYr1DQik
# Rcpja1HXOhFCvQp1dU2UtAxQtSYQ/h3Ib5FrDJbnGlxI70Tlv5thzRWRYlq4/2cL
# nGP9NmqB+in43Stwhd4CGPN4bbx9+cdtCT2+anaH6Yq9+IRdHnbJ5MZ2djpT0dHT
# WjaPxqPhLxs6t2HWc+xObTOKfF1FLUuxUOZBOjdWhtyTI433UCXoZObd048vV7WH
# IOsOjizVI9r0TXhG4wODMSlKXAwxikqMiMX3MFr5FK8VX2xDSQn9JiNT9o1j6Bqr
# W7EdMMKbaYK02/xWVLwfoYervnpbCiAvSwnJlaeNsvrWY4tOpXIc7p96AXP4Gdb+
# DUmEvQECAwEAAaOCAbgwggG0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA
# MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEEGA1UdIAQ6MDgwNgYJYIZIAYb9bAcB
# MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAfBgNV
# HSMEGDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUNkSGjqS6sGa+
# vCgtHUQ23eNqerwwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNl
# cnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRp
# Z2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcw
# JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcw
# AoZDaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3Vy
# ZWRJRFRpbWVzdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEASBzctema
# I7znGucgDo5nRv1CclF0CiNHo6uS0iXEcFm+FKDlJ4GlTRQVGQd58NEEw4bZO73+
# RAJmTe1ppA/2uHDPYuj1UUp4eTZ6J7fz51Kfk6ftQ55757TdQSKJ+4eiRgNO/PT+
# t2R3Y18jUmmDgvoaU+2QzI2hF3MN9PNlOXBL85zWenvaDLw9MtAby/Vh/HUIAHa8
# gQ74wOFcz8QRcucbZEnYIpp1FUL1LTI4gdr0YKK6tFL7XOBhJCVPst/JKahzQ1Ha
# vWPWH1ub9y4bTxMd90oNcX6Xt/Q/hOvB46NJofrOp79Wz7pZdmGJX36ntI5nePk2
# mOHLKNpbh6aKLzCCBTEwggQZoAMCAQICEAqhJdbWMht+QeQF2jaXwhUwDQYJKoZI
# hvcNAQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
# MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNz
# dXJlZCBJRCBSb290IENBMB4XDTE2MDEwNzEyMDAwMFoXDTMxMDEwNzEyMDAwMFow
# cjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVk
# IElEIFRpbWVzdGFtcGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
# ggEBAL3QMu5LzY9/3am6gpnFOVQoV7YjSsQOB0UzURB90Pl9TWh+57ag9I2ziOSX
# v2MhkJi/E7xX08PhfgjWahQAOPcuHjvuzKb2Mln+X2U/4Jvr40ZHBhpVfgsnfsCi
# 9aDg3iI/Dv9+lfvzo7oiPhisEeTwmQNtO4V8CdPuXciaC1TjqAlxa+DPIhAPdc9x
# ck4Krd9AOly3UeGheRTGTSQjMF287DxgaqwvB8z98OpH2YhQXv1mblZhJymJhFHm
# gudGUP2UKiyn5HU+upgPhH+fMRTWrdXyZMt7HgXQhBlyF/EXBu89zdZN7wZC/aJT
# Kk+FHcQdPK/P2qwQ9d2srOlW/5MCAwEAAaOCAc4wggHKMB0GA1UdDgQWBBT0tuEg
# Hf4prtLkYaWyoiWyyBc1bjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAK
# BggrBgEFBQcDCDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHow
# eDA6oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJl
# ZElEUm9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp
# Z2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDBQBgNVHSAESTBHMDgGCmCGSAGG/WwA
# AgQwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAL
# BglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggEBAHGVEulRh1Zpze/d2nyqY3qz
# eM8GN0CE70uEv8rPAwL9xafDDiBCLK938ysfDCFaKrcFNB1qrpn4J6JmvwmqYN92
# pDqTD/iy0dh8GWLoXoIlHsS6HHssIeLWWywUNUMEaLLbdQLgcseY1jxk5R9IEBhf
# iThhTWJGJIdjjJFSLK8pieV4H9YLFKWA1xJHcLN11ZOFk362kmf7U2GJqPVrlsD0
# WGkNfMgBsbkodbeZY4UijGHKeZR+WfyMD+NvtQEmtmyl7odRIeRYYJu6DC0rbaLE
# frvEJStHAgh8Sa4TtuF8QkIoxhhWz0E0tmZdtnR79VYzIi8iNrJLokqV2PWmjlIx
# ggKGMIICggIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
# SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2Vy
# dCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhANQkrgvjqI/2BAIc4U
# APDdMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB
# BDAcBgkqhkiG9w0BCQUxDxcNMjEwODA0MTgzODAwWjArBgsqhkiG9w0BCRACDDEc
# MBowGDAWBBTh14Ko4ZG+72vKFpG1qrSUpiSb8zAvBgkqhkiG9w0BCQQxIgQgPTFj
# iN+4NKR9s86nSiMFq1/Q8biWCBm7FlFaQGi4JKkwNwYLKoZIhvcNAQkQAi8xKDAm
# MCQwIgQgsxCQBrwK2YMHkVcp4EQDQVyD4ykrYU8mlkyNNXHs9akwDQYJKoZIhvcN
# AQEBBQAEggEABarHptqkn5FZfOpta1x+6U8KAJv+VW5PS7yQI/neoiP6M06swTnl
# fAiZPmlfeR/XnoBo9SBFzls8XzO3PyGH3tb30jdi0wt2mqlC7FzitJNFbBdWOwQ/
# FsafLgEGT3Pc+7gY42w4Q7LeZWEcIcbr2eI06/82CpwexaiGo+Fsb/7vaxfBYeL/
# h8aE3LdbSV8PLGt1NZpI1cPk31ksDONjSGWOoEydFlRU6II+7mYIbCw8lHaBNLWf
# JSY6syIVfGdzNIpwnfmJK2QGw/rOAED+fcWMy3RHSYkv3kuHGsvEKwnVgzhzmt8B
# 9bsSBWN5m2fJJimttl5KO8HJ6U31lyCaZw==
# SIG # End signature block
ScriptBlock ID: dd21667b-baa1-4003-af01-38eb29fb82a9
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-PowerPlanValue.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88786
Keywords=None
Message=Creating Scriptblock text (1 of 1):
#----------------------------------------------------------------------------------------------------
#
# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Customer Agreement (the "License").
#
# You may not use this file except in compliance with the License.
#
# A copy of the License is located at
#
# http://aws.amazon.com/agreement
#
# or in the "license" file accompanying this file.
#
# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
# either express or implied. See the License for the specific language governing permissions
# and limitations under the License.
#
#----------------------------------------------------------------------------------------------------
<#-----------------------------------------------------------------------------------------------------------
Set-MonitorAlwaysOn will set the timeout for monitor sleep to zero to it never turns off.
-------------------------------------------------------------------------------------------------------------#>
function Set-MonitorAlwaysOn() {
$ErrorActionPreference = "Stop"
$state = Get-LaunchConfig -Key SetMonitorAlwaysOn
if (-not $state)
{
Write-Log "Setting monitor always on disabled"
return $false
}
try
{
Write-Log "Setting monitor to always be on"
Set-PowerPlanValue -PowerSettingInstanceIdRegex "Microsoft:PowerSettingDataIndex\\{.+}\\[AD]C\\{3c0bc021-c8a8-4e07-a973-6b14cbcb2b7e}" -PowerSettingValue 0
Write-Log "Successfully set monitor always on"
}
catch
{
Write-Log ("Failed to set monitor always on: {0}" -f $_.Exception.Message)
}
}
# SIG # Begin signature block
# MIIc9QYJKoZIhvcNAQcCoIIc5jCCHOICAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCA45ZrbWBa4MFEF
# QAmoF/pTPPpPwKRiahhWpkHt3lIA56CCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+sMIIP
# qAIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIP6mrxLAo+kf6PZaCUmA2nTaIf6969o234n/ECmtYmAwMA0GCSqGSIb3DQEB
# AQUABIIBAE1E9cCp61tP4LzazmjSfiX5i+NArbyG01ikzIVIvopc7hyB8sZ8yaUn
# Wb3F7IWhZdwkrdOiYSSoE9d0aHR1PpkF2c/199mJAp2DvE6jJ7e8upfC2c0Opppa
# lMRLmfvNeG4QXQ/Kkzqs8l2kq9zn3oOoqaIygkqHZSIl/uz0O/TSKYJ3UEj1kEdF
# RSWmkMqbM+7+jRaYCI+CaCw9Xo+2fLHyzii6cjf4mAFdd+tZvNwb7JEzJK4W4/Pr
# kDj871GpgV1Xw4vf8ZhVEOCzX7JlZU5FN7e4O63t6X/Ax5cZ679B4bz+fhSdPOwJ
# Df5/jf6vRZBG03mv9OSZKdA7rmuqRuehgg1+MIINegYKKwYBBAGCNwMDATGCDWow
# gg1mBgkqhkiG9w0BBwKggg1XMIINUwIBAzEPMA0GCWCGSAFlAwQCAQUAMHgGCyqG
# SIb3DQEJEAEEoGkEZzBlAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# VEZ7yWkaZ0e8Jzq9ndF3ZyGHiUS9mvNwClnDOJMdCsQCEQCk6CyjObKqSNX6FHvs
# fjcpGA8yMDIxMDgwNDE4MzU1N1qgggo3MIIE/jCCA+agAwIBAgIQDUJK4L46iP9g
# QCHOFADw3TANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
# RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQD
# EyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBMB4XDTIx
# MDEwMTAwMDAwMFoXDTMxMDEwNjAwMDAwMFowSDELMAkGA1UEBhMCVVMxFzAVBgNV
# BAoTDkRpZ2lDZXJ0LCBJbmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAg
# MjAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLmYYRnxYr1DQik
# Rcpja1HXOhFCvQp1dU2UtAxQtSYQ/h3Ib5FrDJbnGlxI70Tlv5thzRWRYlq4/2cL
# nGP9NmqB+in43Stwhd4CGPN4bbx9+cdtCT2+anaH6Yq9+IRdHnbJ5MZ2djpT0dHT
# WjaPxqPhLxs6t2HWc+xObTOKfF1FLUuxUOZBOjdWhtyTI433UCXoZObd048vV7WH
# IOsOjizVI9r0TXhG4wODMSlKXAwxikqMiMX3MFr5FK8VX2xDSQn9JiNT9o1j6Bqr
# W7EdMMKbaYK02/xWVLwfoYervnpbCiAvSwnJlaeNsvrWY4tOpXIc7p96AXP4Gdb+
# DUmEvQECAwEAAaOCAbgwggG0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA
# MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEEGA1UdIAQ6MDgwNgYJYIZIAYb9bAcB
# MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAfBgNV
# HSMEGDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUNkSGjqS6sGa+
# vCgtHUQ23eNqerwwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNl
# cnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRp
# Z2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcw
# JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcw
# AoZDaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3Vy
# ZWRJRFRpbWVzdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEASBzctema
# I7znGucgDo5nRv1CclF0CiNHo6uS0iXEcFm+FKDlJ4GlTRQVGQd58NEEw4bZO73+
# RAJmTe1ppA/2uHDPYuj1UUp4eTZ6J7fz51Kfk6ftQ55757TdQSKJ+4eiRgNO/PT+
# t2R3Y18jUmmDgvoaU+2QzI2hF3MN9PNlOXBL85zWenvaDLw9MtAby/Vh/HUIAHa8
# gQ74wOFcz8QRcucbZEnYIpp1FUL1LTI4gdr0YKK6tFL7XOBhJCVPst/JKahzQ1Ha
# vWPWH1ub9y4bTxMd90oNcX6Xt/Q/hOvB46NJofrOp79Wz7pZdmGJX36ntI5nePk2
# mOHLKNpbh6aKLzCCBTEwggQZoAMCAQICEAqhJdbWMht+QeQF2jaXwhUwDQYJKoZI
# hvcNAQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
# MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNz
# dXJlZCBJRCBSb290IENBMB4XDTE2MDEwNzEyMDAwMFoXDTMxMDEwNzEyMDAwMFow
# cjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVk
# IElEIFRpbWVzdGFtcGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
# ggEBAL3QMu5LzY9/3am6gpnFOVQoV7YjSsQOB0UzURB90Pl9TWh+57ag9I2ziOSX
# v2MhkJi/E7xX08PhfgjWahQAOPcuHjvuzKb2Mln+X2U/4Jvr40ZHBhpVfgsnfsCi
# 9aDg3iI/Dv9+lfvzo7oiPhisEeTwmQNtO4V8CdPuXciaC1TjqAlxa+DPIhAPdc9x
# ck4Krd9AOly3UeGheRTGTSQjMF287DxgaqwvB8z98OpH2YhQXv1mblZhJymJhFHm
# gudGUP2UKiyn5HU+upgPhH+fMRTWrdXyZMt7HgXQhBlyF/EXBu89zdZN7wZC/aJT
# Kk+FHcQdPK/P2qwQ9d2srOlW/5MCAwEAAaOCAc4wggHKMB0GA1UdDgQWBBT0tuEg
# Hf4prtLkYaWyoiWyyBc1bjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAK
# BggrBgEFBQcDCDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHow
# eDA6oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJl
# ZElEUm9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp
# Z2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDBQBgNVHSAESTBHMDgGCmCGSAGG/WwA
# AgQwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAL
# BglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggEBAHGVEulRh1Zpze/d2nyqY3qz
# eM8GN0CE70uEv8rPAwL9xafDDiBCLK938ysfDCFaKrcFNB1qrpn4J6JmvwmqYN92
# pDqTD/iy0dh8GWLoXoIlHsS6HHssIeLWWywUNUMEaLLbdQLgcseY1jxk5R9IEBhf
# iThhTWJGJIdjjJFSLK8pieV4H9YLFKWA1xJHcLN11ZOFk362kmf7U2GJqPVrlsD0
# WGkNfMgBsbkodbeZY4UijGHKeZR+WfyMD+NvtQEmtmyl7odRIeRYYJu6DC0rbaLE
# frvEJStHAgh8Sa4TtuF8QkIoxhhWz0E0tmZdtnR79VYzIi8iNrJLokqV2PWmjlIx
# ggKGMIICggIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
# SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2Vy
# dCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhANQkrgvjqI/2BAIc4U
# APDdMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB
# BDAcBgkqhkiG9w0BCQUxDxcNMjEwODA0MTgzNTU3WjArBgsqhkiG9w0BCRACDDEc
# MBowGDAWBBTh14Ko4ZG+72vKFpG1qrSUpiSb8zAvBgkqhkiG9w0BCQQxIgQgvDds
# EpzSSNZBwSSD/NdrmP53w+nTfHOqcbkKm01xPgswNwYLKoZIhvcNAQkQAi8xKDAm
# MCQwIgQgsxCQBrwK2YMHkVcp4EQDQVyD4ykrYU8mlkyNNXHs9akwDQYJKoZIhvcN
# AQEBBQAEggEAn5E9BmH8Bef2+AsWZ9emV+2AHNLj6g0zLo8OpSytELe7RIISh+4u
# 137r77S9J7sOr0BcamdTFXGgExu++AUuQrzoHzDzUp8xZms/SILm+zAI99wb75/n
# Ob/N8wiKKM3z6QAydtL54BCUDufOQdLjl8lTcNZ9iRQMxlsBF/Km0JfcvxigsV5s
# 5Ohh9xisvBFuRb+tebskL/dtklxj/zEaah+83vyw8nEfk4MmCjS4kmpuXkpzvHl0
# Z3O9swviN5Z5+R7GQj6xqllA3ZRsyRQ0ECzTFx4wUkpFrgyWt17Pip05n4CVMw+N
# 9TOI0RIiqPFBHiUeZ8mEN5NODtzPA8L4VQ==
# SIG # End signature block
ScriptBlock ID: a71afe5e-d578-4949-a4ec-added36d665e
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-MonitorAlwaysOn.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88783
Keywords=None
Message=Creating Scriptblock text (1 of 1):
#----------------------------------------------------------------------------------------------------
#
# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Customer Agreement (the "License").
#
# You may not use this file except in compliance with the License.
#
# A copy of the License is located at
#
# http://aws.amazon.com/agreement
#
# or in the "license" file accompanying this file.
#
# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
# either express or implied. See the License for the specific language governing permissions
# and limitations under the License.
#
#----------------------------------------------------------------------------------------------------
<#-----------------------------------------------------------------------------------------------------------
ShouldEnableHibernation will check if the instance metadata requires us to enable hibernation.
-------------------------------------------------------------------------------------------------------------#>
function ShouldEnableHibernation() {
$shouldEnable = $false
try
{
$response = Get-Metadata -UrlFragment "meta-data/hibernation/configured"
$shouldEnable = [boolean]::parse($response)
}
catch
{
Write-Log ("Metadata Check For Enabling Hibernation Failed: {0}" -f $_.Exception.Message)
}
return $shouldEnable
}
<#-----------------------------------------------------------------------------------------------------------
EnableHibernation will attempt to enable hibernation on the system.
-------------------------------------------------------------------------------------------------------------#>
function EnableHibernation() {
$message = powercfg /hibernate /size 100 2>&1
$?, ($message -join "")
}
<#-----------------------------------------------------------------------------------------------------------
DisableHibernation will attempt to disable hibernation on the system.
-------------------------------------------------------------------------------------------------------------#>
function DisableHibernation() {
$message = powercfg /hibernate off
$?, ($message -join "")
}
<#-----------------------------------------------------------------------------------------------------------
LogHibernationFailed will output the appropriate logs in case hibernation failed to enable.
-------------------------------------------------------------------------------------------------------------#>
function LogHibernationFailed() {
param(
[Parameter(Mandatory=$true, Position=0)]
[string] $Message
)
Write-Log "HibernationEnabled: failed" -LogToConsole
Write-Log "Message: Failed to enable hibernation, see instance logs for more details" -LogToConsole
Write-Log ("Failed to enable hibernation: {0}" -f $Message)
}
<#-----------------------------------------------------------------------------------------------------------
RebindHibernateOnSleep will rebind the sleep command to hibernate.
-------------------------------------------------------------------------------------------------------------#>
function RebindHibernateOnSleep() {
param(
[Parameter(Mandatory=$true, Position=0)]
[string] $PowerSettingInstanceIdRegex,
[Parameter(Mandatory=$true, Position=1)]
[string] $PowerSettingOnSleepValue
)
$powerPlans = Get-CimInstance -Namespace "root\cimv2\power" -Class Win32_PowerPlan
$activePlan = $powerPlans | Where-Object {$_.IsActive}
$planSleepSettings = $powerPlans |
Get-CimAssociatedInstance -ResultClass Win32_PowerSettingDataIndex |
Where {$_.InstanceID -Match $PowerSettingInstanceIdRegex}
$planSleepSettings | ForEach {
Set-CimInstance -InputObject $_ -Property @{ SettingIndexValue = $PowerSettingOnSleepValue }
}
# As per Win32_PowerSettingDataIndex docs, we need to re-activate the current power plan to have settings take effect, see https://msdn.microsoft.com/en-us/library/dd904534(v=vs.85).aspx
#
# Windows 2019 does not contain this method for some reason, fallback to powercfg
$planUuidRegex = [regex] "{(.+)}$"
$activePlanUuid = $planUuidRegex.Match($activePlan.InstanceID).groups[1].Value
powercfg /setactive $activePlanUuid
}
Set-Variable doNothingOnSleepValue -Option Constant -Scope Local -Value 0
Set-Variable hibernateOnSleepValue -Option Constant -Scope Local -Value 2
# We will bind hibernate on sleep for all power plans (if a user adds their own power plan later, we won't rebind it until next restart)
Set-Variable powerPlanGuidRegex -Option Constant -Scope Local -Value ".+"
# Apply this for both ac and dc versions of the power plan
Set-Variable powerPlanPowerSourceRegex -Option Constant -Scope Local -Value "[AD]C"
# Reference https://docs.microsoft.com/en-us/windows-hardware/customize/power-settings/power-button-and-lid-settings-sleep-button-action
# Guid of the sleep button action property
Set-Variable sleepButtonGuidRegex -Option Constant -Scope Local -Value "96996bc0-ad50-47ec-923b-6f41874dd9eb"
<#-----------------------------------------------------------------------------------------------------------
Set-HibernateOnSleep will rebind the sleep action to instead hibernate.
-------------------------------------------------------------------------------------------------------------#>
function Set-HibernateOnSleep() {
$ErrorActionPreference = "Stop"
try
{
# Check if we should enable or disable hibernation
$shouldEnable = ShouldEnableHibernation
if (-not $shouldEnable) {
Write-Log "HibernationEnabled: false" -LogToConsole
return
}
# Check if we successfully enabled hibernation
$enabledInfo = EnableHibernation
if (-not $enabledInfo[0]) {
LogHibernationFailed -Message $enabledInfo[1]
return
}
# Proceed with rebinding the sleep command
Set-PowerPlanValue -PowerSettingInstanceIdRegex "Microsoft:PowerSettingDataIndex\\{$powerPlanGuidRegex}\\$powerPlanPowerSourceRegex\\{$sleepButtonGuidRegex}" -PowerSettingValue $hibernateOnSleepValue
Write-Log "HibernationEnabled: true" -LogToConsole
}
catch
{
LogHibernationFailed -Message ("Caught Exception: {0}" -f $_.Exception.Message)
}
}
<#-----------------------------------------------------------------------------------------------------------
Disable-HibernateOnSleep will disable hibernation on unbind the sleep button
-------------------------------------------------------------------------------------------------------------#>
function Disable-HibernateOnSleep() {
$ErrorActionPreference = "Stop"
try
{
# Check if we successfully disabled hibernation
$enabledInfo = DisableHibernation
if (-not $enabledInfo[0]) {
Write-Log ("Failed to disable hibernation: {0}" -f $enabledInfo[1])
return
}
# Proceed with unbinding the sleep command
Set-PowerPlanValue -PowerSettingInstanceIdRegex "Microsoft:PowerSettingDataIndex\\{$powerPlanGuidRegex}\\$powerPlanPowerSourceRegex\\{$sleepButtonGuidRegex}" -PowerSettingValue $doNothingOnSleepValue
}
catch
{
LogHibernationFailed -Message ("Caught Exception: {0}" -f $_.Exception.Message)
}
}
# SIG # Begin signature block
# MIIc9QYJKoZIhvcNAQcCoIIc5jCCHOICAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCC7ERUNPkaCcsp
# sjABbxqcK+jbL2YOpSt512xyfx70VqCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+sMIIP
# qAIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIOjhEeYhqFYFgRgxSYZGCI5mlSgONoHqe7nAmonPMgSVMA0GCSqGSIb3DQEB
# AQUABIIBALypgPRpkDtCalRLtTTC1FjOXdYqmmk5rwGyY3b4eGl7krT6XDTrqaU8
# yDpfR0pKzEOCuTAcg1wMwpyLXAf1olK2K+YGH8Vf7CIhlBAAf/ruXzk2/706FYx7
# AeILSnbSd5guVS+jTdeESkNK8SfBC8VYzNqZoZdm52hGD4vYkJyEQU8hSNasNBsv
# 4sZVJMDZ8ZVpChP4lMg+RBx+ADmY1gBnglR9Q4OXMqmUzuqhPm57yB4fGvxNuPDa
# b5oXqWQirWIFUOleruap/EshV3FHo18TJ3yBU/EIfZHheSJiWEQCaot5wgw5TRXm
# jDPzio31BETP962KPhlrOUjImt2luxOhgg1+MIINegYKKwYBBAGCNwMDATGCDWow
# gg1mBgkqhkiG9w0BBwKggg1XMIINUwIBAzEPMA0GCWCGSAFlAwQCAQUAMHgGCyqG
# SIb3DQEJEAEEoGkEZzBlAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# vmWypefcB3TS7bOWY+6YHqKCl4LpjBBctwkFzr1LYdMCEQD/VDapMOm2JAHkqo6J
# XgLkGA8yMDIxMDgwNDE4MzI1NFqgggo3MIIE/jCCA+agAwIBAgIQDUJK4L46iP9g
# QCHOFADw3TANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
# RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQD
# EyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBMB4XDTIx
# MDEwMTAwMDAwMFoXDTMxMDEwNjAwMDAwMFowSDELMAkGA1UEBhMCVVMxFzAVBgNV
# BAoTDkRpZ2lDZXJ0LCBJbmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAg
# MjAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLmYYRnxYr1DQik
# Rcpja1HXOhFCvQp1dU2UtAxQtSYQ/h3Ib5FrDJbnGlxI70Tlv5thzRWRYlq4/2cL
# nGP9NmqB+in43Stwhd4CGPN4bbx9+cdtCT2+anaH6Yq9+IRdHnbJ5MZ2djpT0dHT
# WjaPxqPhLxs6t2HWc+xObTOKfF1FLUuxUOZBOjdWhtyTI433UCXoZObd048vV7WH
# IOsOjizVI9r0TXhG4wODMSlKXAwxikqMiMX3MFr5FK8VX2xDSQn9JiNT9o1j6Bqr
# W7EdMMKbaYK02/xWVLwfoYervnpbCiAvSwnJlaeNsvrWY4tOpXIc7p96AXP4Gdb+
# DUmEvQECAwEAAaOCAbgwggG0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA
# MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEEGA1UdIAQ6MDgwNgYJYIZIAYb9bAcB
# MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAfBgNV
# HSMEGDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUNkSGjqS6sGa+
# vCgtHUQ23eNqerwwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNl
# cnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRp
# Z2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcw
# JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcw
# AoZDaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3Vy
# ZWRJRFRpbWVzdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEASBzctema
# I7znGucgDo5nRv1CclF0CiNHo6uS0iXEcFm+FKDlJ4GlTRQVGQd58NEEw4bZO73+
# RAJmTe1ppA/2uHDPYuj1UUp4eTZ6J7fz51Kfk6ftQ55757TdQSKJ+4eiRgNO/PT+
# t2R3Y18jUmmDgvoaU+2QzI2hF3MN9PNlOXBL85zWenvaDLw9MtAby/Vh/HUIAHa8
# gQ74wOFcz8QRcucbZEnYIpp1FUL1LTI4gdr0YKK6tFL7XOBhJCVPst/JKahzQ1Ha
# vWPWH1ub9y4bTxMd90oNcX6Xt/Q/hOvB46NJofrOp79Wz7pZdmGJX36ntI5nePk2
# mOHLKNpbh6aKLzCCBTEwggQZoAMCAQICEAqhJdbWMht+QeQF2jaXwhUwDQYJKoZI
# hvcNAQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
# MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNz
# dXJlZCBJRCBSb290IENBMB4XDTE2MDEwNzEyMDAwMFoXDTMxMDEwNzEyMDAwMFow
# cjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVk
# IElEIFRpbWVzdGFtcGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
# ggEBAL3QMu5LzY9/3am6gpnFOVQoV7YjSsQOB0UzURB90Pl9TWh+57ag9I2ziOSX
# v2MhkJi/E7xX08PhfgjWahQAOPcuHjvuzKb2Mln+X2U/4Jvr40ZHBhpVfgsnfsCi
# 9aDg3iI/Dv9+lfvzo7oiPhisEeTwmQNtO4V8CdPuXciaC1TjqAlxa+DPIhAPdc9x
# ck4Krd9AOly3UeGheRTGTSQjMF287DxgaqwvB8z98OpH2YhQXv1mblZhJymJhFHm
# gudGUP2UKiyn5HU+upgPhH+fMRTWrdXyZMt7HgXQhBlyF/EXBu89zdZN7wZC/aJT
# Kk+FHcQdPK/P2qwQ9d2srOlW/5MCAwEAAaOCAc4wggHKMB0GA1UdDgQWBBT0tuEg
# Hf4prtLkYaWyoiWyyBc1bjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAK
# BggrBgEFBQcDCDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHow
# eDA6oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJl
# ZElEUm9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp
# Z2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDBQBgNVHSAESTBHMDgGCmCGSAGG/WwA
# AgQwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAL
# BglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggEBAHGVEulRh1Zpze/d2nyqY3qz
# eM8GN0CE70uEv8rPAwL9xafDDiBCLK938ysfDCFaKrcFNB1qrpn4J6JmvwmqYN92
# pDqTD/iy0dh8GWLoXoIlHsS6HHssIeLWWywUNUMEaLLbdQLgcseY1jxk5R9IEBhf
# iThhTWJGJIdjjJFSLK8pieV4H9YLFKWA1xJHcLN11ZOFk362kmf7U2GJqPVrlsD0
# WGkNfMgBsbkodbeZY4UijGHKeZR+WfyMD+NvtQEmtmyl7odRIeRYYJu6DC0rbaLE
# frvEJStHAgh8Sa4TtuF8QkIoxhhWz0E0tmZdtnR79VYzIi8iNrJLokqV2PWmjlIx
# ggKGMIICggIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
# SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2Vy
# dCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhANQkrgvjqI/2BAIc4U
# APDdMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB
# BDAcBgkqhkiG9w0BCQUxDxcNMjEwODA0MTgzMjU0WjArBgsqhkiG9w0BCRACDDEc
# MBowGDAWBBTh14Ko4ZG+72vKFpG1qrSUpiSb8zAvBgkqhkiG9w0BCQQxIgQgrhm3
# IT67V+M6ftKcUvVEXqVs6cqL6vY0fBy2F3+QUWEwNwYLKoZIhvcNAQkQAi8xKDAm
# MCQwIgQgsxCQBrwK2YMHkVcp4EQDQVyD4ykrYU8mlkyNNXHs9akwDQYJKoZIhvcN
# AQEBBQAEggEAI+F5nW4IulABFqq33Yz2Jlh0IxYNPLu423v/8Jr5A+noxtyGe3R1
# wobjCuR6XsSB3PFKxWL6wvStI+YrBzf0i7RDm3en2QMLKsfjb+b5MsfxQBzYyX3b
# cUzd40Yco026kFBTyys4Xaip2KPnd6mfspJ6Rg8U4udA3IvgAGqLNp4lPdQOcFSC
# gXtbm8Cp9OwWP5ZAStwzh31dk3m8h6NDpHHU6ws0QAsbDPBIYstr97p5X+EWolfB
# 5KcqHYDdVj5bCDOIR2NQ/go7ztOhsJsq9Nj23CA1XCHw90ba7iehvpJ1BZ1sBv55
# 7i6X6s/rCMKbOVgthsn7Dv67vjq9XgkxAw==
# SIG # End signature block
ScriptBlock ID: 1bb1ec35-9ed8-44a9-8032-98f0f448dfdf
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-HibernateOnSleep.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88780
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Configure RSS and Receive Queue for ENA Devices
-------------------------------------------------------------------------------------------------------------#>
function Set-ENAConfig {
try {
#Check if ENA is supported on the instance
$interfaceDescription = "Amazon Elastic Network Adapter"
$enaNetadapter = Get-NetAdapter -InterfaceDescription $interfaceDescription -ErrorAction SilentlyContinue
if ($enaNetadapter) {
Write-Log "ENA device detected, configuring network settings"
try {
$instanceName, $instanceSize = Get-InstanceType
$netAdapterName = $enaNetadapter.Name
$rebootCheckOne = Set-ReceiveQueue -instanceSize $instanceSize -netAdapterName $netAdapterName
$rebootCheckTwo = Set-RSS -instanceName $instanceName -instanceSize $instanceSize -netAdapterName $netAdapterName
return $rebootCheckOne -or $rebootCheckTwo
}
catch {
Write-Log ("Unable to configure for Network Adapters '{0}'" -f $netAdapterName)
}
}
else {
Write-Log "ENA not supported on this instance"
}
}
catch {
Write-Log ("Unable to get driver information: {0}" -f $_.Exception.Message)
}
return $false
}
<#-----------------------------------------------------------------------------------------------------------
Get Instance Type from Metadata
-------------------------------------------------------------------------------------------------------------#>
function Get-InstanceType {
$url = "meta-data/instance-type"
$instanceType = Get-Metadata -UrlFragment $url
$instanceName, $instanceSize = $instanceType.split(".")
if (!$instanceType) {
throw New-Object System.Exception("Cannot get metadata for InstanceType")
}
return $instanceName, $instanceSize
}
<#-----------------------------------------------------------------------------------------------------------
Set Receive Queue Depth
- 8K buffers queue for any instance with instance size >= large
- 1K buffers queue for any instance with instance size < large
-------------------------------------------------------------------------------------------------------------#>
function Set-ReceiveQueue {
param(
[Parameter(Mandatory = $true, Position = 0)]
[string] $instanceSize,
[Parameter(Mandatory = $true, Position = 1)]
[string] $netAdapterName
)
$sizeCheckOne = CheckIfSizeIsBiggerThanLarge -instanceSize $instanceSize
$sizeCheckTwo = CheckIfSizeIsLarge -instanceSize $instanceSize
$bufferSize = 1024
if ($sizeCheckOne -or $sizeCheckTwo) {
$bufferSize = 8192
}
$currentBufferSize = (Get-NetAdapterAdvancedProperty -Name $netAdapterName -RegistryKeyword "*ReceiveBuffers").RegistryValue
if ($currentBufferSize -ne $bufferSize) {
Set-NetAdapterAdvancedProperty -Name $netAdapterName -RegistryKeyword "*ReceiveBuffers" -RegistryValue $bufferSize
return $true
}
return $false
}
<#-----------------------------------------------------------------------------------------------------------
Set Receive Side Scaling
- Core 2/4/6/8/10/12/14/16 for all none T3 instances and size > large
- Including Core 0 for
(a) ALL of T3 or
(b) Instance size <= Large
-------------------------------------------------------------------------------------------------------------#>
function Set-RSS {
param(
[Parameter(Mandatory = $true, Position = 0)]
[string] $instanceName,
[Parameter(Mandatory = $true, Position = 1)]
[string] $instanceSize,
[Parameter(Mandatory = $true, Position = 2)]
[string] $netAdapterName
)
$sizeCheck = CheckIfSizeIsBiggerThanLarge -instanceSize $instanceSize
$baseProcessorNumber = 0
if (($instanceName -ne "t3") -and $sizeCheck) {
$baseProcessorNumber = 2
}
$currentBaseProcessorNumber = (Get-NetAdapterRss -Name $netAdapterName).BaseProcessorNumber
if ($currentBaseProcessorNumber -ne $baseProcessorNumber) {
Set-NetAdapterRss -Name $netAdapterName -BaseProcessorNumber $baseProcessorNumber
return $true
}
return $false
}
<#-----------------------------------------------------------------------------------------------------------
Check if Instance Size is Bigger than Large
-------------------------------------------------------------------------------------------------------------#>
function CheckIfSizeIsBiggerThanLarge {
param(
[Parameter(Mandatory = $true, Position = 0)]
[string] $instanceSize
)
return ($instanceSize -match '\d') -or ($instanceSize -eq "xlarge")
}
<#-----------------------------------------------------------------------------------------------------------
Check if Instance Size is Large
-------------------------------------------------------------------------------------------------------------#>
function CheckIfSizeIsLarge {
param(
[Parameter(Mandatory = $true, Position = 0)]
[string] $instanceSize
)
return ($instanceSize -eq "large")
}
# SIG # Begin signature block
# MIIc9AYJKoZIhvcNAQcCoIIc5TCCHOECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAiyp+22kdMqGRJ
# 1BQIGQhVyV9eZKn3S3F3A9m3K0TGUqCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+rMIIP
# pwIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIEas8we15Y7TrBMQfn606eV/lmPn8ePkpeaHzzs+SGX9MA0GCSqGSIb3DQEB
# AQUABIIBAI4DLjPRJ9QLsKcf/91zrMU/uVdLAShJkWPdXFdT5HEalK5nIJ7UcNLj
# 95vyVoozVdcJMWq6hKE2CLswl5uk2oZZSNijRgDs/pMWSzNNHDwfAHpqLCvTLvgn
# Uss7EITrEXnjECEA/0UBgWB6icwfzvba2xRaIWFeP7tWxKexBCw6wlm/pL/pkcz+
# Ep5keh8ifhxcDx94O/0+/tdw2ip4TOosMioENFhH0uZgLaT28AUPAYpaTm1Y43Eu
# VYqazioLaPRbIcIteYjhDL7UNUKbTfDIm4wD8SfH/unosCLzHgcBx2iSYcN3m6mP
# YWlE0UsHat0HAOB3rp7A5C4/uASmaiyhgg19MIINeQYKKwYBBAGCNwMDATGCDWkw
# gg1lBgkqhkiG9w0BBwKggg1WMIINUgIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqG
# SIb3DQEJEAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# 53QMckHwAtusASktbF3lzv3xb/fDKTM2t7hlv0AAoBcCECiHSNzdEEZwm4rSpyho
# LNsYDzIwMjEwODA0MTgzNDI4WqCCCjcwggT+MIID5qADAgECAhANQkrgvjqI/2BA
# Ic4UAPDdMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE
# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMT
# KERpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMjEw
# MTAxMDAwMDAwWhcNMzEwMTA2MDAwMDAwWjBIMQswCQYDVQQGEwJVUzEXMBUGA1UE
# ChMORGlnaUNlcnQsIEluYy4xIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAy
# MDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZhhGfFivUNCKRF
# ymNrUdc6EUK9CnV1TZS0DFC1JhD+HchvkWsMlucaXEjvROW/m2HNFZFiWrj/Zwuc
# Y/02aoH6KfjdK3CF3gIY83htvH35x20JPb5qdofpir34hF0edsnkxnZ2OlPR0dNa
# No/Go+EvGzq3YdZz7E5tM4p8XUUtS7FQ5kE6N1aG3JMjjfdQJehk5t3Tjy9XtYcg
# 6w6OLNUj2vRNeEbjA4MxKUpcDDGKSoyIxfcwWvkUrxVfbENJCf0mI1P2jWPoGqtb
# sR0wwptpgrTb/FZUvB+hh6u+elsKIC9LCcmVp42y+tZji06lchzun3oBc/gZ1v4N
# SYS9AQIDAQABo4IBuDCCAbQwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAw
# FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwQQYDVR0gBDowODA2BglghkgBhv1sBwEw
# KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB8GA1Ud
# IwQYMBaAFPS24SAd/imu0uRhpbKiJbLIFzVuMB0GA1UdDgQWBBQ2RIaOpLqwZr68
# KC0dRDbd42p6vDBxBgNVHR8EajBoMDKgMKAuhixodHRwOi8vY3JsMy5kaWdpY2Vy
# dC5jb20vc2hhMi1hc3N1cmVkLXRzLmNybDAyoDCgLoYsaHR0cDovL2NybDQuZGln
# aWNlcnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwgYUGCCsGAQUFBwEBBHkwdzAk
# BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAC
# hkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJl
# ZElEVGltZXN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQBIHNy16Zoj
# vOca5yAOjmdG/UJyUXQKI0ejq5LSJcRwWb4UoOUngaVNFBUZB3nw0QTDhtk7vf5E
# AmZN7WmkD/a4cM9i6PVRSnh5Nnont/PnUp+Tp+1DnnvntN1BIon7h6JGA0789P63
# ZHdjXyNSaYOC+hpT7ZDMjaEXcw3082U5cEvznNZ6e9oMvD0y0BvL9WH8dQgAdryB
# DvjA4VzPxBFy5xtkSdgimnUVQvUtMjiB2vRgorq0Uvtc4GEkJU+y38kpqHNDUdq9
# Y9YfW5v3LhtPEx33Sg1xfpe39D+E68Hjo0mh+s6nv1bPull2YYlffqe0jmd4+TaY
# 4cso2luHpoovMIIFMTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG
# 9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
# cmVkIElEIFJvb3QgQ0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjBy
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
# SUQgVGltZXN0YW1waW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
# AQEAvdAy7kvNj3/dqbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/
# YyGQmL8TvFfTw+F+CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1
# oODeIj8O/36V+/OjuiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3Fy
# Tgqt30A6XLdR4aF5FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC
# 50ZQ/ZQqLKfkdT66mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMq
# T4UdxB08r8/arBD13ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd
# /imu0uRhpbKiJbLIFzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoG
# CCsGAQUFBwMIMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29j
# c3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4
# MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
# SURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAAC
# BDAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsG
# CWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4
# zwY3QITvS4S/ys8DAv3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33ak
# OpMP+LLR2HwZYuhegiUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+J
# OGFNYkYkh2OMkVIsrymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRY
# aQ18yAGxuSh1t5ljhSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+
# u8QlK0cCCHxJrhO24XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGC
# AoYwggKCAgEBMIGGMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0
# IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0ECEA1CSuC+Ooj/YEAhzhQA
# 8N0wDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE
# MBwGCSqGSIb3DQEJBTEPFw0yMTA4MDQxODM0MjhaMCsGCyqGSIb3DQEJEAIMMRww
# GjAYMBYEFOHXgqjhkb7va8oWkbWqtJSmJJvzMC8GCSqGSIb3DQEJBDEiBCDgUU8/
# 8iiWZy3mNTuXp7rxR9C+kW/D5MfgUNrJ2bNCiTA3BgsqhkiG9w0BCRACLzEoMCYw
# JDAiBCCzEJAGvArZgweRVyngRANBXIPjKSthTyaWTI01cez1qTANBgkqhkiG9w0B
# AQEFAASCAQCnZTe1vfFZIqBLnZx0TMaOM45rov8RFqyHqU9+IrnxT3a7WlyO+tED
# N84Cp4RlpauiqiLp6SRGCMXsLYE6sgrtSsMrYkYMlp2ORAwJ0kSWa5IvRd4SKQ2m
# Ji0DSUzly54D4Vg/n8jX5RMHGXGY7v+gc5viofVe79ptfzutBs82Bl+1Gy69mu9p
# pluW9fbB3tn8YGttQjg2HhiN8vuY1sv2BcsM6tZz6GV+u/lb7Bokq4LrCAgykIaS
# zkjAfYv0Te2WYH5V3M5RYgYdb1wQQtzcotLSeMFN4SlNRTBHahp7ubcwWws2TOJn
# xZTpAEoYypuoz5qpuupncYZhHFhWlMQS
# SIG # End signature block
ScriptBlock ID: 06e8dbf3-75f8-4fcc-b7ed-7305458aecf4
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-ENAConfig.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88777
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
function Set-DriveLetters
{
$driveLetterMappings = Get-DriveLetterMappingConfig
if (-not $driveLetterMappings)
{
Write-Log "Could not find the drive letter mapping config or it is empty"
return
}
foreach ($driveLetterMapping in $driveLetterMappings)
{
$volumeName = $driveLetterMapping.VolumeName
$newDriveLetter = $driveLetterMapping.DriveLetter
# Verify if the given drive letter is valid.
if ($newDriveLetter.Length -ne 1)
{
Write-Log ("Invalid drive letter '{0}'.. skipping it" -f $newDriveLetter)
continue
}
# Get the disk with given volume name.
$disk = Get-CimInstance -ClassName Win32_LogicalDisk -Filter "VolumeName='$volumeName'"
if (-not $disk -or -not $disk.Name)
{
Write-Log ("Volume name `"{0}`" doesn't exist.. skipping it" -f $volumeName)
continue
}
# Get the current drive letter of the volume.
$currentDriveLetter = $disk.Name
if ($currentDriveLetter -and $currentDriveLetter.EndsWith(":"))
{
$currentDriveLetter = $currentDriveLetter.TrimEnd(":")
}
# Verify if the current drive letter of the volume is not same as new drive letter.
if ($currentDriveLetter -ieq $newDriveLetter)
{
Write-Log ("Volume `"{0}`" already has the drive letter '{1}'.. skipping it" -f $volumeName, $newDriveLetter)
continue
}
# Verify if the drive letter is not taken by another disk.
if (Get-PSDrive -Name $newDriveLetter -ErrorAction SilentlyContinue)
{
Write-Log ("Drive letter '{0}' is already taken by another disk.. skipping it" -f $newDriveLetter)
continue
}
try
{
Write-Log ("Changing '{0}' to '{1}' for volume `"{2}`"" -f $currentDriveLetter, $newDriveLetter, $volumeName)
# Finally, set the volume with new drive letter.
Set-Partition -DriveLetter $currentDriveLetter -NewDriveLetter $newDriveLetter
}
catch
{
Write-Log ("Failed to set volume `"{0}`" with new drive letter '{1}': {2}" -f $volumeName, $newDriveLetter, $_.Exception.Message)
}
}
}
# SIG # Begin signature block
# MIIc9QYJKoZIhvcNAQcCoIIc5jCCHOICAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDPqEBywL1eV+nh
# iyKvY8wEHlJ13MRXUCHn+qDx5QEucqCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+sMIIP
# qAIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIC20et3VdT9fY/8nZJ7gTzWKqQBgHAjzl91EWBev5PNqMA0GCSqGSIb3DQEB
# AQUABIIBAGcQQA167KLhnaTfd8usJzzRk2vquICyeUL+a5YP6pnq2yVCCjU/N7+H
# UAs9muzRtjciFuLuhXzdM+OfPB9ht77+WDhlIJX3Ep9yKPKvGbqOANFXbx0D6iwa
# dlvxjuK+LjterJH4UXYY1tko3xsGZXsuNG2ZnraGontvn9mZlOpriwYKOsaHsnaE
# Cva+YBEK/YyjKzDil2spwrO3tMPHbYUN4ed9P5SOHjOLeqjUfu1ZlUu8gtkCj2/+
# DnEm+UD58MEoxGeDcKKNvH6S9swCxOAYHzqG3D+ZiGWfVvIke9/snkBQBOR8dszH
# xYwQGVZmtbaLyPkzKoDOe84fQAj8IKqhgg1+MIINegYKKwYBBAGCNwMDATGCDWow
# gg1mBgkqhkiG9w0BBwKggg1XMIINUwIBAzEPMA0GCWCGSAFlAwQCAQUAMHgGCyqG
# SIb3DQEJEAEEoGkEZzBlAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# g/bd9uQ4/mSMhZ57p+sX1lr1otAxPzGdK4ym2qys5y0CEQDeUQqW7iO/ReTkMrV1
# m6M8GA8yMDIxMDgwNDE4Mzc1NVqgggo3MIIE/jCCA+agAwIBAgIQDUJK4L46iP9g
# QCHOFADw3TANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
# RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQD
# EyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBMB4XDTIx
# MDEwMTAwMDAwMFoXDTMxMDEwNjAwMDAwMFowSDELMAkGA1UEBhMCVVMxFzAVBgNV
# BAoTDkRpZ2lDZXJ0LCBJbmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAg
# MjAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLmYYRnxYr1DQik
# Rcpja1HXOhFCvQp1dU2UtAxQtSYQ/h3Ib5FrDJbnGlxI70Tlv5thzRWRYlq4/2cL
# nGP9NmqB+in43Stwhd4CGPN4bbx9+cdtCT2+anaH6Yq9+IRdHnbJ5MZ2djpT0dHT
# WjaPxqPhLxs6t2HWc+xObTOKfF1FLUuxUOZBOjdWhtyTI433UCXoZObd048vV7WH
# IOsOjizVI9r0TXhG4wODMSlKXAwxikqMiMX3MFr5FK8VX2xDSQn9JiNT9o1j6Bqr
# W7EdMMKbaYK02/xWVLwfoYervnpbCiAvSwnJlaeNsvrWY4tOpXIc7p96AXP4Gdb+
# DUmEvQECAwEAAaOCAbgwggG0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA
# MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEEGA1UdIAQ6MDgwNgYJYIZIAYb9bAcB
# MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAfBgNV
# HSMEGDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUNkSGjqS6sGa+
# vCgtHUQ23eNqerwwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNl
# cnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRp
# Z2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcw
# JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcw
# AoZDaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3Vy
# ZWRJRFRpbWVzdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEASBzctema
# I7znGucgDo5nRv1CclF0CiNHo6uS0iXEcFm+FKDlJ4GlTRQVGQd58NEEw4bZO73+
# RAJmTe1ppA/2uHDPYuj1UUp4eTZ6J7fz51Kfk6ftQ55757TdQSKJ+4eiRgNO/PT+
# t2R3Y18jUmmDgvoaU+2QzI2hF3MN9PNlOXBL85zWenvaDLw9MtAby/Vh/HUIAHa8
# gQ74wOFcz8QRcucbZEnYIpp1FUL1LTI4gdr0YKK6tFL7XOBhJCVPst/JKahzQ1Ha
# vWPWH1ub9y4bTxMd90oNcX6Xt/Q/hOvB46NJofrOp79Wz7pZdmGJX36ntI5nePk2
# mOHLKNpbh6aKLzCCBTEwggQZoAMCAQICEAqhJdbWMht+QeQF2jaXwhUwDQYJKoZI
# hvcNAQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
# MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNz
# dXJlZCBJRCBSb290IENBMB4XDTE2MDEwNzEyMDAwMFoXDTMxMDEwNzEyMDAwMFow
# cjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVk
# IElEIFRpbWVzdGFtcGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
# ggEBAL3QMu5LzY9/3am6gpnFOVQoV7YjSsQOB0UzURB90Pl9TWh+57ag9I2ziOSX
# v2MhkJi/E7xX08PhfgjWahQAOPcuHjvuzKb2Mln+X2U/4Jvr40ZHBhpVfgsnfsCi
# 9aDg3iI/Dv9+lfvzo7oiPhisEeTwmQNtO4V8CdPuXciaC1TjqAlxa+DPIhAPdc9x
# ck4Krd9AOly3UeGheRTGTSQjMF287DxgaqwvB8z98OpH2YhQXv1mblZhJymJhFHm
# gudGUP2UKiyn5HU+upgPhH+fMRTWrdXyZMt7HgXQhBlyF/EXBu89zdZN7wZC/aJT
# Kk+FHcQdPK/P2qwQ9d2srOlW/5MCAwEAAaOCAc4wggHKMB0GA1UdDgQWBBT0tuEg
# Hf4prtLkYaWyoiWyyBc1bjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAK
# BggrBgEFBQcDCDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHow
# eDA6oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJl
# ZElEUm9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp
# Z2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDBQBgNVHSAESTBHMDgGCmCGSAGG/WwA
# AgQwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAL
# BglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggEBAHGVEulRh1Zpze/d2nyqY3qz
# eM8GN0CE70uEv8rPAwL9xafDDiBCLK938ysfDCFaKrcFNB1qrpn4J6JmvwmqYN92
# pDqTD/iy0dh8GWLoXoIlHsS6HHssIeLWWywUNUMEaLLbdQLgcseY1jxk5R9IEBhf
# iThhTWJGJIdjjJFSLK8pieV4H9YLFKWA1xJHcLN11ZOFk362kmf7U2GJqPVrlsD0
# WGkNfMgBsbkodbeZY4UijGHKeZR+WfyMD+NvtQEmtmyl7odRIeRYYJu6DC0rbaLE
# frvEJStHAgh8Sa4TtuF8QkIoxhhWz0E0tmZdtnR79VYzIi8iNrJLokqV2PWmjlIx
# ggKGMIICggIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
# SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2Vy
# dCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhANQkrgvjqI/2BAIc4U
# APDdMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB
# BDAcBgkqhkiG9w0BCQUxDxcNMjEwODA0MTgzNzU1WjArBgsqhkiG9w0BCRACDDEc
# MBowGDAWBBTh14Ko4ZG+72vKFpG1qrSUpiSb8zAvBgkqhkiG9w0BCQQxIgQgdxGQ
# R7Exgx/XQ8Y5Ycc9bnQgYzdwovSKg5fdAtMedwUwNwYLKoZIhvcNAQkQAi8xKDAm
# MCQwIgQgsxCQBrwK2YMHkVcp4EQDQVyD4ykrYU8mlkyNNXHs9akwDQYJKoZIhvcN
# AQEBBQAEggEAdPyyZ1/rYPuJ0S4Bm4tVH2DQ162W2tiGb8BN7Edh5gq4HD0yPhA6
# 5Gl9t/T1I9HNBop1M8cnGK0NNjcXnd8vcURWi1OwFejysRQqae9qOwOVorChZBG2
# c1Pt+K3qVIoTxu7cq5CtRXpktiw36McenfElf4V8hri+OqATzM791WlHGK0rdgSH
# knqCxUu0LaydTh/GSrW0E8/wFdKwuKQbjtaD0UoCsjWuJCBQo33qkoN+qA+bLhoH
# 7eSqJbbFhhzrf+lwo0TIMSvnAfH+PUnSIXPm0dblHTzc1ENonIFO+fN0znPqX9od
# SfPVdUjuQwl3TxFqSqL3+yMtz+ZVtVs/rQ==
# SIG # End signature block
ScriptBlock ID: 1a2bbd11-99ea-417b-97ac-3c57358dad85
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-DriveLetters.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88774
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Set-ComputerName renames the computer based on ip address from metadata.
i.e. Computer with 172.0.0.0 is renamed to ip-172000.
-------------------------------------------------------------------------------------------------------------#>
function Set-ComputerName
{
$state = Get-LaunchConfig -Key SetComputerName
if (-not $state)
{
Write-Log "Setting computer name is disabled"
return $false
}
try
{
$ipAddressFromMetadata = Get-Metadata -UrlFragment "meta-data/local-ipv4"
$ipAddress = [IPAddress] $ipAddressFromMetadata.Trim()
$numbers = $ipAddress.GetAddressBytes()
if ($numbers.Length -ne 4)
{
Write-Log "Invalid IP Address returned by metadata service!"
return $false
}
$currentHostName = [System.Net.Dns]::GetHostName()
$newHostName = "IP-{0:X2}{1:X2}{2:X2}{3:X2}" -f $numbers[0], $numbers[1], $numbers[2], $numbers[3]
Write-Log ("Hostname : {0}" -f $newHostName)
Write-Log ("Current computer Hostname : {0}" -f $currentHostName)
if ($newHostName -ieq $currentHostName)
{
Write-Log "Hostname is already set."
return $false
}
Write-Log ("Attempting to rename host to: {0}" -f $newHostName)
# If computer is renamed successfully, return true to request reboot.
Rename-Computer -ComputerName $currentHostName -NewName $newHostName -Force -ErrorAction Stop
Write-Log ("Host rename complete. Reboot has been queued.")
return $true
}
catch
{
Write-Log ("Host Rename Failed. {0}" -f $_.Exception.Message)
}
return $false
}
# SIG # Begin signature block
# MIIc9AYJKoZIhvcNAQcCoIIc5TCCHOECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDlZ7FtydfkYbcS
# 4w/bgGsMG2sgQw7fcp5EK6rvhvwOU6CCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+rMIIP
# pwIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIHxQSV78beMiS7ZAa8zY2Q5GZdlqTMIcCxoH9Xpv78lUMA0GCSqGSIb3DQEB
# AQUABIIBAIpQwnwy8+obQEvUWYTa2BbbClqGdpr2rr6vYoo3L4a1jPm/7CsO/CHs
# W/v+I7xL2NujWCIsNK1X7TWhxmdK1aFaVew7aFAHBtSjAREcwi7VHY8bWNvnt0bv
# eNoryaZGRspPOzHQ6D/WHN4tUDFecZSXPao4Mch2xOrtShKS9W/LDdsTfe1G7zQd
# UtPQcTKv+3YUXSXZQgM/nk1AgUUt+98xlnOOpH5Bc/5Y1cKKC/oAsZIWqsvIadCQ
# VTM6/f42/3UL+y5BhpFwFpxCRznuWGAro60lV7GGibVX8ocHlPSVt52is42194Hc
# ssqkzSZC4wexIMOcjmnlgYwRqBrAaXihgg19MIINeQYKKwYBBAGCNwMDATGCDWkw
# gg1lBgkqhkiG9w0BBwKggg1WMIINUgIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqG
# SIb3DQEJEAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# rb5X+12+loFrGr1K/LYix9lTSoO3LsqM/RV3JVFMni8CECTFAM5egMiyGC04WUaW
# Oe0YDzIwMjEwODA0MTgzNjAzWqCCCjcwggT+MIID5qADAgECAhANQkrgvjqI/2BA
# Ic4UAPDdMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE
# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMT
# KERpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMjEw
# MTAxMDAwMDAwWhcNMzEwMTA2MDAwMDAwWjBIMQswCQYDVQQGEwJVUzEXMBUGA1UE
# ChMORGlnaUNlcnQsIEluYy4xIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAy
# MDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZhhGfFivUNCKRF
# ymNrUdc6EUK9CnV1TZS0DFC1JhD+HchvkWsMlucaXEjvROW/m2HNFZFiWrj/Zwuc
# Y/02aoH6KfjdK3CF3gIY83htvH35x20JPb5qdofpir34hF0edsnkxnZ2OlPR0dNa
# No/Go+EvGzq3YdZz7E5tM4p8XUUtS7FQ5kE6N1aG3JMjjfdQJehk5t3Tjy9XtYcg
# 6w6OLNUj2vRNeEbjA4MxKUpcDDGKSoyIxfcwWvkUrxVfbENJCf0mI1P2jWPoGqtb
# sR0wwptpgrTb/FZUvB+hh6u+elsKIC9LCcmVp42y+tZji06lchzun3oBc/gZ1v4N
# SYS9AQIDAQABo4IBuDCCAbQwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAw
# FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwQQYDVR0gBDowODA2BglghkgBhv1sBwEw
# KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB8GA1Ud
# IwQYMBaAFPS24SAd/imu0uRhpbKiJbLIFzVuMB0GA1UdDgQWBBQ2RIaOpLqwZr68
# KC0dRDbd42p6vDBxBgNVHR8EajBoMDKgMKAuhixodHRwOi8vY3JsMy5kaWdpY2Vy
# dC5jb20vc2hhMi1hc3N1cmVkLXRzLmNybDAyoDCgLoYsaHR0cDovL2NybDQuZGln
# aWNlcnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwgYUGCCsGAQUFBwEBBHkwdzAk
# BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAC
# hkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJl
# ZElEVGltZXN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQBIHNy16Zoj
# vOca5yAOjmdG/UJyUXQKI0ejq5LSJcRwWb4UoOUngaVNFBUZB3nw0QTDhtk7vf5E
# AmZN7WmkD/a4cM9i6PVRSnh5Nnont/PnUp+Tp+1DnnvntN1BIon7h6JGA0789P63
# ZHdjXyNSaYOC+hpT7ZDMjaEXcw3082U5cEvznNZ6e9oMvD0y0BvL9WH8dQgAdryB
# DvjA4VzPxBFy5xtkSdgimnUVQvUtMjiB2vRgorq0Uvtc4GEkJU+y38kpqHNDUdq9
# Y9YfW5v3LhtPEx33Sg1xfpe39D+E68Hjo0mh+s6nv1bPull2YYlffqe0jmd4+TaY
# 4cso2luHpoovMIIFMTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG
# 9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
# cmVkIElEIFJvb3QgQ0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjBy
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
# SUQgVGltZXN0YW1waW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
# AQEAvdAy7kvNj3/dqbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/
# YyGQmL8TvFfTw+F+CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1
# oODeIj8O/36V+/OjuiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3Fy
# Tgqt30A6XLdR4aF5FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC
# 50ZQ/ZQqLKfkdT66mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMq
# T4UdxB08r8/arBD13ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd
# /imu0uRhpbKiJbLIFzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoG
# CCsGAQUFBwMIMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29j
# c3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4
# MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
# SURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAAC
# BDAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsG
# CWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4
# zwY3QITvS4S/ys8DAv3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33ak
# OpMP+LLR2HwZYuhegiUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+J
# OGFNYkYkh2OMkVIsrymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRY
# aQ18yAGxuSh1t5ljhSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+
# u8QlK0cCCHxJrhO24XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGC
# AoYwggKCAgEBMIGGMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0
# IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0ECEA1CSuC+Ooj/YEAhzhQA
# 8N0wDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE
# MBwGCSqGSIb3DQEJBTEPFw0yMTA4MDQxODM2MDNaMCsGCyqGSIb3DQEJEAIMMRww
# GjAYMBYEFOHXgqjhkb7va8oWkbWqtJSmJJvzMC8GCSqGSIb3DQEJBDEiBCDNGRRJ
# B2agB29NleuLQ3Gt0RPWKk48MbAwBsUPzWJouTA3BgsqhkiG9w0BCRACLzEoMCYw
# JDAiBCCzEJAGvArZgweRVyngRANBXIPjKSthTyaWTI01cez1qTANBgkqhkiG9w0B
# AQEFAASCAQBSj5qPvEDxZ7Y3ZFQ0b4Lo2snrEZqpHkXk5zVLnF9t5CZBoA07nHSK
# jwFNA5pgNnKnWLQHDsNSPbOS2BuysXeinM6yKaGG+KEJ2QQzIb5fKeYTq1Uu1N6p
# bebGHIzL+rcsU8pa+Ery1YZ7Bz4HjZAOgt7PC6ky5vhd5N/KuKWy/qe0tH2ehU/E
# FrrKLdKCzNBJe72HlrKp9XsFcyrlP9yzq3xJaVggp0PqUIBfjydC1o7NaSmUtNCS
# PIWv8ikHSsyh0htrpwhysPNdz/TvwW+bPiSHynk5MRifBfFvjx0XeltuVyxGnVKL
# wep1t5aPmcHVjVA+HzjLNK9k/nMLNuBA
# SIG # End signature block
ScriptBlock ID: a5c7a950-3425-41c0-bdb9-8d32eed23523
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-ComputerName.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88771
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Set-BootVolumeSize extends the boot volume size with unallocated spaces
-------------------------------------------------------------------------------------------------------------#>
function Set-BootVolumeSize
{
$state = Get-LaunchConfig -Key ExtendBootVolumeSize
if (-not $state)
{
Write-Log "Extending boot volume size is disabled"
return
}
try
{
Write-Log "Executing boot volume extension"
if (-not (Test-NanoServer))
{
"Select Disk 0", "Select Volume C", "Extend" | diskpart
}
else
{
$maxSize = (Get-PartitionSupportedSize -DriveLetter c).sizeMax
Resize-Partition -DriveLetter c -Size $maxSize -ErrorAction SilentlyContinue
}
Write-Log "Finish executing boot volume extension"
}
catch
{
Write-Log ("Resize partition returned error while extending the disk: {0}" -f $_.Exception.Message)
}
}
# SIG # Begin signature block
# MIIc9QYJKoZIhvcNAQcCoIIc5jCCHOICAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDURDAn4m7GoiIw
# Lo+VNLJJKJAF5Gf2u5x0BVoDBDQf5KCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+sMIIP
# qAIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIFNcSqRAgamtacq1R6RPKRaz+PqtbabpC8KKdQTv57y7MA0GCSqGSIb3DQEB
# AQUABIIBAG6Awo2G0p+SaoGn9KkJdVMr50twDzKobTXIcVbZtsUE21nnGvpkuDNa
# etz3T9kfYlDFTEpXk2Xbg0y9aLXYg6WTG7vMcsUwXC4kcrf3gHmpwrU4QctSovVA
# mxEpE5AxJLSYwq3WoFFM5pwzEqiJ2E6T/Qfy9LrUtACxjWQBHwnjqj70+jaj/uKA
# WZ8o4gIrS/wuK/vyNUWOVXvC1i+2t/f1kM2KEvXMeewXnRekBv0PeOQ+rt8YXu7G
# Fy4KZYhEe+BnJreNl+EMJm0vdm3iU830tYrrP3u9I0jOi++vKSDTwIubM6IHir/c
# l2p/D/tIgIqW1It9Fvo8GAOp/VihvTShgg1+MIINegYKKwYBBAGCNwMDATGCDWow
# gg1mBgkqhkiG9w0BBwKggg1XMIINUwIBAzEPMA0GCWCGSAFlAwQCAQUAMHgGCyqG
# SIb3DQEJEAEEoGkEZzBlAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# JqvaBajA4hSdX37z4hwKRFsKHhV0Wg+jFH6OMPQ5hhACEQCNugVWLoSPcXloKaHH
# VtKYGA8yMDIxMDgwNDE4MzMwMFqgggo3MIIE/jCCA+agAwIBAgIQDUJK4L46iP9g
# QCHOFADw3TANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
# RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQD
# EyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBMB4XDTIx
# MDEwMTAwMDAwMFoXDTMxMDEwNjAwMDAwMFowSDELMAkGA1UEBhMCVVMxFzAVBgNV
# BAoTDkRpZ2lDZXJ0LCBJbmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAg
# MjAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLmYYRnxYr1DQik
# Rcpja1HXOhFCvQp1dU2UtAxQtSYQ/h3Ib5FrDJbnGlxI70Tlv5thzRWRYlq4/2cL
# nGP9NmqB+in43Stwhd4CGPN4bbx9+cdtCT2+anaH6Yq9+IRdHnbJ5MZ2djpT0dHT
# WjaPxqPhLxs6t2HWc+xObTOKfF1FLUuxUOZBOjdWhtyTI433UCXoZObd048vV7WH
# IOsOjizVI9r0TXhG4wODMSlKXAwxikqMiMX3MFr5FK8VX2xDSQn9JiNT9o1j6Bqr
# W7EdMMKbaYK02/xWVLwfoYervnpbCiAvSwnJlaeNsvrWY4tOpXIc7p96AXP4Gdb+
# DUmEvQECAwEAAaOCAbgwggG0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA
# MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEEGA1UdIAQ6MDgwNgYJYIZIAYb9bAcB
# MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAfBgNV
# HSMEGDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUNkSGjqS6sGa+
# vCgtHUQ23eNqerwwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNl
# cnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRp
# Z2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcw
# JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcw
# AoZDaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3Vy
# ZWRJRFRpbWVzdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEASBzctema
# I7znGucgDo5nRv1CclF0CiNHo6uS0iXEcFm+FKDlJ4GlTRQVGQd58NEEw4bZO73+
# RAJmTe1ppA/2uHDPYuj1UUp4eTZ6J7fz51Kfk6ftQ55757TdQSKJ+4eiRgNO/PT+
# t2R3Y18jUmmDgvoaU+2QzI2hF3MN9PNlOXBL85zWenvaDLw9MtAby/Vh/HUIAHa8
# gQ74wOFcz8QRcucbZEnYIpp1FUL1LTI4gdr0YKK6tFL7XOBhJCVPst/JKahzQ1Ha
# vWPWH1ub9y4bTxMd90oNcX6Xt/Q/hOvB46NJofrOp79Wz7pZdmGJX36ntI5nePk2
# mOHLKNpbh6aKLzCCBTEwggQZoAMCAQICEAqhJdbWMht+QeQF2jaXwhUwDQYJKoZI
# hvcNAQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
# MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNz
# dXJlZCBJRCBSb290IENBMB4XDTE2MDEwNzEyMDAwMFoXDTMxMDEwNzEyMDAwMFow
# cjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVk
# IElEIFRpbWVzdGFtcGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
# ggEBAL3QMu5LzY9/3am6gpnFOVQoV7YjSsQOB0UzURB90Pl9TWh+57ag9I2ziOSX
# v2MhkJi/E7xX08PhfgjWahQAOPcuHjvuzKb2Mln+X2U/4Jvr40ZHBhpVfgsnfsCi
# 9aDg3iI/Dv9+lfvzo7oiPhisEeTwmQNtO4V8CdPuXciaC1TjqAlxa+DPIhAPdc9x
# ck4Krd9AOly3UeGheRTGTSQjMF287DxgaqwvB8z98OpH2YhQXv1mblZhJymJhFHm
# gudGUP2UKiyn5HU+upgPhH+fMRTWrdXyZMt7HgXQhBlyF/EXBu89zdZN7wZC/aJT
# Kk+FHcQdPK/P2qwQ9d2srOlW/5MCAwEAAaOCAc4wggHKMB0GA1UdDgQWBBT0tuEg
# Hf4prtLkYaWyoiWyyBc1bjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAK
# BggrBgEFBQcDCDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHow
# eDA6oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJl
# ZElEUm9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp
# Z2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDBQBgNVHSAESTBHMDgGCmCGSAGG/WwA
# AgQwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAL
# BglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggEBAHGVEulRh1Zpze/d2nyqY3qz
# eM8GN0CE70uEv8rPAwL9xafDDiBCLK938ysfDCFaKrcFNB1qrpn4J6JmvwmqYN92
# pDqTD/iy0dh8GWLoXoIlHsS6HHssIeLWWywUNUMEaLLbdQLgcseY1jxk5R9IEBhf
# iThhTWJGJIdjjJFSLK8pieV4H9YLFKWA1xJHcLN11ZOFk362kmf7U2GJqPVrlsD0
# WGkNfMgBsbkodbeZY4UijGHKeZR+WfyMD+NvtQEmtmyl7odRIeRYYJu6DC0rbaLE
# frvEJStHAgh8Sa4TtuF8QkIoxhhWz0E0tmZdtnR79VYzIi8iNrJLokqV2PWmjlIx
# ggKGMIICggIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
# SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2Vy
# dCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhANQkrgvjqI/2BAIc4U
# APDdMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB
# BDAcBgkqhkiG9w0BCQUxDxcNMjEwODA0MTgzMzAwWjArBgsqhkiG9w0BCRACDDEc
# MBowGDAWBBTh14Ko4ZG+72vKFpG1qrSUpiSb8zAvBgkqhkiG9w0BCQQxIgQgO6Up
# E4qcfanTpjIjMksfMpjfrRrOHyv8b1xd21rAIy4wNwYLKoZIhvcNAQkQAi8xKDAm
# MCQwIgQgsxCQBrwK2YMHkVcp4EQDQVyD4ykrYU8mlkyNNXHs9akwDQYJKoZIhvcN
# AQEBBQAEggEAqnO5DO25jjuF1cIkFHuhe+lVjozcmV/RbjBg/HEZ8Yy+8zmGU3H+
# bI8SOjaTS/5ntY564vjpZFVOaZXNIJPTNC1vKnWfP7vDPBU8TD+N2fuSzvpy5dQc
# 5q5QSsyINbruK6P977W2aRfSSvRLFylFLkDXg+qTSsjiCQZWB/lp3QC0i7xff4FG
# pYErXdwfIu1+d3lWoVc3Y6mRJymVY9xLVOkro2LGnEdXz8TUsCx/7gG/Kc8knG7a
# neDN2kklTsRDoqVKqGUDzCuXecaiAlhMzhEqxK49Js/sDUAeJX7DFwvSMdQj2s6R
# U3SxO417sUzKbw0wi+uqyK3xm90xaPYLkg==
# SIG # End signature block
ScriptBlock ID: a85a23c7-a748-48e3-a85c-c610f6366fda
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-BootVolumeSize.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88768
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Set-AdminAccount generates a random password and send it to console in encrypted format with tags
When console receives the password, it understands the password and allow user to decrypt the password
with the private key. Also, it enables the admin.
-------------------------------------------------------------------------------------------------------------#>
function Set-AdminAccount
{
$creds = @{ Username = ""; Password = ""; }
try
{
# First, we need to check if admin password type is set to Specify or Random in config.
$adminPasswordType = Get-LaunchConfig -Key AdminPasswordType
# If the retrieved admin password type is "Specify", attempt to read it from config.
if ($adminPasswordType -ieq "Specify")
{
Write-Log "Config indicates that a password was specified. Reading it from config..."
$password = Get-LaunchConfig -Key AdminPassword -Delete
# If specifed password is invalid or doesn't meet the windows password policy requirement, set it to empty.
if (-not $password -or -not (Confirm-Password -Password $password))
{
Write-Log "The password specified in config is empty or doesn't meet the windows requirement"
$password = ""
}
}
elseif ($adminPasswordType -ieq "DoNothing")
{
# Do nothing if admin password type is DoNothing.
Write-Log "Config indicates do nothing for password"
return $creds
}
# If password is empty, generate a random password
if (-not $password)
{
Write-Log "Generating a random password..."
$password = New-RandomPassword
}
# Finally, the password is ready to be set.
$user = Get-CimInstance -ClassName Win32_UserAccount -Filter "LocalAccount = 'True'" | Where-Object {$_.SID -like 'S-1-5-21-*' -and $_.SID -like '*-500'}
# Set the admin password and enable the admin account.
Invoke-NetUser -UserName $user.Name -Password $password -Flags @("/ACTIVE:YES", "/LOGONPASSWORDCHG:NO", "/EXPIRES:NEVER", "/PASSWORDREQ:YES")
# Set credentials for return value
$creds.Username = $user.Name
$creds.Password = $password
}
catch
{
Write-Log ("Unable to reset the password: {0}" -f $_.Exception.Message)
}
finally
{
$password = ""
}
return $creds
}
# SIG # Begin signature block
# MIIc9AYJKoZIhvcNAQcCoIIc5TCCHOECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCaSM6vie5TF1hz
# XsfurXv+5yAKqsJWGKU+JQON28+EbqCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+rMIIP
# pwIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIKoULeW3t1/K699RNGWz8NRQWFuR4onfm/7APuL3OLoDMA0GCSqGSIb3DQEB
# AQUABIIBAL7lrZh2MeaRbshNHLKbo8OizfpbBUCno7CfLeglTodLuJ3xi+BIjUMY
# rsW2HMssPAzZBP3ySEpEJOQWWQmSWTMPE7GB+Mwmuf8Ro2iSyTfgL+Z+vRjjc5GC
# I/yvChuXeXPLcWvt/qT6r0hpcAQRsJz3FgHoDnuSUL6Z1oMVlEShsKbQhITU+usC
# lFTM60m7BwTGg0UcS+fF1aZeXy+dcPAu5Af474Ic346yaDFqOwAUEu/iuahAeor6
# wQicUnb+QUaN898JktbhdlC+X1Xj+6UJ1nTCcSFpWk+LSH8rWmxOSVYoSoV4zs36
# bcNCGcbFJOiiHwXPvUIcWZ88wos8Ej+hgg19MIINeQYKKwYBBAGCNwMDATGCDWkw
# gg1lBgkqhkiG9w0BBwKggg1WMIINUgIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqG
# SIb3DQEJEAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# QqcdUCtvwhp76cEYF/Gyq1aovmHCklaCAR2Yzeboq7ACEAnLbD46fC7IBvGgLD0D
# yUAYDzIwMjEwODA0MTgzNjQ4WqCCCjcwggT+MIID5qADAgECAhANQkrgvjqI/2BA
# Ic4UAPDdMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE
# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMT
# KERpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMjEw
# MTAxMDAwMDAwWhcNMzEwMTA2MDAwMDAwWjBIMQswCQYDVQQGEwJVUzEXMBUGA1UE
# ChMORGlnaUNlcnQsIEluYy4xIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAy
# MDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZhhGfFivUNCKRF
# ymNrUdc6EUK9CnV1TZS0DFC1JhD+HchvkWsMlucaXEjvROW/m2HNFZFiWrj/Zwuc
# Y/02aoH6KfjdK3CF3gIY83htvH35x20JPb5qdofpir34hF0edsnkxnZ2OlPR0dNa
# No/Go+EvGzq3YdZz7E5tM4p8XUUtS7FQ5kE6N1aG3JMjjfdQJehk5t3Tjy9XtYcg
# 6w6OLNUj2vRNeEbjA4MxKUpcDDGKSoyIxfcwWvkUrxVfbENJCf0mI1P2jWPoGqtb
# sR0wwptpgrTb/FZUvB+hh6u+elsKIC9LCcmVp42y+tZji06lchzun3oBc/gZ1v4N
# SYS9AQIDAQABo4IBuDCCAbQwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAw
# FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwQQYDVR0gBDowODA2BglghkgBhv1sBwEw
# KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB8GA1Ud
# IwQYMBaAFPS24SAd/imu0uRhpbKiJbLIFzVuMB0GA1UdDgQWBBQ2RIaOpLqwZr68
# KC0dRDbd42p6vDBxBgNVHR8EajBoMDKgMKAuhixodHRwOi8vY3JsMy5kaWdpY2Vy
# dC5jb20vc2hhMi1hc3N1cmVkLXRzLmNybDAyoDCgLoYsaHR0cDovL2NybDQuZGln
# aWNlcnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwgYUGCCsGAQUFBwEBBHkwdzAk
# BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAC
# hkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJl
# ZElEVGltZXN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQBIHNy16Zoj
# vOca5yAOjmdG/UJyUXQKI0ejq5LSJcRwWb4UoOUngaVNFBUZB3nw0QTDhtk7vf5E
# AmZN7WmkD/a4cM9i6PVRSnh5Nnont/PnUp+Tp+1DnnvntN1BIon7h6JGA0789P63
# ZHdjXyNSaYOC+hpT7ZDMjaEXcw3082U5cEvznNZ6e9oMvD0y0BvL9WH8dQgAdryB
# DvjA4VzPxBFy5xtkSdgimnUVQvUtMjiB2vRgorq0Uvtc4GEkJU+y38kpqHNDUdq9
# Y9YfW5v3LhtPEx33Sg1xfpe39D+E68Hjo0mh+s6nv1bPull2YYlffqe0jmd4+TaY
# 4cso2luHpoovMIIFMTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG
# 9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
# cmVkIElEIFJvb3QgQ0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjBy
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
# SUQgVGltZXN0YW1waW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
# AQEAvdAy7kvNj3/dqbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/
# YyGQmL8TvFfTw+F+CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1
# oODeIj8O/36V+/OjuiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3Fy
# Tgqt30A6XLdR4aF5FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC
# 50ZQ/ZQqLKfkdT66mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMq
# T4UdxB08r8/arBD13ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd
# /imu0uRhpbKiJbLIFzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoG
# CCsGAQUFBwMIMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29j
# c3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4
# MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
# SURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAAC
# BDAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsG
# CWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4
# zwY3QITvS4S/ys8DAv3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33ak
# OpMP+LLR2HwZYuhegiUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+J
# OGFNYkYkh2OMkVIsrymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRY
# aQ18yAGxuSh1t5ljhSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+
# u8QlK0cCCHxJrhO24XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGC
# AoYwggKCAgEBMIGGMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0
# IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0ECEA1CSuC+Ooj/YEAhzhQA
# 8N0wDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE
# MBwGCSqGSIb3DQEJBTEPFw0yMTA4MDQxODM2NDhaMCsGCyqGSIb3DQEJEAIMMRww
# GjAYMBYEFOHXgqjhkb7va8oWkbWqtJSmJJvzMC8GCSqGSIb3DQEJBDEiBCAtrffW
# naMwL3SiHGB6gGziwD98OeKGEdfGi7Ony+DuxzA3BgsqhkiG9w0BCRACLzEoMCYw
# JDAiBCCzEJAGvArZgweRVyngRANBXIPjKSthTyaWTI01cez1qTANBgkqhkiG9w0B
# AQEFAASCAQB5xZSsyrsgKrg7wU18FDGH4dmfa5ZU/eGb7KbIPafJP9AYjCjdjNi3
# akPd8cDLML1rG/MAsxvYhUbUO4n7QKhJ3v4AxIGzyHetr0bOitZ10sSixPyirumg
# BA/FYKdEPMxUF5Y/3j6wI+i0lFWv/KSpuzTZ/5KII9yeQjnHSpFq4BbZ2s7e9v41
# ZqiVpZb5wr091mEkyng97BXVUAcZcb+DJzpzLA6I/6A4bNooij73HlVHNNsNjbpP
# thwWuxrRNPd8vM9oTmKtd9iO4TkGZ+Lxe3RLky9WVDKJ+J0/nj9lcNQgbIHu2BM0
# McTAliyWUVDH0L3ATHv13wh8wr9mJbWi
# SIG # End signature block
ScriptBlock ID: 42aa4ff4-51e2-4ece-b109-186c72d32503
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-AdminAccount.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88765
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Set-ActivationSettings sets the KMS registry setting and attempts to activate Windows.
-------------------------------------------------------------------------------------------------------------#>
function Set-ActivationSettings
{
$licenseServiceKeyReg = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform"
$keyMgmtServiceName = "KeyManagementServiceName"
$keyMgmtServicePort = "KeyManagementServicePort"
if (Test-Path $licenseServiceKeyReg)
{
try
{
$kmsServers = @("169.254.169.250", "169.254.169.251")
$kmsPort = "1688"
$kmsServer = $kmsServers | Get-Random
Set-ItemProperty -Path $licenseServiceKeyReg -Name $keyMgmtServiceName -Value $kmsServer
Set-ItemProperty -Path $licenseServiceKeyReg -Name $keyMgmtServicePort -Value $kmsPort
}
catch
{
Write-Log ("Failed to set activation settings: {0}" -f $_.Exception.Message)
}
}
}
# SIG # Begin signature block
# MIIc9QYJKoZIhvcNAQcCoIIc5jCCHOICAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDKlMVYfGD9qkxg
# 7dlFL7hDQE4tMy2En4r6WeU8LeUO4qCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+sMIIP
# qAIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIKT4rzV3r0Zx7PfHak3C3NJPH2gwCIWNTKcGTmgu1D2xMA0GCSqGSIb3DQEB
# AQUABIIBAKW8oktaXsxTdywUeEve92W+Aoj6SfPvRU7akvcjfa2CEu8ls2DwRFJZ
# gIKIVdgAWyk/jm+JFf80cP2mF6s6eG3W2bXfGlsNn59s06z2dP6n+T/RgyfRsaTL
# sYFDLQKYJheXq80OSj1lURJ6oBDEpDiZEKwlLmqySefINg9T96YEpeMfwwPTm7xk
# WS/mM3TKS1FPprLlmD3iDhZMgbX/gN6saBjtABiQAEjt+G6JYMSOdF7lO36XLdgU
# 0Oy4zNqXtUqxG/4iuT6vuVoa7YmAZnvdxGvcqu9hLJcApR9DB+PUiDsLrSLfzh8/
# pDB1Tbqcc91FcM5AE2tTVdvfC7NU1Jqhgg1+MIINegYKKwYBBAGCNwMDATGCDWow
# gg1mBgkqhkiG9w0BBwKggg1XMIINUwIBAzEPMA0GCWCGSAFlAwQCAQUAMHgGCyqG
# SIb3DQEJEAEEoGkEZzBlAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# l5R4btjSBFl3P+hROtVnIoKG8x/DM+J5e/wqZscIFOsCEQDQYp4ez5oOFb4Th7JB
# 2t5LGA8yMDIxMDgwNDE4MzQ1MVqgggo3MIIE/jCCA+agAwIBAgIQDUJK4L46iP9g
# QCHOFADw3TANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
# RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQD
# EyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBMB4XDTIx
# MDEwMTAwMDAwMFoXDTMxMDEwNjAwMDAwMFowSDELMAkGA1UEBhMCVVMxFzAVBgNV
# BAoTDkRpZ2lDZXJ0LCBJbmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAg
# MjAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLmYYRnxYr1DQik
# Rcpja1HXOhFCvQp1dU2UtAxQtSYQ/h3Ib5FrDJbnGlxI70Tlv5thzRWRYlq4/2cL
# nGP9NmqB+in43Stwhd4CGPN4bbx9+cdtCT2+anaH6Yq9+IRdHnbJ5MZ2djpT0dHT
# WjaPxqPhLxs6t2HWc+xObTOKfF1FLUuxUOZBOjdWhtyTI433UCXoZObd048vV7WH
# IOsOjizVI9r0TXhG4wODMSlKXAwxikqMiMX3MFr5FK8VX2xDSQn9JiNT9o1j6Bqr
# W7EdMMKbaYK02/xWVLwfoYervnpbCiAvSwnJlaeNsvrWY4tOpXIc7p96AXP4Gdb+
# DUmEvQECAwEAAaOCAbgwggG0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA
# MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEEGA1UdIAQ6MDgwNgYJYIZIAYb9bAcB
# MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAfBgNV
# HSMEGDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUNkSGjqS6sGa+
# vCgtHUQ23eNqerwwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNl
# cnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRp
# Z2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcw
# JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcw
# AoZDaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3Vy
# ZWRJRFRpbWVzdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEASBzctema
# I7znGucgDo5nRv1CclF0CiNHo6uS0iXEcFm+FKDlJ4GlTRQVGQd58NEEw4bZO73+
# RAJmTe1ppA/2uHDPYuj1UUp4eTZ6J7fz51Kfk6ftQ55757TdQSKJ+4eiRgNO/PT+
# t2R3Y18jUmmDgvoaU+2QzI2hF3MN9PNlOXBL85zWenvaDLw9MtAby/Vh/HUIAHa8
# gQ74wOFcz8QRcucbZEnYIpp1FUL1LTI4gdr0YKK6tFL7XOBhJCVPst/JKahzQ1Ha
# vWPWH1ub9y4bTxMd90oNcX6Xt/Q/hOvB46NJofrOp79Wz7pZdmGJX36ntI5nePk2
# mOHLKNpbh6aKLzCCBTEwggQZoAMCAQICEAqhJdbWMht+QeQF2jaXwhUwDQYJKoZI
# hvcNAQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
# MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNz
# dXJlZCBJRCBSb290IENBMB4XDTE2MDEwNzEyMDAwMFoXDTMxMDEwNzEyMDAwMFow
# cjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVk
# IElEIFRpbWVzdGFtcGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
# ggEBAL3QMu5LzY9/3am6gpnFOVQoV7YjSsQOB0UzURB90Pl9TWh+57ag9I2ziOSX
# v2MhkJi/E7xX08PhfgjWahQAOPcuHjvuzKb2Mln+X2U/4Jvr40ZHBhpVfgsnfsCi
# 9aDg3iI/Dv9+lfvzo7oiPhisEeTwmQNtO4V8CdPuXciaC1TjqAlxa+DPIhAPdc9x
# ck4Krd9AOly3UeGheRTGTSQjMF287DxgaqwvB8z98OpH2YhQXv1mblZhJymJhFHm
# gudGUP2UKiyn5HU+upgPhH+fMRTWrdXyZMt7HgXQhBlyF/EXBu89zdZN7wZC/aJT
# Kk+FHcQdPK/P2qwQ9d2srOlW/5MCAwEAAaOCAc4wggHKMB0GA1UdDgQWBBT0tuEg
# Hf4prtLkYaWyoiWyyBc1bjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAK
# BggrBgEFBQcDCDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHow
# eDA6oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJl
# ZElEUm9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp
# Z2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDBQBgNVHSAESTBHMDgGCmCGSAGG/WwA
# AgQwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAL
# BglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggEBAHGVEulRh1Zpze/d2nyqY3qz
# eM8GN0CE70uEv8rPAwL9xafDDiBCLK938ysfDCFaKrcFNB1qrpn4J6JmvwmqYN92
# pDqTD/iy0dh8GWLoXoIlHsS6HHssIeLWWywUNUMEaLLbdQLgcseY1jxk5R9IEBhf
# iThhTWJGJIdjjJFSLK8pieV4H9YLFKWA1xJHcLN11ZOFk362kmf7U2GJqPVrlsD0
# WGkNfMgBsbkodbeZY4UijGHKeZR+WfyMD+NvtQEmtmyl7odRIeRYYJu6DC0rbaLE
# frvEJStHAgh8Sa4TtuF8QkIoxhhWz0E0tmZdtnR79VYzIi8iNrJLokqV2PWmjlIx
# ggKGMIICggIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
# SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2Vy
# dCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhANQkrgvjqI/2BAIc4U
# APDdMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB
# BDAcBgkqhkiG9w0BCQUxDxcNMjEwODA0MTgzNDUxWjArBgsqhkiG9w0BCRACDDEc
# MBowGDAWBBTh14Ko4ZG+72vKFpG1qrSUpiSb8zAvBgkqhkiG9w0BCQQxIgQg4Kbz
# qI2J9f5dbXZ9eZrjvVLcPH3Z7C+sXVk4bDtMycowNwYLKoZIhvcNAQkQAi8xKDAm
# MCQwIgQgsxCQBrwK2YMHkVcp4EQDQVyD4ykrYU8mlkyNNXHs9akwDQYJKoZIhvcN
# AQEBBQAEggEAZr634E013SNoU7bOYYP5VhAUKutxHI8QSTvqSlthGrikFjzk5jNG
# iaogff6TZVkOPHWrKPYht1j8pmcKdySzwEa4Rnqq/jQhQefpoGCQHKhv8Qd8Gsp5
# +e6u/OBAB90ldgjcxFJIcg2/T4jQLMaqX0ArrwZGQy4m7G8SXUF1U5sEfAFs6F9B
# W7IArqZNQnYnIDI2qOKgoACj0o7AVkYYK8MBIEqVFS+2vdtLtuRZMX31gy5lfgdI
# 9bmOTQ+AVJhrczwedRXQkQOj4ElF3PxDos0BHLv7WPQlbYHY0Z/7ctfXikhhIyDm
# cXqRkoNQRV06sgnOjoXEio1DoXFNr6kj+A==
# SIG # End signature block
ScriptBlock ID: eca1fc5a-dc14-4c66-a9bb-9bc3b54a90ce
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-ActivationSettings.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88762
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Send-WindowsIsReady is the most important message to be send to console.
This message indicates that initializing instance is finished and instance is ready to use.
The message MUST NOT be changed!
-------------------------------------------------------------------------------------------------------------#>
function Send-WindowsIsReady
{
Write-Log "Message: Windows is Ready to use" -LogToConsole
}
# SIG # Begin signature block
# MIIc9AYJKoZIhvcNAQcCoIIc5TCCHOECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAfxFCkbvwVXJ87
# 1ZwUlSiJhHpq4s7A24YuHauPKZZUkaCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+rMIIP
# pwIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIF61WS7wdv7o4UaGRoEisaYV7G0aaq/8Tw6Fa+n5UjBJMA0GCSqGSIb3DQEB
# AQUABIIBAJltMaCFjX6u48I151O7AO4z8dXJN/Hkk0xaf8glcJOJyFOBA+urLvEZ
# l5zObA8tuJu9JPiPCVgboM4/U3gNu/5CUXcMKd1yDsSn7HitNXOw/Xp7svLwzzy6
# bbxGZ63TbzNPU2wkxk8KlO9W/W6YMbQptqRWI2/437kYbf7TsGpdhaMquB7w62WT
# 2Saw4GUcDLvL0nlfXoDE40J8MbSVsj8vudjx8WmcS90IRlrWv8nWYZPSdrGTIVVU
# jVBtuIQB0f5AIqspzEBnmxMh7UBWKdGjDn9Zf63lPW5xk/vKftz6gPOmPbMCrAOo
# mX2G+wi4f5oK3H7YX29tE/Prc1VHSvShgg19MIINeQYKKwYBBAGCNwMDATGCDWkw
# gg1lBgkqhkiG9w0BBwKggg1WMIINUgIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqG
# SIb3DQEJEAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# UbxXwK4CW93+0v+Ulk0Fu28PB18gy+UpOmVC6iAbLpsCEFEB1Te8IqNciF8/ebuK
# VL0YDzIwMjEwODA0MTgzNDAxWqCCCjcwggT+MIID5qADAgECAhANQkrgvjqI/2BA
# Ic4UAPDdMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE
# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMT
# KERpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMjEw
# MTAxMDAwMDAwWhcNMzEwMTA2MDAwMDAwWjBIMQswCQYDVQQGEwJVUzEXMBUGA1UE
# ChMORGlnaUNlcnQsIEluYy4xIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAy
# MDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZhhGfFivUNCKRF
# ymNrUdc6EUK9CnV1TZS0DFC1JhD+HchvkWsMlucaXEjvROW/m2HNFZFiWrj/Zwuc
# Y/02aoH6KfjdK3CF3gIY83htvH35x20JPb5qdofpir34hF0edsnkxnZ2OlPR0dNa
# No/Go+EvGzq3YdZz7E5tM4p8XUUtS7FQ5kE6N1aG3JMjjfdQJehk5t3Tjy9XtYcg
# 6w6OLNUj2vRNeEbjA4MxKUpcDDGKSoyIxfcwWvkUrxVfbENJCf0mI1P2jWPoGqtb
# sR0wwptpgrTb/FZUvB+hh6u+elsKIC9LCcmVp42y+tZji06lchzun3oBc/gZ1v4N
# SYS9AQIDAQABo4IBuDCCAbQwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAw
# FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwQQYDVR0gBDowODA2BglghkgBhv1sBwEw
# KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB8GA1Ud
# IwQYMBaAFPS24SAd/imu0uRhpbKiJbLIFzVuMB0GA1UdDgQWBBQ2RIaOpLqwZr68
# KC0dRDbd42p6vDBxBgNVHR8EajBoMDKgMKAuhixodHRwOi8vY3JsMy5kaWdpY2Vy
# dC5jb20vc2hhMi1hc3N1cmVkLXRzLmNybDAyoDCgLoYsaHR0cDovL2NybDQuZGln
# aWNlcnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwgYUGCCsGAQUFBwEBBHkwdzAk
# BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAC
# hkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJl
# ZElEVGltZXN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQBIHNy16Zoj
# vOca5yAOjmdG/UJyUXQKI0ejq5LSJcRwWb4UoOUngaVNFBUZB3nw0QTDhtk7vf5E
# AmZN7WmkD/a4cM9i6PVRSnh5Nnont/PnUp+Tp+1DnnvntN1BIon7h6JGA0789P63
# ZHdjXyNSaYOC+hpT7ZDMjaEXcw3082U5cEvznNZ6e9oMvD0y0BvL9WH8dQgAdryB
# DvjA4VzPxBFy5xtkSdgimnUVQvUtMjiB2vRgorq0Uvtc4GEkJU+y38kpqHNDUdq9
# Y9YfW5v3LhtPEx33Sg1xfpe39D+E68Hjo0mh+s6nv1bPull2YYlffqe0jmd4+TaY
# 4cso2luHpoovMIIFMTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG
# 9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
# cmVkIElEIFJvb3QgQ0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjBy
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
# SUQgVGltZXN0YW1waW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
# AQEAvdAy7kvNj3/dqbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/
# YyGQmL8TvFfTw+F+CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1
# oODeIj8O/36V+/OjuiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3Fy
# Tgqt30A6XLdR4aF5FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC
# 50ZQ/ZQqLKfkdT66mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMq
# T4UdxB08r8/arBD13ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd
# /imu0uRhpbKiJbLIFzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoG
# CCsGAQUFBwMIMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29j
# c3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4
# MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
# SURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAAC
# BDAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsG
# CWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4
# zwY3QITvS4S/ys8DAv3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33ak
# OpMP+LLR2HwZYuhegiUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+J
# OGFNYkYkh2OMkVIsrymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRY
# aQ18yAGxuSh1t5ljhSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+
# u8QlK0cCCHxJrhO24XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGC
# AoYwggKCAgEBMIGGMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0
# IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0ECEA1CSuC+Ooj/YEAhzhQA
# 8N0wDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE
# MBwGCSqGSIb3DQEJBTEPFw0yMTA4MDQxODM0MDFaMCsGCyqGSIb3DQEJEAIMMRww
# GjAYMBYEFOHXgqjhkb7va8oWkbWqtJSmJJvzMC8GCSqGSIb3DQEJBDEiBCDg7L14
# 2bl6nCdLhmRVkqQIpMurd3WQnaggAOSL6QzOTTA3BgsqhkiG9w0BCRACLzEoMCYw
# JDAiBCCzEJAGvArZgweRVyngRANBXIPjKSthTyaWTI01cez1qTANBgkqhkiG9w0B
# AQEFAASCAQCRRBrmLj1QxXKbxi/xQI8jTKL4WCN+bl4gzouHv4WByFwrfaxyBQGz
# fZ9o5udJt1Tc2fuZ3kTsx1lx9Veobr3tPH+onemxjvQNrhyi+iSBHLfQ/MBUCYBp
# iipGHDormJVcL6vcZzCpGjStnHwvF4oCEnaZ8Yg/jqpFXRZsdMInnsisiMGluxRs
# aBeFRWu2L0KVsU/CuQY5LflGrIO01C4I0rkVJGQ7wbHN6qBw6JI+puK3h9rtnUaq
# z/x6XxdoZGmO3pcE/ov38MCUFltdZn2iLv1sMahCepc136zpGMhSgvkjSK8r9B5n
# 9Z95Oa+Mm+xi81443J/QIkX3/tBC0Hma
# SIG # End signature block
ScriptBlock ID: 0a6b4cd0-e4bf-4796-a750-5e884cc651ff
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-WindowsIsReady.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88759
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Send-VSSVersion sends EC2 VSS version to console.
-------------------------------------------------------------------------------------------------------------#>
function Send-VSSVersion
{
try
{
# Log VSS information
[string]$vssManifest = Join-Path $env:ProgramFiles "Amazon\AwsVssComponents\deployment-manifest.json"
if (Test-Path($vssManifest))
{
$versionInfo = Get-Content $vssManifest | ConvertFrom-Json
Write-Log ("AWS VSS Version: {0}" -f $versionInfo.Version) -LogToConsole
}
}
catch
{
Write-Log ("There was an error getting the VSS version info: {0}." -f $_.Exception)
}
}
# SIG # Begin signature block
# MIIc9AYJKoZIhvcNAQcCoIIc5TCCHOECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDlRhAetnZ/KFAO
# p5hQCSLH0+V54h+RXY0JczXOtEQhO6CCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+rMIIP
# pwIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEILgStDgvt3j0S2+o9q6wCg0a707lKw4PQPXQjM26ZacBMA0GCSqGSIb3DQEB
# AQUABIIBABUk/nIkQkUM8OL8uNOWQewY6CqGat2ISryMOhFGCJTf09Vrsy6FI8ud
# eOz2wnpqI6MtNKcRlJ58Vi0EfYl7/nfrVwKPTpLffaR/IKiR+gTpZdmESNbPWZfo
# 2vM1gxO0wIn1kEJh7MfZ1obheqt9qq4LWu91JrhgOppI6GBOsC2o1c9c9APoIIny
# WQPvKhjPpdghfOKmGkfOb6/1g5L/yDs8VViX+wM5ms+/X1/dWynCvTm4FdeNzTJo
# 8gtqtdM5aSyIDd2HdLzgDO39GSLQnPdgB4Xg9lhz17MFQIXLx43HVlyGKqQVNjbS
# v/AtVQoBPU440rEozBmTskIPyF7kHnShgg19MIINeQYKKwYBBAGCNwMDATGCDWkw
# gg1lBgkqhkiG9w0BBwKggg1WMIINUgIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqG
# SIb3DQEJEAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# mzqMidGiNZ9LFOrKgESgruay0xLc9TsXY7m72pbC+zUCEA97Q74yz+x4OkTCSrxG
# Z/UYDzIwMjEwODA0MTgzNjA4WqCCCjcwggT+MIID5qADAgECAhANQkrgvjqI/2BA
# Ic4UAPDdMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE
# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMT
# KERpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMjEw
# MTAxMDAwMDAwWhcNMzEwMTA2MDAwMDAwWjBIMQswCQYDVQQGEwJVUzEXMBUGA1UE
# ChMORGlnaUNlcnQsIEluYy4xIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAy
# MDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZhhGfFivUNCKRF
# ymNrUdc6EUK9CnV1TZS0DFC1JhD+HchvkWsMlucaXEjvROW/m2HNFZFiWrj/Zwuc
# Y/02aoH6KfjdK3CF3gIY83htvH35x20JPb5qdofpir34hF0edsnkxnZ2OlPR0dNa
# No/Go+EvGzq3YdZz7E5tM4p8XUUtS7FQ5kE6N1aG3JMjjfdQJehk5t3Tjy9XtYcg
# 6w6OLNUj2vRNeEbjA4MxKUpcDDGKSoyIxfcwWvkUrxVfbENJCf0mI1P2jWPoGqtb
# sR0wwptpgrTb/FZUvB+hh6u+elsKIC9LCcmVp42y+tZji06lchzun3oBc/gZ1v4N
# SYS9AQIDAQABo4IBuDCCAbQwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAw
# FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwQQYDVR0gBDowODA2BglghkgBhv1sBwEw
# KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB8GA1Ud
# IwQYMBaAFPS24SAd/imu0uRhpbKiJbLIFzVuMB0GA1UdDgQWBBQ2RIaOpLqwZr68
# KC0dRDbd42p6vDBxBgNVHR8EajBoMDKgMKAuhixodHRwOi8vY3JsMy5kaWdpY2Vy
# dC5jb20vc2hhMi1hc3N1cmVkLXRzLmNybDAyoDCgLoYsaHR0cDovL2NybDQuZGln
# aWNlcnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwgYUGCCsGAQUFBwEBBHkwdzAk
# BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAC
# hkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJl
# ZElEVGltZXN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQBIHNy16Zoj
# vOca5yAOjmdG/UJyUXQKI0ejq5LSJcRwWb4UoOUngaVNFBUZB3nw0QTDhtk7vf5E
# AmZN7WmkD/a4cM9i6PVRSnh5Nnont/PnUp+Tp+1DnnvntN1BIon7h6JGA0789P63
# ZHdjXyNSaYOC+hpT7ZDMjaEXcw3082U5cEvznNZ6e9oMvD0y0BvL9WH8dQgAdryB
# DvjA4VzPxBFy5xtkSdgimnUVQvUtMjiB2vRgorq0Uvtc4GEkJU+y38kpqHNDUdq9
# Y9YfW5v3LhtPEx33Sg1xfpe39D+E68Hjo0mh+s6nv1bPull2YYlffqe0jmd4+TaY
# 4cso2luHpoovMIIFMTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG
# 9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
# cmVkIElEIFJvb3QgQ0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjBy
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
# SUQgVGltZXN0YW1waW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
# AQEAvdAy7kvNj3/dqbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/
# YyGQmL8TvFfTw+F+CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1
# oODeIj8O/36V+/OjuiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3Fy
# Tgqt30A6XLdR4aF5FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC
# 50ZQ/ZQqLKfkdT66mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMq
# T4UdxB08r8/arBD13ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd
# /imu0uRhpbKiJbLIFzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoG
# CCsGAQUFBwMIMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29j
# c3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4
# MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
# SURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAAC
# BDAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsG
# CWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4
# zwY3QITvS4S/ys8DAv3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33ak
# OpMP+LLR2HwZYuhegiUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+J
# OGFNYkYkh2OMkVIsrymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRY
# aQ18yAGxuSh1t5ljhSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+
# u8QlK0cCCHxJrhO24XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGC
# AoYwggKCAgEBMIGGMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0
# IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0ECEA1CSuC+Ooj/YEAhzhQA
# 8N0wDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE
# MBwGCSqGSIb3DQEJBTEPFw0yMTA4MDQxODM2MDhaMCsGCyqGSIb3DQEJEAIMMRww
# GjAYMBYEFOHXgqjhkb7va8oWkbWqtJSmJJvzMC8GCSqGSIb3DQEJBDEiBCAau8oB
# Cubi1AwjffwZnWwlmNAhq/4+kxoIb1b9jGpAEjA3BgsqhkiG9w0BCRACLzEoMCYw
# JDAiBCCzEJAGvArZgweRVyngRANBXIPjKSthTyaWTI01cez1qTANBgkqhkiG9w0B
# AQEFAASCAQB1YN3PIH56UiA+Bwbr6dH2IW3ESCWLCXlp3sQyanWgxqo8L1KuXtO0
# 2PdYGPaBKVzCGIXv2NnsQ7g+a9HQ8Am7fqSRDyP3Vgo0PMntwSS7Dw9Wt1BbxQcb
# tU0yx55fIjqku2CRmtcf2PHjgslEjujRUJV8eghCI8py6mg6dgB/szOdZDoAAOVS
# oN9fchHSIjwGSSI/2B/+CJ26aZ2cvBgejI/gmlW8hA+287ts7YEyDP3ZgyxOrZps
# hpagIQMHHf6SonKttZxjuNYPC0jy2dbe9TVGJ2Ns5qX+M5prWD8CB534NNtVlAiG
# JUJBA/e5uZvMSIgYzZhkCGZiwpBIJT8a
# SIG # End signature block
ScriptBlock ID: e5de5747-25bb-435b-be90-680ad7b4584d
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-VSSVersion.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88756
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Send-SSMAgentVersion sends SSM Agent version to console.
-------------------------------------------------------------------------------------------------------------#>
function Send-SSMAgentVersion
{
try
{
Set-Variable serviceRegKey -Option Constant -Scope Local -Value "HKLM:\SYSTEM\CurrentControlSet\Services\AmazonSSMAgent"
Set-Variable uninstallRegKey -Option Constant -Scope Local -Value "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B1A3AC35-A431-4C8C-9D21-E2CA92047F76}"
$version = ""
# Check if the
if (Test-Path $serviceRegKey)
{
$service = Get-ItemProperty -Path $serviceRegKey -ErrorAction SilentlyContinue
$version = $service.Version
}
if (-not $version -and (Test-Path $uninstallRegKey))
{
$service = Get-ItemProperty -Path $uninstallRegKey -ErrorAction SilentlyContinue
$version = $service.DisplayVersion
}
if ($version)
{
Write-Log ("SSM: Amazon SSM Agent v{0}" -f $version) -LogToConsole
}
}
catch
{
Write-Log ("Failed to send SSMAgent version: {0}" -f $_.Exception.Message)
}
}
# SIG # Begin signature block
# MIIc9AYJKoZIhvcNAQcCoIIc5TCCHOECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAPO15URKBkUVEf
# 1Xii6V9u89ig5PV8GjwL28X1jNhW56CCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+rMIIP
# pwIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIFrydESd6QNDrrBid1XK6MBicqbS2NKOvm1UJMLr07LhMA0GCSqGSIb3DQEB
# AQUABIIBAJdF/XVaVGcOBGIEtbNCs2WMinb4aLTsF5soznKKDViCDyglwnQz4g71
# sv/exUV99ZZeOMSq2N2E0RkPjDnjR5U/sVMoBlFxzaikPuvICV2RPf5D1Lpdttlo
# Mvh4gKKoCMaMr7reT5LlUrso0O3yuAu3aodwoSxnmUzpWE50tjybFSsKayK8xUzs
# LtwkQFkSM0Foi+a9mSHVzcUO6e0VBH2JRGzT/MRJphXpjPoENK1mcozuq+bgET9m
# ABJgw/A9xswWxm5ycsXcYRKe+r3lQXHsStG/DYQla43/q4D3qrPZN6fWf3PfpeyH
# CKGlzTONSx4QlvesRi/Jk4flEtWcivKhgg19MIINeQYKKwYBBAGCNwMDATGCDWkw
# gg1lBgkqhkiG9w0BBwKggg1WMIINUgIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqG
# SIb3DQEJEAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# NHnuOrRQ7GByZev6fV50KBfRqubuPJODQw6TxIgjjg0CEA5OL4V5bKR9Rk/zFhnI
# Ww4YDzIwMjEwODA0MTgzNzQ5WqCCCjcwggT+MIID5qADAgECAhANQkrgvjqI/2BA
# Ic4UAPDdMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE
# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMT
# KERpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMjEw
# MTAxMDAwMDAwWhcNMzEwMTA2MDAwMDAwWjBIMQswCQYDVQQGEwJVUzEXMBUGA1UE
# ChMORGlnaUNlcnQsIEluYy4xIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAy
# MDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZhhGfFivUNCKRF
# ymNrUdc6EUK9CnV1TZS0DFC1JhD+HchvkWsMlucaXEjvROW/m2HNFZFiWrj/Zwuc
# Y/02aoH6KfjdK3CF3gIY83htvH35x20JPb5qdofpir34hF0edsnkxnZ2OlPR0dNa
# No/Go+EvGzq3YdZz7E5tM4p8XUUtS7FQ5kE6N1aG3JMjjfdQJehk5t3Tjy9XtYcg
# 6w6OLNUj2vRNeEbjA4MxKUpcDDGKSoyIxfcwWvkUrxVfbENJCf0mI1P2jWPoGqtb
# sR0wwptpgrTb/FZUvB+hh6u+elsKIC9LCcmVp42y+tZji06lchzun3oBc/gZ1v4N
# SYS9AQIDAQABo4IBuDCCAbQwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAw
# FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwQQYDVR0gBDowODA2BglghkgBhv1sBwEw
# KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB8GA1Ud
# IwQYMBaAFPS24SAd/imu0uRhpbKiJbLIFzVuMB0GA1UdDgQWBBQ2RIaOpLqwZr68
# KC0dRDbd42p6vDBxBgNVHR8EajBoMDKgMKAuhixodHRwOi8vY3JsMy5kaWdpY2Vy
# dC5jb20vc2hhMi1hc3N1cmVkLXRzLmNybDAyoDCgLoYsaHR0cDovL2NybDQuZGln
# aWNlcnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwgYUGCCsGAQUFBwEBBHkwdzAk
# BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAC
# hkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJl
# ZElEVGltZXN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQBIHNy16Zoj
# vOca5yAOjmdG/UJyUXQKI0ejq5LSJcRwWb4UoOUngaVNFBUZB3nw0QTDhtk7vf5E
# AmZN7WmkD/a4cM9i6PVRSnh5Nnont/PnUp+Tp+1DnnvntN1BIon7h6JGA0789P63
# ZHdjXyNSaYOC+hpT7ZDMjaEXcw3082U5cEvznNZ6e9oMvD0y0BvL9WH8dQgAdryB
# DvjA4VzPxBFy5xtkSdgimnUVQvUtMjiB2vRgorq0Uvtc4GEkJU+y38kpqHNDUdq9
# Y9YfW5v3LhtPEx33Sg1xfpe39D+E68Hjo0mh+s6nv1bPull2YYlffqe0jmd4+TaY
# 4cso2luHpoovMIIFMTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG
# 9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
# cmVkIElEIFJvb3QgQ0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjBy
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
# SUQgVGltZXN0YW1waW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
# AQEAvdAy7kvNj3/dqbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/
# YyGQmL8TvFfTw+F+CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1
# oODeIj8O/36V+/OjuiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3Fy
# Tgqt30A6XLdR4aF5FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC
# 50ZQ/ZQqLKfkdT66mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMq
# T4UdxB08r8/arBD13ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd
# /imu0uRhpbKiJbLIFzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoG
# CCsGAQUFBwMIMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29j
# c3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4
# MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
# SURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAAC
# BDAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsG
# CWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4
# zwY3QITvS4S/ys8DAv3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33ak
# OpMP+LLR2HwZYuhegiUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+J
# OGFNYkYkh2OMkVIsrymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRY
# aQ18yAGxuSh1t5ljhSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+
# u8QlK0cCCHxJrhO24XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGC
# AoYwggKCAgEBMIGGMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0
# IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0ECEA1CSuC+Ooj/YEAhzhQA
# 8N0wDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE
# MBwGCSqGSIb3DQEJBTEPFw0yMTA4MDQxODM3NDlaMCsGCyqGSIb3DQEJEAIMMRww
# GjAYMBYEFOHXgqjhkb7va8oWkbWqtJSmJJvzMC8GCSqGSIb3DQEJBDEiBCDgYlek
# rXeWE60aTq/+IKzjlxdKadR9kCnFaAXn/eFe2DA3BgsqhkiG9w0BCRACLzEoMCYw
# JDAiBCCzEJAGvArZgweRVyngRANBXIPjKSthTyaWTI01cez1qTANBgkqhkiG9w0B
# AQEFAASCAQBk/+NmyeVA8SXhzXLKrNdoH6im5btiF4ICeI/pY/H/4R8I3Nn5lfDD
# P9DEGEyUOI/5HPCF2Azf3twUJFcYbMX3djJSpmkdLqhM23ptdT8SsSv12uZ0fAUn
# jzPz9oRcUO9DhJyVjuPn/86MzmJsquEH0u4Q8Gg8Fy/4EJbSGIHabDvPy5PlGGpK
# 0C5bJvlBdyQyYc5NohGfxfwuuszVD9X81q+N8F7E+6o5kehHi4GFTWCpmWYYiHcJ
# QTsmZgk9R2VHCLMqmCwXr8MhxtEzhzvsHQfDSoqWWYjsQKpbeVquzL6RP1kei4r8
# KDiGHEhzS8CjzHPUKKrLISsRrZpDHPaH
# SIG # End signature block
ScriptBlock ID: 5f3d53df-5765-4fdb-9d49-b889e594b087
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-SSMAgentVersion.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88753
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Send-RDPCertInfo sends Remote Desktop Protocol Certificate to console.
-------------------------------------------------------------------------------------------------------------#>
Function Send-RDPCertInfo
{
if (Test-NanoServer)
{
# Nano Server does not support Remote Desktop. So it needs to check if the current platform is Nano Sever.
# If the current platform is Nano Server, display the following message to console.
Write-Log "RDP not supported in Nano Server" -LogToConsole
return
}
try
{
$computerName = (Get-CimInstance -ClassName Win32_ComputerSystem).Name
$cert = (Get-CimInstance -Namespace "root\CIMV2\TerminalServices" -ClassName Win32_TSGeneralSetting `
-Filter "TerminalName='RDP-Tcp'").SSLCertificateSHA1Hash
# If it retrived RDP certificate successfully, display the computer name and thumbprint to console.
Write-Log ("RDPCERTIFICATE-SUBJECTNAME: {0}" -f $computerName) -LogToConsole
Write-Log ("RDPCERTIFICATE-THUMBPRINT: {0}" -f $cert) -LogToConsole
}
catch
{
Write-Log "Unable to load RDP Cert Thumbprint: {0}" -LogToConsole
Write-Log $_.Exception.Message
}
}
# SIG # Begin signature block
# MIIc9AYJKoZIhvcNAQcCoIIc5TCCHOECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDBlwhaL4rgjXun
# m/xzKPh/ANgWLmm2EUHQ+gntH014nKCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+rMIIP
# pwIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIEd8483qj2eeg19VtxsXNS/YybTMTiQiITXEpSoekIc2MA0GCSqGSIb3DQEB
# AQUABIIBABGsPf5j6x77D0DCOfMid/Vk6sD8YJO5CvIjCCpOocjoznwPuUYtzo0F
# GgOK+ZFTKEMLLHTGLuY0+31vXquRN9fYg0qO0yZWm+FI2fALo8gL3+d7BY9b+gTY
# wl5+FdfFNWkZKbsuo/GlpDk7v8bnF3RHrHF/yCAKhOI0R1dDbGShVoBPezwvOGBw
# dNXCeeGkxGJHBR5PJ3EvAnOmfW2Z/GzGXH2HaDzYRqUVxhbW0AuZzBsXx+tJPbru
# rqxMPu1HrmIf4otypfpwtf2pkqIL5WK68fXJXfVd9Ti75sPaOImg6fEm5mpIb8sA
# 10j+TyhaKhRius3STPoBWlSULW4SrkKhgg19MIINeQYKKwYBBAGCNwMDATGCDWkw
# gg1lBgkqhkiG9w0BBwKggg1WMIINUgIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqG
# SIb3DQEJEAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# d4nroDj7QRi7vjnVljBDVOpPEIEqY842mPwMSK8BOSwCEDhMCM2lVnHU68Pd2kvr
# C3YYDzIwMjEwODA0MTgzNTMwWqCCCjcwggT+MIID5qADAgECAhANQkrgvjqI/2BA
# Ic4UAPDdMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE
# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMT
# KERpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMjEw
# MTAxMDAwMDAwWhcNMzEwMTA2MDAwMDAwWjBIMQswCQYDVQQGEwJVUzEXMBUGA1UE
# ChMORGlnaUNlcnQsIEluYy4xIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAy
# MDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZhhGfFivUNCKRF
# ymNrUdc6EUK9CnV1TZS0DFC1JhD+HchvkWsMlucaXEjvROW/m2HNFZFiWrj/Zwuc
# Y/02aoH6KfjdK3CF3gIY83htvH35x20JPb5qdofpir34hF0edsnkxnZ2OlPR0dNa
# No/Go+EvGzq3YdZz7E5tM4p8XUUtS7FQ5kE6N1aG3JMjjfdQJehk5t3Tjy9XtYcg
# 6w6OLNUj2vRNeEbjA4MxKUpcDDGKSoyIxfcwWvkUrxVfbENJCf0mI1P2jWPoGqtb
# sR0wwptpgrTb/FZUvB+hh6u+elsKIC9LCcmVp42y+tZji06lchzun3oBc/gZ1v4N
# SYS9AQIDAQABo4IBuDCCAbQwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAw
# FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwQQYDVR0gBDowODA2BglghkgBhv1sBwEw
# KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB8GA1Ud
# IwQYMBaAFPS24SAd/imu0uRhpbKiJbLIFzVuMB0GA1UdDgQWBBQ2RIaOpLqwZr68
# KC0dRDbd42p6vDBxBgNVHR8EajBoMDKgMKAuhixodHRwOi8vY3JsMy5kaWdpY2Vy
# dC5jb20vc2hhMi1hc3N1cmVkLXRzLmNybDAyoDCgLoYsaHR0cDovL2NybDQuZGln
# aWNlcnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwgYUGCCsGAQUFBwEBBHkwdzAk
# BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAC
# hkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJl
# ZElEVGltZXN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQBIHNy16Zoj
# vOca5yAOjmdG/UJyUXQKI0ejq5LSJcRwWb4UoOUngaVNFBUZB3nw0QTDhtk7vf5E
# AmZN7WmkD/a4cM9i6PVRSnh5Nnont/PnUp+Tp+1DnnvntN1BIon7h6JGA0789P63
# ZHdjXyNSaYOC+hpT7ZDMjaEXcw3082U5cEvznNZ6e9oMvD0y0BvL9WH8dQgAdryB
# DvjA4VzPxBFy5xtkSdgimnUVQvUtMjiB2vRgorq0Uvtc4GEkJU+y38kpqHNDUdq9
# Y9YfW5v3LhtPEx33Sg1xfpe39D+E68Hjo0mh+s6nv1bPull2YYlffqe0jmd4+TaY
# 4cso2luHpoovMIIFMTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG
# 9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
# cmVkIElEIFJvb3QgQ0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjBy
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
# SUQgVGltZXN0YW1waW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
# AQEAvdAy7kvNj3/dqbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/
# YyGQmL8TvFfTw+F+CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1
# oODeIj8O/36V+/OjuiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3Fy
# Tgqt30A6XLdR4aF5FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC
# 50ZQ/ZQqLKfkdT66mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMq
# T4UdxB08r8/arBD13ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd
# /imu0uRhpbKiJbLIFzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoG
# CCsGAQUFBwMIMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29j
# c3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4
# MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
# SURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAAC
# BDAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsG
# CWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4
# zwY3QITvS4S/ys8DAv3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33ak
# OpMP+LLR2HwZYuhegiUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+J
# OGFNYkYkh2OMkVIsrymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRY
# aQ18yAGxuSh1t5ljhSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+
# u8QlK0cCCHxJrhO24XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGC
# AoYwggKCAgEBMIGGMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0
# IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0ECEA1CSuC+Ooj/YEAhzhQA
# 8N0wDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE
# MBwGCSqGSIb3DQEJBTEPFw0yMTA4MDQxODM1MzBaMCsGCyqGSIb3DQEJEAIMMRww
# GjAYMBYEFOHXgqjhkb7va8oWkbWqtJSmJJvzMC8GCSqGSIb3DQEJBDEiBCCwKnCA
# qbQ0J50kiH0EK9sq5oHuGmo/O4/nmQ3qJrkigzA3BgsqhkiG9w0BCRACLzEoMCYw
# JDAiBCCzEJAGvArZgweRVyngRANBXIPjKSthTyaWTI01cez1qTANBgkqhkiG9w0B
# AQEFAASCAQBLol1E2RJ+lNwXleTbdDbwJ7mNKMoTJCdIbBeaN2iLBg08yKp9sQtL
# sK3ES5FZ/dHJ0HQGXIsx7QXuzVSfvzN6bOvkl6Z3Qfk4tGyT6hnvU85WnDL0aJbA
# 4VJKBJTONUHUxaGudbYxSL/Z3wKEgezhsz1B5B6bYFQIjc00nFoM+cZrRs8XItw1
# mfMknbYAYeNRhfi9XiOKjTy0TWu07y1KrZ+yCVhFbaxjC7PMGcz/9sOJUDySaJBP
# a9HQ4e/VHdO30s0x4dPXeB2ilFhz49gxC4rW7F3PfacINFjX6kWu4sZtU/fCIWCS
# uiO6GI28o3ukyi6MR0iqCmpdOIobAPb/
# SIG # End signature block
ScriptBlock ID: ebabe035-4933-42eb-bb3b-4da535da7b33
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-RDPCertInfo.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88750
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Send-OSInfo sends OS, Version, ProductName, InstallOption, BuildLabEx, Language, TimeZone and Offset to console.
-------------------------------------------------------------------------------------------------------------#>
function Send-OSInfo
{
Set-Variable windowInfoKey -Option Constant -Scope Local -Value "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
Set-Variable fullServer -Option Constant -Scope Local -Value "Full"
Set-Variable nanoServer -Option Constant -Scope Local -Value "Nano"
Set-Variable serverCore -Option Constant -Scope Local -Value "Server Core"
Set-Variable serverOptions -Option Constant -Scope Local -Value @{ 0 = "Undefined"; 12 = $serverCore; 13 = $serverCore;
14 = $serverCore; 29 = $serverCore; 39 = $serverCore; 40 = $serverCore; 41 = $serverCore; 43 = $serverCore;
44 = $serverCore; 45 = $serverCore; 46 = $serverCore; 63 = $serverCore; 143 = $nanoServer; 144 = $nanoServer;
147 = $serverCore; 148 = $serverCore; }
try
{
$productName = ""
$installOption = ""
$osVersion = ""
$osBuildLabEx = ""
# Get ProductName and BuildLabEx from HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion
if (Test-Path $windowInfoKey)
{
$windowInfo = Get-ItemProperty -Path $windowInfoKey
$productName = $windowInfo.ProductName
$osBuildLabEx = $windowInfo.BuildLabEx
$osCurrentBuild = $windowInfo.CurrentBuild
$osReleaseId = $windowInfo.ReleaseId
if ($windowInfo.CurrentMajorVersionNumber -and $windowInfo.CurrentMinorVersionNumber)
{
$osVersion = ("{0}.{1}" -f $windowInfo.CurrentMajorVersionNumber, $windowInfo.CurrentMinorVersionNumber)
}
}
# Get Version and SKU from Win32_OperatingSystem
$osInfo = Get-CimInstance Win32_OperatingSystem | Select-Object Version, OperatingSystemSKU
$osSkuNumber = [int]$osInfo.OperatingSystemSKU
if (-not $osVersion -and $osInfo.Version)
{
$osVersionSplit = $osInfo.Version.Split(".")
if ($osVersionSplit.Count -gt 1)
{
$osVersion = ("{0}.{1}" -f $osVersionSplit[0], $osVersionSplit[1])
}
elseif ($osVersionSplit.Count -eq 1)
{
$osVersion = ("{0}.0" -f $osVersionSplit[0])
}
}
if ($serverOptions[$osSkuNumber])
{
$installOption = $serverOptions[$osSkuNumber]
}
else
{
$installOption = $fullServer
}
# Write the information to the console
Write-Log ("OS: Microsoft Windows NT {0}" -f $osVersion) -LogToConsole
Write-Log ("OsProductName: {0}" -f $productName) -LogToConsole
Write-Log ("OsInstallOption: {0}" -f $installOption) -LogToConsole
Write-Log ("OsVersion: {0}" -f $osVersion) -LogToConsole
Write-Log ("OsBuildLabEx: {0}" -f $osBuildLabEx) -LogToConsole
if($osCurrentBuild)
{
Write-Log ("OsCurrentBuild: {0}" -f $osCurrentBuild) -LogToConsole
}
if($osReleaseId)
{
Write-Log ("OsReleaseId: {0}" -f $osReleaseId) -LogToConsole
}
if(-not (Test-NanoServer))
{
Write-Log ("Language: {0}" -f ([CultureInfo]::CurrentCulture).IetfLanguageTag) -LogToConsole
}
else
{
Write-Log ("Language: {0}" -f ([CultureInfo]::CurrentCulture).Name) -LogToConsole
}
Write-Log ("TimeZone: {0}" -f ([TimeZoneInfo]::Local).StandardName) -LogToConsole
Write-Log ("Offset: UTC {0}" -f ([TimeZoneInfo]::Local).GetUtcOffset([DateTime]::Now)) -LogToConsole
}
catch
{
Write-Log "Unable to load OS build information" -LogToConsole
Write-Log $_.Exception.Message
}
}
# SIG # Begin signature block
# MIIc9AYJKoZIhvcNAQcCoIIc5TCCHOECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBQRkNAl2HosTFW
# DLWI0qjga8FMozNIul9JWG8b+C2ksqCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+rMIIP
# pwIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEICOwxjSDjvwcstT0872N2Zn1KDxTQD26OZPWNWuaH2DLMA0GCSqGSIb3DQEB
# AQUABIIBABzAYaSb/xo2d6qlfe3z8VG+2wYGJHQLY/qBRkyhNiHGlWW3Mya2mVMp
# VsGOA7HkGGFTEwknMHyvoD1VOsmnI0H5Tjv+jO19SELBuq0XFZa6pVOPo6ZcDGKm
# qpTx0R1BryoGyQ2fD6O4MX5EJuaSRhJi5QeFmqpyy131tSPQgHUtBz+zK3AGGMEE
# wKtz2WIy7INbzaHkhOa4bxnc3wWCQrJ1GQQMqZtZizajqPQR0uYnOyNro/BBUYC6
# TznQeiE0cCGjCl0PIHQkxk7nuXgB/rUwTj24387+pDIFJFbqCNBWzjVAHhDcpaFW
# GPWvFuAdXfwBC50dEHHZmBwdI4hMANWhgg19MIINeQYKKwYBBAGCNwMDATGCDWkw
# gg1lBgkqhkiG9w0BBwKggg1WMIINUgIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqG
# SIb3DQEJEAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# UyfxU1byYHa1euBDnbSnHgFOcyBotI3YT9nBo0r0yUkCECok29wfpJG4UA9+0vLM
# qTcYDzIwMjEwODA0MTgzMzIyWqCCCjcwggT+MIID5qADAgECAhANQkrgvjqI/2BA
# Ic4UAPDdMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE
# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMT
# KERpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMjEw
# MTAxMDAwMDAwWhcNMzEwMTA2MDAwMDAwWjBIMQswCQYDVQQGEwJVUzEXMBUGA1UE
# ChMORGlnaUNlcnQsIEluYy4xIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAy
# MDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZhhGfFivUNCKRF
# ymNrUdc6EUK9CnV1TZS0DFC1JhD+HchvkWsMlucaXEjvROW/m2HNFZFiWrj/Zwuc
# Y/02aoH6KfjdK3CF3gIY83htvH35x20JPb5qdofpir34hF0edsnkxnZ2OlPR0dNa
# No/Go+EvGzq3YdZz7E5tM4p8XUUtS7FQ5kE6N1aG3JMjjfdQJehk5t3Tjy9XtYcg
# 6w6OLNUj2vRNeEbjA4MxKUpcDDGKSoyIxfcwWvkUrxVfbENJCf0mI1P2jWPoGqtb
# sR0wwptpgrTb/FZUvB+hh6u+elsKIC9LCcmVp42y+tZji06lchzun3oBc/gZ1v4N
# SYS9AQIDAQABo4IBuDCCAbQwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAw
# FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwQQYDVR0gBDowODA2BglghkgBhv1sBwEw
# KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB8GA1Ud
# IwQYMBaAFPS24SAd/imu0uRhpbKiJbLIFzVuMB0GA1UdDgQWBBQ2RIaOpLqwZr68
# KC0dRDbd42p6vDBxBgNVHR8EajBoMDKgMKAuhixodHRwOi8vY3JsMy5kaWdpY2Vy
# dC5jb20vc2hhMi1hc3N1cmVkLXRzLmNybDAyoDCgLoYsaHR0cDovL2NybDQuZGln
# aWNlcnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwgYUGCCsGAQUFBwEBBHkwdzAk
# BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAC
# hkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJl
# ZElEVGltZXN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQBIHNy16Zoj
# vOca5yAOjmdG/UJyUXQKI0ejq5LSJcRwWb4UoOUngaVNFBUZB3nw0QTDhtk7vf5E
# AmZN7WmkD/a4cM9i6PVRSnh5Nnont/PnUp+Tp+1DnnvntN1BIon7h6JGA0789P63
# ZHdjXyNSaYOC+hpT7ZDMjaEXcw3082U5cEvznNZ6e9oMvD0y0BvL9WH8dQgAdryB
# DvjA4VzPxBFy5xtkSdgimnUVQvUtMjiB2vRgorq0Uvtc4GEkJU+y38kpqHNDUdq9
# Y9YfW5v3LhtPEx33Sg1xfpe39D+E68Hjo0mh+s6nv1bPull2YYlffqe0jmd4+TaY
# 4cso2luHpoovMIIFMTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG
# 9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
# cmVkIElEIFJvb3QgQ0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjBy
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
# SUQgVGltZXN0YW1waW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
# AQEAvdAy7kvNj3/dqbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/
# YyGQmL8TvFfTw+F+CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1
# oODeIj8O/36V+/OjuiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3Fy
# Tgqt30A6XLdR4aF5FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC
# 50ZQ/ZQqLKfkdT66mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMq
# T4UdxB08r8/arBD13ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd
# /imu0uRhpbKiJbLIFzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoG
# CCsGAQUFBwMIMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29j
# c3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4
# MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
# SURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAAC
# BDAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsG
# CWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4
# zwY3QITvS4S/ys8DAv3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33ak
# OpMP+LLR2HwZYuhegiUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+J
# OGFNYkYkh2OMkVIsrymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRY
# aQ18yAGxuSh1t5ljhSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+
# u8QlK0cCCHxJrhO24XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGC
# AoYwggKCAgEBMIGGMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0
# IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0ECEA1CSuC+Ooj/YEAhzhQA
# 8N0wDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE
# MBwGCSqGSIb3DQEJBTEPFw0yMTA4MDQxODMzMjJaMCsGCyqGSIb3DQEJEAIMMRww
# GjAYMBYEFOHXgqjhkb7va8oWkbWqtJSmJJvzMC8GCSqGSIb3DQEJBDEiBCByDn+U
# xeXlxtjCtuO7/a8hNrtUW7xE9JZyiv2XfAfksTA3BgsqhkiG9w0BCRACLzEoMCYw
# JDAiBCCzEJAGvArZgweRVyngRANBXIPjKSthTyaWTI01cez1qTANBgkqhkiG9w0B
# AQEFAASCAQAdUjYdBKaHRNeSums/PMFNy9Q8Yr0t1d0LvY6gZy2k+8fpuS5LcGN/
# tEQc0gOEY1pEfoS4l5oNIDVgRInnhNfaEHGh93aD/2au1CuAqXkggW6PKOzTt0Fl
# pKU6aRpCkGg0aYiCq3I2uE7ehtEZNMDr94E2SONoVvSl/rag27DFSieBOrQdSxhj
# EEyFBSfU1EESO7kfBas9zxvtVTJg2Ubrso+niSk4vF65zPnO6U2idomvu5T3yxXS
# i7HGhm9XbRkPsI3suqQnkY8dJLeaa0UgBW8TecBWX0bx5omcS7zgVZxX8fHfVmFP
# ES8h2KOH4ly5DGnA+OaCpVYlBK2I9tYi
# SIG # End signature block
ScriptBlock ID: 9fecb7b6-f9c0-4a5c-95ff-d6401b122269
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-OSInfo.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88747
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
function GetBilledEditions
{
$billingCodeToEdition = @{
"bp-6aa54003" = "Standard"
"bp-65a5400c" = "Web"
"bp-62a5400b" = "Enterprise"
}
$documentText = Get-Metadata "dynamic/instance-identity/document"
$document = $documentText | ConvertFrom-Json
$billingCodes = $document.billingProducts
$billingEditions = $billingCodes | % {$billingCodeToEdition[$_]}
$billingEditions = $billingEditions | Where {$_ -ne $null}
return $billingEditions
}
function GetInstallationVerisons
{
$instanceNamesRegistryKey = "HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL"
$instanceEntryRegistryKey = "HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server\{0}\Setup"
$instanceNames = [System.Collections.ArrayList]@()
# Exclude all properties included by powershell for any item property
$registryKeyNames = Get-ItemProperty -Path $instanceNamesRegistryKey | Select-Object -Property * -ExcludeProperty @("PSPath", "PSParentPath", "PSChildName", "PSDrive", "PSProvider")
$registryKeyNames.PSObject.Properties | ForEach-Object {
$instanceNames.Add($_.Value) | Out-Null
}
$installations = [System.Collections.ArrayList]@()
$instanceNames | Where-Object {$_ -ne $null} | ForEach {
$infoKey = ($instanceEntryRegistryKey -f $_)
$infoEntry = Get-ItemProperty -Path $infoKey
$editionType = $infoEntry.EditionType
$patchVersion = $infoEntry.PatchLevel
$entryHash = @{
edition = $editionType
version = $patchVersion
}
$entryObject = New-Object PSObject -Property $entryHash
$installations.Add($entryObject) | Out-Null
}
return $installations
}
<#-----------------------------------------------------------------------------------------------------------
Send-MsSqlInfo sends the sql server edition and version info to the console.
-------------------------------------------------------------------------------------------------------------#>
function Send-MsSqlInfo
{
$ErrorActionPreference = "Stop"
try
{
$billedEditions = GetBilledEditions
if ($billedEditions.Count -eq 0)
{
Write-Log "No SQL Billing Codes Associated With Instance"
return
}
$combinedBilledEditions = $billedEditions -join ", "
$billedEditionsLog = ("SqlServerBilling: {0}" -f $combinedBilledEditions)
Write-Log $billedEditionsLog -LogToConsole
# Empty element is added when returning array with single element, cast back to array here
$installedVersions = GetInstallationVerisons
$installedVersions | ForEach {
$installedVersionLog = ("SqlServerInstall: v{0}, {1}" -f $_.version, $_.edition)
Write-Log $installedVersionLog -LogToConsole
}
}
catch
{
Write-Log("Warning Failed to gather SQL Server Edition: {0}" -f $_.Exception.Message)
}
}
# SIG # Begin signature block
# MIIc9AYJKoZIhvcNAQcCoIIc5TCCHOECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAIsxWWRilrxz7q
# bJReNdOpZbtkaat9KrYFhx457tGtg6CCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+rMIIP
# pwIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIKgYpK6XCqzq6bNMsvLD7R5EYCYlTEULhklqbjQ/xkdWMA0GCSqGSIb3DQEB
# AQUABIIBAGOvhVDO4s67bpiv5y5btwi/F8EqrSjg1x5bR0QHJvEGPNMt1NmyE6ca
# YraAkKUwa7mnYi0j7uRvH7Z2kMJqil+w7L21QiJ3mCcpy0UdkopH7s6wRs0F4ovT
# e2zolCkH6oukiUsptV94KgfkB/z0rxG0zOtYeUc8VtxbgGn76qaYTLKDh74V2doy
# GwT0C8SYarp5oobMlQp6Bxm7UOsRF1hp8EwNYLZogdOEq0yLUDn2dPogcZkehfvR
# BD4ubxrw4epghuTIeku7O1EkopzQTygGkaWCQGbhZ/gTra5xe8t9kOkFr2I3XnI/
# +kFcPmDE0CZ7NwY0k27ICTsE5huOftahgg19MIINeQYKKwYBBAGCNwMDATGCDWkw
# gg1lBgkqhkiG9w0BBwKggg1WMIINUgIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqG
# SIb3DQEJEAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# sj+Pomb0LOWx8364hgWKKUXT+vRI4iPG590NKOYNiw4CEF/qdlQ8t2GlFh30Jpae
# KC4YDzIwMjEwODA0MTgzNjI2WqCCCjcwggT+MIID5qADAgECAhANQkrgvjqI/2BA
# Ic4UAPDdMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE
# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMT
# KERpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMjEw
# MTAxMDAwMDAwWhcNMzEwMTA2MDAwMDAwWjBIMQswCQYDVQQGEwJVUzEXMBUGA1UE
# ChMORGlnaUNlcnQsIEluYy4xIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAy
# MDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZhhGfFivUNCKRF
# ymNrUdc6EUK9CnV1TZS0DFC1JhD+HchvkWsMlucaXEjvROW/m2HNFZFiWrj/Zwuc
# Y/02aoH6KfjdK3CF3gIY83htvH35x20JPb5qdofpir34hF0edsnkxnZ2OlPR0dNa
# No/Go+EvGzq3YdZz7E5tM4p8XUUtS7FQ5kE6N1aG3JMjjfdQJehk5t3Tjy9XtYcg
# 6w6OLNUj2vRNeEbjA4MxKUpcDDGKSoyIxfcwWvkUrxVfbENJCf0mI1P2jWPoGqtb
# sR0wwptpgrTb/FZUvB+hh6u+elsKIC9LCcmVp42y+tZji06lchzun3oBc/gZ1v4N
# SYS9AQIDAQABo4IBuDCCAbQwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAw
# FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwQQYDVR0gBDowODA2BglghkgBhv1sBwEw
# KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB8GA1Ud
# IwQYMBaAFPS24SAd/imu0uRhpbKiJbLIFzVuMB0GA1UdDgQWBBQ2RIaOpLqwZr68
# KC0dRDbd42p6vDBxBgNVHR8EajBoMDKgMKAuhixodHRwOi8vY3JsMy5kaWdpY2Vy
# dC5jb20vc2hhMi1hc3N1cmVkLXRzLmNybDAyoDCgLoYsaHR0cDovL2NybDQuZGln
# aWNlcnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwgYUGCCsGAQUFBwEBBHkwdzAk
# BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAC
# hkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJl
# ZElEVGltZXN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQBIHNy16Zoj
# vOca5yAOjmdG/UJyUXQKI0ejq5LSJcRwWb4UoOUngaVNFBUZB3nw0QTDhtk7vf5E
# AmZN7WmkD/a4cM9i6PVRSnh5Nnont/PnUp+Tp+1DnnvntN1BIon7h6JGA0789P63
# ZHdjXyNSaYOC+hpT7ZDMjaEXcw3082U5cEvznNZ6e9oMvD0y0BvL9WH8dQgAdryB
# DvjA4VzPxBFy5xtkSdgimnUVQvUtMjiB2vRgorq0Uvtc4GEkJU+y38kpqHNDUdq9
# Y9YfW5v3LhtPEx33Sg1xfpe39D+E68Hjo0mh+s6nv1bPull2YYlffqe0jmd4+TaY
# 4cso2luHpoovMIIFMTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG
# 9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
# cmVkIElEIFJvb3QgQ0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjBy
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
# SUQgVGltZXN0YW1waW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
# AQEAvdAy7kvNj3/dqbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/
# YyGQmL8TvFfTw+F+CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1
# oODeIj8O/36V+/OjuiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3Fy
# Tgqt30A6XLdR4aF5FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC
# 50ZQ/ZQqLKfkdT66mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMq
# T4UdxB08r8/arBD13ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd
# /imu0uRhpbKiJbLIFzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoG
# CCsGAQUFBwMIMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29j
# c3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4
# MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
# SURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAAC
# BDAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsG
# CWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4
# zwY3QITvS4S/ys8DAv3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33ak
# OpMP+LLR2HwZYuhegiUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+J
# OGFNYkYkh2OMkVIsrymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRY
# aQ18yAGxuSh1t5ljhSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+
# u8QlK0cCCHxJrhO24XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGC
# AoYwggKCAgEBMIGGMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0
# IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0ECEA1CSuC+Ooj/YEAhzhQA
# 8N0wDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE
# MBwGCSqGSIb3DQEJBTEPFw0yMTA4MDQxODM2MjZaMCsGCyqGSIb3DQEJEAIMMRww
# GjAYMBYEFOHXgqjhkb7va8oWkbWqtJSmJJvzMC8GCSqGSIb3DQEJBDEiBCAJes9h
# WwZXv1od2BkQLTIRiwgLZxVP2RSwbQB/2xI6DjA3BgsqhkiG9w0BCRACLzEoMCYw
# JDAiBCCzEJAGvArZgweRVyngRANBXIPjKSthTyaWTI01cez1qTANBgkqhkiG9w0B
# AQEFAASCAQAwzHVA5Su5VeteLGCCX4FMJ6nWHeAfm6iyC05JHEDDhyJrrL8HYz8O
# AAkkAhnD5Gtpn9pPKNAZTkzew9CC7TxfVr1mfpwhiYfnu0P6njEBFAt3R55Z/com
# uiBBVG6CZDlEqRktA9mhWOeUUj2MvbFtEl0IRw4WhNfEo+jR4pyct0Cd+xVO9tQq
# d7hS3ZydJcpzE4Lr138xnn9/DNVtdaovSsDP1NPr4EMFGeDJTzKjG+3dQ4CPKkQM
# S9VuFBS0X8iBwfUwCaVQ5eLqPyz3MvKkiEm+e4Hlyc/KlMJM7sHFmZp2U3x3zmJy
# xJf2Chybd1JuTZ7EJVxDbBrF8RqUCx4g
# SIG # End signature block
ScriptBlock ID: 6c9e310a-298b-470f-b9c9-134b7ac2022c
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-MsSqlInfo.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88744
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Send-Message opens COM port and writes the message to console
-------------------------------------------------------------------------------------------------------------#>
function Send-Message
{
param (
# Message is a mandatory argument.
[Parameter(Mandatory=$true, Position=0)]
[string] $Message
)
# If these script variables are already set, message can be written to the stream with no longer setup.
if (($script:spFileHandle -eq [System.IntPtr]::Zero) -or (-not $script:spSafeFileHandle) -or (-not $script:spStream))
{
Write-Log "Failed to write to console: open serial port using Open-SerialPort"
}
# Meesage needs to be appended with a new line and kept in bytes to be written in stream.
$messageBytes = [System.Text.Encoding]::UTF8.GetBytes($Message + [System.Environment]::NewLine)
$script:spStream.Write($messageBytes, 0, $messageBytes.Length)
}
# SIG # Begin signature block
# MIIc9AYJKoZIhvcNAQcCoIIc5TCCHOECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCB7UU2HHfZ8Kuhi
# mi0JDhE5DTT88e53bVqrswPWGfr8hqCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+rMIIP
# pwIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIPupozX/8AL+buBkiAyff2zy7UVXFmt62NmQMnz79DrtMA0GCSqGSIb3DQEB
# AQUABIIBAKxW9VcdF5zUqhn6ZenwYqtQeRgf/xGK0QILgICXu52+ic2DYVdwuQck
# at/jXy4F/56gmTcdXY/kjl6W4UvTBf7DWG31mr04njy+EvE1SPQibLHnrqW9WBEW
# mrOPcj5kA2iyIPkigKI579s6t+wd0jEmSPBje7Ny7RsHb853rp3k/6eBBxpZB3ik
# 1hYU+mY/kBR4Kd/KCq+xj6oGPeffpFb4qKmrfZ+vFYflCiRYDcVyZM5YvUHkCKto
# cWu45RE9lxdOV7eAWmPkGwEg2H1SeYai31DwFIY9GjEHLGB4Sf2f5d7lq/1yohvo
# tm/gdOt+OYwpgVCjf2gIVvGkUJP3n8uhgg19MIINeQYKKwYBBAGCNwMDATGCDWkw
# gg1lBgkqhkiG9w0BBwKggg1WMIINUgIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqG
# SIb3DQEJEAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# 6DB0hrmQpcvJW51MltKIcBqWgq2yYajTRaFpfSk8UjoCEAT6T/7H91U1dHctulIX
# 3r8YDzIwMjEwODA0MTgzNTM1WqCCCjcwggT+MIID5qADAgECAhANQkrgvjqI/2BA
# Ic4UAPDdMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE
# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMT
# KERpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMjEw
# MTAxMDAwMDAwWhcNMzEwMTA2MDAwMDAwWjBIMQswCQYDVQQGEwJVUzEXMBUGA1UE
# ChMORGlnaUNlcnQsIEluYy4xIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAy
# MDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZhhGfFivUNCKRF
# ymNrUdc6EUK9CnV1TZS0DFC1JhD+HchvkWsMlucaXEjvROW/m2HNFZFiWrj/Zwuc
# Y/02aoH6KfjdK3CF3gIY83htvH35x20JPb5qdofpir34hF0edsnkxnZ2OlPR0dNa
# No/Go+EvGzq3YdZz7E5tM4p8XUUtS7FQ5kE6N1aG3JMjjfdQJehk5t3Tjy9XtYcg
# 6w6OLNUj2vRNeEbjA4MxKUpcDDGKSoyIxfcwWvkUrxVfbENJCf0mI1P2jWPoGqtb
# sR0wwptpgrTb/FZUvB+hh6u+elsKIC9LCcmVp42y+tZji06lchzun3oBc/gZ1v4N
# SYS9AQIDAQABo4IBuDCCAbQwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAw
# FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwQQYDVR0gBDowODA2BglghkgBhv1sBwEw
# KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB8GA1Ud
# IwQYMBaAFPS24SAd/imu0uRhpbKiJbLIFzVuMB0GA1UdDgQWBBQ2RIaOpLqwZr68
# KC0dRDbd42p6vDBxBgNVHR8EajBoMDKgMKAuhixodHRwOi8vY3JsMy5kaWdpY2Vy
# dC5jb20vc2hhMi1hc3N1cmVkLXRzLmNybDAyoDCgLoYsaHR0cDovL2NybDQuZGln
# aWNlcnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwgYUGCCsGAQUFBwEBBHkwdzAk
# BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAC
# hkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJl
# ZElEVGltZXN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQBIHNy16Zoj
# vOca5yAOjmdG/UJyUXQKI0ejq5LSJcRwWb4UoOUngaVNFBUZB3nw0QTDhtk7vf5E
# AmZN7WmkD/a4cM9i6PVRSnh5Nnont/PnUp+Tp+1DnnvntN1BIon7h6JGA0789P63
# ZHdjXyNSaYOC+hpT7ZDMjaEXcw3082U5cEvznNZ6e9oMvD0y0BvL9WH8dQgAdryB
# DvjA4VzPxBFy5xtkSdgimnUVQvUtMjiB2vRgorq0Uvtc4GEkJU+y38kpqHNDUdq9
# Y9YfW5v3LhtPEx33Sg1xfpe39D+E68Hjo0mh+s6nv1bPull2YYlffqe0jmd4+TaY
# 4cso2luHpoovMIIFMTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG
# 9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
# cmVkIElEIFJvb3QgQ0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjBy
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
# SUQgVGltZXN0YW1waW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
# AQEAvdAy7kvNj3/dqbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/
# YyGQmL8TvFfTw+F+CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1
# oODeIj8O/36V+/OjuiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3Fy
# Tgqt30A6XLdR4aF5FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC
# 50ZQ/ZQqLKfkdT66mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMq
# T4UdxB08r8/arBD13ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd
# /imu0uRhpbKiJbLIFzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoG
# CCsGAQUFBwMIMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29j
# c3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4
# MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
# SURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAAC
# BDAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsG
# CWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4
# zwY3QITvS4S/ys8DAv3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33ak
# OpMP+LLR2HwZYuhegiUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+J
# OGFNYkYkh2OMkVIsrymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRY
# aQ18yAGxuSh1t5ljhSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+
# u8QlK0cCCHxJrhO24XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGC
# AoYwggKCAgEBMIGGMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0
# IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0ECEA1CSuC+Ooj/YEAhzhQA
# 8N0wDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE
# MBwGCSqGSIb3DQEJBTEPFw0yMTA4MDQxODM1MzVaMCsGCyqGSIb3DQEJEAIMMRww
# GjAYMBYEFOHXgqjhkb7va8oWkbWqtJSmJJvzMC8GCSqGSIb3DQEJBDEiBCCa/Lm1
# te3VQMrI4D9EfFNrWZ2w4AOF3RGHzNy9iFL23TA3BgsqhkiG9w0BCRACLzEoMCYw
# JDAiBCCzEJAGvArZgweRVyngRANBXIPjKSthTyaWTI01cez1qTANBgkqhkiG9w0B
# AQEFAASCAQBpm4Oquit3+Z5i1rn1V0b4Vix+U7Vw5/w+XYyjd7dcXQDCjKQseITb
# 3iZ9vO7bTFa0UZn5vHwLZIH5CFd2+WO2yVcoshzLNqXSS7MNc2YpAadbJ8IT+pxx
# G7LaqT569tulKCV2vYZ/+KwTIKTuPSQ9MloApmR0JEVL5wBtow6DF59beJekW6gu
# kQh2fHvQ09xywBamgupkeLR3+A2KgFu9Y4q867lggzdeRaTmFrnHCKFHGcdAX3fo
# 53t0M/AI8dBnQcT39XRqZW/qFxSRsD3fD7Q9M82D0T7FabaCclVWqZQg6iOlnq2M
# d5sEhdVefgkMZBCUdAm9E24GPapaR5ec
# SIG # End signature block
ScriptBlock ID: a426fc7e-a3e1-4c6a-bd05-5306f9a15b6a
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-Message.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88741
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Send-InstanceInfo sends the AMI instance info to the console.
-------------------------------------------------------------------------------------------------------------#>
function Send-InstanceInfo
{
try
{
$instanceMetadataPath = Get-Metadata "meta-data/instance-type"
if($instanceMetadataPath)
{
Write-Log ("Instance Type: {0}" -f $instanceMetadataPath) -LogToConsole
}
else
{
Write-Log("Unable to get instance type from meta-data.")
}
}
catch
{
Write-Log "Unable to load instance information" -LogToConsole
Write-Log $_.Exception.Message
}
}
# SIG # Begin signature block
# MIIc9QYJKoZIhvcNAQcCoIIc5jCCHOICAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBhgXGh7v4+tnEV
# MDo8IjZdI0ypcTcxRHRlrSC+rz0uqaCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+sMIIP
# qAIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIDr7jVYl0lSoC5VJ5gtwMgeA5sAv77znZiH+M9k2j7IOMA0GCSqGSIb3DQEB
# AQUABIIBALVGIYfBE5pn61jKq7BU6xXCp3jtRYsenXZ40O+b7l9ulfcmTTrb+DbF
# q7vZApeFek04G2uBnL0Y0iUGXp/Zf7lpwxEMWYTKzwszLPCZxtHoTLM3u3uk2GIp
# NG+aaLOeODyfoXIrizCULW3I66DHTQYyM2RydlFJWtA/eYKOS/NtUXbURLEJxfuy
# 1YveJDHvlEc/q+5bi5IKHcUYEgiM9yt5gEFTGr49NiatmL/xxBa87WKXORmO0Bds
# 1WUJ9Xl5U1by3nrFXF7CVfgIdTulmwE4INvmUqbTHdPVRuAeRm+R6tF1O9QSlRHU
# 5CW8m0ePS3GS7w2uEtJao58E8IMUsHmhgg1+MIINegYKKwYBBAGCNwMDATGCDWow
# gg1mBgkqhkiG9w0BBwKggg1XMIINUwIBAzEPMA0GCWCGSAFlAwQCAQUAMHgGCyqG
# SIb3DQEJEAEEoGkEZzBlAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# V/CqJKMTAST7zqqXUJoMqzTDc7n94S1V3j6T64vCVqUCEQChsVCAZY53La2Kq16m
# zJp2GA8yMDIxMDgwNDE4MzMzOVqgggo3MIIE/jCCA+agAwIBAgIQDUJK4L46iP9g
# QCHOFADw3TANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
# RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQD
# EyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBMB4XDTIx
# MDEwMTAwMDAwMFoXDTMxMDEwNjAwMDAwMFowSDELMAkGA1UEBhMCVVMxFzAVBgNV
# BAoTDkRpZ2lDZXJ0LCBJbmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAg
# MjAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLmYYRnxYr1DQik
# Rcpja1HXOhFCvQp1dU2UtAxQtSYQ/h3Ib5FrDJbnGlxI70Tlv5thzRWRYlq4/2cL
# nGP9NmqB+in43Stwhd4CGPN4bbx9+cdtCT2+anaH6Yq9+IRdHnbJ5MZ2djpT0dHT
# WjaPxqPhLxs6t2HWc+xObTOKfF1FLUuxUOZBOjdWhtyTI433UCXoZObd048vV7WH
# IOsOjizVI9r0TXhG4wODMSlKXAwxikqMiMX3MFr5FK8VX2xDSQn9JiNT9o1j6Bqr
# W7EdMMKbaYK02/xWVLwfoYervnpbCiAvSwnJlaeNsvrWY4tOpXIc7p96AXP4Gdb+
# DUmEvQECAwEAAaOCAbgwggG0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA
# MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEEGA1UdIAQ6MDgwNgYJYIZIAYb9bAcB
# MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAfBgNV
# HSMEGDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUNkSGjqS6sGa+
# vCgtHUQ23eNqerwwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNl
# cnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRp
# Z2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcw
# JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcw
# AoZDaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3Vy
# ZWRJRFRpbWVzdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEASBzctema
# I7znGucgDo5nRv1CclF0CiNHo6uS0iXEcFm+FKDlJ4GlTRQVGQd58NEEw4bZO73+
# RAJmTe1ppA/2uHDPYuj1UUp4eTZ6J7fz51Kfk6ftQ55757TdQSKJ+4eiRgNO/PT+
# t2R3Y18jUmmDgvoaU+2QzI2hF3MN9PNlOXBL85zWenvaDLw9MtAby/Vh/HUIAHa8
# gQ74wOFcz8QRcucbZEnYIpp1FUL1LTI4gdr0YKK6tFL7XOBhJCVPst/JKahzQ1Ha
# vWPWH1ub9y4bTxMd90oNcX6Xt/Q/hOvB46NJofrOp79Wz7pZdmGJX36ntI5nePk2
# mOHLKNpbh6aKLzCCBTEwggQZoAMCAQICEAqhJdbWMht+QeQF2jaXwhUwDQYJKoZI
# hvcNAQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
# MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNz
# dXJlZCBJRCBSb290IENBMB4XDTE2MDEwNzEyMDAwMFoXDTMxMDEwNzEyMDAwMFow
# cjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVk
# IElEIFRpbWVzdGFtcGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
# ggEBAL3QMu5LzY9/3am6gpnFOVQoV7YjSsQOB0UzURB90Pl9TWh+57ag9I2ziOSX
# v2MhkJi/E7xX08PhfgjWahQAOPcuHjvuzKb2Mln+X2U/4Jvr40ZHBhpVfgsnfsCi
# 9aDg3iI/Dv9+lfvzo7oiPhisEeTwmQNtO4V8CdPuXciaC1TjqAlxa+DPIhAPdc9x
# ck4Krd9AOly3UeGheRTGTSQjMF287DxgaqwvB8z98OpH2YhQXv1mblZhJymJhFHm
# gudGUP2UKiyn5HU+upgPhH+fMRTWrdXyZMt7HgXQhBlyF/EXBu89zdZN7wZC/aJT
# Kk+FHcQdPK/P2qwQ9d2srOlW/5MCAwEAAaOCAc4wggHKMB0GA1UdDgQWBBT0tuEg
# Hf4prtLkYaWyoiWyyBc1bjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAK
# BggrBgEFBQcDCDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHow
# eDA6oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJl
# ZElEUm9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp
# Z2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDBQBgNVHSAESTBHMDgGCmCGSAGG/WwA
# AgQwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAL
# BglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggEBAHGVEulRh1Zpze/d2nyqY3qz
# eM8GN0CE70uEv8rPAwL9xafDDiBCLK938ysfDCFaKrcFNB1qrpn4J6JmvwmqYN92
# pDqTD/iy0dh8GWLoXoIlHsS6HHssIeLWWywUNUMEaLLbdQLgcseY1jxk5R9IEBhf
# iThhTWJGJIdjjJFSLK8pieV4H9YLFKWA1xJHcLN11ZOFk362kmf7U2GJqPVrlsD0
# WGkNfMgBsbkodbeZY4UijGHKeZR+WfyMD+NvtQEmtmyl7odRIeRYYJu6DC0rbaLE
# frvEJStHAgh8Sa4TtuF8QkIoxhhWz0E0tmZdtnR79VYzIi8iNrJLokqV2PWmjlIx
# ggKGMIICggIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
# SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2Vy
# dCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhANQkrgvjqI/2BAIc4U
# APDdMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB
# BDAcBgkqhkiG9w0BCQUxDxcNMjEwODA0MTgzMzM5WjArBgsqhkiG9w0BCRACDDEc
# MBowGDAWBBTh14Ko4ZG+72vKFpG1qrSUpiSb8zAvBgkqhkiG9w0BCQQxIgQghM8v
# WRu7fKV3AphVgZKrGweXhBsQfc+JNT7TSi5kPn0wNwYLKoZIhvcNAQkQAi8xKDAm
# MCQwIgQgsxCQBrwK2YMHkVcp4EQDQVyD4ykrYU8mlkyNNXHs9akwDQYJKoZIhvcN
# AQEBBQAEggEAltcy+N4NZG98o5YtevcheTaW+1MGbP2av/VaJlJHtvU/bYw5Kl8a
# HRNeMkIAR0airL0VQwRFG1iYcNO/ateKfV2CmLQMxInD7OSvdiBMLrvnYKsjapeI
# p2EZTg+FTB5MYftBSROtJuIfaO+ShIALXsnXOhPJzry+ME/y1pkuxfqTsfwLvxjg
# K4JJuFtDEvjnnrKujxQTsN8Yc+f+ut/XTLIffJKGG+moA2a2YS1O4gY9hJHmAlB6
# dkWgUTTtj0BaW2OTFCtsdshvTeDvkcWZUbQ5O6KQAK0qLfYsFRXXeio6IO12ZnEd
# 2KNwNNIj0nDEWw3FzbbqQKdvgdVqBBwBig==
# SIG # End signature block
ScriptBlock ID: 8033e9e9-8b2e-41aa-b2b6-3a410d480ebb
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-InstanceInfo.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88738
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Send-IDInfo sends AMI-ID and Instance-ID to console.
-------------------------------------------------------------------------------------------------------------#>
function Send-IDInfo
{
try
{
$amiIdEntry = "meta-data/ami-id"
$amiId = Get-Metadata -UrlFragment $amiIdEntry
if ($amiId)
{
Write-Log ("AMI-ID: {0}" -f $amiId.Trim()) -LogToConsole
}
else
{
throw New-Object System.Exception("`"{0}`" is missing in metadata" -f $amiIdEntry)
}
}
catch
{
Write-Log "Unable to load AMI ID" -LogToConsole
Write-Log $_.Exception.Message
}
try
{
$instanceIdEntry = "meta-data/instance-id"
$instanceId = Get-Metadata -UrlFragment $instanceIdEntry
if ($instanceId)
{
Write-Log ("Instance-ID: {0}" -f $instanceId.Trim()) -LogToConsole
}
else
{
throw New-Object System.Exception("`"{0}`" is missing in metadata" -f $instanceIdEntry)
}
}
catch
{
Write-Log "Unable to load Instance ID" -LogToConsole
Write-Log $_.Exception.Message
}
}
# SIG # Begin signature block
# MIIc9QYJKoZIhvcNAQcCoIIc5jCCHOICAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCA/U7N1pmTY0M8i
# JRHJg2+ZVVvcOSdD7iePdzDi4s/OQqCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+sMIIP
# qAIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEICLnQfo2mTNDfHZJ/z0bHoKIg8f7bJXfdiJEtuJ5Rs1EMA0GCSqGSIb3DQEB
# AQUABIIBAIQQtjqYgG1Mtc6U6YPBcEu/w3kKkfXunkHlA7yNElOfdFGWRrEyOyR7
# tZJPnYFHqSjlAnGKsMQcMpf1Ufw4mm3OeXtwQmJ2hB7m9LpB50y3keNkmrx2VUZg
# 7fCs8RrwOvJA6GQ8YxHGbA1zqFDalbqHv3BVXjNGX0ZmHw5M4cepakh+eoc+KQJj
# zQdBhBaDLdKDZrXImUoNtPl6Dfw5TNwxVjfpFG8EIOVWcWEk0Ns63V2JQHTL6ydL
# auWRx2do02e1nLe6FVA1WJxk8SmaJLsoAijvWDs5R2Lnnm7zuD/uu/c453BNCgE1
# 2cGCKBm93L3HVVsoKOiDZ77wpAeQ4jWhgg1+MIINegYKKwYBBAGCNwMDATGCDWow
# gg1mBgkqhkiG9w0BBwKggg1XMIINUwIBAzEPMA0GCWCGSAFlAwQCAQUAMHgGCyqG
# SIb3DQEJEAEEoGkEZzBlAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# E1LudBXW4c4GmCWWKFAVGjWTSe4ZrnakyVNIupmL6moCEQCL5ZOynRdOI7LK3gv9
# qip8GA8yMDIxMDgwNDE4MzY1OVqgggo3MIIE/jCCA+agAwIBAgIQDUJK4L46iP9g
# QCHOFADw3TANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
# RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQD
# EyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBMB4XDTIx
# MDEwMTAwMDAwMFoXDTMxMDEwNjAwMDAwMFowSDELMAkGA1UEBhMCVVMxFzAVBgNV
# BAoTDkRpZ2lDZXJ0LCBJbmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAg
# MjAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLmYYRnxYr1DQik
# Rcpja1HXOhFCvQp1dU2UtAxQtSYQ/h3Ib5FrDJbnGlxI70Tlv5thzRWRYlq4/2cL
# nGP9NmqB+in43Stwhd4CGPN4bbx9+cdtCT2+anaH6Yq9+IRdHnbJ5MZ2djpT0dHT
# WjaPxqPhLxs6t2HWc+xObTOKfF1FLUuxUOZBOjdWhtyTI433UCXoZObd048vV7WH
# IOsOjizVI9r0TXhG4wODMSlKXAwxikqMiMX3MFr5FK8VX2xDSQn9JiNT9o1j6Bqr
# W7EdMMKbaYK02/xWVLwfoYervnpbCiAvSwnJlaeNsvrWY4tOpXIc7p96AXP4Gdb+
# DUmEvQECAwEAAaOCAbgwggG0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA
# MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEEGA1UdIAQ6MDgwNgYJYIZIAYb9bAcB
# MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAfBgNV
# HSMEGDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUNkSGjqS6sGa+
# vCgtHUQ23eNqerwwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNl
# cnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRp
# Z2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcw
# JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcw
# AoZDaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3Vy
# ZWRJRFRpbWVzdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEASBzctema
# I7znGucgDo5nRv1CclF0CiNHo6uS0iXEcFm+FKDlJ4GlTRQVGQd58NEEw4bZO73+
# RAJmTe1ppA/2uHDPYuj1UUp4eTZ6J7fz51Kfk6ftQ55757TdQSKJ+4eiRgNO/PT+
# t2R3Y18jUmmDgvoaU+2QzI2hF3MN9PNlOXBL85zWenvaDLw9MtAby/Vh/HUIAHa8
# gQ74wOFcz8QRcucbZEnYIpp1FUL1LTI4gdr0YKK6tFL7XOBhJCVPst/JKahzQ1Ha
# vWPWH1ub9y4bTxMd90oNcX6Xt/Q/hOvB46NJofrOp79Wz7pZdmGJX36ntI5nePk2
# mOHLKNpbh6aKLzCCBTEwggQZoAMCAQICEAqhJdbWMht+QeQF2jaXwhUwDQYJKoZI
# hvcNAQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
# MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNz
# dXJlZCBJRCBSb290IENBMB4XDTE2MDEwNzEyMDAwMFoXDTMxMDEwNzEyMDAwMFow
# cjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVk
# IElEIFRpbWVzdGFtcGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
# ggEBAL3QMu5LzY9/3am6gpnFOVQoV7YjSsQOB0UzURB90Pl9TWh+57ag9I2ziOSX
# v2MhkJi/E7xX08PhfgjWahQAOPcuHjvuzKb2Mln+X2U/4Jvr40ZHBhpVfgsnfsCi
# 9aDg3iI/Dv9+lfvzo7oiPhisEeTwmQNtO4V8CdPuXciaC1TjqAlxa+DPIhAPdc9x
# ck4Krd9AOly3UeGheRTGTSQjMF287DxgaqwvB8z98OpH2YhQXv1mblZhJymJhFHm
# gudGUP2UKiyn5HU+upgPhH+fMRTWrdXyZMt7HgXQhBlyF/EXBu89zdZN7wZC/aJT
# Kk+FHcQdPK/P2qwQ9d2srOlW/5MCAwEAAaOCAc4wggHKMB0GA1UdDgQWBBT0tuEg
# Hf4prtLkYaWyoiWyyBc1bjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAK
# BggrBgEFBQcDCDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHow
# eDA6oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJl
# ZElEUm9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp
# Z2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDBQBgNVHSAESTBHMDgGCmCGSAGG/WwA
# AgQwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAL
# BglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggEBAHGVEulRh1Zpze/d2nyqY3qz
# eM8GN0CE70uEv8rPAwL9xafDDiBCLK938ysfDCFaKrcFNB1qrpn4J6JmvwmqYN92
# pDqTD/iy0dh8GWLoXoIlHsS6HHssIeLWWywUNUMEaLLbdQLgcseY1jxk5R9IEBhf
# iThhTWJGJIdjjJFSLK8pieV4H9YLFKWA1xJHcLN11ZOFk362kmf7U2GJqPVrlsD0
# WGkNfMgBsbkodbeZY4UijGHKeZR+WfyMD+NvtQEmtmyl7odRIeRYYJu6DC0rbaLE
# frvEJStHAgh8Sa4TtuF8QkIoxhhWz0E0tmZdtnR79VYzIi8iNrJLokqV2PWmjlIx
# ggKGMIICggIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
# SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2Vy
# dCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhANQkrgvjqI/2BAIc4U
# APDdMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB
# BDAcBgkqhkiG9w0BCQUxDxcNMjEwODA0MTgzNjU5WjArBgsqhkiG9w0BCRACDDEc
# MBowGDAWBBTh14Ko4ZG+72vKFpG1qrSUpiSb8zAvBgkqhkiG9w0BCQQxIgQgdt3B
# oCmfv9CfRPAAcHzyyL0JI4EDE0AOj77wF6S/1R4wNwYLKoZIhvcNAQkQAi8xKDAm
# MCQwIgQgsxCQBrwK2YMHkVcp4EQDQVyD4ykrYU8mlkyNNXHs9akwDQYJKoZIhvcN
# AQEBBQAEggEAnJCPwFehrQiQTFQGNwi0tED/wwcbuMCLhcbeTnYy2iV4gWOms4iX
# jdnJ/np8Q85E8GAv13bfkZqHFKBLUHm3y6DdueDwsPtOab2wV56gXz7ShGwDv45M
# O3+Xm9YE4/mTIi/SZ4ZTAevUX5r1XxN5qJEYAKdTFY7TVy5q4vTL9FVAyNP8KLrE
# imbM+2tjsjOyKK3uuBAtLPRgJCS9qisaQuwqpQZ+5LNqIlO5Nd7xgOh4Tp3RG/9X
# tY0IooSvUMT4kpuFlJFXnDoG93AdXFMOSAn8031QZ9RSmApVMHd7XtTEf3ejSBFW
# 5srVQ130/mOV9E8Rl8gu/VzZO3xia6FRlQ==
# SIG # End signature block
ScriptBlock ID: 738e3f56-3d4c-47f7-9335-6d4dde8e29bc
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-IDInfo.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88735
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Send-FeatureStatus sends feature installation and corresponding service status to the console.
-------------------------------------------------------------------------------------------------------------#>
function Send-FeatureStatus
{
set-variable -Name INSTALL_STATE_ENABLED -Value 1 -Option Constant
try
{
$windowsFeatures = @( @{ FeatureName = "Microsoft-Hyper-V"; InstalledServiceName = "vmms" } )
$featureName = ""
foreach($feature in $windowsFeatures)
{
$featureName = $feature.FeatureName
$featureInfo = Get-WmiObject -query "select * from Win32_OptionalFeature where name = '$featureName'" -ErrorAction "SilentlyContinue"
if($featureInfo.InstallState -eq $INSTALL_STATE_ENABLED)
{
Write-Log ("{0} feature is installed." -f $feature.FeatureName) -LogToConsole
$srvStatus = (Get-Service -Name $feature.InstalledServiceName -ErrorAction "SilentlyContinue").Status
if($srvStatus)
{
Write-Log ("{0} service ({1}) is {2}." -f $feature.FeatureName, $feature.InstalledServiceName, $srvStatus) -LogToConsole
}
else
{
Write-Log ("Unable to get service status for {0}." -f $feature.InstalledServiceName ) -LogToConsole
}
}
}
}
catch
{
Write-Log ("Failed to get info for feature {0}." -f $featureName) -LogToConsole
}
}
# SIG # Begin signature block
# MIIc9AYJKoZIhvcNAQcCoIIc5TCCHOECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCYWBdi+IKrRLcT
# aL/DHKt/rW4/96VR8c260zh7bTNrgKCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+rMIIP
# pwIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIGCecB6VGl7eXvB8l1jbdrb6rtebfaHMjDkzPDdib6BiMA0GCSqGSIb3DQEB
# AQUABIIBALyot91Ha7TlMLIKl1XHPUpxoqxBqZSOcuEiVcoVTcZr2AZ8+ja2tlKq
# 2cAh1LvRQxcYZPkY7cokeecUH37BlD6sdMjs44y0slwKjeb1+eN56wCBET6dtYB2
# N4lPpqy/PkhGTFOdBZbxjU3rCj5VchN4fYIksOEV0QoMAqBNsBElRf9zEp2F2QvD
# p48/c0RTTg5YhcGfwagVeogwVrK+UNP/C4OqAE7AC7NmrzJj/dtkEZ1KxTvUw09+
# VB1qpQxLjczhk9O1oKJWk3wFiB7s1c5aAAiqvKhL/XCZX4e8Ud9rQGlK8JAUb+BO
# wWVB38zuxtWimRSzkcWVMt0z75Crojmhgg19MIINeQYKKwYBBAGCNwMDATGCDWkw
# gg1lBgkqhkiG9w0BBwKggg1WMIINUgIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqG
# SIb3DQEJEAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# NaxuDXGel5wx7i5Ty3FG700Qu4bHWINU4Vz+FEUkZRUCECzBgcfnIfzSVa2IqZHO
# 0ooYDzIwMjEwODA0MTgzMzQ0WqCCCjcwggT+MIID5qADAgECAhANQkrgvjqI/2BA
# Ic4UAPDdMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE
# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMT
# KERpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMjEw
# MTAxMDAwMDAwWhcNMzEwMTA2MDAwMDAwWjBIMQswCQYDVQQGEwJVUzEXMBUGA1UE
# ChMORGlnaUNlcnQsIEluYy4xIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAy
# MDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZhhGfFivUNCKRF
# ymNrUdc6EUK9CnV1TZS0DFC1JhD+HchvkWsMlucaXEjvROW/m2HNFZFiWrj/Zwuc
# Y/02aoH6KfjdK3CF3gIY83htvH35x20JPb5qdofpir34hF0edsnkxnZ2OlPR0dNa
# No/Go+EvGzq3YdZz7E5tM4p8XUUtS7FQ5kE6N1aG3JMjjfdQJehk5t3Tjy9XtYcg
# 6w6OLNUj2vRNeEbjA4MxKUpcDDGKSoyIxfcwWvkUrxVfbENJCf0mI1P2jWPoGqtb
# sR0wwptpgrTb/FZUvB+hh6u+elsKIC9LCcmVp42y+tZji06lchzun3oBc/gZ1v4N
# SYS9AQIDAQABo4IBuDCCAbQwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAw
# FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwQQYDVR0gBDowODA2BglghkgBhv1sBwEw
# KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB8GA1Ud
# IwQYMBaAFPS24SAd/imu0uRhpbKiJbLIFzVuMB0GA1UdDgQWBBQ2RIaOpLqwZr68
# KC0dRDbd42p6vDBxBgNVHR8EajBoMDKgMKAuhixodHRwOi8vY3JsMy5kaWdpY2Vy
# dC5jb20vc2hhMi1hc3N1cmVkLXRzLmNybDAyoDCgLoYsaHR0cDovL2NybDQuZGln
# aWNlcnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwgYUGCCsGAQUFBwEBBHkwdzAk
# BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAC
# hkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJl
# ZElEVGltZXN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQBIHNy16Zoj
# vOca5yAOjmdG/UJyUXQKI0ejq5LSJcRwWb4UoOUngaVNFBUZB3nw0QTDhtk7vf5E
# AmZN7WmkD/a4cM9i6PVRSnh5Nnont/PnUp+Tp+1DnnvntN1BIon7h6JGA0789P63
# ZHdjXyNSaYOC+hpT7ZDMjaEXcw3082U5cEvznNZ6e9oMvD0y0BvL9WH8dQgAdryB
# DvjA4VzPxBFy5xtkSdgimnUVQvUtMjiB2vRgorq0Uvtc4GEkJU+y38kpqHNDUdq9
# Y9YfW5v3LhtPEx33Sg1xfpe39D+E68Hjo0mh+s6nv1bPull2YYlffqe0jmd4+TaY
# 4cso2luHpoovMIIFMTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG
# 9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
# cmVkIElEIFJvb3QgQ0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjBy
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
# SUQgVGltZXN0YW1waW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
# AQEAvdAy7kvNj3/dqbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/
# YyGQmL8TvFfTw+F+CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1
# oODeIj8O/36V+/OjuiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3Fy
# Tgqt30A6XLdR4aF5FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC
# 50ZQ/ZQqLKfkdT66mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMq
# T4UdxB08r8/arBD13ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd
# /imu0uRhpbKiJbLIFzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoG
# CCsGAQUFBwMIMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29j
# c3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4
# MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
# SURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAAC
# BDAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsG
# CWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4
# zwY3QITvS4S/ys8DAv3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33ak
# OpMP+LLR2HwZYuhegiUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+J
# OGFNYkYkh2OMkVIsrymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRY
# aQ18yAGxuSh1t5ljhSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+
# u8QlK0cCCHxJrhO24XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGC
# AoYwggKCAgEBMIGGMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0
# IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0ECEA1CSuC+Ooj/YEAhzhQA
# 8N0wDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE
# MBwGCSqGSIb3DQEJBTEPFw0yMTA4MDQxODMzNDRaMCsGCyqGSIb3DQEJEAIMMRww
# GjAYMBYEFOHXgqjhkb7va8oWkbWqtJSmJJvzMC8GCSqGSIb3DQEJBDEiBCDftRrQ
# TYNZZ7fkGhL9DJ+eA2GnB1uRJG2gl4/gVeRyBDA3BgsqhkiG9w0BCRACLzEoMCYw
# JDAiBCCzEJAGvArZgweRVyngRANBXIPjKSthTyaWTI01cez1qTANBgkqhkiG9w0B
# AQEFAASCAQCybVBhMWPAJBCc6vLlbm5b7LIQ3x9KInCEGgEKWgGdZNhVxVeqkrlF
# KrIWK/eDqO+jyFmlcMN1wm6/0b6AI05AJNic+IAo84LqCvXkH/QZp2C/f90KrYOZ
# EGEASGVfO1OyrLXNWrscPJRDTlSt9o3jJOfotrTHjbcwSg+tiWFHF3jXfobwr5Jo
# wCUwDhtq1S3szfW4XJU5bf3+K73iurFnRdjV1ZrhrNyHP5UJyeg+fOSoFlFA7ru1
# YcKhbN6aEa9Il+EhWVe3q+pnG7LqTk1D/3hbu4gbFNwdH+sbzou5IUbuOI+GdcWg
# Rnqhs3IMqiO0vnro32RZDQvy3rVH4ZFe
# SIG # End signature block
ScriptBlock ID: 7b157f3b-a1f7-41e6-b1ce-1a54253e3fb1
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-FeatureStatus.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88732
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Send-Ec2LaunchVersion sends EC2 Launch version to console.
-------------------------------------------------------------------------------------------------------------#>
function Send-Ec2LaunchVersion
{
try
{
# Get the Ec2Launch Module
$ec2LaunchModule = Get-Module -Name "Ec2Launch" -ErrorAction SilentlyContinue
if ($ec2LaunchModule)
{
Write-Log ("Launch: EC2 Launch v{0}" -f $ec2LaunchModule.Version) -LogToConsole
}
}
catch
{
Write-Log ("Failed to send Ec2Launch version: {0}" -f $_.Exception.Message)
}
}
# SIG # Begin signature block
# MIIc9AYJKoZIhvcNAQcCoIIc5TCCHOECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDqwGA77iKPbTMp
# PqiVIv6qjsgMOfLZBkpXDoTpmYURmaCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+rMIIP
# pwIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIAwAGuSLgbwILujMSKCVMvSjtJuwaOTN4vHvoROc0Zu0MA0GCSqGSIb3DQEB
# AQUABIIBAKrwEdlv2DEC0NDlLA5Ris8gSfQsMD8M+J+daOIjTjWBtCXS2p8RxbyI
# bK1Alw55aFBdYP3R0K7zVI7ZqdRW9ok+KhjNVMcrE/F4JKLI3GPoseDDoK/TAo/2
# OETPppvFhtu7mPKh4vLKQUZlBhQgmuesSL3SUAn/PNcN9/gcYGw7Warm+WS/J6pf
# 3x+Vi9OERrxFQfk7yy+fhoJQHdTp4hMWTk5JW3Pjq75n97Uf7yKJjkA4/DAO0bFc
# EtI9Vrin5xRywo9WCnDtZCUpcQZSPGBdZEynmskOtrbmaEYfnwaNhxSC/NuoDZgo
# CL5ucwMQS9rZYvXAqONhMvs6JQXOyk+hgg19MIINeQYKKwYBBAGCNwMDATGCDWkw
# gg1lBgkqhkiG9w0BBwKggg1WMIINUgIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqG
# SIb3DQEJEAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# 0osHNH9qlx+HuaExxKujIxvw2pTjbufkBcIL9AWGK2gCEH2wQNlehQhH3kPHZgjt
# OccYDzIwMjEwODA0MTgzNjMxWqCCCjcwggT+MIID5qADAgECAhANQkrgvjqI/2BA
# Ic4UAPDdMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE
# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMT
# KERpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMjEw
# MTAxMDAwMDAwWhcNMzEwMTA2MDAwMDAwWjBIMQswCQYDVQQGEwJVUzEXMBUGA1UE
# ChMORGlnaUNlcnQsIEluYy4xIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAy
# MDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZhhGfFivUNCKRF
# ymNrUdc6EUK9CnV1TZS0DFC1JhD+HchvkWsMlucaXEjvROW/m2HNFZFiWrj/Zwuc
# Y/02aoH6KfjdK3CF3gIY83htvH35x20JPb5qdofpir34hF0edsnkxnZ2OlPR0dNa
# No/Go+EvGzq3YdZz7E5tM4p8XUUtS7FQ5kE6N1aG3JMjjfdQJehk5t3Tjy9XtYcg
# 6w6OLNUj2vRNeEbjA4MxKUpcDDGKSoyIxfcwWvkUrxVfbENJCf0mI1P2jWPoGqtb
# sR0wwptpgrTb/FZUvB+hh6u+elsKIC9LCcmVp42y+tZji06lchzun3oBc/gZ1v4N
# SYS9AQIDAQABo4IBuDCCAbQwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAw
# FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwQQYDVR0gBDowODA2BglghkgBhv1sBwEw
# KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB8GA1Ud
# IwQYMBaAFPS24SAd/imu0uRhpbKiJbLIFzVuMB0GA1UdDgQWBBQ2RIaOpLqwZr68
# KC0dRDbd42p6vDBxBgNVHR8EajBoMDKgMKAuhixodHRwOi8vY3JsMy5kaWdpY2Vy
# dC5jb20vc2hhMi1hc3N1cmVkLXRzLmNybDAyoDCgLoYsaHR0cDovL2NybDQuZGln
# aWNlcnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwgYUGCCsGAQUFBwEBBHkwdzAk
# BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAC
# hkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJl
# ZElEVGltZXN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQBIHNy16Zoj
# vOca5yAOjmdG/UJyUXQKI0ejq5LSJcRwWb4UoOUngaVNFBUZB3nw0QTDhtk7vf5E
# AmZN7WmkD/a4cM9i6PVRSnh5Nnont/PnUp+Tp+1DnnvntN1BIon7h6JGA0789P63
# ZHdjXyNSaYOC+hpT7ZDMjaEXcw3082U5cEvznNZ6e9oMvD0y0BvL9WH8dQgAdryB
# DvjA4VzPxBFy5xtkSdgimnUVQvUtMjiB2vRgorq0Uvtc4GEkJU+y38kpqHNDUdq9
# Y9YfW5v3LhtPEx33Sg1xfpe39D+E68Hjo0mh+s6nv1bPull2YYlffqe0jmd4+TaY
# 4cso2luHpoovMIIFMTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG
# 9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
# cmVkIElEIFJvb3QgQ0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjBy
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
# SUQgVGltZXN0YW1waW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
# AQEAvdAy7kvNj3/dqbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/
# YyGQmL8TvFfTw+F+CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1
# oODeIj8O/36V+/OjuiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3Fy
# Tgqt30A6XLdR4aF5FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC
# 50ZQ/ZQqLKfkdT66mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMq
# T4UdxB08r8/arBD13ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd
# /imu0uRhpbKiJbLIFzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoG
# CCsGAQUFBwMIMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29j
# c3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4
# MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
# SURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAAC
# BDAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsG
# CWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4
# zwY3QITvS4S/ys8DAv3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33ak
# OpMP+LLR2HwZYuhegiUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+J
# OGFNYkYkh2OMkVIsrymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRY
# aQ18yAGxuSh1t5ljhSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+
# u8QlK0cCCHxJrhO24XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGC
# AoYwggKCAgEBMIGGMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0
# IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0ECEA1CSuC+Ooj/YEAhzhQA
# 8N0wDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE
# MBwGCSqGSIb3DQEJBTEPFw0yMTA4MDQxODM2MzFaMCsGCyqGSIb3DQEJEAIMMRww
# GjAYMBYEFOHXgqjhkb7va8oWkbWqtJSmJJvzMC8GCSqGSIb3DQEJBDEiBCCVP+PF
# 5272W7URAp6HDKoUoXKnFaWcVYWs0Ul2mH1QcTA3BgsqhkiG9w0BCRACLzEoMCYw
# JDAiBCCzEJAGvArZgweRVyngRANBXIPjKSthTyaWTI01cez1qTANBgkqhkiG9w0B
# AQEFAASCAQAbnBmd0C17DRyiZzozdlNx0IX3DUURghBX9p7Qs1EzEAZSAVH/e4Sc
# 7PsedLbaFLd5zcE4xbbi5HpMPMUu5FozNvpY4WvUXttthPKwNcX4jPElLbm3sX0k
# xDyedwFAL6OPZR7t5VFX3oCb2cRSrdjgwdR1i87zpUEKaCLq4vO3+8nNUm3n5zks
# +BvKFx0SwI9G2IfJ8cRo5SwJe+lGgR7lKeWfw0ZlTO+suEWzU+ecdQunMHJQaCdg
# 4F/DHHcntzCj6bc4y40pxf2//3syCqMBe3Wm7bADCYVoLgSd/p98IOREvMjni/dG
# f6b3R/t58neT4HlM5HXsD0QgTUA34I6t
# SIG # End signature block
ScriptBlock ID: bc1d5041-a8dc-444c-9ba0-8c604615b828
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-Ec2LaunchVersion.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88729
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Send-DriverInfo sends information of all drivers recommended by Amazon to console.
-------------------------------------------------------------------------------------------------------------#>
function Send-DriverInfo
{
try
{
if (-not (Test-NanoServer))
{
# NVMe stroage devices
$nvmeDriver = Get-CimInstance -ClassName Win32_PnPSignedDriver |
Where-Object {$_.DeviceClass -eq 'SCSIAdapter' -and ($_.DeviceName -like "*AWS NVMe Elastic Block Storage*" -or $_.InfName -eq "stornvme.inf")} | Select -First 1
if($nvmeDriver)
{
if($nvmeDriver.DeviceName -like "*AWS NVMe Elastic Block Storage*")
{
Write-Log ("Driver: {0} v{1} " -f "AWS NVMe Driver", $nvmeDriver.DriverVersion) -LogToConsole
}
elseif($nvmeDriver.InfName -eq "stornvme.inf")
{
Write-Log ("Driver: {0} v{1} " -f "Inbox NVMe Driver", $nvmeDriver.DriverVersion) -LogToConsole
}
}
# Log AWS Nitro Enclaves package version
$nitroEnclavesPackageVersion = Get-ItemProperty -Path "HKLM:\SOFTWARE\Amazon\AwsNitroEnclaves" -Name "Version" -ErrorAction SilentlyContinue
if($nitroEnclavesPackageVersion) {
Write-Log ("Driver: {0} v{1} " -f "AWS Nitro Enclaves Package", $nitroEnclavesPackageVersion.Version) -LogToConsole
}
# PVDrivers after 8.2.1 store version information in the registry.
# Attempt to pull from new registry entry and fallback to original logic if not found
$pvPackageVersion = Get-ItemProperty -Path "HKLM:\SOFTWARE\Amazon\PVDriver" -Name "Version" -ErrorAction SilentlyContinue
if($pvPackageVersion)
{
Write-Log ("Driver: {0} v{1} " -f "AWS PV Driver Package", $pvPackageVersion.Version) -LogToConsole
$drivers = Get-CimInstance -ClassName Win32_PnPSignedDriver | Where-Object { $_.DeviceClass -eq 'Net' -and `
($_.Manufacturer -like 'Intel*' -or $_.Manufacturer -eq 'Citrix Systems, Inc.' -or $_.Manufacturer -eq 'Amazon Inc.' -or `
$_.Manufacturer -eq 'Amazon Web Services, Inc.') -and $_.Description -notlike 'AWS PV*' }
}
else
{
$xenDrivers = Get-CimInstance -ClassName Win32_PnPEntity | Where-Object { $_.Service -eq 'xenvbd' }
$drivers = Get-CimInstance -ClassName Win32_PnPSignedDriver | Where-Object { $_.DeviceID -eq $xenDrivers.DeviceID -or ( $_.DeviceClass -eq 'Net' -and `
($_.Manufacturer -like 'Intel*' -or $_.Manufacturer -eq 'Citrix Systems, Inc.' -or $_.Manufacturer -eq 'Amazon Inc.' -or $_.Manufacturer -eq 'Amazon Web Services, Inc.')) }
}
foreach ($driver in $drivers)
{
Write-Log ("Driver: {0} v{1} " -f $driver.Description, $driver.DriverVersion) -LogToConsole
}
}
else
{
# Nano Server does not contain Win32_PnPSignedDriver object, so it uses different approach to get driver name and version.
# This approach takes longer time because Get-WindowsDriver retrieves all windows drivers.
$win_drivers = Get-WindowsDriver -Online | Where-Object { $_.OriginalFileName -like '*xenvbd*' -or $_.ClassName -eq 'Net' -and `
($_.ProviderName -eq 'Amazon Inc.' -or $_.ProviderName -eq 'Citrix Systems, Inc.' -or $_.ProviderName -like 'Intel*' -or $_.ProviderName -eq 'Amazon Web Services, Inc.') }
$pnp_drivers = Get-CimInstance -ClassName Win32_PnPEntity | Where-Object { $_.Service -eq 'xenvbd' -or `
$_.Manufacturer -like 'Intel*' -or $_.Manufacturer -eq 'Citrix Systems, Inc.' -or $_.Manufacturer -eq 'Amazon Inc.' -or $_.Manufacturer -eq 'Amazon Web Services, Inc.' }
foreach ($win_driver in $win_drivers)
{
foreach ($pnp_driver in $pnp_drivers)
{
if ($pnp_driver.Service -and $win_driver.OriginalFileName -like ("*{0}*" -f $pnp_driver.Service))
{
Write-Log ("Driver: {0} v{1} " -f $pnp_driver.Name, $win_driver.Version) -LogToConsole
}
}
}
}
}
catch
{
Write-Log "Unable to load driver information" -LogToConsole
Write-Log $_.Exception.Message
}
}
# SIG # Begin signature block
# MIIc9AYJKoZIhvcNAQcCoIIc5TCCHOECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBe3+pqjDgbKv1O
# 13HBqVvA+A9qpVslrna/rh4sVxCr7aCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+rMIIP
# pwIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEICbIEL87bxizwEEmJpeb88Cx8MPiDrTuGCq1FHzIft8iMA0GCSqGSIb3DQEB
# AQUABIIBAARscNhF2kwkW8qzfk3hQwk5+M/EKbD20bbvrYivZWsQNElPQBRvyXiU
# tUpFlyOP6sO68K5sKYbwLJnF4yJiv6t2oSu4M/vUT5BwqZPeokWtnaYjZbsdKlQp
# raJxXxfRSt83aDeKt+PV0He3Yap6P0aJ6r0wM8cGHR4gQC36saavQuxMB9gXwnKT
# fiPqNKhl2gzYPeZdKCpmpTVphvOWfmCZtd0ZOaonfJ1LR3Zljbschb6vSdbhv0BC
# 2xJXiomaIk8WU7tREasNd3faTgng+846CWlnbvBSwSa4lili3FysXmYQmnjeDVA2
# AmYn8H135aBHu1acl0AzO3gXZnwq+X2hgg19MIINeQYKKwYBBAGCNwMDATGCDWkw
# gg1lBgkqhkiG9w0BBwKggg1WMIINUgIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqG
# SIb3DQEJEAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# d8V3sKSoBKGiqMud+r6SgeQxi8nixbVTs1D8nXiF3LICECq/4KuK11G38YGMLug/
# 33MYDzIwMjEwODA0MTgzMzE2WqCCCjcwggT+MIID5qADAgECAhANQkrgvjqI/2BA
# Ic4UAPDdMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE
# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMT
# KERpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMjEw
# MTAxMDAwMDAwWhcNMzEwMTA2MDAwMDAwWjBIMQswCQYDVQQGEwJVUzEXMBUGA1UE
# ChMORGlnaUNlcnQsIEluYy4xIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAy
# MDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZhhGfFivUNCKRF
# ymNrUdc6EUK9CnV1TZS0DFC1JhD+HchvkWsMlucaXEjvROW/m2HNFZFiWrj/Zwuc
# Y/02aoH6KfjdK3CF3gIY83htvH35x20JPb5qdofpir34hF0edsnkxnZ2OlPR0dNa
# No/Go+EvGzq3YdZz7E5tM4p8XUUtS7FQ5kE6N1aG3JMjjfdQJehk5t3Tjy9XtYcg
# 6w6OLNUj2vRNeEbjA4MxKUpcDDGKSoyIxfcwWvkUrxVfbENJCf0mI1P2jWPoGqtb
# sR0wwptpgrTb/FZUvB+hh6u+elsKIC9LCcmVp42y+tZji06lchzun3oBc/gZ1v4N
# SYS9AQIDAQABo4IBuDCCAbQwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAw
# FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwQQYDVR0gBDowODA2BglghkgBhv1sBwEw
# KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB8GA1Ud
# IwQYMBaAFPS24SAd/imu0uRhpbKiJbLIFzVuMB0GA1UdDgQWBBQ2RIaOpLqwZr68
# KC0dRDbd42p6vDBxBgNVHR8EajBoMDKgMKAuhixodHRwOi8vY3JsMy5kaWdpY2Vy
# dC5jb20vc2hhMi1hc3N1cmVkLXRzLmNybDAyoDCgLoYsaHR0cDovL2NybDQuZGln
# aWNlcnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwgYUGCCsGAQUFBwEBBHkwdzAk
# BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAC
# hkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJl
# ZElEVGltZXN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQBIHNy16Zoj
# vOca5yAOjmdG/UJyUXQKI0ejq5LSJcRwWb4UoOUngaVNFBUZB3nw0QTDhtk7vf5E
# AmZN7WmkD/a4cM9i6PVRSnh5Nnont/PnUp+Tp+1DnnvntN1BIon7h6JGA0789P63
# ZHdjXyNSaYOC+hpT7ZDMjaEXcw3082U5cEvznNZ6e9oMvD0y0BvL9WH8dQgAdryB
# DvjA4VzPxBFy5xtkSdgimnUVQvUtMjiB2vRgorq0Uvtc4GEkJU+y38kpqHNDUdq9
# Y9YfW5v3LhtPEx33Sg1xfpe39D+E68Hjo0mh+s6nv1bPull2YYlffqe0jmd4+TaY
# 4cso2luHpoovMIIFMTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG
# 9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
# cmVkIElEIFJvb3QgQ0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjBy
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
# SUQgVGltZXN0YW1waW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
# AQEAvdAy7kvNj3/dqbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/
# YyGQmL8TvFfTw+F+CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1
# oODeIj8O/36V+/OjuiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3Fy
# Tgqt30A6XLdR4aF5FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC
# 50ZQ/ZQqLKfkdT66mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMq
# T4UdxB08r8/arBD13ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd
# /imu0uRhpbKiJbLIFzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoG
# CCsGAQUFBwMIMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29j
# c3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4
# MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
# SURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAAC
# BDAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsG
# CWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4
# zwY3QITvS4S/ys8DAv3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33ak
# OpMP+LLR2HwZYuhegiUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+J
# OGFNYkYkh2OMkVIsrymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRY
# aQ18yAGxuSh1t5ljhSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+
# u8QlK0cCCHxJrhO24XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGC
# AoYwggKCAgEBMIGGMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0
# IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0ECEA1CSuC+Ooj/YEAhzhQA
# 8N0wDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE
# MBwGCSqGSIb3DQEJBTEPFw0yMTA4MDQxODMzMTZaMCsGCyqGSIb3DQEJEAIMMRww
# GjAYMBYEFOHXgqjhkb7va8oWkbWqtJSmJJvzMC8GCSqGSIb3DQEJBDEiBCBvp4VY
# 9GheAI81f6eb/+2EMaOY4jHQZZQB46pi+6jB4TA3BgsqhkiG9w0BCRACLzEoMCYw
# JDAiBCCzEJAGvArZgweRVyngRANBXIPjKSthTyaWTI01cez1qTANBgkqhkiG9w0B
# AQEFAASCAQAfzj5gIHBFTKLdhEhPL+nF1PzaFc05fDJLHlSxvay5hS8bqI5U+X++
# GTCs4Yah4dgGHL6Q/97WCw6WwYq76AGkE21z4K+pNuUmOK9ugml3zKfXcqfZaUoy
# gZtruLAdkqveBIDe0L8CwmWvzga94ANBR8VYSl197iPHpUmmrYNolwXPv3EbzWMG
# uzVrU0++uiY9Ky00uQMt+oLbdA9rjLpxTFT17aiJPfXTPMiTbii3ZOwXteYCx0lF
# 4RUbgNLFLtNyWymrhptyMr/YxN34iXfsIfetI8KfmSfhfPcVA4QfPJvDIVbSDtlz
# qANjT9p3UxanL0GlOxJOOIS+Vm+f3HO+
# SIG # End signature block
ScriptBlock ID: 15069ab5-c2e8-4f25-afa8-214322eb02b5
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-DriverInfo.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88726
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Send-AMIInfo sends AMI Origin Version and Name to console.
-------------------------------------------------------------------------------------------------------------#>
function Send-AMIInfo
{
try
{
$machineImageKey = "HKLM:\SOFTWARE\Amazon\MachineImage"
if (Test-Path $machineImageKey)
{
$machineImage = Get-ItemProperty -Path $machineImageKey
Write-Log ("AMI Origin Version: {0}" -f $machineImage.AMIVersion) -LogToConsole
Write-Log ("AMI Origin Name: {0}" -f $machineImage.AMIName) -LogToConsole
}
else
{
throw New-Object System.Exception("`"{0}`" is missing in registry" -f $machineImageKey)
}
}
catch
{
Write-Log "Unable to load AMI information" -LogToConsole
Write-Log $_.Exception.Message
}
}
# SIG # Begin signature block
# MIIc9QYJKoZIhvcNAQcCoIIc5jCCHOICAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDvI24fDrBZfvzx
# Lg9tkVmd1TlPY/et2PQsPLtp3h1VxqCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+sMIIP
# qAIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIBPY1XCVyCAx4NstP7s86te+MT26paUDrm7pIYFl7uOqMA0GCSqGSIb3DQEB
# AQUABIIBAE6LpEjRnYniiwhBTaRclloFiiRaB2cVIBU8SY3AXSQc1MdYz3iVSmXU
# NVp66iw7Lsa0ulrFl7fx/+oUpYGpnB0lZ4FEhCJJfPXincMVIOp0MvCJgPb+09L6
# gxgvZNyTXGjHzN4Xso9Pw98vS0PbaH2qAJH9jwZHaBGSLCZ1d+MTmc9kWoxTrZ1d
# p8HR3uca/7Vh9wS3AtzMYhK7X0T4LRKpKZr8i5K/eYqidTPXvGfxkcUMFS9l8J9H
# Yy8gXTUcOShcobeCtYS517PslICn2bfA+BNS0G5kU6BiN2pZpcjHn6TA7Jk2x4js
# OdozE5nxHiBee5v6uFrIDzuXhK7JEaahgg1+MIINegYKKwYBBAGCNwMDATGCDWow
# gg1mBgkqhkiG9w0BBwKggg1XMIINUwIBAzEPMA0GCWCGSAFlAwQCAQUAMHgGCyqG
# SIb3DQEJEAEEoGkEZzBlAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# MPsTrdxN6qwAHgeZVEpqVetztmoShyY1maVj/zIPaGACEQCTfp3LPA4XhzSfBYfa
# CQHlGA8yMDIxMDgwNDE4MzUxM1qgggo3MIIE/jCCA+agAwIBAgIQDUJK4L46iP9g
# QCHOFADw3TANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
# RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQD
# EyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBMB4XDTIx
# MDEwMTAwMDAwMFoXDTMxMDEwNjAwMDAwMFowSDELMAkGA1UEBhMCVVMxFzAVBgNV
# BAoTDkRpZ2lDZXJ0LCBJbmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAg
# MjAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLmYYRnxYr1DQik
# Rcpja1HXOhFCvQp1dU2UtAxQtSYQ/h3Ib5FrDJbnGlxI70Tlv5thzRWRYlq4/2cL
# nGP9NmqB+in43Stwhd4CGPN4bbx9+cdtCT2+anaH6Yq9+IRdHnbJ5MZ2djpT0dHT
# WjaPxqPhLxs6t2HWc+xObTOKfF1FLUuxUOZBOjdWhtyTI433UCXoZObd048vV7WH
# IOsOjizVI9r0TXhG4wODMSlKXAwxikqMiMX3MFr5FK8VX2xDSQn9JiNT9o1j6Bqr
# W7EdMMKbaYK02/xWVLwfoYervnpbCiAvSwnJlaeNsvrWY4tOpXIc7p96AXP4Gdb+
# DUmEvQECAwEAAaOCAbgwggG0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA
# MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEEGA1UdIAQ6MDgwNgYJYIZIAYb9bAcB
# MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAfBgNV
# HSMEGDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUNkSGjqS6sGa+
# vCgtHUQ23eNqerwwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNl
# cnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRp
# Z2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcw
# JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcw
# AoZDaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3Vy
# ZWRJRFRpbWVzdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEASBzctema
# I7znGucgDo5nRv1CclF0CiNHo6uS0iXEcFm+FKDlJ4GlTRQVGQd58NEEw4bZO73+
# RAJmTe1ppA/2uHDPYuj1UUp4eTZ6J7fz51Kfk6ftQ55757TdQSKJ+4eiRgNO/PT+
# t2R3Y18jUmmDgvoaU+2QzI2hF3MN9PNlOXBL85zWenvaDLw9MtAby/Vh/HUIAHa8
# gQ74wOFcz8QRcucbZEnYIpp1FUL1LTI4gdr0YKK6tFL7XOBhJCVPst/JKahzQ1Ha
# vWPWH1ub9y4bTxMd90oNcX6Xt/Q/hOvB46NJofrOp79Wz7pZdmGJX36ntI5nePk2
# mOHLKNpbh6aKLzCCBTEwggQZoAMCAQICEAqhJdbWMht+QeQF2jaXwhUwDQYJKoZI
# hvcNAQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
# MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNz
# dXJlZCBJRCBSb290IENBMB4XDTE2MDEwNzEyMDAwMFoXDTMxMDEwNzEyMDAwMFow
# cjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVk
# IElEIFRpbWVzdGFtcGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
# ggEBAL3QMu5LzY9/3am6gpnFOVQoV7YjSsQOB0UzURB90Pl9TWh+57ag9I2ziOSX
# v2MhkJi/E7xX08PhfgjWahQAOPcuHjvuzKb2Mln+X2U/4Jvr40ZHBhpVfgsnfsCi
# 9aDg3iI/Dv9+lfvzo7oiPhisEeTwmQNtO4V8CdPuXciaC1TjqAlxa+DPIhAPdc9x
# ck4Krd9AOly3UeGheRTGTSQjMF287DxgaqwvB8z98OpH2YhQXv1mblZhJymJhFHm
# gudGUP2UKiyn5HU+upgPhH+fMRTWrdXyZMt7HgXQhBlyF/EXBu89zdZN7wZC/aJT
# Kk+FHcQdPK/P2qwQ9d2srOlW/5MCAwEAAaOCAc4wggHKMB0GA1UdDgQWBBT0tuEg
# Hf4prtLkYaWyoiWyyBc1bjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAK
# BggrBgEFBQcDCDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHow
# eDA6oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJl
# ZElEUm9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp
# Z2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDBQBgNVHSAESTBHMDgGCmCGSAGG/WwA
# AgQwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAL
# BglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggEBAHGVEulRh1Zpze/d2nyqY3qz
# eM8GN0CE70uEv8rPAwL9xafDDiBCLK938ysfDCFaKrcFNB1qrpn4J6JmvwmqYN92
# pDqTD/iy0dh8GWLoXoIlHsS6HHssIeLWWywUNUMEaLLbdQLgcseY1jxk5R9IEBhf
# iThhTWJGJIdjjJFSLK8pieV4H9YLFKWA1xJHcLN11ZOFk362kmf7U2GJqPVrlsD0
# WGkNfMgBsbkodbeZY4UijGHKeZR+WfyMD+NvtQEmtmyl7odRIeRYYJu6DC0rbaLE
# frvEJStHAgh8Sa4TtuF8QkIoxhhWz0E0tmZdtnR79VYzIi8iNrJLokqV2PWmjlIx
# ggKGMIICggIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
# SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2Vy
# dCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhANQkrgvjqI/2BAIc4U
# APDdMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB
# BDAcBgkqhkiG9w0BCQUxDxcNMjEwODA0MTgzNTEzWjArBgsqhkiG9w0BCRACDDEc
# MBowGDAWBBTh14Ko4ZG+72vKFpG1qrSUpiSb8zAvBgkqhkiG9w0BCQQxIgQgzmyu
# WzjYp8LNe7k4d+2aSRdSzOr8IE8MTO07nHfRMGkwNwYLKoZIhvcNAQkQAi8xKDAm
# MCQwIgQgsxCQBrwK2YMHkVcp4EQDQVyD4ykrYU8mlkyNNXHs9akwDQYJKoZIhvcN
# AQEBBQAEggEAVmRQARR2NxVEhbo2Fq+o45B4ftkNvSTjgFco+s3zFt+akUhKebFy
# UpTGH9zySRKBprTwqrD41SCc8PJTp0+mFRJcF1gUYw/ATOijlT9z1Ruqmof43pbi
# S8TuXltqtsIwd+1UqXVYjH70BfwsyO1DVsyT7CAzDIvJ/ssd7ZLNGyu90kZhZav6
# 984c+3zMUhHplioTKeQp/24bzNRIIbKbxdgQXZ3Hkk/ogkKRojqFvbqhywRjrCAQ
# U2xrqzbdwjLtv+REd1vgfDMO3yAS0fyB3jgfOzyvDsuMTNhGTvWjzmK1hp7+ES7d
# Q/qJ1x/RmwCu8N3ZbnJLtUGn9D3rXHdGfA==
# SIG # End signature block
ScriptBlock ID: 8682b229-f6da-4cde-aec2-3c9cca32d545
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-AMIInfo.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88723
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
function Send-AdminCredentials
{
param (
[Parameter(Mandatory=$true, Position=0)]
[string] $Username,
[Parameter(Mandatory=$true, Position=1)]
[string] $Password
)
try
{
# Once password is successfully generated, prepare to encrypt the password and send it to console.
$keyString = Get-Metadata -UrlFragment "meta-data/public-keys/0/openssh-key"
($keyType, $base64Key) = $keyString.Split(' ', 3)[0..1]
$keyBytes = [Convert]::FromBase64String($base64Key)
$prefixStartIndex = 0
$prefixLength = [BitConverter]::ToInt32($keyBytes[3..0], 0)
$exponentStartIndex = $prefixStartIndex + $prefixLength + 4
$exponentLength = [BitConverter]::ToInt32($keyBytes[($exponentStartIndex + 3) .. $exponentStartIndex], 0)
$modulusStartIndex = $exponentStartIndex + $exponentLength + 4
$modulusLength = [BitConverter]::ToInt32($keyBytes[($modulusStartIndex + 3) .. $modulusStartIndex], 0)
$exponent = $keyBytes[($exponentStartIndex + 4) .. ($exponentStartIndex + 3 + $exponentLength)]
$modulus = $keyBytes[($modulusStartIndex + 4) .. ($modulusStartIndex + 3 + $modulusLength)]
if ($modulus[0] -eq 0)
{
$modulus = $modulus[1 .. ($modulus.Length - 1)]
}
$parameters = New-Object System.Security.Cryptography.RSAParameters
$parameters.Exponent = $exponent
$parameters.Modulus = $modulus
$rsa = New-Object System.Security.Cryptography.RSACryptoServiceProvider
$rsa.ImportParameters($parameters)
# Encrypt the password by RSA formed above.
$encryptedString = $rsa.Encrypt([System.Text.Encoding]::UTF8.GetBytes($Password), $false)
$encryptedPassword = [System.Convert]::ToBase64String($encryptedString)
# This is an important step to inform console about the password reset.
# The format MUST NOT be changed!
Write-Log ("Username: {0}" -f $Username) -LogToConsole
Write-Log ("Password: {0}{1}{2}" -f [System.Environment]::NewLine, $encryptedPassword, [System.Environment]::NewLine) -LogToConsole
}
catch
{
Write-Log ("Unable to send the password to console: {0}" -f $_.Exception.Message)
}
finally
{
$Password = ""
}
}
# SIG # Begin signature block
# MIIc9AYJKoZIhvcNAQcCoIIc5TCCHOECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCKNncSYZpcXEBI
# 5cFGtpSaX82y8UZTH8jIgOtavVSjCaCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+rMIIP
# pwIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIOW030tvUCyMPrjD2dxPTqqykOaB8ofyTF6tydev3MDJMA0GCSqGSIb3DQEB
# AQUABIIBAJHhC6CJuIHnzRc3q3OUxdajqtaB3BvirBJ2dEOBlTZnS+dEQg0TdaAi
# 0OeAyjD00rDvjFcKq0VxbqoBTdiJWCNStXkzysg31rULRrGAyFX89NmI/dboHet4
# ZFMUqBvy6cHXZNqi18cR+r9I/PPnVElnGZNG50mTb7gqGuhyHTzZ8Dhg4JO+oK9V
# QiHO25MUiv/hk6HF+aGHEHdKILmKMjb52NHLoGayLPQSoZmn00wSulaRHfIKSnp6
# ObWPK2YR9D+S/NxMQN43MYs40RaeXzlkU6pO/DkAMvwVXY9+YSPZuAfX5r2fe70d
# d5GIl78iWqqxJ4XQoXu08U7ytloE966hgg19MIINeQYKKwYBBAGCNwMDATGCDWkw
# gg1lBgkqhkiG9w0BBwKggg1WMIINUgIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqG
# SIb3DQEJEAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# rLN+Gcz6Sj4RXtUH62dIeuro2Er38kC7Ca1kF1pIY2YCEAJ0dPlCLVRYrQd7JHI/
# xhAYDzIwMjEwODA0MTgzODExWqCCCjcwggT+MIID5qADAgECAhANQkrgvjqI/2BA
# Ic4UAPDdMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE
# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMT
# KERpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMjEw
# MTAxMDAwMDAwWhcNMzEwMTA2MDAwMDAwWjBIMQswCQYDVQQGEwJVUzEXMBUGA1UE
# ChMORGlnaUNlcnQsIEluYy4xIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAy
# MDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZhhGfFivUNCKRF
# ymNrUdc6EUK9CnV1TZS0DFC1JhD+HchvkWsMlucaXEjvROW/m2HNFZFiWrj/Zwuc
# Y/02aoH6KfjdK3CF3gIY83htvH35x20JPb5qdofpir34hF0edsnkxnZ2OlPR0dNa
# No/Go+EvGzq3YdZz7E5tM4p8XUUtS7FQ5kE6N1aG3JMjjfdQJehk5t3Tjy9XtYcg
# 6w6OLNUj2vRNeEbjA4MxKUpcDDGKSoyIxfcwWvkUrxVfbENJCf0mI1P2jWPoGqtb
# sR0wwptpgrTb/FZUvB+hh6u+elsKIC9LCcmVp42y+tZji06lchzun3oBc/gZ1v4N
# SYS9AQIDAQABo4IBuDCCAbQwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAw
# FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwQQYDVR0gBDowODA2BglghkgBhv1sBwEw
# KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB8GA1Ud
# IwQYMBaAFPS24SAd/imu0uRhpbKiJbLIFzVuMB0GA1UdDgQWBBQ2RIaOpLqwZr68
# KC0dRDbd42p6vDBxBgNVHR8EajBoMDKgMKAuhixodHRwOi8vY3JsMy5kaWdpY2Vy
# dC5jb20vc2hhMi1hc3N1cmVkLXRzLmNybDAyoDCgLoYsaHR0cDovL2NybDQuZGln
# aWNlcnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwgYUGCCsGAQUFBwEBBHkwdzAk
# BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAC
# hkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJl
# ZElEVGltZXN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQBIHNy16Zoj
# vOca5yAOjmdG/UJyUXQKI0ejq5LSJcRwWb4UoOUngaVNFBUZB3nw0QTDhtk7vf5E
# AmZN7WmkD/a4cM9i6PVRSnh5Nnont/PnUp+Tp+1DnnvntN1BIon7h6JGA0789P63
# ZHdjXyNSaYOC+hpT7ZDMjaEXcw3082U5cEvznNZ6e9oMvD0y0BvL9WH8dQgAdryB
# DvjA4VzPxBFy5xtkSdgimnUVQvUtMjiB2vRgorq0Uvtc4GEkJU+y38kpqHNDUdq9
# Y9YfW5v3LhtPEx33Sg1xfpe39D+E68Hjo0mh+s6nv1bPull2YYlffqe0jmd4+TaY
# 4cso2luHpoovMIIFMTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG
# 9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
# cmVkIElEIFJvb3QgQ0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjBy
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
# SUQgVGltZXN0YW1waW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
# AQEAvdAy7kvNj3/dqbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/
# YyGQmL8TvFfTw+F+CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1
# oODeIj8O/36V+/OjuiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3Fy
# Tgqt30A6XLdR4aF5FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC
# 50ZQ/ZQqLKfkdT66mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMq
# T4UdxB08r8/arBD13ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd
# /imu0uRhpbKiJbLIFzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoG
# CCsGAQUFBwMIMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29j
# c3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4
# MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
# SURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAAC
# BDAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsG
# CWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4
# zwY3QITvS4S/ys8DAv3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33ak
# OpMP+LLR2HwZYuhegiUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+J
# OGFNYkYkh2OMkVIsrymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRY
# aQ18yAGxuSh1t5ljhSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+
# u8QlK0cCCHxJrhO24XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGC
# AoYwggKCAgEBMIGGMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0
# IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0ECEA1CSuC+Ooj/YEAhzhQA
# 8N0wDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE
# MBwGCSqGSIb3DQEJBTEPFw0yMTA4MDQxODM4MTFaMCsGCyqGSIb3DQEJEAIMMRww
# GjAYMBYEFOHXgqjhkb7va8oWkbWqtJSmJJvzMC8GCSqGSIb3DQEJBDEiBCDU3WMS
# U2qbLAHGz6HHhWX0A5nDvYpDvUZZYUq8p+CSMDA3BgsqhkiG9w0BCRACLzEoMCYw
# JDAiBCCzEJAGvArZgweRVyngRANBXIPjKSthTyaWTI01cez1qTANBgkqhkiG9w0B
# AQEFAASCAQC9SpY5T4vwf2LNLDgZuvAghgrJ9r+sfOB8e31ot18HGpHeIKXi9vDJ
# 7taexAhFDDoLxL+YajnKzfGK3sVNXxTfDVI9zX5wyLSZigHWLwGRmKk5d4euxxMY
# oiu9esc5D58Sg8d0hGF/xkCQKn6ur+jbG/KZKBmc6+5Q7/HMxU8KZMp/HAD9Y9iu
# ma8umF1C+2zV02p7NKK809GIVuC+mKvdGc6/HWVknZMd4LtXwYNKJoqKwgkqmqZa
# 66QtQXEP3tw0D0J4vD/UpxYxmpvH7K+gmVY7tyHUzg1xmN2PGPx6PteC+ARyCCdV
# fC9trBu4S/ocnshhgZwPXb0RGYu4ZIYs
# SIG # End signature block
ScriptBlock ID: d4aab977-d3e6-4758-8631-67127b356137
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-AdminCredentials.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88720
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Register-ScriptScheduler registers a scheduled task to execute a script on next boot.
-------------------------------------------------------------------------------------------------------------#>
function Register-ScriptScheduler
{
param (
# this argument must be provided to check and set serial port before starting tasks
[parameter(Mandatory=$true, Position=0)]
[string] $ScriptPath,
[parameter(Mandatory=$false, Position=1)]
[string] $Arguments,
[parameter(Mandatory=$true, Position=2)]
[string] $ScheduleName,
# This argument ensures the task to be unregistered.
[parameter(Mandatory=$false)]
[switch] $Unregister = $false,
[parameter(Mandatory=$false)]
[switch] $Disabled = $false
)
try
{
# Script must be exeucted with -NoProfile to reduce the execution delay and -ExecutionPolicy Unrestricted to grant the permission.
$psCommand = "/C {0} -NoProfile -NonInteractive -NoLogo -ExecutionPolicy Unrestricted -File `"{1}`" {2}" -f $script:psPath, $ScriptPath, $Arguments
if ($Unregister)
{
Register-PowershellScheduler -ScheduleName $ScheduleName -Command $psCommand -Unregister
}
elseif ($Disabled)
{
Register-PowershellScheduler -ScheduleName $ScheduleName -Command $psCommand -Disabled
}
else
{
Register-PowershellScheduler -ScheduleName $ScheduleName -Command $psCommand
}
}
catch
{
Write-Log ("Failed to schedule a task: {0}" -f $_.Exception.Message)
}
}
# SIG # Begin signature block
# MIIc9AYJKoZIhvcNAQcCoIIc5TCCHOECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDEF21gsa+QQoAH
# McVbougYKebx2OK0hDiWioV5ZOhvS6CCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+rMIIP
# pwIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIOhT+gIljkOKFMl7iLnpK9/P9brz0BvgqHV9SmpSbQ5PMA0GCSqGSIb3DQEB
# AQUABIIBAMlwj28xISf0bkRSQp194k9E7VVQ9gpNuWEORWkYYCp395O/PJodTQrH
# soeKOeCT7a3Tf+s8ahKLsZ6FwVNfBEbQLYTmNoz4Db55WpvzPNfYDqcqIyYLLzPG
# htGITFNPXIkFhBap+eqsO8J3UY+vKty6bAnCBwVo008+4Mz/aLmukCTbhTeuVINu
# 5JNL2hZlm3+0TwRsKpbpBhec62DQB37uITNkUWwM2bfVtBpDC1GedQ+rOx/O69eQ
# iNk0JYq6bQllQje8xanAxIMe8a1uUlF+6ZnmU2hCngxs0f+mqQt7zd6HtKgybbav
# lIk1hhHLqJcWc9Ilm7S9yOaq3I1tI+ehgg19MIINeQYKKwYBBAGCNwMDATGCDWkw
# gg1lBgkqhkiG9w0BBwKggg1WMIINUgIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqG
# SIb3DQEJEAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# yOczGK6FD9K+ntQ/uk72RLQTATccVZBqVuVkEyajDNkCEGkvW/qDLgZyYTogeKUp
# PCcYDzIwMjEwODA0MTgzNTQ2WqCCCjcwggT+MIID5qADAgECAhANQkrgvjqI/2BA
# Ic4UAPDdMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE
# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMT
# KERpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMjEw
# MTAxMDAwMDAwWhcNMzEwMTA2MDAwMDAwWjBIMQswCQYDVQQGEwJVUzEXMBUGA1UE
# ChMORGlnaUNlcnQsIEluYy4xIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAy
# MDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZhhGfFivUNCKRF
# ymNrUdc6EUK9CnV1TZS0DFC1JhD+HchvkWsMlucaXEjvROW/m2HNFZFiWrj/Zwuc
# Y/02aoH6KfjdK3CF3gIY83htvH35x20JPb5qdofpir34hF0edsnkxnZ2OlPR0dNa
# No/Go+EvGzq3YdZz7E5tM4p8XUUtS7FQ5kE6N1aG3JMjjfdQJehk5t3Tjy9XtYcg
# 6w6OLNUj2vRNeEbjA4MxKUpcDDGKSoyIxfcwWvkUrxVfbENJCf0mI1P2jWPoGqtb
# sR0wwptpgrTb/FZUvB+hh6u+elsKIC9LCcmVp42y+tZji06lchzun3oBc/gZ1v4N
# SYS9AQIDAQABo4IBuDCCAbQwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAw
# FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwQQYDVR0gBDowODA2BglghkgBhv1sBwEw
# KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB8GA1Ud
# IwQYMBaAFPS24SAd/imu0uRhpbKiJbLIFzVuMB0GA1UdDgQWBBQ2RIaOpLqwZr68
# KC0dRDbd42p6vDBxBgNVHR8EajBoMDKgMKAuhixodHRwOi8vY3JsMy5kaWdpY2Vy
# dC5jb20vc2hhMi1hc3N1cmVkLXRzLmNybDAyoDCgLoYsaHR0cDovL2NybDQuZGln
# aWNlcnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwgYUGCCsGAQUFBwEBBHkwdzAk
# BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAC
# hkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJl
# ZElEVGltZXN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQBIHNy16Zoj
# vOca5yAOjmdG/UJyUXQKI0ejq5LSJcRwWb4UoOUngaVNFBUZB3nw0QTDhtk7vf5E
# AmZN7WmkD/a4cM9i6PVRSnh5Nnont/PnUp+Tp+1DnnvntN1BIon7h6JGA0789P63
# ZHdjXyNSaYOC+hpT7ZDMjaEXcw3082U5cEvznNZ6e9oMvD0y0BvL9WH8dQgAdryB
# DvjA4VzPxBFy5xtkSdgimnUVQvUtMjiB2vRgorq0Uvtc4GEkJU+y38kpqHNDUdq9
# Y9YfW5v3LhtPEx33Sg1xfpe39D+E68Hjo0mh+s6nv1bPull2YYlffqe0jmd4+TaY
# 4cso2luHpoovMIIFMTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG
# 9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
# cmVkIElEIFJvb3QgQ0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjBy
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
# SUQgVGltZXN0YW1waW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
# AQEAvdAy7kvNj3/dqbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/
# YyGQmL8TvFfTw+F+CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1
# oODeIj8O/36V+/OjuiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3Fy
# Tgqt30A6XLdR4aF5FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC
# 50ZQ/ZQqLKfkdT66mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMq
# T4UdxB08r8/arBD13ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd
# /imu0uRhpbKiJbLIFzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoG
# CCsGAQUFBwMIMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29j
# c3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4
# MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
# SURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAAC
# BDAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsG
# CWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4
# zwY3QITvS4S/ys8DAv3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33ak
# OpMP+LLR2HwZYuhegiUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+J
# OGFNYkYkh2OMkVIsrymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRY
# aQ18yAGxuSh1t5ljhSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+
# u8QlK0cCCHxJrhO24XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGC
# AoYwggKCAgEBMIGGMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0
# IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0ECEA1CSuC+Ooj/YEAhzhQA
# 8N0wDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE
# MBwGCSqGSIb3DQEJBTEPFw0yMTA4MDQxODM1NDZaMCsGCyqGSIb3DQEJEAIMMRww
# GjAYMBYEFOHXgqjhkb7va8oWkbWqtJSmJJvzMC8GCSqGSIb3DQEJBDEiBCAnotzH
# nQM4BxcRx0q6fI90kqJMuq9lkHVBBkiQU5qMCDA3BgsqhkiG9w0BCRACLzEoMCYw
# JDAiBCCzEJAGvArZgweRVyngRANBXIPjKSthTyaWTI01cez1qTANBgkqhkiG9w0B
# AQEFAASCAQAVu2rc9HImSeKqc2XJUZNIcabNAyrvjMjIifxxZs+osq8WnRBJb/rt
# qktz1vu9HO1XG4ZytNxtdKrcb8VUmaKHYIVp/Kk7Vtz48/Vru8g8nGDALjhmGM7Z
# 9q0oMJurQloQ1mWoWuHRrrDGDsmd2TV0GoD7PmthvL2kwA9ozPUyM3X7olndgxma
# BhGUKFhCprhz7f8DZzN9X9qgGFQwSKxDo/1Fr2ECbG8H1omikI5eBIA03Yl1SV+P
# hkio6Dz7txhORGIDomoagN6mWvmIcOpZRiFyyvpGJxcGSqVSMqZEyjREAytCFqEV
# o9Nb7WkDfY8IS7PW8mDzaqHzXadXexFu
# SIG # End signature block
ScriptBlock ID: 1f06daa4-e0ff-4986-a633-8940bd1fb57e
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Register-ScriptScheduler.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88717
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Register-PowershellScheduler registers a scheduled task that executes powershell command on next reboot.
-------------------------------------------------------------------------------------------------------------#>
function Register-PowershellScheduler
{
param (
[Parameter(Mandatory=$true, Position=0)]
[string] $Command,
[Parameter(Mandatory=$true, Position=1)]
[string] $ScheduleName,
[parameter(Mandatory=$false)]
[switch] $Unregister = $false,
[parameter(Mandatory=$false)]
[switch] $Disabled = $false
)
$taskName = ("Amazon Ec2 Launch - {0}" -f $ScheduleName)
if ($Unregister)
{
$scheduledTask = Get-ScheduledTask -TaskName $taskName -ErrorAction SilentlyContinue
if ($scheduledTask)
{
Unregister-ScheduledTask -TaskName $taskName -Confirm:$false
}
}
else
{
# Scheduled task is triggered at start up to execute script as local system with highest priority.
# The task is disabled by default if Disabled argument is provided.
$action = New-ScheduledTaskAction -Execute $script:cmdPath -Argument $Command
$trigger = New-ScheduledTaskTrigger -AtStartup
$settings = New-ScheduledTaskSettingsSet -StartWhenAvailable -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -Priority 0
$settings.Enabled = (-not $Disabled)
$principal = New-ScheduledTaskPrincipal -UserId S-1-5-18 -LogonType ServiceAccount -RunLevel Highest
$task = New-ScheduledTask -Action $action -Trigger $trigger -Settings $settings -Principal $principal
Register-ScheduledTask -TaskName $taskName -InputObject $task -Force
}
}
# SIG # Begin signature block
# MIIc9QYJKoZIhvcNAQcCoIIc5jCCHOICAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCD15x9bCS2+lAxT
# XHvJyiSHT7+id3F7DWdKfUH8mNyGGaCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+sMIIP
# qAIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIKPgfHfbyFOV5WPUaukh7TjQg8mPdRYAmsszow0ZPh4UMA0GCSqGSIb3DQEB
# AQUABIIBAL1X7QtPekCK25DWDtqonuKIFxIHkdcwHTyu73w0eCYsbN7VZxZbtYKf
# idYYguAxs0GPqAeKPf03ptpS4Oa7NgldyQkeFs1tizHLj/zp+NJGRNcPuXTu8vQT
# J3blNnZWYTKLoJF8vn6H0smSl+nkGN+sIslpVzyj4yEv60d9A3o0qWHTy2tvcZOi
# 4T0tE3nAYytYPJEm6+AaaHc2+lQ6JpORQVTJjNTlKrpw4eprl1A9EtA++AzS62tZ
# vCd1poAda/gCxUecprY+yvv1p2anmztVp/e37R7VhLbs47doz6ronZAg212GWkMr
# YP9joPZPV0rw0Q0TvkxAYisXacgGK4Chgg1+MIINegYKKwYBBAGCNwMDATGCDWow
# gg1mBgkqhkiG9w0BBwKggg1XMIINUwIBAzEPMA0GCWCGSAFlAwQCAQUAMHgGCyqG
# SIb3DQEJEAEEoGkEZzBlAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# bgcRm2BsEAFLy2+eJi9eRScq7lMN03KGlwuN6RKUZ5gCEQDjG9PuYFDMFOV1uAQ8
# heGfGA8yMDIxMDgwNDE4MzUwN1qgggo3MIIE/jCCA+agAwIBAgIQDUJK4L46iP9g
# QCHOFADw3TANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
# RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQD
# EyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBMB4XDTIx
# MDEwMTAwMDAwMFoXDTMxMDEwNjAwMDAwMFowSDELMAkGA1UEBhMCVVMxFzAVBgNV
# BAoTDkRpZ2lDZXJ0LCBJbmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAg
# MjAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLmYYRnxYr1DQik
# Rcpja1HXOhFCvQp1dU2UtAxQtSYQ/h3Ib5FrDJbnGlxI70Tlv5thzRWRYlq4/2cL
# nGP9NmqB+in43Stwhd4CGPN4bbx9+cdtCT2+anaH6Yq9+IRdHnbJ5MZ2djpT0dHT
# WjaPxqPhLxs6t2HWc+xObTOKfF1FLUuxUOZBOjdWhtyTI433UCXoZObd048vV7WH
# IOsOjizVI9r0TXhG4wODMSlKXAwxikqMiMX3MFr5FK8VX2xDSQn9JiNT9o1j6Bqr
# W7EdMMKbaYK02/xWVLwfoYervnpbCiAvSwnJlaeNsvrWY4tOpXIc7p96AXP4Gdb+
# DUmEvQECAwEAAaOCAbgwggG0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA
# MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEEGA1UdIAQ6MDgwNgYJYIZIAYb9bAcB
# MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAfBgNV
# HSMEGDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUNkSGjqS6sGa+
# vCgtHUQ23eNqerwwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNl
# cnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRp
# Z2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcw
# JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcw
# AoZDaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3Vy
# ZWRJRFRpbWVzdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEASBzctema
# I7znGucgDo5nRv1CclF0CiNHo6uS0iXEcFm+FKDlJ4GlTRQVGQd58NEEw4bZO73+
# RAJmTe1ppA/2uHDPYuj1UUp4eTZ6J7fz51Kfk6ftQ55757TdQSKJ+4eiRgNO/PT+
# t2R3Y18jUmmDgvoaU+2QzI2hF3MN9PNlOXBL85zWenvaDLw9MtAby/Vh/HUIAHa8
# gQ74wOFcz8QRcucbZEnYIpp1FUL1LTI4gdr0YKK6tFL7XOBhJCVPst/JKahzQ1Ha
# vWPWH1ub9y4bTxMd90oNcX6Xt/Q/hOvB46NJofrOp79Wz7pZdmGJX36ntI5nePk2
# mOHLKNpbh6aKLzCCBTEwggQZoAMCAQICEAqhJdbWMht+QeQF2jaXwhUwDQYJKoZI
# hvcNAQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
# MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNz
# dXJlZCBJRCBSb290IENBMB4XDTE2MDEwNzEyMDAwMFoXDTMxMDEwNzEyMDAwMFow
# cjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVk
# IElEIFRpbWVzdGFtcGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
# ggEBAL3QMu5LzY9/3am6gpnFOVQoV7YjSsQOB0UzURB90Pl9TWh+57ag9I2ziOSX
# v2MhkJi/E7xX08PhfgjWahQAOPcuHjvuzKb2Mln+X2U/4Jvr40ZHBhpVfgsnfsCi
# 9aDg3iI/Dv9+lfvzo7oiPhisEeTwmQNtO4V8CdPuXciaC1TjqAlxa+DPIhAPdc9x
# ck4Krd9AOly3UeGheRTGTSQjMF287DxgaqwvB8z98OpH2YhQXv1mblZhJymJhFHm
# gudGUP2UKiyn5HU+upgPhH+fMRTWrdXyZMt7HgXQhBlyF/EXBu89zdZN7wZC/aJT
# Kk+FHcQdPK/P2qwQ9d2srOlW/5MCAwEAAaOCAc4wggHKMB0GA1UdDgQWBBT0tuEg
# Hf4prtLkYaWyoiWyyBc1bjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAK
# BggrBgEFBQcDCDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHow
# eDA6oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJl
# ZElEUm9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp
# Z2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDBQBgNVHSAESTBHMDgGCmCGSAGG/WwA
# AgQwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAL
# BglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggEBAHGVEulRh1Zpze/d2nyqY3qz
# eM8GN0CE70uEv8rPAwL9xafDDiBCLK938ysfDCFaKrcFNB1qrpn4J6JmvwmqYN92
# pDqTD/iy0dh8GWLoXoIlHsS6HHssIeLWWywUNUMEaLLbdQLgcseY1jxk5R9IEBhf
# iThhTWJGJIdjjJFSLK8pieV4H9YLFKWA1xJHcLN11ZOFk362kmf7U2GJqPVrlsD0
# WGkNfMgBsbkodbeZY4UijGHKeZR+WfyMD+NvtQEmtmyl7odRIeRYYJu6DC0rbaLE
# frvEJStHAgh8Sa4TtuF8QkIoxhhWz0E0tmZdtnR79VYzIi8iNrJLokqV2PWmjlIx
# ggKGMIICggIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
# SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2Vy
# dCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhANQkrgvjqI/2BAIc4U
# APDdMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB
# BDAcBgkqhkiG9w0BCQUxDxcNMjEwODA0MTgzNTA3WjArBgsqhkiG9w0BCRACDDEc
# MBowGDAWBBTh14Ko4ZG+72vKFpG1qrSUpiSb8zAvBgkqhkiG9w0BCQQxIgQgPUXV
# j+e+AzaEbyPGxQvPCoULA4ffvCv4H9nrjuodnzkwNwYLKoZIhvcNAQkQAi8xKDAm
# MCQwIgQgsxCQBrwK2YMHkVcp4EQDQVyD4ykrYU8mlkyNNXHs9akwDQYJKoZIhvcN
# AQEBBQAEggEAwNV8RlYreRFpD5wZItOE9tyyg9gS2w1CrDgOY+Vit3lYrb2tw+zM
# Vx9fVxIkyR8IG7NtbAzmqpSfv61+8MVBM2d/oG4z+L+0yy1Egn6rI1s7WZlCq71h
# hO/JI71ea+BM+u7HG7uca4olKYStazRvlgQrUs+5A8BFniVrgCOpmWTpWq1pf5Bo
# vRsi26ysm12pwrzxfX5CXUXr/qZlDPRrRuK7GrtEL04i3kdojq8Tox1D99wMH81S
# UZ8sthI1/cgsEdCoAQCvhnBJYMoVoBc9MXknj95AZUb+MeVCnv56yE6OEXQYw96N
# X3NP8qiv06HsK/ZJSVlu6m+EPbr9RkwStQ==
# SIG # End signature block
ScriptBlock ID: c300f8c4-4257-45e1-a7e5-e6b154a56ef7
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Register-PowershellScheduler.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88714
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Register-FunctionScheduler registers a scheduled task that executes a module function.
-------------------------------------------------------------------------------------------------------------#>
function Register-FunctionScheduler
{
param (
[parameter(Mandatory=$true, Position=0)]
[string] $Function,
[parameter(Mandatory=$false, Position=1)]
[string] $Arguments,
[parameter(Mandatory=$false, Position=2)]
[string] $ScheduleName,
# This argument ensures the task to be unregistered.
[parameter(Mandatory=$false)]
[switch] $Unregister
)
try
{
# Script must be exeucted with -NoProfile to reduce the execution delay and -ExecutionPolicy Unrestricted to grant the permission.
$psCommand = "/C {0} -NoProfile -NonInteractive -NoLogo -ExecutionPolicy Unrestricted `"Import-Module `"{1}`"; {2} {3}`"" -f $script:psPath, $script:moduleFilePath, $Function, $Arguments
if ($Unregister)
{
Register-PowershellScheduler -ScheduleName $ScheduleName -Command $psCommand -Unregister
}
else
{
Register-PowershellScheduler -ScheduleName $ScheduleName -Command $psCommand
}
}
catch
{
Write-Log ("Failed to schedule a task: {0}" -f $_.Exception.Message)
}
}
# SIG # Begin signature block
# MIIc9AYJKoZIhvcNAQcCoIIc5TCCHOECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCuVUxlHLHpp/v4
# P3rx6+a394o4/QwSpm0s4/P7CbYb1aCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+rMIIP
# pwIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIMN95R+7VBhURIbMA5x8agFBzUloGxgWoYVMUJwxM8dmMA0GCSqGSIb3DQEB
# AQUABIIBALJSl0ozLSdpUR4Vfmq6si37ep7G4C2tFvK2QROByvRCrTOxvQjT++mv
# GA9Dmqm1y9tFX4GhUDN6g1pBfM9uWgfaA0/l3EJnL/rnnVpnCA1dT3Z4dMf45nUl
# +reqczBHo2b7yLuvtTeqpuq1A/JOM46gTL2ARQqxZV76PxkLUTcyu9GIKrqQ/G+b
# ix1Plf7zHTWPQ1nVmSMzAN/E1U7ilVaHPstBzO53z2dUuqKB98gYM7/Jx8xkIhVc
# OHQ34Z/TiT7HcSQe68LGY8Bl0P/KPfCKN9aCL1uDr/RGPZlqjzvHfeTh9xVcWsps
# /O5PPACcl7Kx6U89B1ZAbx58+t9PsA+hgg19MIINeQYKKwYBBAGCNwMDATGCDWkw
# gg1lBgkqhkiG9w0BBwKggg1WMIINUgIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqG
# SIb3DQEJEAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# UyCX9o48nLpI923V9/zBqV2U+ohvzq7/aJTQJtbi0EECEFGyxTauhtMXcvc3VkuZ
# 0NUYDzIwMjEwODA0MTgzNDEyWqCCCjcwggT+MIID5qADAgECAhANQkrgvjqI/2BA
# Ic4UAPDdMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE
# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMT
# KERpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMjEw
# MTAxMDAwMDAwWhcNMzEwMTA2MDAwMDAwWjBIMQswCQYDVQQGEwJVUzEXMBUGA1UE
# ChMORGlnaUNlcnQsIEluYy4xIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAy
# MDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZhhGfFivUNCKRF
# ymNrUdc6EUK9CnV1TZS0DFC1JhD+HchvkWsMlucaXEjvROW/m2HNFZFiWrj/Zwuc
# Y/02aoH6KfjdK3CF3gIY83htvH35x20JPb5qdofpir34hF0edsnkxnZ2OlPR0dNa
# No/Go+EvGzq3YdZz7E5tM4p8XUUtS7FQ5kE6N1aG3JMjjfdQJehk5t3Tjy9XtYcg
# 6w6OLNUj2vRNeEbjA4MxKUpcDDGKSoyIxfcwWvkUrxVfbENJCf0mI1P2jWPoGqtb
# sR0wwptpgrTb/FZUvB+hh6u+elsKIC9LCcmVp42y+tZji06lchzun3oBc/gZ1v4N
# SYS9AQIDAQABo4IBuDCCAbQwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAw
# FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwQQYDVR0gBDowODA2BglghkgBhv1sBwEw
# KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB8GA1Ud
# IwQYMBaAFPS24SAd/imu0uRhpbKiJbLIFzVuMB0GA1UdDgQWBBQ2RIaOpLqwZr68
# KC0dRDbd42p6vDBxBgNVHR8EajBoMDKgMKAuhixodHRwOi8vY3JsMy5kaWdpY2Vy
# dC5jb20vc2hhMi1hc3N1cmVkLXRzLmNybDAyoDCgLoYsaHR0cDovL2NybDQuZGln
# aWNlcnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwgYUGCCsGAQUFBwEBBHkwdzAk
# BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAC
# hkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJl
# ZElEVGltZXN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQBIHNy16Zoj
# vOca5yAOjmdG/UJyUXQKI0ejq5LSJcRwWb4UoOUngaVNFBUZB3nw0QTDhtk7vf5E
# AmZN7WmkD/a4cM9i6PVRSnh5Nnont/PnUp+Tp+1DnnvntN1BIon7h6JGA0789P63
# ZHdjXyNSaYOC+hpT7ZDMjaEXcw3082U5cEvznNZ6e9oMvD0y0BvL9WH8dQgAdryB
# DvjA4VzPxBFy5xtkSdgimnUVQvUtMjiB2vRgorq0Uvtc4GEkJU+y38kpqHNDUdq9
# Y9YfW5v3LhtPEx33Sg1xfpe39D+E68Hjo0mh+s6nv1bPull2YYlffqe0jmd4+TaY
# 4cso2luHpoovMIIFMTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG
# 9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
# cmVkIElEIFJvb3QgQ0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjBy
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
# SUQgVGltZXN0YW1waW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
# AQEAvdAy7kvNj3/dqbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/
# YyGQmL8TvFfTw+F+CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1
# oODeIj8O/36V+/OjuiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3Fy
# Tgqt30A6XLdR4aF5FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC
# 50ZQ/ZQqLKfkdT66mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMq
# T4UdxB08r8/arBD13ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd
# /imu0uRhpbKiJbLIFzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoG
# CCsGAQUFBwMIMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29j
# c3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4
# MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
# SURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAAC
# BDAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsG
# CWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4
# zwY3QITvS4S/ys8DAv3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33ak
# OpMP+LLR2HwZYuhegiUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+J
# OGFNYkYkh2OMkVIsrymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRY
# aQ18yAGxuSh1t5ljhSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+
# u8QlK0cCCHxJrhO24XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGC
# AoYwggKCAgEBMIGGMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0
# IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0ECEA1CSuC+Ooj/YEAhzhQA
# 8N0wDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE
# MBwGCSqGSIb3DQEJBTEPFw0yMTA4MDQxODM0MTJaMCsGCyqGSIb3DQEJEAIMMRww
# GjAYMBYEFOHXgqjhkb7va8oWkbWqtJSmJJvzMC8GCSqGSIb3DQEJBDEiBCAV/4Dp
# iZcKdVY78AMq0bZ4DSYwzCvwWh2bz0/hgFGnSTA3BgsqhkiG9w0BCRACLzEoMCYw
# JDAiBCCzEJAGvArZgweRVyngRANBXIPjKSthTyaWTI01cez1qTANBgkqhkiG9w0B
# AQEFAASCAQAT2nymKjncfT4E+kcxPjbHXsY3DvGZSEAhVDD0OWZrRC3FQmyDWo6a
# Z5iSRuPvBoS4IIhNbedgbwHS5WgtnQr5+n8EpFC/GZV1SWGVvc6KS8funwQ4R0Jq
# wJyfklLBAUTtcqum9/qgWO5nxCyOVDvVK/K12W9S5JQP26a4rfmziA/zxkzY5HNq
# /PlXKKBpcIOU6cZ8PMadTSj2XKJdVu8tBmHAAmR9QAuFFIdzgYrlCX5ND+rrHcfX
# JrY9OsGI7l3eLpNK/Ev1x/abdCUFlfVudl0zR+HJdgx8vkY3DydJ726DOv/Yq0mH
# PORX57hvoPei64p2mulzcFzTZL/B8wS9
# SIG # End signature block
ScriptBlock ID: 94b8e867-46ec-4c0c-b903-9897dc98cad9
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Register-FunctionScheduler.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88711
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Open-SerialPort opens COM port and must be done prior to writing anything to it.
-------------------------------------------------------------------------------------------------------------#>
function Open-SerialPort
{
# Initialize the variables needed for logging messages to console.
Set-Variable spFileHandle -Scope Script -Value ([System.IntPtr]::Zero)
Set-Variable spSafeFileHandle -Scope Script -Value ($null)
Set-Variable spStream -Scope Script -Value ($null)
$genericRead = 2147483648 # 0x80000000
$genericWrite = 1073741824 # 0x40000000
$openExisting = 3
$cbr115200 = 115200;
$oneStopBit = 0;
$noParity = 0;
$byteSize = 8;
$sleepTime = 1
$count = 0
$comPort = ""
try
{
$comPort = (Get-ConsolePort)
if ( [String]::IsNullOrEmpty($comPort) -Or [System.Text.RegularExpressions.Regex]::IsMatch($comPort, "^COM\d{1,}") -eq $false)
{
$comPort = "COM1"
}
}
catch
{
Write-Log "Failed to determine COM port. Defaulting to COM1. Message: $($_.Exception.Message)"
$comPort = "COM1"
}
$comPortDevice = "\\.\{0}" -f $comPort
Write-Log "Opening port ($comPort) handle to write to the console"
while ($true)
{
try
{
# Import-SerialPortUtil must be called prior to any pinvoke below.
Import-SerialPortUtil
# Open Serial Port
$script:spFileHandle = [SerialPortUtil.PInvoke]::CreateFile("$comPortDevice", $genericRead -bor $genericWrite, 0, [System.IntPtr]::Zero, $openExisting, 0, [System.IntPtr]::Zero)
if ($script:spFileHandle -eq -1)
{
throw New-Object System.InvalidOperationException("[SerialPortUtil.PInvoke]::CreateFile failed - HR error code: {0}" -f [System.Runtime.InteropServices.Marshal]::GetLastWin32Error());
}
# Get control setting for Serial Port COM1
$dcb = New-Object SerialPortUtil.Dcb
$success = [SerialPortUtil.PInvoke]::GetCommState($spFileHandle, [ref] $dcb)
if (-not $success)
{
throw New-Object System.InvalidOperationException("GetCommState failed - HR error code: {0}" -f [System.Runtime.InteropServices.Marshal]::GetLastWin32Error());
}
# Check if control settings values are set to desired values
if ($dcb.BaudRate -ne $cbr115200 -or $dcb.ByteSize -ne $byteSize -or $dcb.Parity -ne $noParity -or $dcb.StopBits -ne $oneStopBit)
{
$dcb.BaudRate = $cbr115200
$dcb.StopBits = $oneStopBit
$dcb.Parity = $noParity
$dcb.ByteSize = $byteSize
$success = [SerialPortUtil.PInvoke]::SetCommState($spFileHandle, [ref] $dcb)
if (-not $success)
{
throw New-Object System.InvalidOperationException("SetCommState failed - HR error code: {0}" -f [System.Runtime.InteropServices.Marshal]::GetLastWin32Error());
}
}
# Create a safe file handle
$script:spSafeFileHandle = New-Object Microsoft.Win32.SafeHandles.SafeFileHandle($script:spFileHandle, $true)
# Create a stream with the safe file handle
$script:spStream = New-Object System.IO.FileStream($script:spSafeFileHandle, [System.IO.FileAccess]::ReadWrite)
if ($script:spStream)
{
# Break if stream is succesfully created.
break
}
}
catch
{
Close-SerialPort
}
# It logs the status every 1 minutes.
if (($count * $sleepTime) % 60 -eq 0)
{
Write-Log "Serial Port in use. Waiting for Serial Port..."
}
Start-Sleep -seconds $sleepTime
$count ++
}
}
# SIG # Begin signature block
# MIIc9AYJKoZIhvcNAQcCoIIc5TCCHOECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCA+ThdE2RF/5C5M
# RjfB0jElPMk+jfg5NDTFe9ZrdTT7pKCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+rMIIP
# pwIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEILhPLnvfkxyZzMBaJDwOAK8hT00i1hp8tNqKrTvV0Zg3MA0GCSqGSIb3DQEB
# AQUABIIBAMM+DNX80bOH2+JVG/y4iuiuF+8xyHbl6X8jQ7GZTkL8k8wXbdWKBHHl
# OZh3Yc5C6oJ98SBQIGuCpYdBWa9HkDop/qiaY6QWqlVWoBrLNRz9mJE0roqlV8Dv
# JyzlVvhfrsdEREWWRv7ickBk2P9awCPu55m63bINiHS2G1FYzR3rnSda372hTeW6
# R3OXjsgxJHPvlBU0xUxrkRGd581IIMRpKIrS1Kqar7vazhe4TVMnnc2l8Yv5e/Re
# 8KbjIvBuV5pVg4KBpltxtjdlcs6dB7szBsPSiDFZn+S4fpNX9LTvbZrNubhi4s1W
# jOvSRB8+szWk1atVNB1mVhKtz7Wb86ahgg19MIINeQYKKwYBBAGCNwMDATGCDWkw
# gg1lBgkqhkiG9w0BBwKggg1WMIINUgIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqG
# SIb3DQEJEAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# GaxmH4EZcirISK1CquJnRhMRBXuUX6tm7IpU66o7dWICEHTdtEc7Gs7rrSJLQKO4
# sfUYDzIwMjEwODA0MTgzODA2WqCCCjcwggT+MIID5qADAgECAhANQkrgvjqI/2BA
# Ic4UAPDdMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE
# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMT
# KERpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMjEw
# MTAxMDAwMDAwWhcNMzEwMTA2MDAwMDAwWjBIMQswCQYDVQQGEwJVUzEXMBUGA1UE
# ChMORGlnaUNlcnQsIEluYy4xIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAy
# MDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZhhGfFivUNCKRF
# ymNrUdc6EUK9CnV1TZS0DFC1JhD+HchvkWsMlucaXEjvROW/m2HNFZFiWrj/Zwuc
# Y/02aoH6KfjdK3CF3gIY83htvH35x20JPb5qdofpir34hF0edsnkxnZ2OlPR0dNa
# No/Go+EvGzq3YdZz7E5tM4p8XUUtS7FQ5kE6N1aG3JMjjfdQJehk5t3Tjy9XtYcg
# 6w6OLNUj2vRNeEbjA4MxKUpcDDGKSoyIxfcwWvkUrxVfbENJCf0mI1P2jWPoGqtb
# sR0wwptpgrTb/FZUvB+hh6u+elsKIC9LCcmVp42y+tZji06lchzun3oBc/gZ1v4N
# SYS9AQIDAQABo4IBuDCCAbQwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAw
# FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwQQYDVR0gBDowODA2BglghkgBhv1sBwEw
# KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB8GA1Ud
# IwQYMBaAFPS24SAd/imu0uRhpbKiJbLIFzVuMB0GA1UdDgQWBBQ2RIaOpLqwZr68
# KC0dRDbd42p6vDBxBgNVHR8EajBoMDKgMKAuhixodHRwOi8vY3JsMy5kaWdpY2Vy
# dC5jb20vc2hhMi1hc3N1cmVkLXRzLmNybDAyoDCgLoYsaHR0cDovL2NybDQuZGln
# aWNlcnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwgYUGCCsGAQUFBwEBBHkwdzAk
# BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAC
# hkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJl
# ZElEVGltZXN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQBIHNy16Zoj
# vOca5yAOjmdG/UJyUXQKI0ejq5LSJcRwWb4UoOUngaVNFBUZB3nw0QTDhtk7vf5E
# AmZN7WmkD/a4cM9i6PVRSnh5Nnont/PnUp+Tp+1DnnvntN1BIon7h6JGA0789P63
# ZHdjXyNSaYOC+hpT7ZDMjaEXcw3082U5cEvznNZ6e9oMvD0y0BvL9WH8dQgAdryB
# DvjA4VzPxBFy5xtkSdgimnUVQvUtMjiB2vRgorq0Uvtc4GEkJU+y38kpqHNDUdq9
# Y9YfW5v3LhtPEx33Sg1xfpe39D+E68Hjo0mh+s6nv1bPull2YYlffqe0jmd4+TaY
# 4cso2luHpoovMIIFMTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG
# 9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
# cmVkIElEIFJvb3QgQ0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjBy
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
# SUQgVGltZXN0YW1waW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
# AQEAvdAy7kvNj3/dqbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/
# YyGQmL8TvFfTw+F+CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1
# oODeIj8O/36V+/OjuiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3Fy
# Tgqt30A6XLdR4aF5FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC
# 50ZQ/ZQqLKfkdT66mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMq
# T4UdxB08r8/arBD13ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd
# /imu0uRhpbKiJbLIFzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoG
# CCsGAQUFBwMIMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29j
# c3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4
# MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
# SURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAAC
# BDAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsG
# CWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4
# zwY3QITvS4S/ys8DAv3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33ak
# OpMP+LLR2HwZYuhegiUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+J
# OGFNYkYkh2OMkVIsrymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRY
# aQ18yAGxuSh1t5ljhSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+
# u8QlK0cCCHxJrhO24XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGC
# AoYwggKCAgEBMIGGMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0
# IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0ECEA1CSuC+Ooj/YEAhzhQA
# 8N0wDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE
# MBwGCSqGSIb3DQEJBTEPFw0yMTA4MDQxODM4MDZaMCsGCyqGSIb3DQEJEAIMMRww
# GjAYMBYEFOHXgqjhkb7va8oWkbWqtJSmJJvzMC8GCSqGSIb3DQEJBDEiBCChJAG8
# sRN/ECbg1KSiDmylExbwzkuf7HRygk97v7toijA3BgsqhkiG9w0BCRACLzEoMCYw
# JDAiBCCzEJAGvArZgweRVyngRANBXIPjKSthTyaWTI01cez1qTANBgkqhkiG9w0B
# AQEFAASCAQCU+VRQrOzG6TbwZ4kmU+nPikCAVydgtyvwE/1VJjd5vur1DBAWXbqa
# K7/t23l+eDxoGn2gi2uLMnm6Agr6UF8gub7pQKZs7ur2bnQf1KLGd4nB1zIAJ+ee
# CHBVWe0oVQad1NpHbIDThXPTwVsspll7GLueUMp4+Hw8zzonxQtfSN5HmawN9deR
# iHqrXLa0jMlZvlTlnj6NLcYQh5dnc8SskzAOho8FC1n9+ABwCQisImC8fw3atMnn
# YCwbaFoC7JEJhZJzb1FLWY7BtPZzSnQiaMYqXwfyRnsxHYcZIzR4oYwIIqp3fkX2
# 90oVylEWac+x+mveHWTB+9MJ33ZVXlt5
# SIG # End signature block
ScriptBlock ID: 8089f8ec-7baa-437c-8bad-ede40552ecc3
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Open-SerialPort.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88708
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
function New-WarningFile
{
param (
[parameter(Mandatory=$false)]
[string] $DriveLetter
)
try
{
# Important.txt must be created in each drive.
Write-Log ("Creating 'Instance Store' warning file in drive {0}" -f $DriveLetter)
$drivePath = "{0}:\" -f $DriveLetter
$path = Join-Path $drivePath -ChildPath "Important.txt"
$message = "This is an 'Instance Store' disk and is provided at no additional charge.`n`n" +
"*This disk offers increased performance since it is local to the host`n" +
"*The number of Instance Store disks available to an instance vary by instance type`n" +
"*DATA ON THIS DRIVE WILL BE LOST IN CASES OF IMPAIRMENT OR STOPPING THE INSTANCE. PLEASE ENSURE THAT ANY IMPORTANT DATA IS BACKED UP FREQUENTLY`n`n" +
"For more information, please refer to: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html"
New-Item -Path $path -ItemType File -Value $message | Out-Null
}
catch
{
Write-Log ("Unable to create 'Instance Store' warning file on drive {0}" -f $DriveLetter)
}
}
# SIG # Begin signature block
# MIIc9QYJKoZIhvcNAQcCoIIc5jCCHOICAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAz6E7rrs68UITj
# xsfyUq3J5H1XBq7rFcAWbYWALNE4F6CCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+sMIIP
# qAIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIH37kqywPasZQoBSJnY0FpLDsPCef9NGP3dZX/WMZ5vTMA0GCSqGSIb3DQEB
# AQUABIIBAIIGrUDp5rh8SiuMHmFoeDN70Ty1JBdYJ8civbEqtrLyqwX5i298o9wR
# CwSBMH2e6jRkYX/eOBpbbaHR2+FbzJhH6ks3xKrEWH2gMoiht52lor8k+v9rNiZE
# pnV2ej2xc/ChoOjnzvnP9vZlHcoOV8b0mYC9VmjDO6eLcfiwtTeHC2n3yRtiRzCl
# feMzJPVvnYB2pT+fDp4q3178KD4N4QZGqoTINk86zsuXaHVsbA/LYPH+puQXe0vB
# iYqpafCNeYpQ4CkO9v1/iuwRWmNnJRF43FAQHA2814PDep2F9hRfTuTZJdY2HMMK
# +K2eqAq4RIGUWDBiRFg4WWJeyWovKdShgg1+MIINegYKKwYBBAGCNwMDATGCDWow
# gg1mBgkqhkiG9w0BBwKggg1XMIINUwIBAzEPMA0GCWCGSAFlAwQCAQUAMHgGCyqG
# SIb3DQEJEAEEoGkEZzBlAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# +YP4VFOhqfzFO6AP7Q9s+2E1EfDHnpcwe08nBjsQ7VsCEQDQLYyL+EtaokAuxKNI
# JirfGA8yMDIxMDgwNDE4MzQ0NVqgggo3MIIE/jCCA+agAwIBAgIQDUJK4L46iP9g
# QCHOFADw3TANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
# RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQD
# EyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBMB4XDTIx
# MDEwMTAwMDAwMFoXDTMxMDEwNjAwMDAwMFowSDELMAkGA1UEBhMCVVMxFzAVBgNV
# BAoTDkRpZ2lDZXJ0LCBJbmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAg
# MjAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLmYYRnxYr1DQik
# Rcpja1HXOhFCvQp1dU2UtAxQtSYQ/h3Ib5FrDJbnGlxI70Tlv5thzRWRYlq4/2cL
# nGP9NmqB+in43Stwhd4CGPN4bbx9+cdtCT2+anaH6Yq9+IRdHnbJ5MZ2djpT0dHT
# WjaPxqPhLxs6t2HWc+xObTOKfF1FLUuxUOZBOjdWhtyTI433UCXoZObd048vV7WH
# IOsOjizVI9r0TXhG4wODMSlKXAwxikqMiMX3MFr5FK8VX2xDSQn9JiNT9o1j6Bqr
# W7EdMMKbaYK02/xWVLwfoYervnpbCiAvSwnJlaeNsvrWY4tOpXIc7p96AXP4Gdb+
# DUmEvQECAwEAAaOCAbgwggG0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA
# MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEEGA1UdIAQ6MDgwNgYJYIZIAYb9bAcB
# MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAfBgNV
# HSMEGDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUNkSGjqS6sGa+
# vCgtHUQ23eNqerwwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNl
# cnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRp
# Z2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcw
# JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcw
# AoZDaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3Vy
# ZWRJRFRpbWVzdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEASBzctema
# I7znGucgDo5nRv1CclF0CiNHo6uS0iXEcFm+FKDlJ4GlTRQVGQd58NEEw4bZO73+
# RAJmTe1ppA/2uHDPYuj1UUp4eTZ6J7fz51Kfk6ftQ55757TdQSKJ+4eiRgNO/PT+
# t2R3Y18jUmmDgvoaU+2QzI2hF3MN9PNlOXBL85zWenvaDLw9MtAby/Vh/HUIAHa8
# gQ74wOFcz8QRcucbZEnYIpp1FUL1LTI4gdr0YKK6tFL7XOBhJCVPst/JKahzQ1Ha
# vWPWH1ub9y4bTxMd90oNcX6Xt/Q/hOvB46NJofrOp79Wz7pZdmGJX36ntI5nePk2
# mOHLKNpbh6aKLzCCBTEwggQZoAMCAQICEAqhJdbWMht+QeQF2jaXwhUwDQYJKoZI
# hvcNAQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
# MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNz
# dXJlZCBJRCBSb290IENBMB4XDTE2MDEwNzEyMDAwMFoXDTMxMDEwNzEyMDAwMFow
# cjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVk
# IElEIFRpbWVzdGFtcGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
# ggEBAL3QMu5LzY9/3am6gpnFOVQoV7YjSsQOB0UzURB90Pl9TWh+57ag9I2ziOSX
# v2MhkJi/E7xX08PhfgjWahQAOPcuHjvuzKb2Mln+X2U/4Jvr40ZHBhpVfgsnfsCi
# 9aDg3iI/Dv9+lfvzo7oiPhisEeTwmQNtO4V8CdPuXciaC1TjqAlxa+DPIhAPdc9x
# ck4Krd9AOly3UeGheRTGTSQjMF287DxgaqwvB8z98OpH2YhQXv1mblZhJymJhFHm
# gudGUP2UKiyn5HU+upgPhH+fMRTWrdXyZMt7HgXQhBlyF/EXBu89zdZN7wZC/aJT
# Kk+FHcQdPK/P2qwQ9d2srOlW/5MCAwEAAaOCAc4wggHKMB0GA1UdDgQWBBT0tuEg
# Hf4prtLkYaWyoiWyyBc1bjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAK
# BggrBgEFBQcDCDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHow
# eDA6oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJl
# ZElEUm9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp
# Z2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDBQBgNVHSAESTBHMDgGCmCGSAGG/WwA
# AgQwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAL
# BglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggEBAHGVEulRh1Zpze/d2nyqY3qz
# eM8GN0CE70uEv8rPAwL9xafDDiBCLK938ysfDCFaKrcFNB1qrpn4J6JmvwmqYN92
# pDqTD/iy0dh8GWLoXoIlHsS6HHssIeLWWywUNUMEaLLbdQLgcseY1jxk5R9IEBhf
# iThhTWJGJIdjjJFSLK8pieV4H9YLFKWA1xJHcLN11ZOFk362kmf7U2GJqPVrlsD0
# WGkNfMgBsbkodbeZY4UijGHKeZR+WfyMD+NvtQEmtmyl7odRIeRYYJu6DC0rbaLE
# frvEJStHAgh8Sa4TtuF8QkIoxhhWz0E0tmZdtnR79VYzIi8iNrJLokqV2PWmjlIx
# ggKGMIICggIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
# SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2Vy
# dCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhANQkrgvjqI/2BAIc4U
# APDdMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB
# BDAcBgkqhkiG9w0BCQUxDxcNMjEwODA0MTgzNDQ1WjArBgsqhkiG9w0BCRACDDEc
# MBowGDAWBBTh14Ko4ZG+72vKFpG1qrSUpiSb8zAvBgkqhkiG9w0BCQQxIgQgb8Rp
# jBbaoYVbHAtzC4QAPq/zyjXnYW1FHD+OHVYgESQwNwYLKoZIhvcNAQkQAi8xKDAm
# MCQwIgQgsxCQBrwK2YMHkVcp4EQDQVyD4ykrYU8mlkyNNXHs9akwDQYJKoZIhvcN
# AQEBBQAEggEArv4CSNOw2ThZRhLrYTE3A9XAigMZNv++ND6mk0qB4bdv/Iq+ejRw
# W1nyUsGEUA8xfYM09xEovx/C9JmhboTPJAhcY9HdBMqbxeoegldJcWycNmWCGiTa
# xCundFt52bOo92Z33fV0cXoll0PDb3Hr6jP2GaUE88alqgSm04mz3REgFKL65Tcm
# bTvjr92AglrHtuwSZSiif/tWtLs7RzYLiH33ZUm1jSgLxMj8qyvIbG6zMaLaS81r
# ErK7ZH6EKLywWayb7f9ShjixxtUyldVqVcWmuAfD/31AOJRrGh5sImbfemzZejPG
# iHbNejFyv/bGWheF+aCJlB3aqrMPHHAr/Q==
# SIG # End signature block
ScriptBlock ID: 607b44cc-c03d-4f00-b0cf-9eb306f43a31
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\New-WarningFile.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88705
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
New-WallpaperSetup creates wallpaper setup cmd in windows startup directory and return.
-------------------------------------------------------------------------------------------------------------#>
function New-WallpaperSetup
{
if (Test-NanoServer)
{
return
}
# Return if SetWallpaper task is disabled.
$state = Get-LaunchConfig -Key SetWallpaper
if (-not $state)
{
Write-Log "Setting wallpaper name is disabled"
Clear-Wallpaper
return
}
Write-Log "Creating wallpaper setup cmd in startup directory"
# Create some commands that render instance information on current wallpaper and save it as cmd in startup directory.
$content = "@Echo Off"
$content += [System.Environment]::NewLine + "REM Render instance information on current wallpaper if this is the wallpaper was never changed by user."
$content += [System.Environment]::NewLine + "{0} -NoProfile -NonInteractive -NoLogo -WindowStyle hidden -ExecutionPolicy Unrestricted `"Import-Module `"{1}`"; Set-Wallpaper -Initial`" & REM DELETEME" -f $script:psPath, $script:moduleFilePath
$content += [System.Environment]::NewLine + "type `"%~f0`" | findstr /v DELETEME > `"%~dp0$script:wallpaperSetupName`""
$content += [System.Environment]::NewLine + "DEL /Q /F `"%~f0`" & REM DELETEME"
$content += [System.Environment]::NewLine + "GOTO :EOF & REM DELETEME"
$content += [System.Environment]::NewLine + "{0} -NoProfile -NonInteractive -NoLogo -WindowStyle hidden -ExecutionPolicy Unrestricted `"Import-Module `"{1}`"; Set-Wallpaper`"" -f $script:psPath, $script:moduleFilePath
try
{
# Create Startup folder for Default user if it doesn't exist
$defaultUserPathStartup = "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
if (-not (Test-Path $defaultUserPathStartup))
{
New-Item -Path $defaultUserPathStartup -ItemType Directory | Out-Null
}
# Create the wallpaper setup batch file in all user's startup directory
foreach ($userDir in (Get-ChildItem "C:\Users" -Force -Directory).FullName)
{
# Create the wallpaper setup batch file if startup directory exists
$startupPath = Join-Path $userDir -ChildPath "\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
if (Test-Path $startupPath)
{
$initWallpaperSetupPath = Join-Path $startupPath -ChildPath $script:initWallpaperSetupName
New-Item -Path $initWallpaperSetupPath -ItemType File -Value $content -Force | Out-Null
}
}
}
catch
{
Write-Log ("Failed to render instance information on wallpaper {0}" -f $_.Exception.Message)
}
}
# SIG # Begin signature block
# MIIc9QYJKoZIhvcNAQcCoIIc5jCCHOICAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCDWLEAXyb07mVS
# bVvLUrpQgOccy6E/AqsgCefQoSeW/aCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+sMIIP
# qAIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIMebPcy4cN9Qb53DpMB6VHfEzyYLU3Bm+RTPZBGmXCsUMA0GCSqGSIb3DQEB
# AQUABIIBAMkUY/6Ibzu3Bs//0FS6BtsT4SbilMGqcEDRh5Vw9ttpMUijz3C0SM6t
# P/wwJ2m13axiOi94ircMUU2Z4CM0Nuw5cviDevBYUgPAIO5hHPru6dff//9sWl+p
# 2IdzFGJ+l0uyA0NedbaLPTSLpoqIUr9BCWu5UWtD868MXl9hOFONne8XYJh6VXoo
# /uTxZlR3eWwKL4Np+kfsDRzccZmukx2tCJhkS/140MmNfS95nYPPd69QljD74x9b
# M6VuN00uIi8srTtUdEySgJLMsag3cn/qxLkgMMD2WlXtGCJcqF29HwsSMUxvhjsm
# QDIUsGpmGllGmHw/oBklai8iAuAUma6hgg1+MIINegYKKwYBBAGCNwMDATGCDWow
# gg1mBgkqhkiG9w0BBwKggg1XMIINUwIBAzEPMA0GCWCGSAFlAwQCAQUAMHgGCyqG
# SIb3DQEJEAEEoGkEZzBlAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# E2IuEfyZm6nO9ysxUAfl9L41VljW1wYUI0l/CpAlZlACEQCSHljAyEVWk9uJoOhE
# hw5KGA8yMDIxMDgwNDE4MzgxN1qgggo3MIIE/jCCA+agAwIBAgIQDUJK4L46iP9g
# QCHOFADw3TANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
# RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQD
# EyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBMB4XDTIx
# MDEwMTAwMDAwMFoXDTMxMDEwNjAwMDAwMFowSDELMAkGA1UEBhMCVVMxFzAVBgNV
# BAoTDkRpZ2lDZXJ0LCBJbmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAg
# MjAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLmYYRnxYr1DQik
# Rcpja1HXOhFCvQp1dU2UtAxQtSYQ/h3Ib5FrDJbnGlxI70Tlv5thzRWRYlq4/2cL
# nGP9NmqB+in43Stwhd4CGPN4bbx9+cdtCT2+anaH6Yq9+IRdHnbJ5MZ2djpT0dHT
# WjaPxqPhLxs6t2HWc+xObTOKfF1FLUuxUOZBOjdWhtyTI433UCXoZObd048vV7WH
# IOsOjizVI9r0TXhG4wODMSlKXAwxikqMiMX3MFr5FK8VX2xDSQn9JiNT9o1j6Bqr
# W7EdMMKbaYK02/xWVLwfoYervnpbCiAvSwnJlaeNsvrWY4tOpXIc7p96AXP4Gdb+
# DUmEvQECAwEAAaOCAbgwggG0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA
# MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEEGA1UdIAQ6MDgwNgYJYIZIAYb9bAcB
# MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAfBgNV
# HSMEGDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUNkSGjqS6sGa+
# vCgtHUQ23eNqerwwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNl
# cnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRp
# Z2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcw
# JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcw
# AoZDaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3Vy
# ZWRJRFRpbWVzdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEASBzctema
# I7znGucgDo5nRv1CclF0CiNHo6uS0iXEcFm+FKDlJ4GlTRQVGQd58NEEw4bZO73+
# RAJmTe1ppA/2uHDPYuj1UUp4eTZ6J7fz51Kfk6ftQ55757TdQSKJ+4eiRgNO/PT+
# t2R3Y18jUmmDgvoaU+2QzI2hF3MN9PNlOXBL85zWenvaDLw9MtAby/Vh/HUIAHa8
# gQ74wOFcz8QRcucbZEnYIpp1FUL1LTI4gdr0YKK6tFL7XOBhJCVPst/JKahzQ1Ha
# vWPWH1ub9y4bTxMd90oNcX6Xt/Q/hOvB46NJofrOp79Wz7pZdmGJX36ntI5nePk2
# mOHLKNpbh6aKLzCCBTEwggQZoAMCAQICEAqhJdbWMht+QeQF2jaXwhUwDQYJKoZI
# hvcNAQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
# MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNz
# dXJlZCBJRCBSb290IENBMB4XDTE2MDEwNzEyMDAwMFoXDTMxMDEwNzEyMDAwMFow
# cjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVk
# IElEIFRpbWVzdGFtcGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
# ggEBAL3QMu5LzY9/3am6gpnFOVQoV7YjSsQOB0UzURB90Pl9TWh+57ag9I2ziOSX
# v2MhkJi/E7xX08PhfgjWahQAOPcuHjvuzKb2Mln+X2U/4Jvr40ZHBhpVfgsnfsCi
# 9aDg3iI/Dv9+lfvzo7oiPhisEeTwmQNtO4V8CdPuXciaC1TjqAlxa+DPIhAPdc9x
# ck4Krd9AOly3UeGheRTGTSQjMF287DxgaqwvB8z98OpH2YhQXv1mblZhJymJhFHm
# gudGUP2UKiyn5HU+upgPhH+fMRTWrdXyZMt7HgXQhBlyF/EXBu89zdZN7wZC/aJT
# Kk+FHcQdPK/P2qwQ9d2srOlW/5MCAwEAAaOCAc4wggHKMB0GA1UdDgQWBBT0tuEg
# Hf4prtLkYaWyoiWyyBc1bjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAK
# BggrBgEFBQcDCDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHow
# eDA6oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJl
# ZElEUm9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp
# Z2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDBQBgNVHSAESTBHMDgGCmCGSAGG/WwA
# AgQwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAL
# BglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggEBAHGVEulRh1Zpze/d2nyqY3qz
# eM8GN0CE70uEv8rPAwL9xafDDiBCLK938ysfDCFaKrcFNB1qrpn4J6JmvwmqYN92
# pDqTD/iy0dh8GWLoXoIlHsS6HHssIeLWWywUNUMEaLLbdQLgcseY1jxk5R9IEBhf
# iThhTWJGJIdjjJFSLK8pieV4H9YLFKWA1xJHcLN11ZOFk362kmf7U2GJqPVrlsD0
# WGkNfMgBsbkodbeZY4UijGHKeZR+WfyMD+NvtQEmtmyl7odRIeRYYJu6DC0rbaLE
# frvEJStHAgh8Sa4TtuF8QkIoxhhWz0E0tmZdtnR79VYzIi8iNrJLokqV2PWmjlIx
# ggKGMIICggIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
# SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2Vy
# dCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhANQkrgvjqI/2BAIc4U
# APDdMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB
# BDAcBgkqhkiG9w0BCQUxDxcNMjEwODA0MTgzODE3WjArBgsqhkiG9w0BCRACDDEc
# MBowGDAWBBTh14Ko4ZG+72vKFpG1qrSUpiSb8zAvBgkqhkiG9w0BCQQxIgQgjhO5
# 2k4t5g9zXekjHj+X8D3sXYWqRFeNFWQG6GDq/8YwNwYLKoZIhvcNAQkQAi8xKDAm
# MCQwIgQgsxCQBrwK2YMHkVcp4EQDQVyD4ykrYU8mlkyNNXHs9akwDQYJKoZIhvcN
# AQEBBQAEggEALe/FPJFGIHeW4hgR6H7q7C55opAHxbZ7yngdARLwp/OFHgOgakGw
# 5qi1jgZwrILUJKZDXGjqQvsSH0d2Z1N2QmOvyKoSdhYA4jDepdSZ8Pz7K3W2ID14
# FMftL5E8Vk1Qtz5ypbOyMEYSq7wDdcutC2YOkwpRHDOVVs+hDu56Six/R9LtaymU
# kLzbb0/jYIx0pTQULfkPKftkZUGVveHY88tG8BMDdDzAA/Kn9pmF0uTwtE3b1v66
# PLFPdCd9dKEJGCQCP8bzdrtTcfM9QO1DRPmtF5+bk2QOQDa0qb2/f/1yKgqakDtu
# TwMeySbkJ0YgFGnaY8NqHnDqvQXyVfGMVQ==
# SIG # End signature block
ScriptBlock ID: 2c299d1c-5e05-4bd7-b429-1a779b07bbd9
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\New-WallpaperSetup.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88702
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
New-RandomPassword generates and returns a random password that meets Windows Password Requirement Policy.
-------------------------------------------------------------------------------------------------------------#>
function New-RandomPassword
{
$password = ""
do
{
# 1024 bytes are randomly generated.
$rng = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$randomBytes = New-Object Byte[] 1024
$rng.GetBytes($randomBytes)
# Special character contains the following: ()!@$%-=.?*;&
$specialChars = @(40, 41, 33, 64, 36, 37, 45, 61, 46, 63, 42, 59, 38)
# First 32 characters that meet the given conditions are picked from the random bytes.
$password = [System.Text.Encoding]::ASCII.GetString(($randomBytes | where { `
($_ -ge 97 -and $_ -le 122) -or ` # a - z
($_ -ge 65 -and $_ -le 90) -or ` # A - Z
($_ -ge 50 -and $_ -le 57) -or ` # 2 - 9
($specialChars -contains $_) }) ` # ()!@$%-=.?*;&
)
# Passwords must contain characters from three of the four categories and longer than 32
} while (-not (Confirm-Password -Password $password) -or $password.Length -lt 32)
return $password.Substring(0, 32)
}
# SIG # Begin signature block
# MIIc9AYJKoZIhvcNAQcCoIIc5TCCHOECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBcXFhKQl44wRCn
# m6w6keolxFbybkCfCEawKZ0Ln20af6CCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+rMIIP
# pwIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEINbrcu55QQY9dQoP7WLhGIfPoECHqh4KTmYUkoVaA0kjMA0GCSqGSIb3DQEB
# AQUABIIBAFLKMkcSneRx4hDBU+7AC9coSk86kaDyCtZH7WMgUQXI5J45TqgJc9yl
# /H9vaV1Ew40YTETQ++f8w8aPgwUPCHqErlMf4pjpbaopXyN34G55c0ZyQ3UEPShw
# h5EEbvaalrsJpfZkl7uZW+n4cCgRCKd1cqtJiy1n6ijzaAFBiAR+dWCjWPXBd7Rc
# o05l5VGlnL2JoOhBlPB818el+Wmb94lcUY+NIa87y0CloOpN0/AqaCf9EYH/A1uH
# qbE9Q2U3e0YtcLR/r/2G8QUYcymdfMOLKm2pdk5a7Mvm/vfLICh3djNAJQ41G+O3
# pGaCocor4jCA04nPUYcVqStJ6pQDeb2hgg19MIINeQYKKwYBBAGCNwMDATGCDWkw
# gg1lBgkqhkiG9w0BBwKggg1WMIINUgIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqG
# SIb3DQEJEAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# oC0FUBjYFzMlR31MXdWT+xPgyxblnO46yJO7/B2ThvgCEFkhqkb47/S752Jm1dHC
# YzYYDzIwMjEwODA0MTgzNjIwWqCCCjcwggT+MIID5qADAgECAhANQkrgvjqI/2BA
# Ic4UAPDdMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE
# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMT
# KERpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMjEw
# MTAxMDAwMDAwWhcNMzEwMTA2MDAwMDAwWjBIMQswCQYDVQQGEwJVUzEXMBUGA1UE
# ChMORGlnaUNlcnQsIEluYy4xIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAy
# MDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZhhGfFivUNCKRF
# ymNrUdc6EUK9CnV1TZS0DFC1JhD+HchvkWsMlucaXEjvROW/m2HNFZFiWrj/Zwuc
# Y/02aoH6KfjdK3CF3gIY83htvH35x20JPb5qdofpir34hF0edsnkxnZ2OlPR0dNa
# No/Go+EvGzq3YdZz7E5tM4p8XUUtS7FQ5kE6N1aG3JMjjfdQJehk5t3Tjy9XtYcg
# 6w6OLNUj2vRNeEbjA4MxKUpcDDGKSoyIxfcwWvkUrxVfbENJCf0mI1P2jWPoGqtb
# sR0wwptpgrTb/FZUvB+hh6u+elsKIC9LCcmVp42y+tZji06lchzun3oBc/gZ1v4N
# SYS9AQIDAQABo4IBuDCCAbQwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAw
# FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwQQYDVR0gBDowODA2BglghkgBhv1sBwEw
# KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB8GA1Ud
# IwQYMBaAFPS24SAd/imu0uRhpbKiJbLIFzVuMB0GA1UdDgQWBBQ2RIaOpLqwZr68
# KC0dRDbd42p6vDBxBgNVHR8EajBoMDKgMKAuhixodHRwOi8vY3JsMy5kaWdpY2Vy
# dC5jb20vc2hhMi1hc3N1cmVkLXRzLmNybDAyoDCgLoYsaHR0cDovL2NybDQuZGln
# aWNlcnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwgYUGCCsGAQUFBwEBBHkwdzAk
# BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAC
# hkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJl
# ZElEVGltZXN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQBIHNy16Zoj
# vOca5yAOjmdG/UJyUXQKI0ejq5LSJcRwWb4UoOUngaVNFBUZB3nw0QTDhtk7vf5E
# AmZN7WmkD/a4cM9i6PVRSnh5Nnont/PnUp+Tp+1DnnvntN1BIon7h6JGA0789P63
# ZHdjXyNSaYOC+hpT7ZDMjaEXcw3082U5cEvznNZ6e9oMvD0y0BvL9WH8dQgAdryB
# DvjA4VzPxBFy5xtkSdgimnUVQvUtMjiB2vRgorq0Uvtc4GEkJU+y38kpqHNDUdq9
# Y9YfW5v3LhtPEx33Sg1xfpe39D+E68Hjo0mh+s6nv1bPull2YYlffqe0jmd4+TaY
# 4cso2luHpoovMIIFMTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG
# 9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
# cmVkIElEIFJvb3QgQ0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjBy
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
# SUQgVGltZXN0YW1waW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
# AQEAvdAy7kvNj3/dqbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/
# YyGQmL8TvFfTw+F+CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1
# oODeIj8O/36V+/OjuiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3Fy
# Tgqt30A6XLdR4aF5FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC
# 50ZQ/ZQqLKfkdT66mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMq
# T4UdxB08r8/arBD13ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd
# /imu0uRhpbKiJbLIFzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoG
# CCsGAQUFBwMIMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29j
# c3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4
# MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
# SURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAAC
# BDAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsG
# CWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4
# zwY3QITvS4S/ys8DAv3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33ak
# OpMP+LLR2HwZYuhegiUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+J
# OGFNYkYkh2OMkVIsrymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRY
# aQ18yAGxuSh1t5ljhSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+
# u8QlK0cCCHxJrhO24XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGC
# AoYwggKCAgEBMIGGMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0
# IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0ECEA1CSuC+Ooj/YEAhzhQA
# 8N0wDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE
# MBwGCSqGSIb3DQEJBTEPFw0yMTA4MDQxODM2MjBaMCsGCyqGSIb3DQEJEAIMMRww
# GjAYMBYEFOHXgqjhkb7va8oWkbWqtJSmJJvzMC8GCSqGSIb3DQEJBDEiBCDii2Tr
# /mZYsdK+RnrG2PHWTyzzqNNyZWCdlLk0KN9gYDA3BgsqhkiG9w0BCRACLzEoMCYw
# JDAiBCCzEJAGvArZgweRVyngRANBXIPjKSthTyaWTI01cez1qTANBgkqhkiG9w0B
# AQEFAASCAQBeFl/bdRcU/q6Oheiv04Ai9b3c7SlBJ3jMjsLHmjMBKuFfL2+y5UZo
# GehHNMDREfEUQ4dZxMZeHusfvdH6qROMEcmWcvGaQeIlxDJxCFqXRUFTDoQAxfLh
# 47khnhExLIPX4OhuAt3QDn2Gteh1p/bka7au9ScnMUPlQEL5ZrbNbVKYiU/r0aeg
# tl6UL3tJqqqT3Zk6rDaTt73Pe0Lw4vNjjISpLiJSTrTJt6Nw16Spjo+VTpMTCVQ+
# lpKVfQc680cR8KQMIyyoT9Z+RUASuWJnw/dy26tgnp+WYO0SJwKv8aYEp0XZErqx
# qeKLxTNnV4RmJ4L1cTHFgksGzAzG9fur
# SIG # End signature block
ScriptBlock ID: 623aaf06-5960-4135-88ce-73fa4ac3424e
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\New-RandomPassword.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88699
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Invoke-WithTimeout will invoke a function as a sub process and wait for it to complete.
-------------------------------------------------------------------------------------------------------------#>
function Invoke-WithTimeout
{
param (
[Parameter(Mandatory=$true, Position=0)]
[string] $ScriptName,
[Parameter(Mandatory=$true, Position=1)]
[ScriptBlock] $ScriptBlock,
[Parameter(Mandatory=$true, Position=2)]
[Object[]] $ArgumentList,
[Parameter(Mandatory=$true, Position=3)]
[int] $SleepSeconds,
[Parameter(Mandatory=$true, Position=4)]
[int] $TimeoutSeconds
)
try
{
$start = (Get-Date).Second
$completed = $false
# Start job in the background so we can monitor it
$job = Start-Job -ScriptBlock $ScriptBlock -ArgumentList $ArgumentList
do {
if ($job.JobStateInfo.State -ne "Running") {
# Job exited, quit polling it
$completed = $true
} else {
# Job still running, sleep
Write-Log ("Job '{0}' Still In Running State, Sleeping For '{1}' Seconds" -f $ScriptName, $SleepSeconds)
Start-Sleep -Seconds $SleepSeconds
}
} while ((((Get-Date).Second - $start) -le $TimeoutSeconds) -and (-not $completed))
if ($completed) {
# Will log out the end state of the job, as well as the output from the closure
Write-Log ("Job '{0}' Finished With Status '{1}': '{2}'" -f $ScriptName, $job.JobStateInfo.State, ($job | Receive-Job))
} else {
# Job didn't complete in the given time, kill the sub job (if it was a service that failed to start, the service will not be killed by doing this)
Write-Log ("Job '{0}' Failed To Finish Within '{1}' Seconds" -f $ScriptName, $TimeoutSeconds)
$job.StopJob()
}
}
catch
{
Write-Log ("Unable To Execute Job '{0}': '{1}'" -f $ScriptName, $_.Exception.Message)
}
}
# SIG # Begin signature block
# MIIc9QYJKoZIhvcNAQcCoIIc5jCCHOICAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBRGIQMX23VoAYS
# G3jx3rUa+gKHFzYOCq3od5KplXA0PqCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+sMIIP
# qAIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIKgMxJKN8Se88m79sOo82VnkyOx/i6E+0MPMpkJNww+NMA0GCSqGSIb3DQEB
# AQUABIIBADUwLuYKmlOVlLTzK+UgXq3SWK4/Y2ligIVuQCyMRNfNcPEuvfjd42tg
# 7eh1ttDK4+QkUHa4eWC7SUFcspstpw2AVm95oI7Kb6tgv6OAjXibZ4hnOGM9VDbW
# em5D1DpHy4z5WPDcdP2p9utRTiAfBsvWdInX0gNun7mLixkaocC80O0b8Kz1bUpt
# 5EbdDgY4inHn85rP+aSzkcuLlAonUu9lOZeUOiLpneIw7H/xHN2VrtAcSQVjdBvI
# 7P7f+pO0dwqi4253bnokpkHDNH0GNv8aMvaf3N2XKKgpzWu2r3KvP1BD2pUI6sU+
# 2SB6VO3G8SJlqaElUs5SMGaJ7MIZTcOhgg1+MIINegYKKwYBBAGCNwMDATGCDWow
# gg1mBgkqhkiG9w0BBwKggg1XMIINUwIBAzEPMA0GCWCGSAFlAwQCAQUAMHgGCyqG
# SIb3DQEJEAEEoGkEZzBlAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# n/BsYyIiNl3E4svMquojOoTKJol99/wC+YdMcTvar50CEQD3TSCnNVqpWZThHCMq
# 972mGA8yMDIxMDgwNDE4MzM1NVqgggo3MIIE/jCCA+agAwIBAgIQDUJK4L46iP9g
# QCHOFADw3TANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
# RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQD
# EyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBMB4XDTIx
# MDEwMTAwMDAwMFoXDTMxMDEwNjAwMDAwMFowSDELMAkGA1UEBhMCVVMxFzAVBgNV
# BAoTDkRpZ2lDZXJ0LCBJbmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAg
# MjAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLmYYRnxYr1DQik
# Rcpja1HXOhFCvQp1dU2UtAxQtSYQ/h3Ib5FrDJbnGlxI70Tlv5thzRWRYlq4/2cL
# nGP9NmqB+in43Stwhd4CGPN4bbx9+cdtCT2+anaH6Yq9+IRdHnbJ5MZ2djpT0dHT
# WjaPxqPhLxs6t2HWc+xObTOKfF1FLUuxUOZBOjdWhtyTI433UCXoZObd048vV7WH
# IOsOjizVI9r0TXhG4wODMSlKXAwxikqMiMX3MFr5FK8VX2xDSQn9JiNT9o1j6Bqr
# W7EdMMKbaYK02/xWVLwfoYervnpbCiAvSwnJlaeNsvrWY4tOpXIc7p96AXP4Gdb+
# DUmEvQECAwEAAaOCAbgwggG0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA
# MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEEGA1UdIAQ6MDgwNgYJYIZIAYb9bAcB
# MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAfBgNV
# HSMEGDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUNkSGjqS6sGa+
# vCgtHUQ23eNqerwwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNl
# cnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRp
# Z2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcw
# JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcw
# AoZDaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3Vy
# ZWRJRFRpbWVzdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEASBzctema
# I7znGucgDo5nRv1CclF0CiNHo6uS0iXEcFm+FKDlJ4GlTRQVGQd58NEEw4bZO73+
# RAJmTe1ppA/2uHDPYuj1UUp4eTZ6J7fz51Kfk6ftQ55757TdQSKJ+4eiRgNO/PT+
# t2R3Y18jUmmDgvoaU+2QzI2hF3MN9PNlOXBL85zWenvaDLw9MtAby/Vh/HUIAHa8
# gQ74wOFcz8QRcucbZEnYIpp1FUL1LTI4gdr0YKK6tFL7XOBhJCVPst/JKahzQ1Ha
# vWPWH1ub9y4bTxMd90oNcX6Xt/Q/hOvB46NJofrOp79Wz7pZdmGJX36ntI5nePk2
# mOHLKNpbh6aKLzCCBTEwggQZoAMCAQICEAqhJdbWMht+QeQF2jaXwhUwDQYJKoZI
# hvcNAQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
# MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNz
# dXJlZCBJRCBSb290IENBMB4XDTE2MDEwNzEyMDAwMFoXDTMxMDEwNzEyMDAwMFow
# cjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVk
# IElEIFRpbWVzdGFtcGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
# ggEBAL3QMu5LzY9/3am6gpnFOVQoV7YjSsQOB0UzURB90Pl9TWh+57ag9I2ziOSX
# v2MhkJi/E7xX08PhfgjWahQAOPcuHjvuzKb2Mln+X2U/4Jvr40ZHBhpVfgsnfsCi
# 9aDg3iI/Dv9+lfvzo7oiPhisEeTwmQNtO4V8CdPuXciaC1TjqAlxa+DPIhAPdc9x
# ck4Krd9AOly3UeGheRTGTSQjMF287DxgaqwvB8z98OpH2YhQXv1mblZhJymJhFHm
# gudGUP2UKiyn5HU+upgPhH+fMRTWrdXyZMt7HgXQhBlyF/EXBu89zdZN7wZC/aJT
# Kk+FHcQdPK/P2qwQ9d2srOlW/5MCAwEAAaOCAc4wggHKMB0GA1UdDgQWBBT0tuEg
# Hf4prtLkYaWyoiWyyBc1bjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAK
# BggrBgEFBQcDCDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHow
# eDA6oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJl
# ZElEUm9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp
# Z2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDBQBgNVHSAESTBHMDgGCmCGSAGG/WwA
# AgQwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAL
# BglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggEBAHGVEulRh1Zpze/d2nyqY3qz
# eM8GN0CE70uEv8rPAwL9xafDDiBCLK938ysfDCFaKrcFNB1qrpn4J6JmvwmqYN92
# pDqTD/iy0dh8GWLoXoIlHsS6HHssIeLWWywUNUMEaLLbdQLgcseY1jxk5R9IEBhf
# iThhTWJGJIdjjJFSLK8pieV4H9YLFKWA1xJHcLN11ZOFk362kmf7U2GJqPVrlsD0
# WGkNfMgBsbkodbeZY4UijGHKeZR+WfyMD+NvtQEmtmyl7odRIeRYYJu6DC0rbaLE
# frvEJStHAgh8Sa4TtuF8QkIoxhhWz0E0tmZdtnR79VYzIi8iNrJLokqV2PWmjlIx
# ggKGMIICggIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
# SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2Vy
# dCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhANQkrgvjqI/2BAIc4U
# APDdMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB
# BDAcBgkqhkiG9w0BCQUxDxcNMjEwODA0MTgzMzU1WjArBgsqhkiG9w0BCRACDDEc
# MBowGDAWBBTh14Ko4ZG+72vKFpG1qrSUpiSb8zAvBgkqhkiG9w0BCQQxIgQgbcIG
# tf/Smp6wq967QBD63vZNc2J1MDFlt/L9Ny7mEjIwNwYLKoZIhvcNAQkQAi8xKDAm
# MCQwIgQgsxCQBrwK2YMHkVcp4EQDQVyD4ykrYU8mlkyNNXHs9akwDQYJKoZIhvcN
# AQEBBQAEggEAs64uciUBXOtlL1BAYTZpYDOCvoY/Jmp66Ee92O1aE6CLPfcbeApW
# cBulSSjEObsjGCpmxGo1R8rBsWvXezIxDbbAbgXM7g6TVQFVImEApM5Q4ScACfFP
# vx/UQI+D4n265IeFwyNlw+kT9iWecCMoQgLTZBJJz5+U53E6YdRSghr11Rki9b/E
# Pihosvh2fUj3M5/oJ0ADrjgGL/cGFB+QJNFQDThT47fGDM9k/P4caBVNSEOr3c4v
# TqbPaD9Vrz6KHnAm0jxVKVgJGwJyv2YEt/sMEwcKMslTXgpiUi/qQqdth4qXf1eJ
# /wT5ek/m5b6GdGYX1LPBW9PVnOmW//7nYw==
# SIG # End signature block
ScriptBlock ID: 9d51ac4f-5bed-4fdc-89df-5e7318c55680
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Invoke-WithTimeout.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88696
Keywords=None
Message=Creating Scriptblock text (2 of 2):
f ($output)
{
Write-Log ("Message: The output from user scripts: {0}" -f $output)
}
}
}
catch
{
Write-Log ("Unable to execute userdata: {0}" -f $_.Exception.Message)
}
finally
{
$Password = ""
}
Write-Log "Userdata execution done"
# Before finishing the script, complete the log.
Complete-Log
return $persist
}
# SIG # Begin signature block
# MIIc9QYJKoZIhvcNAQcCoIIc5jCCHOICAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDjIBJvYjrINovm
# D7i01SB3WEs70qRUCocmX5Ctl76gGqCCDJ8wggXbMIIEw6ADAgECAhALhtAE1iqy
# 3BEl7IX117EeMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
# BAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikwHhcNMjEwNDEz
# MDAwMDAwWhcNMjIwNDE4MjM1OTU5WjCB8jEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdh
# bml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI
# RGVsYXdhcmUxEDAOBgNVBAUTBzQxNTI5NTQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMSIwIAYDVQQKExlBbWF6b24g
# V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLEwpBbWF6b24gRUMyMSIwIAYDVQQD
# ExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAyc04nmrj0mFs+J19mqr0o6yal0uNsXc7Z4vQslqbHTBJ7Xzf
# Qli6jQSOk6OzD3MrFbpT5eWM+0YqbSHHZNVdmGEko4LR4WJLmPmsGqwO754/zeXT
# KIlas66c4cRw6igGPeDRDkNUMRFfvnmbM/HZZIwR0HeLtRDOZddDDdydvLo6rcGW
# nRLG15NeKWPemWs2jHvWBcNuSV2/8TlEuujgznt/U3p1x6xenzlGTedx6JBA0GPa
# l9YF2ijvPpVowaljpCLun4agFHTMnzq+tWGocvgF80N78E20wl16i3Ls7hbnwjcn
# crjpQiBgYWvWrU+xpeT/8fPs6id03o4Ggadh7QIDAQABo4IB8DCCAewwHwYDVR0j
# BBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFNOsLmIr6HnXlCro
# QE13eT9iOwKbMC4GA1UdEQQnMCWgIwYIKwYBBQUHCAOgFzAVDBNVUy1ERUxBV0FS
# RS00MTUyOTU0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB7
# BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRVZDb2Rl
# U2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5j
# b20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMEoGA1UdIARDMEEwNgYJYIZIAYb9
# bAMCMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
# BgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1UdEwEB
# /wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJIKG4PvG2fKZaJxKzF+Buzkm/vCffHd
# doEOHwxP5dxg0ITPpqo1oZ3mEgNOG5sA+x5h8l1D/hrmOXwjKKpP7l3aPPjzD64j
# Dv4mVENm6wr4t5fG5GWFNBzmY3JBSJqGAIJ0aPKs0Sd4TqAW2BGc7nRqH67/mJvE
# X6Piw2M6/Wa6WhrpCxjyBhB4FcX5UsVWuXz7iIg6TsGkOQaNOCpr9nF3daepI11l
# uZE5KfVOi+IRGe362zNllomxdpoRbk+ApxBY/40hB7Qx7eBi7c7jkd6kr5KcuATv
# JfX4UWFLaXs+1dbqclGWeJa8CZQJxmshSY3rhQLCBthCFHGITP3NSb8wgga8MIIF
# pKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
# BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
# Y2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJv
# b3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYDVQQG
# EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
# cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0EgKFNI
# QTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fkz4SA
# /K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9DLw23
# m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiEmpqt
# RU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBSoe/o
# PtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAiduteVDgS
# YuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5/d2/
# PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
# BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsG
# AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0
# dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VF
# VlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6g
# PIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5j
# ZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMCMIIB
# pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
# ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU
# j+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC
# 72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi4vRD
# Qheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzVshk7
# 5i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0xyQwp
# ojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eoYObn
# AhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYLgYyK
# O4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxgg+sMIIP
# qAIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBD
# b2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhALhtAE1iqy3BEl7IX117EeMA0GCWCGSAFl
# AwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB
# gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkE
# MSIEIJSk7sBD9xR1sh6++AH2WifJQ6zVYzLVrD7JMNPDG3jTMA0GCSqGSIb3DQEB
# AQUABIIBAIV8sGVkaD57debNEQfRx9+3m4PyGkxZb0+1llVgE+sbaYjpMkMWppSR
# cijM+mVwG8Vh7rgazyqDbkpSfKpE5mGw0h8ampd3t+oS6CelY9NRn8sKDqPulD4I
# BCK4SxSe5DvCw70uuyjWqZR0tX4fAp4N7XqXiFog/kkQcUeGfrUkV9KBtH2IiCiQ
# R8oBp0RkIU2GfkPz6/ihLzssWeD4fSr+DVT5EsYouiV2y9Sx4M38RtqU6ZDYpx78
# M+ggfhNLseEjT3lYla+415grO5BJKcPRboXt7UL659m39pL227XMUvRw46en/rGR
# EBE+cDYVVjIJmTRFf3DjnT+1ioMT4hmhgg1+MIINegYKKwYBBAGCNwMDATGCDWow
# gg1mBgkqhkiG9w0BBwKggg1XMIINUwIBAzEPMA0GCWCGSAFlAwQCAQUAMHgGCyqG
# SIb3DQEJEAEEoGkEZzBlAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg
# KbRBcAb0XwD9xeBjy+z7c5jQaFxo5mSJygUPeHMjHMcCEQDoSRdjOqGCnTnlqb/2
# l0CcGA8yMDIxMDgwNDE4MzcxNlqgggo3MIIE/jCCA+agAwIBAgIQDUJK4L46iP9g
# QCHOFADw3TANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
# RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQD
# EyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBMB4XDTIx
# MDEwMTAwMDAwMFoXDTMxMDEwNjAwMDAwMFowSDELMAkGA1UEBhMCVVMxFzAVBgNV
# BAoTDkRpZ2lDZXJ0LCBJbmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAg
# MjAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLmYYRnxYr1DQik
# Rcpja1HXOhFCvQp1dU2UtAxQtSYQ/h3Ib5FrDJbnGlxI70Tlv5thzRWRYlq4/2cL
# nGP9NmqB+in43Stwhd4CGPN4bbx9+cdtCT2+anaH6Yq9+IRdHnbJ5MZ2djpT0dHT
# WjaPxqPhLxs6t2HWc+xObTOKfF1FLUuxUOZBOjdWhtyTI433UCXoZObd048vV7WH
# IOsOjizVI9r0TXhG4wODMSlKXAwxikqMiMX3MFr5FK8VX2xDSQn9JiNT9o1j6Bqr
# W7EdMMKbaYK02/xWVLwfoYervnpbCiAvSwnJlaeNsvrWY4tOpXIc7p96AXP4Gdb+
# DUmEvQECAwEAAaOCAbgwggG0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA
# MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEEGA1UdIAQ6MDgwNgYJYIZIAYb9bAcB
# MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAfBgNV
# HSMEGDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUNkSGjqS6sGa+
# vCgtHUQ23eNqerwwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNl
# cnQuY29tL3NoYTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRp
# Z2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcw
# JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcw
# AoZDaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3Vy
# ZWRJRFRpbWVzdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEASBzctema
# I7znGucgDo5nRv1CclF0CiNHo6uS0iXEcFm+FKDlJ4GlTRQVGQd58NEEw4bZO73+
# RAJmTe1ppA/2uHDPYuj1UUp4eTZ6J7fz51Kfk6ftQ55757TdQSKJ+4eiRgNO/PT+
# t2R3Y18jUmmDgvoaU+2QzI2hF3MN9PNlOXBL85zWenvaDLw9MtAby/Vh/HUIAHa8
# gQ74wOFcz8QRcucbZEnYIpp1FUL1LTI4gdr0YKK6tFL7XOBhJCVPst/JKahzQ1Ha
# vWPWH1ub9y4bTxMd90oNcX6Xt/Q/hOvB46NJofrOp79Wz7pZdmGJX36ntI5nePk2
# mOHLKNpbh6aKLzCCBTEwggQZoAMCAQICEAqhJdbWMht+QeQF2jaXwhUwDQYJKoZI
# hvcNAQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
# MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNz
# dXJlZCBJRCBSb290IENBMB4XDTE2MDEwNzEyMDAwMFoXDTMxMDEwNzEyMDAwMFow
# cjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVk
# IElEIFRpbWVzdGFtcGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
# ggEBAL3QMu5LzY9/3am6gpnFOVQoV7YjSsQOB0UzURB90Pl9TWh+57ag9I2ziOSX
# v2MhkJi/E7xX08PhfgjWahQAOPcuHjvuzKb2Mln+X2U/4Jvr40ZHBhpVfgsnfsCi
# 9aDg3iI/Dv9+lfvzo7oiPhisEeTwmQNtO4V8CdPuXciaC1TjqAlxa+DPIhAPdc9x
# ck4Krd9AOly3UeGheRTGTSQjMF287DxgaqwvB8z98OpH2YhQXv1mblZhJymJhFHm
# gudGUP2UKiyn5HU+upgPhH+fMRTWrdXyZMt7HgXQhBlyF/EXBu89zdZN7wZC/aJT
# Kk+FHcQdPK/P2qwQ9d2srOlW/5MCAwEAAaOCAc4wggHKMB0GA1UdDgQWBBT0tuEg
# Hf4prtLkYaWyoiWyyBc1bjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAK
# BggrBgEFBQcDCDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHow
# eDA6oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJl
# ZElEUm9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp
# Z2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDBQBgNVHSAESTBHMDgGCmCGSAGG/WwA
# AgQwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAL
# BglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggEBAHGVEulRh1Zpze/d2nyqY3qz
# eM8GN0CE70uEv8rPAwL9xafDDiBCLK938ysfDCFaKrcFNB1qrpn4J6JmvwmqYN92
# pDqTD/iy0dh8GWLoXoIlHsS6HHssIeLWWywUNUMEaLLbdQLgcseY1jxk5R9IEBhf
# iThhTWJGJIdjjJFSLK8pieV4H9YLFKWA1xJHcLN11ZOFk362kmf7U2GJqPVrlsD0
# WGkNfMgBsbkodbeZY4UijGHKeZR+WfyMD+NvtQEmtmyl7odRIeRYYJu6DC0rbaLE
# frvEJStHAgh8Sa4TtuF8QkIoxhhWz0E0tmZdtnR79VYzIi8iNrJLokqV2PWmjlIx
# ggKGMIICggIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
# SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2Vy
# dCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhANQkrgvjqI/2BAIc4U
# APDdMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB
# BDAcBgkqhkiG9w0BCQUxDxcNMjEwODA0MTgzNzE2WjArBgsqhkiG9w0BCRACDDEc
# MBowGDAWBBTh14Ko4ZG+72vKFpG1qrSUpiSb8zAvBgkqhkiG9w0BCQQxIgQg2L9A
# VtYrVxi0bsy09aDy+JYP+y4lNs7yXOR/zWzralQwNwYLKoZIhvcNAQkQAi8xKDAm
# MCQwIgQgsxCQBrwK2YMHkVcp4EQDQVyD4ykrYU8mlkyNNXHs9akwDQYJKoZIhvcN
# AQEBBQAEggEAN+TGqf30ikmN9qWNK1l/3pCVn1/SS7NflgP01OkEBmIcrdQRurtV
# tbwT3bB4Ir8OEHZgBFK6Q7OObObtw6J8I6fKPZDTflU+jWerXtTBRfFC16MLBYrY
# 9Qhd5WkkrXfngFZGXaUXIjMR9XxZ7sCa1mxgBaos5r8VqBhZ/Shojb7ysfvmzuEd
# 1RkoM5kQjsY087Xk3sr6P6lR+jP+NwVVhAyrYxw5e9grKbhN3kv9iQ15kSr+PWU/
# X1hT4E5OTPux5txdEEzNzou0iephqXCAcJOaPe6yfEUaWcYJxiOYbbQqYW24yzX4
# 1J5QHJ0tUvWwk0cCTaNeyI3ryHGjvrndkQ==
# SIG # End signature block
ScriptBlock ID: 88d3af3b-bb1f-4064-88bf-a6159776eb71
Path: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Invoke-Userdata.ps1
10/14/2021 09:31:48 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-host-874.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1472788307-1567812873-2921189720-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=88695
Keywords=None
Message=Creating Scriptblock text (1 of 2):
# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/asl/
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
<#-----------------------------------------------------------------------------------------------------------
Invoke-Userdata retrieves and executes the userdata from metadata
Currently, it supports powershell (+ with argument) and batch script.
-------------------------------------------------------------------------------------------------------------#>
function Invoke-Userdata
{
param (
[Parameter(Mandatory=$false, Position=0)]
[string] $Username,
[Parameter(Mandatory=$false, Position=1)]
[string] $Password,
[Parameter(Mandatory=$false)]
[switch] $OnlyUnregister,
[Parameter(Mandatory=$false)]
[switch] $OnlyExecute,
[Parameter(Mandatory=$false)]
[switch] $FromPersist
)
$handleUserDataState = Get-LaunchConfig -Key HandleUserData
if (!$handleUserDataState)
{
Write-Log "Handle user data is disabled"
return $false
}
# Before calling any function, initialize the log with filename
Initialize-Log -Filename "UserdataExecution.log"
try
{
$scheduleName = "Userdata Execution"
if ($OnlyUnregister)
{
Register-FunctionScheduler -Function $MyInvocation.MyCommand -ScheduleName $scheduleName -Unregister
return $null
}
Write-Log "Userdata execution begins"
$regexFormat = "(?is){0}(.*?){1}"
$powershellContent= ""
$powershellArgs = ""
$batchContent = ""
$fileLocation = Join-Path $env:LOCALAPPDATA -ChildPath "Temp\Amazon\EC2-Windows\Launch\InvokeUserData"
New-Item -Item Directory $fileLocation -Force
# Add Administrators, LocalSystem, and Current User FullControl
$ACL = Get-Acl -Path $fileLocation
$LocalSystem = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-18'
$AllowLocalSystemFullControl = New-Object System.Security.AccessControl.FileSystemAccessRule(
$LocalSystem,
[System.Security.AccessControl.FileSystemRights]::FullControl,
([System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit),
[System.Security.AccessControl.PropagationFlags]::None,
[System.Security.AccessControl.AccessControlType]::Allow
)
$AdministratorsGroup = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'
$AllowAdministratorsFullControl = New-Object System.Security.AccessControl.FileSystemAccessRule(
$AdministratorsGroup,
[System.Security.AccessControl.FileSystemRights]::FullControl,
([System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit),
[System.Security.AccessControl.PropagationFlags]::None,
[System.Security.AccessControl.AccessControlType]::Allow
)
$CurrentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent().User
$AllowCurrentUserFullControl = New-Object System.Security.AccessControl.FileSystemAccessRule(
$CurrentUser,
[System.Security.AccessControl.FileSystemRights]::FullControl,
([System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit),
[System.Security.AccessControl.PropagationFlags]::None,
[System.Security.AccessControl.AccessControlType]::Allow
)
$ACL.AddAccessRule($AllowLocalSystemFullControl)
$ACL.AddAccessRule($AllowAdministratorsFullControl)
$ACL.AddAccessRule($AllowCurrentUserFullControl)
(Get-Item $fileLocation).SetAccessControl($ACL)
# Remove inheritance and dont keep inherited permissions
$ACL = Get-Acl -Path $fileLocation
$ACL.SetAccessRuleProtection($true,$false)
(Get-Item $fileLocation).SetAccessControl($ACL)
$userdata = Get-Metadata -UrlFragment "user-data"
if (-not $userdata)
{
# If no userdata is provided, unregister the scheduled task if scheduled before.
Register-FunctionScheduler -Function $MyInvocation.MyCommand -ScheduleName $scheduleName -Unregister
throw New-Object System.Exception("Userdata was not provided")
}
$userdataContent = $userdata.Trim()
# Userdata is executed as local admin by default
# But if password is empty, userdata is exeucted as local system by default
$runAsLocalSystem = -not $Username -or -not $Password
$persist = $false
# Userdata can be persistent if tag is specified in userdata.
# Parse persist from userdata and schedule a task if persist is true
$persistRegex = [regex] ($regexFormat -f "", "")
$persistMatch = $persistRegex.Matches($userdataContent)
if ($persistMatch.Success -and $persistMatch.Captures.Count -eq 1 -and $persistMatch.Groups.Count -eq 2)
{
$persistValue = $persistMatch.Groups[1].Value
Write-Log (" tag was provided: {0}" -f $persistValue)
if ($persistValue -ieq "true")
{
Write-Log "Running userdata on every boot"
$persist = $true
}
}
else
{
Write-Log "Zero or more than one tag was not provided"
}
# If we are only executing (running per boot), don't schedule as a separate task if persist is true
if ($OnlyExecute)
{
Write-Log ("Persist is {0}, executing inline and not as a separate task" -f $persist)
}
elseif ($persist)
{
Register-FunctionScheduler -Function $MyInvocation.MyCommand -Arguments "-FromPersist" -ScheduleName $scheduleName
}
else
{
Write-Log "Unregistering the persist scheduled task"
Register-FunctionScheduler -Function $MyInvocation.MyCommand -ScheduleName $scheduleName -Unregister
if ($FromPersist)
{
# If the function was called from scheduled task and persist tag is not found, don't execute it at all.
return $persist
}
}
# Parse runAsLocalSystem from userdata
$runAsLocalSystemRegex = [regex] ($regexFormat -f "", "")
$runAsLocalSystemMatch = $runAsLocalSystemRegex.Matches($userdataContent)
if ($runAsLocalSystemMatch.Success -and $runAsLocalSystemMatch.Captures.Count -eq 1 -and $runAsLocalSystemMatch.Groups.Count -eq 2)
{
$runAsLocalSystemValue = $runAsLocalSystemMatch.Groups[1].Value
Write-Log (" tag was provided: {0}" -f $runAsLocalSystemValue)
if ($runAsLocalSystemValue -ieq "true")
{
Write-Log "Running userdata as local system"
$runAsLocalSystem = $true
}
}
else
{
Write-Log "Zero or more than one tag was not provided"
}
# Parse script from userdata
$scriptRegex = [regex] ($regexFormat -f "")
$scriptMatch = $scriptRegex.Matches($userdataContent)
if ($scriptMatch.Success -and $scriptMatch.Captures.Count -eq 1)
{
$batchContent = $scriptMatch.Groups[1].Value
}
else
{
Write-Log "Zero or more than one