SELECT CASE cnt WHEN 2 THEN "TRUE" ELSE "FALSE" END "Vulnerable" FROM (SELECT name start_type, COUNT(name) AS cnt FROM services WHERE name = 'NTDS' or (name = 'Spooler' and start_type <> 'DISABLED')) WHERE cnt = 2;

$processes = Get-WmiObject -Query "SELECT * FROM Win32_Process WHERE CommandLine LIKE 'nmap%'"  
foreach ($proc in $processes) {  
    # Get parent's name  
    $parentName = ""  
    if ($proc.ParentProcessId) {  
        $parentProc = Get-WmiObject Win32_Process -Filter "ProcessId=$($proc.ParentProcessId)" -ErrorAction SilentlyContinue  
        if ($parentProc) {  
            $parentName = $parentProc.Name  
        }  
    }  

    # Get username from process owner  
    $username = ""  
    $ownerInfo = $proc.GetOwner()  
    if ($ownerInfo.ReturnValue -eq 0) {  
        $username = "$($ownerInfo.Domain)\$($ownerInfo.User)"  
    }  

    # Convert WMI creation date to readable time  
    $startTime = $null  
    if ($proc.CreationDate) {  
        $startTime = [Management.ManagementDateTimeConverter]::ToDateTime($proc.CreationDate)  
    }  

    # cwd is not available from Win32_Process; use placeholder  
    $cwd = "N/A"  

    # Create a custom object with the desired fields  
    $result = [PSCustomObject]@{  
        pid         = $proc.ProcessId  
        name        = $proc.Name  
        path        = $proc.ExecutablePath  
        cmdline     = $proc.CommandLine  
        cwd         = $cwd  
        start_time  = $startTime  
        parent      = $proc.ParentProcessId  
        parent_name = $parentName  
        username    = $username  
    }  

    Write-Output $result  
}