| ofs | hex dump | ascii |
|---|
| 0000 | 4c 01 02 00 2e 98 49 52 d9 02 00 00 0e 00 00 00 00 00 00 01 2e 65 64 61 74 61 00 00 00 00 00 00 | L.....IR.............edata...... |
| 0020 | 00 00 00 00 81 00 00 00 64 00 00 00 e6 00 00 00 00 00 00 00 0c 00 00 00 40 00 00 40 2e 64 65 62 | ........d...............@..@.deb |
| 0040 | 75 67 24 53 00 00 00 00 00 00 00 00 7b 01 00 00 5e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ug$S........{...^............... |
| 0060 | 40 00 10 42 00 00 00 00 2e 98 49 52 00 00 00 00 00 00 00 00 01 00 00 00 04 00 00 00 04 00 00 00 | @..B......IR.................... |
| 0080 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................................ |
| 00a0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 02 00 03 00 6b 6c 6f 63 6b 2e 64 6c 6c 00 65 63 | ....................klock.dll.ec |
| 00c0 | 68 61 6e 67 65 00 67 65 74 44 65 73 63 72 69 70 74 69 6f 6e 00 67 65 74 44 65 73 6b 74 6f 70 00 | hange.getDescription.getDesktop. |
| 00e0 | 70 69 6e 67 00 00 0c 00 00 00 02 00 00 00 07 00 1c 00 00 00 03 00 00 00 07 00 20 00 00 00 04 00 | ping............................ |
| 0100 | 00 00 07 00 24 00 00 00 05 00 00 00 07 00 28 00 00 00 0a 00 00 00 07 00 38 00 00 00 06 00 00 00 | ....$.........(.........8....... |
| 0120 | 07 00 2c 00 00 00 0b 00 00 00 07 00 3c 00 00 00 07 00 00 00 07 00 30 00 00 00 0c 00 00 00 07 00 | ..,.........<.........0......... |
| 0140 | 40 00 00 00 08 00 00 00 07 00 34 00 00 00 0d 00 00 00 07 00 44 00 00 00 09 00 00 00 07 00 04 00 | @.........4.........D........... |
| 0160 | 00 00 f1 00 00 00 6f 01 00 00 54 00 01 11 00 00 00 00 43 3a 5c 47 69 74 68 75 62 5c 50 6f 77 65 | ......o...T.......C:\Github\Powe |
| 0180 | 72 53 68 65 6c 6c 45 78 70 65 72 69 6d 65 6e 74 61 6c 5c 49 6e 76 6f 6b 65 2d 4d 69 6d 69 6b 61 | rShellExperimental\Invoke-Mimika |
| 01a0 | 74 7a 5c 6d 69 6d 69 6b 61 74 7a 2d 31 2e 30 5c 57 69 6e 33 32 5c 6b 6c 6f 63 6b 2e 65 78 70 00 | tz\mimikatz-1.0\Win32\klock.exp. |
| 01c0 | 2b 00 3c 11 07 00 00 00 03 00 00 00 00 00 00 00 00 00 0a 00 00 00 6f 76 01 00 4d 69 63 72 6f 73 | +.<...................ov..Micros |
| 01e0 | 6f 66 74 20 28 52 29 20 4c 49 4e 4b 00 9f 00 3d 11 00 63 77 64 00 43 3a 5c 47 69 74 68 75 62 5c | oft.(R).LINK...=..cwd.C:\Github\ |
| 0200 | 50 6f 77 65 72 53 68 65 6c 6c 45 78 70 65 72 69 6d 65 6e 74 61 6c 5c 49 6e 76 6f 6b 65 2d 4d 69 | PowerShellExperimental\Invoke-Mi |
| 0220 | 6d 69 6b 61 74 7a 5c 6d 69 6d 69 6b 61 74 7a 2d 31 2e 30 5c 6c 69 62 72 61 69 72 69 65 73 5c 6b | mikatz\mimikatz-1.0\librairies\k |
| 0240 | 6c 6f 63 6b 00 65 78 65 00 43 3a 5c 50 72 6f 67 72 61 6d 20 46 69 6c 65 73 20 28 78 38 36 29 5c | lock.exe.C:\Program.Files.(x86)\ |
| 0260 | 4d 69 63 72 6f 73 6f 66 74 20 56 69 73 75 61 6c 20 53 74 75 64 69 6f 20 31 30 2e 30 5c 56 43 5c | Microsoft.Visual.Studio.10.0\VC\ |
| 0280 | 62 69 6e 5c 6c 69 6e 6b 2e 65 78 65 00 00 0f 00 38 11 01 00 00 00 5f 65 63 68 61 6e 67 65 00 16 | bin\link.exe....8....._echange.. |
| 02a0 | 00 38 11 02 00 00 00 5f 67 65 74 44 65 73 63 72 69 70 74 69 6f 6e 00 12 00 38 11 03 00 00 00 5f | .8....._getDescription...8....._ |
| 02c0 | 67 65 74 44 65 73 6b 74 6f 70 00 0c 00 38 11 04 00 00 00 5f 70 69 6e 67 00 40 63 6f 6d 70 2e 69 | getDesktop...8....._ping.@comp.i |
| 02e0 | 64 6f 76 9b 00 ff ff 00 00 03 00 2e 65 64 61 74 61 00 00 00 00 00 00 01 00 00 00 03 00 73 7a 4e | dov.........edata............szN |
| 0300 | 61 6d 65 00 00 50 00 00 00 01 00 00 00 03 00 72 67 70 76 00 00 00 00 28 00 00 00 01 00 00 00 03 | ame..P.........rgpv....(........ |
| 0320 | 00 72 67 73 7a 4e 61 6d 65 38 00 00 00 01 00 00 00 03 00 72 67 77 4f 72 64 00 00 48 00 00 00 01 | .rgszName8.........rgwOrd..H.... |
| 0340 | 00 00 00 03 00 24 4e 30 30 30 30 31 00 5a 00 00 00 01 00 00 00 03 00 24 4e 30 30 30 30 32 00 62 | .....$N00001.Z.........$N00002.b |
| 0360 | 00 00 00 01 00 00 00 03 00 24 4e 30 30 30 30 33 00 71 00 00 00 01 00 00 00 03 00 24 4e 30 30 30 | .........$N00003.q.........$N000 |
| 0380 | 30 34 00 7c 00 00 00 01 00 00 00 03 00 5f 65 63 68 61 6e 67 65 00 00 00 00 00 00 00 00 02 00 00 | 04.|........._echange........... |
| 03a0 | 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 14 00 00 00 00 00 00 00 00 00 00 | ................................ |
| 03c0 | 00 02 00 5f 70 69 6e 67 00 00 00 00 00 00 00 00 00 00 00 02 00 20 00 00 00 5f 67 65 74 44 65 73 | ..._ping................._getDes |
| 03e0 | 63 72 69 70 74 69 6f 6e 00 5f 67 65 74 44 65 73 6b 74 6f 70 00 | cription._getDesktop. |