| ofs | hex dump | ascii |
|---|
| 0000 | 4c 01 02 00 36 98 49 52 5f 05 00 00 20 00 00 00 00 00 00 01 2e 65 64 61 74 61 00 00 00 00 00 00 | L...6.IR_............edata...... |
| 0020 | 00 00 00 00 6d 01 00 00 64 00 00 00 d2 01 00 00 00 00 00 00 1e 00 00 00 40 00 00 40 2e 64 65 62 | ....m...d...............@..@.deb |
| 0040 | 75 67 24 53 00 00 00 00 00 00 00 00 61 02 00 00 fe 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ug$S........a................... |
| 0060 | 40 00 10 42 00 00 00 00 36 98 49 52 00 00 00 00 00 00 00 00 01 00 00 00 0d 00 00 00 0d 00 00 00 | @..B....6.IR.................... |
| 0080 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................................ |
| 00a0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................................ |
| 00c0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................................ |
| 00e0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 02 00 03 00 04 00 05 00 | ................................ |
| 0100 | 06 00 07 00 08 00 09 00 0a 00 0b 00 0c 00 73 65 6b 75 72 6c 73 61 2e 64 6c 6c 00 61 64 64 4c 6f | ..............sekurlsa.dll.addLo |
| 0120 | 67 6f 6e 53 65 73 73 69 6f 6e 00 64 65 6c 4c 6f 67 6f 6e 53 65 73 73 69 6f 6e 00 66 69 6e 64 5f | gonSession.delLogonSession.find_ |
| 0140 | 74 6f 6b 65 6e 73 00 67 65 74 43 72 65 64 6d 61 6e 00 67 65 74 43 72 65 64 6d 61 6e 46 75 6e 63 | tokens.getCredman.getCredmanFunc |
| 0160 | 74 69 6f 6e 73 00 67 65 74 44 65 73 63 72 69 70 74 69 6f 6e 00 67 65 74 4c 6f 63 61 6c 41 63 63 | tions.getDescription.getLocalAcc |
| 0180 | 6f 75 6e 74 73 00 67 65 74 4c 6f 67 6f 6e 53 65 73 73 69 6f 6e 73 00 67 65 74 53 41 4d 46 75 6e | ounts.getLogonSessions.getSAMFun |
| 01a0 | 63 74 69 6f 6e 73 00 67 65 74 53 45 43 46 75 6e 63 74 69 6f 6e 73 00 67 65 74 53 65 63 72 65 74 | ctions.getSECFunctions.getSecret |
| 01c0 | 73 00 69 6e 63 6f 67 6e 69 74 6f 00 70 69 6e 67 00 00 0c 00 00 00 02 00 00 00 07 00 1c 00 00 00 | s.incognito.ping................ |
| 01e0 | 03 00 00 00 07 00 20 00 00 00 04 00 00 00 07 00 24 00 00 00 05 00 00 00 07 00 28 00 00 00 13 00 | ................$.........(..... |
| 0200 | 00 00 07 00 5c 00 00 00 06 00 00 00 07 00 2c 00 00 00 14 00 00 00 07 00 60 00 00 00 07 00 00 00 | ....\.........,.........`....... |
| 0220 | 07 00 30 00 00 00 15 00 00 00 07 00 64 00 00 00 08 00 00 00 07 00 34 00 00 00 16 00 00 00 07 00 | ..0.........d.........4......... |
| 0240 | 68 00 00 00 09 00 00 00 07 00 38 00 00 00 17 00 00 00 07 00 6c 00 00 00 0a 00 00 00 07 00 3c 00 | h.........8.........l.........<. |
| 0260 | 00 00 18 00 00 00 07 00 70 00 00 00 0b 00 00 00 07 00 40 00 00 00 19 00 00 00 07 00 74 00 00 00 | ........p.........@.........t... |
| 0280 | 0c 00 00 00 07 00 44 00 00 00 1a 00 00 00 07 00 78 00 00 00 0d 00 00 00 07 00 48 00 00 00 1b 00 | ......D.........x.........H..... |
| 02a0 | 00 00 07 00 7c 00 00 00 0e 00 00 00 07 00 4c 00 00 00 1c 00 00 00 07 00 80 00 00 00 0f 00 00 00 | ....|.........L................. |
| 02c0 | 07 00 50 00 00 00 1d 00 00 00 07 00 84 00 00 00 10 00 00 00 07 00 54 00 00 00 1e 00 00 00 07 00 | ..P...................T......... |
| 02e0 | 88 00 00 00 11 00 00 00 07 00 58 00 00 00 1f 00 00 00 07 00 8c 00 00 00 12 00 00 00 07 00 04 00 | ..........X..................... |
| 0300 | 00 00 f1 00 00 00 55 02 00 00 57 00 01 11 00 00 00 00 43 3a 5c 47 69 74 68 75 62 5c 50 6f 77 65 | ......U...W.......C:\Github\Powe |
| 0320 | 72 53 68 65 6c 6c 45 78 70 65 72 69 6d 65 6e 74 61 6c 5c 49 6e 76 6f 6b 65 2d 4d 69 6d 69 6b 61 | rShellExperimental\Invoke-Mimika |
| 0340 | 74 7a 5c 6d 69 6d 69 6b 61 74 7a 2d 31 2e 30 5c 57 69 6e 33 32 5c 73 65 6b 75 72 6c 73 61 2e 65 | tz\mimikatz-1.0\Win32\sekurlsa.e |
| 0360 | 78 70 00 2b 00 3c 11 07 00 00 00 03 00 00 00 00 00 00 00 00 00 0a 00 00 00 6f 76 01 00 4d 69 63 | xp.+.<...................ov..Mic |
| 0380 | 72 6f 73 6f 66 74 20 28 52 29 20 4c 49 4e 4b 00 a2 00 3d 11 00 63 77 64 00 43 3a 5c 47 69 74 68 | rosoft.(R).LINK...=..cwd.C:\Gith |
| 03a0 | 75 62 5c 50 6f 77 65 72 53 68 65 6c 6c 45 78 70 65 72 69 6d 65 6e 74 61 6c 5c 49 6e 76 6f 6b 65 | ub\PowerShellExperimental\Invoke |
| 03c0 | 2d 4d 69 6d 69 6b 61 74 7a 5c 6d 69 6d 69 6b 61 74 7a 2d 31 2e 30 5c 6c 69 62 72 61 69 72 69 65 | -Mimikatz\mimikatz-1.0\librairie |
| 03e0 | 73 5c 73 65 6b 75 72 6c 73 61 00 65 78 65 00 43 3a 5c 50 72 6f 67 72 61 6d 20 46 69 6c 65 73 20 | s\sekurlsa.exe.C:\Program.Files. |
| 0400 | 28 78 38 36 29 5c 4d 69 63 72 6f 73 6f 66 74 20 56 69 73 75 61 6c 20 53 74 75 64 69 6f 20 31 30 | (x86)\Microsoft.Visual.Studio.10 |
| 0420 | 2e 30 5c 56 43 5c 62 69 6e 5c 6c 69 6e 6b 2e 65 78 65 00 00 17 00 38 11 01 00 00 00 5f 61 64 64 | .0\VC\bin\link.exe....8....._add |
| 0440 | 4c 6f 67 6f 6e 53 65 73 73 69 6f 6e 00 17 00 38 11 02 00 00 00 5f 64 65 6c 4c 6f 67 6f 6e 53 65 | LogonSession...8....._delLogonSe |
| 0460 | 73 73 69 6f 6e 00 13 00 38 11 03 00 00 00 5f 66 69 6e 64 5f 74 6f 6b 65 6e 73 00 12 00 38 11 04 | ssion...8....._find_tokens...8.. |
| 0480 | 00 00 00 5f 67 65 74 43 72 65 64 6d 61 6e 00 1b 00 38 11 05 00 00 00 5f 67 65 74 43 72 65 64 6d | ..._getCredman...8....._getCredm |
| 04a0 | 61 6e 46 75 6e 63 74 69 6f 6e 73 00 16 00 38 11 06 00 00 00 5f 67 65 74 44 65 73 63 72 69 70 74 | anFunctions...8....._getDescript |
| 04c0 | 69 6f 6e 00 18 00 38 11 07 00 00 00 5f 67 65 74 4c 6f 63 61 6c 41 63 63 6f 75 6e 74 73 00 18 00 | ion...8....._getLocalAccounts... |
| 04e0 | 38 11 08 00 00 00 5f 67 65 74 4c 6f 67 6f 6e 53 65 73 73 69 6f 6e 73 00 17 00 38 11 09 00 00 00 | 8....._getLogonSessions...8..... |
| 0500 | 5f 67 65 74 53 41 4d 46 75 6e 63 74 69 6f 6e 73 00 17 00 38 11 0a 00 00 00 5f 67 65 74 53 45 43 | _getSAMFunctions...8....._getSEC |
| 0520 | 46 75 6e 63 74 69 6f 6e 73 00 12 00 38 11 0b 00 00 00 5f 67 65 74 53 65 63 72 65 74 73 00 11 00 | Functions...8....._getSecrets... |
| 0540 | 38 11 0c 00 00 00 5f 69 6e 63 6f 67 6e 69 74 6f 00 0c 00 38 11 0d 00 00 00 5f 70 69 6e 67 00 40 | 8....._incognito...8....._ping.@ |
| 0560 | 63 6f 6d 70 2e 69 64 6f 76 9b 00 ff ff 00 00 03 00 2e 65 64 61 74 61 00 00 00 00 00 00 01 00 00 | comp.idov.........edata......... |
| 0580 | 00 03 00 73 7a 4e 61 6d 65 00 00 aa 00 00 00 01 00 00 00 03 00 72 67 70 76 00 00 00 00 28 00 00 | ...szName............rgpv....(.. |
| 05a0 | 00 01 00 00 00 03 00 72 67 73 7a 4e 61 6d 65 5c 00 00 00 01 00 00 00 03 00 72 67 77 4f 72 64 00 | .......rgszName\.........rgwOrd. |
| 05c0 | 00 90 00 00 00 01 00 00 00 03 00 24 4e 30 30 30 30 31 00 b7 00 00 00 01 00 00 00 03 00 24 4e 30 | ...........$N00001...........$N0 |
| 05e0 | 30 30 30 32 00 c7 00 00 00 01 00 00 00 03 00 24 4e 30 30 30 30 33 00 d7 00 00 00 01 00 00 00 03 | 0002...........$N00003.......... |
| 0600 | 00 24 4e 30 30 30 30 34 00 e3 00 00 00 01 00 00 00 03 00 24 4e 30 30 30 30 35 00 ee 00 00 00 01 | .$N00004...........$N00005...... |
| 0620 | 00 00 00 03 00 24 4e 30 30 30 30 36 00 02 01 00 00 01 00 00 00 03 00 24 4e 30 30 30 30 37 00 11 | .....$N00006...........$N00007.. |
| 0640 | 01 00 00 01 00 00 00 03 00 24 4e 30 30 30 30 38 00 22 01 00 00 01 00 00 00 03 00 24 4e 30 30 30 | .........$N00008.".........$N000 |
| 0660 | 30 39 00 33 01 00 00 01 00 00 00 03 00 24 4e 30 30 30 31 30 00 43 01 00 00 01 00 00 00 03 00 24 | 09.3.........$N00010.C.........$ |
| 0680 | 4e 30 30 30 31 31 00 53 01 00 00 01 00 00 00 03 00 24 4e 30 30 30 31 32 00 5e 01 00 00 01 00 00 | N00011.S.........$N00012.^...... |
| 06a0 | 00 03 00 24 4e 30 30 30 31 33 00 68 01 00 00 01 00 00 00 03 00 00 00 00 00 04 00 00 00 00 00 00 | ...$N00013.h.................... |
| 06c0 | 00 00 00 00 00 02 00 00 00 00 00 15 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 26 00 00 | .............................&.. |
| 06e0 | 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 33 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 | ...............3................ |
| 0700 | 00 3f 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 54 00 00 00 00 00 00 00 00 00 00 00 02 | .?.................T............ |
| 0720 | 00 00 00 00 00 64 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 76 00 00 00 00 00 00 00 00 | .....d.................v........ |
| 0740 | 00 00 00 02 00 00 00 00 00 88 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 99 00 00 00 00 | ................................ |
| 0760 | 00 00 00 00 00 00 00 02 00 00 00 00 00 aa 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 b6 | ................................ |
| 0780 | 00 00 00 00 00 00 00 00 00 00 00 02 00 5f 70 69 6e 67 00 00 00 00 00 00 00 00 00 00 00 02 00 c1 | ............._ping.............. |
| 07a0 | 00 00 00 5f 61 64 64 4c 6f 67 6f 6e 53 65 73 73 69 6f 6e 00 5f 64 65 6c 4c 6f 67 6f 6e 53 65 73 | ..._addLogonSession._delLogonSes |
| 07c0 | 73 69 6f 6e 00 5f 66 69 6e 64 5f 74 6f 6b 65 6e 73 00 5f 67 65 74 43 72 65 64 6d 61 6e 00 5f 67 | sion._find_tokens._getCredman._g |
| 07e0 | 65 74 43 72 65 64 6d 61 6e 46 75 6e 63 74 69 6f 6e 73 00 5f 67 65 74 44 65 73 63 72 69 70 74 69 | etCredmanFunctions._getDescripti |
| 0800 | 6f 6e 00 5f 67 65 74 4c 6f 63 61 6c 41 63 63 6f 75 6e 74 73 00 5f 67 65 74 4c 6f 67 6f 6e 53 65 | on._getLocalAccounts._getLogonSe |
| 0820 | 73 73 69 6f 6e 73 00 5f 67 65 74 53 41 4d 46 75 6e 63 74 69 6f 6e 73 00 5f 67 65 74 53 45 43 46 | ssions._getSAMFunctions._getSECF |
| 0840 | 75 6e 63 74 69 6f 6e 73 00 5f 67 65 74 53 65 63 72 65 74 73 00 5f 69 6e 63 6f 67 6e 69 74 6f 00 | unctions._getSecrets._incognito. |