Sample details: d6658c0928930d55d636d41c280099c5 --

Hashes
MD5: d6658c0928930d55d636d41c280099c5
SHA1: eb8a8062716a0c6ce3fb55d9b44eefc1f48af1a3
SHA256: 14a18bd21328d9108df78cfd6c7ae66c726510f35668d9b6083ec1644534166f
SSDEEP: 12288:chq5Jz4jA9r8eRFmVpQOsM9jJSgUev4qsOlKnIZNLFIksV:cQ5Jz4jirzOQOvSZ5qREnwJep
Details
File Type: PE32+
Yara Hits
YRP/Microsoft_Visual_Cpp_80_DLL | YRP/IsPE64 | YRP/IsConsole | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/System_Tools | YRP/Misc_Suspicious_Strings | YRP/DebuggerCheck__QueryInfo | YRP/DebuggerException__SetConsoleCtrl | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/inject_thread | YRP/create_service | YRP/cred_local | YRP/spreading_share | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/Big_Numbers0 | YRP/Big_Numbers1 | YRP/Advapi_Hash_API | YRP/MD5_API | YRP/Powerkatz_DLL_Generic | YRP/with_sqlite | FlorianRoth/Powerkatz_DLL_Generic |
Parent Files
6acec394718b86af1cab369f7a25f430
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
D$@kiwiH
UVWATAUAVAWH
A_A^A]A\_^]
toH9{xtiE3
WATAUAVAWH
A_A^A]A\_
x ATAUAVH
 A^A]A\
WATAUAVAWH
 A_A^A]A\_
WATAUAVAWH
 A_A^A]A\_
KSSME9Y
4r[E9\
VWATAUAVH
9k<vj3
 A^A]A\_^
9s<vP3
x AUAVAWH
@A_A^A]
x ATAUAVH
0A^A]A\
ATAUAVH
A^A]A\
L$P!t$ L
L$P!t$ L
L$P!t$ L
L$P!t$ L
UVWATAUAVAWH
L$P!t$ L
pA_A^A]A\_^]
p WATAUAVAWH
A_A^A]A\_
t$ WATAUAVAWH
A_A^A]A\_
UVWATAUAVAWH
t%@8:u
@A_A^A]A\_^]
WATAUH
WATAUAVAWH
A_A^A]A\_
Y H!;H
WATAUH
0A]A\_
WATAUAVAWH
 A_A^A]A\_
x ATAUAVH
0A^A]A\
UVWATAUAVAWH
 A_A^A]A\_^]
9_ v H
WATAUAVAWH
A_A^A]A\_
UVWATAUAVAWH
pA_A^A]A\_^]
SUVWATAUAVH
pA^A]A\_^][
WATAUAVAWH
A_A^A]A\_
SUVWATAUAVAWH
xA_A^A]A\_^][
WATAUAVAWH
A_A^A]A\_
L$ UVWATAUAVAWH
tiD9m,H
`A_A^A]A\_^]
WATAUH
D;d$xu
@A]A\_
H!\$0!\$(E3
tY9\$DuSH
H!\$ L
l$ VWATH
WATAUAVAWH
H!t$8H
A_A^A]A\_
t$ WATAUAVAWH
 A_A^A]A\_
x ATAUAVH
 A^A]A\
WATAUAVAWH
 A_A^A]A\_
H+\$(H
WATAUH
@A]A\_
H!\$(!\$ D
8MDMPu
WATAUAVAWH
0A_A^A]A\_
x ATAUAVH
 A^A]A\
H UVWH
WATAUH
H!|$ H!|$0H
t$ WATAUH
L!d$`L!d$PH
L!d$HL!d$@
D!d$8L!d$0D
s WATAUAVAWH
D$HD9.
A_A^A]A\_
H;\$pr
H;\$pr
t$ WATAUH
K@fD9X
s WATAUH
D$0M!c
@A]A\_
D$HL!d$@L!d$8D
t$(L!d$ 
D$HL!d$@L!d$8D
l$0D!d$(L!d$ L
D$@L!d$8L!d$0E3
l$(D!d$ 
UVWATAUAVAWH
D!T$HI
D$DD9S
A_A^A]A\_^]
UVWATAUAVAWH
f9D$Pu
A_A^A]A\_^]
9regfuJ9y
9hbinu6H
L$ UVWH
WATAUAVAWH
 A_A^A]A\_
t"IcR4L
WATAUAVAWH
 A_A^A]A\_
x ATAUAVH
@A^A]A\
WATAUAVAWH
A_A^A]A\_
D$0H!t$(H!t$ L
D$(H!t$ H
VWATAUAVH
A^A]A\_^
WATAUH
9+v8E3
H9l$ tqA
0A]A\_
AUAVAWH
A_A^A]
ATAUAVH
A^A]A\
WATAUH
!\$(H!\$ E3
WATAUAVAWH
	H!\$PH
A_A^A]A\_
WATAUAVAWH
l$DL!l$PM!k
!D$@!D$`I
\$X;\$`syE
A_A^A]A\_
\$@I![
UVWATAUAVAWH
A_A^A]A\_^]
H WATAUAVAWH
 A_A^A]A\_
x ATAUAVH
@A^A]A\
UVWATAUH
PA]A\_^]
x ATAUAVH
H!t$`H!t$XH!t$PH!t$HH!t$@L
A^A]A\
WATAUH
 A]A\_
WATAUAVAWH
H;L$ u
0A_A^A]A\_
WATAUAVAWH
 A_A^A]A\_
H!:H!x
t3H!|$0H!|$(D
K SUVWH
VWATAUAVH
A^A]A\_^
x ATAUAVH
H!|$ E3
0A^A]A\
!t$@A!s I
!t$@A!s I
VWATAUAVH
!\$(!\$ D
!t$(!t$ D
A^A]A\_^
8AUu!8AVu
UVWATAUAVAWH
D$0IcP
\$(~"E
D$0IcP
D$0IcP
D$0IcP
A_A^A]A\_^]
H9\$0t
H9\$0t
H9\$0t
L$ SWH
H SVWH
x ATAUAVIc
|$8A^A]A\
T$XH9_
uWH!\$0!\$(H!
AH!\$0!\$(H!\$@H
D8D$@t
!D$ E3
UVWATAUH
`A]A\_^]
SUVWATH
PA\_^][
WATAUAVAWH
0A_A^A]A\_
|+H;KXt%9{4u H9{HH
/H9CH|
WATAUAVAWH
0A_A^A]A\_
SUVWATAUAVAWH
D9d$Tt
A_A^A]A\_^][
WATAUH
x ATAUAVH
0A^A]A\
;C ~SH
t$f9j.t	H
q89y(v
B(9A(s
D9K0v=E3
9q0vm3
s$;K s
;{0r#H
L9c@uLD9c,u
f9y0u1H
@8yUuG
L9L$ t#H
VWATAUAWH
H!0H!p
fD	{2D
 A_A]A\_^
@SUVWATH
 A\_^][
WATAUH
 A]A\_
H;{ht.H
S`H9T$H~
KHH91t
9s0t@@8s
VWATAUAVH
u=L9s`
H9l$P~
S 9S(v
KHL91t
 A^A]A\_^
UVWATAUAVAWH
 A_A^A]A\_^]
UVWATAUAVAWH
t`H!l$ A
9D$ptyH
0A_A^A]A\_^]
t$ WATAUH
 A]A\_
SUVWATAUAVAWH
OhH;O`u!
H9G`u&
u7D8>A
8A_A^A]A\_^][
UVWATAUAVAWH
C`L9s`
ChH;C`u
s,L9k`}&H
u(;k<s#H
0A_A^A]A\_^]
t$ WATAUH
9y uZH
tBH!|$@E3
IHH99t
 A]A\_
WATAUH
 A]A\_
I9(u,D
H!l$ A
C,;C s;H
w(;s wu
UVWATAUAVAWH
D8?t$H
HcD$0H
PA_A^A]A\_^]
\$ UVWATAUH
9\$`uF;
0A]A\_^]
CPH9(uwH
uY9l$htSL
KPH9)tD@8k
9l$`v(H
WATAUAVAWH
0A_A^A]A\_
t$ WATAUH
u=D9k t7H
0A]A\_
WATAUH
fD	n,H
 A]A\_
u ;n$w
C(9F s
UVWATAUAVAWH
;i(t:H
 A_A^A]A\_^]
A(9B r
uO9{ vJE3
C D;C(v*3
WATAUH
 A]A\_
x ATAUAVH
 A^A]A\
@8qX|*H
K8@8sYu=
C8!t$ L
9QHt	H
VWATAUAVH
A^A]A\_^
@SUVWATAUAVAWH
H;L$(H
8A_A^A]A\_^][
WATAUH
 A]A\_
VWATAUAVH
 A^A]A\_^
t$ WATAUAVAWH
 A_A^A]A\_
UVWATAUAVAWH
Mc\$4H
 A_A^A]A\_^]
x ATAUAVH
l$HfA+
 A^A]A\
t$ WATAUH
 A]A\_
@88uXH
t$ WATAUAVAWH
A_A^A]A\_
KHL91t
HHL91t
t$ WATAUH
f	{$@8z
;{0tAI
 A]A\_
WATAUH
G$9_<u
9O<t1H
 A]A\_
T$@|6H
@8kX|&H
t$ WATAUAVAWH
I+UPH;
;nL~'H
l$pLct$(
A_A^A]A\_
@8*t~H9k`
u&8CVu
UVWATAUAVAWH
t5D8iYt/L9A u
tGpE8l$
tGpD8m
PA_A^A]A\_^]
@8sVu	
fB9DCp
fB9DCps
fB9DIpr
qf9|Cpu7
[XfB9|[pt
AXfF9LApt
UVWATAUAVAWH
0A_A^A]A\_^]
UVWATAUAVAWH
H9~Xu'D
 A_A^A]A\_^]
l$ VWATH
KpfD9a.t
UVWATAUAVAWH
@A_A^A]A\_^]
x ATAUAVH
 A^A]A\
VWATAUAVH
 A^A]A\_^
SUVWATAUAVAWH
H+D$xH;
(A_A^A]A\_^][
L$ UVWATAUAVAWH
T$ }|I
0A_A^A]A\_^]
UVWATAUAVAWH
fC94<u
H;T$Ps
`A_A^A]A\_^]
WATAUH
 A]A\_
UVWATAUAVAWH
D$HHcD$`L
!t$ Hc
HcT$PB
DHcL$PA
L$PE8^
Hct$@I
A_A^A]A\_^]
\$ UVWATAUAVAWH
0A_A^A]A\_^]
p WATAUAVAWH
A_A^A]A\_
@SUVWATAUAVAWH
XA_A^A]A\_^][
l$4f;C
UVWATAUAVAWH
"IcA0D
LcD$xI
0A_A^A]A\_^]
WATAUAVAWH
 A_A^A]A\_
WATAUH
0A]A\_
s]HcD$xHcN
WATAUH
0A]A\_
A0LcY<A
SUVWATAUAVAWH
D8V!t	E
L9Sht/
(A_A^A]A\_^][
9q@~+3
UVWATAUAVAWH
;o(}YH
D;o(}7H
;w(}6H
;w(}#H
@A_A^A]A\_^]
WATAUAVAWH
 A_A^A]A\_
x ATAUAVH
LcedMk
Q@8~Ut
 A^A]A\
UVWATAUAVAWH
 A_A^A]A\_^]
WATAVH
D#d$<f;
SUVWATAUAVAWH
xA_A^A]A\_^][
t$ WATAUH
u#fD9k
 A]A\_
D9d$Pt
D9d$Pt
t$ WATAUAVAWH
fD;}xA
A_A^A]A\_
WATAUAVAWH
 A_A^A]A\_
SUVWATAUAVAWH
D$`H9<
A8}St	E9
D$HIcW
uD@8y[t>D
9A(~I;
9A(~6H
$G<C|9
L$pfD3
 t5IcO
IcElH;
t$Xf	C
D86uR3
S8H9*tmH
T$HE9O
yXA+|$(;
yXA+|$(;
L$`;Al
{h;t$p
D;d$hB
L9Chu%
9U }(E3
;t$pr	A
T$HD8s)tUD9s$t$H
$D;T$pr
D$`IcO
L$`Mcg
H9S`u5
C`H9S`u
H9k`u3
C`H9k`u
D$`IcO
@8xXt!H
L$`IcW
D$`Ic_
~ IcElH;
~0A;}l
D$`IcO
D$`IcO
D$`IcO
@8{)ta9{$t)H
l$l@8{(
I9|$HuHD;
H+L$XH
A_A^A]A\_^][
H9{hu$
D$|Icw
t$(A9o
L+|$XH
YLcG8H
G HcT$@H
H!t$0H9
WATAUAVAWH
0A_A^A]A\_
WATAUH
H(fD9i
0A]A\_
x ATAUAVH
 A^A]A\
WATAUH
 A]A\_
h VWATH
p WATAUAVAWH
H9\$Pt4H
 A_A^A]A\_
x ATAUAVH
 A^A]A\
t$ WATAUAVAWH
gfffffffH9]
0A_A^A]A\_
t$ WATAUH
t<L9k@t
C8Hc{P
 A]A\_
s WATAUH
LcL$8HcH
C(H9C0u
HcD$xH
PH;L$@H
UVWATAUAVAWH
PL;d$x|
 A_A^A]A\_^]
WATAUAVAWH
 A_A^A]A\_
\$ UVWATAUAVAWH
HcV8E3
0A_A^A]A\_^]
VWATAUAVH
8^Xt!H
 A^A]A\_^
WATAUAVAWH
 A_A^A]A\_
WATAUH
H;D$P~
WATAUAVAWH
 A_A^A]A\_
SUVWATAUAVAWH
SD9P(A
D$XI9D$P
L$`~*L
D;l$`|
F0 u.H
A_A^A]A\_^][
fD9S0| M;
I	D8`A
SUVWATAUAVAWH
f	G0fE	&A
D;g(t	
O0@9]Pu	H
A_A^A]A\_^][
WATAUH
UVWATAUAVAWH
A;L$tL
PA_A^A]A\_^]
SUVWATAUAVAWH
D$0~	f
$D8PUuhA
~<fD9V t)D
HA_A^A]A\_^][
UVWATAUAVAWH
l$(u)M
A9\$Pu	
T$8H9ZHD
w K9\.0
D$(8XU
C	D.HH
H9_8t	L;
f	l$pH
l$(A8]U
A_A^A]A\_^]
H9Z@u}
WATAUH
0A]A\_
@xD9G(~
CxD9C(~
t$ WATAUAVAWH
 A_A^A]A\_
D$0HcL$,L
x ATAUAVH
 A^A]A\
D96~vI
u?8SUu}
A(9B,t
A6<dtE<
fD9A0|
u>fA9A0}
uUHcG<H
UVWATAUAVAWH
@A_A^A]A\_^]
L$@s #o
C0f9G0u
t$ WATAUAVAWH
C69A u
;w8})I
Hct$`L
LcT$`H
C,A9@,u
C0fA9@0t
0A_A^A]A\_
` AUAVAWH
 A;l$(
D9{Pu1E8|$Uu*L9
0A_A^A]
H SUVWATH
A\_^][
t$ WATAUH
 A]A\_
VWATAUAVH
 A^A]A\_^
WATAUAVAWH
 A_A^A]A\_
9y(~ 3
tLfD;g>A
t$ WATAUAVAWH
0A_A^A]A\_
$A8[Uu
IcD$<H
WATAUAVAWH
u88SUt&3
 A_A^A]A\_
UVWATAUAVAWH
83uMf;S>H
D$P}<L
`A_A^A]A\_^]
WATAUH
 A]A\_
A80t#E
UVWATAUAVAWH
Lcd$xA
fA;}>H
Lcd$xHc
0A_A^A]A\_^]
fD;Y`s0H
WATAUAVAWH
fD9}<A
fD;c^sOA;
uWfD;}>A
A_A^A]A\_
L$ UVWATAUAVAWH
pA_A^A]A\_^]
WATAUH
0A]A\_
UVWATAUAVAWH
PA_A^A]A\_^]
UVWATAUAVAWH
@PH9A8
A_A^A]A\_^]
D$F t?M
L$@~(I
L9OPu2E3
Od fE;L$>D
G^f9C^us
Gb8Cbt,A
D$F t	I;
t'L9I(t
D$(f;q^r
WATAUH
0A]A\_
HcT$HH
WATAUAVAWH
fA;X^smH
H9\$@t
A_A^A]A\_
WATAUH
 A]A\_
x ATAUAVH
 A^A]A\
WATAUH
 A]A\_
x ATAUAVH
 A^A]A\
t$ WATAUAVAWH
 A_A^A]A\_
CrH!{h
B@8spu<H
SUVWATAUAVAWH
Lc\$|H
LcD$`Hc
F`!\$ E3
HcD$`H
D$pD!L$ A
A_A^A]A\_^][
x AUAVAWH
0A_A^A]
VWAUAVAWH
A_A^A]_^
UVWATAUAVAWH
0A_A^A]A\_^]
t$ WATAUAVAWH
 A_A^A]A\_
WATAUAVAWH
 A_A^A]A\_
t$XH9\$Pt
WATAUAVAWH
H(HcIlI;
0A_A^A]A\_
@(Ic@lH;
8\$ t?
VWATAUAVH
0A^A]A\_^
 HcA I
WATAUH
0A]A\_
A(Lc@lM
WATAUAVAWH
LcD$03
D$@+D$0H
D$@HcQlH;
Lct$4H
T$8LcD$0
T$8L;l$X
A_A^A]A\_
UVWATAUAVAWH
@A_A^A]A\_^]
u	fD9g
tEHcF A
u;H!|$@H!|$8H!|$0A
D$(H!|$ E
f;k`svL
WATAUH
fD;o>A
0A]A\_
UVWATAUAVAWH
	s'M9`Hu!I
D$`t(H
A_A^A]A\_^]
8PUt	H
f;U>Lc\$dMc
SUVWATAUAVAWH
fE9g<M
D8\$au
D$hL9SHt:E
D$xfD;S`
t9L9SH
D8\$`t!H9\$pu
GF uoD
]H;\$pD
A_A^A]A\_^][
VWATAUAVH
0A^A]A\_^
UVWATAUAVAWH
IcD$<D
0A_A^A]A\_^]
UVWATAUAVAWH
pA_A^A]A\_^]
t$ WATAUH
 A]A\_
VWATAUAVH
 A^A]A\_^
t$ WATAUH
WATAUAVAWH
\$`E!s
C$9{<u
D9htuU
HcHtA;
fD	YrE;
A_A^A]A\_
WATAUH
;s(};H
 A]A\_
 A;@(|
L$ UVWATAUAVAWH
E$D9e<u
@A_A^A]A\_^]
WATAUAVAWH
A_A^A]A\_
x ATAUAVH
C`D8wUt
A^A]A\
UVWATAUAVAWH
PA_A^A]A\_^]
WATAUH
 A]A\_
UVWATAUAVAWH
`A_A^A]A\_^]
L$ SUVWATAUAVAWH
L$XD+v
8A_A^A]A\_^][
WATAUH
0A]A\_
SUVWATAUAVAWH
xA_A^A]A\_^][
Hc\$HH
WATAUH
 A]A\_
WATAUAVAWH
 A_A^A]A\_
SUVWATAUAVAWH
D$0D+e
9t$4~G
hA_A^A]A\_^][
WATAUAVAWH
0A_A^A]A\_
SUVWATAUAVAWH
D8~Ut;Ic
XA_A^A]A\_^][
UVWATAUAVAWH
`A_A^A]A\_^]
Lc\$XE
WATAUH
WATAUAVAWH
t<D9>A
}(E8}Ut
fA9D$@v
0A_A^A]A\_
@SUVWATAUAVAWH
C@ uxH
H9K uFH9K
D$8E8^U
D$@fD;^>D
D$HD9(
A_A^A]A\_^][
WATAUH
0A]A\_
@SUVWATAUAVAWH
D9f,~ H
 D;f,|
HA_A^A]A\_^][
UVWATAUAVAWH
IcD$<H
teD9(u`H
A_A^A]A\_^]
SUVWATAUAVAWH
l$x9iPuRA8mUuL
T$Ft)A
fA;l$>
A_A^A]A\_^][
uPL9AHuJI;
8L$`t3
fA;L$>
8L$`u%L;
fA;L$>
8D$at@E3
D;|$|}
SUVWATAUAVAWH
XA_A^A]A\_^][
SUVWATAUAVAWH
pA9pTF
@8u,v'B
D$xf;x^s
t#f9x^u
@8pUt	H
fA9q.v	A
toHcD$hD
@8pUt	H
CF u}H
A_A^A]A\_^][
WATAUAVAWH
L9{PtMA
fD;{^sCI
 A_A^A]A\_
UVWATAUAVAWH
D$P@8pU
t$4D9W
pA_A^A]A\_^]
@83u&H
L$HxOH
t6fE9B
tzfE9B
WATAUAVAWH
K,E9!u
C,9A,uG
CXf9A0u=
 A_A^A]A\_
UVWATAUAVAWH
T$x~6I
fD9@0u.
L$x9H,u%H
0A_A^A]A\_^]
@8r;v0H
fD9Z.u
WATAUH
t fD9o,t
c(	sDH
uNE8l$Ut
 A]A\_
t$ WATAUH
 A]A\_
L$`D8IUt	A
@fB+L@
SUVWATAUAVAWH
EF t	H
u<D9@,u6D
f;C^sCL
D$P}9D
EF u5M;
EDf9C\
A_A^A]A\_^][
9T$ t*D
SUVWATAUAVAWH
t`f9C0|ZH
C^D8cbA
},fE9f.u%I
D$T9A,u
D$:9D$H}
D8d$9t
T$02T$8:T
D2D$0D
A_A^A]A\_^][
SUVWATAUAVAWH
\$`A8XU
L	T$xD
f9O2fD
D$@fA;
fD;L$B
D$2fD9
G4tbfD
g4u[D8o:uUfD9
A_A^A]A\_^][
UVWATAUAVAWH
L9WHuzf
fD;W^sL3
0A_A^A]A\_^]
UVWATAUAVAWH
D$pA8}Ut
C fD	D(
D$P@8xU
l$0t}L
D$X@8xUu D
t$PA8~U
t$PH9~
@F u.A
@8~8uJ
f9C>}?
CF u9H
D$4@8~8t:I
F<A8~UuFD;
A_A^A]A\_^]
\$ UVWATAUAVAWH
l8(t|H
EF McA
0A_A^A]A\_^]
SUVWATAUAVAWH
tBD9}(A
ChH9kHtTH
9h|~$;H|~
L$pE9t$
CxD9G(
A_A^A]A\_^][
WATAUH
tED9'|@
x ATHc
SUVWATAUAVAWH
u,D8oUu&Ic
uy@8oUusA
uG@8oUuA
etLH9k
XA_A^A]A\_^][
x ATAUAVH
 A^A]A\
9K(~!H
9O(~%H
9w(~53
x ATAUAWH
9y(~53
D8cSu	H
 A_A]A\
t$ WATAUAVAWH
 A_A^A]A\_
UVWATAUAVAWH
0A_A^A]A\_^]
VWATAUAVH
D8wUuHD
A^A]A\_^
UVWATAUAVAWH
0A_A^A]A\_^]
h VWATH
|$$YKSM
|$$KRSMt
|$$YKSM
|$$KRSMt
{ ATAUAVH
c@fD9s
L$@H+D$ H
D$@fD9s
A^A]A\
H9{@tAH9{Ht;H9{Pt5H9{Xt/H9{`t)H9{ht#H9{pt
L$@H+D$ H
D$@f9o
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
H!t$ L
H!t$ L
H!t$ L
A_A^A]A\_^]
UVWATAUAVAWH
9s vA3
A_A^A]A\_^]
UVWATAUAVAWH
H!\$ H
H!\$ L
d$`L!l$ L
L!l$ L
|$`L!l$ L
L!l$ E3
A_A^A]A\_^]
t$ WATAUH
@A]A\_
WATAUH
0A]A\_
x ATAUAVH
 A^A]A\
D9D$0v"3
D;D$0s
D9D$@v"3
D;D$@s
9T$Pv!E3
SUVWATAUAVAWH
xA_A^A]A\_^][
UVWATAUH
`A]A\_^]
UVWATAUAVAWH
|$hD;~<
A_A^A]A\_^]
UVWATAUH
>RSA2u
>RSA2u
pA]A\_^]
WAUAVH
WATAUH
pA]A\_
@SUVWATH
0A\_^][
UVWATAUH
pA]A\_^]
UVWATAUAVAWH
H!t$ L
kH!t$ L
FH!t$ L
!H!t$ L
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
WATAUH
0A]A\_
WATAUAVAWH
A_A^A]A\_
WATAUH
 A]A\_
UVWATAUAVAWH
L$ fD;
@A_A^A]A\_^]
WATAUH
 A]A\_
UVWATAUH
0A]A\_^]
x ATAUAVH
 A^A]A\
UVWATAUAVAWH
A_A^A]A\_^]
WATAUAVAWH
0A_A^A]A\_
t$ WATAUH
L!l$@H
D9+vG3
 A]A\_
UVWATAUH
L!l$PH
D9+vG3
 A]A\_^]
h VWATAUAWH
A_A]A\_^
VWAUAVAWH
A_A^A]_^
SUVWATAUAVAWH
XA_A^A]A\_^][
UVWATAUAVAWH
PA_A^A]A\_^]
WATAUAVAWH
!|$d!|$h!|$lH
D$(H!|$ E3
D!d$8H
pA_A^A]A\_
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
VWATAVAWH
t$XfD9&
\$HfD9#
4NfD9&
A_A^A\_^
WATAUH
D9l$8tCL9l$@t<H
D9l$HtCL9l$Pt
D9l$Ht)L9l$Pt"H
WATAUH
0A]A\_
A!8I!x
T$`9\$Xv%H
x ATAUAVH
D$8H!|$0D
A^A]A\
s WATAUH
0A]A\_
p WATAUAVAWH
L9fXt-H
L9f`t$H
K@D!d$ L
D!t$ E3
A_A^A]A\_
VWATAUAWH
A_A]A\_^
SVWATAUAVAWH
A_A^A]A\_^[
s WATAUAVAWH
A_A^A]A\_
WATAUH
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
UVWATAUAVAWH
 A_A^A]A\_^]
H!D$ L
UVWATAUH
A]A\_^]
WATAUAVAWH
A_A^A]A\_
WATAUH
WATAUH
H!|$`H!|$XH!|$PH!|$HH!|$@H!|$8H!|$0H
T$pH!|$(H!|$ L
H!|$0H
D$(H!|$ H
VWATAUAVH
A^A]A\_^
K SUVWATH
!|$@!|$DH!|$HI
A\_^][
WATAUH
H!t$0H
D$(H!t$ E3
UVWATAUAVAWH
A_A^A]A\_^]
x ATAUAVH
A^A]A\
K WATAUAVAWH
A_A^A]A\_
L$H!|$ 
H!|$0H
D$(!|$ D
UVWATAUAVAWH
AAAAAAAAD
BBBBBBBBH
CCCCCCCCE
DDDDDDDDM
EEEEEEEEM
FFFFFFFFI
GGGGGGGGM
JJJJJJJJM
KKKKKKKKM
LLLLLLLLI
MMMMMMMMM
L99t	H
A_A^A]A\_^]
L$ @8q!t
f9w\t$
t$ WATAUAVAWH
A_A^A]A\_
L$XH9i@t
L$PH9l
WATAUAVAWH
\$(D!|$ 
D$(D!|$ L
A_A^A]A\_
WATAUH
AAAAAAAA
DDDDDDDD
EEEEEEEE
CCCCCCCC
FFFFFFFF
MMMMMMMM
LLLLLLLL
LLLLLLLL
LLLLLLLL
GGGGGGGG
JJJJJJJJ
LLLLLLLL
KKKKKKKK
BBBBBBBB
BBBBBBBB
BBBBBBBB
UVWATAUAVAWH
L$ fD;
A_A^A]A\_^]
VWATAUAVH
A^A]A\_^
AAAAAAAA
BBBBBBBB
CCCCCCCC
DDDDDDDD
AAAAAAAAI
BBBBBBBBI
CCCCCCCC
DDDDDDDDI
L$hHcC(LcC,H
D$hLcC,H
JJJJJJJJ
CCCCCCCC
LLLLLLLL
CCCCCCCC
LLLLLLLL
KKKKKKKK
KKKKKKKK
KKKKKKKK
JJJJJJJJ
LLLLLLLL
DDDDDDDD
DDDDDDDD
LLLLLLLL
KKKKKKKK
VWATAUAVH
JJJJJJJJ
KKKKKKKKI
LLLLLLLLI
CCCCCCCCM
DDDDDDDDI
A^A]A\_^
AAAAAAAA
BBBBBBBB
AAAAAAAAD
BBBBBBBB
UVWATAUAVAWH
A_A^A]A\_^]
@SUVWATAUAVH
A^A]A\_^][
@SUVWATAUAVH
A^A]A\_^][
SUVWATH
`A\_^][
UVWATAUH
PA]A\_^]
UVWATAUH
PA]A\_^]
9;tC9~
H!t$h3
H!D$`H
D$HH!t$@H
fD9$Ft,
D$0H!\$(H!\$ M
H!\$PE3
L$H!\$@H
D$0!\$(H!\$ 
D$(H!\$ E3
VWATAUAVH
A^A]A\_^
tPHcL$`
t^HcL$`
H!\$ L
VWATAUAVH
@A^A]A\_^
D$HH!>H
t$0!|$(L
s WATAUH
L9l$Pt
L9l$Pt
D9l$Xu
D9l$Xu
L9l$Hu
L9l$Pt!H
LcL$hD
HcT$lH
SUVWATH
L$d9t$`
A\_^][
L$0HcT
UVWATAUAVAWH
9t+Dv2H
A_A^A]A\_^]
K H!|$ H
D$(H!|$ E3
VATAUAVAWH
D$hD9%
EIHL9a@L
A_A^A]A\^
VWATAUAWH
D$8A!k
A_A]A\_^
WATAUH
D9L$@vNH
D;T$@r
WATAUAVAWH
A_A^A]A\_
UVWATAVH
D9#v43
0A^A\_^]
UVWATAUAVAWH
0A_A^A]A\_^]
WATAUAVAWH
F9|'<vTI
B;\60r
HF;l'<r
 A_A^A]A\_
x ATAUAVH
 A^A]A\
A9|$<vMH
A;|$<r
WATAUAVAWH
HA;,$r
 A_A^A]A\_
D;t7<r
WATAUH
 A]A\_
x ATAUAVH
 A^A]A\
WATAUH
 A]A\_
WATAUH
x ATAUAVH
 A^A]A\
UVWATAUH
pA]A\_^]
k VWATH
VWATAUAVH
A^A]A\_^
9w0v%3
SUVWATAUAVAWH
l$PD;t
A_A^A]A\_^][
t!9oPt
WATAUAVAWH
 A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
UVWATAUAVAWH
D$x9B<
 A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
SUVWATH
D$0!l$(H!l$ D
D$0!l$(H!l$ H
A\_^][
UVWATAUAVAWH
H!\$ L
H!\$P!
9|$Ht&H
9|$0t!H
A_A^A]A\_^]
WATAUH
V 9Z4t
9_tvlH
t/H9\$Ht$H
L$XHcA
D$XHcL$pD
t=HcD$@D
D$ HcL$pH
tOHcC,L
t(HcK0L
VWATAUAVH
|$\RUUU
A^A]A\_^
t$ WAUAVH
@A^A]_
VWATAUAWH
L$ H;L$0
A_A]A\_^
D$HH;L$PtTH
\$@L;\$Pu
L9l$hu
L9l$xu
L9l$pu
L9l$Xt
UVWATAUAVAWH
@8,8tDI
HcK E3
HcK$E3
HcK(E3
@8,8t	LcK$L
@A_A^A]A\_^]
D$ HcL$pH
tCHcC,H
HcL$pH
tCHcC0H
HcL$pH
9wDuGH!t$8H!t$0H
H!t$(H
D$8HcD*
WATAUH
@A]A\_
WATAUH
NcD(hH
JcL(xH
UVWATAUAVAWH
|$PJcL*
L$`JcL*hH
H9L$xt
RH9L$pt 
A_A^A]A\_^]
UVWATAUAVAWH
`A_A^A]A\_^]
WATAUH
IcT(HH
HcD)LH
HcD(PH
HcD( H
HcD((H
HcD($H
HcD(,H
HcD(8H
HcD(4H
HcD(0H
uGH!|$8H!|$0H!|$(H
[ UVWATAUAVAWH
t$HcG<
H;|80u	I
pA_A^A]A\_^]
SUVWATAUAVH
 A^A]A\_^][
l$ VWATAUAVH
A^A]A\_^
[ UVWATAUAVAWH
D8t$\t
\$pD8t$Qt
A_A^A]A\_^]
@SUVWATH
PA\_^][
\$ UVWATAUAVAWH
9D$PtfD;
A_A^A]A\_^]
9L$8|1H;
\$ UVWATAUAVAWH
A_A^A]A\_^]
9\$8|bH;
UVWATAUAVAWH
D$0fE;
`A_A^A]A\_^]
WATAUAVAWH
A_A^A]A\_
[ UVWATAUAVAWH
l$dfD;
t$t8\$ht
fE9<$uvfA9l$
A_A^A]A\_^]
LcA<E3
u*9Q<|%
SVWATAUAVAWH
@A_A^A]A\_^[
SVWATAUAVAWH
@A_A^A]A\_^[
UVWATAUAVAWH
`9\$(u
fD92r&H
\$@fD3
\$DfE#
\$HfA;
A_A^A]A\_^]
l$ VWATH
bcrypt.dll
>`ncrypt.dll
Invalid parameter passed to C runtime function.
(null)
```hhh
xppwpp
%04hu%02hu%02hu%02hu%02hu%02huZ
012345678.F? !!
NTPASSWORD
LMPASSWORD
NTPASSWORDHISTORY
LMPASSWORDHISTORY
!@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%
0123456789012345678901234567890123456789
3.13.0
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
******""""""""""""""""""""
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
&&					
	&&&&&&&&&&	
BINARY
0123456789ABCDEF0123456789abcdef
thstndrd
SQLite format 3
  !!""##$$%%&&''(())**++,,--..//00112233445566778899
;98:0123456789ABCDEF
onoffalseyestruextrafull
naturaleftouterightfullinnercross
 !"#$%
'()*+,-./0133
 !"#$%
'()*+,-./01+,-./019
 !"#$%
'()*+,-./01f
 !"#$%P'()*+,-./01
 !"#$%j'()*+,-./01
 !"#$%
'()*+,-./01
 !"#$%
'()*+,-./01
 !"#$%B'()*+,-./01
 !"#$%
'()*+,-./01
 !"#$%
'()*+,-./01
 !"#$%n'()*+,-./01
 !"#$%3'()*+,-./01
 !"#$%
'()*+,-./01
fghijkl+,-
34s234+,
|+,2343
234"#$%&'()*+,-./01'()*+,-./01
de01h{
b3dedbhde
"#$%d'()*+,-./01
3333333333333333333333333333333333333333333333
CONSTRAINTOFFSETABLEFTHENDESCAPELSELECTRANSACTIONATURALLIKEYSAVEPOINTEMPORARYWITHOUTERELEASEXCLUSIVEXISTSBEGINDEXEDELETEBETWEENOTNULLIMITCASECOLLATECREATECURRENT_DATEGROUPDATEIGNORECURSIVEIMMEDIATEJOINNEREGEXPRIMARYMATCHECKVALUESWHENWHEREPLACEABORTANDEFAULTASCOMMITCONFLICTCROSSCURRENT_TIMESTAMPDEFERREDISTINCTDROPFAILFROMFULLGLOBYHAVINGIFINSERTISNULLORDERIGHTROLLBACKUNIQUEUSING
6666666
1.2.840.113556.1.4.27
1.2.840.113556.1.4.135
1.2.840.113556.1.4.129
1.2.840.113556.1.4.125
1.2.840.113556.1.4.160
1.2.840.113556.1.4.55
1.2.840.113556.1.4.94
1.2.840.113556.1.4.90
memory
private
shared
file is encrypted or is not a database
bind or column index out of range
auxiliary database format error
authorization denied
large file support is disabled
library routine called out of sequence
datatype mismatch
constraint failed
table contains no data
locking protocol
unable to open database file
database or disk is full
unknown operation
database disk image is malformed
disk I/O error
interrupted
attempt to write a readonly database
database table is locked
database is locked
callback requested query abort
access permission denied
SQL logic error or missing database
not an error
threads
soft_heap_limit
shrink_memory
cell_size_check
case_sensitive_like
busy_timeout
coalesce
group_concat
substr
zeroblob
replace
total_changes
changes
last_insert_rowid
sqlite_log
sqlite_source_id
sqlite_version
nullif
randomblob
random
ifnull
unicode
printf
length
typeof
likely
likelihood
unlikely
FOREIGN KEY
UNIQUE
NOT NULL
win32-longpath
FlushViewOfFile
UuidCreateSequential
UuidCreate
InterlockedCompareExchange
CreateFileMappingFromApp
GetProcessHeap
OutputDebugStringW
OutputDebugStringA
GetNativeSystemInfo
GetTickCount64
LoadPackagedLibrary
CreateFile2
MapViewOfFileFromApp
GetFileInformationByHandleEx
SetFilePointerEx
WaitForSingleObjectEx
WaitForSingleObject
CreateEventExW
WriteFile
WideCharToMultiByte
UnmapViewOfFile
UnlockFileEx
UnlockFile
SystemTimeToFileTime
SetFilePointer
SetEndOfFile
ReadFile
QueryPerformanceCounter
MultiByteToWideChar
MapViewOfFile
LockFileEx
LockFile
LocalFree
LoadLibraryW
LoadLibraryA
HeapCompact
HeapValidate
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GetVersionExW
GetVersionExA
GetTickCount
GetTempPathW
GetTempPathA
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetProcAddressA
GetLastError
GetFullPathNameW
GetFullPathNameA
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetCurrentProcessId
FreeLibrary
FormatMessageW
FormatMessageA
FlushFileBuffers
FileTimeToSystemTime
FileTimeToLocalFileTime
DeleteFileW
DeleteFileA
CreateMutexW
CreateFileMappingW
CreateFileMappingA
CreateFileW
CreateFileA
CloseHandle
CharUpperW
CharLowerW
AreFileApisANSI
current_timestamp
%Y-%m-%d %H:%M:%S
current_date
%Y-%m-%d
current_time
%H:%M:%S
failed to allocate %u bytes of memory
failed memory resize %u to %u bytes
(NULL)
922337203685477580
API call with %s database connection pointer
unopened
invalid
OsError 0x%lx (%lu)
os_win.c:%d: (%lu) %s(%s) - %s
delayed %dms for lock/sharing conflict at line %d
winSeekFile
winClose
winRead
winWrite1
winWrite2
winTruncate1
winTruncate2
winSync1
winSync2
winFileSize
winUnlockReadLock
winUnlock
winUnmapfile1
winUnmapfile2
winMapfile1
winMapfile2
etilqs_
winGetTempname1
winGetTempname2
winGetTempname3
winGetTempname4
winGetTempname5
winOpen
winDelete
winAccess
%s%c%s
winFullPathname1
winFullPathname2
winFullPathname3
winFullPathname4
recovered %d pages from %s
-journal
nolock
immutable
out of memory
%!.15g
%s-mjXXXXXX9XXz
MJ delete: %s
MJ collide: %s
-mj%06X9%02X
API called with finalized prepared statement
API called with NULL prepared statement
string or blob too big
unable to use function %s in the requested context
bind on a busy prepared statement: [%s]
%s constraint failed
%z: %s
abort at %d in [%s]: %s
cannot open savepoint - SQL statements in progress
no such savepoint: %s
cannot release savepoint - SQL statements in progress
cannot commit transaction - SQL statements in progress
cannot start a transaction within a transaction
cannot rollback - no transaction is active
cannot commit - no transaction is active
database schema has changed
sqlite_master
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
statement aborts at %d: [%s] %s
misuse of aliased aggregate %s
no such column
ambiguous column name
%s: %s.%s.%s
%s: %s.%s
%s: %s
partial index WHERE clauses
index expressions
%s prohibited in %s
the "." operator
functions
second argument to likelihood() must be a constant between 0.0 and 1.0
non-deterministic functions
misuse of aggregate function %.*s()
no such function: %.*s
wrong number of arguments to function %.*s()
subqueries
parameters
%r %s BY term out of range - should be between 1 and %d
too many terms in ORDER BY clause
%r ORDER BY term does not match any column in the result set
too many terms in %s BY clause
a GROUP BY clause is required before HAVING
aggregate functions are not allowed in the GROUP BY clause
Expression tree is too large (maximum depth %d)
variable number must be between ?1 and ?%d
too many SQL variables
too many columns in %s
_ROWID_
oversized integer: %s%s
misuse of aggregate: %s()
unknown function: %s()
%s %T cannot reference objects in database %s
no such table
corrupt database
unknown database %T
sqlite_
object name reserved for internal use: %s
table %T already exists
there is already an index named %s
too many columns on %s
duplicate column name: %s
default value of column [%s] is not constant
table "%s" has more than one primary key
INTEGER
CREATE TABLE 
AUTOINCREMENT not allowed on WITHOUT ROWID tables
PRIMARY KEY missing on table %s
CREATE %s %.*s
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
tbl_name='%q' AND type!='trigger'
sqlite_stat%d
DELETE FROM %Q.%s WHERE %s=%Q
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
sqlite_stat
table %s may not be dropped
cannot create a TEMP index on non-TEMP table "%s"
altertab_
table %s may not be indexed
there is already a table named %s
index %s already exists
sqlite_autoindex_%s_%d
expressions prohibited in PRIMARY KEY and UNIQUE constraints
conflicting ON CONFLICT clauses specified
 UNIQUE
CREATE%s INDEX %.*s
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
name='%q' AND type='index'
no such index: %S
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
a JOIN clause is required before %s
index '%q'
%s.rowid
duplicate WITH table name: %s
no such collation sequence: %s
table %s may not be modified
rows deleted
integer
integer overflow
LIKE or GLOB pattern too complex
ESCAPE expression must be a single character
%!.20e
table %S has no column named %s
table %S has %d columns but %d values were supplied
%d values for %d columns
rows inserted
automatic extension loading failed: %s
malformed database schema (%s)
%z - %s
create 
invalid rootpage
CREATE TABLE x(type text,name text,tbl_name text,rootpage integer,sql text)
attached databases must use the same text encoding as main database
unsupported file format
SELECT name, rootpage, sql FROM "%w".%s ORDER BY rowid
statement too long
unknown or unsupported join type: %T %T%s%T
RIGHT and FULL OUTER JOINs are not currently supported
a NATURAL join may not have an ON or USING clause
cannot have both ON and USING clauses in the same join
cannot join using column %s - column not present in both tables
UNION ALL
INTERSECT
EXCEPT
column%d
%.*z:%u
all VALUES must have the same number of terms
SELECTs to the left and right of %s do not have the same number of result columns
no such index: %s
'%s' is not a function
multiple references to recursive table: %s
circular reference: %s
table %s has %d values for %d columns
multiple recursive references: %s
recursive reference in a subquery: %s
too many references to "%s": max 65535
%s.%s.%s
no such table: %s
no tables specified
too many columns in result set
DISTINCT aggregates must have exactly one argument
no such column: %s
rows updated
BINARY
too many arguments on %s() - max %d
no query solution
at most %d tables in a join
too many terms in compound SELECT
syntax error after column name "%.*s"
parser stack overflow
unknown table option: %.*s
set list
near "%T": syntax error
too many arguments on function %T
unrecognized token: "%T"
2016-05-18 10:57:30 fc49f556e48970561d7ab6a2f24fdd7d9eb81ff2
unable to close due to unfinalized statements or unfinished backups
unknown error
abort due to ROLLBACK
unable to delete/modify user-function due to active statements
unable to delete/modify collation sequence due to active statements
localhost
invalid uri authority: %.*s
access
no such %s mode: %s
%s mode not allowed: %s
no such vfs: %s
NOCASE
%s at line %d of [%.10s]
database corruption
misuse
cannot open file
ncrypt.dll
bcrypt.dll
CPGenKey
CPDeriveKey
CPDestroyKey
CPSetKeyParam
CPGetKeyParam
CPExportKey
CPImportKey
CPEncrypt
CPDecrypt
CPDuplicateKey
logins
select signon_realm, origin_url, username_value, password_value from logins
cookies
select host_key, path, name, creation_utc, expires_utc, encrypted_value from cookies order by host_key, path, name
select count(*) from sqlite_master where type='table' and name=?
Hj1diQ6kpUx7VC4m
6jnkd5J3ZdQDtrsu
xT5rZW5qVVbrvpuA
Kerberos
t{{t{i}t{i}t{
{t{{t{i}t{
t{{t{{{t{
}}}}}}
}t{{t{i}t{o}}}t{
t{{{t{i}t{
{{t{i}t{o}}}
{t{i}t{{
{t{i}t{o}}
<root>
CardAcquireContext
mimikatz
1.3.6.1.4.1.311.20.2.3
2.5.29.17
2.5.29.15
2.5.29.37
2.5.29.14
2.5.29.35
2.5.29.31
2.5.29.19
1.2.840.113549.1.1.5
2.5.4.3
2.5.4.11
2.5.4.10
2.5.4.6
1.3.14.3.2.29
1.3.6.1.5.5.7.3.2
1.3.6.1.4.1.311.20.2.2
SamIConnect
SamrCloseHandle
SamIRetrievePrimaryCredentials
SamrOpenDomain
SamrOpenUser
SamrQueryInformationUser
SamIFree_SAMPR_USER_INFO_BUFFER
VirtualAlloc
memcpy
LocalAlloc
fwprintf
fclose
SystemParametersInfoW
NtQuerySystemInformationEx
VaultEnumerateItemTypes
VaultEnumerateVaults
VaultOpenVault
VaultGetInformation
VaultEnumerateItems
VaultCloseVault
VaultFree
VaultGetItem
1.2.840.113556.1.4.133
1.2.840.113556.1.4.609
1.2.840.113556.1.4.146
1.2.840.113556.1.4.96
1.2.840.113556.1.4.159
1.2.840.113556.1.4.8
1.2.840.113556.1.4.302
1.2.840.113556.1.4.656
1.2.840.113556.1.4.221
1.2.840.113556.1.4.1
attributeID
attributeSyntax
systemFlags
2.5.4.0
1.2.840.113556.1.2.14
1.2.840.113556.1.2.36
1.2.840.113556.1.2.115
1.2.840.113556.1.4.307
1.2.840.113556.1.4.375
1.2.840.113556.1.4.515
1.2.840.113556.1.4.1459
1.2.840.113556.1.4.1820
1.2.840.113556.1.4.1836
LsaICancelNotification
LsaIRegisterNotification
CredentialKeys
Primary
"t	@"d
BCryptFreeBuffer
BCryptEnumRegisteredProviders
BCryptEncrypt
BCryptOpenAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptDecrypt
BCryptSetProperty
BCryptDestroyKey
BCryptGetProperty
NCryptOpenStorageProvider
NCryptFreeObject
NCryptGetProperty
NCryptSetProperty
NCryptImportKey
NCryptOpenKey
NCryptFreeBuffer
NCryptEnumKeys
NCryptExportKey
CryptSetHashParam
CryptGetHashParam
CryptExportKey
CryptAcquireContextW
CryptSetKeyParam
CryptGetKeyParam
CryptReleaseContext
CryptDuplicateKey
CryptAcquireContextA
CryptGetProvParam
CryptImportKey
SystemFunction007
CryptEncrypt
CryptCreateHash
CryptGenKey
CryptDestroyKey
CryptDecrypt
CryptDestroyHash
CryptHashData
CopySid
GetLengthSid
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
CreateWellKnownSid
CreateProcessWithLogonW
CreateProcessAsUserW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
SystemFunction032
ConvertSidToStringSidW
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
SetServiceObjectSecurity
OpenServiceW
BuildSecurityDescriptorW
QueryServiceObjectSecurity
StartServiceW
AllocateAndInitializeSid
QueryServiceStatusEx
FreeSid
ControlService
IsTextUnicode
OpenProcessToken
GetTokenInformation
LookupAccountNameW
LookupAccountSidW
DuplicateTokenEx
CheckTokenMembership
ConvertStringSidToSidW
LsaFreeMemory
CryptSetProvParam
CryptEnumProvidersW
CryptEnumProviderTypesW
SystemFunction006
CryptGetUserKey
OpenEventLogW
GetNumberOfEventLogRecords
ClearEventLogW
SystemFunction001
SystemFunction005
LsaQueryTrustedDomainInfoByName
LsaOpenSecret
LsaQuerySecret
SystemFunction013
LsaRetrievePrivateData
LsaEnumerateTrustedDomainsEx
LookupPrivilegeValueW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
IsValidSid
LookupPrivilegeNameW
OpenThreadToken
SetThreadToken
CredFree
CredEnumerateW
GetSidSubAuthority
GetSidSubAuthorityCount
SystemFunction025
ConvertStringSecurityDescriptorToSecurityDescriptorW
SystemFunction024
ADVAPI32.dll
CertAddEncodedCertificateToStore
CertOpenStore
CertFreeCertificateContext
CertCloseStore
CertSetCertificateContextProperty
PFXExportCertStoreEx
CryptUnprotectData
CryptBinaryToStringW
CryptStringToBinaryW
CryptProtectData
CryptExportPublicKeyInfo
CryptAcquireCertificatePrivateKey
CertNameToStrW
CertGetNameStringW
CertAddCertificateContextToStore
CertFindCertificateInStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CryptSignAndEncodeCertificate
CertEnumSystemStore
CryptEncodeObject
CRYPT32.dll
CDLocateCheckSum
MD5Final
MD5Update
MD5Init
CDGenerateRandomBits
CDLocateCSystem
cryptdll.dll
FilterFindFirst
FilterFindNext
FLTLIB.DLL
DsGetDcNameW
NetApiBufferFree
NetRemoteTOD
NetSessionEnum
NetServerGetInfo
NetShareEnum
NetStatisticsGet
NetWkstaUserEnum
NETAPI32.dll
CoCreateInstance
CoUninitialize
CoInitializeEx
ole32.dll
OLEAUT32.dll
RpcBindingFromStringBindingW
RpcStringBindingComposeW
MesEncodeIncrementalHandleCreate
RpcBindingSetAuthInfoExW
RpcBindingInqAuthClientW
RpcBindingSetOption
RpcImpersonateClient
RpcBindingFree
RpcStringFreeW
RpcRevertToSelf
MesDecodeIncrementalHandleCreate
MesHandleFree
MesIncrementalHandleReset
NdrMesTypeDecode2
NdrMesTypeAlignSize2
NdrMesTypeFree2
NdrMesTypeEncode2
RpcServerUnregisterIfEx
I_RpcBindingInqSecurityContext
RpcServerInqBindings
RpcServerListen
RpcMgmtWaitServerListen
RpcEpRegisterW
RpcMgmtStopServerListening
RpcBindingToStringBindingW
RpcServerRegisterIf2
RpcServerRegisterAuthInfoW
RpcBindingVectorFree
UuidToStringW
RpcServerUseProtseqEpW
RpcEpUnregister
NdrServerCall2
NdrClientCall2
UuidCreate
RpcEpResolveBinding
RpcMgmtEpEltInqDone
RpcMgmtEpEltInqNextW
RpcMgmtEpEltInqBegin
I_RpcGetCurrentCallHandle
RPCRT4.dll
PathIsRelativeW
PathCanonicalizeW
PathCombineW
PathIsDirectoryW
PathFindFileNameW
SHLWAPI.dll
SamQueryInformationUser
SamCloseHandle
SamEnumerateDomainsInSamServer
SamFreeMemory
SamEnumerateUsersInDomain
SamOpenUser
SamLookupDomainInSamServer
SamLookupNamesInDomain
SamLookupIdsInDomain
SamOpenDomain
SamConnect
SamSetInformationUser
SamiChangePasswordUser
SamEnumerateGroupsInDomain
SamGetGroupsForUser
SamGetMembersInGroup
SamRidToSid
SamGetMembersInAlias
SamEnumerateAliasesInDomain
SamGetAliasMembership
SamOpenGroup
SamOpenAlias
SAMLIB.dll
QueryContextAttributesW
FreeContextBuffer
LsaLookupAuthenticationPackage
LsaFreeReturnBuffer
LsaDeregisterLogonProcess
LsaConnectUntrusted
LsaCallAuthenticationPackage
Secur32.dll
CommandLineToArgvW
SHELL32.dll
IsCharAlphaNumericW
GetKeyboardLayout
USER32.dll
CreateEnvironmentBlock
DestroyEnvironmentBlock
USERENV.dll
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
VERSION.dll
HidP_GetCaps
HidD_FreePreparsedData
HidD_GetAttributes
HidD_GetHidGuid
HidD_GetPreparsedData
HID.DLL
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SETUPAPI.dll
SCardGetAttrib
SCardEstablishContext
SCardFreeMemory
SCardConnectW
SCardListReadersW
SCardDisconnect
SCardReleaseContext
SCardGetCardTypeProviderNameW
SCardListCardsW
WinSCard.dll
WinStationCloseServer
WinStationEnumerateW
WinStationOpenServerW
WinStationFreeMemory
WinStationConnectW
WinStationQueryInformationW
WINSTA.dll
WLDAP32.dll
A_SHAInit
A_SHAFinal
A_SHAUpdate
advapi32.dll
ASN1_CreateModule
ASN1BERDotVal2Eoid
ASN1_CloseEncoder
ASN1_CreateDecoder
ASN1_FreeEncoded
ASN1_CloseModule
ASN1_CreateEncoder
ASN1_CloseDecoder
msasn1.dll
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlDowncaseUnicodeString
RtlFreeUnicodeString
RtlInitUnicodeString
RtlEqualUnicodeString
NtQueryObject
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
NtQuerySystemInformation
RtlGetCurrentPeb
NtQueryInformationProcess
RtlCreateUserThread
RtlGUIDFromString
RtlStringFromGUID
NtCompareTokens
RtlGetNtVersionNumbers
RtlUpcaseUnicodeString
RtlAppendUnicodeStringToString
RtlAnsiStringToUnicodeString
RtlFreeOemString
RtlUpcaseUnicodeStringToOemString
NtResumeProcess
RtlAdjustPrivilege
NtSuspendProcess
NtTerminateProcess
NtQuerySystemEnvironmentValueEx
NtSetSystemEnvironmentValueEx
NtEnumerateSystemEnvironmentValuesEx
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
RtlEqualString
ntdll.dll
I_NetServerReqChallenge
I_NetServerTrustPasswordsGet
I_NetServerAuthenticate2
netapi32.dll
VirtualProtect
FileTimeToSystemTime
WriteFile
TerminateThread
ReadFile
CreateFileW
GetLastError
LocalAlloc
CloseHandle
LocalFree
CreateThread
CreateFileA
SetFilePointer
FileTimeToLocalFileTime
GetTempPathA
DeleteFileA
FindFirstFileW
GetFileAttributesW
FlushFileBuffers
GetFileSizeEx
GetCurrentDirectoryW
FindClose
FindNextFileW
ExpandEnvironmentStringsW
GetCurrentProcess
OpenProcess
DuplicateHandle
DeviceIoControl
GetComputerNameExW
VirtualQuery
VirtualFree
VirtualQueryEx
VirtualFreeEx
ReadProcessMemory
VirtualAlloc
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetConsoleOutputCP
SetConsoleOutputCP
CreateProcessW
SetLastError
WaitForSingleObject
CreateRemoteThread
lstrlenW
GetDateFormatW
SystemTimeToFileTime
GetSystemTimeAsFileTime
WideCharToMultiByte
GetTimeFormatW
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
GetFileSize
CreateMutexW
HeapCompact
TryEnterCriticalSection
SetEndOfFile
HeapAlloc
QueryPerformanceCounter
HeapFree
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
FormatMessageA
InitializeCriticalSection
FormatMessageW
GetVersionExW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
MultiByteToWideChar
GetTempPathW
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
CreateFileMappingA
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
OutputDebugStringA
GetVersionExA
DeleteFileW
GetCurrentProcessId
GetSystemTime
AreFileApisANSI
ExitProcess
RaiseException
SetConsoleCtrlHandler
SetConsoleTitleW
lstrlenA
FreeLibrary
LoadLibraryW
GetProcAddress
GetModuleHandleW
SetHandleInformation
CreatePipe
SetEvent
CreateEventW
SetConsoleCursorPosition
GetTimeZoneInformation
GetStdHandle
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetCurrentDirectoryW
GetCurrentThread
ProcessIdToSessionId
GetComputerNameW
GetProcessId
LoadLibraryA
KERNEL32.dll
strrchr
_wcsicmp
_vscwprintf
_stricmp
wcsrchr
wcschr
strtoul
_wcsnicmp
wcsstr
memmove
wcstoul
wcstol
towupper
_wcstoui64
_errno
_wcsdup
vfwprintf
fflush
_wfopen
wprintf
_fileno
vwprintf
_setmode
fclose
gmtime
malloc
_msize
strftime
realloc
fgetws
_wpgmptr
getchar
msvcrt.dll
memcpy
memset
__C_specific_handler
__wgetmainargs
_XcptFilter
_cexit
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
calloc
isdigit
isspace
mbtowc
__mb_cur_max
isleadbyte
isxdigit
localeconv
_snprintf
wctomb
ferror
iswctype
wcstombs
?terminate@@YAXXZ
__badioinfo
__pioinfo
_lseeki64
_write
_isatty
ungetc
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThreadId
memcmp
__chkstk
C$CrdA
G$CrdAH
NTLMSSP
"3DUfw
"3DUfw
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
;JWHDTc
4GZ}HYj
8L_6;Ys
5UpP9Wq
:Sh_N^m
E\n(C[n
9Tl?8Sk
&C\I&B\
 CaL Ba
'V}L&U|
,PoL,Po
!A\+!B]
;^I*Ro
;L`bFVe
;Um07Tn
@VhR<Ui
.Jbv+Jd
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1"0 
Certum Trusted Network CA0
151029113029Z
270609113029Z0
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1$0"
Certum Code Signing CA SHA20
http://crl.certum.pl/ctnca.crl0k
http://subca.ocsp-certum.com01
%http://repository.certum.pl/ctnca.cer09
http://www.certum.pl/CPS0
"3;vlG
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1$0"
Certum Code Signing CA SHA20
171204095034Z
181204095034Z0
Open Source Developer1
Ile de France1.0,
%Open Source Developer, Benjamin Delpy1&0$
benjamin@gentilkiwi.com0
!http://crl.certum.pl/cscasha2.crl0q
http://cscasha2.ocsp-certum.com04
(http://repository.certum.pl/cscasha2.cer0
(}b?NON
cscasha2@certum.pl0
https://www.certum.pl/CPS0
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1$0"
Certum Code Signing CA SHA2
$http://blog.gentilkiwi.com/mimikatz 0
20180203223355Z0
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1
Certum EV TSA SHA2
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1"0 
Certum Trusted Network CA0
160308131043Z
270530131043Z0w1
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1
Certum EV TSA SHA20
http://crl.certum.pl/ctnca.crl0k
http://subca.ocsp-certum.com01
%http://repository.certum.pl/ctnca.cer0@
http://www.certum.pl/CPS0
=3+|y4N
8q={sd
<4b{gg
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1"0 
Certum Trusted Network CA
180203223355Z0/
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1"0 
Certum Trusted Network CA
@h`-f;
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1"0 
Certum Trusted Network CA0
151029113029Z
270609113029Z0
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1$0"
Certum Code Signing CA SHA20
http://crl.certum.pl/ctnca.crl0k
http://subca.ocsp-certum.com01
%http://repository.certum.pl/ctnca.cer09
http://www.certum.pl/CPS0
"3;vlG
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1$0"
Certum Code Signing CA SHA20
171204095034Z
181204095034Z0
Open Source Developer1
Ile de France1.0,
%Open Source Developer, Benjamin Delpy1&0$
benjamin@gentilkiwi.com0
!http://crl.certum.pl/cscasha2.crl0q
http://cscasha2.ocsp-certum.com04
(http://repository.certum.pl/cscasha2.cer0
(}b?NON
cscasha2@certum.pl0
https://www.certum.pl/CPS0
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1$0"
Certum Code Signing CA SHA2
$http://blog.gentilkiwi.com/mimikatz 0
20180203223358Z0
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1
Certum EV TSA SHA2
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1"0 
Certum Trusted Network CA0
160308131043Z
270530131043Z0w1
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1
Certum EV TSA SHA20
http://crl.certum.pl/ctnca.crl0k
http://subca.ocsp-certum.com01
%http://repository.certum.pl/ctnca.cer0@
http://www.certum.pl/CPS0
=3+|y4N
8q={sd
<4b{gg
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1"0 
Certum Trusted Network CA
180203223358Z0/
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1"0 
Certum Trusted Network CA