MZ@ !L!This program cannot be run in DOS mode. $<߱RRRURUPRRichRPEL! < `@ 98.rdata@@.rsrc@ :@@Ȱ T88Ȱ$8.rdata8x.rdata$zzzdbg 0.rsrc$010#Q.rsrc$02 3_r徎sd@Ȱ((@ rstu0vHw`xxyz{|}~ 8HXhx0##80:p= - c[ <ServerName> /QUERY - g <ServerName> netlogon gR /REPL - :_6R(W <ServerName> BDC NR Tek /SYNC - :_6R(W <ServerName> BDC N[hQ Tek /PDC_REPL - :_6RN <ServerName> PDC gbL UAS f9emo` /SC_QUERY:<DomainName> - g <ServerName> N <Domain> v[hQS /SC_RESET:<DomainName>[\<DcName>] - \ <ServerName> N <Domain> v[hQS͑n:N <DcName> /SC_VERIFY:<DomainName> - <ServerName> N <Domain> v[hQS /SC_CHANGE_PWD:<DomainName> - f9e <ServerName> N <Domain> v[hQS[x /DCLIST:<DomainName> - S <DomainName> v DC Rh /DCNAME:<DomainName> - S <DomainName> v PDC Ty /DSGETDC:<DomainName> - (u DsGetDcName /PDC /DS /DSP /GC /KDC /TIMESERV /GTIMESERV /WS /NETBIOS /DNS /IP /FORCE /WRITABLE /AVOIDSELF /LDAPONLY /BACKG /DS_6 /DS_8 /DS_9 /DS_10 /KEYLIST /TRY_NEXT_CLOSEST_SITE /SITE:<SiteName> /ACCOUNT:<AccountName> /RET_DNS /RET_NETBIOS /DNSGETDC:<DomainName> - (u DsGetDcOpen/Next/Close /PDC /GC /KDC /WRITABLE /LDAPONLY /FORCE /SITESPEC /DSGETFTI:<DomainName> - (u DsGetForestTrustInformation /UPDATE_TDO /LSAQUERYFTI:<TrustedForest> - Call LsaQueryForestTrustInformation /DSGETSITE - (u DsGetSiteName /DSGETSITECOV - (u DsGetDcSiteCoverage /DSADDRESSTOSITE:[MachineName] - (u DsAddressToSiteNamesEx /ADDRESSES:<Address1,Address2,...> /PARENTDOMAIN - Sdk{:gv6rW T /WHOWILL:<Domain>* <User> [<Iteration>] - g w <Domain> /f&T\{vU_ <User> /FINDUSER:<User> - g wT*NSONvW\{vU_ <User> /TRANSPORT_NOTIFY - \e Ow netlogon /DBFLAG:<HexFlags> - eՋh_ /USER:<UserName> - g <ServerName> Nv(u7bOo` /TIME:<Hex LSL> <Hex MSL> - \ NT GMT elbc:N ASCII /LOGON_QUERY - g/}{vU_\Ջ!kpe /DOMAIN_TRUSTS - g <ServerName> NvWON /PRIMARY /FOREST /DIRECT_OUT /DIRECT_IN /ALL_TRUSTS /V /DSREGDNS - :_6RlQ@b gyr[N DC v DNS U_ /DSDEREGDNS:<DnsHostName> - [Nc[v DC SmlQyr[N DC v DNS U_ /DOM:<DnsDomainName> /DOMGUID:<DomainGuid> /DSAGUID:<DsaGuid> /DSQUERYDNS - g@b gyr[N DC v DNS U_vgяfer` /BDC_QUERY:<DomainName> - g <DomainName> v BDC Y6Rr` /LIST_DELTAS:<FileName> - >f:y~[f9ee_eNvQ[ /CDIGEST:<Message> /DOMAIN:<DomainName> - S[7bzXd /SDIGEST:<Message> /RID:<RID in hex> - S gRhVXd /SHUTDOWN:<Reason> [<Seconds>] - 1uN <Reason> sQ <ServerName> /SHUTDOWN_ABORT - -Nbk|~sQ (zz) 0x%lX eHe %wZ el\eN GMT lbc:N,g0We , *** e1Y%: %hs%hs *** neN: %hs L %ld elS mailslot (%hs) : %ld elbRI{_S^NN %ld elbRI{_Y*N[a %ld eHev WaitStatus ԏVN %ld elS͑SvT^ %ldT^ %ld: RgT^1Y%: T^ N/f[NS_MR(u7b T %ws s.b. %ws S:%ws D:%ws A:%ws (Ssd\O) (*gSsd\O)  (netlogon ]f\P)  (*gwvd\Ox: %lx) h: %ws W: %ws ;N:g: %ws  h_: 0x%lx l g6e0RN %ld vT^(%hs) c[v NetBIOS Wb gRhV T %ws eHe(*Y) Nn:N 64 ُ/f/ecvg'Y

NOV gR[\Pbk %ws]1Y%: c6R gR[\Pbk %ws]1Y%: ck(W\Pbk %ws gR g gRr`[%ws]1Y%: *g\Pbk %ws gR ~b N0R DC elS DC Rh0/W %ws /fNMRv Windows 2000 W0(O(u NetServerEnum)0 _W %ws -N DC vRh(N %ws -N)0 1`Ol gCgP0R %ws (%ws) v DsBind (\Ջ NetServerEnum)0 el DsBind 0R %ws (%ws)0-el(u0R %ws (%ws) v DsGetDomainControllerInfoW0 zp: %wsPA %ws vQX[RM1Y% 0W@W %hs v WSAStringToAddressA 1Y%0WSAAddressToStringA 1Y%0 el_ %hs v0W@W0 el_,g0W{:gv0W@W0elRYS winsock: S DC Ty1Y%: 0W@W0Rzp Tyvlbc1Y%:  S %hs vzpP[Q f\(N %hs -N)0  N %hs -NS,g0W{:gvzpP[Q f\0  N %hs -NSzpP[Q f\0 el_R[ CSP (=%lu) QX[ N /SHUTDOWN: v,{N*NSpe_{/fpeW[0 gRhV TyeHe I_NetLogonControl 1Y%: h_: %lxޏc  N!kfevQ-NN*Nyr[ DC v DNS U_eQsEe  N!kfe@b gyr[ DC v DNS U_el gQsEe W T: %ws SONv DC Ty %ws SONv DC ޏcr`ON\Ջ{vU_v!kpe: %ld {[xv NtOwf 1Y%: 0x%lxNT OWF [x(uN: %hs LM OWF [x(uN: %hs ! ----- [x*gN unicode ۏLlbc ---- NT OWF [xR[: 0x%lx LM OWF [xR[: 0x%lx R[wQ g"}_v NtOwf ԏV 0x%lx NetGetDCName 1Y%: W %ws v PDC :N %ws  DC: %ws  0W@W: %ws  Dom Guid: %ws  Dom Ty: %ws g Ty: %ws  DC zp Ty: %ws bNvzp Ty: %ws h_: NDNC PDC GC DS LDAP KDCPA TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE PARTIAL_SECRET FULL_SECRET SgONOo`1Y%: TLN: %wZ Dom: %wZ (%wZ) eHev{|W: %ld I_NetGetDCList 1Y%: W %ws -Nv DC Rh  %wZ NULL (PDC) gRhV: %ws  I_NetLogonControl 1Y%: SyncState : IN_SYNC  REPLICATION_IN_PROGRESS  REPLICATION_NEEDED  *gw  ޏcr`: /TR|~sQ:g1Y%: AbortSystemShutdown 1Y%: g>NWON1Y%: WONvRh: S DC zpvV1Y%: S6rW1Y%: PA: c[vW GUID eHe : c[v DSA GUID eHe SmlQ DNS ;N:gU_1Y%: /TR DC g>N1Y%: ! c*O:gz^cRv^NQ SRV OHQ~TCg͑v DC Rh: zpyr[: ^zpyr[: fJT: l gc[{|WvS(uU_ : DNS gRhVEe: : DNS gcQ勡{:g N*gMn IP : DNS g1Y%: SON RID 1Y%: {[7bzXd1Y%: { gRhVXd1Y%: ^7b RID: 0x%lx PAeXd: eXd: dk}TNbR[b  /BP - (W <ServerName> Nv Netlogon -N:_6Rep /TRUNC - *bee_eN(͑}T T:N *.bak) /UNLOAD - N lsass.exe -NxS} netlogon.dll /PWD:<CleartextPassword> - c[R[v[x /RID:<HexRid> - R[[x@bO(uv RID /ADD_SA:<Name> - (uwQ gc[^7b Tyv NetAddServiceAccount /LINKONLY - Scs g^7b FO N\ՋR^^7bvh /PWD:<ClearPassword> - _ RODC mRv[x /DEL_SA:<Name> - (uwQ gc[^7b Tyv NetRemoveSserviceAccount /LINKONLY - \dk{:gN gR^7bSmc FOv^ N Rd^7bvh /LOCALONLY - S Rd,g0W^7bDn FO N[ DC ۏLNUOf9evh /ENUM_SA - (u NetEnumerateServiceAccount /QUERY_SA:<Name> - (uwQ gc[^7b Tyv NetQueryServiceAccount /IS_SA:<Name> - (uwQ gc[^7b Tyv NetIsServiceAccount FULL_SYNC  PARTIAL_SYNC  REPLICATION_IN_PROGRESS REPLICATION_NEEDED REDO_NEEDED HAS_IP  HAS_TIMESERV  WS*gc[Spe0O(u /? S gsQ}TNLSpev.^R0  DS_8 {[7bz~{ T1Y%: { gRhV~{ T1Y%: e~{ T: e~{ T: [xT ^