From c91408fa70636e86141fed2728b6f05929978659 Mon Sep 17 00:00:00 2001
From: Adam <adam.douglass@cyber.gc.ca>
Date: Mon, 3 Apr 2023 12:45:19 -0400
Subject: [PATCH 01/49] rate limit updates

---
 assemblyline_v4_service/common/base.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/assemblyline_v4_service/common/base.py b/assemblyline_v4_service/common/base.py
index 71004edc..8484a4af 100644
--- a/assemblyline_v4_service/common/base.py
+++ b/assemblyline_v4_service/common/base.py
@@ -29,6 +29,7 @@
 UPDATES_DIR = os.environ.get('UPDATES_DIR', '/updates')
 UPDATES_CA = os.environ.get('UPDATES_CA', '/etc/assemblyline/ssl/al_root-ca.crt')
 PRIVILEGED = os.environ.get('PRIVILEGED', 'false') == 'true'
+MIN_SECONDS_BETWEEN_UPDATES = 10.0
 
 RECOVERABLE_RE_MSG = [
     "cannot schedule new futures after interpreter shutdown",
@@ -77,6 +78,7 @@ def __init__(self, config: Optional[Dict] = None) -> None:
         self.rules_directory: str = None
         self.rules_list: list = []
         self.update_time: int = None
+        self.update_check_time: float = 0.0
         self.rules_hash: str = None
 
     @property
@@ -236,6 +238,12 @@ def working_directory(self):
 
     # Only relevant for services using updaters (reserving 'updates' as the defacto container name)
     def _download_rules(self):
+        # check if we just tried to download rules to reduce traffic
+        if time.time() - self.update_check_time < MIN_SECONDS_BETWEEN_UPDATES:
+            return
+        self.update_check_time = time.time()
+
+        # Resolve the update target
         scheme, verify = 'http', None
         if os.path.exists(UPDATES_CA):
             scheme, verify = 'https', UPDATES_CA

From 3c316498a990f3857e51322d3313381ab9f9b4fd Mon Sep 17 00:00:00 2001
From: Adam <adam.douglass@cyber.gc.ca>
Date: Mon, 3 Apr 2023 13:03:00 -0400
Subject: [PATCH 02/49] load time constant from environment

---
 assemblyline_v4_service/common/base.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/assemblyline_v4_service/common/base.py b/assemblyline_v4_service/common/base.py
index 8484a4af..ee4a99b0 100644
--- a/assemblyline_v4_service/common/base.py
+++ b/assemblyline_v4_service/common/base.py
@@ -29,7 +29,7 @@
 UPDATES_DIR = os.environ.get('UPDATES_DIR', '/updates')
 UPDATES_CA = os.environ.get('UPDATES_CA', '/etc/assemblyline/ssl/al_root-ca.crt')
 PRIVILEGED = os.environ.get('PRIVILEGED', 'false') == 'true'
-MIN_SECONDS_BETWEEN_UPDATES = 10.0
+MIN_SECONDS_BETWEEN_UPDATES = float(os.environ.get('MIN_SECONDS_BETWEEN_UPDATES', '10.0'))
 
 RECOVERABLE_RE_MSG = [
     "cannot schedule new futures after interpreter shutdown",

From fbc11074c4b81ba8bd037040643383d8951b8347 Mon Sep 17 00:00:00 2001
From: Adam <adam.douglass@cyber.gc.ca>
Date: Tue, 18 Apr 2023 13:03:41 -0400
Subject: [PATCH 03/49] counter between updates

---
 assemblyline_v4_service/common/base.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/assemblyline_v4_service/common/base.py b/assemblyline_v4_service/common/base.py
index 71004edc..ee4a99b0 100644
--- a/assemblyline_v4_service/common/base.py
+++ b/assemblyline_v4_service/common/base.py
@@ -29,6 +29,7 @@
 UPDATES_DIR = os.environ.get('UPDATES_DIR', '/updates')
 UPDATES_CA = os.environ.get('UPDATES_CA', '/etc/assemblyline/ssl/al_root-ca.crt')
 PRIVILEGED = os.environ.get('PRIVILEGED', 'false') == 'true'
+MIN_SECONDS_BETWEEN_UPDATES = float(os.environ.get('MIN_SECONDS_BETWEEN_UPDATES', '10.0'))
 
 RECOVERABLE_RE_MSG = [
     "cannot schedule new futures after interpreter shutdown",
@@ -77,6 +78,7 @@ def __init__(self, config: Optional[Dict] = None) -> None:
         self.rules_directory: str = None
         self.rules_list: list = []
         self.update_time: int = None
+        self.update_check_time: float = 0.0
         self.rules_hash: str = None
 
     @property
@@ -236,6 +238,12 @@ def working_directory(self):
 
     # Only relevant for services using updaters (reserving 'updates' as the defacto container name)
     def _download_rules(self):
+        # check if we just tried to download rules to reduce traffic
+        if time.time() - self.update_check_time < MIN_SECONDS_BETWEEN_UPDATES:
+            return
+        self.update_check_time = time.time()
+
+        # Resolve the update target
         scheme, verify = 'http', None
         if os.path.exists(UPDATES_CA):
             scheme, verify = 'https', UPDATES_CA

From 8291113e3a5c42a2fa9bf4417159713dc7ac2133 Mon Sep 17 00:00:00 2001
From: Adam <adam.douglass@cyber.gc.ca>
Date: Tue, 18 Apr 2023 14:13:01 -0400
Subject: [PATCH 04/49] watch for interruptions in service change

---
 assemblyline_v4_service/updater/updater.py | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/assemblyline_v4_service/updater/updater.py b/assemblyline_v4_service/updater/updater.py
index ae66432d..0ba479c8 100644
--- a/assemblyline_v4_service/updater/updater.py
+++ b/assemblyline_v4_service/updater/updater.py
@@ -107,14 +107,17 @@ def __init__(self, logger: logging.Logger = None,
                                         host=self.config.core.redis.nonpersistent.host,
                                         port=self.config.core.redis.nonpersistent.port)
 
-        self.service_change_watcher = EventWatcher(self.redis, deserializer=ServiceChange.deserialize)
+        self.watcher_wakeup_flag = threading.Event()
+        self.service_change_watcher = EventWatcher(self.redis, deserializer=ServiceChange.deserialize,
+                                                   error_event=self.watcher_wakeup_flag)
         self.service_change_watcher.register(f'changes.services.{SERVICE_NAME}', self._handle_service_change_event)
 
-        self.signature_change_watcher = EventWatcher(self.redis, deserializer=SignatureChange.deserialize)
+        self.signature_change_watcher = EventWatcher(self.redis, deserializer=SignatureChange.deserialize,
+                                                     error_event=self.watcher_wakeup_flag)
         self.signature_change_watcher.register(f'changes.signatures.{SERVICE_NAME.lower()}',
                                                self._handle_signature_change_event)
 
-        self.source_update_watcher = EventWatcher(self.redis)
+        self.source_update_watcher = EventWatcher(self.redis, error_event=self.watcher_wakeup_flag)
         self.source_update_watcher.register(f'changes.sources.{SERVICE_NAME.lower()}',
                                             self._handle_source_update_event)
 
@@ -132,6 +135,7 @@ def __init__(self, logger: logging.Logger = None,
             'Outward HTTP Server': self._run_http,
             'Run source updates': self._run_source_updates,
             'Run local updates': self._run_local_updates,
+            'Reconnect Handler': self._reconnect_watcher,
         }
         # Only used by updater with 'generates_signatures: false'
         self.latest_updates_dir = os.path.join(UPDATER_DIR, 'latest_updates')
@@ -195,6 +199,7 @@ def stop(self):
         self.source_update_flag.set()
         self.local_update_flag.set()
         self.local_update_start.set()
+        self.watcher_wakeup_flag.set()
 
     def try_run(self):
         self.signature_change_watcher.start()
@@ -202,6 +207,15 @@ def try_run(self):
         self.source_update_watcher.start()
         self.maintain_threads(self.expected_threads)
 
+    def _reconnect_watcher(self):
+        while self.running:
+            if self.watcher_wakeup_flag.wait():
+                self.watcher_wakeup_flag.clear()
+                if self.running:
+                    self._pull_settings()
+                    self.local_update_flag.set()
+                    self.source_update_flag.set()
+
     def _run_http(self):
         # Start a server for our http interface in a separate process
         my_env = os.environ.copy()

From 866e019bbdb4a547706d72226ce16253e2fa2b54 Mon Sep 17 00:00:00 2001
From: Adam <adam.douglass@cyber.gc.ca>
Date: Thu, 20 Apr 2023 13:40:50 -0400
Subject: [PATCH 05/49] handle pubsub reconnect

---
 assemblyline_v4_service/updater/updater.py | 39 ++++++++--------------
 1 file changed, 14 insertions(+), 25 deletions(-)

diff --git a/assemblyline_v4_service/updater/updater.py b/assemblyline_v4_service/updater/updater.py
index 0ba479c8..ba95c8f0 100644
--- a/assemblyline_v4_service/updater/updater.py
+++ b/assemblyline_v4_service/updater/updater.py
@@ -107,17 +107,14 @@ def __init__(self, logger: logging.Logger = None,
                                         host=self.config.core.redis.nonpersistent.host,
                                         port=self.config.core.redis.nonpersistent.port)
 
-        self.watcher_wakeup_flag = threading.Event()
-        self.service_change_watcher = EventWatcher(self.redis, deserializer=ServiceChange.deserialize,
-                                                   error_event=self.watcher_wakeup_flag)
+        self.service_change_watcher = EventWatcher(self.redis, deserializer=ServiceChange.deserialize)
         self.service_change_watcher.register(f'changes.services.{SERVICE_NAME}', self._handle_service_change_event)
 
-        self.signature_change_watcher = EventWatcher(self.redis, deserializer=SignatureChange.deserialize,
-                                                     error_event=self.watcher_wakeup_flag)
+        self.signature_change_watcher = EventWatcher(self.redis, deserializer=SignatureChange.deserialize)
         self.signature_change_watcher.register(f'changes.signatures.{SERVICE_NAME.lower()}',
                                                self._handle_signature_change_event)
 
-        self.source_update_watcher = EventWatcher(self.redis, error_event=self.watcher_wakeup_flag)
+        self.source_update_watcher = EventWatcher(self.redis)
         self.source_update_watcher.register(f'changes.sources.{SERVICE_NAME.lower()}',
                                             self._handle_source_update_event)
 
@@ -135,7 +132,6 @@ def __init__(self, logger: logging.Logger = None,
             'Outward HTTP Server': self._run_http,
             'Run source updates': self._run_source_updates,
             'Run local updates': self._run_local_updates,
-            'Reconnect Handler': self._reconnect_watcher,
         }
         # Only used by updater with 'generates_signatures: false'
         self.latest_updates_dir = os.path.join(UPDATER_DIR, 'latest_updates')
@@ -199,7 +195,6 @@ def stop(self):
         self.source_update_flag.set()
         self.local_update_flag.set()
         self.local_update_start.set()
-        self.watcher_wakeup_flag.set()
 
     def try_run(self):
         self.signature_change_watcher.start()
@@ -207,15 +202,6 @@ def try_run(self):
         self.source_update_watcher.start()
         self.maintain_threads(self.expected_threads)
 
-    def _reconnect_watcher(self):
-        while self.running:
-            if self.watcher_wakeup_flag.wait():
-                self.watcher_wakeup_flag.clear()
-                if self.running:
-                    self._pull_settings()
-                    self.local_update_flag.set()
-                    self.source_update_flag.set()
-
     def _run_http(self):
         # Start a server for our http interface in a separate process
         my_env = os.environ.copy()
@@ -236,17 +222,20 @@ def config_hash(service: Service) -> int:
             return 0
         return hash(json.dumps(service.update_config.as_primitives()))
 
-    def _handle_source_update_event(self, data: list[str]):
-        # Received an event regarding a change to source
-        self.log.info(f'Triggered to update the following: {data}')
-        self.do_source_update(self._service, specific_sources=data)
-        self.local_update_flag.set()
+    def _handle_source_update_event(self, data: Optional[list[str]]):
+        if data is not None:
+            # Received an event regarding a change to source
+            self.log.info(f'Triggered to update the following: {data}')
+            self.do_source_update(self._service, specific_sources=data)
+            self.local_update_flag.set()
+        else:
+            self.source_update_flag.set()
 
-    def _handle_signature_change_event(self, data: SignatureChange):
+    def _handle_signature_change_event(self, data: Optional[SignatureChange]):
         self.local_update_flag.set()
 
-    def _handle_service_change_event(self, data: ServiceChange):
-        if data.operation == Operation.Modified:
+    def _handle_service_change_event(self, data: Optional[ServiceChange]):
+        if data is None or data.operation == Operation.Modified:
             self._pull_settings()
 
     def _sync_settings(self):

From 44028a5f7a06efef3d4097a61dc2eaafac153364 Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Fri, 28 Apr 2023 17:05:26 +0000
Subject: [PATCH 06/49] Give updaters the `manage_signature` role

---
 assemblyline_v4_service/updater/updater.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/assemblyline_v4_service/updater/updater.py b/assemblyline_v4_service/updater/updater.py
index ba95c8f0..1cfc8bb0 100644
--- a/assemblyline_v4_service/updater/updater.py
+++ b/assemblyline_v4_service/updater/updater.py
@@ -51,7 +51,7 @@
 UI_SERVER = os.getenv('UI_SERVER', 'https://nginx')
 UI_SERVER_ROOT_CA = os.environ.get('UI_SERVER_ROOT_CA', '/etc/assemblyline/ssl/al_root-ca.crt')
 UPDATER_DIR = os.getenv('UPDATER_DIR', os.path.join(tempfile.gettempdir(), 'updater'))
-UPDATER_API_ROLES = ['signature_import', 'signature_download', 'signature_view', 'safelist_manage', 'apikey_access']
+UPDATER_API_ROLES = ['signature_import', 'signature_download', 'signature_view', 'safelist_manage', 'apikey_access', 'signature_manage']
 STATUS_FILE = '/tmp/status'
 
 classification = forge.get_classification()
@@ -602,8 +602,8 @@ def ensure_service_account(self):
         uname = 'update_service_account'
         user_data = self.datastore.user.get_if_exists(uname)
         if user_data:
-            if user_data.roles:
-                # User exists and has roles, we're good to go
+            if user_data.roles and user_data.roles == UPDATER_API_ROLES:
+                # User exists and has the expected roles, we're good to go
                 return uname
 
             # User exist but has no roles, let's update the user's roles

From 662573d3481f1d6100a44db493a7ffb928ac7765 Mon Sep 17 00:00:00 2001
From: cccs-jh <63320703+cccs-jh@users.noreply.github.com>
Date: Wed, 3 May 2023 13:58:34 -0400
Subject: [PATCH 07/49] Fix type issues in result.py

---
 assemblyline_v4_service/common/result.py | 26 ++++++++++++------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/assemblyline_v4_service/common/result.py b/assemblyline_v4_service/common/result.py
index a5825543..d2ca1f0b 100644
--- a/assemblyline_v4_service/common/result.py
+++ b/assemblyline_v4_service/common/result.py
@@ -72,7 +72,7 @@ def __init__(self, heur_id: int,
                  signature: Optional[str] = None,
                  attack_ids: Optional[List[str]] = None,
                  signatures: Optional[Dict[str, int]] = None,
-                 frequency: Optional[int] = 1,
+                 frequency: int = 1,
                  score_map: Optional[Dict[str, int]] = None):
 
         # Lazy load heuristics
@@ -205,7 +205,7 @@ def increment_frequency(self, frequency: int = 1):
 
 
 class SectionBody:
-    def __init__(self, body_format: BODY_FORMAT, body=None):
+    def __init__(self, body_format, body=None):
         self._format = body_format
         self._data = body
 
@@ -417,7 +417,7 @@ class MultiSectionBody(SectionBody):
     def __init__(self) -> None:
         super().__init__(BODY_FORMAT.MULTI, body=[])
 
-    def add_section_body(self, section_body: SectionBody) -> str:
+    def add_section_body(self, section_body: SectionBody) -> None:
         self._data.append((section_body.format, section_body._data))
 
 
@@ -428,7 +428,7 @@ def __init__(self) -> None:
 
 class TimelineSectionBody(SectionBody):
     def __init__(self):
-        return super().__init__(BODY_FORMAT.TIMELINE, body=[])
+        super().__init__(BODY_FORMAT.TIMELINE, body=[])
 
     def add_node(self, title: str, content: str, opposite_content: str,
                  icon: str = None, signatures: List[str] = [], score: int = 0) -> None:
@@ -442,7 +442,7 @@ def __init__(
             title_text: Union[str, List],
             body: Optional[Union[str, SectionBody]] = None,
             classification: Optional[Classification] = None,
-            body_format: BODY_FORMAT = BODY_FORMAT.TEXT,
+            body_format=BODY_FORMAT.TEXT,
             heuristic: Optional[Heuristic] = None,
             tags: Optional[Dict[str, List[str]]] = None,
             parent: Optional[Union[ResultSection, Result]] = None,
@@ -463,8 +463,8 @@ def __init__(
             self._body_format = body.format
             self._body = body.body
         else:
-            self._body_format: BODY_FORMAT = body_format
-            self._body: str = body
+            self._body_format = body_format
+            self._body = body
         self.classification: Classification = classification or SERVICE_ATTRIBUTES.default_result_classification
         self.depth: int = 0
         self._tags = tags or {}
@@ -577,10 +577,10 @@ def finalize(self, depth: int = 0) -> bool:
 
         return True
 
-    def set_body(self, body: Union[str, SectionBody], body_format: BODY_FORMAT = None) -> None:
+    def set_body(self, body: Union[str, SectionBody], body_format=None) -> None:
         if isinstance(body, SectionBody):
             self._body = body.body
-            self._body_format = body.body_format
+            self._body_format = body._format
         else:
             self._body = body
             if body_format:
@@ -635,7 +635,7 @@ def add_line(self, text: Union[str, List]) -> None:
     def add_lines(self, line_list: List[str]) -> None:
         raise InvalidFunctionException("Do not use default add_lines method in a type specific section.")
 
-    def set_body(self, body: Union[str, SectionBody], body_format: BODY_FORMAT = BODY_FORMAT.TEXT) -> None:
+    def set_body(self, body: Union[str, SectionBody], body_format=BODY_FORMAT.TEXT) -> None:
         raise InvalidFunctionException("Do not use default set_body method in a type specific section.")
 
 
@@ -757,7 +757,7 @@ def __init__(self, title_text: Union[str, List], **kwargs):
         self.section_body: MultiSectionBody
         super().__init__(title_text,  MultiSectionBody(), **kwargs)
 
-    def add_section_part(self, section_part: SectionBody) -> bool:
+    def add_section_part(self, section_part: SectionBody) -> None:
         self.section_body.add_section_body(section_part)
 
 
@@ -820,8 +820,8 @@ def finalize(self) -> Dict[str, Any]:
         for section in self.sections:
             self._flatten_sections(section)
 
-        for section in self._flattened_sections:
-            heuristic = section.get('heuristic')
+        for flattened_section in self._flattened_sections:
+            heuristic = flattened_section.get('heuristic')
             if heuristic:
                 self._score += heuristic['score']
 

From 58d75d1c6eeee2dc12cb18d2ab0d50274dba195c Mon Sep 17 00:00:00 2001
From: gdesmar <75089569+gdesmar@users.noreply.github.com>
Date: Mon, 8 May 2023 13:39:21 +0000
Subject: [PATCH 08/49] Opening the ontology file with 'with'

---
 assemblyline_v4_service/common/ontology_helper.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/assemblyline_v4_service/common/ontology_helper.py b/assemblyline_v4_service/common/ontology_helper.py
index 6728da37..0967531d 100644
--- a/assemblyline_v4_service/common/ontology_helper.py
+++ b/assemblyline_v4_service/common/ontology_helper.py
@@ -174,7 +174,8 @@ def merge_tags(tag_a, tag_b):
         # Include Ontological data
         ontology_suffix = f"{request.sha256}.ontology"
         ontology_path = os.path.join(working_dir, ontology_suffix)
-        open(ontology_path, 'w').write(json.dumps(ontology))
+        with open(ontology_path, 'w') as f:
+            f.write(json.dumps(ontology))
         attachment_name = f'{request.task.service_name}_{ontology_suffix}'.lower()
         request.add_supplementary(path=ontology_path, name=attachment_name,
                                   description=f"Result Ontology from {request.task.service_name}",

From abb7b656f5d72e0ec70bf9ee5ef5d3a70194bcf3 Mon Sep 17 00:00:00 2001
From: cccs-kevin <kevin.hardy-cooper@cyber.gc.ca>
Date: Wed, 17 May 2023 14:55:36 +0000
Subject: [PATCH 09/49] Bugfix with uppercasing GUIDs; Removing unreachable
 code

---
 .../common/dynamic_service_helper.py          |  8 +----
 test/test_dynamic_service_helper.py           | 35 +++++++------------
 2 files changed, 13 insertions(+), 30 deletions(-)

diff --git a/assemblyline_v4_service/common/dynamic_service_helper.py b/assemblyline_v4_service/common/dynamic_service_helper.py
index eee60056..06cb4798 100644
--- a/assemblyline_v4_service/common/dynamic_service_helper.py
+++ b/assemblyline_v4_service/common/dynamic_service_helper.py
@@ -1913,7 +1913,7 @@ def add_process(self, process: Process) -> None:
         :return: None
         """
         if self._validate_process(process):
-            self._guid_process_map[process.objectid.guid] = process
+            self._guid_process_map[process.objectid.guid.upper()] = process
             self.set_parent_details(process)
             self.set_child_details(process)
             self.processes.append(process)
@@ -3279,12 +3279,6 @@ def convert_sysmon_processes(
                 else:
                     process["start_time"] = MIN_TIME
                     process["end_time"] = t
-            elif name == "utctime" and event_id in [10]:
-                if "." in text:
-                    text = text[:text.index(".")]
-                t = str(datetime.strptime(text, LOCAL_FMT))
-                process["start_time"] = t
-                process["time_observed"] = t
             elif name == "utctime":
                 if "." in text:
                     text = text[:text.index(".")]
diff --git a/test/test_dynamic_service_helper.py b/test/test_dynamic_service_helper.py
index eb5dd216..1820dcc8 100644
--- a/test/test_dynamic_service_helper.py
+++ b/test/test_dynamic_service_helper.py
@@ -1,30 +1,18 @@
-import pytest
 import os
 from uuid import UUID
 
+import pytest
+
 SERVICE_CONFIG_NAME = "service_manifest.yml"
 TEMP_SERVICE_CONFIG_PATH = os.path.join("/tmp", SERVICE_CONFIG_NAME)
 
 
-from assemblyline_v4_service.common.dynamic_service_helper import (
-    convert_sysmon_network,
-    convert_sysmon_processes,
-    extract_iocs_from_text_blob,
-    set_required_argument,
-    set_optional_argument,
-    update_object_items,
-    Artifact,
-    Attribute,
-    HOLLOWSHUNTER_TITLE,
-    NetworkConnection,
-    NetworkDNS,
-    NetworkHTTP,
-    ObjectID,
-    OntologyResults,
-    Sandbox,
-    Signature,
-    Process,
-)
+from assemblyline_v4_service.common.dynamic_service_helper import (HOLLOWSHUNTER_TITLE, Artifact, Attribute,
+                                                                   NetworkConnection, NetworkDNS, NetworkHTTP, ObjectID,
+                                                                   OntologyResults, Process, Sandbox, Signature,
+                                                                   convert_sysmon_network, convert_sysmon_processes,
+                                                                   extract_iocs_from_text_blob, set_optional_argument,
+                                                                   set_required_argument, update_object_items)
 
 
 def setup_module():
@@ -1776,7 +1764,9 @@ def test_add_process():
         )
         default_or.add_process(p)
         process_as_primitives = default_or.processes[0].as_primitives()
-        assert str(UUID(process_as_primitives["objectid"].pop("guid")))
+        guid = process_as_primitives["objectid"].pop("guid")
+        assert guid.isupper()
+        assert str(UUID(guid))
         assert process_as_primitives == {
             "objectid": {
                 "tag": "blah",
@@ -8665,7 +8655,7 @@ def test_validate_artifacts(artifact_list):
         ],
     )
     def test_handle_artifact(artifact, expected_result_section_title):
-        from assemblyline_v4_service.common.result import ResultSection, Heuristic
+        from assemblyline_v4_service.common.result import Heuristic, ResultSection
 
         if artifact is None:
             with pytest.raises(Exception):
@@ -8905,7 +8895,6 @@ def test_preprocess_ontology():
            'pimage': None, 'pcommand_line': None, 'ppid': None, 'pid': 123, 'image': 'blah', 'command_line': None,
            'integrity_level': None, 'image_hash': None, 'original_file_name': None}), ])
     def test_convert_sysmon_processes(sysmon, expected_process, mocker):
-        from uuid import UUID
         so = OntologyResults(service_name="CAPE")
         mocker.patch.object(so, "sandboxes", return_value="blah")
         safelist = {}

From d144842c787855d067cc01dc81f7537a51e4c502 Mon Sep 17 00:00:00 2001
From: cccs-kevin <kevin.hardy-cooper@cyber.gc.ca>
Date: Wed, 17 May 2023 15:21:59 +0000
Subject: [PATCH 10/49] Only uppercase guid if it is a string

---
 assemblyline_v4_service/common/dynamic_service_helper.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/assemblyline_v4_service/common/dynamic_service_helper.py b/assemblyline_v4_service/common/dynamic_service_helper.py
index 06cb4798..3f98381e 100644
--- a/assemblyline_v4_service/common/dynamic_service_helper.py
+++ b/assemblyline_v4_service/common/dynamic_service_helper.py
@@ -1913,7 +1913,10 @@ def add_process(self, process: Process) -> None:
         :return: None
         """
         if self._validate_process(process):
-            self._guid_process_map[process.objectid.guid.upper()] = process
+            if isinstance(process.objectid.guid, str):
+                self._guid_process_map[process.objectid.guid.upper()] = process
+            else:
+                self._guid_process_map[process.objectid.guid] = process
             self.set_parent_details(process)
             self.set_child_details(process)
             self.processes.append(process)

From e32dbb76c1395cd0d12e260a3e8afa37da9f31a1 Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Thu, 18 May 2023 11:02:05 +0000
Subject: [PATCH 11/49] Propagate SkipSource exceptions from git clones

---
 assemblyline_v4_service/updater/updater.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/assemblyline_v4_service/updater/updater.py b/assemblyline_v4_service/updater/updater.py
index 1cfc8bb0..eccbb8cc 100644
--- a/assemblyline_v4_service/updater/updater.py
+++ b/assemblyline_v4_service/updater/updater.py
@@ -421,6 +421,8 @@ def do_source_update(self, service: Service, specific_sources: list[str] = []) -
                                 # First we'll attempt by performing a Git clone
                                 # (since not all services hint at being a repository in their URL),
                                 output = git_clone_repo(source, old_update_time, self.log, update_dir)
+                            except SkipSource:
+                                raise
                             except Exception as git_ex:
                                 # Should that fail, we'll attempt a direct-download using Python Requests
                                 if not uri.endswith('.git'):

From 344aca172a7786fc281c3ff93c0f9eac4ac2158c Mon Sep 17 00:00:00 2001
From: cccs-kevin <kevin.hardy-cooper@cyber.gc.ca>
Date: Thu, 18 May 2023 14:50:41 +0000
Subject: [PATCH 12/49] Sort IOCs extracted from blobs

---
 .../common/dynamic_service_helper.py             | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/assemblyline_v4_service/common/dynamic_service_helper.py b/assemblyline_v4_service/common/dynamic_service_helper.py
index 3f98381e..7c28f456 100644
--- a/assemblyline_v4_service/common/dynamic_service_helper.py
+++ b/assemblyline_v4_service/common/dynamic_service_helper.py
@@ -19,11 +19,17 @@
 from assemblyline.odm.models.ontology.results import Process as ProcessModel
 from assemblyline.odm.models.ontology.results import Sandbox as SandboxModel
 from assemblyline.odm.models.ontology.results import Signature as SignatureModel
+
 # from assemblyline_v4_service.common.balbuzard.patterns import PatternMatch
 from assemblyline_v4_service.common.base import ServiceBase
 from assemblyline_v4_service.common.request import ServiceRequest
-from assemblyline_v4_service.common.result import (ProcessItem, ResultProcessTreeSection, ResultSection,
-                                                   ResultTableSection, TableRow)
+from assemblyline_v4_service.common.result import (
+    ProcessItem,
+    ResultProcessTreeSection,
+    ResultSection,
+    ResultTableSection,
+    TableRow,
+)
 from assemblyline_v4_service.common.safelist_helper import URL_REGEX, is_tag_safelisted
 from assemblyline_v4_service.common.tag_helper import add_tag
 from assemblyline_v4_service.common.task import MaxExtractedExceeded
@@ -3526,7 +3532,7 @@ def extract_iocs_from_text_blob(
     # TODO: Are we missing IOCs to the point where we need a different regex?
     # uris = {uri.decode() for uri in set(findall(PatternMatch.PAT_URI_NO_PROTOCOL, blob.encode()))} - domains - ips
     uris = set(findall(URL_REGEX, blob)) - domains - ips
-    for ip in ips:
+    for ip in sorted(ips):
         if add_tag(result_section, f"network.{network_tag_type}.ip", ip, safelist):
             if not result_section.section_body.body:
                 result_section.add_row(TableRow(ioc_type="ip", ioc=ip))
@@ -3535,7 +3541,7 @@ def extract_iocs_from_text_blob(
                 not in result_section.section_body.body
             ):
                 result_section.add_row(TableRow(ioc_type="ip", ioc=ip))
-    for domain in domains:
+    for domain in sorted(domains):
         if enforce_char_min and len(domain) < MIN_DOMAIN_CHARS:
             continue
         if enforce_domain_char_max and len(domain) > MAX_DOMAIN_CHARS:
@@ -3567,7 +3573,7 @@ def extract_iocs_from_text_blob(
             ):
                 result_section.add_row(TableRow(ioc_type="domain", ioc=domain))
 
-    for uri in uris:
+    for uri in sorted(uris):
         if enforce_char_min and len(uri) < MIN_URI_CHARS:
             continue
         if any(invalid_uri_char in uri for invalid_uri_char in ['"', "'", '<', '>', "(", ")"]):

From 15796915997ba9e2bc355202913f541a853aed0d Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Fri, 19 May 2023 15:55:01 +0000
Subject: [PATCH 13/49] Incorporate new `body_config` field into Section types
 + add custom column ordering for Table sections

---
 assemblyline_v4_service/common/result.py | 27 +++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/assemblyline_v4_service/common/result.py b/assemblyline_v4_service/common/result.py
index d2ca1f0b..ef200d42 100644
--- a/assemblyline_v4_service/common/result.py
+++ b/assemblyline_v4_service/common/result.py
@@ -208,6 +208,7 @@ class SectionBody:
     def __init__(self, body_format, body=None):
         self._format = body_format
         self._data = body
+        self._config = {}
 
     @property
     def format(self):
@@ -222,6 +223,10 @@ def body(self) -> str | None:
         else:
             return self._data
 
+    @property
+    def config(self) -> dict:
+        return self._config
+
     def set_body(self, body):
         self._data = body
 
@@ -396,6 +401,11 @@ def __init__(self) -> None:
 
     def add_row(self, row: TableRow) -> None:
         self._data.append(row)
+        self.set_column_order(list(row.keys()))
+
+    def set_column_order(self, order: List[str]):
+        self._config = {'column_order': order}
+
 
 
 class ImageSectionBody(SectionBody):
@@ -418,7 +428,7 @@ def __init__(self) -> None:
         super().__init__(BODY_FORMAT.MULTI, body=[])
 
     def add_section_body(self, section_body: SectionBody) -> None:
-        self._data.append((section_body.format, section_body._data))
+        self._data.append((section_body.format, section_body._data, section_body._config))
 
 
 class DividerSectionBody(SectionBody):
@@ -461,10 +471,12 @@ def __init__(
         self._subsections: List[ResultSection] = []
         if isinstance(body, SectionBody):
             self._body_format = body.format
+            self._body_config = body.config
             self._body = body.body
         else:
             self._body_format = body_format
             self._body = body
+            self._body_config = {}
         self.classification: Classification = classification or SERVICE_ATTRIBUTES.default_result_classification
         self.depth: int = 0
         self._tags = tags or {}
@@ -497,6 +509,10 @@ def body(self):
     def body_format(self):
         return self._body_format
 
+    @property
+    def body_config(self):
+        return self._body_config
+
     @property
     def heuristic(self):
         return self._heuristic
@@ -629,6 +645,10 @@ def __init__(self, title_text: Union[str, List], section_body: SectionBody, **kw
     def body(self):
         return self.section_body.body
 
+    @property
+    def body_config(self):
+        return self.section_body.config
+
     def add_line(self, text: Union[str, List]) -> None:
         raise InvalidFunctionException("Do not use default add_line method in a type specific section.")
 
@@ -720,6 +740,10 @@ def __init__(self, title_text: Union[str, List], **kwargs):
 
     def add_row(self, row: TableRow) -> None:
         self.section_body.add_row(row)
+        self.set_column_order(list(row.keys()))
+
+    def set_column_order(self, order: List[str]):
+        self.section_body.set_column_order(order)
 
 
 class ResultImageSection(TypeSpecificResultSection):
@@ -772,6 +796,7 @@ def _append_section(self, section: ResultSection) -> None:
             body=section.body,
             classification=section.classification,
             body_format=section.body_format,
+            body_config=section.body_config,
             depth=section.depth,
             heuristic=get_heuristic_primitives(section.heuristic),
             tags=unflatten(section.tags),

From c4283a229275c94f71570470a8af885025a49ee7 Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Tue, 23 May 2023 11:37:42 +0000
Subject: [PATCH 14/49] Show example of setting table column ordering in
 ResultSample service

---
 assemblyline_result_sample_service/result_sample.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/assemblyline_result_sample_service/result_sample.py b/assemblyline_result_sample_service/result_sample.py
index b02cdba8..fc24a1de 100644
--- a/assemblyline_result_sample_service/result_sample.py
+++ b/assemblyline_result_sample_service/result_sample.py
@@ -323,6 +323,8 @@ def execute(self, request):
                         "an_int": 103,
                     },
                 }}))
+            # Optional: Set column ordering for table
+            table_section.set_column_order(['a_str', 'a_bool', 'an_int', 'extra_column_there', 'nested_key_value_pair'])
             result.add_section(table_section)
 
             # ==================================================================

From 95c80d5a816d614e1e5ab9bf32e4e1d0de894501 Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Tue, 23 May 2023 15:43:02 +0000
Subject: [PATCH 15/49] Provide more explanation on inferred column ordering

---
 assemblyline_result_sample_service/result_sample.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/assemblyline_result_sample_service/result_sample.py b/assemblyline_result_sample_service/result_sample.py
index fc24a1de..e9c5d53c 100644
--- a/assemblyline_result_sample_service/result_sample.py
+++ b/assemblyline_result_sample_service/result_sample.py
@@ -323,7 +323,9 @@ def execute(self, request):
                         "an_int": 103,
                     },
                 }}))
-            # Optional: Set column ordering for table
+            # Optional: Set custom column ordering for table.
+            # Column order is automatically inferred/updated on `ResultTableSection.add_row()`.
+            # Passing an empty list ([]) to `ResultTableSection.set_column_order()` will display the columns in alphabetical order
             table_section.set_column_order(['a_str', 'a_bool', 'an_int', 'extra_column_there', 'nested_key_value_pair'])
             result.add_section(table_section)
 

From de408946da5ce4addadf117706ccf62d05d26e75 Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Tue, 23 May 2023 16:37:02 +0000
Subject: [PATCH 16/49] Add an update_hash to ensure updates are in-sync with
 services

---
 assemblyline_v4_service/common/base.py     | 4 +++-
 assemblyline_v4_service/updater/app.py     | 1 +
 assemblyline_v4_service/updater/updater.py | 5 +++++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/assemblyline_v4_service/common/base.py b/assemblyline_v4_service/common/base.py
index ee4a99b0..6d07281d 100644
--- a/assemblyline_v4_service/common/base.py
+++ b/assemblyline_v4_service/common/base.py
@@ -78,6 +78,7 @@ def __init__(self, config: Optional[Dict] = None) -> None:
         self.rules_directory: str = None
         self.rules_list: list = []
         self.update_time: int = None
+        self.update_hash: str = None
         self.update_check_time: float = 0.0
         self.rules_hash: str = None
 
@@ -258,7 +259,7 @@ def _download_rules(self):
             resp = requests.get(url_base + 'status', verify=verify)
             resp.raise_for_status()
             status = resp.json()
-            if self.update_time is not None and self.update_time >= status['local_update_time']:
+            if self.update_time is not None and self.update_time >= status['local_update_time'] and self.update_hash == status['local_update_hash']:
                 self.log.info(f"There are no new signatures. ({self.update_time} >= {status['local_update_time']})")
                 return
             if status['download_available']:
@@ -287,6 +288,7 @@ def _download_rules(self):
             tar_handle = tarfile.open(buffer_name)
             tar_handle.extractall(temp_directory)
             self.update_time = status['local_update_time']
+            self.update_hash = status['local_update_hash']
             self.rules_directory, temp_directory = temp_directory, self.rules_directory
             # Try to load the rules into the service before declaring we're using these rules moving forward
             temp_hash = self._gen_rules_hash()
diff --git a/assemblyline_v4_service/updater/app.py b/assemblyline_v4_service/updater/app.py
index 74a20188..bd82c6d5 100644
--- a/assemblyline_v4_service/updater/app.py
+++ b/assemblyline_v4_service/updater/app.py
@@ -27,6 +27,7 @@
 status_last_read_time = 0
 NO_STATUS = {
     'local_update_time': 0,
+    'local_update_hash': None,
     'download_available': False,
     '_directory': None,
     '_tar': None,
diff --git a/assemblyline_v4_service/updater/updater.py b/assemblyline_v4_service/updater/updater.py
index eccbb8cc..5e0fc8ca 100644
--- a/assemblyline_v4_service/updater/updater.py
+++ b/assemblyline_v4_service/updater/updater.py
@@ -13,6 +13,7 @@
 import threading
 import subprocess
 from contextlib import contextmanager
+from hashlib import sha256
 from passlib.hash import bcrypt
 from zipfile import ZipFile, BadZipFile
 
@@ -179,9 +180,13 @@ def get_local_update_time(self) -> float:
             return os.path.getctime(self._time_keeper)
         return 0
 
+    def get_local_update_hash(self) -> str:
+        return sha256(open(self._update_tar, "rb").read()).hexdigest()
+
     def status(self):
         return {
             'local_update_time': self.get_local_update_time(),
+            'local_update_hash': self.get_local_update_hash(),
             'download_available': self._update_dir is not None,
             '_directory': self._update_dir,
             '_tar': self._update_tar,

From 9cd5856e4bb8c1e66d168b93ef335065c4c31e73 Mon Sep 17 00:00:00 2001
From: cccs-kevin <kevin.hardy-cooper@cyber.gc.ca>
Date: Tue, 23 May 2023 21:31:46 +0000
Subject: [PATCH 17/49] Initial migration to assemblyline-service-utilities
 repo

---
 .../common/balbuzard/__init__.py              |     0
 .../common/balbuzard/balbuzard.py             |   656 -
 .../common/balbuzard/bbcrack.py               |   830 -
 .../common/balbuzard/patterns.py              |   650 -
 .../common/dynamic_service_helper.py          |  3631 --
 .../common/extractor/__init__.py              |     1 -
 .../common/extractor/base64.py                |    86 -
 .../common/extractor/ocr.py                   |    97 -
 .../common/extractor/pe_file.py               |    51 -
 assemblyline_v4_service/common/icap.py        |   149 -
 .../common/keytool_parse.py                   |    66 -
 .../common/ontology_helper.py                 |   187 -
 .../common/pestudio/__init__.py               |     0
 .../common/pestudio/xml/__init__.py           |     0
 .../common/pestudio/xml/features.xml          |  5607 ---
 .../common/pestudio/xml/functions.xml         |  5824 ----
 .../common/pestudio/xml/languages.xml         |   375 -
 .../common/pestudio/xml/resources.xml         |   511 -
 .../common/pestudio/xml/signatures.xml        | 29105 ----------------
 .../common/pestudio/xml/strings.xml           |  2379 --
 .../common/safelist_helper.py                 |    73 -
 .../common/section_reducer.py                 |    43 -
 assemblyline_v4_service/common/tag_helper.py  |   117 -
 assemblyline_v4_service/common/tag_reducer.py |   242 -
 assemblyline_v4_service/common/utils.py       |    85 -
 assemblyline_v4_service/testing/__init__.py   |     0
 assemblyline_v4_service/testing/helper.py     |   463 -
 .../testing/regenerate_results.py             |    37 -
 test/requirements.txt                         |     2 -
 test/test_dynamic_service_helper.py           |  9396 -----
 test/test_keytool_parse.py                    |    27 -
 test/test_safelist_helper.py                  |    42 -
 test/test_section_reducer.py                  |    70 -
 test/test_tag_helper.py                       |    89 -
 test/test_tag_reducer.py                      |   100 -
 test/test_utils.py                            |   124 -
 36 files changed, 61115 deletions(-)
 delete mode 100644 assemblyline_v4_service/common/balbuzard/__init__.py
 delete mode 100644 assemblyline_v4_service/common/balbuzard/balbuzard.py
 delete mode 100644 assemblyline_v4_service/common/balbuzard/bbcrack.py
 delete mode 100644 assemblyline_v4_service/common/balbuzard/patterns.py
 delete mode 100644 assemblyline_v4_service/common/dynamic_service_helper.py
 delete mode 100644 assemblyline_v4_service/common/extractor/__init__.py
 delete mode 100644 assemblyline_v4_service/common/extractor/base64.py
 delete mode 100644 assemblyline_v4_service/common/extractor/ocr.py
 delete mode 100644 assemblyline_v4_service/common/extractor/pe_file.py
 delete mode 100644 assemblyline_v4_service/common/icap.py
 delete mode 100644 assemblyline_v4_service/common/keytool_parse.py
 delete mode 100644 assemblyline_v4_service/common/ontology_helper.py
 delete mode 100644 assemblyline_v4_service/common/pestudio/__init__.py
 delete mode 100644 assemblyline_v4_service/common/pestudio/xml/__init__.py
 delete mode 100644 assemblyline_v4_service/common/pestudio/xml/features.xml
 delete mode 100644 assemblyline_v4_service/common/pestudio/xml/functions.xml
 delete mode 100644 assemblyline_v4_service/common/pestudio/xml/languages.xml
 delete mode 100644 assemblyline_v4_service/common/pestudio/xml/resources.xml
 delete mode 100644 assemblyline_v4_service/common/pestudio/xml/signatures.xml
 delete mode 100644 assemblyline_v4_service/common/pestudio/xml/strings.xml
 delete mode 100644 assemblyline_v4_service/common/safelist_helper.py
 delete mode 100644 assemblyline_v4_service/common/section_reducer.py
 delete mode 100644 assemblyline_v4_service/common/tag_helper.py
 delete mode 100644 assemblyline_v4_service/common/tag_reducer.py
 delete mode 100644 assemblyline_v4_service/common/utils.py
 delete mode 100644 assemblyline_v4_service/testing/__init__.py
 delete mode 100644 assemblyline_v4_service/testing/helper.py
 delete mode 100644 assemblyline_v4_service/testing/regenerate_results.py
 delete mode 100644 test/requirements.txt
 delete mode 100644 test/test_dynamic_service_helper.py
 delete mode 100644 test/test_keytool_parse.py
 delete mode 100644 test/test_safelist_helper.py
 delete mode 100644 test/test_section_reducer.py
 delete mode 100644 test/test_tag_helper.py
 delete mode 100644 test/test_tag_reducer.py
 delete mode 100644 test/test_utils.py

diff --git a/assemblyline_v4_service/common/balbuzard/__init__.py b/assemblyline_v4_service/common/balbuzard/__init__.py
deleted file mode 100644
index e69de29b..00000000
diff --git a/assemblyline_v4_service/common/balbuzard/balbuzard.py b/assemblyline_v4_service/common/balbuzard/balbuzard.py
deleted file mode 100644
index 65688082..00000000
--- a/assemblyline_v4_service/common/balbuzard/balbuzard.py
+++ /dev/null
@@ -1,656 +0,0 @@
-#! /usr/bin/env python2
-"""
-2016-10-21:
-Modified version of balbuzard application for AL, original code found here:
-https://github.com/decalage2/balbuzard
-"""
-"""
-balbuzard - v0.20 2014-06-29 Philippe Lagadec
-
-Balbuzard is a tool to quickly extract patterns from suspicious files for
-malware analysis (IP addresses, domain names, known file headers and strings,
-etc).
-
-For more info and updates: http://www.decalage.info/balbuzard
-"""
-
-# LICENSE:
-#
-# balbuzard is copyright (c) 2007-2014, Philippe Lagadec (http://www.decalage.info)
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without modification,
-# are permitted provided that the following conditions are met:
-#
-#  * Redistributions of source code must retain the above copyright notice, this
-#    list of conditions and the following disclaimer.
-#  * Redistributions in binary form must reproduce the above copyright notice,
-#    this list of conditions and the following disclaimer in the documentation
-#    and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-__version__ = '0.20'
-
-#------------------------------------------------------------------------------
-# CHANGELOG:
-# 2007-07-11 v0.01 PL: - 1st version
-# 2007-07-30 v0.02 PL: - added list of patterns
-# 2007-07-31 v0.03 PL: - added patterns
-#                        - added hexadecimal dump
-# 2007-08-09 v0.04 PL: - improved some regexs, added Petite detection
-# 2008-06-06 v0.05 PL: - escape non-printable characters with '\xNN' when
-#                          displaying matches
-#                      - optional custom pattern list in reScan_custom.py
-#                      - optional call to magic.py to guess filetype
-# 2011-05-06 v0.06 PL: - added bruteforce functions
-# 2013-02-24 v0.07 PL: - renamed rescan to balbuzard
-#                      - changed license from CeCILL v2 to BSD
-#                      - added patterns for URL, e-mail, Flash
-#                      - new Pattern class to add patterns
-#                      - pattern can now be a regex or a string, with weigth
-#                      - moved bruteforce functions to balbucrack
-# 2013-03-18 v0.08 PL: - a few more/improved patterns
-#                      - optionparser with option -s for short display
-# 2013-03-21 v0.09 PL: - open file from password-protected zip (inspired from
-#                        Didier Steven's pdfid, thanks Didier! :-)
-#                      - improved plugin system
-# 2013-03-26 v0.10 PL: - improved Pattern and Pattern_re classes
-# 2013-07-31 v0.11 PL: - added support for Yara plugins
-# 2013-08-28 v0.12 PL: - plugins can now be in subfolders
-#                      - improved OLE2 pattern
-# 2013-12-03 v0.13 PL: - moved patterns to separate file patterns.py
-#                      - fixed issue when balbuzard launched from another dir
-#                      - added CSV output
-# 2013-12-04 v0.14 PL: - can now scan several files from command line args
-#                      - now short display is default, -v for hex view
-# 2013-12-09 v0.15 PL: - Pattern_re: added filter function to ignore false
-#                        positives
-# 2014-01-14 v0.16 PL: - added riglob, ziglob
-#                      - new option -r to find files recursively in subdirs
-#                      - new option -f to find files within zips with wildcards
-# 2014-01-23 v0.17 PL: - Pattern: added partial support for filter function
-# 2014-02-24 v0.18 PL: - fixed bug with main_dir when balbuzard is imported
-# 2014-03-21 v0.19 PL: - fixed bug when Yara-python is not installed
-# 2014-06-29 v0.20 PL: - simplified bbcrack transforms, added Yara signatures
-
-
-#------------------------------------------------------------------------------
-# TODO:
-# + add yara plugins support to Balbuzard.count and scan_profiling
-# + merge Balbuzard.scan_hexdump and short
-# + option to choose which plugins to load: all (default), none, python or yara
-#   only
-# + option to use the Yara-python engine for searching (translating balbuzard
-#   patterns to yara at runtime)
-# - Yara plugins: keep track of the filename containing each set of Yara rules
-# - option to support Unicode strings? (need to check 2 alignments and 2 byte
-#   orders, or simply insert \x00 between all chars, e.g. 'T\x00E\x00S\x00T')
-# + improve patterns to avoid some false positives: maybe use pefile or magic.py ?
-# - HTML report with color highlighting
-# - GUI ?
-# - optional use of other magic libs (TrIDscan, pymagic, python-magic, etc: see PyPI)
-# - provide samples
-# - RTF hex object decoder?
-# - option to decode stream before searching: unicode, hex, base64, etc
-# - options for XML outputs
-# - export to OpenIOC?
-# ? zip file: open all files instead of only the 1st one, or add an option to
-#   specify the filename(s) to open within the zip, with wildcards?
-
-
-# ISSUES:
-# - BUG: it seems that re ignores null bytes in patterns, despite what the doc says?
-# - BUG: the URL pattern is not fully correct, need to find a better one
-# - BUG: the e-mail pattern catches a lot of false positives.
-
-
-#--- IMPORTS ------------------------------------------------------------------
-
-import fnmatch
-import glob
-import optparse
-import os
-import os.path
-import regex as re
-import string
-import sys
-import time
-import zipfile
-
-
-#import csv
-
-# try to import yara-python:
-# try:
-#     import yara
-#     YARA = True
-# except:
-#     YARA = False
-
-
-#--- CLASSES ------------------------------------------------------------------
-
-class Pattern (object):
-    """
-    a Pattern object is a string or a list of strings to be searched in data.
-    Attributes:
-        - name: str, description of the pattern for display
-        - pat: str or list/tuple of strings to be searched
-        - nocase: bool, if True, search is case-insensitive
-        - single: bool, if True search will stop at the first occurence
-        - weight: int, weight used by balbucrack
-        - filt: function to filter out false positives, should be a function
-          with arguments (value, index, pattern), returning True when acceptable
-          or False when it is a false positive.
-    """
-
-    def __init__(self, name, pat=None, nocase=False, single=False, weight=1,
-        filt=None):
-        self.name = name
-        # self.pat should always be a list of strings:
-        self.pat = []
-        if not isinstance(pat, list):
-            pat = [pat]
-
-        for p in pat:
-            if isinstance(p, bytes):
-                self.pat.append(p)
-            else:
-                self.pat.append(p.encode())
-
-        self.nocase = nocase
-        if nocase:
-            # transform pat to lowercase
-            self.pat_lower = (x.lower() for x in self.pat)
-        self.single = single
-        self.weight = weight
-        # for profiling:
-        self.total_time = 0
-        self.filter = filt
-
-
-    def find_all (self, data, data_lower=None):
-        """
-        find all occurences of pattern in data.
-        data_lower should be set to data.lower(), if there are case-insensitive
-        patterns (it's better to do it only once)
-        return a list of tuples (index, string)
-        """
-        found = []
-        if self.nocase:
-            d = data_lower
-            pat = self.pat_lower
-        else:
-            d = data
-            pat = self.pat
-        for s in pat:
-            l = len(s)
-            for i in str_find_all(d, s):
-                # the matched string is not always s, case can differ:
-                match = data[i:i+len(s)]
-                valid = True
-                if self.filter is not None:
-                    valid = self.filter(value=match, index=i, pattern=self)
-                if valid: found.append((i, match))
-                # debug message:
-                else: print('Filtered out %s: %s' % (self.name, repr(match)))
-        return found
-
-
-    def count (self, data, data_lower=None):
-        """
-        count all occurences of pattern in data.
-        Except for those with single=True, only the first occurence of any
-        string is counted.
-        data_lower should be set to data.lower(), if there are case-insensitive
-        patterns (it's better to do it only once)
-        return an integer
-        """
-        #TODO: add support for filter? (will be much slower...)
-        count = 0
-        if self.nocase:
-            d = data_lower
-            pat = self.pat_lower
-        else:
-            d = data
-            pat = self.pat
-        if not self.single:
-            for s in pat:
-                count += d.count(s)
-            return count
-        else:
-            for s in pat:
-                if s in d:
-                    return 1
-            return 0
-
-
-
-class Pattern_re (Pattern):
-    """
-    a Pattern_re object is a regular expression to be searched in data.
-    Attributes:
-        - name: str, description of the pattern for display
-        - pat: str, regular expression to be searched
-        - trigger: str or list/tuple of strings to be searched before pat
-        - nocase: bool, if True, search is case-insensitive
-        - single: bool, if True search will stop at the first occurence
-        - weight: int, weight used by balbucrack
-        - filt: function to filter out false positives, should be a function
-          with arguments (value, index, pattern), returning True when acceptable
-          or False when it is a false positive.
-    """
-
-    def __init__(self, name, pat=None, trigger=None, nocase=False, single=False,
-        weight=1, filt=None):
-        # first call the Pattern constructor:
-        Pattern.__init__(self, name, pat, nocase, single, weight)
-        # compile regex
-        flags = 0
-        if nocase:
-            flags = re.IGNORECASE
-        self.pat = re.compile(pat, flags)
-        self.trigger = trigger
-        if trigger is not None:
-            # create second pattern for trigger, for single search:
-            self.trigger_pat = Pattern(name, pat=trigger, nocase=nocase, single=True)
-        self.filter = filt
-        #print 'pattern %s: filter=%s' % (self.name, self.filter)
-
-
-    def find_all (self, data, data_lower=None):
-        """
-        find all occurences of pattern in data.
-        data_lower should be set to data.lower(), if there are case-insensitive
-        patterns (it's better to do it only once)
-        return a list of tuples (index, string)
-        """
-        found = []
-        if self.trigger is not None:
-            # when trigger is specified, search trigger first and stop if not
-            # found:
-            if self.trigger_pat.count(data, data_lower) == 0:
-                return found
-        for m in self.pat.finditer(data):
-            valid = True
-            if self.filter is not None:
-                valid = self.filter(value=m.group(), index=m.start(), pattern=self)
-            if valid: found.append((m.start(), m.group()))
-            # debug message:
-            #else: print 'Filtered out %s: %s' % (self.name, repr(m.group()))
-        return found
-
-
-    def count (self, data, data_lower=None):
-        """
-        count all occurences of pattern in data.
-        data_lower should be set to data.lower(), if there are case-insensitive
-        patterns (it's better to do it only once)
-        return an integer
-        """
-        if self.trigger is not None:
-            # when trigger is specified, search trigger first and stop if not
-            # found:
-            if self.trigger_pat.count(data, data_lower) == 0:
-                return 0
-        # when no filter is defined, quickest way to count:
-        if self.filter is None:
-            return len(self.pat.findall(data))
-        # otherwise, need to call filter for each match:
-        c = 0
-        for m in self.pat.finditer(data):
-            valid = self.filter(value=m.group(), index=m.start(), pattern=self)
-            if valid: c += 1
-        return c
-
-
-#------------------------------------------------------------------------------
-class Balbuzard (object):
-    """
-    class to scan a string of data, searching for a set of patterns (strings
-    and regular expressions)
-    """
-
-    def __init__(self, patterns=None, yara_rules=None):
-        self.patterns = patterns
-        if patterns == None:
-            self.patterns = []
-        # self.yara_rules = yara_rules
-
-##    def add_pattern(self, name, regex=None, string=None, weight=1):
-##        self.patterns.append(Pattern(name, regex, string, weight))
-
-    def list_patterns(self):
-        """
-        Adding function for FrankenStrings to get regex patterns when needed
-        """
-        return self.patterns
-
-    def scan (self, data):
-        """
-        Scans data for all patterns. This is an iterator: for each pattern
-        found, yields the Pattern object and a list of matches as tuples
-        (index in data, matched string).
-        """
-        # prep lowercase version of data for case-insensitive patterns
-        data_lower = data.lower()
-        for pattern in self.patterns:
-            matches = pattern.find_all(data, data_lower)
-            if len(matches)>0:
-                 yield pattern, matches
-        # if YARA and self.yara_rules is not None:
-        #     for rules in self.yara_rules:
-        #         yara_matches = rules.match(data=data)
-        #         for match in yara_matches:
-        #             # create a fake pattern object, with a single match:
-        #             pattern = Pattern(match.rule)
-        #             matches = []
-        #             for s in match.strings:
-        #                 offset, id, d = s
-        #                 matches.append((offset, d))
-        #             yield pattern, matches
-
-    def scan_profiling (self, data):
-        """
-        Scans data for all patterns. This is an iterator: for each pattern
-        found, yields the Pattern object and a list of matches as tuples
-        (index in data, matched string).
-        Version with profiling, to check which patterns take time.
-        """
-        start = time.clock()
-        # prep lowercase version of data for case-insensitive patterns
-        data_lower = data.lower()
-        for pattern in self.patterns:
-            start_pattern = time.clock()
-            matches = pattern.find_all(data, data_lower)
-            pattern.time = time.clock()-start_pattern
-            pattern.total_time += pattern.time
-            if len(matches)>0:
-                yield pattern, matches
-        self.time = time.clock()-start
-
-    def count (self, data):
-        """
-        Scans data for all patterns. This is an iterator: for each pattern
-        found, yields the Pattern object and the count as int.
-        """
-        # prep lowercase version of data for case-insensitive patterns
-        data_lower = data.lower()
-        for pattern in self.patterns:
-            count = pattern.count(data, data_lower)
-            if count:
-                yield pattern, count
-
-    def scan_display (self, data, filename, hexdump=False, csv_writer=None):
-        """
-        Scans data for all patterns, displaying an hexadecimal dump for each
-        match on the console (if hexdump=True), or one line for each
-        match (if hexdump=False).
-        """
-        for pattern, matches in self.scan(data):
-            if hexdump:
-                print("-"*79)
-                print("%s:" % pattern.name)
-            for index, match in matches:
-                # limit matched string display to 50 chars:
-                m = repr(match)
-                if len(m)> 50:
-                    m = m[:24]+'...'+m[-23:]
-                if hexdump:
-                    print("at %08X: %s" % (index, m))
-                    # 5 lines of hexadecimal dump around the pattern: 2 lines = 32 bytes
-                    start = max(index-32, 0) & 0xFFFFFFF0
-                    index_end = index + len(match)
-                    end = min(index_end+32+15, len(data)) & 0xFFFFFFF0
-                    length = end-start
-                    #print start, end, length
-                    print(hexdump3(data[start:end], length=16, startindex=start))
-                    print("")
-                else:
-                    print("at %08X: %s - %s" % (index, pattern.name, m))
-                if csv_writer is not None:
-                    #['Filename', 'Index', 'Pattern name', 'Found string', 'Length']
-                    csv_writer.writerow([filename, '0x%08X' % index, pattern.name,
-                        m, len(match)])
-        # blank line between each file:
-        print('')
-
-    ##            if item == "EXE MZ headers" and MAGIC:
-    ##                # Check if it's really a EXE header
-    ##                print "Magic: %s\n" % magic.whatis(data[m.start():])
-
-
-
-#--- GLOBALS ------------------------------------------------------------------
-
-patterns = []
-
-
-#--- FUNCTIONS ----------------------------------------------------------------
-
-##def add_pattern(name, regex=None, string=None, weight=1):
-##    patterns.append(Pattern(name, regex, string, weight))
-
-
-# HEXDUMP from http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/142812
-
-FILTER=''.join([(len(repr(chr(x)))==3) and chr(x) or '.' for x in range(256)])
-
-##def hexdump(src, length=8):
-##    N=0; result=''
-##    while src:
-##       s,src = src[:length],src[length:]
-##       hexa = ' '.join(["%02X"%ord(x) for x in s])
-##       s = s.translate(FILTER)
-##       result += "%04X   %-*s   %s\n" % (N, length*3, hexa, s)
-##       N+=length
-##    return result
-##
-##def hexdump2(src, length=8):
-##    result=[]
-##    for i in xrange(0, len(src), length):
-##       s = src[i:i+length]
-##       hexa = ' '.join(["%02X"%ord(x) for x in s])
-##       printable = s.translate(FILTER)
-##       result.append("%04X   %-*s   %s\n" % (i, length*3, hexa, printable))
-##    return ''.join(result)
-
-# my improved hexdump, to add a start index:
-def hexdump3(src, length=8, startindex=0):
-    """
-    Returns a hexadecimal dump of a binary string.
-    length: number of bytes per row.
-    startindex: index of 1st byte.
-    """
-    result=[]
-    for i in range(0, len(src), length):
-       s = src[i:i+length]
-       hexa = ' '.join(["%02X"%ord(x) for x in s])
-       printable = s.translate(FILTER)
-       result.append("%04X   %-*s   %s\n" % (i+startindex, length*3, hexa, printable))
-    return ''.join(result)
-
-
-def str_find_all(a_str, sub):
-    start = 0
-    while True:
-        start = a_str.find(sub, start)
-        if start == -1: return
-        yield start
-        start += len(sub)
-
-
-# recursive glob function to find plugin files in any subfolder:
-# inspired by http://stackoverflow.com/questions/14798220/how-can-i-search-sub-folders-using-glob-glob-module-in-python
-def rglob (path, pattern='*.*'):
-    """
-    Recursive glob:
-    similar to glob.glob, but finds files recursively in all subfolders of path.
-    path: root directory where to search files
-    pattern: pattern for filenames, using wildcards, e.g. *.txt
-    """
-    #TODO: more compatible API with glob: use single param, split path from pattern
-    return [os.path.join(dirpath, f)
-        for dirpath, dirnames, files in os.walk(path)
-        for f in fnmatch.filter(files, pattern)]
-
-
-def riglob (pathname):
-    """
-    Recursive iglob:
-    similar to glob.iglob, but finds files recursively in all subfolders of path.
-    pathname: root directory where to search files followed by pattern for
-    filenames, using wildcards, e.g. *.txt
-    """
-    path, filespec = os.path.split(pathname)
-    for dirpath, dirnames, files in os.walk(path):
-        for f in fnmatch.filter(files, filespec):
-            yield os.path.join(dirpath, f)
-
-
-def ziglob (zipfileobj, pathname):
-    """
-    iglob in a zip:
-    similar to glob.iglob, but finds files within a zip archive.
-    - zipfileobj: zipfile.ZipFile object
-    - pathname: root directory where to search files followed by pattern for
-    filenames, using wildcards, e.g. *.txt
-    """
-    files = zipfileobj.namelist()
-    for f in files: print(f)
-    for f in fnmatch.filter(files, pathname):
-        yield f
-
-
-def iter_files(files, recursive=False, zip_password=None, zip_fname='*'):
-    """
-    Open each file provided as argument:
-    - files is a list of arguments
-    - if zip_password is None, each file is opened and read as-is. Wilcards are
-      supported.
-    - if not, then each file is opened as a zip archive with the provided password
-    - then files matching zip_fname are opened from the zip archive
-    Iterator: yields (filename, data) for each file
-    """
-    # choose recursive or non-recursive iglob:
-    if recursive:
-        iglob = riglob
-    else:
-        iglob = glob.iglob
-    for filespec in files:
-        for filename in iglob(filespec):
-            if zip_password is not None:
-                # Each file is a zip archive:
-                print('Opening zip archive %s with provided password' % filename)
-                z = zipfile.ZipFile(filename, 'r')
-                print('Looking for file(s) matching "%s"' % zip_fname)
-                for filename in ziglob(z, zip_fname):
-                    print('Opening file in zip archive:', filename)
-                    data = z.read(filename, zip_password)
-                    yield filename, data
-            else:
-                # normal file
-                print('Opening file', filename)
-                data = open(filename, 'rb').read()
-                yield filename, data
-
-
-def relpath(path, start='.'):
-    """
-    convert a path to a relative path, using os.path.relpath on Python 2.6+
-    On Python 2.5 or older, the path is not changed, but no exception is raised.
-    (this function is just for backward compatibility)
-    """
-    # with python 2.6+, make it a relative path:
-    try:
-        return os.path.relpath(path, start)
-    except:
-        return path
-
-
-#=== INITALIZATION ============================================================
-
-# get main directory where this script is located:
-main_dir = os.path.dirname(__file__)
-#print 'main dir:', main_dir
-#plugins_dir = os.path.join(main_dir, 'plugins')
-#print 'plugins dir:', plugins_dir
-
-# load patterns
-patfile = os.path.join(main_dir, 'patterns.py')
-# save __doc__, else it seems to be overwritten:
-d = __doc__
-#print 'patfile:', patfile
-exec(open(patfile).read())
-__doc__ = d
-del d
-
-
-
-#=== MAIN =====================================================================
-
-if __name__ == '__main__':
-
-    usage = 'usage: %prog [options] <filename> [filename2 ...]'
-    parser = optparse.OptionParser(usage=usage)
-##    parser.add_option('-o', '--outfile', dest='outfile',
-##        help='output file')
-    parser.add_option('-c', '--csv', dest='csv',
-        help='export results to a CSV file')
-    parser.add_option("-v", action="store_true", dest="verbose",
-        help='verbose display, with hex view.')
-    parser.add_option("-r", action="store_true", dest="recursive",
-        help='find files recursively in subdirectories.')
-    parser.add_option("-z", "--zip", dest='zip_password', type='str', default=None,
-        help='if the file is a zip archive, open first file from it, using the provided password (requires Python 2.6+)')
-    parser.add_option("-f", "--zipfname", dest='zip_fname', type='str', default='*',
-        help='if the file is a zip archive, file(s) to be opened within the zip. Wildcards * and ? are supported. (default:*)')
-
-    (options, args) = parser.parse_args()
-
-    # Print help if no argurments are passed
-    if len(args) == 0:
-        print(__doc__)
-        parser.print_help()
-        sys.exit()
-
-    # load plugins
-    #for f in rglob(plugins_dir, 'bbz*.py'): # glob.iglob('plugins/bbz*.py'):
-     #   print 'Loading plugin from', relpath(f, plugins_dir)
-      #  execfile(f)
-
-    # load yara plugins
-    # if YARA:
-    #     yara_rules = []
-    #     for f in rglob(plugins_dir, '*.yara'):  #glob.iglob('plugins/*.yara'):  # or bbz*.yara?
-    #         print 'Loading yara plugin from', relpath(f, plugins_dir)
-    #         yara_rules.append(yara.compile(f))
-    # else:
-    #     yara_rules = None
-
-    # open CSV file
-    # if options.csv:
-    #     print 'Writing output to CSV file: %s' % options.csv
-    #     csvfile = open(options.csv, 'wb')
-    #     csv_writer = csv.writer(csvfile)
-    #     csv_writer.writerow(['Filename', 'Index', 'Pattern name',
-    #         'Found string', 'Length'])
-    # else:
-    #     csv_writer = None
-    #
-    # # close CSV file
-    # if options.csv:
-    #     csvfile.close()
-
-
-# This was coded while listening to The National "Boxer".
\ No newline at end of file
diff --git a/assemblyline_v4_service/common/balbuzard/bbcrack.py b/assemblyline_v4_service/common/balbuzard/bbcrack.py
deleted file mode 100644
index 9778405e..00000000
--- a/assemblyline_v4_service/common/balbuzard/bbcrack.py
+++ /dev/null
@@ -1,830 +0,0 @@
-#! /usr/bin/env python2
-"""
-2016-10-21:
-Modified version of bbcrack application for AL, original code found here:
-https://github.com/decalage2/balbuzard
-"""
-"""
-bbcrack - v0.14 2014-05-22 Philippe Lagadec
-
-bbcrack is a tool to crack malware obfuscation such as XOR, ROL, ADD (and
-many combinations), by bruteforcing all possible keys and and checking for
-specific patterns (IP addresses, domain names, URLs, known file headers and
-strings, etc) using the balbuzard engine.
-It is part of the Balbuzard package.
-
-For more info and updates: http://www.decalage.info/balbuzard
-"""
-
-# LICENSE:
-#
-# bbcrack is copyright (c) 2013-2014, Philippe Lagadec (http://www.decalage.info)
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without modification,
-# are permitted provided that the following conditions are met:
-#
-#  * Redistributions of source code must retain the above copyright notice, this
-#    list of conditions and the following disclaimer.
-#  * Redistributions in binary form must reproduce the above copyright notice,
-#    this list of conditions and the following disclaimer in the documentation
-#    and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-__version__ = '0.13'
-
-# --- IMPORTS ------------------------------------------------------------------
-
-from assemblyline_v4_service.common.balbuzard.balbuzard import Balbuzard
-from assemblyline_v4_service.common.balbuzard.patterns import PatternMatch
-
-#--- CLASSES ------------------------------------------------------------------
-
-class Transform_string (object):
-    """
-    Generic class to define a transform that acts on a string globally.
-    """
-    # generic name and id for the class:
-    gen_name = 'Generic String Transform'
-    gen_id   = 'string'
-
-    def __init__(self, params=None):
-        """
-        constructor for the Transform object.
-        This method needs to be overloaded for every specific Transform.
-        It should set name and shortname according to the provided parameters.
-        (for example shortname="xor_17" for a XOR transform with params=17)
-        params: single value or tuple of values, parameters for the transformation
-        """
-        self.name = 'Undefined String Transform'
-        self.shortname = 'undefined_string'
-        self.params = params
-
-
-    def transform_string (self, data):
-        """
-        Method to be overloaded, only for a transform that acts on a string
-        globally.
-        This method should apply the transform to the data string, using params
-        as parameters, and return the transformed data as a string.
-        (the resulting string does not need to have the same length as data)
-        """
-        raise NotImplementedError
-
-    @staticmethod
-    def iter_params ():
-        """
-        Method to be overloaded.
-        This static method should iterate over all possible parameters for the
-        transform function, yielding each set of parameters as a single value
-        or a tuple of values.
-        (for example for a XOR transform, it should yield 1 to 255)
-        This method should be used on the Transform class in order to
-        instantiate a Transform object with each set of parameters.
-        """
-        raise NotImplementedError
-
-##    def iter_transform (self, data):
-##        """
-##        Runs the transform on data for all possible values of the parameters,
-##        and yields the transformed data for each possibility.
-##        """
-##        for params in self.iter_params():
-##            #print self.name
-##            yield self.transform_string(data, params)
-
-
-class Transform_char (Transform_string):
-    """
-    Generic class to define a transform that acts on each character of a string
-    separately.
-    """
-    # generic name for the class:
-    gen_name = 'Generic Character Transform'
-    gen_id   = 'char'
-
-    def __init__(self, params=None):
-        """
-        constructor for the Transform object.
-        This method needs to be overloaded for every specific Transform.
-        It should set name and shortname according to the provided parameters.
-        (for example shortname="xor_17" for a XOR transform with params=17)
-        params: single value or tuple of values, parameters for the transformation
-        """
-        self.name = 'Undefined Character Transform'
-        self.shortname = 'undefined_char'
-        self.params = params
-
-
-    def transform_string (self, data):
-        """
-        This method applies the transform to the data string, using params
-        as parameters, and return the transformed data as a string.
-        Here, each character is transformed separately by calling transform_char.
-        A translation table is used to speed up the processing.
-        (the resulting string should have the same length as data)
-        """
-        # for optimal speed, we build a translation table:
-        self.trans_table = bytearray()
-        for i in range(256):
-            self.trans_table.append(self.transform_int(i))
-        return data.translate(self.trans_table)
-
-    def transform_char (self, char):
-        """
-        Method that can be overloaded, only for a transform that acts on a character.
-        This method should apply the transform to the provided char, using params
-        as parameters, and return the transformed data as a character.
-        NOTE: it is usually simpler to overload transform_int and leave this one
-        untouched.
-        (here character = string of length 1)
-        """
-        # by default, call transform_int using ord(char), and convert it back
-        # to a single character:
-        return chr(self.transform_int(ord(char)))
-
-
-    def transform_int (self, i):
-        """
-        Method to be overloaded, only for a transform that acts on a character.
-        This method should apply the transform to the provided integer which is
-        the ASCII code of a character (i.e. ord(c)), using params
-        as parameters, and return the transformed data as an integer.
-        (here character = string of length 1)
-        """
-        raise NotImplementedError
-
-
-#--- TRANSFORMS ---------------------------------------------------------------
-
-class Transform_identity (Transform_string):
-    """
-    Transform that does not change data.
-    """
-    # generic name for the class:
-    gen_name = 'Identity Transformation, no change to data. Parameters: none.'
-    gen_id   = 'identity'
-
-    def __init__(self, params=None):
-        self.name = self.gen_name
-        self.shortname = self.gen_id
-        self.params = None
-
-    def transform_string (self, data):
-        return data
-
-    @staticmethod
-    def iter_params ():
-        yield None
-
-
-#------------------------------------------------------------------------------
-class Transform_XOR (Transform_char):
-    """
-    XOR Transform
-    """
-    # generic name for the class:
-    gen_name = 'XOR with 8 bits static key A. Parameters: A (1-FF).'
-    gen_id   = 'xor'
-
-    def __init__(self, params):
-        assert isinstance(params, int)
-        assert params>0 and params<256
-        self.params = params
-        self.name = "XOR %02X" % params
-        self.shortname = "xor%02X" % params
-
-    def transform_int (self, i):
-        # here params is an integer
-        return i ^ self.params
-
-    @staticmethod
-    def iter_params ():
-        # the XOR key can be 1 to 255 (0 would be identity)
-        for key in range(1,256):
-            yield key
-
-
-#------------------------------------------------------------------------------
-class Transform_XOR_INC (Transform_string):
-    """
-    XOR Transform, with incrementing key
-    """
-    # generic name for the class:
-    gen_name = 'XOR with 8 bits key A incrementing after each character. Parameters: A (0-FF).'
-    gen_id   = 'xor_inc'
-
-    def __init__(self, params):
-        assert isinstance(params, int)
-        assert params>=0 and params<256
-        self.params = params
-        self.name = "XOR %02X INC" % params
-        self.shortname = "xor%02X_inc" % params
-
-    def transform_string (self, data):
-        # here params is an integer
-        #TODO: use a list comprehension + join to get better performance
-        # this loop is more readable, but likely to  be much slower
-        out = ''
-        for i in range(len(data)):
-            xor_key = (self.params + i) & 0xFF
-            out += chr(ord(data[i]) ^ xor_key)
-        return out
-
-    @staticmethod
-    def iter_params ():
-        # the XOR key can be 0 to 255 (0 is not identity here)
-        for xor_key in range(0,256):
-            yield xor_key
-
-
-#------------------------------------------------------------------------------
-class Transform_XOR_DEC (Transform_string):
-    """
-    XOR Transform, with decrementing key
-    """
-    # generic name for the class:
-    gen_name = 'XOR with 8 bits key A decrementing after each character. Parameters: A (0-FF).'
-    gen_id   = 'xor_dec'
-
-    def __init__(self, params):
-        assert isinstance(params, int)
-        assert params>=0 and params<256
-        self.params = params
-        self.name = "XOR %02X DEC" % params
-        self.shortname = "xor%02X_dec" % params
-
-    def transform_string (self, data):
-        # here params is an integer
-        #TODO: use a list comprehension + join to get better performance
-        # this loop is more readable, but likely to  be much slower
-        out = ''
-        for i in range(len(data)):
-            xor_key = (self.params + 0xFF - i) & 0xFF
-            out += chr(ord(data[i]) ^ xor_key)
-        return out
-
-    @staticmethod
-    def iter_params ():
-        # the XOR key can be 0 to 255 (0 is not identity here)
-        for xor_key in range(0,256):
-            yield xor_key
-
-
-#------------------------------------------------------------------------------
-class Transform_XOR_INC_ROL (Transform_string):
-    """
-    XOR Transform, with incrementing key, then ROL N bits
-    """
-    # generic name for the class:
-    gen_name = 'XOR with 8 bits key A incrementing after each character, then rotate B bits left. Parameters: A (0-FF), B (1-7).'
-    gen_id   = 'xor_inc_rol'
-
-    def __init__(self, params):
-        self.params = params
-        self.name = "XOR %02X INC then ROL %d" % params
-        self.shortname = "xor%02X_inc_rol%d" % params
-
-    def transform_char (self, char):
-        # here params is a tuple
-        xor_key, rol_bits = self.params
-        return chr(rol(ord(char) ^ xor_key, rol_bits))
-
-    def transform_string (self, data):
-        # here params is a tuple
-        #TODO: use a list comprehension + join to get better performance
-        # this loop is more readable, but likely to  be much slower
-        xor_key_init, rol_bits = self.params
-        out = ''
-        for i in range(len(data)):
-            xor_key = (xor_key_init + i) & 0xFF
-            out += chr(rol(ord(data[i]) ^ xor_key, rol_bits))
-        return out
-
-    @staticmethod
-    def iter_params ():
-        "return (XOR key, ROL bits)"
-        # the XOR key can be 0 to 255 (0 is not identity here)
-        for xor_key in range(0,256):
-            # the ROL bits can be 1 to 7:
-            for rol_bits in range(1,8):
-                yield (xor_key, rol_bits)
-
-
-#------------------------------------------------------------------------------
-class Transform_SUB_INC (Transform_string):
-    """
-    SUB Transform, with incrementing key
-    """
-    # generic name for the class:
-    gen_name = 'SUB with 8 bits key A incrementing after each character. Parameters: A (0-FF).'
-    gen_id   = 'sub_inc'
-
-    def __init__(self, params):
-        assert isinstance(params, int)
-        assert params>=0 and params<256
-        self.params = params
-        self.name = "SUB %02X INC" % params
-        self.shortname = "sub%02X_inc" % params
-
-    def transform_string (self, data):
-        # here params is an integer
-        #TODO: use a list comprehension + join to get better performance
-        # this loop is more readable, but likely to  be much slower
-        out = bytearray()
-        for i in range(len(data)):
-            key = (self.params + i) & 0xFF
-            out.append((ord(data[i]) - key) & 0xFF)
-        return out
-
-    @staticmethod
-    def iter_params ():
-        # the SUB key can be 0 to 255 (0 is not identity here)
-        for key in range(0,256):
-            yield key
-
-
-def rol(byte, count):
-    byte = (byte << count | byte >> (8-count)) & 0xFF
-    return byte
-
-###safety checks
-##assert rol(1, 1) == 2
-##assert rol(128, 1) == 1
-##assert rol(1, 7) == 128
-##assert rol(1, 8) == 1
-
-#------------------------------------------------------------------------------
-class Transform_XOR_Chained (Transform_string):
-    """
-    XOR Transform, chained with previous character.
-    xor_chained(c[i], key) = c[i] xor c[i-1] xor key
-    """
-    # generic name for the class:
-    gen_name = 'XOR with 8 bits key A chained with previous character. Parameters: A (1-FF).'
-    gen_id   = 'xor_chained'
-
-    def __init__(self, params):
-        assert isinstance(params, int)
-        assert params>=0 and params<256
-        self.params = params
-        self.name = "XOR %02X Chained" % params
-        self.shortname = "xor%02X_chained" % params
-
-    def transform_string (self, data):
-        # here params is an integer
-        #TODO: it would be much faster to do the xor_chained once, then all
-        #      xor transforms using translate() only
-        #TODO: use a list comprehension + join to get better performance
-        # this loop is more readable, but likely to  be much slower
-        if len(data) == 0: return b''
-        xor_key = self.params
-        # 1st char is just xored with key:
-        out = bytearray((ord(data[0]) ^ xor_key,))
-        for i in range(1, len(data)):
-            out.append(ord(data[i]) ^ xor_key ^ ord(data[i-1]))
-        return out
-
-    @staticmethod
-    def iter_params ():
-        # the XOR key can be 0 to 255 (0 is not identity here)
-        for xor_key in range(0,256):
-            yield xor_key
-
-
-#------------------------------------------------------------------------------
-class Transform_XOR_RChained (Transform_string):
-    """
-    XOR Transform, chained with next character. (chained on the right)
-    xor_rchained(c[i], key) = c[i] xor c[i+1] xor key
-    """
-    # generic name for the class:
-    gen_name = 'XOR with 8 bits key A chained with next character (Reverse order from end to start). Parameters: A (1-FF).'
-    gen_id   = 'xor_rchained'
-
-    def __init__(self, params):
-        assert isinstance(params, int)
-        assert params>=0 and params<256
-        self.params = params
-        self.name = "XOR %02X RChained" % params
-        self.shortname = "xor%02X_rchained" % params
-
-    def transform_string (self, data):
-        # here params is an integer
-        #TODO: it would be much faster to do the xor_rchained once, then all
-        #      xor transforms using translate() only
-        #TODO: use a list comprehension + join to get better performance
-        # this loop is more readable, but likely to  be much slower
-        if len(data) == 0: return b''
-        out = bytearray()
-        xor_key = self.params
-        # all chars except last one are xored with key and next char:
-        for i in range(len(data)-1):
-            out.append(ord(data[i]) ^ xor_key ^ ord(data[i+1]))
-        # last char is just xored with key:
-        out.append(ord(data[len(data)-1]) ^ xor_key)
-        return out
-
-    @staticmethod
-    def iter_params ():
-        # the XOR key can be 0 to 255 (0 is not identity here)
-        for xor_key in range(0,256):
-            yield xor_key
-
-
-#------------------------------------------------------------------------------
-class Transform_XOR_RChainedAll (Transform_string):
-    """
-    XOR Transform, chained from the right with all following characters.
-    (as found in Taidoor malware)
-    NOTE: this only works well in harvest mode, when testing all 256
-          possibilities, because the key is position-dependent.
-    xor_rchained_all(c[i], key) = c[i] xor key xor c[i+1] xor c[i+2]... xor c[N]
-    """
-    # generic name for the class:
-    gen_name = 'XOR Transform, chained from the right with all following characters. Only works well with bbharvest.'
-    gen_id   = 'xor_rchained_all'
-
-    def __init__(self, params):
-        assert isinstance(params, int)
-        assert params>=0 and params<256
-        self.params = params
-        self.name = "XOR %02X RChained All" % params
-        self.shortname = "xor%02X_rchained_all" % params
-
-    def transform_string (self, data):
-        # here params is an integer
-        #TODO: it would be much faster to do the xor_rchained once, then all
-        #      xor transforms using translate() only
-        #TODO: use a list comprehension + join to get better performance
-        # this loop is more readable, but likely to  be much slower
-        if len(data) == 0: return b''
-        xor_key = self.params
-        # transform data string to list of integers:
-        l = map(ord, data)
-        # loop from last char to 2nd one:
-        for i in range(len(data)-1, 1, -1):
-            l[i-1] = l[i-1] ^ xor_key ^ l[i]
-        # last char is only xored with key:
-        l[len(data)-1] = l[len(data)-1] ^ xor_key
-        # convert back to list of chars:
-        #l = map(chr, l)
-        #out = ''.join(l)
-        out = bytearray(l)
-        return out
-
-    @staticmethod
-    def iter_params ():
-        # the XOR key can be 0 to 255 (0 is not identity here)
-        for xor_key in range(0,256):
-            yield xor_key
-
-
-#------------------------------------------------------------------------------
-class Transform_ROL (Transform_char):
-    """
-    ROL Transform
-    """
-    # generic name for the class:
-    gen_name = 'ROL - rotate A bits left. Parameters: A (1-7).'
-    gen_id   = 'rol'
-
-    def __init__(self, params):
-        self.params = params
-        self.name = "ROL %d" % params
-        self.shortname = "rol%d" % params
-
-    def transform_int (self, i):
-        # here params is an int
-        rol_bits = self.params
-        return rol(i, rol_bits)
-
-    @staticmethod
-    def iter_params ():
-        "return (ROL bits)"
-        # the ROL bits can be 1 to 7:
-        for rol_bits in range(1,8):
-            yield rol_bits
-
-
-#------------------------------------------------------------------------------
-class Transform_XOR_ROL (Transform_char):
-    """
-    XOR+ROL Transform - first XOR, then ROL
-    """
-    # generic name for the class:
-    gen_name = 'XOR with static 8 bits key A, then rotate B bits left. Parameters: A (1-FF), B (1-7).'
-    gen_id   = 'xor_rol'
-
-    def __init__(self, params):
-        self.params = params
-        self.name = "XOR %02X then ROL %d" % params
-        self.shortname = "xor%02X_rol%d" % params
-
-    def transform_int (self, i):
-        # here params is a tuple
-        xor_key, rol_bits = self.params
-        return rol(i ^ xor_key, rol_bits)
-
-    @staticmethod
-    def iter_params ():
-        "return (XOR key, ROL bits)"
-        # the XOR key can be 1 to 255 (0 would be like ROL)
-        for xor_key in range(1,256):
-            # the ROL bits can be 1 to 7:
-            for rol_bits in range(1,8):
-                yield (xor_key, rol_bits)
-
-
-#------------------------------------------------------------------------------
-class Transform_ADD (Transform_char):
-    """
-    ADD Transform
-    """
-    # generic name for the class:
-    gen_name = 'ADD with 8 bits static key A. Parameters: A (1-FF).'
-    gen_id   = 'add'
-
-    def __init__(self, params):
-        self.params = params
-        self.name = "ADD %02X" % params
-        self.shortname = "add%02X" % params
-
-    def transform_int (self, i):
-        # here params is an integer
-        add_key = self.params
-        return (i + add_key) & 0xFF
-
-    @staticmethod
-    def iter_params ():
-        "return ADD key"
-        # the ADD key can be 1 to 255 (0 would be identity):
-        for add_key in range(1,256):
-            yield add_key
-
-
-#------------------------------------------------------------------------------
-class Transform_ADD_ROL (Transform_char):
-    """
-    ADD+ROL Transform - first ADD, then ROL
-    """
-    # generic name for the class:
-    gen_name = 'ADD with static 8 bits key A, then rotate B bits left. Parameters: A (1-FF), B (1-7).'
-    gen_id   = 'add_rol'
-
-    def __init__(self, params):
-        self.params = params
-        self.name = "ADD %02X then ROL %d" % params
-        self.shortname = "add%02X_rol%d" % params
-
-    def transform_int (self, i):
-        # here params is a tuple
-        add_key, rol_bits = self.params
-        return rol((i + add_key) & 0xFF, rol_bits)
-
-    @staticmethod
-    def iter_params ():
-        "return (ADD key, ROL bits)"
-        # the ADD key can be 1 to 255 (0 would be like ROL)
-        for add_key in range(1,256):
-            # the ROL bits can be 1 to 7:
-            for rol_bits in range(1,8):
-                yield (add_key, rol_bits)
-
-
-#------------------------------------------------------------------------------
-class Transform_ROL_ADD (Transform_char):
-    """
-    ROL+ADD Transform - first ROL, then ADD
-    """
-    # generic name for the class:
-    gen_name = 'rotate A bits left, then ADD with static 8 bits key B. Parameters: A (1-7), B (1-FF).'
-    gen_id   = 'rol_add'
-
-    def __init__(self, params):
-        self.params = params
-        self.name = "ROL %d then ADD %02X" % params
-        self.shortname = "rol%d_add%02X" % params
-
-    def transform_int (self, i):
-        # here params is a tuple
-        rol_bits, add_key = self.params
-        return (rol(i, rol_bits) + add_key) & 0xFF
-
-    @staticmethod
-    def iter_params ():
-        "return (ROL bits, ADD key)"
-        # the ROL bits can be 1 to 7:
-        for rol_bits in range(1,8):
-            # the ADD key can be 1 to 255 (0 would be identity)
-            for add_key in range(1,256):
-                yield (rol_bits, add_key)
-
-
-#------------------------------------------------------------------------------
-class Transform_XOR_ADD (Transform_char):
-    """
-    XOR+ADD Transform - first XOR, then ADD
-    """
-    # generic name for the class:
-    gen_name = 'XOR with 8 bits static key A, then ADD with 8 bits static key B. Parameters: A (1-FF), B (1-FF).'
-    gen_id   = 'xor_add'
-
-    def __init__(self, params):
-        self.params = params
-        self.name = "XOR %02X then ADD %02X" % params
-        self.shortname = "xor%02X_add%02X" % params
-
-    def transform_int (self, i):
-        # here params is a tuple
-        xor_key, add_key = self.params
-        return ((i ^ xor_key) + add_key) & 0xFF
-
-    @staticmethod
-    def iter_params ():
-        "return (XOR key1, ADD key2)"
-        # the XOR key can be 1 to 255 (0 would be identity)
-        for xor_key in range(1,256):
-            # the ADD key can be 1 to 255 (0 would be identity):
-            for add_key in range(1,256):
-                yield (xor_key, add_key)
-
-
-#------------------------------------------------------------------------------
-class Transform_ADD_XOR (Transform_char):
-    """
-    ADD+XOR Transform - first ADD, then XOR
-    """
-    # generic name for the class:
-    gen_name = 'ADD with 8 bits static key A, then XOR with 8 bits static key B. Parameters: A (1-FF), B (1-FF).'
-    gen_id   = 'add_xor'
-
-    def __init__(self, params):
-        self.params = params
-        self.name = "ADD %02X then XOR %02X" % params
-        self.shortname = "add%02X_xor%02X" % params
-
-    def transform_int (self, i):
-        # here params is a tuple
-        add_key, xor_key = self.params
-        return ((i + add_key) & 0xFF) ^ xor_key
-
-    @staticmethod
-    def iter_params ():
-        "return (ADD key1, XOR key2)"
-        # the ADD key can be 1 to 255 (0 would be identity):
-        for add_key in range(1,256):
-            # the XOR key can be 1 to 255 (0 would be identity)
-            for xor_key in range(1,256):
-                yield (add_key, xor_key)
-
-#--- CUSTOM XOR BRUTE FORCE ---------------------------------------------------
-
-def xor_simple(a, b):
-    out = ""
-    for i, c in enumerate(a):
-        out += chr(c ^ ord(b[i % len(b)]))
-    return out
-
-def deobfuscate_simple(d, r, m):
-    "Take mask and will create a key to unmask suspected data, then check if the xor'd data matches a regex pattern"
-    import regex as re
-    max_mask = m.lower()
-    for i in range(1, len(max_mask)+1):
-        t_mask = max_mask[:i]
-        r_mask = xor_simple(d[:i], t_mask)
-        de_enc = xor_simple(d, r_mask).encode()
-        if re.match(r, de_enc):
-            return de_enc.strip(), r_mask
-    return None, None
-
-#--- TRANSFORM GROUPS ---------------------------------------------------------
-
-# Transforms level 1
-transform_classes1 = [
-    #Transform_identity,
-    Transform_XOR,
-    Transform_ADD,
-    Transform_ROL,
-    ]
-
-# Transforms level 2
-transform_classes2 = [
-    Transform_XOR_ROL,
-    Transform_ADD_ROL,
-    Transform_ROL_ADD,
-    ]
-
-# Transforms level 3
-transform_classes3 = [
-    Transform_XOR_ADD,
-    Transform_ADD_XOR,
-    Transform_XOR_INC,
-    Transform_XOR_DEC,
-    Transform_SUB_INC,
-    Transform_XOR_Chained,
-    Transform_XOR_RChained,
-    Transform_XOR_INC_ROL,
-    Transform_XOR_RChainedAll,
-    ]
-
-# all transforms
-transform_classes_all = transform_classes1 + transform_classes2 + transform_classes3
-
-
-#--- PATTERNS -----------------------------------------------------------------
-
-#see balbuzard.patterns.py
-
-# === MAIN =====================================================================
-"""
-2016-10-20: Main Module modified for FrankenStrings AL service
-"""
-
-def read_file(filename):
-    """
-    Open a file, read and return its data as a string.
-    """
-    f = open(filename, 'rb')
-    raw_data = f.read()
-    f.close()
-    return raw_data
-
-
-def bbcrack(file_data, level=1):
-
-    raw_data = file_data
-    if level == 1 or level == 'small_string':
-        transform_classes = transform_classes1
-    elif level == 2:
-        transform_classes = transform_classes1 + transform_classes2
-    else:
-        transform_classes = transform_classes_all
-
-    results = []
-    bbc = PatternMatch()
-    bbcrack_patterns = bbc.bbcr(level=level)
-
-    if level == 'small_string':
-
-        bbz = Balbuzard(bbcrack_patterns)
-
-        # Round 1
-        for Transform_class in transform_classes:
-            for params in Transform_class.iter_params():
-                transform = Transform_class(params)
-                data = transform.transform_string(raw_data)
-                for pattern, matches in bbz.scan(data):
-                    for index, match in matches:
-                        regex = pattern.name.split("_", 1)[1]
-                        smatch = match
-                        if transform.shortname == "xor20":
-                            # for basic alpha characters, will essentially convert lower and uppercase.
-                            continue
-                        results.append((transform.shortname, regex, smatch))
-                        return results
-
-        for pattern in bbz.list_patterns():
-            pmask = pattern.name.split("_", 1)[0]
-            sxor, smask = deobfuscate_simple(raw_data, pattern.pat, pmask)
-            if sxor:
-                results.append((smask, pattern.name.split("_", 1)[1], sxor))
-        return results
-
-    # Run bbcrack patterns against transforms
-    bbz = Balbuzard(bbcrack_patterns)
-
-    for Transform_class in transform_classes:
-        for params in Transform_class.iter_params():
-            transform = Transform_class(params)
-            if transform.shortname == "xor20":
-                # for basic alpha characters, will essentially convert lower and uppercase.
-                continue
-            data = transform.transform_string(raw_data)
-            score = 0
-            for pattern, matches in bbz.scan(data):
-                for index, match in matches:
-                    regex = pattern.name
-                    smatch = match
-                    if regex == 'EXE_HEAD':
-                        if b'This program cannot be run' not in data:
-                            continue
-                        score = 100000
-                        results.append((transform.shortname, regex, index, score, data))
-                        continue
-                    score += len(match) * pattern.weight
-                    results.append((transform.shortname, regex, index, score, smatch[0:50]))
-
-    return results
-# This was coded while listening to The Walkmen "Heaven". --Philippe Lagadec
diff --git a/assemblyline_v4_service/common/balbuzard/patterns.py b/assemblyline_v4_service/common/balbuzard/patterns.py
deleted file mode 100644
index de66d0b9..00000000
--- a/assemblyline_v4_service/common/balbuzard/patterns.py
+++ /dev/null
@@ -1,650 +0,0 @@
-"""
-Modified version of patterns.py found here:
-https://github.com/decalage2/balbuzard
-
-Info:
-balbuzard patterns - v0.07 2014-02-13 Philippe Lagadec
-For more info and updates: http://www.decalage.info/balbuzard
-"""
-
-# LICENSE:
-#
-# balbuzard is copyright (c) 2007-2014, Philippe Lagadec (http://www.decalage.info)
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without modification,
-# are permitted provided that the following conditions are met:
-#
-#  * Redistributions of source code must retain the above copyright notice, this
-#    list of conditions and the following disclaimer.
-#  * Redistributions in binary form must reproduce the above copyright notice,
-#    this list of conditions and the following disclaimer in the documentation
-#    and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-import regex as re
-from os import path
-from xml.etree import ElementTree
-
-from fuzzywuzzy import process
-
-from assemblyline_v4_service.common.balbuzard.balbuzard import Pattern, Pattern_re
-
-
-def get_xml_strings():
-
-    pest_minlen = 6
-
-    api = {}
-    blacklist = {}
-    powershell = {}
-
-    with open(path.join(path.dirname(__file__), "../pestudio/xml/strings.xml"), 'rt') as f:
-        tree = ElementTree.parse(f)
-
-    for st in tree.findall('.//agent'):
-        if len(st.text) > pest_minlen:
-            blacklist.setdefault('agent', set()).add(st.text)
-    for st in tree.findall('.//av'):
-        if len(st.text) > pest_minlen:
-            blacklist.setdefault('av', set()).add(st.text)
-    for st in tree.findall('.//event'):
-        if len(st.text) > pest_minlen:
-            blacklist.setdefault('event', set()).add(st.text)
-    for st in tree.findall('.//guid'):
-        if len(st.text) > pest_minlen:
-            blacklist.setdefault('guid', set()).add(st.text)
-    for st in tree.findall('.//insult'):
-        if len(st.text) > pest_minlen:
-            blacklist.setdefault('insult', set()).add(st.text)
-    for st in tree.findall('.//key'):
-        if len(st.text) > pest_minlen:
-            blacklist.setdefault('key', set()).add(st.text)
-    for st in tree.findall('.//oid'):
-        if len(st.text) > pest_minlen:
-            blacklist.setdefault('oid', set()).add(st.text)
-    for st in tree.findall('.//os'):
-        if len(st.text) > pest_minlen:
-            blacklist.setdefault('os', set()).add(st.text)
-    for st in tree.findall('.//priv'):
-        if len(st.text) > pest_minlen:
-            blacklist.setdefault('priv', set()).add(st.text)
-    for st in tree.findall('.//product'):
-        if len(st.text) > pest_minlen:
-            blacklist.setdefault('product', set()).add(st.text)
-    for st in tree.findall('.//protocol'):
-        blacklist.setdefault('protocol', set()).add(st.text)
-    for st in tree.findall('.//reg'):
-        if len(st.text) > pest_minlen:
-            blacklist.setdefault('reg', set()).add(st.text)
-    for st in tree.findall('.//sid'):
-        if len(st.text) > pest_minlen:
-            blacklist.setdefault('sid', set()).add(st.text)
-    for st in tree.findall('.//string'):
-        if len(st.text) > pest_minlen:
-            blacklist.setdefault('string', set()).add(st.text)
-    # Powershell indicator strings
-    for st in tree.findall('.//powershell'):
-        if len(st.text) > pest_minlen:
-            powershell.setdefault('powershell', set()).add(st.text)
-
-    # Adding Popular API
-    with open(path.join(path.dirname(__file__), '../pestudio/xml/functions.xml'), 'rt') as f:
-        tree = ElementTree.parse(f)
-
-    for st in tree.findall(".//fct"):
-        if st.text is not None:
-            if len(st.text) > pest_minlen and st.text is not None:
-                api.setdefault('fct', set()).add(st.text.split('::', 1)[0])
-    for st in tree.findall(".//lib"):
-        if st.attrib['name'] is not None:
-            if len(st.attrib['name']) > pest_minlen:
-                api.setdefault('lib', set()).add(st.attrib['name'])
-    for st in tree.findall('.//topapi'):
-        if st.text is not None:
-            if len(st.text) > pest_minlen:
-                api.setdefault('topapi', set()).add(st.text)
-
-    return api, blacklist, powershell
-
-
-class PatternMatch(object):
-
-    # Curated list to avoid false positives.
-    TDLS = {b'ac', b'aco', b'ad', b'adac', b'ads', b'ae', b'aeg', b'aero', b'af', b'afl', b'ag', b'agakhan', b'ai',
-            b'aig', b'akdn', b'al', b'am', b'amica', b'anz', b'ao', b'apple', b'aq', b'ar', b'army', b'arpa', b'at',
-            b'au', b'aw', b'aws', b'ax', b'axa', b'az', b'ba', b'baidu', b'bbc', b'bbva', b'bcg', b'bcn', b'bd', b'be',
-            b'bf', b'bg', b'bh', b'bharti', b'bi', b'bing', b'biz', b'bj', b'blog', b'bm', b'bms', b'bn', b'bo',
-            b'bom', b'bot', b'br', b'bs', b'bt', b'bv', b'bw', b'by', b'bz', b'bzh', b'ca', b'cba', b'cbn', b'cbre',
-            b'cf', b'cfa', b'cfd', b'cg', b'ch', b'ci', b'ck', b'cl', b'cm', b'cn', b'co', b'com', b'cr',
-            b'crs', b'csc', b'cu', b'cv', b'cw', b'cx', b'cy', b'cz', b'dclk', b'dds', b'de', b'dev', b'dhl', b'dj',
-            b'dk', b'dm', b'dnp', b'do', b'docs', b'domains', b'download', b'drive', b'dtv', b'dubai', b'dvag',
-            b'dz', b'ec', b'edu', b'er', b'erni', b'es', b'esq', b'et', b'eu', b'eurovision', b'eus', b'fi', b'fj',
-            b'fk', b'flickr', b'flir', b'fly', b'fm', b'fo', b'foo', b'fr', b'frl', b'ftr', b'ga', b'gb',
-            b'gbiz', b'gd', b'gdn', b'ge', b'gea', b'gl', b'gle', b'gm', b'gmail', b'gmbh', b'gmo', b'gmx', b'gn',
-            b'goog', b'google', b'gop', b'got', b'gov', b'gp', b'gq', b'gr', b'gs', b'gt', b'gu', b'guru', b'gw', b'gy',
-            b'hk', b'hkt', b'hm', b'hn', b'host', b'hotmail', b'hr', b'ht', b'hu', b'icu', b'id', b'ie',
-            b'ifm', b'ikano', b'il', b'im', b'imamat', b'imdb', b'immo', b'immobilien', b'in', b'info',
-            b'ing', b'ink', b'int', b'io', b'ipiranga', b'iq', b'ir', b'is', b'ist', b'istanbul', b'it', b'itau',
-            b'itv', b'jaguar', b'jcb', b'je', b'jll', b'jm', b'jmp', b'jnj', b'jo', b'jot',
-            b'jp', b'ke', b'kfh', b'kg', b'kh', b'ki', b'kia', b'kindle', b'km', b'kn', b'kp', b'kpmg', b'kpn', b'kr',
-            b'krd', b'kw', b'ky', b'kyoto', b'kz', b'la', b'lat', b'lb', b'lc', b'lds', b'li', b'link', b'lk', b'lol',
-            b'lr', b'ls', b'lt', b'ltd', b'ltda', b'lu', b'lv', b'ly', b'ma', b'madrid', b'mba', b'mc', b'md', b'me',
-            b'med', b'meme', b'mg', b'mh', b'microsoft', b'mil', b'mk', b'ml', b'mlb', b'mls', b'mma',
-            b'mn', b'mo', b'mobi', b'mov', b'mp', b'mq', b'mr', b'ms', b'mt', b'mtn', b'mtr',
-            b'mu', b'mv', b'mw', b'mx', b'my', b'mz', b'na', b'navy', b'nc', b'ne', b'nec', b'net', b'netbank',
-            b'neustar', b'nexus', b'nf', b'ng', b'ngo', b'nhk', b'ni', b'nico', b'nl', b'nowruz', b'nowtv', b'np',
-            b'nr', b'nra', b'nrw', b'ntt', b'nu', b'nyc', b'nz', b'obi', b'ollo', b'om', b'ong', b'onl', b'org', b'ott',
-            b'ovh', b'pa', b'pccw', b'pe', b'pet', b'pf', b'pg', b'ph', b'pid', b'pin', b'ping', b'pk', b'pl', b'pm',
-            b'pn', b'pnc', b'pohl', b'porn', b'post', b'pr', b'pro', b'prod', b'ps', b'pt', b'pub', b'pw', b'pwc',
-            b'py', b'qa', b'qpon', b'quebec', b're', b'ren', b'rio', b'ro', b'rocher', b'rs', b'rsvp', b'ru', b'ruhr',
-            b'rw', b'rwe', b'ryukyu', b'sa', b'sap', b'sarl', b'sas', b'saxo', b'sb', b'sbi', b'sbs',
-            b'sc', b'sca', b'scb', b'sd', b'se', b'sew', b'sex', b'sfr', b'sg', b'sh', b'si', b'sina', b'site',
-            b'sj', b'sk', b'skype', b'sl', b'sm', b'sn', b'sncf', b'so', b'sr', b'srl', b'st', b'stc', b'stcgroup',
-            b'su', b'sv', b'sx', b'sy', b'sydney', b'systems', b'sz', b'tab',
-            b'taipei', b'taobao', b'tc', b'tci', b'td', b'tdk', b'tel', b'teva', b'tf', b'tg', b'th', b'thd', b'tj',
-            b'tk', b'tl', b'tm', b'tmall', b'tn', b'to', b'tokyo', b'tr', b'trv', b'tt', b'tube', b'tui', b'tunes',
-            b'tushu', b'tv', b'tw', b'tz', b'ua', b'ubs', b'ug', b'uk', b'uno', b'uol', b'ups', b'us', b'uy', b'uz',
-            b'va', b'vc', b've', b'vet', b'vg', b'vi', b'vig', b'vin', b'vip', b'vn',
-            b'vu', b'wed', b'weibo', b'weir', b'wf', b'whoswho', b'wien', b'wiki', b'win', b'windows', b'wme', b'ws',
-            b'wtc', b'wtf', b'xbox', b'xerox', b'xihuan', b'xin', b'xn--11b4c3d', b'xn--1ck2e1b',
-            b'xn--1qqw23a', b'xn--30rr7y', b'xn--3bst00m', b'xn--3ds443g', b'xn--3e0b707e', b'xn--3pxu8k',
-            b'xn--42c2d9a', b'xn--45brj9c', b'xn--45q11c', b'xn--4gbrim', b'xn--55qw42g', b'xn--55qx5d',
-            b'xn--5su34j936bgsg', b'xn--5tzm5g', b'xn--6frz82g', b'xn--6qq986b3xl', b'xn--80adxhks',
-            b'xn--80ao21a', b'xn--80asehdb', b'xn--80aswg', b'xn--8y0a063a', b'xn--90a3ac', b'xn--90ae',
-            b'xn--90ais', b'xn--9dbq2a', b'xn--9et52u', b'xn--9krt00a', b'xn--b4w605ferd', b'xn--bck1b9a5dre4c',
-            b'xn--c1avg', b'xn--c2br7g', b'xn--cck2b3b', b'xn--cg4bki', b'xn--clchc0ea0b2g2a9gcd',
-            b'xn--czr694b', b'xn--czrs0t', b'xn--czru2d', b'xn--d1acj3b', b'xn--d1alf', b'xn--e1a4c',
-            b'xn--eckvdtc9d', b'xn--efvy88h', b'xn--fct429k', b'xn--fhbei', b'xn--fiq228c5hs',
-            b'xn--fiq64b', b'xn--fiqs8s', b'xn--fiqz9s', b'xn--fjq720a', b'xn--flw351e', b'xn--fpcrj9c3d',
-            b'xn--fzc2c9e2c', b'xn--fzys8d69uvgm', b'xn--g2xx48c', b'xn--gckr3f0f', b'xn--gecrj9c',
-            b'xn--h2brj9c', b'xn--hxt814e', b'xn--i1b6b1a6a2e', b'xn--imr513n', b'xn--io0a7i', b'xn--j1aef',
-            b'xn--j1amh', b'xn--j6w193g', b'xn--jlq61u9w7b', b'xn--jvr189m', b'xn--kcrx77d1x4a', b'xn--kprw13d',
-            b'xn--kpry57d', b'xn--kput3i', b'xn--l1acc', b'xn--lgbbat1ad8j', b'xn--mgb9awbf',
-            b'xn--mgba3a3ejt', b'xn--mgba3a4f16a', b'xn--mgba7c0bbn0a', b'xn--mgbaam7a8h', b'xn--mgbab2bd',
-            b'xn--mgbayh7gpa', b'xn--mgbbh1a71e', b'xn--mgbc0a9azcg', b'xn--mgbca7dzdo',
-            b'xn--mgberp4a5d4ar', b'xn--mgbpl2fh', b'xn--mgbt3dhd', b'xn--mgbtx2b', b'xn--mgbx4cd0ab',
-            b'xn--mix891f', b'xn--mk1bu44c', b'xn--mxtq1m', b'xn--ngbc5azd', b'xn--ngbe9e0a', b'xn--node',
-            b'xn--nqv7f', b'xn--nqv7fs00ema', b'xn--nyqy26a', b'xn--o3cw4h', b'xn--ogbpf8fl', b'xn--p1acf',
-            b'xn--p1ai', b'xn--pgbs0dh', b'xn--pssy2u', b'xn--q9jyb4c', b'xn--qcka1pmc',
-            b'xn--qxam', b'xn--rhqv96g', b'xn--rovu88b', b'xn--s9brj9c', b'xn--ses554g', b'xn--t60b56a',
-            b'xn--tckwe', b'xn--unup4y', b'xn--vermgensberater-ctb', b'xn--vermgensberatung-pwb', b'xn--vhquv',
-            b'xn--vuq861b', b'xn--w4r85el8fhu5dnra', b'xn--w4rs40l', b'xn--wgbh1c', b'xn--wgbl6a',
-            b'xn--xhq521b', b'xn--xkc2al3hye2a', b'xn--xkc2dl3a5ee0h', b'xn--y9a3aq', b'xn--yfro4i67o',
-            b'xn--ygbi2ammx', b'xn--zfr164b', b'xyz', b'yahoo', b'yamaxun',
-            b'yandex', b'ye', b'yokohama', b'you', b'youtube', b'yt', b'yun', b'za', b'zappos',
-            b'zara', b'zero', b'zm', b'zone', b'zuerich', b'zw'}
-
-# --- PEStudio Patterns ------------------------------------------------------------------------------------------------
-
-    PEST_API, PEST_BLACKLIST, PEST_POWERSHELL = get_xml_strings()
-
-# --- Regex Patterns ---------------------------------------------------------------------------------------------------
-
-    PAT_DOMAIN = rb'(?i)\b(?:[A-Z0-9-]+\.)+(?:XN--[A-Z0-9]{4,18}|[A-Z]{2,12})\b'
-    PAT_FILECOM = rb'(?i)(?:\b[a-z]?[:]?[- _A-Z0-9.\\~]{0,75}[%]?' \
-                  rb'(?:ALLUSERPROFILE|APPDATA|commonappdata|CommonProgramFiles|HOMEPATH|LOCALAPPDATA|' \
-                  rb'ProgramData|ProgramFiles|PUBLIC|SystemDrive|SystemRoot|\\TEMP|USERPROFILE|' \
-                  rb'windir|system32|syswow64|\\user)[%]?\\[-_A-Z0-9\.\\]{1,200}\b|' \
-                  rb'/home/[-_A-Z0-9\./]{0,50}|/usr/local[-_A-Z0-9\./]{0,50}|/usr/bin[-_A-Z0-9\./]{0,50}|' \
-                  rb'/var/log[-_A-Z0-9\./]{0,50}|/etc/(?:shadow|group|passwd))'
-    PAT_FILEEXT = rb'(?i)\b[a-z]?[:]?[- _A-Z0-9.\\~]{0,200}\w\.' \
-                  rb'(?:7Z|APK|APP|BAT|BIN|CLASS|CMD|DAT|DOC|DOCX|DLL|EML|EXE|JAR|JPEG|JPG|JS|JSE|LNK|LOG|MSI|' \
-                  rb'OSX|PAF|PDF|PNG|PPT|PPTX|PS1|RAR|RTF|SCR|SWF|SYS|[T]?BZ[2]?|TXT|TMP|VBE|VBS|WSF|WSH|XLS' \
-                  rb'|XLSX|ZIP)\b'
-    PAT_FILEPDB = rb'(?i)\b[-_A-Z0-9.\\]{0,200}\w\.PDB\b'
-    PAT_EMAIL = rb'(?i)\b[A-Z0-9._%+-]{3,200}@(?:[A-Z0-9-]+\.)+(?:XN--[A-Z0-9]{4,18}|[A-Z]{2,12})\b'
-    PAT_IP = rb'\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b'
-    PAT_REGIS = rb'(?i)\b[- _A-Z0-9.\\]{0,25}' \
-                rb'(?:controlset001|controlset002|currentcontrolset|currentversion|HKCC|HKCR|HKCU|HKDD|' \
-                rb'hkey_classes_root|hkey_current_config|hkey_current_user|hkey_dyn_data|hkey_local_machine|' \
-                rb'HKLM|hkey_performance_data|hkey_users|HKPD|internet settings|\\sam|\\software|\\system|' \
-                rb'\\userinit)' \
-                rb'\\[-_A-Z0-9.\\ ]{1,200}\b'
-    PAT_URL = rb'(?i)(?:ftp|http|https)://' \
-              rb'[A-Z0-9.-]{1,}\.(?:XN--[A-Z0-9]{4,18}|[a-z]{2,12}|[0-9]{1,3})' \
-              rb'(?::[0-9]{1,5})?' \
-              rb'(?:/[A-Z0-9/\-\.&%\$#=~\?_+]{3,200}){0,1}'
-    PAT_ANYHTTP = rb'(?i)http://' \
-                  rb'[A-Z0-9.-]{6,}\.' \
-                  rb'(?:XN--[A-Z0-9]{4,18}|[a-z]{2,12}|[0-9]{1,3})' \
-                  rb'(?::[0-9]{1,5})?' \
-                  rb'/[A-Z0-9/\-\.&%\$#=~\?_+]{5,}[\r\n]*'
-    PAT_ANYHTTPS = rb'(?i)https://' \
-                   rb'[A-Z0-9.-]{6,}\.' \
-                   rb'(?:XN--[A-Z0-9]{4,18}|[a-z]{2,12}|[0-9]{1,3})' \
-                   rb'(?::[0-9]{1,5})?' \
-                   rb'/[A-Z0-9/\-\.&%\$#=~\?_+]{5,}[\r\n]*'
-    PAT_ANYFTP = rb'(?i)ftp://' \
-                 rb'[A-Z0-9.-]{6,}\.' \
-                 rb'(?:XN--[A-Z0-9]{4,18}|[a-z]{2,12}|[0-9]{1,3})' \
-                 rb'(?::[0-9]{1,5})?' \
-                 rb'/[A-Z0-9/\-\.&%\$#=~\?_+]{5,}[\r\n]*'
-    PAT_URI_NO_PROTOCOL = rb'(?:(?:(?:[A-Za-z]*:)?//)' \
-                          rb'(?:[^"\']\S+(?::\S*)?@)?' \
-                          rb'(?:(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}' \
-                          rb'(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' \
-                          rb'|(?:(?:[A-Za-z0-9\\u00a1-\\uffff][A-Za-z0-9\\u00a1-\\uffff_-]{0,62})?' \
-                          rb'[A-Za-z0-9\\u00a1-\\uffff]\.)+(?:xn--)?' \
-                          rb'(?:[A-Za-z0-9\\u00a1-\\uffff]{2,}\.?))' \
-                          rb'(?::\d{2,5})?)' \
-                          rb'(?:[/?#=&%][a-zA-Z0-9.\-_~\$\.\+\!\*\'\(\)\,]+)*'
-
-    PAT_EXEDOS = rb'This program cannot be run in DOS mode'
-    PAT_EXEHEADER = rb'(?s)MZ.{32,1024}PE\000\000'
-
-# --- Find Match for IOC Regex, Return Dictionary: {[AL Tag Type:(Match Values)]} --------------------------------------
-
-    def ioc_match(self, value, bogon_ip=None, just_network=None):
-        # NOTES:
-        # '(?i)' makes a regex case-insensitive
-        # \b matches a word boundary, it can help speeding up regex search and avoiding some false positives.
-        # See http://www.regular-expressions.info/wordboundaries.html
-        value_extract = {}
-        # ------------------------------------------------------------------------------
-        # IP ADDRESSES
-        # Pattern_re("IP addresses", r"\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}", weight=10),
-        # Here I use \b to make sure there is no other digit around and to speedup search
-        # print("ips")
-        find_ip = re.findall(self.PAT_IP, value)
-        if len(find_ip) > 0:
-            longeststring = max(find_ip, key=len)
-            if len(longeststring) == len(value):
-                not_filtered = self.ipv4_filter(value, bogon=bogon_ip)
-                if not_filtered:
-                    value_extract.setdefault('network.static.ip', set()).add(value)
-                # If the complete value matches the IP regex, not interested in other regex values
-                return value_extract
-            if len(find_ip) == 1:
-                for val in find_ip:
-                    not_filtered = self.ipv4_filter(val, bogon=bogon_ip)
-                    if not_filtered:
-                        value_extract.setdefault('network.static.ip', set()).add(val)
-            else:
-                like_ls = process.extract(str(longeststring), find_ip, limit=50)
-                final_values = list(filter(lambda ls: ls[1] < 99, like_ls))
-                final_values.append((longeststring, 100))
-                for val in final_values:
-                    not_filtered = self.ipv4_filter(val[0], bogon=bogon_ip)
-                    if not_filtered:
-                        value_extract.setdefault('network.static.ip', set()).add(val[0])
-        # ------------------------------------------------------------------------------
-        # URLs
-        # print("urls")
-        find_url = re.findall(self.PAT_URL, value)
-        if len(find_url) > 0:
-            ret = False
-            longeststring = max(find_url, key=len)
-            if len(longeststring) == len(value):
-                ret = True
-                final_values = [(value, 100)]
-            elif len(find_url) == 1:
-                final_values = [(find_url[0], 100)]
-            else:
-                like_ls = process.extract(str(longeststring), find_url, limit=50)
-                final_values = list(filter(lambda ls: ls[1] < 95, like_ls))
-                final_values.append((longeststring, 100))
-
-            for val in final_values:
-                value_extract.setdefault('network.static.uri', set()).add(val[0])
-
-                # Extract domain from URL
-                find_domain = re.findall(self.PAT_DOMAIN, val[0])
-                if len(find_domain) != 0:
-                    longeststring = max(find_domain, key=len)
-                    not_filtered = self.domain_filter(longeststring)
-                    if not_filtered:
-                        value_extract.setdefault('network.static.domain', set()).add(longeststring)
-            if ret:
-                return value_extract
-        # ------------------------------------------------------------------------------
-        # E-MAIL ADDRESSES
-        # r'(?i)\b[A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+(?:[A-Z]{2}|com|org|net|edu|gov|mil|int|biz|info|mobi|name|aero|asia|jobs|museum)\b',
-        # changed to catch all current TLDs registered at IANA (in combination with filter function):
-        # TLD = either only chars from 2 to 12, or 'XN--' followed by up to 18 chars and digits
-        # print("emails")
-        find_email = re.findall(self.PAT_EMAIL, value)
-        if len(find_email) > 0:
-            longeststring = max(find_email, key=len)
-            if len(longeststring) == len(value):
-                not_filtered = self.email_filter(value)
-                if not_filtered:
-                    value_extract.setdefault('network.email.address', set()).add(value)
-                    return value_extract
-            if len(find_email) == 1:
-                for val in find_email:
-                    not_filtered = self.email_filter(val)
-                    if not_filtered:
-                        value_extract.setdefault('network.email.address', set()).add(val)
-            else:
-                like_ls = process.extract(str(longeststring), find_email, limit=50)
-                final_values = list(filter(lambda ls: ls[1] < 95, like_ls))
-                final_values.append((longeststring, 100))
-                for val in final_values:
-                    not_filtered = self.email_filter(val[0])
-                    if not_filtered:
-                        value_extract.setdefault('network.email.address', set()).add(val[0])
-        # ------------------------------------------------------------------------------
-        # DOMAIN NAMES
-        # Old: r'(?=^.{1,254}$)(^(?:(?!\d+\.|-)[a-zA-Z0-9_\-]{1,63}(?<!-)\.?)+(?:[a-zA-Z]{2,})$)'
-        # Below is taken from email regex above
-        # print("domains")
-        find_domain = re.findall(self.PAT_DOMAIN, value)
-        if len(find_domain) > 0 and len(max(find_domain, key=len)) > 11:
-            longeststring = max(find_domain, key=len)
-            if len(longeststring) == len(value):
-                not_filtered = self.domain_filter(value)
-                if not_filtered:
-                    value_extract.setdefault('network.static.domain', set()).add(value)
-                    return value_extract
-            if len(find_domain) == 1:
-                for val in find_domain:
-                    not_filtered = self.domain_filter(val)
-                    if not_filtered:
-                        value_extract.setdefault('network.static.domain', set()).add(val)
-            else:
-                like_ls = process.extract(str(longeststring), find_domain, limit=50)
-                final_values = list(filter(lambda ls: ls[1] < 95, like_ls))
-                final_values.append((longeststring, 100))
-                for val in final_values:
-                    not_filtered = self.domain_filter(val[0])
-                    if not_filtered:
-                        value_extract.setdefault('network.static.domain', set()).add(val[0])
-
-        if just_network:
-            return value_extract
-
-        # ------------------------------------------------------------------------------
-        # FILENAMES
-        # Check length
-        # Ends with extension of interest or contains strings of interest
-        # print("files")
-        filefind_pdb = re.findall(self.PAT_FILEPDB, value)
-        if len(filefind_pdb) > 0:
-            if len(max(filefind_pdb, key=len)) > 6:
-                longeststring = max(filefind_pdb, key=len)
-                if len(longeststring) == len(value):
-                    value_extract.setdefault('file.pe.pdb_filename', set()).add(value)
-                    return value_extract
-                if len(filefind_pdb) == 1:
-                    for val in filefind_pdb:
-                        value_extract.setdefault('file.pe.pdb_filename', set()).add(val)
-                else:
-                    like_ls = process.extract(str(longeststring), filefind_pdb, limit=50)
-                    final_values = list(filter(lambda ls: ls[1] < 95, like_ls))
-                    final_values.append((longeststring, 100))
-                    for val in final_values:
-                        value_extract.setdefault('file.pe.pdb_filename', set()).add(val[0])
-        filefind_ext = re.findall(self.PAT_FILEEXT, value)
-        if len(filefind_ext) > 0:
-            if len(max(filefind_ext, key=len)) > 6:
-                longeststring = max(filefind_ext, key=len)
-                if len(longeststring) == len(value):
-                    value_extract.setdefault('file.name.extracted', set()).add(value)
-                    return value_extract
-                if len(filefind_ext) == 1:
-                    for val in filefind_ext:
-                        value_extract.setdefault('file.name.extracted', set()).add(val)
-                else:
-                    like_ls = process.extract(str(longeststring), filefind_ext, limit=50)
-                    final_values = list(filter(lambda ls: ls[1] < 95, like_ls))
-                    final_values.append((longeststring, 100))
-                    for val in final_values:
-                        value_extract.setdefault('file.name.extracted', set()).add(val[0])
-        filefind_com = re.findall(self.PAT_FILECOM, value)
-        if len(filefind_com) > 0 and len(max(filefind_com, key=len)) > 6:
-            longeststring = max(filefind_com, key=len)
-            if len(longeststring) == len(value):
-                value_extract.setdefault('file.name.extracted', set()).add(value)
-                return value_extract
-            if len(filefind_com) == 1:
-                for val in filefind_com:
-                    value_extract.setdefault('file.name.extracted', set()).add(val)
-            else:
-                like_ls = process.extract(str(longeststring), filefind_com, limit=50)
-                final_values = list(filter(lambda ls: ls[1] < 95, like_ls))
-                final_values.append((longeststring, 100))
-                for val in final_values:
-                    value_extract.setdefault('file.name.extracted', set()).add(val[0])
-        # ------------------------------------------------------------------------------
-        # REGISTRYKEYS
-        # Looks for alpha numeric characters seperated by at least two sets of '\'s
-        # print("reg")
-        regfind = re.findall(self.PAT_REGIS, value)
-        if len(regfind) > 0 and len(max(regfind, key=len)) > 15:
-            longeststring = max(regfind, key=len)
-            if len(longeststring) == len(value):
-                value_extract.setdefault('dynamic.registry_key', set()).add(value)
-                return value_extract
-            if len(regfind) == 1:
-                for val in regfind:
-                    value_extract.setdefault('dynamic.registry_key', set()).add(val)
-            else:
-                like_ls = process.extract(str(longeststring), regfind, limit=50)
-                final_values = list(filter(lambda ls: ls[1] < 90, like_ls))
-                final_values.append((longeststring, 100))
-                for val in final_values:
-                    value_extract.setdefault('dynamic.registry_key', set()).add(val[0])
-        # ------------------------------------------------------------------------------
-        # PEStudio Blacklist
-        # Flags strings from PEStudio's Blacklist
-        final_values = []
-        for k, i in self.PEST_BLACKLIST.items():
-            for e in i:
-                val = bytes(e, 'utf8')
-                if val in value:
-                    final_values.append(val)
-        if len(final_values) > 0:
-            value_extract['file.string.blacklisted'] = set()
-        for val in final_values:
-            value_extract['file.string.blacklisted'].add(val)
-        # -----------------------------------------------------------------------------
-        # Function/Library Strings
-        # Win API strings from PEStudio's Blacklist
-        final_values = []
-        for k, i in self.PEST_API.items():
-            for e in i:
-                val = bytes(e, 'utf8')
-                if val in value:
-                    final_values.append(val)
-        if len(final_values) > 0:
-            value_extract['file.string.api'] = set()
-        for val in final_values:
-            value_extract['file.string.api'].add(val)
-        # -----------------------------------------------------------------------------
-        # Powershell Strings
-        # Powershell Cmdlets added to PEStudio's strings.xml list
-        final_values = []
-        for k, i in self.PEST_POWERSHELL.items():
-            for e in i:
-                val = bytes(e, 'utf8')
-                if val in value:
-                    final_values.append(val)
-        if len(final_values) > 0:
-            value_extract['file.powershell.cmdlet'] = set()
-        for val in final_values:
-            value_extract['file.powershell.cmdlet'].add(val)
-
-        return value_extract
-
-# --- Filters ----------------------------------------------------------------------------------------------------------
-
-    @staticmethod
-    def ipv4_filter(value, bogon=None, **_):
-        """
-        IPv4 address filter:
-        - check if string length is >7 (e.g. not just 4 digits and 3 dots)
-        - check if not in list of bogon IP addresses
-        return True if OK, False otherwise.
-        """
-        ip = value
-
-        # 0.0.0.0 255.0.0.0e
-        # > 255
-        if ip.startswith(b'0'):
-            return False
-        for x in ip.split(b'.'):
-            if int(x) > 255:
-                return False
-
-        # also reject IPs ending with .0 or .255
-        if ip.endswith(b'.0') or ip.endswith(b'.255'):
-            return False
-
-        # BOGON IP ADDRESS RANGES:
-        # source: http://www.team-cymru.org/Services/Bogons/bogon-dd.html
-
-        if bogon is not None:
-            # extract 1st and 2nd decimal number from IP as int:
-            ip_bytes = ip.split(b'.')
-            byte1 = int(ip_bytes[0])
-            byte2 = int(ip_bytes[1])
-            # print 'ip=%s byte1=%d byte2=%d' % (ip, byte1, byte2)
-
-            # actually we might want to see the following bogon IPs if malware uses them
-            # => this should be an option
-            # 10.0.0.0 255.0.0.0
-            if ip.startswith(b'10.'):
-                return False
-            # 100.64.0.0 255.192.0.0
-            if ip.startswith(b'100.') and (byte2 & 192 == 64):
-                return False
-            # 127.0.0.0 255.0.0.0
-            if ip.startswith(b'127.'):
-                return False
-            # 169.254.0.0 255.255.0.0
-            if ip.startswith(b'169.254.'):
-                return False
-            # 172.16.0.0 255.240.0.0
-            if ip.startswith(b'172.') and (byte2 & 240 == 16):
-                return False
-            # 192.0.0.0 255.255.255.0
-            if ip.startswith(b'192.0.0.'):
-                return False
-            # 192.0.2.0 255.255.255.0
-            if ip.startswith(b'192.0.2.'):
-                return False
-            # 192.168.0.0 255.255.0.0
-            if ip.startswith(b'192.168.'):
-                return False
-            # 198.18.0.0 255.254.0.0
-            if ip.startswith(b'198.') and (byte2 & 254 == 18):
-                return False
-            # 198.51.100.0 255.255.255.0
-            if ip.startswith(b'198.51.100.'):
-                return False
-            # 203.0.113.0 255.255.255.0
-            if ip.startswith(b'203.0.113.'):
-                return False
-            # 224.0.0.0 240.0.0.0
-            if byte1 & 240 == 224:
-                return False
-            # 240.0.0.0 240.0.0.0
-            if byte1 & 240 == 240:
-                return False
-
-        # otherwise it's a valid IP adress
-        return True
-
-    def email_filter(self, value, **_):
-        # check length, e.g. longer than xy@hp.fr
-        # check case? e.g. either lower, upper, or capital (but CamelCase covers
-        # almost everything... the only rejected case would be starting with lower
-        # and containing upper?)
-        # or reject mixed case in last part of domain name? (might filter 50% of
-        # false positives)
-        # optionally, DNS MX query with caching?
-
-        user, domain = value.split(b'@', 1)
-        if len(user) < 3:
-            return False
-        if len(domain) < 5:
-            return False
-        tld = domain.rsplit(b'.', 1)[1].lower()
-        if tld not in self.TDLS:
-            return False
-
-        return True
-
-    def domain_filter(self, value, **_):
-        # check length
-        # check match again tlds set
-        if len(value) < 10:
-            return False
-        # No more than 3 domain names
-        if value.count(b'.') > 3:
-            return False
-        uniq_char = ''.join(set(str(value)))
-        if len(uniq_char) < 6:
-            return False
-        fld = value.split(b'.')
-        tld = value.rsplit(b'.', 1)[1].lower()
-        # If only two domain levels and either second level < 6 char or tld <= 2 char, or top-level not in list
-        if (len(fld) <= 2 and len(fld[0]) < 6) or tld not in self.TDLS:
-            return False
-        return True
-
-    @staticmethod
-    def str_filter(value, **_):
-        """
-        String filter: avoid false positives with random case. A typical string
-        should be either:
-        - all UPPERCASE
-        - all lowercase
-        - or Capitalized
-        return True if OK, False otherwise.
-        Usage: This filter is meant to be used with string patterns that catch words
-        with the option nocase=True, but where random case is not likely.
-        Note 1: It is assumed the string only contains alphabetical characters (a-z)
-        Note 2: this filter does not cover CamelCase strings.
-        """
-        # case 1: all UPPERCASE
-        # case 2: all lowercase except 1st character which can be uppercase (Capitalized)
-        if value.isupper() or value[1:].islower():
-            return True
-        # Note: we could also use istitle() if strings are not only alphabetical.
-
-    @staticmethod
-    def len_filter(value, **_):
-        if len(value) < 10:
-            return False
-        return True
-
-# --- BBCrack Patterns -------------------------------------------------------------------------------------------------
-
-    def bbcr(self, level=1):
-
-        if level == 'small_string':
-            bbcrack_patterns = [
-                Pattern_re("FTP://_NET_FULL_URI", self.PAT_ANYFTP, weight=100),
-                Pattern_re("HTTP://_NET_FULL_URI", self.PAT_ANYHTTP, weight=100),
-                Pattern_re("HTTPS://_NET_FULL_URI", self.PAT_ANYHTTPS, weight=100),
-            ]
-            return bbcrack_patterns
-
-        bbcrack_patterns = [
-            Pattern_re("EXE_HEAD", self.PAT_EXEHEADER, weight=100),
-            Pattern_re("EXE_DOS", self.PAT_EXEDOS, weight=100),
-            Pattern_re("NET_FULL_URI", self.PAT_URL, weight=100),
-        ]
-
-        if level == 2:
-            # Add PEStudio's API String list, weight will default to 1:
-            for k, i in self.PEST_API.items():
-                if k == "topapi" or k == "lib":
-                    for e in i:
-                        if len(e) > 6:
-                            bbcrack_patterns.append(Pattern('file.string.api', e, nocase=True, weight=1000))
-
-        return bbcrack_patterns
diff --git a/assemblyline_v4_service/common/dynamic_service_helper.py b/assemblyline_v4_service/common/dynamic_service_helper.py
deleted file mode 100644
index 7c28f456..00000000
--- a/assemblyline_v4_service/common/dynamic_service_helper.py
+++ /dev/null
@@ -1,3631 +0,0 @@
-from datetime import datetime
-from hashlib import sha256
-from json import dumps
-from logging import getLogger
-from re import compile, escape, findall
-from re import match as re_match
-from re import sub
-from typing import Any, Dict, List, Optional, Union
-from urllib.parse import urlparse
-from uuid import UUID, uuid4
-
-from assemblyline.common import log as al_log
-from assemblyline.common.attack_map import attack_map, group_map, revoke_map, software_map
-from assemblyline.common.digests import get_sha256_for_file
-from assemblyline.common.isotime import LOCAL_FMT, MAX_TIME, MIN_TIME, epoch_to_local, format_time, local_to_epoch
-from assemblyline.common.uid import get_random_id
-from assemblyline.odm.base import DOMAIN_REGEX, FULL_URI, IP_REGEX, IPV4_REGEX, URI_PATH
-from assemblyline.odm.models.ontology.results import NetworkConnection as NetworkConnectionModel
-from assemblyline.odm.models.ontology.results import Process as ProcessModel
-from assemblyline.odm.models.ontology.results import Sandbox as SandboxModel
-from assemblyline.odm.models.ontology.results import Signature as SignatureModel
-
-# from assemblyline_v4_service.common.balbuzard.patterns import PatternMatch
-from assemblyline_v4_service.common.base import ServiceBase
-from assemblyline_v4_service.common.request import ServiceRequest
-from assemblyline_v4_service.common.result import (
-    ProcessItem,
-    ResultProcessTreeSection,
-    ResultSection,
-    ResultTableSection,
-    TableRow,
-)
-from assemblyline_v4_service.common.safelist_helper import URL_REGEX, is_tag_safelisted
-from assemblyline_v4_service.common.tag_helper import add_tag
-from assemblyline_v4_service.common.task import MaxExtractedExceeded
-
-al_log.init_logging("service.service_base.dynamic_service_helper")
-log = getLogger("assemblyline.service.service_base.dynamic_service_helper")
-
-X86_64 = "x86_64"
-X86 = "x86"
-
-SYSTEM_DRIVE = "c:\\"
-SYSTEM_ROOT = "c:\\windows\\"
-WINDIR_ENV_VARIABLE = "%windir%"
-SAMPLEPATH_ENV_VARIABLE = "%samplepath%"
-SZ_USR_TEMP_PATH = "users\\*\\appdata\\local\\temp\\"
-SZ_USR_PATH = "users\\*\\"
-ARCH_SPECIFIC_DEFAULTS = {
-    X86_64: {
-        "szProgFiles86": "program files (x86)",
-        "szProgFiles64": "program files",
-        "szSys86": "syswow64",
-        "szSys64": "system32",
-    },
-    X86: {"szProgFiles86": "program files", "szSys86": "system32"},
-}
-
-HOLLOWSHUNTER_EXE_REGEX = r"[0-9]{1,}_hollowshunter\/hh_process_[0-9]{3,}_[0-9a-z]{3,}(\.[a-zA-Z0-9]{2,})*\.exe$"
-HOLLOWSHUNTER_DLL_REGEX = r"[0-9]{1,}_hollowshunter\/hh_process_[0-9]{3,}_[0-9a-z]{3,}(\.[a-zA-Z0-9]{2,})*\.dll$"
-
-HOLLOWSHUNTER_TITLE = "HollowsHunter Injected Portable Executable"
-
-MIN_DOMAIN_CHARS = 8
-# Choosing an arbitrary number, based on https://webmasters.stackexchange.com/questions/16996/maximum-domain-name-length
-MAX_DOMAIN_CHARS = 100
-MIN_URI_CHARS = 11
-MIN_URI_PATH_CHARS = 4
-
-# There are samples that inject themselves for the entire analysis time
-# and have the potential to exceed depths of 1000. Also, the assumption with 10 is that no process
-# tree would be that complex and useful at the same time.
-PROCESS_TREE_DEPTH_LIMIT = 10
-OBJECTID_KEYS = [
-    "tag",
-    "ontology_id",
-    "service_name",
-    "guid",
-    "treeid",
-    "processtree",
-    "time_observed",
-    "session",
-]
-POBJECTID_KEYS = [
-    "ptag",
-    "pontology_id",
-    "pservice_name",
-    "pguid",
-    "ptreeid",
-    "pprocesstree",
-    "ptime_observed",
-    "psession",
-    "ontology_id",
-    "service_name",
-]
-
-MAX_TIME = format_time(MAX_TIME, LOCAL_FMT)
-MIN_TIME = format_time(MIN_TIME, LOCAL_FMT)
-
-SERVICE_NAME = None
-
-# The following lists of domains and top-level domains are used for finding false-positives
-# when extracting domains from text blobs
-COMMON_FP_DOMAINS = ["example.com"]
-COMMON_FP_TLDS_THAT_ARE_FILE_EXTS = [".one", ".pub", ".py", ".sh", ".zip"]
-COMMON_FP_TLDS_THAT_ARE_JS_COMMANDS = [".test", ".id", ".call", ".top", ".map", ".support", ".run", ".shell", ".net", ".stream"]
-COMMON_FP_TLDS = COMMON_FP_TLDS_THAT_ARE_FILE_EXTS + COMMON_FP_TLDS_THAT_ARE_JS_COMMANDS
-
-# Arbitrarily chosen common URL schemes from https://en.wikipedia.org/wiki/List_of_URI_schemes
-COMMON_SCHEMES = [
-    "dns", "dntp", "file", "ftp", "git", "http", "https", "icap", "imap", "irc", "irc6", "ircs", "nfs", "rdp",
-    "s3", "sftp", "shttp", "smb", "sms", "snmp", "ssh", "telnet", "tftp", "udp",
-]
-
-
-def set_required_argument(self: object, name: str, value: Any, value_type: Any) -> None:
-    """
-    This method performs validation of a value that is to be set to an object attribute
-    :param self: The object whose attribute will be set
-    :param name: The name of the attribute
-    :param value: The value to be set
-    :param value_type: The type that the value should be
-    :return: None
-    """
-    if not value:
-        raise ValueError(f"{name} must have a legitimate value")
-    elif not isinstance(value, value_type):
-        raise TypeError(f"{name} must be a {value_type}")
-    else:
-        setattr(self, name, value)
-
-
-def set_optional_argument(self, name: str, value: Any, value_type: Any) -> None:
-    """
-    This method performs validation of an optional value that is to be set to an object attribute
-    :param self: The object whose attribute will be set
-    :param name: The name of the attribute
-    :param value: The value to be set
-    :param value_type: The type that the value should be
-    :return: None
-    """
-    if value is not None and not value:
-        raise ValueError(f"{name} must have a legitimate value")
-    elif value and not isinstance(value, value_type):
-        raise TypeError(f"{name} must be a {value_type}")
-    else:
-        setattr(self, name, value)
-
-
-def update_object_items(self: object, update_items: Dict[str, Any]) -> None:
-    """
-    This method updates the attributes of an object
-    :param update_items: A dictionary where the keys are the object attributes to be updated
-    :return: None
-    """
-    if all(value is None for value in update_items.values()):
-        return
-    for key, value in update_items.items():
-        if value is None or value == "":
-            continue
-        if hasattr(self, key) and getattr(self, key) not in [
-            "",
-            None,
-            [],
-            {},
-            (),
-            MAX_TIME,
-            MIN_TIME,
-        ]:
-            # DO NOT OVERWRITE DATA (UNLESS ITS EMPTY)
-            pass
-        elif hasattr(self, key):
-            setattr(self, key, value)
-        else:
-            log.warning(
-                f"{self.__class__} does not have the attribute {key}. Ignoring..."
-            )
-
-
-class Artifact:
-    """
-    This class is used for representing artifacts found in sandboxes
-    """
-
-    def __init__(
-        self,
-        name: str = None,
-        path: str = None,
-        description: str = None,
-        to_be_extracted: bool = None,
-        sha256: str = None,
-    ):
-        """
-        This method initializes an artifact object
-        :param name: The name of the artifact
-        :param path: The path of the artifact
-        :param description: The description of the artifact
-        :param to_be_extracted: A flag indicating if the artifact should be extracted or added as a supplementary file
-        :param sha256: The SHA256 hash of the artifact's contents
-        """
-        if any(item is None for item in [name, path, description, to_be_extracted]):
-            raise Exception("Missing positional arguments for Artifact validation")
-
-        self.name = name
-        self.path = path
-        self.description = description
-        self.to_be_extracted = to_be_extracted
-        self.sha256 = sha256
-
-    def as_primitives(self) -> Dict[str, Any]:
-        """
-        This method returns the dictionary representation of the object
-        :return: The dictionary representation of the object
-        """
-        return {key: value for key, value in self.__dict__.items()}
-
-
-class ObjectID:
-    def __init__(
-        self,
-        tag: str,
-        ontology_id: str,
-        service_name: Optional[str] = None,
-        guid: Optional[str] = None,
-        treeid: Optional[str] = None,
-        processtree: Optional[str] = None,
-        time_observed: Optional[str] = None,
-        session: Optional[str] = None,
-    ) -> None:
-        """
-        This method initializes the characteristics used to identify an object
-        :param tag: The normalized tag of the object
-        :param ontology_id: Unique identifier of ontology
-        :param service_name: Component that generated this section
-        :param guid: The GUID associated with the object
-        :param treeid: The hash of the tree ID
-        :param processtree: Human-readable tree ID (concatenation of tags)
-        :param time_observed: The time at which the object was observed
-        :param session: Unifying session name/ID
-        :return: None
-        """
-        set_required_argument(self, "tag", tag, str)
-        set_required_argument(self, "ontology_id", ontology_id, str)
-
-        set_optional_argument(self, "service_name", service_name, str)
-        if not self.service_name and SERVICE_NAME is None:
-            raise ValueError("The service_name must be set")
-        elif not self.service_name and SERVICE_NAME:
-            self.service_name = SERVICE_NAME
-
-        set_optional_argument(self, "guid", guid, str)
-        if self.guid:
-            # Enforce this format for all given guids
-            self.guid = f"{{{str(UUID(guid)).upper()}}}"
-
-        set_optional_argument(self, "treeid", treeid, str)
-        set_optional_argument(self, "processtree", processtree, str)
-        set_optional_argument(self, "time_observed", time_observed, str)
-        set_optional_argument(self, "session", session, str)
-
-    def as_primitives(self) -> Dict[str, Any]:
-        """
-        This method returns the dictionary representation of the object
-        :return: The dictionary representation of the object
-        """
-        return {key: value for key, value in self.__dict__.items()}
-
-    def assign_guid(self) -> None:
-        """
-        This method assigns the GUID for the process object
-        :return: None
-        """
-        self.guid: str = f"{{{str(uuid4()).upper()}}}"
-
-    def set_tag(self, tag: str) -> None:
-        """
-        This method updates the tag for the ObjectID
-        :param tag: The tag of the ObjectID
-        :return: None
-        """
-        if not isinstance(tag, str) or not tag:
-            return
-        self.tag = tag
-
-    def set_time_observed(self, time_observed: str) -> None:
-        """
-        This method updates the time_observed for the ObjectID
-        :param time_observed: The time_observed of the ObjectID
-        :return: None
-        """
-        if not time_observed:
-            raise ValueError("time_observed must have a legitimate value")
-        elif time_observed and not isinstance(time_observed, str):
-            raise TypeError("time_observed must be a str")
-        else:
-            if "." in time_observed:
-                time_observed = time_observed[:time_observed.index(".")]
-            self.time_observed = str(datetime.strptime(time_observed, LOCAL_FMT))
-
-
-class Process:
-    def __init__(
-        self,
-        objectid: ObjectID,
-        image: str,
-        start_time: Optional[str] = None,
-        pobjectid: Optional[ObjectID] = None,
-        pimage: Optional[str] = None,
-        pcommand_line: Optional[str] = None,
-        ppid: Optional[int] = None,
-        pid: Optional[int] = None,
-        command_line: Optional[str] = None,
-        end_time: Optional[str] = None,
-        integrity_level: Optional[str] = None,
-        image_hash: Optional[str] = None,
-        original_file_name: Optional[str] = None,
-    ) -> None:
-        """
-        This method initializes a process object
-        :param objectid: The object ID of the process object
-        :param image: The image of the process
-        :param start_time: The time of creation for the process
-        :param pobjectid: The object ID of the parent process object
-        :param pimage: The image of the parent process that spawned this process
-        :param pcommand_line: The command line that the parent process ran
-        :param ppid: The process ID of the parent process
-        :param pid: The process ID
-        :param command_line: The command line that the process ran
-        :param end_time: The time of termination for the process
-        :param integrity_level: The integrity level of the process
-        :param image_hash: The hash of the file run
-        :param original_file_name: The original name of the file
-        :return: None
-        """
-        if (
-            start_time
-            and end_time
-            and local_to_epoch(start_time) > local_to_epoch(end_time)
-        ):
-            raise ValueError(
-                f"Start time {start_time} cannot be greater than end time {end_time}."
-            )
-
-        if pid and ppid and pid == ppid:
-            raise ValueError(f"PID {pid} cannot be equal to its PPID")
-
-        set_required_argument(self, "objectid", objectid, ObjectID)
-        set_required_argument(self, "image", image, str)
-        set_optional_argument(self, "start_time", start_time, str)
-        if self.objectid and self.start_time and self.objectid.time_observed is None:
-            self.objectid.time_observed = self.start_time
-
-        # Parent process details
-        set_optional_argument(self, "pobjectid", pobjectid, ObjectID)
-        set_optional_argument(self, "pimage", pimage, str)
-        set_optional_argument(self, "pcommand_line", pcommand_line, str)
-        set_optional_argument(self, "ppid", ppid, int)
-
-        set_optional_argument(self, "pid", pid, int)
-        set_optional_argument(self, "command_line", command_line, str)
-        set_optional_argument(self, "end_time", end_time, str)
-
-        set_optional_argument(self, "integrity_level", integrity_level, str)
-        if self.integrity_level:
-            self.integrity_level = self.integrity_level.lower()
-
-        set_optional_argument(self, "image_hash", image_hash, str)
-        set_optional_argument(self, "original_file_name", original_file_name, str)
-
-    def as_primitives(self) -> Dict[str, Any]:
-        """
-        This method returns the dictionary representation of the object
-        :return: The dictionary representation of the object
-        """
-        return {
-            key: value if not isinstance(value, ObjectID) else value.as_primitives()
-            for key, value in self.__dict__.items()
-        }
-
-    def update(self, **kwargs) -> None:
-        """
-        This method updates attributes with the given keyword arguments
-        :param kwargs: Key word arguments to be used for updating attributes
-        :return: None
-        """
-        if all(value is None for value in kwargs.values()):
-            return
-
-        if "objectid" in kwargs:
-            objectid = kwargs.pop("objectid")
-            if objectid and isinstance(objectid, ObjectID):
-                self.update_objectid(**objectid.as_primitives())
-            elif isinstance(objectid, Dict):
-                self.update_objectid(**objectid)
-
-        if "pobjectid" in kwargs:
-            pobjectid = kwargs.pop("pobjectid")
-            if pobjectid and isinstance(pobjectid, ObjectID):
-                self.update_pobjectid(**pobjectid.as_primitives())
-            elif isinstance(pobjectid, Dict):
-                self.update_pobjectid(**pobjectid)
-
-        if "start_time" in kwargs and self.objectid.time_observed is None:
-            self.objectid.set_time_observed(kwargs["start_time"])
-
-        if "integrity_level" in kwargs and isinstance(kwargs["integrity_level"], str):
-            kwargs["integrity_level"] = kwargs["integrity_level"].lower()
-
-        # Remove objectid attributes
-        kwargs = {
-            key: value
-            for key, value in kwargs.items()
-            if key not in OBJECTID_KEYS and key not in POBJECTID_KEYS
-        }
-        update_object_items(self, kwargs)
-
-    def set_parent(self, parent: object) -> None:
-        """
-        This method sets the parent details for the process
-        :param parent: The Process object for the parent process
-        :return: None
-        """
-        if parent is None or parent == self:
-            return
-        self.pobjectid = parent.objectid
-        self.pimage: str = parent.image
-        if self.pcommand_line is None:
-            self.pcommand_line: str = parent.command_line
-        self.ppid: int = parent.pid
-
-    def set_start_time(self, start_time: str) -> None:
-        """
-        This method updates the start time for the Process
-        :param start_time: The start time of the Process
-        :return: None
-        """
-        self.start_time = start_time
-
-    def set_end_time(self, end_time: str) -> None:
-        """
-        This method updates the end time for the Process
-        :param end_time: The end time of the Process
-        :return: None
-        """
-        self.end_time = end_time
-
-    def is_guid_a_match(self, guid: str) -> bool:
-        """
-        This method confirms if a given GUID matches the Process object's GUID
-        :param guid: The GUID to requested to confirm a match
-        :return: A boolean flag representing if the GUID matched
-        """
-        try:
-            return self.objectid.guid == f"{{{str(UUID(guid)).upper()}}}"
-        except ValueError:
-            return False
-
-    def set_objectid_tag(self, image: Optional[str]) -> None:
-        """
-        This method normalizes the image path and sets the objectid tag
-        :return: None
-        """
-        if not image:
-            return
-        self.objectid.set_tag(Process.create_objectid_tag(image))
-
-    @staticmethod
-    def create_objectid_tag(image: Optional[str]) -> Optional[str]:
-        """
-        This method normalizes the image path and creates the objectid tag
-        :return: None
-        """
-        if not image:
-            return
-
-        return Process._normalize_path(image)
-
-    def set_pobjectid_tag(self, image: Optional[str]) -> None:
-        """
-        This method normalizes the image path and sets the pobjectid tag
-        :return: None
-        """
-        if not image:
-            return
-        if not self.pobjectid:
-            log.debug("You need to set pobjectid before setting its tag")
-            return
-        self.pobjectid.set_tag(Process._normalize_path(image))
-
-    def update_objectid(self, **kwargs) -> None:
-        """
-        This method updates the process objectid attributes with the given keyword arguments
-        :param kwargs: Key word arguments to be used for updating the process objectid attributes
-        :return: None
-        """
-        if all(value is None for value in kwargs.values()):
-            return
-
-        if kwargs.get("guid"):
-            try:
-                kwargs["guid"] = f"{{{str(UUID(kwargs['guid'])).upper()}}}"
-            except ValueError:
-                log.warning(f"Invalid GUID '{kwargs.pop('guid')}'")
-
-        update_object_items(self.objectid, kwargs)
-
-    def update_pobjectid(self, **kwargs) -> None:
-        """
-        This method updates the process pobjectid attributes with the given keyword arguments
-        :param kwargs: Key word arguments to be used for updating the process pobjectid attributes
-        :return: None
-        """
-        if all(value is None for value in kwargs.values()):
-            return
-
-        if (
-            not self.pobjectid
-            and kwargs.get("tag")
-            and kwargs.get("ontology_id")
-            and kwargs.get("service_name")
-        ):
-            self.pobjectid: ObjectID = ObjectID(
-                kwargs["tag"], kwargs["ontology_id"], kwargs["service_name"]
-            )
-        elif not self.pobjectid:
-            log.debug("You need to set pobjectid or pass its required arguments")
-            return
-
-        if kwargs.get("guid"):
-            try:
-                kwargs["guid"] = f"{{{str(UUID(kwargs['guid'])).upper()}}}"
-            except ValueError:
-                log.warning(f"Invalid GUID {kwargs.pop('guid')}")
-
-        update_object_items(self.pobjectid, kwargs)
-
-    @staticmethod
-    def _determine_arch(path: str) -> str:
-        """
-        This method determines what architecture the operating system was built with where the event took place
-        :param path: The file path of the image associated with an event
-        :return: The architecture of the operating system
-        """
-        # Clear indicators in a file path of the architecture of the operating system
-        if any(item in path for item in ["program files (x86)", "syswow64"]):
-            return X86_64
-        return X86
-
-    @staticmethod
-    def _pattern_substitution(path: str, rule: Dict[str, str]) -> str:
-        """
-        This method applies pattern rules for explicit string substitution
-        :param path: The file path of the image associated with an event
-        :param rule: The rule to be applied, containing a pattern and the replacement value
-        :return: The modified path, if any rules applied
-        """
-        if path.startswith(rule["pattern"]):
-            path = path.replace(rule["pattern"], rule["replacement"])
-        return path
-
-    @staticmethod
-    def _regex_substitution(path: str, rule: Dict[str, str]) -> str:
-        """
-        This method applies a regular expression for implicit string substitution
-        :param path: The file path of the image associated with an event
-        :param rule: The rule to be applied, containing a pattern and the replacement value
-        :return: The modified path, if any rules applied
-        """
-        rule["regex"] = rule["regex"].split("*")
-        rule["regex"] = [escape(e) for e in rule["regex"]]
-        rule["regex"] = "[^\\\\]+".join(rule["regex"])
-        path = sub(rf"{rule['regex']}", rule["replacement"], path)
-        return path
-
-    @staticmethod
-    def _normalize_path(path: str, arch: Optional[str] = None) -> str:
-        """
-        This method determines what rules should be applied based on architecture and the applies the rules to the path
-        :param path: The file path of the image associated with an event
-        :param arch: The architecture of the operating system
-        :return: The modified path, if any rules applied
-        """
-        path = path.lower()
-        if not arch:
-            arch = Process._determine_arch(path)
-
-        # Order here matters
-        rules: List[Dict[str, str]] = []
-        rules.append(
-            {
-                "pattern": SYSTEM_ROOT + ARCH_SPECIFIC_DEFAULTS[arch]["szSys86"],
-                "replacement": "?sys32",
-            }
-        )
-        if arch == X86_64:
-            rules.append(
-                {
-                    "pattern": SYSTEM_ROOT + ARCH_SPECIFIC_DEFAULTS[arch]["szSys64"],
-                    "replacement": "?sys64",
-                }
-            )
-        rules.append(
-            {
-                "pattern": SYSTEM_DRIVE + ARCH_SPECIFIC_DEFAULTS[arch]["szProgFiles86"],
-                "replacement": "?pf86",
-            }
-        )
-        if arch == X86_64:
-            rules.append(
-                {
-                    "pattern": SYSTEM_DRIVE
-                    + ARCH_SPECIFIC_DEFAULTS[arch]["szProgFiles64"],
-                    "replacement": "?pf64",
-                }
-            )
-        rules.append(
-            {"regex": f"{SYSTEM_DRIVE}{SZ_USR_TEMP_PATH}", "replacement": "?usrtmp\\\\"}
-        )
-        rules.append(
-            {"regex": f"{SYSTEM_DRIVE}{SZ_USR_PATH}", "replacement": "?usr\\\\"}
-        )
-        rules.append({"pattern": SYSTEM_ROOT, "replacement": "?win\\"})
-        rules.append({"pattern": SYSTEM_DRIVE, "replacement": "?c\\"})
-        rules.append({"pattern": WINDIR_ENV_VARIABLE, "replacement": "?win"})
-        rules.append({"pattern": SAMPLEPATH_ENV_VARIABLE, "replacement": "?usrtmp"})
-        for rule in rules:
-            if "pattern" in rule:
-                path = Process._pattern_substitution(path, rule)
-            if "regex" in rule:
-                path = Process._regex_substitution(path, rule)
-        return path
-
-
-class NetworkDNS:
-    def __init__(
-        self,
-        domain: str,
-        resolved_ips: List[str],
-        lookup_type: str,
-    ) -> None:
-        """
-        Details for a DNS request
-        :param domain: The domain requested
-        :param resolved_ips: A list of IPs that were resolved
-        :param lookup_type: The type of DNS request
-        :return: None
-        """
-        set_required_argument(self, "domain", domain, str)
-        set_required_argument(self, "resolved_ips", resolved_ips, List)
-        set_required_argument(self, "lookup_type", lookup_type, str)
-
-    def as_primitives(self) -> Dict[str, Any]:
-        """
-        This method returns the dictionary representation of the object
-        :return: The dictionary representation of the object
-        """
-        return {key: value for key, value in self.__dict__.items()}
-
-
-class NetworkHTTP:
-    def __init__(
-        self,
-        request_uri: str,
-        request_method: str,
-        request_headers: Optional[Dict[str, str]] = None,
-        response_headers: Optional[Dict[str, str]] = None,
-        request_body: Optional[str] = None,
-        response_status_code: Optional[int] = None,
-        response_body: Optional[str] = None,
-        request_body_path: Optional[str] = None,
-        response_body_path: Optional[str] = None,
-    ) -> None:
-        """
-        Details for an HTTP request
-        :param request_uri: The URI requested
-        :param request_method: The method of the request
-        :param request_headers: Headers included in the request
-        :param response_headers: The headers of the response
-        :param request_body: The body of the request
-        :param response_status_code: The status code of the response
-        :param response_body: The body of the response
-        :param request_body_path: The path to the file containing the request body
-        :param response_body_path: The path to the file containing the response body
-        :return: None
-        """
-        set_required_argument(self, "request_uri", request_uri, str)
-        set_required_argument(self, "request_method", request_method, str)
-
-        set_optional_argument(self, "request_headers", request_headers, Dict)
-        if not self.request_headers:
-            self.request_headers: Dict[str, str] = {}
-
-        set_optional_argument(self, "response_headers", response_headers, Dict)
-        if not self.response_headers:
-            self.response_headers: Dict[str, str] = {}
-
-        set_optional_argument(self, "request_body", request_body, str)
-        set_optional_argument(self, "response_status_code", response_status_code, int)
-        set_optional_argument(self, "response_body", response_body, str)
-        set_optional_argument(self, "request_body_path", request_body_path, str)
-        set_optional_argument(self, "response_body_path", response_body_path, str)
-
-    def update(self, **kwargs) -> None:
-        """
-        This method updates networkhttp attributes with the given keyword arguments
-        :param kwargs: Key word arguments to be used for updating the networkhttp attributes
-        :return: None
-        """
-        if all(value is None for value in kwargs.values()):
-            return
-        update_object_items(self, kwargs)
-
-    def as_primitives(self) -> Dict[str, Any]:
-        """
-        This method returns the dictionary representation of the object
-        :return: The dictionary representation of the object
-        """
-        return {
-            key: value
-            for key, value in self.__dict__.items()
-            if key not in ["request_body_path", "response_body_path"]
-        }
-
-
-class NetworkConnection:
-    OUTBOUND = "outbound"
-    INBOUND = "inbound"
-    UNKNOWN = "unknown"
-    DIRECTIONS = [OUTBOUND, INBOUND, UNKNOWN]
-    TCP = "tcp"
-    UDP = "udp"
-    TRANSPORT_LAYER_PROTOCOL = [TCP, UDP]
-    HTTP = "http"
-    DNS = "dns"
-    CONNECTION_TYPES = [HTTP, DNS]
-
-    def __init__(
-        self,
-        objectid: ObjectID,
-        destination_ip: str,
-        destination_port: int,
-        transport_layer_protocol: str,
-        direction: str,
-        process: Optional[Process] = None,
-        source_ip: Optional[str] = None,
-        source_port: Optional[int] = None,
-        http_details: Optional[NetworkHTTP] = None,
-        dns_details: Optional[NetworkDNS] = None,
-        connection_type: Optional[str] = None,
-    ) -> None:
-        """
-        Details for a low-level network connection by IP
-        :param objectid: The object ID of the network object
-        :param destination_ip: The destination IP of the connection
-        :param destination_port: The destination port of the connection
-        :param transport_layer_protocol: The transport layer protocol of the connection
-        :param direction: The direction of the network connection
-        :param process: The process that spawned the network connection
-        :param source_ip: The source IP of the connection
-        :param source_port: The source port of the connection
-        :param http_details: HTTP-specific details of request
-        :param dns_details: DNS-specific details of request
-        :param connection_type: Type of connection being made
-        :return: None
-        """
-        if transport_layer_protocol not in self.TRANSPORT_LAYER_PROTOCOL:
-            raise ValueError(
-                f"Invalid transport layer protocol: {transport_layer_protocol}"
-            )
-
-        if direction not in self.DIRECTIONS:
-            raise ValueError(f"Invalid direction: {direction}")
-
-        set_required_argument(self, "objectid", objectid, ObjectID)
-        set_required_argument(self, "destination_ip", destination_ip, str)
-        set_required_argument(self, "destination_port", destination_port, int)
-        set_required_argument(
-            self, "transport_layer_protocol", transport_layer_protocol, str
-        )
-        set_required_argument(self, "direction", direction, str)
-
-        set_optional_argument(self, "process", process, Process)
-        set_optional_argument(self, "source_ip", source_ip, str)
-        set_optional_argument(self, "source_port", source_port, int)
-        set_optional_argument(self, "http_details", http_details, NetworkHTTP)
-        set_optional_argument(self, "dns_details", dns_details, NetworkDNS)
-        if self.http_details and self.dns_details:
-            raise ValueError(
-                "A network connection cannot be associated to both a DNS and an HTTP call."
-            )
-        set_optional_argument(self, "connection_type", connection_type, str)
-        if self.connection_type:
-            if self.connection_type not in self.CONNECTION_TYPES:
-                raise ValueError(
-                    f"Connection type {self.connection_type} must be one of {self.CONNECTION_TYPES}"
-                )
-            elif self.connection_type == self.HTTP and self.http_details is None:
-                raise ValueError(
-                    f"Connection type is {self.HTTP} but {self.HTTP}_details is None"
-                )
-            elif self.connection_type == self.DNS and self.dns_details is None:
-                raise ValueError(
-                    f"Connection type is {self.DNS} but {self.DNS}_details is None"
-                )
-        else:
-            if self.http_details or self.dns_details:
-                raise ValueError("Specify the connection type")
-
-    def update_objectid(self, **kwargs) -> None:
-        """
-        This method updates the network connection objectid attributes with the given keyword arguments
-        :param kwargs: Key word arguments to be used for updating the network connection objectid attributes
-        :return: None
-        """
-        if all(value is None for value in kwargs.values()):
-            return
-        update_object_items(self.objectid, kwargs)
-
-    def update(self, **kwargs) -> None:
-        """
-        This method updates attributes with the given keyword arguments
-        :param kwargs: Key word arguments to be used for updating attributes
-        :return: None
-        """
-        if all(value is None for value in kwargs.values()):
-            return
-
-        if "objectid" in kwargs:
-            objectid = kwargs.pop("objectid")
-            if objectid and isinstance(objectid, ObjectID):
-                self.update_objectid(**objectid.as_primitives())
-            elif objectid and isinstance(objectid, Dict):
-                self.update_objectid(**objectid)
-        else:
-            # Get the objectid attributes out
-            objectid_kwargs = {
-                key: value for key, value in kwargs.items() if key in OBJECTID_KEYS
-            }
-            self.update_objectid(**objectid_kwargs)
-
-        if "process" in kwargs:
-            process = kwargs.pop("process")
-            if process:
-                if isinstance(process, Process):
-                    self.set_process(process)
-                elif isinstance(process, Dict):
-                    self.update_process(**process)
-
-        # Remove objectid attributes
-        kwargs = {
-            key: value for key, value in kwargs.items() if key not in OBJECTID_KEYS
-        }
-        update_object_items(self, kwargs)
-
-    def update_process(self, **kwargs) -> None:
-        """
-        This method updates the process object attribute with the given keyword arguments
-        :param kwargs: Key word arguments to be used for updating the process object attribute
-        :return: None
-        """
-        if (
-            not self.process
-            and kwargs.get("objectid")
-            and kwargs.get("image")
-            and kwargs.get("start_time")
-        ):
-            self.process: Process = Process(
-                kwargs["objectid"], kwargs["image"], kwargs["start_time"]
-            )
-        elif not self.process:
-            log.debug("You need to set process or pass its required arguments")
-            return
-        self.process.update(**kwargs)
-
-    def update_process_objectid(self, **kwargs) -> None:
-        """
-        This method updates the process ObjectID with the given keyword arguments
-        :param kwargs: Key word arguments to be used for updating the process object attribute
-        :return: None
-        """
-        if not self.process:
-            raise ValueError(
-                "Process must be set before you can update the process ObjectID"
-            )
-        self.process.update_objectid(**kwargs)
-
-    def set_process(self, process: Process) -> None:
-        """
-        This method sets the process object attribute to the given process
-        :param process: The given process object
-        :return: None
-        """
-        self.process = process
-
-    @staticmethod
-    def create_tag(
-        destination_ip: Optional[str] = None,
-        destination_port: Optional[int] = None,
-        domain: Optional[str] = None,
-        direction: Optional[str] = None,
-    ) -> Optional[str]:
-        """
-        This method creates the tag object for a network connection
-        :param destination_ip: The destination IP of the connection
-        :param destination_port: The destination port of the connection
-        :param domain: The domain associated with the destination IP used in this network connection
-        :param direction: The direction of the network connection
-        :return: The created tag, if any
-        """
-        if not domain and destination_ip is None:
-            log.debug(
-                "Cannot set tag for network connection. Requires either domain or destination IP..."
-            )
-            return
-        if destination_port is None:
-            log.debug(
-                "Cannot set tag for network connection. Requires destination port..."
-            )
-            return
-
-        if domain and direction == NetworkConnection.OUTBOUND:
-            return f"{domain}:{destination_port}"
-        # If no domain or if direction is inbound/unknown
-        else:
-            return f"{destination_ip}:{destination_port}"
-
-    def as_primitives(self) -> Dict[str, Any]:
-        """
-        This method returns the dictionary representation of the object
-        :return: The dictionary representation of the object
-        """
-        return {
-            key: value
-            if (
-                not isinstance(value, Process)
-                and not isinstance(value, ObjectID)
-                and not isinstance(value, NetworkDNS)
-                and not isinstance(value, NetworkHTTP)
-            )
-            else value.as_primitives()
-            for key, value in self.__dict__.items()
-        }
-
-
-class Attribute:
-
-    actions = [
-        "clipboard_capture",
-        "create_remote_thread",
-        "create_stream_hash",
-        "dns_query",
-        "driver_loaded",
-        "file_change",
-        "file_creation",
-        "file_delete",
-        "image_loaded",
-        "network_connection",
-        "network_connection_linux",
-        "pipe_created",
-        "process_access",
-        "process_creation",
-        "process_creation_linux",
-        "process_tampering",
-        "process_terminated",
-        "raw_access_thread",
-        "registry_add",
-        "registry_delete",
-        "registry_event",
-        "registry_rename",
-        "registry_set",
-        "sysmon_error",
-        "sysmon_status",
-        "wmi_event",
-    ]
-
-    def __init__(
-        self,
-        source: ObjectID,
-        target: Optional[ObjectID] = None,
-        action: Optional[str] = None,
-        meta: Optional[str] = None,
-        event_record_id: Optional[str] = None,
-        domain: Optional[str] = None,
-        uri: Optional[str] = None,
-        file_hash: Optional[str] = None,
-    ) -> None:
-        """
-        Attribute relating to the signature that was raised during the analysis of the task
-        :param source: Object that the rule triggered on
-        :param target: Object targetted by source object
-        :param action: The relation between the source and target
-        :param meta: Metadata about the detection
-        :param event_record_id: Event Record ID (Event Logs)
-        :param domain: Domain
-        :param uri: URI
-        :param file_hash: SHA256 of file
-        :return: None
-        """
-        set_required_argument(self, "source", source, ObjectID)
-        set_optional_argument(self, "target", target, ObjectID)
-
-        set_optional_argument(self, "action", action, str)
-        if self.action and self.action not in self.actions:
-            raise ValueError(
-                f"The action {self.action} is not in the list of valid actions"
-            )
-
-        set_optional_argument(self, "meta", meta, str)
-        set_optional_argument(self, "event_record_id", event_record_id, str)
-        set_optional_argument(self, "domain", domain, str)
-        set_optional_argument(self, "uri", uri, str)
-        set_optional_argument(self, "file_hash", file_hash, str)
-
-    def update(self, **kwargs) -> None:
-        """
-        This method updates the attribute object with the given keyword arguments
-        :param kwargs: Key word arguments to be used for updating the attribute object
-        :return: None
-        """
-        update_object_items(self, kwargs)
-
-    def as_primitives(self) -> Dict[str, Any]:
-        """
-        This method returns the dictionary representation of the object
-        :return: The dictionary representation of the object
-        """
-        return {
-            key: value if not isinstance(value, ObjectID) else value.as_primitives()
-            for key, value in self.__dict__.items()
-        }
-
-
-class Signature:
-    types = ["CUCKOO", "YARA", "SIGMA", "SURICATA"]
-
-    def __init__(
-        self,
-        objectid: ObjectID,
-        name: str,
-        type: str,
-        attributes: Optional[List[Attribute]] = None,
-        attacks: Optional[List[Dict[str, Any]]] = None,
-        actors: Optional[List[str]] = None,
-        malware_families: Optional[List[str]] = None,
-        score: Optional[int] = None,
-    ) -> None:
-        """
-        A signature that was raised during the analysis of the task
-        :param objectid: The object ID of the signature object
-        :param name: The name of the signature
-        :param type: Type of signature
-        :param attributes: Attributes about the signature
-        :param attacks: A list of ATT&CK patterns and categories of the signature
-        :param actors: List of actors of the signature
-        :param malware_families: List of malware families of the signature
-        :param score: Score of the signature
-        :return: None
-        """
-        set_required_argument(self, "objectid", objectid, ObjectID)
-        set_required_argument(self, "name", name, str)
-        set_required_argument(self, "type", type, str)
-        if self.type not in self.types:
-            raise ValueError(f"The type {self.type} is not a valid type")
-
-        set_optional_argument(self, "attributes", attributes, List)
-        if not self.attributes:
-            self.attributes: List[Attribute] = []
-
-        set_optional_argument(self, "attacks", attacks, List)
-        if not self.attacks:
-            self.attacks: List[Dict[str, Any]] = []
-
-        set_optional_argument(self, "actors", actors, List)
-        if not self.actors:
-            self.actors: List[str] = []
-
-        set_optional_argument(self, "malware_families", malware_families, List)
-        if not self.malware_families:
-            self.malware_families: List[str] = []
-
-        set_optional_argument(self, "score", score, int)
-
-    def update(self, **kwargs) -> None:
-        """
-        This method updates the signature object with the given keyword arguments
-        :param kwargs: Key word arguments to be used for updating the signature object
-        :return: None
-        """
-        update_object_items(self, kwargs)
-
-    def add_attack_id(self, attack_id: str) -> None:
-        """
-        This method adds an Att&ck ID to the signature's list of Att&ck IDs
-        :param attack_id: The Att&ck ID to add
-        :return: None
-        """
-        attack_item = None
-        attack_id = revoke_map.get(attack_id, attack_id)
-        current_attack_ids = [a["attack_id"] for a in self.attacks]
-        if attack_id in current_attack_ids:
-            return
-
-        if attack_id in attack_map:
-            attack_item = dict(
-                attack_id=attack_id,
-                pattern=attack_map[attack_id]["name"],
-                categories=attack_map[attack_id]["categories"],
-            )
-        elif attack_id in software_map:
-            attack_item = dict(
-                attack_id=attack_id,
-                pattern=software_map[attack_id].get("name", attack_id),
-                categories=["software"],
-            )
-        elif attack_id in group_map:
-            attack_item = dict(
-                attack_id=attack_id,
-                pattern=group_map[attack_id].get("name", attack_id),
-                categories=["group"],
-            )
-
-        if attack_item:
-            self.attacks.append(attack_item)
-        else:
-            log.warning(f"Could not generate Att&ck output for ID: {attack_id}")
-
-    @staticmethod
-    def create_attribute(**kwargs) -> Optional[Attribute]:
-        """
-        This method creates an Attribute, assigns its attributes based on keyword arguments provided,
-        and returns the Attribute
-        :param kwargs: Key word arguments to be used for updating the Attribute's attributes
-        :return: Attribute object
-        """
-        # We want to perform this backend check for Attribute kwargs since they have a high degree of variability
-        if all(value is None for value in kwargs.values()):
-            return
-
-        if not kwargs.get("source"):
-            raise ValueError("The attribute needs its required arguments")
-        elif not isinstance(kwargs["source"], ObjectID):
-            raise ValueError("source is not an ObjectID")
-
-        attribute = Attribute(source=kwargs["source"])
-        update_object_items(attribute, kwargs)
-        return attribute
-
-    def add_attribute(self, attribute: Attribute) -> None:
-        """
-        This method adds an attribute to the list of attributes for the signature.
-        :param attribute: The attribute to be added
-        :return: None
-        """
-        if any(
-            attribute.as_primitives() == added_attribute.as_primitives()
-            for added_attribute in self.attributes
-        ):
-            return
-
-        self.attributes.append(attribute)
-
-    def get_attributes(self) -> List[Attribute]:
-        """
-        This method returns the attributes associated with the signature
-        :return: The list of attributes associated with the signature
-        """
-        return self.attributes
-
-    def set_score(self, score: int) -> None:
-        """
-        This method sets the signature score
-        :param score: The score to set
-        :return: None
-        """
-        self.score: int = score
-
-    def set_malware_families(self, malware_families: List[str]) -> None:
-        """
-        This method sets the signature malware families
-        :param malware_families: The malware families to set
-        :return: None
-        """
-        self.malware_families: List[str] = (
-            malware_families
-            if isinstance(malware_families, List)
-            and all(
-                isinstance(malware_family, str) for malware_family in malware_families
-            )
-            else []
-        )
-
-    def as_primitives(self) -> Dict[str, Any]:
-        """
-        This method returns the dictionary representation of the object
-        :return: The dictionary representation of the object
-        """
-
-        return {
-            "objectid": self.objectid.as_primitives(),
-            "name": self.name,
-            "type": self.type,
-            "attributes": [attribute.as_primitives() for attribute in self.attributes],
-            "attacks": self.attacks,
-            "actors": self.actors,
-            "malware_families": self.malware_families,
-        }
-
-
-class Sandbox:
-    class AnalysisMetadata:
-        class MachineMetadata:
-            def __init__(
-                self,
-                ip: Optional[str] = None,
-                hypervisor: Optional[str] = None,
-                hostname: Optional[str] = None,
-                platform: Optional[str] = None,
-                version: Optional[str] = None,
-                architecture: Optional[str] = None,
-            ) -> None:
-                """
-                The metadata regarding the machine where the analysis took place
-                :param ip: The IP of the machine used for analysis
-                :param hypervisor: The hypervisor of the machine used for analysis
-                :param hostname: The name of the machine used for analysis
-                :param platform: The platform of the machine used for analysis
-                :param version: The version of the operating system of the machine used for analysis
-                :param architecture: The architecture of the machine used for analysis
-                """
-                set_optional_argument(self, "ip", ip, str)
-                set_optional_argument(self, "hypervisor", hypervisor, str)
-                set_optional_argument(self, "hostname", hostname, str)
-                set_optional_argument(self, "platform", platform, str)
-                set_optional_argument(self, "version", version, str)
-                set_optional_argument(self, "architecture", architecture, str)
-
-            def as_primitives(self) -> Dict[str, Any]:
-                """
-                This method returns the dictionary representation of the object
-                :return: The dictionary representation of the object
-                """
-                return {key: value for key, value in self.__dict__.items()}
-
-            def load_from_json(self, json: Dict[str, Any]) -> None:
-                """
-                This method takes a given json and sets the corresponding attributes to those values
-                :param json: The the given json representation of the machine metadata
-                :return: None
-                """
-                self.ip = json["ip"]
-                self.hypervisor = json["hypervisor"]
-                self.hostname = json["hostname"]
-                self.platform = json["platform"]
-                self.version = json["version"]
-                self.architecture = json["architecture"]
-
-        def __init__(
-            self,
-            start_time: Optional[str] = None,
-            task_id: Optional[int] = None,
-            end_time: Optional[str] = None,
-            routing: Optional[str] = None,
-            machine_metadata: Optional[MachineMetadata] = None,
-        ) -> None:
-            """
-            The metadata of the analysis, per analysis
-            :param start_time: The start time of the analysis
-            :param task_id: The ID used for identifying the analysis task
-            :param end_time: The end time of the analysis
-            :param routing: The routing used in the sandbox setup (Spoofed, Internet, Tor, VPN)
-            :param machine_metadata: The metadata of the analysis
-            """
-            set_optional_argument(self, "start_time", start_time, str)
-            if not self.start_time:
-                self.start_time: str = MIN_TIME
-
-            set_optional_argument(self, "task_id", task_id, int)
-
-            set_optional_argument(self, "end_time", end_time, str)
-            if not self.end_time:
-                self.end_time: str = MAX_TIME
-
-            set_optional_argument(self, "routing", routing, str)
-            set_optional_argument(
-                self, "machine_metadata", machine_metadata, self.MachineMetadata
-            )
-
-        def as_primitives(self) -> Dict[str, Any]:
-            """
-            This method returns the dictionary representation of the object
-            :return: The dictionary representation of the object
-            """
-            return {
-                key: value
-                if not isinstance(value, self.MachineMetadata)
-                else value.as_primitives()
-                for key, value in self.__dict__.items()
-            }
-
-        def load_from_json(self, json: Dict[str, Any]) -> None:
-            """
-            This method takes a given json and sets the corresponding attributes to those values
-            :param json: The the given json representation of the analysis metadata
-            :return: None
-            """
-            self.task_id = json["task_id"]
-            self.start_time = json["start_time"]
-            self.end_time = json["end_time"]
-            self.routing = json["routing"]
-            self.machine_metadata = self.MachineMetadata()
-            self.machine_metadata.load_from_json(json["machine_metadata"])
-
-    def __init__(
-        self,
-        objectid: ObjectID,
-        analysis_metadata: AnalysisMetadata,
-        sandbox_name: str,
-        sandbox_version: Optional[str] = None,
-    ) -> None:
-        """
-        The result ontology for sandbox output
-        :param objectid: The object ID of the sandbox object
-        :param analysis_metadata: Metadata for the analysis
-        :param sandbox_name: The name of the sandbox
-        :param sandbox_version: The version of the sandbox
-        :return: None
-        """
-        set_required_argument(self, "objectid", objectid, ObjectID)
-        set_required_argument(
-            self, "analysis_metadata", analysis_metadata, self.AnalysisMetadata
-        )
-        set_required_argument(self, "sandbox_name", sandbox_name, str)
-        set_optional_argument(self, "sandbox_version", sandbox_version, str)
-
-    def update_analysis_metadata(self, **kwargs) -> None:
-        """
-        This method updates the analysis_metadata object attribute with the given keyword arguments
-        :param kwargs: Key word arguments to be used for updating the analysis_metadata object attribute
-        :return: None
-        """
-        update_object_items(self.analysis_metadata, kwargs)
-
-    def update_machine_metadata(self, **kwargs) -> None:
-        """
-        This method updates the machine_metadata object attribute with the given keyword arguments
-        :param kwargs: Key word arguments to be used for updating the machine_metadata object attribute
-        :return: None
-        """
-        if not self.analysis_metadata.machine_metadata:
-            self.analysis_metadata.machine_metadata = (
-                self.AnalysisMetadata.MachineMetadata()
-            )
-        update_object_items(self.analysis_metadata.machine_metadata, kwargs)
-
-    def as_primitives(self) -> Dict[str, Any]:
-        """
-        This method returns the dictionary representation of the object
-        :return: The dictionary representation of the object
-        """
-        return {
-            "objectid": self.objectid.as_primitives(),
-            "analysis_metadata": self.analysis_metadata.as_primitives(),
-            "sandbox_name": self.sandbox_name,
-            "sandbox_version": self.sandbox_version,
-        }
-
-
-class OntologyResults:
-    def __init__(self, service_name: Optional[str] = None) -> None:
-        """
-        The OntologyResults class object which will contain and manipulate all data
-        relating to the ontology results
-        :param service_name: The name of the service this ontology result is being generated for
-        :return: None
-        """
-        global SERVICE_NAME
-        SERVICE_NAME = service_name
-
-        self.netflows: List[NetworkConnection] = []
-        self.dns_netflows: List[NetworkDNS] = []
-        self.http_netflows: List[NetworkHTTP] = []
-        self.processes: List[Process] = []
-        self.sandboxes: List[Sandbox] = []
-        self.signatures: List[Signature] = []
-        self._guid_process_map: Dict[str, Process] = {}
-        self.service_name = SERVICE_NAME
-
-    # ObjectID manipulation methods
-    @staticmethod
-    def create_objectid(**kwargs) -> ObjectID:
-        """
-        This method creates an ObjectID, assigns its attributes based on keyword arguments provided,
-        and returns the ObjectID
-        :param kwargs: Key word arguments to be used for updating the ObjectID's attributes
-        :return: ObjectID object
-        """
-        if not (kwargs.get("tag") and kwargs.get("ontology_id")):
-            raise ValueError("The objectid needs its required arguments")
-        objectid = ObjectID(
-            kwargs["tag"], kwargs["ontology_id"], kwargs.get("service_name")
-        )
-        # Ensure that is time_observed is passed in and has a value, that that value is a str
-        if "time_observed" in kwargs and kwargs["time_observed"] is not None and not isinstance(kwargs["time_observed"], str):
-            raise ValueError("time_observed must be a str")
-        # Ensure that time_observed is of a certain format
-        elif "time_observed" in kwargs and kwargs["time_observed"] is not None and isinstance(kwargs["time_observed"], str):
-            kwargs["time_observed"] = str(datetime.strptime(kwargs["time_observed"], LOCAL_FMT))
-        update_object_items(objectid, kwargs)
-        return objectid
-
-    @staticmethod
-    def create_session() -> str:
-        """
-        This method creates a random session ID, and a session ID == totally unique value separate from Sandbox Ontology ID
-        :return: The session ID
-        """
-        return get_random_id()
-
-    # Sandbox manipulation methods
-    def set_sandboxes(self, sandboxes: List[Sandbox]) -> None:
-        """
-        This method sets the Sandbox objects
-        :param sandboxes: The sandboxes to set
-        :return: None
-        """
-        self.sandboxes = (
-            sandboxes
-            if isinstance(sandboxes, List)
-            and all(isinstance(sandbox, Sandbox) for sandbox in sandboxes)
-            else []
-        )
-
-    def add_sandbox(self, sandbox: Sandbox) -> None:
-        """
-        This method adds a Sandbox object to the list of sandboxes
-        :param sandbox: The sandbox to add
-        :return: None
-        """
-        self.sandboxes.append(sandbox)
-
-    @staticmethod
-    def create_sandbox(**kwargs) -> Sandbox:
-        """
-        This method creates a Sandbox object, assigns its attributes based on keyword arguments provided,
-        and returns the Sandbox object
-        :param kwargs: Key word arguments to be used for updating the Sandbox object's attributes
-        :return: Sandbox object
-        """
-        if not (kwargs.get("objectid") and kwargs.get("sandbox_name")):
-            raise ValueError("The sandbox needs its required arguments")
-        sandbox = Sandbox(
-            kwargs["objectid"], Sandbox.AnalysisMetadata(), kwargs["sandbox_name"]
-        )
-
-        update_object_items(sandbox, kwargs)
-        if kwargs.get("analysis_metadata"):
-            sandbox.update_analysis_metadata(
-                **kwargs["analysis_metadata"].as_primitives()
-            )
-        return sandbox
-
-    def get_sandbox_by_session(self, session: str) -> Optional[Sandbox]:
-        """
-        This method returns a Sandbox object that matches the given session
-        :param session: The session that we are looking for sandboxes that match
-        :return: A Sandbox object, if it exists
-        """
-        return next(
-            (
-                sandbox
-                for sandbox in self.sandboxes
-                if sandbox.objectid.session == session
-            ),
-            None,
-        )
-
-    def get_sandboxes(self) -> List[Sandbox]:
-        """
-        This method is a getter for the sandboxes attribute
-        :return: The value of the sandboxes attribute
-        """
-        return self.sandboxes
-
-    # Signature manipulation methods
-    def set_signatures(self, signatures: List[Signature]) -> None:
-        """
-        This method sets the Signature objects
-        :param signatures: The signatures to set
-        :return: None
-        """
-        self.signatures = (
-            signatures
-            if isinstance(signatures, List)
-            and all(isinstance(signature, Signature) for signature in signatures)
-            else []
-        )
-
-    def create_signature(self, **kwargs) -> Signature:
-        """
-        This method creates a Signature object, assigns its attributes based on keyword arguments provided,
-        and returns the Signature object
-        :param kwargs: Key word arguments to be used for updating the Signature object's attributes
-        :return: Signature object
-        """
-        if not (kwargs.get("objectid") and kwargs.get("name") and kwargs.get("type")):
-            raise ValueError("The signature needs its required arguments")
-        signature = Signature(kwargs["objectid"], kwargs["name"], kwargs["type"])
-        if "description" in kwargs:
-            kwargs["description"] = kwargs["description"].lower()
-        update_object_items(signature, kwargs)
-        return signature
-
-    def add_signature(self, signature: Signature) -> None:
-        """
-        This method adds a Signature object to the list of signatures
-        :param signature: The Signature object to be added
-        :return: None
-        """
-        self.signatures.append(signature)
-
-    def get_signatures(self) -> List[Signature]:
-        """
-        This method is a getter for the signatures attribute
-        :return: The value of the signatures attribute
-        """
-        return self.signatures
-
-    def get_signatures_by_pid(self, pid: int) -> List[Signature]:
-        """
-        This method allows the retrieval of signatures that match a certain process ID
-        :param pid: The process ID
-        :return: A list of signatures that match the process pid
-        """
-        signatures_with_pid: List[Signature] = []
-        processes_with_pid = [
-            process for process in self.processes if process.pid == pid
-        ]
-        for signature in self.signatures:
-            for attribute in signature.attributes:
-                if attribute.source.guid:
-                    if any(
-                        attribute.source.guid == process.objectid.guid
-                        for process in processes_with_pid
-                    ):
-                        signatures_with_pid.append(signature)
-                elif any(
-                    attribute.source.ontology_id == process.objectid.ontology_id
-                    for process in processes_with_pid
-                ):
-                    signatures_with_pid.append(signature)
-
-        return signatures_with_pid
-
-    @staticmethod
-    def create_attribute(**kwargs) -> Attribute:
-        """
-        This method creates an Attribute, assigns its attributes based on keyword arguments provided,
-        and returns the Attribute
-        :param kwargs: Key word arguments to be used for updating the Attribute's attributes
-        :return: Attribute object
-        """
-        return Signature.create_attribute(**kwargs)
-
-    # NetworkConnection manipulation methods
-    def set_netflows(self, network_connections: List[NetworkConnection]) -> None:
-        """
-        This method sets the NetworkConnection objects. Note that a netflow == NetworkConnection
-        :param network_connections: The NetworkConnections to set
-        :return: None
-        """
-        self.netflows: List[NetworkConnection] = (
-            network_connections
-            if isinstance(network_connections, List)
-            and all(
-                isinstance(network_connection, NetworkConnection)
-                for network_connection in network_connections
-            )
-            else []
-        )
-
-    def create_network_connection(self, **kwargs) -> NetworkConnection:
-        """
-        This method creates a NetworkConnection object, assigns its attributes based on keyword arguments provided,
-        and returns the NetworkConnection object
-        :param kwargs: Key word arguments to be used for updating the NetworkConnection object's attributes
-        :return: NetworkConnection object
-        """
-        if not (
-            kwargs.get("objectid")
-            and kwargs.get("destination_ip")
-            and kwargs.get("destination_port")
-            and kwargs.get("transport_layer_protocol")
-            and kwargs.get("direction")
-        ):
-            raise ValueError("The network connection needs its required arguments")
-
-        network_connection = NetworkConnection(
-            kwargs["objectid"],
-            kwargs["destination_ip"],
-            kwargs["destination_port"],
-            kwargs["transport_layer_protocol"],
-            kwargs["direction"],
-        )
-        network_connection.update(**kwargs)
-        return network_connection
-
-    def add_network_connection(self, network_connection: NetworkConnection) -> None:
-        """
-        This method adds a NetworkConnection object to the list of network connections
-        :param network_connection: The NetworkConnection object to be added
-        :return: None
-        """
-        # Check if network_connection.process needs linking
-        if network_connection.process:
-            if network_connection.process.objectid.guid:
-                guid = network_connection.process.objectid.guid
-            else:
-                guid = self.get_guid_by_pid_and_time(
-                    network_connection.process.pid,
-                    network_connection.process.start_time,
-                )
-            process_to_point_to = self.get_process_by_guid(guid)
-            # If we cannot link a process to this network connection, then don't include the process
-            network_connection.set_process(process_to_point_to)
-
-        self.netflows.append(network_connection)
-
-    def get_network_connections(self) -> List[NetworkConnection]:
-        """
-        This method returns the network connections
-        :return: The list of network connections
-        """
-        return self.netflows
-
-    def get_network_connection_by_pid(self, pid: int) -> List[NetworkConnection]:
-        """
-        This method allows the retrieval of network connections that match a certain process ID
-        :param pid: The process ID
-        :return: A list of signatures that match the process pid
-        """
-        return [
-            network_connection
-            for network_connection in self.get_network_connections()
-            if getattr(network_connection.process, "pid", None) == pid
-        ]
-
-    def get_network_connection_by_guid(
-        self, guid: Optional[str]
-    ) -> Optional[NetworkConnection]:
-        """
-        This method takes a given GUID and returns the associated network connection
-        :param guid: The given GUID that we want an associated network connection for
-        :return: The associated network connection
-        """
-        if guid is None:
-            return None
-
-        network_connections_with_guid = [
-            network_connection
-            for network_connection in self.get_network_connections()
-            if network_connection.objectid.guid == guid
-        ]
-
-        if not network_connections_with_guid:
-            return None
-        else:
-            return network_connections_with_guid[0]
-
-    def get_network_connection_by_details(
-        self,
-        destination_ip: str,
-        destination_port: int,
-        direction: str,
-        transport_layer_protocol: str,
-    ) -> NetworkConnection:
-        """
-        This method finds an existing network connection based on specific details
-        NOTE: This isn't going to be the most exact method ever since it does not account for source IPs and ports
-        :param destination_ip: The destination IP of the network connection
-        :param destination_port: The destination port of the network connection
-        :param direction: The direction of the network connection
-        :param transport_layer_protocol: The transport layer protocol of the connection
-        :return: The matching network connection, if it exists
-        """
-        # All or nothing!
-        if any(
-            item is None
-            for item in [
-                destination_ip,
-                destination_port,
-                direction,
-                transport_layer_protocol,
-            ]
-        ):
-            return None
-
-        # Due to the way INetSim traffic can be handled, let's check for
-        # network connections that are both HTTP and HTTPS
-        if destination_port == 80:
-            destination_ports = [80, 443]
-        else:
-            destination_ports = [destination_port]
-
-        for network_connection in self.get_network_connections():
-            if (
-                network_connection.destination_ip == destination_ip
-                and network_connection.destination_port in destination_ports
-                and network_connection.direction == direction
-                and network_connection.transport_layer_protocol
-                == transport_layer_protocol
-            ):
-                return network_connection
-        return None
-
-    # NetworkDNS manipulation methods
-    def set_dns_netflows(self, network_dns: List[NetworkDNS]) -> None:
-        """
-        This method sets the NetworkDNS objects. Note that a dns_netflow == NetworkDNS
-        :param network_dnss: The NetworkDNS to set
-        :return: None
-        """
-        self.dns_netflows: List[NetworkDNS] = (
-            network_dns
-            if isinstance(network_dns, List)
-            and all(isinstance(dns, NetworkDNS) for dns in network_dns)
-            else []
-        )
-
-    def create_network_dns(self, **kwargs) -> NetworkDNS:
-        """
-        This method creates a NetworkDNS object, assigns its attributes based on keyword arguments provided,
-        and returns the NetworkDNS object
-        :param kwargs: Key word arguments to be used for updating the NetworkDNS object's attributes
-        :return: NetworkDNS object
-        """
-        if not (
-            kwargs.get("domain")
-            and kwargs.get("resolved_ips") is not None
-            and kwargs.get("lookup_type")
-        ):
-            raise ValueError("The network dns connection needs its required arguments")
-        network_dns = NetworkDNS(
-            kwargs["domain"], kwargs["resolved_ips"], kwargs["lookup_type"]
-        )
-        update_object_items(network_dns, kwargs)
-        return network_dns
-
-    def add_network_dns(self, dns: NetworkDNS) -> None:
-        """
-        This method adds a NetworkDNS object to the list of network DNS calls
-        :param dns: The NetworkDNS object to be added
-        :return: None
-        """
-        self.dns_netflows.append(dns)
-
-    def get_network_dns(self) -> List[NetworkDNS]:
-        """
-        This method returns the network dns
-        :return: The list of network dns
-        """
-        return self.dns_netflows
-
-    def get_domain_by_destination_ip(self, ip: str) -> Optional[str]:
-        """
-        This method returns domains associated with a given destination IP
-        :param ip: The IP for which an associated domain is requested
-        :return: The domain associated with the given destination IP
-        """
-        domains = [dns.domain for dns in self.dns_netflows if ip in dns.resolved_ips]
-        if domains:
-            return domains[0]
-        else:
-            return None
-
-    def get_destination_ip_by_domain(self, domain: str) -> Optional[str]:
-        """
-        This method returns a destination ip associated with a given domain
-        :param domain: The domain for which an associated IP is requested
-        :return: The IP associated with the given domain
-        """
-        ips = [dns.resolved_ips[0] for dns in self.dns_netflows if domain == dns.domain]
-        if ips:
-            return ips[0]
-        else:
-            return None
-
-    # NetworkHTTP manipulation methods
-    def set_http_netflows(self, network_http: List[NetworkHTTP]) -> None:
-        """
-        This method sets the NetworkHTTP objects. Note that a http_netflow == NetworkHTTP
-        :param network_http: The NetworkHTTPs to set
-        :return: None
-        """
-        self.http_netflows: List[NetworkHTTP] = (
-            network_http
-            if isinstance(network_http, List)
-            and all(isinstance(http, NetworkHTTP) for http in network_http)
-            else []
-        )
-
-    def create_network_http(self, **kwargs) -> NetworkHTTP:
-        """
-        This method creates a NetworkHTTP object, assigns its attributes based on keyword arguments provided,
-        and returns the NetworkHTTP object
-        :param kwargs: Key word arguments to be used for updating the NetworkHTTP object's attributes
-        :return: NetworkHTTP object
-        """
-        if not (kwargs.get("request_uri") and kwargs.get("request_method")):
-            raise ValueError("The network http connection needs its required arguments")
-        network_http = NetworkHTTP(kwargs["request_uri"], kwargs["request_method"])
-        update_object_items(network_http, kwargs)
-        return network_http
-
-    def add_network_http(self, http: NetworkHTTP) -> None:
-        """
-        This method adds a NetworkHTTP object to the list of network HTTP calls
-        :param http: The NetworkHTTP object to be added
-        :return: None
-        """
-        self.http_netflows.append(http)
-
-    def get_network_http(self) -> List[NetworkHTTP]:
-        """
-        This method returns the network HTTP
-        :return: The list of network HTTP
-        """
-        return self.http_netflows
-
-    def get_network_http_by_path(self, path: str) -> Optional[NetworkHTTP]:
-        """
-        This method returns the network HTTP call associated with a path
-        :param path: The path to a response/request body file
-        :return: The associated network HTTP call for the given path
-        """
-        network_http_with_path = [
-            http
-            for http in self.get_network_http()
-            if http.response_body_path == path or http.request_body_path == path
-        ]
-        if not network_http_with_path:
-            return None
-        else:
-            return network_http_with_path[0]
-
-    def get_network_http_by_details(
-        self, request_uri: str, request_method: str, request_headers: Dict[str, str]
-    ) -> Optional[NetworkHTTP]:
-        """
-        This request_method gets a network http call by request URI, request_method and request headers
-        :param request_uri: The URI of the request
-        :param request_method: The request_method used for the HTTP request
-        :param request_headers: The headers of the request
-        :return: The network http call (should one exist) that matches these details
-        """
-        network_http_with_details = [
-            http
-            for http in self.get_network_http()
-            if http.request_uri == request_uri
-            and http.request_method == request_method
-            and http.request_headers == request_headers
-        ]
-        if not network_http_with_details:
-            return None
-        else:
-            return network_http_with_details[0]
-
-    def get_network_connection_by_network_http(self, network_http: NetworkHTTP) -> Optional[NetworkConnection]:
-        """
-        This method returns the network connection corresponding to the given network http object
-        :param network_http: The given network http object
-        :return: The corresponding network connection
-        """
-        for netflow in self.netflows:
-            if netflow.http_details == network_http:
-                return netflow
-
-        return None
-
-    # Process manipulation methods
-    def set_processes(self, processes: List[Process]) -> None:
-        """
-        This method sets the Process objects.
-        :param processes: The Processes to set
-        :return: None
-        """
-        self.processes: List[Process] = (
-            processes
-            if isinstance(processes, List)
-            and all(isinstance(process, Process) for process in processes)
-            else []
-        )
-
-    def create_process(self, **kwargs) -> Process:
-        """
-        This method creates a Process object, assigns its attributes based on keyword arguments provided,
-        and returns the Process object
-        :param kwargs: Key word arguments to be used for updating the Process object's attributes
-        :return: Process object
-        """
-        if not (
-            kwargs.get("objectid") and kwargs.get("image") and kwargs.get("start_time")
-        ):
-            raise ValueError("The process needs its required arguments")
-        process = Process(kwargs["objectid"], kwargs["image"], kwargs["start_time"])
-        process.update(**kwargs)
-
-        if not process.objectid.guid:
-            process.objectid.assign_guid()
-        if not process.end_time:
-            process.set_end_time(MAX_TIME)
-        if not process.objectid.time_observed:
-            process.objectid.set_time_observed(process.start_time)
-        return process
-
-    def add_process(self, process: Process) -> None:
-        """
-        This method adds a validated Process object to the list of processes
-        :param process: The Process object to be added
-        :return: None
-        """
-        if self._validate_process(process):
-            if isinstance(process.objectid.guid, str):
-                self._guid_process_map[process.objectid.guid.upper()] = process
-            else:
-                self._guid_process_map[process.objectid.guid] = process
-            self.set_parent_details(process)
-            self.set_child_details(process)
-            self.processes.append(process)
-        else:
-            log.debug("Invalid process, ignoring...")
-            return
-
-    def update_process(self, **kwargs) -> None:
-        """
-        This method updates a Process object attributes
-        :param kwargs: Key word arguments to be used for updating the Process object's attributes
-        :return: None
-        """
-        if all(value is None for value in kwargs.values()):
-            return
-
-        if "guid" not in kwargs and "pid" not in kwargs:
-            log.warning(
-                "You must pass GUID kwarg or a PID kwarg if you want to update a process"
-            )
-            return
-        elif (
-            "guid" not in kwargs
-            and "pid" in kwargs
-            and not ("start_time" in kwargs or "end_time" in kwargs)
-        ):
-            log.warning(
-                "You must pass GUID kwarg or a PID kwarg with a timestamp such as start_time or end_time if you want to update a process."
-            )
-            return
-
-        # Don't update the parent yet
-        parent_keys = [
-            "pguid",
-            "ptag",
-            "ptreeid",
-            "pprocesstree",
-            "ptime_observed",
-            "ppid",
-            "pimage",
-            "pcommand_line",
-            "pobjectid",
-        ]
-        parent_kwargs = {
-            key[1:]: value for key, value in kwargs.items() if key in parent_keys
-        }
-
-        if "guid" in kwargs and kwargs["guid"]:
-            process_to_update = self.get_process_by_guid(kwargs["guid"])
-            if not process_to_update:
-                p = self.create_process(**kwargs)
-                self.add_process(p)
-                return
-            process_to_update.update(**kwargs)
-        else:
-            timestamp = (
-                kwargs["end_time"] if kwargs.get("end_time") else kwargs["start_time"]
-            )
-            if not isinstance(timestamp, str):
-                raise ValueError(f"The timestamp {timestamp} must be a str")
-
-            guid = self.get_guid_by_pid_and_time(kwargs["pid"], timestamp)
-            if not guid:
-                p = self.create_process(**kwargs)
-                self.add_process(p)
-                return
-            process_to_update = self.get_process_by_guid(guid)
-            kwargs["guid"] = guid
-            if process_to_update:
-                process_to_update.update(**kwargs)
-
-        if parent_kwargs.get("guid") or parent_kwargs.get("pobjectid", {}).get("guid"):
-            # Only update if ObjectID is not associated with another process
-            if process_to_update and any(
-                process_to_update.pobjectid == process.objectid
-                for process in self.get_processes()
-            ):
-                return
-            pguid = (
-                parent_kwargs["guid"]
-                if parent_kwargs.get("guid")
-                else parent_kwargs.get("pobjectid", {}).get("guid")
-            )
-            parent = self.get_process_by_guid(pguid)
-            if process_to_update and parent:
-                process_to_update.set_parent(parent)
-
-    def update_objectid(self, **kwargs) -> None:
-        """
-        This method updates an object's ObjectID attributes
-        :param kwargs: Key word arguments to be used for updating the object's ObjectID attributes
-        :return: None
-        """
-        if all(value is None for value in kwargs.values()):
-            return
-
-        if "guid" not in kwargs:
-            log.warning(
-                "You must pass GUID kwarg if you want to update a process ObjectID."
-            )
-            return
-
-        object_to_update = self.get_process_by_guid(kwargs["guid"])
-        if not object_to_update:
-            object_to_update = self.get_network_connection_by_guid(kwargs["guid"])
-            if not object_to_update:
-                return
-
-        update_object_items(object_to_update.objectid, kwargs)
-
-    def set_parent_details(self, process: Process) -> None:
-        """
-        This method sets the parent process's details in the given process
-        :param process: The process that will have it's parent's details set
-        :return: None
-        """
-        parent = None
-        if process.pobjectid and process.pobjectid.guid:
-            parent = self.get_process_by_guid(process.pobjectid.guid)
-            process.set_parent(parent)
-
-        if not parent and process.ppid and process.start_time:
-            parent_guid = self.get_guid_by_pid_and_time(
-                process.ppid, process.start_time
-            )
-            parent = self.get_process_by_guid(parent_guid)
-            process.set_parent(parent)
-
-    def set_child_details(self, process: Process) -> None:
-        """
-        This method sets the parent process details for any child processes of the given process
-        :param process: The parent process that will be set as the parent for any associated child processes
-        :return: None
-        """
-        if process.objectid.guid:
-            child_processes = self.get_processes_by_pguid(process.objectid.guid)
-            for child_process in child_processes:
-                child_process.set_parent(process)
-        # Processes may not have a pguid attribute set, so this is not an elif case
-        if process.pid and process.start_time:
-            child_processes = self.get_processes_by_ppid_and_time(
-                process.pid, process.start_time
-            )
-            for child_process in child_processes:
-                child_process.set_parent(process)
-
-    def get_processes(self) -> List[Process]:
-        """
-        This method is a getter for the processes attribute
-        :return: The value of the processes attribute
-        """
-        return self.processes
-
-    def get_guid_by_pid_and_time(self, pid: int, timestamp: str) -> Optional[str]:
-        """
-        This method allows the retrieval of GUIDs based on a process ID and timestamp
-        :param pid: The process ID
-        :param timestamp: A timestamp between the creation and termination of a process
-        :return: The GUID for the given process ID
-        """
-        process = self.get_process_by_pid_and_time(pid, timestamp)
-        if process:
-            return process.objectid.guid
-        else:
-            return None
-
-    def get_processes_by_ppid_and_time(
-        self, ppid: int, timestamp: str
-    ) -> List[Process]:
-        """
-        This method allows the retrieval of processes based on a parent process ID and timestamp
-        :param ppid: The parent process ID
-        :param timestamp: A timestamp between the creation and termination of a process
-        :return: The child processes associated for the given parent process ID
-        """
-        if timestamp is None:
-            return None
-        return [
-            process
-            for process in self.get_processes()
-            if process.ppid == ppid
-            and timestamp <= process.end_time
-            and timestamp >= process.start_time
-        ]
-
-    def get_pguid_by_pid_and_time(self, pid: int, timestamp: str) -> Optional[str]:
-        """
-        This method allows the retrieval of the parent process's GUID based on a process ID and timestamp
-        :param pid: The process ID
-        :param timestamp: A timestamp between the creation and termination of a process
-        :return: The parent process's GUID for the given process ID
-        """
-        process = self.get_process_by_pid_and_time(pid, timestamp)
-        if process and process.pobjectid:
-            return process.pobjectid.guid
-        else:
-            return None
-
-    def is_guid_in_gpm(self, guid: str) -> bool:
-        """
-        This method confirms if a GUID is in the GUID -> Process map
-        :return: A boolean indicating if a GUID is in the GUID -> Process map
-        """
-        return f"{{{str(UUID(guid)).upper()}}}" in self._get_guids()
-
-    def get_process_by_guid(self, guid: Optional[str]) -> Optional[Process]:
-        """
-        This method takes a given GUID and returns the associated process
-        :param guid: The given GUID that we want an associated process for
-        :return: The associated process
-        """
-        if guid is None:
-            return None
-        return self._guid_process_map.get(guid.upper())
-
-    def get_process_by_command_line(
-        self, command_line: Optional[str] = None
-    ) -> Optional[Process]:
-        """
-        This method takes a given command line and returns the associated process
-        NOTE That this method has a high possibility of not being accurate. If multiple processes use the same
-        command line, this method will return the first process.
-        :param command_line: The given command line that we want an associated process for
-        :return: The associated process
-        """
-        if not command_line:
-            return None
-
-        processes_with_command_line = [
-            process
-            for process in self.get_processes()
-            if process.command_line
-            and (
-                command_line == process.command_line
-                or command_line in process.command_line
-            )
-        ]
-        if not processes_with_command_line:
-            return None
-        else:
-            return processes_with_command_line[0]
-
-    def get_process_by_pid_and_time(
-        self, pid: Optional[int], timestamp: Optional[str]
-    ) -> Optional[Process]:
-        """
-        This method allows the retrieval of a process based on a process ID and timestamp
-        :param pid: The process ID
-        :param timestamp: A timestamp between the creation and termination of a process
-        :return: The process for the given process ID
-        """
-        if pid is None or timestamp is None:
-            return None
-        processes: List[Process] = [
-            process
-            for process in self.get_processes()
-            if process.pid == pid
-            and timestamp <= process.end_time
-            and timestamp >= process.start_time
-        ]
-        if not processes:
-            return None
-        elif len(processes) > 1:
-            log.warning("Map is invalid")
-            return None
-        else:
-            return processes[0]
-
-    def get_processes_by_pguid(self, pguid: Optional[str]) -> List[Process]:
-        """
-        This method takes a given parent process GUID and returns the child processes
-        :param guid: The given parent process GUID that we want the child processes for
-        :return: The child processes
-        """
-        if pguid is None:
-            return []
-        return [
-            process
-            for process in self.get_processes()
-            if process.pobjectid and process.pobjectid.guid == pguid
-        ]
-
-    def get_process_by_pid(self, pid: Optional[int] = None) -> Optional[Process]:
-        """
-        This method takes a given process ID and returns the associated process
-        NOTE That this method has a high possibility of not being accurate. If multiple processes use the same
-        process ID, this method will return the first process.
-        :param pid: The given process ID that we want an associated process for
-        :return: The associated process
-        """
-        if not pid:
-            return None
-
-        processes_with_pid = [
-            process
-            for process in self.get_processes()
-            if process.pid and pid == process.pid
-        ]
-        if not processes_with_pid:
-            return None
-        else:
-            return processes_with_pid[0]
-
-    def as_primitives(self) -> Dict[str, Any]:
-        """
-        This method returns the dictionary representation of the object
-        :return: The dictionary representation of the object
-        """
-        return {
-            "sandboxes": [sandbox.as_primitives() for sandbox in self.sandboxes],
-            "signatures": [signature.as_primitives() for signature in self.signatures],
-            "network_connections": [
-                network_connection.as_primitives()
-                for network_connection in self.netflows
-            ],
-            "network_dns": [
-                network_dns.as_primitives() for network_dns in self.dns_netflows
-            ],
-            "network_http": [
-                network_http.as_primitives() for network_http in self.http_netflows
-            ],
-            "processes": [process.as_primitives() for process in self.processes],
-        }
-
-    # Process Tree and Event manipulation methods
-    def get_events(
-        self, safelist: List[str] = None
-    ) -> List[Union[Process, NetworkConnection]]:
-        """
-        This method gets all process and network events, sorts them by time observed, and returns a list
-        :param safelist: A list of safe treeids
-        :return: A sorted list of all process and network events
-        """
-        if safelist is None:
-            safelist: List[str] = []
-
-        processes_to_add = [
-            process
-            for process in self.processes
-            if process.start_time is not None
-            and process.objectid.treeid not in safelist
-        ]
-        netflows_to_add = [
-            network_connection
-            for network_connection in self.netflows
-            if network_connection.objectid.time_observed is not None
-            and network_connection.objectid.treeid not in safelist
-        ]
-        events = processes_to_add + netflows_to_add
-        return self._sort_things_by_time_observed(events)
-
-    def get_non_safelisted_processes(self, safelist: List[str]) -> List[Process]:
-        """
-        This method filters events by their tree ID and returns the remaining events
-        :param safelist: All of the safe leaf tree IDs (the safelist)
-        :return: A list of non-safelisted process
-        """
-        # NOTE: This method must be called once tree IDs have been added to the process_event_dicts, most likely
-        # through calculating the process tree
-        filtered_processes = [
-            process
-            for process in self.get_processes()
-            if process.objectid.treeid not in safelist
-        ]
-        sorted_filtered_processes = self._sort_things_by_time_observed(
-            filtered_processes
-        )
-        return sorted_filtered_processes
-
-    def get_process_tree(self, safelist: List[str] = None) -> List[Dict[str, Any]]:
-        """
-        This method generates the event tree
-        :return: The event tree
-        """
-        if safelist is None:
-            safelist: List[str] = []
-        events = self.get_events()
-        events_dict = self._convert_events_to_dict(events)
-        tree = self._convert_events_dict_to_tree(events_dict)
-        self._create_treeids(tree)
-        if safelist:
-            tree = OntologyResults._filter_event_tree_against_safe_treeids(
-                tree, safelist
-            )
-        return tree
-
-    def get_process_tree_result_section(
-        self, safelist: List[str] = None
-    ) -> ResultProcessTreeSection:
-        """
-        This method creates the Typed ResultSection for Process (Event) Trees
-        :param safelist: A safelist of tree IDs that is to be applied to the events
-        :return: The Typed ResultSection for the Process (Event) Tree
-        """
-        if safelist is None:
-            safelist: List[str] = []
-        tree = self.get_process_tree(safelist)
-        items: List[ProcessItem] = []
-        process_tree_result_section = ResultProcessTreeSection("Spawned Process Tree")
-        for event in tree:
-            # A telltale sign that the event is a NetworkConnection
-            if "process" in event:
-                # event is a NetworkConnection, we don't want this in the process tree result section, only the counts
-                continue
-            self._convert_event_tree_to_result_section(
-                items, event, safelist, process_tree_result_section
-            )
-        for item in items:
-            process_tree_result_section.add_process(item)
-        return process_tree_result_section
-
-    def load_from_json(self, json: Dict[str, Any]) -> None:
-        """
-        This method takes a given json and sets the corresponding attributes to those values
-        :param json: The the given json representation of the sandbox ontology
-        :return: None
-        """
-        self.analysis_metadata.load_from_json(json["analysis_metadata"])
-        for signature in json["signatures"]:
-            self.signatures.append(self._load_signature_from_json(signature))
-        for network_connection in json["network_connections"]:
-            self.network_connections.append(
-                self._load_network_connection_from_json(network_connection)
-            )
-        for dns in json["network_dns"]:
-            self.network_dns.append(self._load_network_dns_from_json(dns))
-        for http in json["network_http"]:
-            self.network_http.append(self._load_network_http_from_json(http))
-        for process in json["processes"]:
-            self.processes.append(self._load_process_from_json(process))
-        self.sandbox_name = json["sandbox_name"]
-        self.sandbox_version = json["sandbox_version"]
-
-    @staticmethod
-    def handle_artifacts(
-        artifact_list: List[Dict[str, Any]],
-        request: ServiceRequest,
-        collapsed: bool = False,
-        injection_heur_id: int = 17,
-    ) -> ResultSection:
-        """
-        Goes through each artifact in artifact_list, uploading them and adding result sections accordingly
-        :param artifact_list: List of dictionaries that each represent an artifact
-        :param collapsed: A flag used for indicating if the Sandbox Artifacts ResultSection should be collapsed or not
-        :param injection_heur_id: The heuristic ID for the Injection heuristic of a service
-        :return: A ResultSection containing any Artifact ResultSections
-        """
-
-        validated_artifacts = OntologyResults._validate_artifacts(artifact_list)
-
-        artifacts_result_section = ResultSection(
-            "Sandbox Artifacts", auto_collapse=collapsed
-        )
-
-        for artifact in validated_artifacts:
-            OntologyResults._handle_artifact(
-                artifact, artifacts_result_section, injection_heur_id
-            )
-
-            if artifact.to_be_extracted and not any(artifact.sha256 == previously_extracted["sha256"] for previously_extracted in request.extracted):
-                try:
-                    request.add_extracted(
-                        artifact.path, artifact.name, artifact.description
-                    )
-                except MaxExtractedExceeded:
-                    # To avoid errors from being raised when too many files have been extracted
-                    pass
-            elif not artifact.to_be_extracted and not any(artifact.sha256 == previously_supplemented["sha256"] for previously_supplemented in request.task.supplementary):
-                request.add_supplementary(
-                    artifact.path, artifact.name, artifact.description
-                )
-
-        return (
-            artifacts_result_section if artifacts_result_section.subsections else None
-        )
-
-    def _get_guids(self) -> List[str]:
-        """
-        This method gets a list of GUIDs from the GUID - PID map
-        :return: A list of GUIDs
-        """
-        return list(self._guid_process_map.keys())
-
-    def _validate_process(self, process: Process) -> bool:
-        """
-        This method validates a Process object
-        :param process: A Process object to be validated
-        :return: A boolean flag indicating that Process is valid
-        """
-        # Grab pids and guids to use for validation
-        pids: List[int] = [
-            process.pid
-            for process in self._guid_process_map.values()
-            if process.pid is not None
-        ]
-        guids: List[str] = list(self._guid_process_map.keys())
-
-        if process.objectid.guid is None and process.pid is None:
-            log.warning("Process requires at least a GUID or a PID, skipping...")
-            return False
-        # elif not process.objectid.guid and process.pid not in pids:
-        #     # This means we have a unique process that is not yet in the lookup table.
-        #     # Before we add it, assign a GUID to it.
-        #     process.objectid.assign_guid()
-        elif process.objectid.guid in guids and process.pid in pids:
-            # We cannot have two items in the table that share process IDs and GUIDs
-            log.debug("Duplicate process, skipping...")
-            return False
-        elif process.objectid.guid in guids and process.pid not in pids:
-            # We cannot have two items in the table that share GUIDs
-            log.debug("Duplicate process, skipping...")
-            return False
-        elif process.objectid.guid not in guids and process.pid in pids:
-            # We can have two items in the table that share PIDs that don't share GUIDs
-            # Further validation is required
-            return self._handle_pid_match(process)
-        else:
-            # process.guid and process.guid not in guids and process.pid not in pids
-            # We have a unique process that is not yet in the lookup table and has a GUID.
-            # Add it!
-            pass
-        return True
-
-    def _handle_pid_match(self, process: Process) -> bool:
-        """
-        This method is a deeper step in process validation for processes that share IDs
-        :param process: A Process object that shares an ID with another Process object in the lookup table
-        :return: A boolean indicating if process is a valid entry
-        """
-        valid_entry = False
-        # We only care about processes that share process IDs
-        processes_with_common_pids = [
-            validated_process
-            for validated_process in self.processes
-            if validated_process.pid == process.pid
-        ]
-
-        if not processes_with_common_pids:
-            return True
-
-        for process_with_common_pid in processes_with_common_pids:
-            if (
-                process_with_common_pid.start_time == process.start_time
-                and process_with_common_pid.end_time == process.end_time
-            ):
-                # We cannot have multiple processes that share IDs that took place at the same time
-                continue
-            elif (
-                process.start_time >= process_with_common_pid.end_time
-                or process.end_time <= process_with_common_pid.start_time
-            ):
-                # We can only have multiple processes that share IDs if they did not take place at the same time
-                valid_entry = True
-            else:
-                # We cannot have multiple processes that share IDs that have overlapping time ranges
-                continue
-        return valid_entry
-
-    def _remove_process(self, process: Process) -> None:
-        """
-        This method takes a process and removes it from the current processes, if it exists
-        :param process: The process to be removed
-        :return: None
-        """
-        try:
-            self.processes.remove(process)
-        except ValueError:
-            return
-
-    def _remove_network_http(self, network_http: NetworkHTTP) -> None:
-        """
-        This method takes a network_http and removes it from the current network_http calls, if it exists
-        :param network_http: The network_http to be removed
-        :return: None
-        """
-        try:
-            self.http_netflows.remove(network_http)
-        except ValueError:
-            return
-
-    def _remove_network_dns(self, network_dns: NetworkDNS) -> None:
-        """
-        This method takes a network_dns and removes it from the current network_dns calls, if it exists
-        :param network_dns: The network_dns to be removed
-        :return: None
-        """
-        try:
-            self.dns_netflows.remove(network_dns)
-        except ValueError:
-            return
-
-    def _remove_network_connection(self, network_connection: NetworkConnection) -> None:
-        """
-        This method takes a network_connection and removes it from the current network_connections, if it exists
-        :param network_connection: The network_connection to be removed
-        :return: None
-        """
-        try:
-            self.netflows.remove(network_connection)
-        except ValueError:
-            return
-
-    def _remove_signature(self, signature: Signature) -> None:
-        """
-        This method takes a signature and removes it from the current signatures, if it exists
-        :param signature: The signature to be removed
-        :return: None
-        """
-        try:
-            self.signatures.remove(signature)
-        except ValueError:
-            return
-
-    def _load_process_from_json(self, json: Dict[str, Any]) -> Process:
-        """
-        This method takes a given json and sets the corresponding attributes to those values
-        :param json: The the given json representation of the process
-        :return: A process object
-        """
-        process = self.create_process(**json)
-        return process
-
-    def _load_signature_from_json(self, json: Dict[str, Any]) -> Signature:
-        """
-        This method takes a given json and sets the corresponding attributes to those values
-        :param json: The the given json representation of the signature
-        :return: A signature object
-        """
-        process = json.pop("process")
-        subjects = json.pop("subjects")
-        signature = self.create_signature(**json)
-        if process:
-            signature.update_process(**process)
-        if subjects:
-            for subject in subjects:
-                subject_process = subject.pop("process")
-                if subject_process:
-                    signature.add_process_subject(**subject_process)
-                else:
-                    signature.add_subject(**subject)
-        return signature
-
-    def _load_network_connection_from_json(
-        self, json: Dict[str, Any]
-    ) -> NetworkConnection:
-        """
-        This method takes a given json and sets the corresponding attributes to those values
-        :param json: The the given json representation of the network connection
-        :return: A network connection object
-        """
-        process = json.pop("process")
-        network_connection = self.create_network_connection(**json)
-        if process:
-            network_connection.update_process(**process)
-        return network_connection
-
-    def _load_network_dns_from_json(self, json: Dict[str, Any]) -> NetworkDNS:
-        """
-        This method takes a given json and sets the corresponding attributes to those values
-        :param json: The the given json representation of the network dns
-        :return: A network dns object
-        """
-        connection_details = json.pop("connection_details")
-        network_dns = self.create_network_dns(**json)
-        if connection_details:
-            process = connection_details.pop("process")
-            network_dns.connection_details.update(**connection_details)
-            if process:
-                network_dns.update_process(**process)
-        return network_dns
-
-    def _load_network_http_from_json(self, json: Dict[str, Any]) -> NetworkHTTP:
-        """
-        This method takes a given json and sets the corresponding attributes to those values
-        :param json: The the given json representation of the network http
-        :return: A network http object
-        """
-        connection_details = json.pop("connection_details")
-        network_http = self.create_network_http(**json)
-        if connection_details:
-            process = connection_details.pop("process")
-            network_http.connection_details.update(**connection_details)
-            if process:
-                network_http.update_process(**process)
-        return network_http
-
-    @staticmethod
-    def _sort_things_by_time_observed(
-        things_to_sort_by_time_observed: List[Union[Process, NetworkConnection, Dict]]
-    ) -> List[Any]:
-        """
-        This method sorts a list of things by their time_observeds
-        :param things_to_sort_by_time_observed: A list of things to sort by time_observed
-        :return: A list of things that have been sorted by time_observed
-        """
-        if not things_to_sort_by_time_observed:
-            return []
-
-        # If every item is a dictionary, then use key lookups
-        if all(
-            isinstance(thing_to_sort_by_time_observed, Dict)
-            for thing_to_sort_by_time_observed in things_to_sort_by_time_observed
-        ):
-
-            if any(
-                thing_to_sort_by_time_observed["objectid"]["time_observed"] is None
-                for thing_to_sort_by_time_observed in things_to_sort_by_time_observed
-            ):
-                log.warning("All ObjectID time_observed values must not be None...")
-                return things_to_sort_by_time_observed
-
-            def time_observed(x):
-                # We should only be sorting with floats
-                time_obs = x["objectid"]["time_observed"]
-                if isinstance(time_obs, str):
-                    if time_obs == MIN_TIME:
-                        time_obs = epoch_to_local(0)
-                    time_obs = datetime.strptime(
-                        time_obs, LOCAL_FMT
-                    ).timestamp()
-                return time_obs
-
-        else:
-
-            if any(
-                thing_to_sort_by_time_observed.objectid.time_observed is None
-                for thing_to_sort_by_time_observed in things_to_sort_by_time_observed
-            ):
-                log.warning("All ObjectID time_observed values must not be None...")
-                return things_to_sort_by_time_observed
-
-            def time_observed(x):
-                # We should only be sorting with floats
-                time_obs = x.objectid.time_observed
-                if isinstance(time_obs, str):
-                    if time_obs == MIN_TIME:
-                        time_obs = epoch_to_local(0)
-                    time_obs = datetime.strptime(
-                        time_obs, LOCAL_FMT
-                    ).timestamp()
-                return time_obs
-
-        sorted_things = sorted(things_to_sort_by_time_observed, key=time_observed)
-        return sorted_things
-
-    @staticmethod
-    def _sort_things_by_relationship(
-        things_to_sort_by_relationship: List[Union[Process, NetworkConnection, Dict]]
-    ) -> List[Union[Process, NetworkConnection, Dict]]:
-        """
-        This method sorts a list of things by their relationships
-        :param things_to_sort_by_relationship: A list of things to sort by their relationships to one another
-        :return: A list of things that have been sorted by their relationships
-        """
-        if not things_to_sort_by_relationship:
-            return []
-
-        recurse_again = False
-        # If every item is a dictionary, then use key lookups
-        if all(
-            isinstance(thing_to_sort, Dict)
-            for thing_to_sort in things_to_sort_by_relationship
-        ):
-            for index, thing in enumerate(things_to_sort_by_relationship[:]):
-                # Confirm if we are working with an process or a network
-                if "pobjectid" in thing:
-                    # This is a Process
-                    pobjectid = thing["pobjectid"]
-                elif "process" in thing and thing["process"]:
-                    # This is a NetworkConnection
-                    pobjectid = thing["process"]["objectid"]
-                else:
-                    pobjectid = None
-
-                if not pobjectid:
-                    continue
-                # We only want to sort if the thing has the same time observed as its parent
-                if thing["objectid"]["time_observed"] != pobjectid["time_observed"]:
-                    continue
-
-                # If the parent object exists in the rest of the list
-                for parent_index, parent in enumerate(
-                    things_to_sort_by_relationship[index + 1 :]
-                ):
-                    if (
-                        pobjectid["guid"] == parent["objectid"]["guid"]
-                        and pobjectid["time_observed"]
-                        == parent["objectid"]["time_observed"]
-                    ):
-                        popped_item = things_to_sort_by_relationship.pop(
-                            index + 1 + parent_index
-                        )
-                        things_to_sort_by_relationship.insert(index, popped_item)
-                        recurse_again = True
-                        break
-                if recurse_again:
-                    break
-        else:
-            for index, thing in enumerate(things_to_sort_by_relationship[:]):
-                # Confirm if we are working with an process or a network
-                if hasattr(thing, "pobjectid"):
-                    # This is a Process
-                    pobjectid = thing.pobjectid
-                elif hasattr(thing, "process") and thing.process:
-                    # This is a NetworkConnection
-                    pobjectid = thing.process.objectid
-                else:
-                    pobjectid = None
-
-                if not pobjectid:
-                    continue
-                # We only want to sort if the thing has the same time observed as its parent
-                if thing.objectid.time_observed != thing.pobjectid.time_observed:
-                    continue
-                # If the parent object exists in the rest of the list
-                for parent_index, parent in enumerate(
-                    things_to_sort_by_relationship[index + 1 :]
-                ):
-                    if thing.pobjectid.guid == parent.objectid.guid:
-                        popped_item = things_to_sort_by_relationship.pop(
-                            index + 1 + parent_index
-                        )
-                        things_to_sort_by_relationship.insert(index, popped_item)
-                        recurse_again = True
-                        break
-                if recurse_again:
-                    break
-
-        if recurse_again:
-            OntologyResults._sort_things_by_relationship(things_to_sort_by_relationship)
-        return things_to_sort_by_relationship
-
-    @staticmethod
-    def _convert_events_to_dict(
-        events: List[Union[Process, NetworkConnection]]
-    ) -> Dict[str, Any]:
-        """
-        This method converts events to dictionaries
-        :param events: A list of validated event objects
-        :return: A dictionary representing the event objects
-        """
-        events_dict = {}
-
-        if any([event.objectid.guid is None for event in events]):
-            log.warning("All events must have a GUID at the ObjectID level...")
-            return events_dict
-
-        for event in events:
-            events_dict[event.objectid.guid] = event.as_primitives()
-
-        return events_dict
-
-    @staticmethod
-    def _depth(d: Dict[str, Any]) -> int:
-        """
-        This method uses recursion to determine the depth of a dictionary
-        :param d: The dictionary to determine the depth of
-        :return: The integer value representing the current depth at the current iteration
-        """
-        if isinstance(d, dict):
-            children = d.get("children", [])
-            if isinstance(children, list):
-                if not children:
-                    return 1
-                return 1 + max(OntologyResults._depth(child) for child in children)
-        return 0
-
-    @staticmethod
-    def _convert_events_dict_to_tree(
-        events_dict: Dict[str, Any] = None
-    ) -> List[Dict[str, Any]]:
-        """
-        This method converts a dictionary representing events into a tree by using pid/ppid or guid/pguid
-        pairs for linking
-        :param events_dict: A dictionary of events
-        :return: A list of event tree roots, each which their respective branches and leaves
-        """
-
-        root = {
-            "children": [],
-        }
-        sorted_events = OntologyResults._sort_things_by_time_observed(
-            list(events_dict.values())
-        )
-        try:
-            # If events all have the same time observed, but there are child-parent relationships between events,
-            # we should order based on relationship
-            sorted_events_by_relationship_and_time = (
-                OntologyResults._sort_things_by_relationship(sorted_events)
-            )
-        except RecursionError:
-            log.error("Unable to sort events by relationship due to recursion error.")
-            sorted_events_by_relationship_and_time = sorted_events
-
-        events_seen = []
-
-        for e in sorted_events_by_relationship_and_time:
-            if "children" not in e:
-                e["children"] = []
-
-            # This the main difference between Process and NetworkConnection
-            pguid = None
-            if "pobjectid" in e and e["pobjectid"] and e["pobjectid"]["guid"]:
-                # This is a Process
-                pguid = e["pobjectid"]["guid"]
-            elif "process" in e and e["process"] and e["process"]["objectid"]["guid"]:
-                # This is a NetworkConnection
-                pguid = e["process"]["objectid"]["guid"]
-
-            if pguid and pguid in events_seen:
-                # Check if depth is too DEEP
-                if any(OntologyResults._depth(event_dict) >= PROCESS_TREE_DEPTH_LIMIT for event_dict in events_dict.values()):
-                    # We still want to register the process in events_seen, so
-                    # that they don't get added to the root children
-                    pass
-                else:
-                    events_dict[pguid]["children"].append(e)
-            else:
-                root["children"].append(e)
-
-            events_seen.append(e["objectid"]["guid"])
-
-        return OntologyResults._sort_things_by_time_observed(root["children"])
-
-    def _convert_event_tree_to_result_section(
-        self,
-        items: List[ProcessItem],
-        event: Dict[str, Any],
-        safelist: List[str],
-        result_section: ResultProcessTreeSection,
-        parent: Optional[ProcessItem] = None,
-    ) -> None:
-        """
-        This method converts the event tree into a ResultSection using recursion
-        :param items: A list of ProcessItem objects
-        :param event: A dictionary representing the Process to be converted
-        :param safelist: A safelist of tree IDs that is to be applied to the events
-        :param result_section: The Typed ResultSection for the Process (Event) Tree
-        :param parent: The ProcessItem of the event to be converted
-        :return: None
-        """
-        e = ProcessItem(
-            pid=event["pid"],
-            name=event["image"],
-            cmd=event["command_line"],
-        )
-        e.add_network_events(len(self.get_network_connection_by_pid(e.pid)))
-        # TODO
-        # e.add_file_events(len(self.get_file_events_by_pid(e.pid)))
-        # e.add_registry_events(len(self.get_registry_events_by_pid(e.pid)))
-
-        if event["objectid"]["treeid"] in safelist:
-            e.safelist()
-        else:
-            result_section.add_tag(
-                "dynamic.processtree_id", event["objectid"]["processtree"]
-            )
-            if event["command_line"]:
-                result_section.add_tag(
-                    "dynamic.process.command_line", event["command_line"]
-                )
-
-        for signature in self.get_signatures_by_pid(event["pid"]):
-            if signature.score is None:
-                signature.set_score(0)
-            e.add_signature(signature.name, signature.score)
-
-        for child in event["children"][:]:
-            # A telltale sign that the event is a NetworkConnection
-            if "process" in child:
-                # event is a NetworkConnection, we don't want this in the process tree result section, only the counts
-                pass
-            else:
-                self._convert_event_tree_to_result_section(
-                    items, child, safelist, result_section, parent=e
-                )
-            event["children"].remove(child)
-
-        if not event["children"] and not parent:
-            items.append(e)
-        elif not event["children"] and parent:
-            parent.add_child_process(e)
-
-    def _create_hashed_node(
-        self, parent_treeid: str, parent_processtree: str, node: Dict[str, Any]
-    ) -> None:
-        """
-        This method takes a single node and hashes node attributes.
-        Recurses through children to do the same.
-        :param parent_treeid: A string representing the tree id
-        :param parent_processtree: A string representing the rich id
-        :param node: A dictionary representing the node to hash
-        :return: None
-        """
-        children = node["children"]
-
-        tag = node["objectid"].get("tag", "notag")
-        value_to_create_hash_from = (parent_treeid + tag).encode()
-        sha256sum = sha256(value_to_create_hash_from).hexdigest()
-        node["objectid"]["treeid"] = sha256sum
-
-        if parent_processtree:
-            processtree = f"{parent_processtree}|{tag}"
-        elif node.get("pobjectid") and node["pobjectid"].get("processtree"):
-            processtree = f"{node['pobjectid']['processtree']}|{tag}"
-        elif node.get("pobjectid") and node["pobjectid"].get("tag"):
-            processtree = f"{node['pobjectid']['tag']}|{tag}"
-        else:
-            processtree = tag
-        node["objectid"]["processtree"] = processtree
-
-        if node["objectid"].get("guid"):
-            self.update_objectid(
-                guid=node["objectid"]["guid"], treeid=sha256sum, processtree=processtree
-            )
-
-        for child in children:
-            self._create_hashed_node(sha256sum, processtree, child)
-
-    def _create_treeids(self, process_tree: List[Dict[str, Any]]) -> None:
-        """
-        This method creates tree IDs for each node in the process tree
-        :param process_tree: A list of dictionaries where each dictionary represents a root.
-        :return: None
-        """
-        for root in process_tree:
-            self._create_hashed_node("", "", root)
-
-    @staticmethod
-    def _remove_safe_leaves_helper(
-        node: Dict[str, Any], safe_treeids: List[str]
-    ) -> Union[str, None]:
-        """
-        This method is used to recursively remove safe branches from the given node. It removes a branch from the leaf
-        up until it is reaches a node that is not safelisted
-        :param node: A dictionary of a process tree node (root)
-        :param safe_treeids: All of the safe leaf tree IDs (the safelist)
-        :return: Returns the string representing the node's hash for the purpose of recursive removal,
-                 or returns None if the removal is complete
-        """
-        children: List[Dict[str, Any]] = node["children"]
-        num_removed = 0
-        len_of_children = len(children)
-        for index in range(len_of_children):
-            child_to_operate_on = children[index - num_removed]
-            hash_to_remove = OntologyResults._remove_safe_leaves_helper(
-                child_to_operate_on, safe_treeids
-            )
-            if (
-                hash_to_remove
-                and hash_to_remove == child_to_operate_on["objectid"]["treeid"]
-            ):
-                children.remove(child_to_operate_on)
-                num_removed += 1
-                # We need to overwrite the hash of the parent node with the hash to remove to that it will be
-                # removed from the tree as well.
-                if not children:
-                    node["objectid"]["treeid"] = hash_to_remove
-
-        if not children:
-            treeid = node["objectid"]["treeid"]
-            if treeid in safe_treeids:
-                return treeid
-            else:
-                return None
-
-    @staticmethod
-    def _remove_safe_leaves(
-        process_tree: List[Dict[str, Any]], safe_treeids: List[str]
-    ) -> None:
-        """
-        This method checks each leaf's hash against the safe tree IDs and removes safe branches from the process tree
-        :param process_tree: A list of dictionaries where each dictionary represents a root.
-        :param safe_treeids: A list containing the tree IDs of each safe branch
-        :return: None
-        """
-        for root in process_tree[:]:
-            _ = OntologyResults._remove_safe_leaves_helper(root, safe_treeids)
-            if root["objectid"]["treeid"] in safe_treeids and not root["children"]:
-                process_tree.remove(root)
-
-    @staticmethod
-    def _filter_event_tree_against_safe_treeids(
-        event_tree: List[Dict[str, Any]], safe_treeids: List[str]
-    ) -> List[Dict[str, Any]]:
-        """
-        This method takes an event tree and a list of safe process tree tree IDs, and filters out safe process roots
-        in the tree.
-        :param event_tree: A list of processes in a tree structure
-        :param safe_treeids: A List of tree IDs representing safe leaf nodes/branches
-        :return: A list of processes in a tree structure, with the safe branches filtered out
-        """
-        OntologyResults._remove_safe_leaves(event_tree, safe_treeids)
-        return event_tree
-
-    @staticmethod
-    def _validate_artifacts(
-        artifact_list: List[Dict[str, Any]] = None
-    ) -> List[Artifact]:
-        """
-        This method validates a list of unvalidated artifacts
-        :param artifact_list: A list of unvalidated artifacts
-        :return: A list of validated artifacts
-        """
-        if artifact_list is None:
-            artifact_list = []
-
-        validated_artifacts = []
-        for artifact in artifact_list:
-            validated_artifact = Artifact(
-                name=artifact["name"],
-                path=artifact["path"],
-                description=artifact["description"],
-                to_be_extracted=artifact["to_be_extracted"],
-                sha256=artifact["sha256"] if artifact.get("sha256") else get_sha256_for_file(artifact["path"])
-            )
-            validated_artifacts.append(validated_artifact)
-        return validated_artifacts
-
-    @staticmethod
-    def _handle_artifact(
-        artifact: Artifact = None,
-        artifacts_result_section: ResultSection = None,
-        injection_heur_id: int = 17,
-    ) -> None:
-        """
-        This method handles a single artifact and creates a ResultSection for the artifact, if appropriate
-        :param artifact: An artifact object
-        :param artifacts_result_section: A master ResultSection that will contain the ResultSection created for the
-        given artifact
-        :param injection_heur_id: The heuristic ID for the Injection heuristic of a service
-        :return: None
-        """
-        if artifact is None:
-            raise Exception("Artifact cannot be None")
-
-        artifact_result_section = None
-
-        for regex in [HOLLOWSHUNTER_EXE_REGEX, HOLLOWSHUNTER_DLL_REGEX]:
-            pattern = compile(regex)
-            if pattern.match(artifact.name):
-
-                artifact_result_section = next(
-                    (
-                        subsection
-                        for subsection in artifacts_result_section.subsections
-                        if subsection.title_text == HOLLOWSHUNTER_TITLE
-                    ),
-                    None,
-                )
-
-                if artifact_result_section is None:
-                    artifact_result_section = ResultSection(HOLLOWSHUNTER_TITLE)
-                    artifact_result_section.set_heuristic(injection_heur_id)
-                    artifact_result_section.add_line(
-                        "HollowsHunter dumped the following:"
-                    )
-
-                artifact_result_section.add_line(f"\t- {artifact.name}")
-                artifact_result_section.add_tag(
-                    "dynamic.process.file_name", artifact.name
-                )
-                # As of right now, heuristic ID 17 is associated with the Injection category in the Cuckoo service
-                if regex in [HOLLOWSHUNTER_EXE_REGEX]:
-                    artifact_result_section.heuristic.add_signature_id(
-                        "hollowshunter_exe"
-                    )
-                elif regex in [HOLLOWSHUNTER_DLL_REGEX]:
-                    artifact_result_section.heuristic.add_signature_id(
-                        "hollowshunter_dll"
-                    )
-
-        if (
-            artifact_result_section is not None
-            and artifact_result_section not in artifacts_result_section.subsections
-        ):
-            artifacts_result_section.add_subsection(artifact_result_section)
-
-    def _set_item_times(self, item: Union[Process, ObjectID]) -> None:
-        """
-        This method sets the item times to values that the ODM can handle
-        :param item: An item, either a Process or an ObjectID, whose times will be validated
-        :return: None
-        """
-        if item is None:
-            return
-        if isinstance(item, Process):
-            start_time = next(
-                (
-                    sandbox.analysis_metadata.start_time
-                    for sandbox in self.sandboxes
-                    if sandbox.objectid.session == item.objectid.session
-                ),
-                None,
-            )
-            end_time = next(
-                (
-                    sandbox.analysis_metadata.end_time
-                    for sandbox in self.sandboxes
-                    if sandbox.objectid.session == item.objectid.session
-                ),
-                None,
-            )
-            if start_time == MIN_TIME:
-                start_time = epoch_to_local(0)
-            if item.start_time == MIN_TIME:
-                item.set_start_time(start_time)
-            if item.end_time == MAX_TIME:
-                item.set_end_time(end_time)
-            if item.objectid.time_observed == MIN_TIME:
-                item.objectid.set_time_observed(start_time)
-            if item.objectid.time_observed == MAX_TIME:
-                item.objectid.set_time_observed(end_time)
-            if item.pobjectid and item.pobjectid.time_observed == MIN_TIME:
-                item.pobjectid.set_time_observed(start_time)
-            if item.pobjectid and item.pobjectid.time_observed == MAX_TIME:
-                item.pobjectid.set_time_observed(end_time)
-        elif isinstance(item, ObjectID):
-            start_time = next(
-                (
-                    sandbox.analysis_metadata.start_time
-                    for sandbox in self.sandboxes
-                    if sandbox.objectid.session == item.session
-                ),
-                None,
-            )
-            end_time = next(
-                (
-                    sandbox.analysis_metadata.end_time
-                    for sandbox in self.sandboxes
-                    if sandbox.objectid.session == item.session
-                ),
-                None,
-            )
-            if start_time == MIN_TIME:
-                start_time = epoch_to_local(0)
-            if item.time_observed == MIN_TIME:
-                item.set_time_observed(start_time)
-            elif item.time_observed == MAX_TIME:
-                item.set_time_observed(end_time)
-        else:
-            log.warning(f"Given object {item} is neither Process or ObjectID...")
-
-    def _remove_safelisted_processes(
-        self, safelist: List[str], need_tree_id: bool = False
-    ) -> None:
-        """
-        This method removes all safelisted processes and all activities associated with those processes
-        :param need_tree_id:
-        :return: None
-        """
-        safelisted_processes = [
-            process
-            for process in self.get_processes()
-            if process.objectid.treeid in safelist
-            or (need_tree_id and process.objectid.treeid is None)
-        ]
-
-        safelisted_network_connections = [
-            nc
-            for nc in self.get_network_connections()
-            if nc.process in safelisted_processes
-        ]
-        safelisted_network_http = [
-            nc.http_details for nc in safelisted_network_connections if nc.http_details
-        ]
-        safelisted_network_dns = [
-            nc.dns_details for nc in safelisted_network_connections if nc.dns_details
-        ]
-        safelisted_signatures = [
-            sig
-            for sig in self.get_signatures()
-            if any(
-                all(
-                    attribute.source == safelisted_process.objectid
-                    for attribute in sig.attributes
-                )
-                for safelisted_process in safelisted_processes
-            )
-        ]
-        # TODO Somehow get safelisted subjects
-        # safelisted_signatures = [sig for sig in self.get_signatures() if sig.process in safelisted_processes]
-        for safelisted_http in safelisted_network_http:
-            self._remove_network_http(safelisted_http)
-        for safelisted_dns in safelisted_network_dns:
-            self._remove_network_dns(safelisted_dns)
-        for safelisted_conn in safelisted_network_connections:
-            self._remove_network_connection(safelisted_conn)
-        for safelisted_signature in safelisted_signatures:
-            self._remove_signature(safelisted_signature)
-        for safelisted_process in safelisted_processes:
-            self._remove_process(safelisted_process)
-
-    def preprocess_ontology(
-        self, safelist: List[str] = None, from_main: bool = False, so_json: str = None
-    ) -> None:
-        """
-        This method preprocesses the ontology before it gets validated by Assemblyline's base ODM
-        :param from_main: A boolean flag that indicates if this method is being run from __main__
-        :param so_json: The path to the json file that represents the Sandbox Ontology
-        :return: None
-        """
-        if safelist is None:
-            safelist: List[str] = []
-
-        self._remove_safelisted_processes(safelist, need_tree_id=True)
-
-        for process in self.get_processes():
-            self._set_item_times(process)
-
-        for signature in self.get_signatures():
-            for subject in signature.get_attributes():
-                self._set_item_times(subject.source)
-
-        for network_connection in self.get_network_connections():
-            self._set_item_times(network_connection.process)
-
-
-def attach_dynamic_ontology(service: ServiceBase, ontres: OntologyResults) -> None:
-    """
-    This method takes a given service instance and an instance of the OntologyResults class and adds the ontologies
-    :param service: The service instance that will have ontologies added to it
-    :param ontres: The OntologyResults instance that contains the ontologies data
-    :return: None
-    """
-    [service.ontology.add_result_part(ProcessModel, process.as_primitives()) for process in ontres.get_processes()]
-    [service.ontology.add_result_part(SandboxModel, sandbox.as_primitives()) for sandbox in ontres.get_sandboxes()]
-    [service.ontology.add_result_part(SignatureModel, signature.as_primitives()) for signature in ontres.get_signatures()]
-    [service.ontology.add_result_part(NetworkConnectionModel, network_connection.as_primitives()) for network_connection in ontres.get_network_connections()]
-
-
-def convert_sysmon_processes(
-    sysmon: List[Dict[str, Any]],
-    safelist: Dict[str, Dict[str, List[str]]],
-    ontres: OntologyResults,
-):
-    """
-    This method creates the GUID -> Process lookup table
-    :param sysmon: A list of processes observed during the analysis of the task by the Sysmon tool
-    :param safelist: A dictionary containing matches and regexes for use in safelisting values
-    :param ontres: The Ontology Results object instance
-    :return: None
-    """
-    session = ontres.sandboxes[-1].objectid.session
-    for event in sysmon:
-        event_id = int(event["System"]["EventID"])
-        # EventID 10: ProcessAccess causes too many misconfigurations of the process tree
-        if event_id == 10:
-            continue
-        process: Dict[str, str] = {}
-        event_data = event["EventData"]["Data"]
-        for data in event_data:
-            name = data["@Name"].lower()
-            text = data.get("#text")
-
-            # Process Create and Terminate
-            if name == "utctime" and event_id in [1, 5]:
-                if "." in text:
-                    text = text[:text.index(".")]
-                t = str(datetime.strptime(text, LOCAL_FMT))
-                if event_id == 1:
-                    process["start_time"] = t
-                else:
-                    process["start_time"] = MIN_TIME
-                    process["end_time"] = t
-            elif name == "utctime":
-                if "." in text:
-                    text = text[:text.index(".")]
-                t = str(datetime.strptime(text, LOCAL_FMT))
-                process["time_observed"] = t
-            elif name in ["sourceprocessguid", "parentprocessguid"]:
-                process["pguid"] = text
-            elif name in ["processguid", "targetprocessguid"]:
-                process["guid"] = text
-            elif name in ["parentprocessid", "sourceprocessid"]:
-                process["ppid"] = int(text)
-            elif name in ["processid", "targetprocessid"]:
-                process["pid"] = int(text)
-            elif name in ["sourceimage"]:
-                process["pimage"] = text
-            elif name in ["image", "targetimage"]:
-                if not is_tag_safelisted(text, ["dynamic.process.file_name"], safelist):
-                    process["image"] = text
-            elif name in ["parentcommandline"]:
-                if not is_tag_safelisted(
-                    text, ["dynamic.process.command_line"], safelist
-                ):
-                    process["pcommand_line"] = text
-            elif name in ["commandline"]:
-                if not is_tag_safelisted(
-                    text, ["dynamic.process.command_line"], safelist
-                ):
-                    process["command_line"] = text
-            elif name == "originalfilename":
-                process["original_file_name"] = text
-            elif name == "integritylevel":
-                process["integrity_level"] = text
-            elif name == "hashes":
-                split_hash = text.split("=")
-                if len(split_hash) == 2:
-                    _, hash_value = split_hash
-                    process["image_hash"] = hash_value
-
-        if (
-            not process.get("pid")
-            or not process.get("image")
-            or not process.get("start_time")
-        ):
-            continue
-
-        if ontres.is_guid_in_gpm(process["guid"]):
-            ontres.update_process(**process)
-        else:
-            p_oid = ProcessModel.get_oid(
-                {
-                    "pid": process["pid"],
-                    "ppid": process.get("ppid"),
-                    "image": process["image"],
-                    "command_line": process.get("command_line"),
-                }
-            )
-            p = ontres.create_process(
-                objectid=ontres.create_objectid(
-                    tag=Process.create_objectid_tag(process["image"]),
-                    ontology_id=p_oid,
-                    guid=process.get("guid"),
-                    session=session,
-                ),
-                **process,
-            )
-            ontres.add_process(p)
-
-
-def convert_sysmon_network(
-    sysmon: List[Dict[str, Any]],
-    network: Dict[str, Any],
-    safelist: Dict[str, Dict[str, List[str]]],
-    convert_timestamp_to_epoch: bool = False,
-) -> None:
-    """
-    This method converts network connections observed by Sysmon to the format supported by common sandboxes
-    :param sysmon: A list of processes observed during the analysis of the task by the Sysmon tool
-    :param network: The JSON of the network section from the report generated by common sandboxes
-    :param safelist: A dictionary containing matches and regexes for use in safelisting values
-    :param convert_timestamp_to_epoch: A flag indicating if we want timestamps converted to EPOCH
-    :return: None
-    """
-    for event in sysmon:
-        event_id = int(event["System"]["EventID"])
-
-        # There are two main EventIDs that describe network events: 3 (Network connection) and 22 (DNS query)
-        if event_id == 3:
-            protocol = None
-            network_conn = {
-                "src": None,
-                "dst": None,
-                "time": None,
-                "dport": None,
-                "sport": None,
-                "guid": None,
-                "pid": None,
-                "image": None,
-            }
-            for data in event["EventData"]["Data"]:
-                name = data["@Name"]
-                text = data.get("#text")
-                if name == "UtcTime":
-                    if convert_timestamp_to_epoch:
-                        network_conn["time"] = datetime.strptime(text, "%Y-%m-%d %H:%M:%S.%f").timestamp()
-                    else:
-                        if "." in text:
-                            text = text[:text.index(".")]
-                        network_conn["time"] = str(datetime.strptime(text, LOCAL_FMT))
-                elif name == "ProcessGuid":
-                    network_conn["guid"] = text
-                elif name == "ProcessId":
-                    network_conn["pid"] = int(text)
-                elif name == "Image":
-                    network_conn["image"] = text
-                elif name == "Protocol":
-                    protocol = text.lower()
-                elif name == "SourceIp":
-                    if re_match(IPV4_REGEX, text):
-                        network_conn["src"] = text
-                elif name == "SourcePort":
-                    network_conn["sport"] = int(text)
-                elif name == "DestinationIp":
-                    if re_match(IPV4_REGEX, text):
-                        network_conn["dst"] = text
-                elif name == "DestinationPort":
-                    network_conn["dport"] = int(text)
-            if (
-                any(network_conn[key] is None for key in network_conn.keys())
-                or not protocol
-            ):
-                continue
-            elif any(
-                req["dst"] == network_conn["dst"]
-                and req["dport"] == network_conn["dport"]
-                and req["src"] == network_conn["src"]
-                and req["sport"] == network_conn["sport"]
-                for req in network[protocol]
-            ):
-                # Replace record since we have more info from Sysmon
-                for req in network[protocol][:]:
-                    if (
-                        req["dst"] == network_conn["dst"]
-                        and req["dport"] == network_conn["dport"]
-                        and req["src"] == network_conn["src"]
-                        and req["sport"] == network_conn["sport"]
-                    ):
-                        network[protocol].remove(req)
-                        network[protocol].append(network_conn)
-            else:
-                network[protocol].append(network_conn)
-        elif event_id == 22:
-            dns_query = {
-                "type": "A",
-                "request": None,
-                "answers": [],
-                "time": None,
-                "guid": None,
-                "pid": None,
-                "image": None,
-            }
-            for data in event["EventData"]["Data"]:
-                name = data["@Name"]
-                text = data.get("#text")
-                if text is None:
-                    continue
-                if name == "UtcTime":
-                    if convert_timestamp_to_epoch:
-                        dns_query["time"] = datetime.strptime(text, "%Y-%m-%d %H:%M:%S.%f").timestamp()
-                    else:
-                        if "." in text:
-                            text = text[:text.index(".")]
-                        dns_query["time"] = str(datetime.strptime(text, LOCAL_FMT))
-                elif name == "ProcessGuid":
-                    dns_query["guid"] = text
-                elif name == "ProcessId":
-                    dns_query["pid"] = int(text)
-                elif name == "QueryName":
-                    if not is_tag_safelisted(
-                        text, ["network.dynamic.domain"], safelist
-                    ):
-                        dns_query["request"] = text
-                elif name == "QueryResults":
-                    ip = findall(IPV4_REGEX, text)
-                    for item in ip:
-                        dns_query["answers"].append({"data": item, "type": "A"})
-                elif name == "Image":
-                    dns_query["image"] = text
-            if any(dns_query[key] is None for key in dns_query.keys()):
-                continue
-            elif any(
-                query["request"] == dns_query["request"]
-                for query in network.get("dns", [])
-            ):
-                # Replace record since we have more info from Sysmon
-                for query in network["dns"][:]:
-                    if query["request"] == dns_query["request"]:
-                        network["dns"].remove(query)
-                        network["dns"].append(dns_query)
-            else:
-                if "dns" not in network:
-                    network["dns"] = []
-                network["dns"].append(dns_query)
-
-
-def extract_iocs_from_text_blob(
-    blob: str,
-    result_section: ResultTableSection,
-    so_sig: Optional[Signature] = None,
-    source: Optional[ObjectID] = None,
-    enforce_char_min: bool = False,
-    enforce_domain_char_max: bool = False,
-    safelist: Dict[str, Dict[str, List[str]]] = None,
-    is_network_static: bool = False
-) -> None:
-    """
-    This method searches for domains, IPs and URIs used in blobs of text and tags them
-    :param blob: The blob of text that we will be searching through
-    :param result_section: The result section that that tags will be added to
-    :param so_sig: The signature for the Ontology Results
-    :param source: The source of the signature for the Ontology Results
-    :param enforce_char_min: Enforce the minimum amount of characters that an ioc can have
-    :param enforce_domain_char_max: Enforce the maximum amount of characters that a domain can have
-    :param safelist: The safelist containing matches and regexs. The product of a
-                     service using self.get_api_interface().get_safelist().
-    :param is_network_static: Should we tag these IOCs as static or dynamic? Default to dynamic since this method
-                        is in the dynamic service helper module.
-    :return: None
-    """
-    if not blob:
-        return
-
-    if is_network_static:
-        network_tag_type = "static"
-    else:
-        network_tag_type = "dynamic"
-
-    blob = blob.lower()
-    ips = set(findall(IP_REGEX, blob))
-    # There is overlap here between regular expressions, so we want to isolate domains that are not ips
-    domains = set(findall(DOMAIN_REGEX, blob)) - ips
-    # There is overlap here between regular expressions, so we want to isolate uris that are not domains
-    # TODO: Are we missing IOCs to the point where we need a different regex?
-    # uris = {uri.decode() for uri in set(findall(PatternMatch.PAT_URI_NO_PROTOCOL, blob.encode()))} - domains - ips
-    uris = set(findall(URL_REGEX, blob)) - domains - ips
-    for ip in sorted(ips):
-        if add_tag(result_section, f"network.{network_tag_type}.ip", ip, safelist):
-            if not result_section.section_body.body:
-                result_section.add_row(TableRow(ioc_type="ip", ioc=ip))
-            elif (
-                dumps({"ioc_type": "ip", "ioc": ip})
-                not in result_section.section_body.body
-            ):
-                result_section.add_row(TableRow(ioc_type="ip", ioc=ip))
-    for domain in sorted(domains):
-        if enforce_char_min and len(domain) < MIN_DOMAIN_CHARS:
-            continue
-        if enforce_domain_char_max and len(domain) > MAX_DOMAIN_CHARS:
-            continue
-
-        # Check if the domain ends with a TLD that is frequently a false positive
-        if any(domain.lower().endswith(tld) for tld in COMMON_FP_TLDS):
-            is_domain_present_in_uri = False
-            for uri in uris:
-                parsed_uri = urlparse(uri.lower())
-                if domain == parsed_uri.hostname:
-                    is_domain_present_in_uri = True
-                    break
-
-            # If it does, then double check that the domain is not the domain of any URI
-            if not is_domain_present_in_uri:
-                continue
-        elif domain.lower() in COMMON_FP_DOMAINS:
-            continue
-
-        # File names match the domain and URI regexes, so we need to avoid tagging them
-        # Note that get_tld only takes URLs so we will prepend http:// to the domain to work around this
-        if add_tag(result_section, f"network.{network_tag_type}.domain", domain, safelist):
-            if not result_section.section_body.body:
-                result_section.add_row(TableRow(ioc_type="domain", ioc=domain))
-            elif (
-                dumps({"ioc_type": "domain", "ioc": domain})
-                not in result_section.section_body.body
-            ):
-                result_section.add_row(TableRow(ioc_type="domain", ioc=domain))
-
-    for uri in sorted(uris):
-        if enforce_char_min and len(uri) < MIN_URI_CHARS:
-            continue
-        if any(invalid_uri_char in uri for invalid_uri_char in ['"', "'", '<', '>', "(", ")"]):
-            for invalid_uri_char in ['"', "'", '<', '>', "(", ")"]:
-                for u in uri.split(invalid_uri_char):
-                    if re_match(FULL_URI, u):
-                        uri = u
-                        break
-
-        # If there is an common protocol in the URI, and there are some nonsense characters included, exclude them!
-        if ":" in uri:
-            scheme, location = uri.split(":", 1)
-            if scheme not in COMMON_SCHEMES:
-                for common_scheme in COMMON_SCHEMES:
-                    if scheme.endswith(common_scheme):
-                        scheme = common_scheme
-                        uri = f"{scheme}:{location}"
-                        break
-
-        if add_tag(result_section, f"network.{network_tag_type}.uri", uri, safelist):
-            if not result_section.section_body.body:
-                result_section.add_row(TableRow(ioc_type="uri", ioc=uri))
-            elif (
-                dumps({"ioc_type": "uri", "ioc": uri})
-                not in result_section.section_body.body
-            ):
-                result_section.add_row(TableRow(ioc_type="uri", ioc=uri))
-            if so_sig and source:
-                so_sig.add_attribute(so_sig.create_attribute(source=source, uri=uri))
-        # If the tag was safelisted or invalid, don't try to tag the uri_path
-        else:
-            continue
-        if "//" in uri:
-            uri = uri.split("//")[1]
-        for uri_path in findall(URI_PATH, uri):
-            if enforce_char_min and len(uri_path) < MIN_URI_PATH_CHARS:
-                continue
-            if add_tag(result_section, f"network.{network_tag_type}.uri_path", uri_path, safelist):
-                if not result_section.section_body.body:
-                    result_section.add_row(TableRow(ioc_type="uri_path", ioc=uri_path))
-                elif (
-                    dumps({"ioc_type": "uri_path", "ioc": uri_path})
-                    not in result_section.section_body.body
-                ):
-                    result_section.add_row(TableRow(ioc_type="uri_path", ioc=uri_path))
-
-
-# DEBUGGING METHOD
-if __name__ == "__main__":
-    # This method is for validating the output from the OntologyResults class -> Sandbox class
-    from sys import argv
-
-    so_json_path = argv[1]
-    default_so = OntologyResults()
-    default_so.preprocess_ontology(safelist=[], from_main=True, so_json=so_json_path)
diff --git a/assemblyline_v4_service/common/extractor/__init__.py b/assemblyline_v4_service/common/extractor/__init__.py
deleted file mode 100644
index 8b137891..00000000
--- a/assemblyline_v4_service/common/extractor/__init__.py
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/assemblyline_v4_service/common/extractor/base64.py b/assemblyline_v4_service/common/extractor/base64.py
deleted file mode 100644
index a4bd2cff..00000000
--- a/assemblyline_v4_service/common/extractor/base64.py
+++ /dev/null
@@ -1,86 +0,0 @@
-"""
-Base 64 encoded text
-"""
-
-import binascii
-import regex as re
-import warnings
-
-from typing import Dict, List, Tuple
-
-HTML_ESCAPE_RE = rb'&#(?:x[a-fA-F0-9]{1,4}|\d{1,4});'
-BASE64_RE = rb'(?:[A-Za-z0-9+/]{4,}(?:<\x00  \x00)?(?:&#13;|&#xD;)?(?:&#10;|&#xA)?\r?\n?){5,}' \
-            rb'[A-Za-z0-9+/]{2,}={0,2}'
-
-CAMEL_RE = rb'(?i)[a-z]+'
-HEX_RE = rb'(?i)[a-f0-9]+'
-MIN_B64_CHARS = 6
-
-
-def base64_search(text: bytes) -> Dict[bytes, bytes]:
-    """
-    Find all base64 encoded sections in a text.
-    Args:
-        text: The text to search.
-    Returns:
-        A dictionary with the original base64 encoded sections as keys
-        and the corresponding decoded data as values.
-    """
-    warnings.warn("base64_search is depricated, use find_base64 instead", DeprecationWarning)
-    b64_matches = {}
-    for b64_match in re.findall(BASE64_RE, text):
-        if b64_match in b64_matches:
-            continue
-        b64_string = re.sub(HTML_ESCAPE_RE, b'', b64_match).replace(b'\n', b'').replace(b'\r', b'') \
-            .replace(b'<\x00  \x00', b'')
-        if re.fullmatch(HEX_RE, b64_string):
-            # Hexadecimal characters are a subset of base64
-            # Hashes commonly are hex and have multiple of 4 lengths
-            continue
-        if re.fullmatch(CAMEL_RE, b64_string):
-            # Camel case text can be confused for base64
-            # It is common in scripts as names
-            continue
-        uniq_char = set(b64_string)
-        if len(uniq_char) > MIN_B64_CHARS and len(b64_string) % 4 == 0:
-            try:
-                b64_result = binascii.a2b_base64(b64_string)
-                b64_matches[b64_match] = b64_result
-            except binascii.Error:
-                pass
-    return b64_matches
-
-
-def find_base64(data: bytes) -> List[Tuple[bytes, int, int]]:
-    """
-    Find all base64 encoded sections in some data.
-
-    Args:
-        data: The data to search.
-    Returns:
-        A list of decoded base64 sections and the location indexes of the section
-        in the original data.
-    """
-    b64_matches = []
-    for b64_match in re.finditer(BASE64_RE, data):
-        b64_string = re.sub(HTML_ESCAPE_RE, b'', b64_match.group()).replace(b'\n', b'').replace(b'\r', b'') \
-            .replace(b'<\x00  \x00', b'')
-        if len(b64_string) % 4 != 0 or len(set(b64_string)) <= MIN_B64_CHARS:
-            continue
-        if re.fullmatch(HEX_RE, b64_string):
-            # Hexadecimal characters are a subset of base64
-            # Hashes commonly are hex and have multiple of 4 lengths
-            continue
-        if re.fullmatch(CAMEL_RE, b64_string):
-            # Camel case text can be confused for base64
-            # It is common in scripts as names
-            continue
-        if b64_string.count(b'/')/len(b64_string) > 3/32:
-            # If there are a lot of / it as more likely a path
-            continue
-        try:
-            b64_result = binascii.a2b_base64(b64_string)
-            b64_matches.append((b64_result, b64_match.start(), b64_match.end()))
-        except binascii.Error:
-            pass
-    return b64_matches
diff --git a/assemblyline_v4_service/common/extractor/ocr.py b/assemblyline_v4_service/common/extractor/ocr.py
deleted file mode 100644
index 78948563..00000000
--- a/assemblyline_v4_service/common/extractor/ocr.py
+++ /dev/null
@@ -1,97 +0,0 @@
-from __future__ import annotations
-
-from typing import TextIO
-
-import regex
-
-from assemblyline_v4_service.common.helper import get_service_manifest
-from assemblyline_v4_service.common.utils import PASSWORD_WORDS
-
-# TODO: Would prefer this mapping to be dynamic from trusted sources (ie. import from library), but will copy-paste for now
-OCR_INDICATORS_MAPPING: dict[str, list[str]] = {
-    'ransomware': [
-        # https://github.com/cuckoosandbox/community/blob/master/modules/signatures/windows/ransomware_message.py
-        "your files", "your data", "your documents", "restore files",
-        "restore data", "restore the files", "restore the data", "recover files",
-        "recover data", "recover the files", "recover the data", "has been locked",
-        "pay fine", "pay a fine", "pay the fine", "decrypt", "encrypt",
-        "recover files", "recover data", "recover them", "recover your",
-        "recover personal", "bitcoin", "secret server", "secret internet server",
-        "install tor", "download tor", "tor browser", "tor gateway",
-        "tor-browser", "tor-gateway", "torbrowser", "torgateway", "torproject.org",
-        "ransom", "bootkit", "rootkit", "payment", "victim", "AES128", "AES256",
-        "AES 128", "AES 256", "AES-128", "AES-256", "RSA1024", "RSA2048",
-        "RSA4096", "RSA 1024", "RSA 2048", "RSA 4096", "RSA-1024", "RSA-2048",
-        "RSA-4096", "private key", "personal key", "your code", "private code",
-        "personal code", "enter code", "your key", "unique key"
-    ],
-    'macros': [
-        # https://github.com/cuckoosandbox/community/blob/17d57d46ccbca0327a8299cb93abba8604b74df7/modules/signatures/windows/office_enablecontent_ocr.py
-        "enable macro",
-        "enable content",
-        "enable editing",
-    ],
-    'banned': [],
-    'password': PASSWORD_WORDS
-}
-
-
-def ocr_detections(image_path: str, ocr_io: TextIO = None) -> dict[str, list[str]]:
-    try:
-        import pytesseract
-        from PIL import Image
-    except ImportError as exc:
-        raise ImportError('In order to scan for OCR detections, ensure you have the following installed:\n'
-                          'tesseract, pytesseract, and Pillow') from exc
-
-    # Use OCR library to extract strings from an image file
-    ocr_output = ""
-
-    try:
-        ocr_output = pytesseract.image_to_string(Image.open(image_path), timeout=15)  # Stop OCR after 15 seconds
-    except (TypeError, RuntimeError):
-        # Image given isn't supported therefore no OCR output can be given with tesseract
-        return {}
-
-    if ocr_io:
-        ocr_io.flush()
-        ocr_io.write(ocr_output)
-        ocr_io.flush()
-
-    return detections(ocr_output)
-
-
-def detections(ocr_output: str) -> dict[str, list[str]]:
-    detection_output: dict[str, list[str]] = {}
-    ocr_config: dict[str, list[str]] = {}
-    try:
-        # If running an AL service, grab OCR configuration from service manifest
-        ocr_config = get_service_manifest().get('config', {}).get('ocr', {})
-    except Exception:
-        pass
-    indicators = set(list(OCR_INDICATORS_MAPPING.keys()) + list(ocr_config.keys()))
-    # Iterate over the different indicators and include lines of detection in response
-    for indicator in indicators:
-        list_of_terms = ocr_config.get(indicator, []) or OCR_INDICATORS_MAPPING.get(indicator, [])
-        if not list_of_terms:
-            # If no terms specified, move onto next indicator
-            continue
-        indicator_hits: set[str | None] = set()
-        regex_exp = regex.compile(f"({')|('.join(list_of_terms).lower()})")
-        list_of_strings: list[str] = []
-        for line in ocr_output.split('\n'):
-            search = regex_exp.search(line.lower())
-            if search:
-                indicator_hits = indicator_hits.union(set(search.groups()))
-                list_of_strings.append(line)
-        if None in indicator_hits:
-            indicator_hits.remove(None)
-
-        if list_of_strings:
-            if len(indicator_hits) >= 2:
-                # We consider the detection to be credible if there's more than a single indicator hit
-                detection_output[indicator] = list_of_strings
-            if indicator in ['banned', 'password']:
-                # Except if we're dealing with banned/password, one hit is more than enough
-                detection_output[indicator] = list_of_strings
-    return detection_output
diff --git a/assemblyline_v4_service/common/extractor/pe_file.py b/assemblyline_v4_service/common/extractor/pe_file.py
deleted file mode 100644
index 9a5c7142..00000000
--- a/assemblyline_v4_service/common/extractor/pe_file.py
+++ /dev/null
@@ -1,51 +0,0 @@
-import regex as re
-
-from typing import List, Tuple
-
-import pefile
-
-EXEDOS_RE = rb'(?s)This program cannot be run in DOS mode'
-EXEHEADER_RE = rb'(?s)MZ.{32,1024}PE\000\000'
-
-
-def _find_pe_files_with_offset(data: bytes) -> List[Tuple[bytes, int, int]]:
-    """
-    Searches for any PE files within data
-
-    Args:
-        data: The data to search
-    Returns:
-        A list tuples containing: The found PE file, the starting offset and the end offset
-    """
-    pe_files: List[Tuple[bytes, int, int]] = []
-    offset = 0
-    while offset < len(data):
-        match = re.search(EXEHEADER_RE, data)
-        if not match:
-            return pe_files
-        pe_data = data[offset:]
-        if not re.search(EXEDOS_RE, pe_data):
-            return pe_files
-        try:
-            pe = pefile.PE(data=pe_data)
-            size = max(section.PointerToRawData + section.SizeOfRawData for section in pe.sections)
-            if size == 0:
-                return pe_files
-            end = offset+size
-            pe_files.append((data[offset:end], offset, end))
-            offset = end
-        except Exception:
-            return pe_files
-    return pe_files
-
-
-def find_pe_files(data: bytes) -> List[bytes]:
-    """
-    Searches for any PE files within data
-
-    Args:
-        data: The data to search
-    Returns:
-        A list of found PE files
-    """
-    return [pe[0] for pe in _find_pe_files_with_offset(data)]
diff --git a/assemblyline_v4_service/common/icap.py b/assemblyline_v4_service/common/icap.py
deleted file mode 100644
index a3c94075..00000000
--- a/assemblyline_v4_service/common/icap.py
+++ /dev/null
@@ -1,149 +0,0 @@
-import os
-import socket
-
-from assemblyline.common.str_utils import safe_str
-
-ICAP_OK = b'ICAP/1.0 200 OK'
-
-
-# noinspection PyBroadException
-class IcapClient(object):
-    """
-    A limited Internet Content Adaptation Protocol client.
-
-    Currently only supports RESPMOD as that is all that is required to interop
-    with most ICAP based AV servers.
-    """
-
-    RESP_CHUNK_SIZE = 65565
-    MAX_RETRY = 3
-
-    def __init__(self, host, port, respmod_service="av/respmod", action="", timeout=30, number_of_retries=MAX_RETRY):
-        self.host = host
-        self.port = port
-        self.service = respmod_service
-        self.action = action
-        self.socket = None
-        self.timeout = timeout
-        self.kill = False
-        self.number_of_retries = number_of_retries
-        self.successful_connection = False
-
-    def scan_data(self, data, name=None):
-        return self._do_respmod(name or 'filetoscan', data)
-
-    def scan_local_file(self, filepath):
-        filename = os.path.basename(filepath)
-        with open(filepath, 'r') as f:
-            data = f.read()
-            return self.scan_data(data, filename)
-
-    def options_respmod(self):
-        request = f"OPTIONS icap://{self.host}:{self.port}/{self.service} ICAP/1.0\r\n\r\n"
-
-        for i in range(self.number_of_retries):
-            if self.kill:
-                self.kill = False
-                return
-            try:
-                if not self.socket:
-                    self.socket = socket.create_connection((self.host, self.port), timeout=self.timeout)
-                    self.successful_connection = True
-                self.socket.sendall(request.encode())
-                response = temp_resp = self.socket.recv(self.RESP_CHUNK_SIZE)
-                while len(temp_resp) == self.RESP_CHUNK_SIZE:
-                    temp_resp = self.socket.recv(self.RESP_CHUNK_SIZE)
-                    response += temp_resp
-                if not response or not response.startswith(ICAP_OK):
-                    raise Exception(f"Unexpected OPTIONS response: {response}")
-                return response.decode()
-            except Exception:
-                self.successful_connection = False
-                try:
-                    self.socket.close()
-                except Exception:
-                    pass
-                self.socket = None
-                if i == (self.number_of_retries-1):
-                    raise
-
-        raise Exception("Icap server refused to respond.")
-
-    @staticmethod
-    def chunk_encode(data):
-        chunk_size = 8160
-        out = b""
-        offset = 0
-        while len(data) < offset * chunk_size:
-            out += "1FEO\r\n"
-            out += data[offset * chunk_size:(offset + 1) * chunk_size]
-            out += "\r\n"
-            offset += 1
-
-        out += b"%X\r\n" % len(data[offset * chunk_size:])
-        out += data[offset * chunk_size:]
-        out += b"\r\n0\r\n\r\n"
-
-        return out
-
-    def _do_respmod(self, filename, data):
-        encoded = self.chunk_encode(data)
-
-        # ICAP RESPMOD req-hdr is the start of the original HTTP request.
-        respmod_req_hdr = "GET /{FILENAME} HTTP/1.1\r\n\r\n".format(FILENAME=safe_str(filename))
-
-        # ICAP RESPMOD res-hdr is the start of the HTTP response for above request.
-        respmod_res_hdr = (
-            "HTTP/1.1 200 OK\r\n"
-            "Transfer-Encoding: chunked\r\n\r\n")
-
-        res_hdr_offset = len(respmod_req_hdr)
-        res_bdy_offset = len(respmod_res_hdr) + res_hdr_offset
-
-        # The ICAP RESPMOD header. Note:
-        # res-hdr offset should match the start of the GET request above.
-        # res-body offset should match the start of the response above.
-
-        respmod_icap_hdr = (
-            f"RESPMOD icap://{self.host}:{self.port}/{self.service}{self.action} ICAP/1.0\r\n"
-            f"Host: {self.host}:{self.port}\r\n"
-            "Allow: 204\r\n"
-            f"Encapsulated: req-hdr=0, res-hdr={res_hdr_offset}, res-body={res_bdy_offset}\r\n\r\n"
-        )
-
-        serialized_request = b"%s%s%s%s" % (respmod_icap_hdr.encode(), respmod_req_hdr.encode(),
-                                            respmod_res_hdr.encode(), encoded)
-
-        for i in range(self.number_of_retries):
-            if self.kill:
-                self.kill = False
-                return
-            try:
-                if not self.socket:
-                    self.socket = socket.create_connection((self.host, self.port), timeout=self.timeout)
-                    self.successful_connection = True
-                self.socket.sendall(serialized_request)
-                response = temp_resp = self.socket.recv(self.RESP_CHUNK_SIZE)
-                while len(temp_resp) == self.RESP_CHUNK_SIZE:
-                    temp_resp = self.socket.recv(self.RESP_CHUNK_SIZE)
-                    response += temp_resp
-
-                return response.decode()
-            except Exception:
-                self.successful_connection = False
-                try:
-                    self.socket.close()
-                except Exception:
-                    pass
-                self.socket = None
-                if i == (self.number_of_retries-1):
-                    raise
-
-        raise Exception("Icap server refused to respond.")
-
-    def close(self):
-        self.kill = True
-        try:
-            self.socket.close()
-        except Exception:
-            pass
diff --git a/assemblyline_v4_service/common/keytool_parse.py b/assemblyline_v4_service/common/keytool_parse.py
deleted file mode 100644
index 29b6bdd9..00000000
--- a/assemblyline_v4_service/common/keytool_parse.py
+++ /dev/null
@@ -1,66 +0,0 @@
-from re import split
-from subprocess import Popen, PIPE
-from assemblyline.common.str_utils import safe_str
-from typing import List
-
-
-class Certificate():
-    def __init__(self):
-        self.raw = ""
-        self.issuer = ""
-        self.owner = ""
-        self.country = ""
-        self.valid_from = ""
-        self.valid_to = ""
-
-
-def keytool_printcert(cert_path: str) -> None:
-    """
-    This function runs the 'keytool -printcert' command against a provided file
-
-    :param cert_path: A path to a certificate
-    :return: the string output of 'keytool -printcert' or None
-    """
-    stdout, _ = Popen(["keytool", "-printcert", "-file", cert_path],
-                      stderr=PIPE, stdout=PIPE).communicate()
-    stdout = safe_str(stdout)
-
-    if stdout and "keytool error" not in stdout:
-        return stdout
-
-    return None
-
-
-def certificate_chain_from_printcert(printcert: str) -> List[Certificate]:
-    """
-    This function parses the output of 'keytool -printcert' and creates a list of Certificate objects.
-    The input to this function is the output of keytool_printcert
-
-    :param printcert: the string output of 'keytool -printcert'
-    :return: a list of the parsed out certificates. If only one certificate
-             is present and not a chain, then the list will have one element.
-    """
-    certs: List[Certificate] = []
-
-    for cert_str in split(r'Certificate\[\d+\]:', printcert):  # split printcert output in case of certificate chain
-        if cert_str == '':
-            continue
-        cert = Certificate()
-        cert.raw = cert_str.strip()
-        for line in cert_str.splitlines():
-            if "Owner:" in line:
-                cert.owner = line.split(": ", 1)[1]
-                country = cert.owner.split("C=")
-                if len(country) != 1:
-                    cert.country = country[1]
-
-            elif "Issuer:" in line:
-                cert.issuer = line.split(": ", 1)[1]
-
-            elif "Valid from:" in line:
-                cert.valid_from = line.split(": ", 1)[1].split(" until:")[0]
-                cert.valid_to = line.rsplit(": ", 1)[1]
-
-        certs.append(cert)
-
-    return certs
diff --git a/assemblyline_v4_service/common/ontology_helper.py b/assemblyline_v4_service/common/ontology_helper.py
deleted file mode 100644
index 0967531d..00000000
--- a/assemblyline_v4_service/common/ontology_helper.py
+++ /dev/null
@@ -1,187 +0,0 @@
-from assemblyline.common import forge
-from assemblyline.common.dict_utils import flatten, unflatten, get_dict_fingerprint_hash
-from assemblyline.odm.base import Model, construct_safe
-from assemblyline.odm.models.ontology import ODM_VERSION
-from assemblyline.odm.models.ontology.results import NetworkConnection
-from assemblyline.odm.models.ontology.filetypes import PE
-from assemblyline.odm.models.tagging import Tagging
-from assemblyline_v4_service.common import helper
-
-from collections import defaultdict
-from typing import Dict
-
-import json
-import os
-
-ONTOLOGY_FILETYPE_MODELS = [PE]
-ONTOLOGY_CLASS_TO_FIELD = {
-    NetworkConnection: "netflow"
-}
-
-Classification = forge.get_classification()
-
-
-class OntologyHelper:
-    def __init__(self, logger, service_name) -> None:
-        self.log = logger
-        self._file_info = dict()
-        self._result_parts: Dict[str, Model] = dict()
-        self.results = defaultdict(list)
-        self.service = service_name
-
-    def add_file_part(self, model: Model, data: Dict) -> None:
-        if not data:
-            return None
-
-        # Unlike result parts, there should only be one file part per type
-        if model in ONTOLOGY_FILETYPE_MODELS:
-            self._file_info[model.__name__.lower()] = model(data)
-
-    def add_result_part(self, model: Model, data: Dict) -> str:
-        if not data:
-            self.log.warning(f'No data given to apply to model {model.__name__}')
-            return None
-
-        if not data.get('objectid'):
-            data['objectid'] = {}
-
-        oid = data['objectid'].get('ontology_id')
-        tag = data['objectid'].get('tag')
-
-        # Generate ID based on data and add reference to collection, prefix with model type
-        # Some models have a deterministic way of generating IDs using the data given
-        if not oid:
-            oid = model.get_oid(data) if hasattr(model, 'get_oid') else \
-                f"{model.__name__.lower()}_{get_dict_fingerprint_hash(data)}"
-        if not tag:
-            tag = model.get_tag(data) if hasattr(model, 'get_tag') else None
-
-        data['objectid']['tag'] = tag
-        data['objectid']['ontology_id'] = oid
-        data['objectid']['service_name'] = self.service
-
-        try:
-            self._result_parts[oid] = model(data)
-        except Exception as e:
-            self.log.error(f'Problem applying data to given model: {e}')
-            self.log.debug(data)
-            oid = None
-        finally:
-            return oid
-
-    def attach_parts(self, ontology: Dict) -> None:
-        ontology['file'].update({k: v.as_primitives(strip_null=True) for k, v in self._file_info.items()})
-
-        # If result section wasn't explicitly defined by service writer, use what we know
-        if not self.results:
-            for v in self._result_parts.values():
-                # Some Ontology classes map to certain fields in the ontology that don't share the same name
-                field = ONTOLOGY_CLASS_TO_FIELD.get(v.__class__, v.__class__.__name__.lower())
-                self.results[field].append(v.as_primitives(strip_null=True))
-
-        ontology['results'].update(self.results)
-
-    def _attach_ontology(self, request, working_dir) -> str:
-        # Get heuristics of service
-        heuristics = helper.get_heuristics()
-
-        def preprocess_result_for_dump(sections, current_max, heur_tag_map, tag_map):
-            for section in sections:
-                # Determine max classification of the overall result
-                current_max = Classification.max_classification(section.classification, current_max)
-
-                # Cleanup invalid tagging from service results
-                def validate_tags(tag_map):
-                    tag_map, _ = construct_safe(Tagging, unflatten(tag_map))
-                    tag_map = flatten(tag_map.as_primitives(strip_null=True))
-                    return tag_map
-
-                # Merge tags
-                def merge_tags(tag_a, tag_b):
-                    if not tag_a:
-                        return tag_b
-
-                    elif not tag_b:
-                        return tag_a
-
-                    all_keys = list(tag_a.keys()) + list(tag_b.keys())
-                    return {key: list(set(tag_a.get(key, []) + tag_b.get(key, []))) for key in all_keys}
-
-                # Append tags raised by the service, if any
-                section_tags = validate_tags(section.tags)
-                if section_tags:
-                    tag_map = merge_tags(tag_map, section_tags)
-
-                # Append tags associated to heuristics raised by the service, if any
-                if section.heuristic:
-                    heur = heuristics[section.heuristic.heur_id]
-                    key = f'{request.task.service_name.upper()}_{heur.heur_id}'
-                    heur_tag_map[key].update({
-                        "heur_id": key,
-                        "name": heur.name,
-                        "tags": merge_tags(heur_tag_map[key]["tags"], section_tags) if section_tags else {},
-                        "score": heur.score,
-                        "times_raised": heur_tag_map[key]["times_raised"] + 1
-                    })
-
-                # Recurse through subsections
-                if section.subsections:
-                    current_max, heur_tag_map, tag_map = preprocess_result_for_dump(
-                        section.subsections, current_max, heur_tag_map, tag_map)
-
-            return current_max, heur_tag_map, tag_map
-
-        if not request.result or not request.result.sections:
-            # No service results, therefore no ontological output
-            return
-
-        max_result_classification, heur_tag_map, tag_map = preprocess_result_for_dump(
-            sections=request.result.sections,
-            current_max=Classification.max_classification(request.task.min_classification,
-                                                          request.task.service_default_result_classification),
-            heur_tag_map=defaultdict(lambda: {"tags": dict(), "times_raised": int()}),
-            tag_map=defaultdict(list))
-
-        if not tag_map and not self._result_parts:
-            # No tagging or ontologies found, therefore informational results
-            return
-
-        ontology = {
-            'odm_type': 'Assemblyline Result Ontology',
-            'odm_version': ODM_VERSION,
-            "classification": max_result_classification,
-            "file": {
-                'md5': request.md5,
-                'sha1': request.sha1,
-                'sha256': request.sha256,
-                'type': request.file_type,
-                'size': request.file_size,
-                'names': [request.file_name] if request.file_name else []
-            },
-            "service": {
-                'name': request.task.service_name,
-                'version': request.task.service_version,
-                'tool_version': request.task.service_tool_version,
-            },
-            "results": {
-                "tags": tag_map,
-                "heuristics": list(heur_tag_map.values())
-            }
-        }
-
-        self.attach_parts(ontology)
-
-        # Include Ontological data
-        ontology_suffix = f"{request.sha256}.ontology"
-        ontology_path = os.path.join(working_dir, ontology_suffix)
-        with open(ontology_path, 'w') as f:
-            f.write(json.dumps(ontology))
-        attachment_name = f'{request.task.service_name}_{ontology_suffix}'.lower()
-        request.add_supplementary(path=ontology_path, name=attachment_name,
-                                  description=f"Result Ontology from {request.task.service_name}",
-                                  classification=max_result_classification)
-
-    def reset(self) -> None:
-        self._file_info = {}
-        self._result_parts = {}
-        self.results = defaultdict(list)
diff --git a/assemblyline_v4_service/common/pestudio/__init__.py b/assemblyline_v4_service/common/pestudio/__init__.py
deleted file mode 100644
index e69de29b..00000000
diff --git a/assemblyline_v4_service/common/pestudio/xml/__init__.py b/assemblyline_v4_service/common/pestudio/xml/__init__.py
deleted file mode 100644
index e69de29b..00000000
diff --git a/assemblyline_v4_service/common/pestudio/xml/features.xml b/assemblyline_v4_service/common/pestudio/xml/features.xml
deleted file mode 100644
index e733d93f..00000000
--- a/assemblyline_v4_service/common/pestudio/xml/features.xml
+++ /dev/null
@@ -1,5607 +0,0 @@
-<xml version="1.0" encoding="utf-8">
-  <!-- 
-  features.xml is part of the pestudio (www.winitor.com)
-  It contains the features as to be shown at the frontend and XML report file.
--->
-
-  <features>
-
-    <feature id="3001" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>VBoxService.exe</fct>
-            <fct>Safengine Shielden v2.3.0.0</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3108" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>AntiVirtualBox</fct>
-            <fct>AntiVmWare</fct>
-            <fct>AntiVirtualPC</fct>
-            <fct>AntiMalwarebytes</fct>
-            <fct>AntiOllydbg</fct>
-            <fct>AntiWireshark</fct>
-            <fct>antiSpyware</fct>
-            <fct>Anti-Virus</fct>
-            <fct>avast!</fct>
-            <fct>AntiVir</fct>
-            <fct>Inspection</fct>
-            <fct>Malware</fct>
-            <fct>Kaspersky</fct>
-            <fct>BitDefender</fct>
-            <fct>Dr.Web</fct>
-            <fct>Kaspersky Antivirus</fct>
-            <fct>Nod32 Antivirus 2.x</fct>
-            <fct>Ewido Security Suite</fct>
-            <fct>McAfee VirusScan</fct>
-            <fct>Panda Antivirus/Firewall</fct>
-            <fct>Symantec/Norton</fct>
-            <fct>PC-cillin Antivirus</fct>
-            <fct>F-Secure</fct>
-            <fct>Kingsoft ShaDu</fct>
-            <fct>NOD32 Antivirus</fct>
-            <fct>Rising Antivirus</fct>
-            <fct>Jiangmin Antivirus</fct>
-            <fct>360 ShaDu</fct>
-            <fct>360 Safe</fct>
-            <fct>Norton Personal Firewall</fct>
-            <fct>ZoneAlarm</fct>
-            <fct>Comodo Firewall</fct>
-            <fct>eTrust EZ Firewall</fct>
-            <fct>F-Secure Internet Security</fct>
-            <fct>McAfee Personal Firewall</fct>
-            <fct>Outpost Personal Firewall</fct>
-            <fct>Panda Internet Seciruty Suite</fct>
-            <fct>Panda Anti-Virus/Firewall</fct>
-            <fct>BitDefnder/Bull Guard Antivirus</fct>
-            <fct>Rising Firewall</fct>
-            <fct>360Safe AntiArp</fct>
-            <fct>Kingsoft Safe</fct>
-            <fct>avguard.exe</fct>
-            <fct>avgnt.exe</fct>
-            <fct>avcenter.exe</fct>
-            <fct>avconfig.exe</fct>
-            <fct>SELECT * FROM AntiVirusProduct</fct>
-            <fct>avira</fct>
-            <fct>avast</fct>
-            <fct>kaspersky</fct>
-            <fct>mcafee</fct>
-            <fct>symantec</fct>
-            <fct>norton</fct>
-            <fct>defender</fct>
-            <fct>bitdefender</fct>
-            <fct>threatexpert</fct>
-            <fct>emsisoft</fct>
-            <fct>rising</fct>
-            <fct>pctools</fct>
-            <fct>norman</fct>
-            <fct>k7computing</fct>
-            <fct>ikarus</fct>
-            <fct>hacksoft</fct>
-            <fct>gdata</fct>
-            <fct>fortinet</fct>
-            <fct>ewido</fct>
-            <fct>clamav</fct>
-            <fct>comodo</fct>
-            <fct>quickheal</fct>
-            <fct>avira</fct>
-            <fct>avast</fct>
-            <fct>esafe</fct>
-            <fct>ahnlab</fct>
-            <fct>centralcommand</fct>
-            <fct>drweb</fct>
-            <fct>grisoft</fct>
-            <fct>nod32</fct>
-            <fct>f-prot</fct>
-            <fct>jotti</fct>
-            <fct>computerassociates</fct>
-            <fct>networkassociates</fct>
-            <fct>etrust</fct>
-            <fct>panda</fct>
-            <fct>sophos</fct>
-            <fct>trendmicro</fct>
-            <fct>defender</fct>
-            <fct>rootkit</fct>
-            <fct>spyware</fct>
-            <fct>Kaspersky</fct>
-            <fct>BitDefender</fct>
-            <fct>Dr.Web</fct>
-            <fct>Kaspersky Antivirus</fct>
-            <fct>Nod32 Antivirus 2.x</fct>
-            <fct>Ewido Security Suite</fct>
-            <fct>McAfee VirusScan</fct>
-            <fct>Panda Antivirus/Firewall</fct>
-            <fct>Symantec/Norton</fct>
-            <fct>PC-cillin Antivirus</fct>
-            <fct>F-Secure</fct>
-            <fct>Kingsoft ShaDu</fct>
-            <fct>NOD32 Antivirus</fct>
-            <fct>Rising Antivirus</fct>
-            <fct>Jiangmin Antivirus</fct>
-            <fct>360 ShaDu</fct>
-            <fct>360 Safe</fct>
-            <fct>McAfee AV</fct>
-            <fct>Bitdefender AV</fct>
-            <fct>Norton Symantec AV</fct>
-            <fct>F-Secure AV</fct>
-            <fct>AhnLab V3 Internet Security 8</fct>
-            <fct>Avast AntiVirus</fct>
-            <fct>Avira Antivirus</fct>
-            <fct>Eset Nod32 Scanner</fct>
-            <fct>F-Secure Gatekeeper Handler Starter</fct>
-            <fct>F-Secure Recognizer</fct>
-            <fct>F-Secure HIPS</fct>
-            <fct>F-Secure Gatekeeper</fct>
-            <fct>F-Secure Filter</fct>
-            <fct>WinDefend</fct>
-            <fct>OutpostFirewall</fct>
-            <fct>McAfee Framework Service</fct>
-            <fct>Panda Antivirus</fct>
-            <fct>ZoneAlarm Client</fct>
-            <fct>Zone Labs Client</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3000" text="">
-      <libs>
-        <lib name="winscard.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-        <lib name="scarddlg.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3002" text="">
-      <libs>
-        <lib name="wtsapi32.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3003" text="">
-      <libs>
-        <lib name="pstorec.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <!--<feature id="3" text="The file enumerates the Internet Explorer cache">
-			<libs>
-				<lib name="wininet.dll">
-					<fcts>
-						<fct>FindFirstUrlCacheEntry</fct>
-						<fct>FindNextUrlCacheEntry</fct>
-						<fct>FindCloseUrlCache</fct>
-					</fcts>
-				</lib>
-			</libs>
-		</feature>-->
-
-    <feature id="3005" text="">
-      <libs>
-        <lib name="ntdll.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-      
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>ZwQueryInformationProcess</fct>
-            <fct>ZwQuerySystemInformation</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3007" text="">
-    </feature>
-
-    <feature id="3008" text="">
-      <libs>
-        <lib name="cabinet.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-
-        <lib name="shell32.dll">
-          <fcts>
-            <fct>WriteCabinetState</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3009" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3010" text="">
-      <libs>
-        <lib name="wldap32.dll">
-          <fcts>
-          </fcts>
-        </lib>
-
-        <lib name="winrnr.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3011" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v</fct>
-            <fct>RegDelete</fct>
-          </fcts>
-        </lib>
-
-        <lib name="ntdll.dll">
-          <fcts>
-            <fct>RtlCreateRegistryKey</fct>
-            <fct>RtlWriteRegistryValue</fct>
-          </fcts>
-        </lib>
-
-        <lib name="ntoskrnl.exe">
-          <fcts>
-            <fct>ZwDeleteKey</fct>
-            <fct>ZwCreateKey</fct>
-            <fct>ZwFlushKey</fct>
-            <fct>ZwSetValueKey</fct>
-          </fcts>
-        </lib>
-
-        <lib name="advapi32.dll">
-          <fcts>
-            <fct>RegCreateKey</fct>
-            <fct>RegCreateKeyEx</fct>
-            <fct>RegCreateKeyTransacted</fct>
-            <fct>RegDeleteKey</fct>
-            <fct>RegDeleteKeyEx</fct>
-            <fct>RegDeleteKeyTransacted</fct>
-            <fct>RegDeleteValue</fct>
-            <fct>RegSetKeySecurity</fct>
-            <fct>RegSetKeyValue</fct>
-            <fct>RegSetValue</fct>
-            <fct>RegSetValueEx</fct>
-            <fct>RegFlushKey</fct>
-            <fct>RegCopyTree</fct>
-            <fct>RegSaveKey</fct>
-          </fcts>
-        </lib>
-
-        <lib name="shlwapi.dll">
-          <fcts>
-            <fct>SHDeleteKey</fct>
-            <fct>SHDeleteValue</fct>
-            <fct>SHDeleteEmptyKey</fct>
-          </fcts>
-        </lib>
-      </libs>
-
-      <lib name="atl80.dll">
-        <fcts>
-          <fct>AtlComModuleRegisterServer</fct>
-          <fct>AtlComModuleUnregisterServer</fct>
-          <fct>AtlUpdateRegistryFromResourceD</fct>
-        </fcts>
-      </lib>
-    </feature>
-
-    <feature id="3012" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3013" text="">
-      <libs>
-
-        <lib name="ole32.dll">
-          <fcts>
-            <fct>OleIsCurrentClipboard</fct>
-          </fcts>
-        </lib>
-
-        <lib name="">
-          <fcts>
-            <fct>AddClipboardFormatListener</fct>
-            <fct>ChangeClipboardChain</fct>
-            <fct>CloseClipboard</fct>
-            <fct>CountClipboardFormats</fct>
-            <fct>EmptyClipboard</fct>
-            <fct>EnumClipboardFormats</fct>
-            <fct>GetClipboardData</fct>
-            <fct>GetClipboardFormatName</fct>
-            <fct>GetClipboardOwner</fct>
-            <fct>GetClipboardSequenceNumber</fct>
-            <fct>GetClipboardViewer</fct>
-            <fct>GetOpenClipboardWindow</fct>
-            <fct>GetPriorityClipboardFormat</fct>
-            <fct>GetUpdatedClipboardFormats</fct>
-            <fct>IsClipboardFormatAvailable</fct>
-            <fct>OpenClipboard</fct>
-            <fct>RegisterClipboardFormat</fct>
-            <fct>RemoveClipboardFormatListener</fct>
-            <fct>SetClipboardData</fct>
-            <fct>SetClipboardViewer</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3014" text="The file references the installation of Hook">
-      <libs>
-        <lib name="user32.dll">
-          <fcts>
-            <fct>CallMsgFilter</fct>
-            <fct>CallNextHookEx</fct>
-            <fct>SetWindowsHook</fct>
-            <fct>SetWindowsHookW</fct>
-            <fct>SetWindowsHookEx</fct>
-            <fct>UnhookWindowsHook</fct>
-            <fct>UnhookWindowsHookEx</fct>
-            <fct>SetWinEventHook</fct>
-            <fct>RegisterUserApiHook</fct>
-            <fct>UnregisterUserApiHook</fct>
-            <fct>DeregisterShellHookWindow</fct>
-            <fct>RegisterShellHookWindow</fct>
-            <fct>UnhookWinEvent</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3015" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>S:(ML;;NRNWNX;;;LW)</fct>
-            <fct>S:(ML;;NRNWNX;;;LW)</fct>
-            <fct>S:(ML;CIOI;NRNWNX;;;LW)</fct>
-            <fct>S:(ML;CIOI;NRNWNX;;;LW)</fct>
-            <fct>S:(ML;;NW;;;LW)</fct>
-            <fct>D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GA;;;AU)(A;OICI;GA;;;BA)</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3016" text="The file references the Service Control Manager (SCM)">
-      <libs>
-        <lib name="advapi32.dll">
-          <fcts>
-            <fct>StartServiceCtrlDispatcher</fct>
-            <fct>RegisterServiceCtrlHandler</fct>
-            <fct>QueryServiceStatus</fct>
-            <fct>OpenService</fct>
-            <fct>OpenSCManager</fct>
-            <fct>DeleteService</fct>
-            <fct>EnumDependentServices</fct>
-            <fct>CreateService</fct>
-            <fct>ControlService</fct>
-            <fct>CloseServiceHandle</fct>
-            <fct>ChangeServiceConfig2</fct>
-            <fct>GetServiceDisplayName</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <!--
-		<feature id="3017" text="The file uses Regular Expressions (Regex)">
-			<libs>
-				<lib name="">
-					<fcts>
-					</fcts>
-				</lib>
-			</libs>
-		</feature>
-		-->
-
-    <feature id="3018" text="">
-      <libs>
-        <lib name="query.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3020" text="">
-      <libs>
-        <lib name="dwmapi.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-
-        <lib name="user32.dll">
-          <fcts>
-            <fct>GetDesktopWindow</fct>
-            <fct>CreateDesktop</fct>
-            <fct>SetThreadDesktop</fct>
-            <fct>CreateDesktopEx</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3021" text="">
-      <libs>
-        <lib name="mprapi.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3022" text="">
-      <libs>
-        <lib name="mapi32.dll">
-          <fcts>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3023" text="">
-      <libs>
-        <lib name="msident.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3024" text="">
-      <libs>
-        <lib name="ws2_32.dll">
-          <fcts>
-            <fct>WSARecvMsg</fct>
-            <fct>WSARecvEx</fct>
-            <fct>WSARecv</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3025" text="">
-      <libs>
-        <lib name="iphlpapi.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3026" text="">
-      <libs>
-        <lib name="kernel32.dll">
-          <fcts>
-            <fct>LoadLibrary</fct>
-            <fct>LoadLibraryEx</fct>
-            <fct>GetProcAddress</fct>
-          </fcts>
-        </lib>
-
-        <lib name="ntdll.dll">
-          <fcts>
-            <fct>LdrLoadDll</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3027" text="">
-      <libs>
-        <lib name="shell32.dll">
-          <fcts>
-            <fct>ShellExecute</fct>
-            <fct>ShellExecuteEx</fct>
-            <fct>WOWShellExecute</fct>
-          </fcts>
-        </lib>
-
-        <lib name="msvcrt.dll">
-          <fcts>
-            <fct>_wexecve</fct>
-            <fct>_execve</fct>
-            <fct>_execlpe</fct>
-          </fcts>
-        </lib>
-
-        <lib name="kernel32.dll">
-          <fcts>
-            <fct>LoadModule</fct>
-            <fct>CreateProcess</fct>
-            <fct>CreateProcessWithLogon</fct>
-            <fct>WinExec</fct>
-            <fct>RealShellExecute</fct>
-            <fct>RealShellExecuteEx</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3028" text="">
-      <libs>
-        <lib name="wdigest.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3029" text="">
-      <libs>
-        <lib name="bcrypt.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3030" text="The file connects to the Local Security Authority Server">
-      <libs>
-        <lib name="lsasrv.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3031" text="">
-      <libs>
-        <lib name="lsass.exe">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3032" text="">
-      <libs>
-        <lib name="urlmon.dll">
-          <fcts>
-            <fct>CoInternetCreateZoneManager</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3033" text="">
-      <libs>
-        <lib name="credui.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3034" text="">
-      <libs>
-        <lib name="setupapi.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3035" text="">
-      <libs>
-        <lib name="crypt32.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3036" text="">
-      <libs>
-        <lib name="dbghelp.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3037" text="">
-      <libs>
-        <lib name="iphlpapi.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3038" text="">
-      <libs>
-        <lib name="powrprof.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3039" text="">
-      <libs>
-        <lib name="mpr.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3040" text="">
-      <libs>
-        <lib name="wininet.dll">
-          <fcts>
-            <fct>FtpDeleteFile</fct>
-            <fct>FtpCommand</fct>
-            <fct>FtpCreateDirectory</fct>
-            <fct>FtpFindFirstFile</fct>
-            <fct>FtpGetCurrentDirectory</fct>
-            <fct>FtpGetFile</fct>
-            <fct>FtpGetFileSize</fct>
-            <fct>FtpOpenFile</fct>
-            <fct>FtpPutFile</fct>
-            <fct>FtpRemoveDirectory</fct>
-            <fct>FtpRenameFile</fct>
-            <fct>FtpSetCurrentDirectory</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3041" text="">
-      <libs>
-        <lib name="advapi32.dll">
-          <fcts>
-            <fct>CredEnumerate</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3043" text="">
-      <libs>
-        <lib name="kernel32.dll">
-          <fcts>
-            <fct>FindNextFile</fct>
-            <fct>FindFirstFile</fct>
-            <fct>FindFirstFileEx</fct>
-            <fct>FindFirstFileTransacted</fct>
-            <fct>FindFirstFileNameTransacted</fct>
-            <fct>FindFirstFileName</fct>
-            <fct>FindNextFileName</fct>
-            <fct>FindNextStream</fct>
-            <fct>FindFirstStream</fct>
-            <fct>FindClose</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3044" text="">
-      <libs>
-        <lib name="kernel32.dll">
-          <fcts>
-            <fct>BackupRead</fct>
-            <fct>BackupSeek</fct>
-            <fct>BackupWrite</fct>
-            <fct>CreateTapePartition</fct>
-            <fct>EraseTape</fct>
-            <fct>GetTapeParameters</fct>
-            <fct>GetTapePosition</fct>
-            <fct>GetTapeStatus</fct>
-            <fct>PrepareTape</fct>
-            <fct>SetTapeParameters</fct>
-            <fct>SetTapePosition</fct>
-            <fct>WriteTapemark</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3046" text="">
-      <libs>
-        <lib name="kernel32.dll">
-          <fcts>
-            <fct>CopyFile</fct>
-            <fct>CopyFileEx</fct>
-            <fct>DeleteFile</fct>
-            <fct>WriteFile</fct>
-            <fct>WriteFileGather</fct>
-            <fct>WriteFileEx</fct>
-            <fct>FlushFileBuffers</fct>
-            <fct>MoveFile</fct>
-            <fct>MoveFileEx</fct>
-            <fct>MoveFileWithProgress</fct>
-            <fct>MoveFileTransacted</fct>
-            <fct>ReplaceFile</fct>
-            <fct>CreateDirectory</fct>
-            <fct>CreateDirectoryEx</fct>
-          </fcts>
-        </lib>
-
-        <lib name="ntdll.dll">
-          <fcts>
-            <fct>NtDeleteFile</fct>
-            <fct>NtWriteFile</fct>
-          </fcts>
-        </lib>
-
-        <lib name="ntoskrnl.exe">
-          <fcts>
-            <fct>ZwDeleteFile</fct>
-            <fct>ZwCreateFile</fct>
-            <fct>IoCreateFile</fct>
-            <fct>ZwWriteFile</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3047" text="">
-      <libs>
-        <lib name="rasapi32.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3048" text="">
-      <libs>
-        <lib name="pdh.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3049" text="">
-      <libs>
-        <lib name="kernel32.dll">
-          <fcts>
-            <fct>OpenEvent</fct>
-            <fct>SetEvent</fct>
-            <fct>ResetEvent</fct>
-            <fct>SaferRecordEventLogEntry</fct>
-          </fcts>
-        </lib>
-
-        <lib name="advapi32.dll">
-          <fcts>
-            <fct>BackupEventLog</fct>
-            <fct>ClearEventLog</fct>
-            <fct>CloseEventLog</fct>
-            <fct>DeregisterEventSource</fct>
-            <fct>GetEventLogInformation</fct>
-            <fct>GetNumberOfEventLogRecords</fct>
-            <fct>GetOldestEventLogRecord</fct>
-            <fct>NotifyChangeEventLog</fct>
-            <fct>OpenBackupEventLog</fct>
-            <fct>OpenEventLog</fct>
-            <fct>ReadEventLog</fct>
-            <fct>RegisterEventSource</fct>
-            <fct>ReportEvent</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <!--<feature id="3050" text="">
-      <libs>
-        <lib name="kernel32.dll">
-          <fcts>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>-->
-
-    <feature id="3051" text="">
-      <libs>
-        <lib name="hhctrl.ocx">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-
-    <feature id="3052" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>EnumProcesses</fct>
-            <fct>EnumProcessModules</fct>
-            <fct>PsLookupProcessByProcessId</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3053" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>CallNamedPipe</fct>
-            <fct>ConnectNamedPipe</fct>
-            <fct>CreateNamedPipe</fct>
-            <fct>DisconnectNamedPipe</fct>
-            <fct>GetNamedPipeClientComputerName</fct>
-            <fct>GetNamedPipeClientProcessId</fct>
-            <fct>GetNamedPipeClientSessionId</fct>
-            <fct>GetNamedPipeHandleState</fct>
-            <fct>GetNamedPipeInfo</fct>
-            <fct>GetNamedPipeServerProcessId</fct>
-            <fct>GetNamedPipeServerSessionId</fct>
-            <fct>ImpersonateNamedPipeClient</fct>
-            <fct>PeekNamedPipe</fct>
-            <fct>SetNamedPipeHandleState</fct>
-            <fct>TransactNamedPipe</fct>
-            <fct>WaitNamedPipe</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3054" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>FlushConsoleInputBuffer</fct>
-            <fct>ReadConsoleOutputCharacter</fct>
-            <fct>AttachConsole</fct>
-            <fct>SetConsoleMode</fct>
-            <fct>AddConsoleAlias</fct>
-            <fct>WriteConsoleOutput</fct>
-            <fct>WriteConsole</fct>
-            <fct>ReadConsoleInput</fct>
-            <fct>AllocConsole</fct>
-            <fct>FreeConsole</fct>
-            <fct>GenerateConsoleCtrlEvent</fct>
-            <fct>SetConsoleCtrlHandler</fct>
-            <fct>GetConsoleTitle</fct>
-            <fct>FillConsoleOutputCharacter</fct>
-            <fct>CloseConsoleHandle</fct>
-            <fct>ConsoleSubst</fct>
-            <fct>ExpungeConsoleCommandHistory</fct>
-            <fct>GetConsoleAlias</fct>
-            <fct>GetConsoleAliasExes</fct>
-            <fct>GetConsoleAliasExesLength</fct>
-            <fct>GetConsoleAliases</fct>
-            <fct>GetConsoleAliasesLength</fct>
-            <fct>GetConsoleCommandHistory</fct>
-            <fct>GetConsoleCommandHistoryLength</fct>
-            <fct>GetConsoleDisplayMode</fct>
-            <fct>GetConsoleFontInfo</fct>
-            <fct>GetConsoleFontSize</fct>
-            <fct>GetConsoleHardwareState</fct>
-            <fct>GetConsoleInputWaitHandle</fct>
-            <fct>GetCurrentConsoleFont</fct>
-            <fct>GetNumberOfConsoleFonts</fct>
-            <fct>InvalidateConsoleDIBits</fct>
-            <fct>OpenConsole</fct>
-            <fct>SetConsoleCursor</fct>
-            <fct>SetConsoleDisplayMode</fct>
-            <fct>SetConsoleFont</fct>
-            <fct>SetConsoleHardwareState</fct>
-            <fct>SetConsoleKeyShortcuts</fct>
-            <fct>SetConsoleMaximumWindowSize</fct>
-            <fct>SetConsoleMenuClose</fct>
-            <fct>SetConsoleNumberOfCommands</fct>
-            <fct>SetConsolePalette</fct>
-            <fct>SetLastConsoleEventActive</fct>
-            <fct>ShowConsoleCursor</fct>
-            <fct>VerifyConsoleIoHandle</fct>
-            <fct>DuplicateConsoleHandle</fct>
-            <fct>GetConsoleInputExeName</fct>
-            <fct>GetConsoleKeyboardLayoutName</fct>
-            <fct>ReadConsoleInputEx</fct>
-            <fct>SetConsoleIcon</fct>
-            <fct>SetConsoleInputExeName</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3055" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>at.exe</fct>
-            <fct>taskschd.msc</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3056" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>__EventConsumer</fct>
-            <fct>__EventFilter</fct>
-            <fct>__FilterToConsumerBinding</fct>
-            <fct>__TimerInstruction</fct>
-            <fct>root/cimv2</fct>
-            <fct>WbemScripting.SWbemLocator</fct>
-            <fct>SELECT * FROM</fct>
-            <fct>SELECT * FROM Win32_BaseBoard</fct>
-            <fct>SELECT * FROM Win32_OperatingSystem</fct>
-            <fct>SELECT * FROM Win32_Processor</fct>
-            <fct>SELECT * FROM Win32_Process</fct>
-            <fct>SELECT * FROM Win32_TimeZone</fct>
-            <fct>select * from msft_providers</fct>
-            <fct>select * from __win32provider where Name = </fct>
-            <fct>select * from msft_providers</fct>
-            <fct>select * from msft_providers where HostProcessIdentifier =</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3058" text="">
-      <libs>
-        <lib name="kernel32.dll">
-          <fcts>
-            <fct>SetDllDirectory</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3059" text="">
-      <libs>
-        <lib name="winspool.drv">
-          <fcts>
-            <fct>AddPrintProcessor</fct>
-            <fct>DeletePrintProcessor</fct>
-            <fct>GetPrintProcessorDirectory</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3060" text="">
-      <libs>
-        <lib name="user32.dll">
-          <fcts>
-            <fct>RegisterClipboardFormat</fct>
-            <fct>PackDDElParam</fct>
-            <fct>UnpackDDElParam</fct>
-            <fct>FreeDDElParam</fct>
-            <fct>DdeGetLastError</fct>
-            <fct>DdeFreeStringHandle</fct>
-            <fct>DdeQueryString</fct>
-            <fct>DdeCreateStringHandle</fct>
-            <fct>DdeCreateDataHandle</fct>
-            <fct>DdePostAdvise</fct>
-            <fct>DdeGetData</fct>
-            <fct>DdeFreeDataHandle</fct>
-            <fct>DdeClientTransaction</fct>
-            <fct>DdeDisconnect</fct>
-            <fct>DdeConnect</fct>
-            <fct>DdeNameService</fct>
-            <fct>DdeUninitialize</fct>
-            <fct>DdeInitialize</fct>
-          </fcts>
-        </lib>
-
-        <lib name="ntdll.dll">
-          <fcts>
-            <fct>NtAddAtom</fct>
-          </fcts>
-        </lib>
-      </libs>
-
-      <lib name="kernel32.dll">
-        <fcts>
-          <fct>AddAtom</fct>
-          <fct>DeleteAtom</fct>
-          <fct>FindAtom</fct>
-          <fct>GetAtomName</fct>
-          <fct>GlobalAddAtom</fct>
-          <fct>GlobalDeleteAtom</fct>
-          <fct>GlobalFindAtom</fct>
-          <fct>GlobalGetAtomName</fct>
-          <fct>InitAtomTable</fct>
-        </fcts>
-      </lib>
-    </feature>
-
-    <feature id="3061" text="">
-      <libs>
-        <lib name="user32.dll">
-          <fcts>
-            <fct>FindWindow</fct>
-            <fct>FindWindowEx</fct>
-            <fct>EnumWindows</fct>
-            <fct>EnumChildWindows</fct>
-            <fct>EnumThreadWindows</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3062" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3063" text="">
-      <libs>
-        <lib name="kernel32.dll">
-          <fcts>
-            <fct>ContinueDebugEvent</fct>
-            <fct>WaitForDebugEvent</fct>
-            <fct>DebugActiveProcess</fct>
-            <fct>DebugBreak</fct>
-            <fct>HeapWalk</fct>
-            <fct>FatalExit</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3064" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>AutoIt</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3065" text="">
-      <libs>
-        <lib name="msi.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3066" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3067" text="">
-      <libs>
-        <lib name="dnsapi.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3068" text="">
-      <libs>
-        <lib name="kernel32.dll">
-          <fcts>
-            <fct>GetTempFileName</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3069" text="">
-      <libs>
-        <lib name="wlanapi.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3070" text="">
-      <libs>
-        <lib name="kernel32.dll">
-          <fcts>
-            <fct>FreeEnvironmentStrings</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3071" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>CPlApplet</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3072" text="">
-      <libs>
-        <lib name="advapi32.dll">
-          <fcts>
-            <fct>RegNotifyChangeKeyValue</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3073" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>abe2869f-9b47-4cd9-a358-c22904dba7f7</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3074" text="">
-      <libs>
-        <lib name="dhcpcsvc.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3075" text="">
-      <libs>
-        <lib name="kernel32.dll">
-          <fcts>
-            <fct>SetComputerName</fct>
-            <fct>SetComputerNameEx</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3076" text="">
-      <libs>
-        <lib name="kernel32.dll">
-          <fcts>
-            <fct>FindNextVolumeMountPoint</fct>
-            <fct>FindFirstVolumeMountPoint</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3077" text="">
-      <libs>
-        <lib name="ws2_32.dll">
-          <fcts>
-            <fct>WSASend</fct>
-            <fct>WSASendMsg</fct>
-            <fct>WSASendTo</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3078" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>Internet Explorer_Server</fct>
-            <fct>WM_HTML_GETOBJECT</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3079" text="">
-      <libs>
-        <lib name="urlmon.dll">
-          <fcts>
-            <fct>WriteHitLogging</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3080" text="">
-      <libs>
-        <lib name="user32.dll">
-          <fcts>
-            <fct>mouse_event</fct>
-          </fcts>
-        </lib>
-        <lib name="">
-          <fcts>
-            <fct>WMessages</fct>
-            <fct>WM_MOUSEMOVE</fct>
-            <fct>WM_LBUTTONUP</fct>
-            <fct>WM_LBUTTONDOWN</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3081" text="">
-      <libs>
-        <lib name="kernel32.dll">
-          <fcts>
-            <fct>VirtualProtect</fct>
-            <fct>VirtualProtectEx</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3085" text="">
-      <libs>
-        <lib name="user32.dll">
-          <fcts>
-            <fct>SetClipboardViewer</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3086" text="">
-      <libs>
-        <lib name="odbccp32.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3087" text="">
-      <libs>
-        <lib name="sisbkup.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3088" text="">
-      <libs>
-        <lib name="setupapi.dll">
-          <fcts>
-            <fct>SetupDiOpenDevRegKey</fct>
-            <fct>SetupDiClassGuidsFromNameEx</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3089" text="">
-      <libs>
-        <lib name="odbctrac.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3090" text="">
-      <libs>
-        <lib name="fveapi.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3091" text="">
-      <libs>
-        <lib name="ntoskrnl.exe">
-          <fcts>
-            <fct>IoRegisterBootDriverReinitialization</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3092" text="">
-      <libs>
-        <lib name="kernel32.dll">
-          <fcts>
-            <fct>RtlCaptureStackBackTrace</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3093" text="">
-      <libs>
-        <lib name="wscript.exe">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3094" text="">
-      <libs>
-        <lib name="cscript.exe">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3095" text="">
-      <libs>
-        <lib name="mshta.exe">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3096" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3097" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3098" text="">
-      <libs>
-        <lib name="sfc.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-        <lib name="sfc_os.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3099" text="">
-      <libs>
-        <lib name="user32.dll">
-          <fcts>
-            <fct>OemKeyScan</fct>
-          </fcts>
-        </lib>
-
-      </libs>
-    </feature>
-
-    <feature id="3101" text="">
-      <libs>
-        <lib name="gpedit.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3102" text="">
-      <libs>
-        <lib name="kernel32.dll">
-          <fcts>
-            <fct>CommConfigDialog</fct>
-            <fct>GetCommModemStatus</fct>
-            <fct>GetCommTimeouts</fct>
-            <fct>GetDefaultCommConfig</fct>
-            <fct>GetCommProperties</fct>
-            <fct>PurgeComm</fct>
-            <fct>SetCommState</fct>
-            <fct>SetCommTimeouts</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3103" text="">
-      <libs>
-        <lib name="kernel32.dll">
-          <fcts>
-            <fct>SetCommMask</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3104" text="">
-      <libs>
-        <lib name="ole32.dll">
-          <fcts>
-            <fct>GetRunningObjectTable</fct>
-          </fcts>
-        </lib>
-        <lib name="shsvcs.dll">
-          <fcts>
-            <fct>CreateHardwareEventMoniker</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3107" text="">
-      <libs>
-        <lib name="icmp.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-
-        <lib name="iphlpapi.dll">
-          <fcts>
-            <fct>Icmp6CreateFile</fct>
-            <fct>Icmp6ParseReplies</fct>
-            <fct>Icmp6SendEcho2</fct>
-            <fct>IcmpCloseHandle</fct>
-            <fct>IcmpCreateFile</fct>
-            <fct>IcmpSendEcho</fct>
-            <fct>IcmpSendEcho2</fct>
-            <fct>IcmpSendEcho2Ex</fct>
-            <fct>IcmpParseReplies</fct>
-            <fct>IcmpSendEcho</fct>
-            <fct>IcmpSendEcho2</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3105" text="">
-      <libs>
-        <lib name="hid.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3100" text="">
-      <libs>
-        <lib name="avrt.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3004" text="">
-      <libs>
-        <lib name="ntdsapi.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-        <lib name="dsuiext.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3006" text="">
-      <libs>
-        <lib name="wsnmp32.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-        <lib name="snmpapi.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3042" text="">
-      <libs>
-        <lib name="kernel32.dll">
-          <fcts>
-            <fct>FindResource</fct>
-            <fct>LockResource</fct>
-            <fct>FindResourceEx</fct>
-            <fct>BeginUpdateResource</fct>
-            <fct>EndUpdateResource</fct>
-            <fct>LoadResource</fct>
-            <fct>SizeofResource</fct>
-            <fct>FreeResource</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3057" text="">
-      <libs>
-        <lib name="mscoree.dll">
-          <fcts>
-            <fct>CorBindToRuntimeEx</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-
-    <feature id="3083" text="">
-      <libs>
-        <lib name="ntdll.dll">
-          <fcts>
-            <fct>WerReportSQMEvent</fct>
-            <fct>WinSqmAddToAverageDWORD</fct>
-            <fct>WinSqmAddToStream</fct>
-            <fct>WinSqmAddToStreamEx</fct>
-            <fct>WinSqmCheckEscalationAddToStreamEx</fct>
-            <fct>WinSqmCheckEscalationSetDWORD64</fct>
-            <fct>WinSqmCheckEscalationSetDWORD</fct>
-            <fct>WinSqmCheckEscalationSetString</fct>
-            <fct>WinSqmCommonDatapointDelete</fct>
-            <fct>WinSqmCommonDatapointSetDWORD64</fct>
-            <fct>WinSqmCommonDatapointSetDWORD</fct>
-            <fct>WinSqmCommonDatapointSetStreamEx</fct>
-            <fct>WinSqmCommonDatapointSetString</fct>
-            <fct>WinSqmEndSession</fct>
-            <fct>WinSqmEventEnabled</fct>
-            <fct>WinSqmEventWrite</fct>
-            <fct>WinSqmGetEscalationRuleStatus</fct>
-            <fct>WinSqmGetInstrumentationProperty</fct>
-            <fct>WinSqmIncrementDWORD</fct>
-            <fct>WinSqmIsOptedIn</fct>
-            <fct>WinSqmIsOptedInEx</fct>
-            <fct>WinSqmSetDWORD64</fct>
-            <fct>WinSqmSetDWORD</fct>
-            <fct>WinSqmSetEscalationInfo</fct>
-            <fct>WinSqmSetIfMaxDWORD</fct>
-            <fct>WinSqmSetIfMinDWORD</fct>
-            <fct>WinSqmSetString</fct>
-            <fct>WinSqmStartSession</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3082" text="">
-      <libs>
-        <lib name="rpcrt4.dll">
-          <fcts>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3084" text="">
-      <libs>
-        <lib name="ntdll.dll">
-          <fcts>
-            <fct>EtwEventWrite</fct>
-            <fct>EtwEventEnabled</fct>
-            <fct>EtwEventRegister</fct>
-            <fct>EtwEventUnregister</fct>
-            <fct>EtwUnregisterTraceGuids</fct>
-            <fct>EtwRegisterTraceGuids</fct>
-            <fct>EtwGetTraceLoggerHandle</fct>
-            <fct>EtwGetTraceEnableLevel</fct>
-            <fct>EtwGetTraceEnableFlags</fct>
-            <fct>EtwTraceMessage</fct>
-          </fcts>
-        </lib>
-
-        <lib name="advapi32.dll">
-          <fcts>
-            <fct>ControlTrace</fct>
-            <fct>EnableTrace</fct>
-            <fct>EnableTraceEx</fct>
-            <fct>EnableTraceEx2</fct>
-            <fct>EnumerateTraceGuids</fct>
-            <fct>EnumerateTraceGuidsEx</fct>
-            <fct>FlushTrace</fct>
-            <fct>QueryAllTraces</fct>
-            <fct>QueryTrace</fct>
-            <fct>StartTrace</fct>
-            <fct>StopTrace</fct>
-            <fct>TraceQueryInformation</fct>
-            <fct>TraceSetInformation</fct>
-            <fct>UpdateTrace</fct>
-            <fct>EventWrite</fct>
-            <fct>EnableCallback</fct>
-            <fct>EventActivityIdControl</fct>
-            <fct>EventEnabled</fct>
-            <fct>EventProviderEnabled</fct>
-            <fct>EventRegister</fct>
-            <fct>EventSetInformation</fct>
-            <fct>EventUnregister</fct>
-            <fct>EventWrite</fct>
-            <fct>EventWriteEx</fct>
-            <fct>EventWriteString</fct>
-            <fct>EventWriteTransfer</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3106" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3109" text="">
-      <libs>
-        <lib name="packet.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3111" text="">
-      <libs>
-        <lib name="mpr.dll">
-          <fcts>
-            <fct>WNetOpenEnum</fct>
-            <fct>WNetEnumResource</fct>
-            <fct>WNetCloseEnum</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3110" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>This document was edited in later version of Microsoft Word.</fct>
-            <fct>To load the document, please Enable Content.</fct>
-            <fct>Microsoft Forms 2.0 CommandButton</fct>
-            <fct>Microsoft Office Word</fct>
-            <fct>Microsoft Word 6.0 Document</fct>
-            <fct>Microsoft Office Word 97-2003</fct>
-            <fct>Microsoft Word Document</fct>
-            <fct>Microsoft Word 97-2003 Document</fct>
-            <fct>MSWordDoc</fct>
-            <fct>xlsx</fct>
-            <fct>docx</fct>
-            <fct>Word.Application</fct>
-            <fct>mso.dll</fct>
-            <fct>.rels</fct>
-            <fct>excel.exe</fct>
-            <fct>Word.Document.8</fct>
-            <fct>PROJECT.THISDOCUMENT.AUTOOPEN</fct>
-            <fct>Microsoft Office</fct>
-            <fct>Root Entry</fct>
-            <fct>1Table</fct>
-            <fct>WordDocument</fct>
-            <fct>SummaryInformation</fct>
-            <fct>DocumentSummaryInformation</fct>
-            <fct>Macros</fct>
-            <fct>ThisDocument</fct>
-            <fct>__SRP_0</fct>
-            <fct>__SRP_1</fct>
-            <fct>__SRP_2</fct>
-            <fct>__SRP_3</fct>
-            <fct>Module1</fct>
-            <fct>_VBA_PROJECT</fct>
-            <fct>PROJECTwm</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3112" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>Zone.Identifier</fct>
-            <fct>:Zone.Identifier</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3113" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>firefox.exe</fct>
-            <fct>chrome.exe</fct>
-            <fct>iexplorer.exe</fct>
-            <fct>opera.exe</fct>
-            <fct>netscape.exe</fct>
-            <fct>mozilla.exe</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3114" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>76487-640-1457236-23837</fct>
-            <fct>76487-337-8429955-22614</fct>
-            <fct>76487-644-3177037-23510</fct>
-            <fct>76487-640-8834005-23195</fct>
-            <fct>76487-640-0716662-23535</fct>
-            <fct>76487-644-8648466-23106</fct>
-            <fct>76487-341-5883812-22420</fct>
-            <fct>76487-OEM-0027453-63796</fct>
-            <fct>76497-640-6308873-23835</fct>
-            <fct>55274-640-2673064-23950</fct>
-            <fct>00426-293-8170032-85146</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3115" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>thunderbird.exe</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3116" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>PR_Bind</fct>
-            <fct>PR_Accept</fct>
-            <fct>PR_AcceptRead</fct>
-            <fct>PR_Connect</fct>
-            <fct>PR_Listen</fct>
-            <fct>PR_Read</fct>
-            <fct>PR_Write</fct>
-            <fct>PR_Writev</fct>
-            <fct>PR_Close</fct>
-            <fct>PR_Send</fct>
-            <fct>PR_TransmitFile</fct>
-            <fct>PR_OpenTCPSocket</fct>
-            <fct>PR_GetSocketOption</fct>
-            <fct>PR_SetSocketOption</fct>
-            <fct>PR_Shutdown</fct>
-            <fct>PR_GetError</fct>
-            <fct>PR_SetError</fct>
-            <fct>PR_GetNameForIdentity</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3117" text="">
-      <libs>
-        <lib name="shimeng.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-        <lib name="ntdll.dll">
-          <fcts>
-            <fct>LdrInitShimEngineDynamic</fct>
-          </fcts>
-        </lib>
-        <lib name="kernel32.dll">
-          <fcts>
-            <fct>BaseFlushAppcompatCache</fct>
-            <fct>BaseCheckAppcompatCache</fct>
-          </fcts>
-        </lib>
-        <lib name="Apphelp.dll">
-          <fcts>
-            <fct>SE_DllLoaded</fct>
-            <fct>SE_DllUnloaded</fct>
-            <fct>SE_DynamicShim</fct>
-            <fct>SE_GetHookAPIs</fct>
-            <fct>SE_GetMaxShimCount</fct>
-            <fct>SE_GetProcAddressIgnoreIncExc</fct>
-            <fct>SE_GetProcAddressLoad</fct>
-            <fct>SE_GetShimCount</fct>
-            <fct>SE_InstallAfterInit</fct>
-            <fct>SE_InstallBeforeInit</fct>
-            <fct>SE_IsShimDll</fct>
-            <fct>SE_LdrEntryRemoved</fct>
-            <fct>SE_ProcessDying</fct>
-            <fct>SdbApphelpNotify</fct>
-            <fct>SdbApphelpNotifyEx</fct>
-            <fct>SdbBeginWriteListTag</fct>
-            <fct>SdbBeginWriteListTag</fct>
-            <fct>SdbBeginWriteListTag</fct>
-            <fct>SdbBuildCompatEnvVariables</fct>
-            <fct>SdbBuildSignature</fct>
-            <fct>SdbCloseApphelpDetailsDataEx</fct>
-            <fct>SdbCloseApphelpInformation</fct>
-            <fct>SdbCloseDatabase</fct>
-            <fct>SdbCloseDatabase</fct>
-            <fct>SdbCloseDatabase</fct>
-            <fct>SdbCloseDatabaseWrite</fct>
-            <fct>SdbCloseDatabaseWrite</fct>
-            <fct>SdbCloseLocalDatabase</fct>
-            <fct>SdbCommitIndexes</fct>
-            <fct>SdbCreateDatabase</fct>
-            <fct>SdbDeclareIndex</fct>
-            <fct>SdbEndWriteListTag</fct>
-            <fct>SdbFindFirstDWORDIndexedTag</fct>
-            <fct>SdbFindFirstTag</fct>
-            <fct>SdbFindNextTag</fct>
-            <fct>SdbFormatAttribute</fct>
-            <fct>SdbFreeFileAttributes</fct>
-            <fct>SdbGetAppPatchDir</fct>
-            <fct>SdbGetBinaryTagData</fct>
-            <fct>SdbGetFileAttributes</fct>
-            <fct>SdbGetFirstChild</fct>
-            <fct>SdbGetIndex</fct>
-            <fct>SdbGetMatchingExe</fct>
-            <fct>SdbGetNextChild</fct>
-            <fct>SdbGetStringTagPtr</fct>
-            <fct>SdbGetTagFromTagID</fct>
-            <fct>SdbInitDatabase</fct>
-            <fct>SdbIsStandardDatabase</fct>
-            <fct>SdbMakeIndexKeyFromString</fct>
-            <fct>SdbOpenApphelpDetailsDatabase</fct>
-            <fct>SdbOpenApphelpResourceFile</fct>
-            <fct>SdbOpenDatabase</fct>
-            <fct>SdbQueryDataExTagID</fct>
-            <fct>SdbReadApphelpDetailsData</fct>
-            <fct>SdbReadBinaryTag</fct>
-            <fct>SdbReadDWORDTag</fct>
-            <fct>SdbReadQWORDTag</fct>
-            <fct>SdbReadStringTag</fct>
-            <fct>SdbRegisterDatabaseEx</fct>
-            <fct>SdbReleaseDatabase</fct>
-            <fct>SdbReleaseMatchingExe</fct>
-            <fct>SdbStartIndexing</fct>
-            <fct>SdbStopIndexing</fct>
-            <fct>SdbTagRefToTagID</fct>
-            <fct>SdbTagToString</fct>
-            <fct>SdbUnregisterDatabase</fct>
-            <fct>SdbWriteBinaryTag</fct>
-            <fct>SdbWriteBinaryTagFromFile</fct>
-            <fct>SdbWriteDWORDTag</fct>
-            <fct>SdbWriteNULLTag</fct>
-            <fct>SdbWriteQWORDTag</fct>
-            <fct>SdbWriteStringTag</fct>
-            <fct>SdbWriteWORDTag</fct>
-            <fct>ShimFlushCache</fct>
-            <fct>ShimExceptionHandler</fct>
-            <fct>ShowDebugInfo</fct>
-          </fcts>
-        </lib>
-
-        <lib name="">
-          <fcts>
-            <fct>SHIM_DEBUG_LEVEL</fct>
-            <fct>Microsoft Application Compatibility Toolkit 5.6</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3118" text="">
-      <libs>
-        <lib name="wab32.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-        <lib name="wab32res.dll">
-          <fcts>
-            <fct></fct>
-          </fcts>
-        </lib>
-        <lib name="">
-          <fcts>
-            <fct>C:\Program Files\Common Files\System\wab32</fct>
-            <fct>WABOpen</fct>
-            <fct>WABCreateIProp</fct>
-            <fct>WABOpenEx</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3119" text="">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>SHQueryRecycleBin</fct>
-            <fct>RECYCLER\</fct>
-            <fct>$Recycle.Bin\</fct>
-            <fct>$Recycle.Bin</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="3120" text="The file references the Volume Shadow administration (vssadmin) tool">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>vssadmin add shadowstorage</fct>
-            <fct>vssadmin create shadow</fct>
-            <fct>vssadmin delete shadows</fct>
-            <fct>vssadmin delete shadowstorage</fct>
-            <fct>vssadmin list providers</fct>
-            <fct>vssadmin list shadows</fct>
-            <fct>vssadmin list shadowstorage</fct>
-            <fct>vssadmin list volumes</fct>
-            <fct>vssadmin list writers</fct>
-            <fct>vssadmin resize shadowstorage</fct>
-            <fct>vssadmin.exe</fct>
-            <fct>vssadmin.exe Delete Shadows /All /Quiet</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4000" text="Security Management"
-             url="http://msdn.microsoft.com/en-us/lib/windows/desktop/ms721849(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>GetServiceAccountPassword</fct>
-            <fct>InitializeChangeNotify</fct>
-            <fct>LsaAddAccountRights</fct>
-            <fct>LsaClose</fct>
-            <fct>LsaCreateTrustedDomainEx</fct>
-            <fct>LsaDeleteTrustedDomain</fct>
-            <fct>LsaEnumerateAccountRights</fct>
-            <fct>LsaEnumerateAccountsWithUserRight</fct>
-            <fct>LsaEnumerateTrustedDomains</fct>
-            <fct>LsaEnumerateTrustedDomainsEx</fct>
-            <fct>LsaFreeMemory</fct>
-            <fct>LsaLookupNames</fct>
-            <fct>LsaLookupNames2</fct>
-            <fct>LsaLookupPrivilegeValue</fct>
-            <fct>LsaLookupSids</fct>
-            <fct>LsaLookupSids2</fct>
-            <fct>LsaNtStatusToWinError</fct>
-            <fct>LsaOpenTrustedDomainByName</fct>
-            <fct>LsaQueryTrustedDomainInfo</fct>
-            <fct>LsaQueryTrustedDomainInfoByName</fct>
-            <fct>LsaRegisterPolicyChangeNotification</fct>
-            <fct>LsaRemoveAccountRights</fct>
-            <fct>LsaRetrievePrivateData</fct>
-            <fct>LsaSetTrustedDomainInfoByName</fct>
-            <fct>LsaSetTrustedDomainInformation</fct>
-            <fct>LsaStorePrivateData</fct>
-            <fct>LsaUnregisterPolicyChangeNotification</fct>
-            <fct>NetAddServiceAccount</fct>
-            <fct>NetEnumerateServiceAccounts</fct>
-            <fct>NetIsServiceAccount</fct>
-            <fct>NetQueryServiceAccount</fct>
-            <fct>NetRemoveServiceAccount</fct>
-            <fct>PasswordChangeNotify</fct>
-            <fct>PasswordFilter</fct>
-            <fct>SaferCloseLevel</fct>
-            <fct>SaferComputeTokenFromLevel</fct>
-            <fct>SaferCreateLevel</fct>
-            <fct>SaferGetLevelInformation</fct>
-            <fct>SaferGetPolicyInformation</fct>
-            <fct>SaferIdentifyLevel</fct>
-            <fct>SaferiIsExecutableFileType</fct>
-            <fct>SaferRecordEventLogEntry</fct>
-            <fct>SaferSetLevelInformation</fct>
-            <fct>SaferSetPolicyInformation</fct>
-            <fct>SceSvcAttachmentAnalyze</fct>
-            <fct>SceSvcAttachmentConfig</fct>
-            <fct>SceSvcAttachmentUpdate</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4001"
-             text="Authorization"
-             url="http://msdn.microsoft.com/en-us/lib/windows/desktop/aa375742(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>AccessCheck</fct>
-            <fct>AccessCheckAndAuditAlarm</fct>
-            <fct>AccessCheckByType</fct>
-            <fct>AccessCheckByTypeAndAuditAlarm</fct>
-            <fct>AccessCheckByTypeResultList</fct>
-            <fct>AccessCheckByTypeResultListAndAuditAlarm</fct>
-            <fct>AccessCheckByTypeResultListAndAuditAlarmByHandle</fct>
-            <fct>AddAccessAllowedAce</fct>
-            <fct>AddAccessAllowedAceEx</fct>
-            <fct>AddAccessAllowedObjectAce</fct>
-            <fct>AddAccessDeniedAce</fct>
-            <fct>AddAccessDeniedAceEx</fct>
-            <fct>AddAccessDeniedObjectAce</fct>
-            <fct>AddAce</fct>
-            <fct>AddAuditAccessAce</fct>
-            <fct>AddAuditAccessAceEx</fct>
-            <fct>AddAuditAccessObjectAce</fct>
-            <fct>AddConditionalAce</fct>
-            <fct>AddMandatoryAce</fct>
-            <fct>AddResourceAttributeAce</fct>
-            <fct>AddScopedPolicyIDAce</fct>
-            <fct>AdjustTokenGroups</fct>
-            <fct>AdjustTokenPrivileges</fct>
-            <fct>AllocateAndInitializeSid</fct>
-            <fct>AllocateLocallyUniqueId</fct>
-            <fct>AreAllAccessesGranted</fct>
-            <fct>AreAnyAccessesGranted</fct>
-            <fct>AuditComputeEffectivePolicyBySid</fct>
-            <fct>AuditComputeEffectivePolicyByToken</fct>
-            <fct>AuditEnumerateCategories</fct>
-            <fct>AuditEnumeratePerUserPolicy</fct>
-            <fct>AuditEnumerateSubCategories</fct>
-            <fct>AuditFree</fct>
-            <fct>AuditLookupCategoryGuidFromCategoryId</fct>
-            <fct>AuditLookupCategoryIdFromCategoryGuid</fct>
-            <fct>AuditLookupCategoryName</fct>
-            <fct>AuditLookupSubCategoryName</fct>
-            <fct>AuditQueryGlobalSacl</fct>
-            <fct>AuditQueryPerUserPolicy</fct>
-            <fct>AuditQuerySecurity</fct>
-            <fct>AuditQuerySystemPolicy</fct>
-            <fct>AuditSetGlobalSacl</fct>
-            <fct>AuditSetPerUserPolicy</fct>
-            <fct>AuditSetSecurity</fct>
-            <fct>AuditSetSystemPolicy</fct>
-            <fct>AuthzAccessCheck</fct>
-            <fct>AuthzAccessCheckCallback</fct>
-            <fct>AuthzAddSidsToContext</fct>
-            <fct>AuthzCachedAccessCheck</fct>
-            <fct>AuthzComputeGroupsCallback</fct>
-            <fct>AuthzEnumerateSecurityEventSources</fct>
-            <fct>AuthzFreeAuditEvent</fct>
-            <fct>AuthzFreeCentralAccessPolicyCache</fct>
-            <fct>AuthzFreeCentralAccessPolicyCallback</fct>
-            <fct>AuthzFreeContext</fct>
-            <fct>AuthzFreeGroupsCallback</fct>
-            <fct>AuthzFreeHandle</fct>
-            <fct>AuthzFreeResourceManager</fct>
-            <fct>AuthzGetCentralAccessPolicyCallback</fct>
-            <fct>AuthzGetInformationFromContext</fct>
-            <fct>AuthzInitializeCompoundContext</fct>
-            <fct>AuthzInitializeContextFromAuthzContext</fct>
-            <fct>AuthzInitializeContextFromSid</fct>
-            <fct>AuthzInitializeContextFromToken</fct>
-            <fct>AuthzInitializeObjectAccessAuditEvent</fct>
-            <fct>AuthzInitializeObjectAccessAuditEvent2</fct>
-            <fct>AuthzInitializeRemoteResourceManager</fct>
-            <fct>AuthzInitializeResourceManager</fct>
-            <fct>AuthzInitializeResourceManagerEx</fct>
-            <fct>AuthzInstallSecurityEventSource</fct>
-            <fct>AuthzModifyClaims</fct>
-            <fct>AuthzModifySecurityAttributes</fct>
-            <fct>AuthzModifySids</fct>
-            <fct>AuthzOpenObjectAudit</fct>
-            <fct>AuthzRegisterCapChangeNotification</fct>
-            <fct>AuthzRegisterSecurityEventSource</fct>
-            <fct>AuthzReportSecurityEvent</fct>
-            <fct>AuthzReportSecurityEventFromParams</fct>
-            <fct>AuthzSetAppContainerInformation</fct>
-            <fct>AuthzUninstallSecurityEventSource</fct>
-            <fct>AuthzUnregisterCapChangeNotification</fct>
-            <fct>AuthzUnregisterSecurityEventSource</fct>
-            <fct>BuildExplicitAccessWithName</fct>
-            <fct>BuildImpersonateExplicitAccessWithName</fct>
-            <fct>BuildImpersonateTrustee</fct>
-            <fct>BuildSecurityDescriptor</fct>
-            <fct>BuildTrusteeWithName</fct>
-            <fct>BuildTrusteeWithObjectsAndName</fct>
-            <fct>BuildTrusteeWithObjectsAndSid</fct>
-            <fct>BuildTrusteeWithSid</fct>
-            <fct>CheckTokenCapability</fct>
-            <fct>CheckTokenMembership</fct>
-            <fct>CheckTokenMembershipEx</fct>
-            <fct>ConvertSecurityDescriptorToStringSecurityDescriptor</fct>
-            <fct>ConvertSidToStringSid</fct>
-            <fct>ConvertStringSecurityDescriptorToSecurityDescriptor</fct>
-            <fct>ConvertStringSidToSid</fct>
-            <fct>ConvertToAutoInheritPrivateObjectSecurity</fct>
-            <fct>CopySid</fct>
-            <fct>CreatePrivateObjectSecurity</fct>
-            <fct>CreatePrivateObjectSecurityEx</fct>
-            <fct>CreatePrivateObjectSecurityWithMultipleInheritance</fct>
-            <fct>CreateRestrictedToken</fct>
-            <fct>CreateSecurityPage</fct>
-            <fct>CreateWellKnownSid</fct>
-            <fct>DeleteAce</fct>
-            <fct>DestroyPrivateObjectSecurity</fct>
-            <fct>DSCreateSecurityPage</fct>
-            <fct>DSCreateISecurityInfoObject</fct>
-            <fct>DSCreateISecurityInfoObjectEx</fct>
-            <fct>DSEditSecurity</fct>
-            <fct>DuplicateToken</fct>
-            <fct>DuplicateTokenEx</fct>
-            <fct>EditSecurity</fct>
-            <fct>EditSecurityAdvanced</fct>
-            <fct>EqualDomainSid</fct>
-            <fct>EqualPrefixSid</fct>
-            <fct>EqualSid</fct>
-            <fct>FindFirstFreeAce</fct>
-            <fct>FreeInheritedFromArray</fct>
-            <fct>FreeSid</fct>
-            <fct>GetAce</fct>
-            <fct>GetAclInformation</fct>
-            <fct>GetAppContainerNamedObjectPath</fct>
-            <fct>GetAuditedPermissionsFromAcl</fct>
-            <fct>GetEffectiveRightsFromAcl</fct>
-            <fct>GetExplicitEntriesFromAcl</fct>
-            <fct>GetFileSecurity</fct>
-            <fct>GetInheritanceSource</fct>
-            <fct>GetKernelObjectSecurity</fct>
-            <fct>GetLengthSid</fct>
-            <fct>GetMultipleTrustee</fct>
-            <fct>GetMultipleTrusteeOperation</fct>
-            <fct>GetNamedSecurityInfo</fct>
-            <fct>GetPrivateObjectSecurity</fct>
-            <fct>GetSecurityDescriptorControl</fct>
-            <fct>GetSecurityDescriptorDacl</fct>
-            <fct>GetSecurityDescriptorGroup</fct>
-            <fct>GetSecurityDescriptorLength</fct>
-            <fct>GetSecurityDescriptorOwner</fct>
-            <fct>GetSecurityDescriptorRMControl</fct>
-            <fct>GetSecurityDescriptorSacl</fct>
-            <fct>GetSecurityInfo</fct>
-            <fct>GetSidIdentifierAuthority</fct>
-            <fct>GetSidLengthRequired</fct>
-            <fct>GetSidSubAuthority</fct>
-            <fct>GetSidSubAuthorityCount</fct>
-            <fct>GetTokenInformation</fct>
-            <fct>GetTrusteeForm</fct>
-            <fct>GetTrusteeName</fct>
-            <fct>GetTrusteeType</fct>
-            <fct>GetUserObjectSecurity</fct>
-            <fct>GetWindowsAccountDomainSid</fct>
-            <fct>ImpersonateAnonymousToken</fct>
-            <fct>ImpersonateLoggedOnUser</fct>
-            <fct>ImpersonateNamedPipeClient</fct>
-            <fct>ImpersonateSelf</fct>
-            <fct>InitializeAcl</fct>
-            <fct>InitializeSecurityDescriptor</fct>
-            <fct>InitializeSid</fct>
-            <fct>IsTokenRestricted</fct>
-            <fct>IsValidAcl</fct>
-            <fct>IsValidSecurityDescriptor</fct>
-            <fct>IsValidSid</fct>
-            <fct>IsWellKnownSid</fct>
-            <fct>LookupAccountName</fct>
-            <fct>LookupAccountSid</fct>
-            <fct>LookupPrivilegeDisplayName</fct>
-            <fct>LookupPrivilegeName</fct>
-            <fct>LookupPrivilegeValue</fct>
-            <fct>LookupSecurityDescriptorParts</fct>
-            <fct>MakeAbsoluteSD</fct>
-            <fct>MakeSelfRelativeSD</fct>
-            <fct>MapGenericMask</fct>
-            <fct>NtCompareTokens</fct>
-            <fct>ObjectCloseAuditAlarm</fct>
-            <fct>ObjectDeleteAuditAlarm</fct>
-            <fct>ObjectOpenAuditAlarm</fct>
-            <fct>ObjectPrivilegeAuditAlarm</fct>
-            <fct>OpenProcessToken</fct>
-            <fct>OpenThreadToken</fct>
-            <fct>PrivilegeCheck</fct>
-            <fct>PrivilegedServiceAuditAlarm</fct>
-            <fct>QuerySecurityAccessMask</fct>
-            <fct>QueryServiceObjectSecurity</fct>
-            <fct>RegGetKeySecurity</fct>
-            <fct>RegSetKeySecurity</fct>
-            <fct>RevertToSelf</fct>
-            <fct>RtlConvertSidToUnicodeString</fct>
-            <fct>SetAclInformation</fct>
-            <fct>SetEntriesInAcl</fct>
-            <fct>SetFileSecurity</fct>
-            <fct>SetKernelObjectSecurity</fct>
-            <fct>SetNamedSecurityInfo</fct>
-            <fct>SetPrivateObjectSecurity</fct>
-            <fct>SetPrivateObjectSecurityEx</fct>
-            <fct>SetSecurityAccessMask</fct>
-            <fct>SetSecurityDescriptorControl</fct>
-            <fct>SetSecurityDescriptorDacl</fct>
-            <fct>SetSecurityDescriptorGroup</fct>
-            <fct>SetSecurityDescriptorOwner</fct>
-            <fct>SetSecurityDescriptorRMControl</fct>
-            <fct>SetSecurityDescriptorSacl</fct>
-            <fct>SetSecurityInfo</fct>
-            <fct>SetServiceObjectSecurity</fct>
-            <fct>SetThreadToken</fct>
-            <fct>SetTokenInformation</fct>
-            <fct>SetUserObjectSecurity</fct>
-            <fct>TreeResetNamedSecurityInfo</fct>
-            <fct>TreeSetNamedSecurityInfo</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4002"
-             text="Registry"
-             url="http://msdn.microsoft.com/en-us/lib/windows/desktop/ms724875(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>GetPrivateProfileInt</fct>
-            <fct>GetPrivateProfileSection</fct>
-            <fct>GetPrivateProfileSectionNames</fct>
-            <fct>GetPrivateProfileString</fct>
-            <fct>GetPrivateProfileStruct</fct>
-            <fct>GetProfileInt</fct>
-            <fct>GetProfileSection</fct>
-            <fct>GetProfileString</fct>
-            <fct>RegCloseKey</fct>
-            <fct>RegConnectRegistry</fct>
-            <fct>RegCopyTree</fct>
-            <fct>RegCreateKey</fct>
-            <fct>RegCreateKeyEx</fct>
-            <fct>RegCreateKeyTransacted</fct>
-            <fct>RegDeleteKey</fct>
-            <fct>RegDeleteKeyEx</fct>
-            <fct>RegDeleteKeyTransacted</fct>
-            <fct>RegDeleteKeyValue</fct>
-            <fct>RegDeleteTree</fct>
-            <fct>RegDeleteValue</fct>
-            <fct>RegDisablePredefinedCache</fct>
-            <fct>RegDisablePredefinedCacheEx</fct>
-            <fct>RegDisableReflectionKey</fct>
-            <fct>RegEnableReflectionKey</fct>
-            <fct>RegEnumKey</fct>
-            <fct>RegEnumKeyEx</fct>
-            <fct>RegEnumValue</fct>
-            <fct>RegFlushKey</fct>
-            <fct>RegGetValue</fct>
-            <fct>RegLoadAppKey</fct>
-            <fct>RegLoadKey</fct>
-            <fct>RegLoadMUIString</fct>
-            <fct>RegNotifyChangeKeyValue</fct>
-            <fct>RegOpenCurrentUser</fct>
-            <fct>RegOpenKey</fct>
-            <fct>RegOpenKeyEx</fct>
-            <fct>RegOpenKeyTransacted</fct>
-            <fct>RegOpenUserClassesRoot</fct>
-            <fct>RegOverridePredefKey</fct>
-            <fct>RegQueryInfoKey</fct>
-            <fct>RegQueryMultipleValues</fct>
-            <fct>RegQueryReflectionKey</fct>
-            <fct>RegQueryValue</fct>
-            <fct>RegQueryValueEx</fct>
-            <fct>RegReplaceKey</fct>
-            <fct>RegRestoreKey</fct>
-            <fct>RegSaveKey</fct>
-            <fct>RegSaveKeyEx</fct>
-            <fct>RegSetKeyValue</fct>
-            <fct>RegSetValue</fct>
-            <fct>RegSetValueEx</fct>
-            <fct>RegUnLoadKey</fct>
-            <fct>WritePrivateProfileSection</fct>
-            <fct>WritePrivateProfileString</fct>
-            <fct>WritePrivateProfileStruct</fct>
-            <fct>WriteProfileSection</fct>
-            <fct>WriteProfileString</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4003" text="Memory Management"
-             url="http://msdn.microsoft.com/en-us/lib/windows/desktop/aa366781(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>AddSecureMemoryCacheCallback</fct>
-            <fct>AllocateUserPhysicalPages</fct>
-            <fct>AllocateUserPhysicalPagesNuma</fct>
-            <fct>BadMemoryCallbackRoutine</fct>
-            <fct>CopyMemory</fct>
-            <fct>CreateFileMapping</fct>
-            <fct>CreateFileMappingFromApp</fct>
-            <fct>CreateFileMappingNuma</fct>
-            <fct>CreateMemoryResourceNotification</fct>
-            <fct>FillMemory</fct>
-            <fct>FlushViewOfFile</fct>
-            <fct>FreeUserPhysicalPages</fct>
-            <fct>GetLargePageMinimum</fct>
-            <fct>GetMemoryErrorHandlingCapabilities</fct>
-            <fct>GetPhysicallyInstalledSystemMemory</fct>
-            <fct>GetProcessDEPPolicy</fct>
-            <fct>GetProcessHeap</fct>
-            <fct>GetProcessHeaps</fct>
-            <fct>GetSystemDEPPolicy</fct>
-            <fct>GetSystemFileCacheSize</fct>
-            <fct>GetWriteWatch</fct>
-            <fct>GlobalAlloc</fct>
-            <fct>GlobalDiscard</fct>
-            <fct>GlobalFlags</fct>
-            <fct>GlobalFree</fct>
-            <fct>GlobalHandle</fct>
-            <fct>GlobalLock</fct>
-            <fct>GlobalMemoryStatus</fct>
-            <fct>GlobalMemoryStatusEx</fct>
-            <fct>GlobalReAlloc</fct>
-            <fct>GlobalSize</fct>
-            <fct>GlobalUnlock</fct>
-            <fct>HeapAlloc</fct>
-            <fct>HeapCompact</fct>
-            <fct>HeapCreate</fct>
-            <fct>HeapDestroy</fct>
-            <fct>HeapFree</fct>
-            <fct>HeapLock</fct>
-            <fct>HeapQueryInformation</fct>
-            <fct>HeapReAlloc</fct>
-            <fct>HeapSetInformation</fct>
-            <fct>HeapSize</fct>
-            <fct>HeapUnlock</fct>
-            <fct>HeapValidate</fct>
-            <fct>HeapWalk</fct>
-            <fct>IsBadCodePtr</fct>
-            <fct>IsBadReadPtr</fct>
-            <fct>IsBadStringPtr</fct>
-            <fct>IsBadWritePtr</fct>
-            <fct>LocalAlloc</fct>
-            <fct>LocalDiscard</fct>
-            <fct>LocalFlags</fct>
-            <fct>LocalHandle</fct>
-            <fct>LocalLock</fct>
-            <fct>LocalReAlloc</fct>
-            <fct>LocalSize</fct>
-            <fct>LocalUnlock</fct>
-            <fct>MapViewOfFile</fct>
-            <fct>MapViewOfFileEx</fct>
-            <fct>MapViewOfFileExNuma</fct>
-            <fct>MapViewOfFileFromApp</fct>
-            <fct>MapUserPhysicalPages</fct>
-            <fct>MapUserPhysicalPagesScatter</fct>
-            <fct>MoveMemory</fct>
-            <fct>OpenFileMapping</fct>
-            <fct>PrefetchVirtualMemory</fct>
-            <fct>QueryMemoryResourceNotification</fct>
-            <fct>RegisterBadMemoryNotification</fct>
-            <fct>RemoveSecureMemoryCacheCallback</fct>
-            <fct>ResetWriteWatch</fct>
-            <fct>SecureMemoryCacheCallback</fct>
-            <fct>SecureZeroMemory</fct>
-            <fct>SetProcessDEPPolicy</fct>
-            <fct>SetSystemFileCacheSize</fct>
-            <fct>UnmapViewOfFile</fct>
-            <fct>UnregisterBadMemoryNotification</fct>
-            <fct>VirtualAlloc</fct>
-            <fct>VirtualAllocEx</fct>
-            <fct>VirtualAllocExNuma</fct>
-            <fct>VirtualFree</fct>
-            <fct>VirtualFreeEx</fct>
-            <fct>VirtualLock</fct>
-            <fct>VirtualProtect</fct>
-            <fct>VirtualProtectEx</fct>
-            <fct>VirtualQuery</fct>
-            <fct>VirtualQueryEx</fct>
-            <fct>VirtualUnlock</fct>
-            <fct>ZeroMemory</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4004"
-             text="Tool Help"
-             url="http://msdn.microsoft.com/en-us/lib/windows/desktop/ms686832(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>CloseToolhelp32Snapshot</fct>
-            <fct>CreateToolhelp32Snapshot</fct>
-            <fct>Heap32First</fct>
-            <fct>Heap32ListFirst</fct>
-            <fct>Heap32ListNext</fct>
-            <fct>Heap32Next</fct>
-            <fct>Module32First</fct>
-            <fct>Module32Next</fct>
-            <fct>Process32First</fct>
-            <fct>Process32Next</fct>
-            <fct>Thread32First</fct>
-            <fct>Thread32Next</fct>
-            <fct>Toolhelp32ReadProcessMemory</fct>
-            <fct>CloseToolhelp32Snapshot</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4005"
-             text="Backup"
-             url="http://msdn.microsoft.com/en-us/lib/windows/desktop/aa362512(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>BackupRead</fct>
-            <fct>BackupSeek</fct>
-            <fct>BackupWrite</fct>
-            <fct>CreateTapePartition</fct>
-            <fct>EraseTape</fct>
-            <fct>GetTapeParameters</fct>
-            <fct>GetTapePosition</fct>
-            <fct>GetTapeStatus</fct>
-            <fct>PrepareTape</fct>
-            <fct>SetTapeParameters</fct>
-            <fct>SetTapePosition</fct>
-            <fct>WriteTapemark</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4006"
-             text="Event Logging"
-             url="http://msdn.microsoft.com/en-us/lib/windows/desktop/aa363654(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>BackupEventLog</fct>
-            <fct>ClearEventLog</fct>
-            <fct>CloseEventLog</fct>
-            <fct>DeregisterEventSource</fct>
-            <fct>GetEventLogInformation</fct>
-            <fct>GetNumberOfEventLogRecords</fct>
-            <fct>GetOldestEventLogRecord</fct>
-            <fct>NotifyChangeEventLog</fct>
-            <fct>OpenBackupEventLog</fct>
-            <fct>OpenEventLog</fct>
-            <fct>ReadEventLog</fct>
-            <fct>RegisterEventSource</fct>
-            <fct>ReportEvent</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4007"
-             text="Event Tracing"
-             url="http://msdn.microsoft.com/en-us/lib/windows/desktop/aa363795(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>BufferCallback</fct>
-            <fct>CloseTrace</fct>
-            <fct>ControlCallback</fct>
-            <fct>ControlTrace</fct>
-            <fct>CreateTraceInstanceId</fct>
-            <fct>EnableCallback</fct>
-            <fct>EnableTrace</fct>
-            <fct>EnableTraceEx</fct>
-            <fct>EnableTraceEx2</fct>
-            <fct>EnumerateTraceGuids</fct>
-            <fct>EnumerateTraceGuidsEx</fct>
-            <fct>EventAccessControl</fct>
-            <fct>EventAccessQuery</fct>
-            <fct>EventAccessRemove</fct>
-            <fct>EventActivityIdControl</fct>
-            <fct>EventCallback</fct>
-            <fct>EventClassCallback</fct>
-            <fct>EventEnabled</fct>
-            <fct>EventProviderEnabled</fct>
-            <fct>EventRecordCallback</fct>
-            <fct>EventRegister</fct>
-            <fct>EventSetInformation</fct>
-            <fct>EventUnregister</fct>
-            <fct>EventWrite</fct>
-            <fct>EventWriteEx</fct>
-            <fct>EventWriteString</fct>
-            <fct>EventWriteTransfer</fct>
-            <fct>FlushTrace</fct>
-            <fct>GetTraceEnableFlags</fct>
-            <fct>GetTraceEnableLevel</fct>
-            <fct>GetTraceLoggerHandle</fct>
-            <fct>OpenTrace</fct>
-            <fct>ProcessTrace</fct>
-            <fct>QueryAllTraces</fct>
-            <fct>QueryTrace</fct>
-            <fct>RegisterTraceGuids</fct>
-            <fct>RemoveTraceCallback</fct>
-            <fct>SetTraceCallback</fct>
-            <fct>StartTrace</fct>
-            <fct>StopTrace</fct>
-            <fct>TdhAggregatePayloadFilters</fct>
-            <fct>TdhCleanupPayloadEventFilterDescriptor</fct>
-            <fct>TdhCloseDecodingHandle</fct>
-            <fct>TdhCreatePayloadFilter</fct>
-            <fct>TdhDeletePayloadFilter</fct>
-            <fct>TdhEnumerateManifestProviderEvents</fct>
-            <fct>TdhEnumerateProviderFieldInformation</fct>
-            <fct>TdhEnumerateProviderFilters</fct>
-            <fct>TdhEnumerateProviders</fct>
-            <fct>TdhFormatProperty</fct>
-            <fct>TdhGetDecodingParameter</fct>
-            <fct>TdhGetEventInformation</fct>
-            <fct>TdhGetEventMapInformation</fct>
-            <fct>TdhGetManifestEventInformation</fct>
-            <fct>TdhGetProperty</fct>
-            <fct>TdhGetPropertySize</fct>
-            <fct>TdhGetWppMessage</fct>
-            <fct>TdhGetWppProperty</fct>
-            <fct>TdhLoadManifest</fct>
-            <fct>TdhLoadManifestFromBinary</fct>
-            <fct>TdhOpenDecodingHandle</fct>
-            <fct>TdhQueryProviderFieldInformation</fct>
-            <fct>TdhSetDecodingParameter</fct>
-            <fct>TdhUnloadManifest</fct>
-            <fct>TraceEvent</fct>
-            <fct>TraceEventInstance</fct>
-            <fct>TraceMessage</fct>
-            <fct>TraceMessageVa</fct>
-            <fct>TraceQueryInformation</fct>
-            <fct>TraceSetInformation</fct>
-            <fct>UnregisterTraceGuids</fct>
-            <fct>UpdateTrace</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4008"
-             text="Error Handling"
-             url="http://msdn.microsoft.com/en-us/lib/windows/desktop/ms679321(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>CaptureStackBackTrace</fct>
-            <fct>FatalAppExit</fct>
-            <fct>FlashWindow</fct>
-            <fct>FlashWindowEx</fct>
-            <fct>GetErrorMode</fct>
-            <fct>GetThreadErrorMode</fct>
-            <fct>RtlLookupFunctionEntry</fct>
-            <fct>RtlNtStatusToDosError</fct>
-            <fct>RtlPcToFileHeader</fct>
-            <fct>RtlUnwind</fct>
-            <fct>RtlUnwind2</fct>
-            <fct>RtlUnwindEx</fct>
-            <fct>RtlVirtualUnwind</fct>
-            <fct>SetErrorMode</fct>
-            <fct>SetLastError</fct>
-            <fct>SetLastErrorEx</fct>
-            <fct>SetThreadErrorMode</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4009"
-             text="Directory Management"
-             url="http://msdn.microsoft.com/de-de/lib/windows/desktop/aa363950(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>CreateDirectory</fct>
-            <fct>CreateDirectoryEx</fct>
-            <fct>CreateDirectoryTransacted</fct>
-            <fct>FindCloseChangeNotification</fct>
-            <fct>FindFirstChangeNotification</fct>
-            <fct>FindNextChangeNotification</fct>
-            <fct>GetCurrentDirectory</fct>
-            <fct>ReadDirectoryChanges</fct>
-            <fct>RemoveDirectory</fct>
-            <fct>RemoveDirectoryTransacted</fct>
-            <fct>SetCurrentDirectory</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4010"
-             text="Debugging"
-             url="http://msdn.microsoft.com/de-de/lib/windows/desktop/ms679303(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>CheckRemoteDebuggerPresent</fct>
-            <fct>ContinueDebugEvent</fct>
-            <fct>DebugActiveProcess</fct>
-            <fct>DebugActiveProcessStop</fct>
-            <fct>DebugBreak</fct>
-            <fct>DebugBreakProcess</fct>
-            <fct>DebugSetProcessKillOnExit</fct>
-            <fct>FatalExit</fct>
-            <fct>FlushInstructionCache</fct>
-            <fct>GetThreadContext</fct>
-            <fct>GetThreadSelectorEntry</fct>
-            <fct>IsDebuggerPresent</fct>
-            <fct>OutputDebugString</fct>
-            <fct>ReadProcessMemory</fct>
-            <fct>SetThreadContext</fct>
-            <fct>WaitForDebugEvent</fct>
-            <fct>Wow64GetThreadContext</fct>
-            <fct>Wow64GetThreadSelectorEntry</fct>
-            <fct>Wow64SetThreadContext</fct>
-            <fct>WriteProcessMemory</fct>
-          </fcts>
-        </lib>
-
-        <lib name="dbghelp.dll">
-          <fcts>
-            <fct>SymFindFileInPath</fct>
-            <fct>UnDecorateSymbolName</fct>
-            <fct>SymSetContext</fct>
-            <fct>SymFunctionTableAccess</fct>
-            <fct>SymCleanup</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4011"
-             text="Console"
-             url="http://msdn.microsoft.com/en-us/lib/windows/desktop/ms682073(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>AddConsoleAlias</fct>
-            <fct>AllocConsole</fct>
-            <fct>AttachConsole</fct>
-            <fct>CreateConsoleScreenBuffer</fct>
-            <fct>FillConsoleOutputAttribute</fct>
-            <fct>FillConsoleOutputCharacter</fct>
-            <fct>FlushConsoleInputBuffer</fct>
-            <fct>FreeConsole</fct>
-            <fct>GenerateConsoleCtrlEvent</fct>
-            <fct>GetConsoleAlias</fct>
-            <fct>GetConsoleAliases</fct>
-            <fct>GetConsoleAliasesLength</fct>
-            <fct>GetConsoleAliasExes</fct>
-            <fct>GetConsoleAliasExesLength</fct>
-            <fct>GetConsoleCP</fct>
-            <fct>GetConsoleCursorInfo</fct>
-            <fct>GetConsoleDisplayMode</fct>
-            <fct>GetConsoleFontSize</fct>
-            <fct>GetConsoleHistoryInfo</fct>
-            <fct>GetConsoleMode</fct>
-            <fct>GetConsoleOriginalTitle</fct>
-            <fct>GetConsoleOutputCP</fct>
-            <fct>GetConsoleProcessList</fct>
-            <fct>GetConsoleScreenBufferInfo</fct>
-            <fct>GetConsoleScreenBufferInfoEx</fct>
-            <fct>GetConsoleSelectionInfo</fct>
-            <fct>GetConsoleTitle</fct>
-            <fct>GetConsoleWindow</fct>
-            <fct>GetCurrentConsoleFont</fct>
-            <fct>GetCurrentConsoleFontEx</fct>
-            <fct>GetLargestConsoleWindowSize</fct>
-            <fct>GetNumberOfConsoleInputEvents</fct>
-            <fct>GetNumberOfConsoleMouseButtons</fct>
-            <fct>GetStdHandle</fct>
-            <fct>HandlerRoutine</fct>
-            <fct>PeekConsoleInput</fct>
-            <fct>ReadConsole</fct>
-            <fct>ReadConsoleInput</fct>
-            <fct>ReadConsoleOutput</fct>
-            <fct>ReadConsoleOutputAttribute</fct>
-            <fct>ReadConsoleOutputCharacter</fct>
-            <fct>ScrollConsoleScreenBuffer</fct>
-            <fct>SetConsoleActiveScreenBuffer</fct>
-            <fct>SetConsoleCP</fct>
-            <fct>SetConsoleCtrlHandler</fct>
-            <fct>SetConsoleCursorInfo</fct>
-            <fct>SetConsoleCursorPosition</fct>
-            <fct>SetConsoleDisplayMode</fct>
-            <fct>SetConsoleHistoryInfo</fct>
-            <fct>SetConsoleMode</fct>
-            <fct>SetConsoleOutputCP</fct>
-            <fct>SetConsoleScreenBufferInfoEx</fct>
-            <fct>SetConsoleScreenBufferSize</fct>
-            <fct>SetConsoleTextAttribute</fct>
-            <fct>SetConsoleTitle</fct>
-            <fct>SetConsoleWindowInfo</fct>
-            <fct>SetCurrentConsoleFontEx</fct>
-            <fct>SetStdHandle</fct>
-            <fct>WriteConsole</fct>
-            <fct>WriteConsoleInput</fct>
-            <fct>WriteConsoleOutput</fct>
-            <fct>WriteConsoleOutputAttribute</fct>
-            <fct>WriteConsoleOutputCharacter</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4012"
-             text="ImageHlp"
-             url="http://msdn.microsoft.com/en-us/lib/windows/desktop/ms680181(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>BindImage</fct>
-            <fct>BindImageEx</fct>
-            <fct>CheckSumMappedFile</fct>
-            <fct>DigestFunction</fct>
-            <fct>GetImageConfigInformation</fct>
-            <fct>GetImageUnusedHeaderBytes</fct>
-            <fct>ImageAddCertificate</fct>
-            <fct>ImageEnumerateCertificates</fct>
-            <fct>ImageGetCertificateData</fct>
-            <fct>ImageGetCertificateHeader</fct>
-            <fct>ImageGetDigestStream</fct>
-            <fct>ImageLoad</fct>
-            <fct>ImageRemoveCertificate</fct>
-            <fct>ImageUnload</fct>
-            <fct>MapAndLoad</fct>
-            <fct>MapFileAndCheckSum</fct>
-            <fct>ReBaseImage</fct>
-            <fct>ReBaseImage64</fct>
-            <fct>SetImageConfigInformation</fct>
-            <fct>SplitSymbols</fct>
-            <fct>StatusRoutine</fct>
-            <fct>TouchFileTimes</fct>
-            <fct>UnMapAndLoad</fct>
-            <fct>UpdateDebugInfoFile</fct>
-            <fct>UpdateDebugInfoFileEx</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4013"
-             text="Communications"
-             url="http://msdn.microsoft.com/en-us/lib/windows/desktop/aa363194(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>BuildCommDCB</fct>
-            <fct>BuildCommDCBAndTimeouts</fct>
-            <fct>ClearCommBreak</fct>
-            <fct>ClearCommError</fct>
-            <fct>CommConfigDialog</fct>
-            <fct>EscapeCommFunction</fct>
-            <fct>GetCommConfig</fct>
-            <fct>GetCommMask</fct>
-            <fct>GetCommModemStatus</fct>
-            <fct>GetCommProperties</fct>
-            <fct>GetCommState</fct>
-            <fct>GetCommTimeouts</fct>
-            <fct>GetDefaultCommConfig</fct>
-            <fct>PurgeComm</fct>
-            <fct>SetCommBreak</fct>
-            <fct>SetCommConfig</fct>
-            <fct>SetCommMask</fct>
-            <fct>SetCommState</fct>
-            <fct>SetCommTimeouts</fct>
-            <fct>SetDefaultCommConfig</fct>
-            <fct>SetupComm</fct>
-            <fct>TransmitCommChar</fct>
-            <fct>WaitCommEvent</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4014"
-             text="COM"
-             url="http://msdn.microsoft.com/en-us/lib/aa910227.aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>BindMoniker</fct>
-            <fct>CLSIDFromProgID</fct>
-            <fct>CLSIDFromString</fct>
-            <fct>CoAddRefServerProcess</fct>
-            <fct>CoBuildVersion</fct>
-            <fct>CoCopyProxy</fct>
-            <fct>CoCreateFreeThreadedMarshaler</fct>
-            <fct>CoCreateGuid</fct>
-            <fct>CoCreateInstance</fct>
-            <fct>CoCreateInstanceEx</fct>
-            <fct>CoDisconnectObject</fct>
-            <fct>CoFileTimeNow</fct>
-            <fct>CoFreeAllLibraries</fct>
-            <fct>CoFreeLibrary</fct>
-            <fct>CoFreeUnusedLibraries</fct>
-            <fct>CoFreeUnusedLibrariesEx</fct>
-            <fct>CoGetCallContext</fct>
-            <fct>CoGetClassObject</fct>
-            <fct>CoGetCurrentProcess</fct>
-            <fct>CoGetInstanceFromFile</fct>
-            <fct>CoGetInstanceFromIStorage</fct>
-            <fct>CoGetInterfaceAndReleaseStream</fct>
-            <fct>CoGetMalloc</fct>
-            <fct>CoGetMarshalSizeMax</fct>
-            <fct>CoGetObject</fct>
-            <fct>CoGetPSClsid</fct>
-            <fct>CoGetStandardMarshal</fct>
-            <fct>CoGetTreatAsClass</fct>
-            <fct>CoImpersonateClient</fct>
-            <fct>CoInitialize</fct>
-            <fct>CoInitializeEx</fct>
-            <fct>CoInitializeSecurity</fct>
-            <fct>CoIsHandlerConnected</fct>
-            <fct>CoIsOle1Class</fct>
-            <fct>CoLoadLibrary</fct>
-            <fct>CoLockObjectExternal</fct>
-            <fct>CoMarshalHresult</fct>
-            <fct>CoMarshalInterface</fct>
-            <fct>CoMarshalInterThreadInterfaceInStream</fct>
-            <fct>CoQueryAuthenticationServices</fct>
-            <fct>CoQueryClientBlanket</fct>
-            <fct>CoQueryProxyBlanket</fct>
-            <fct>CoRegisterClassObject</fct>
-            <fct>CoRegisterMallocSpy</fct>
-            <fct>CoRegisterMessageFilter</fct>
-            <fct>CoRegisterPSClsid</fct>
-            <fct>CoRegisterSurrogate</fct>
-            <fct>CoReleaseMarshalData</fct>
-            <fct>CoReleaseServerProcess</fct>
-            <fct>CoResumeClassObjects</fct>
-            <fct>CoRevertToSelf</fct>
-            <fct>CoRevokeClassObject</fct>
-            <fct>CoRevokeMallocSpy</fct>
-            <fct>CoSetProxyBlanket</fct>
-            <fct>CoSuspendClassObjects</fct>
-            <fct>CoSwitchCallContext</fct>
-            <fct>CoTaskMemAlloc</fct>
-            <fct>CoTaskMemFree</fct>
-            <fct>CoTaskMemRealloc</fct>
-            <fct>CoTreatAsClass</fct>
-            <fct>CoUninitialize</fct>
-            <fct>CoUnmarshalHresult</fct>
-            <fct>CoUnmarshalInterface</fct>
-            <fct>CreateAntiMoniker</fct>
-            <fct>CreateBindCtx</fct>
-            <fct>CreateClassMoniker</fct>
-            <fct>CreateFileMoniker</fct>
-            <fct>CreateGenericComposite</fct>
-            <fct>CreateItemMoniker</fct>
-            <fct>CreatePointerMoniker</fct>
-            <fct>DllCanUnloadNow</fct>
-            <fct>DllGetClassObject</fct>
-            <fct>DllRegisterServer</fct>
-            <fct>DllUnregisterServer</fct>
-            <fct>GetClassFile</fct>
-            <fct>GetRunningObjectTable</fct>
-            <fct>IIDFromString</fct>
-            <fct>IsEqualGUID</fct>
-            <fct>IsValidIid</fct>
-            <fct>IsValidInterface</fct>
-            <fct>IsValidPtrIn</fct>
-            <fct>IsValidPtrOut</fct>
-            <fct>MkParseDisplayName</fct>
-            <fct>MonikerCommonPrefixWith</fct>
-            <fct>MonikerRelativePathTo</fct>
-            <fct>ProgIDFromCLSID</fct>
-            <fct>StringFromCLSID</fct>
-            <fct>StringFromGUID2</fct>
-            <fct>StringFromIID</fct>
-            <fct>UpdateDCOMSettings</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4015"
-             text="System Information"
-             url="http://msdn.microsoft.com/en-us/lib/windows/desktop/ms724953(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>CeipIsOptedIn</fct>
-            <fct>DnsHostnameToComputerName</fct>
-            <fct>EnumSystemFirmwareTables</fct>
-            <fct>ExpandEnvironmentStrings</fct>
-            <fct>GetComputerName</fct>
-            <fct>GetComputerNameEx</fct>
-            <fct>GetComputerObjectName</fct>
-            <fct>GetCurrentHwProfile</fct>
-            <fct>GetFirmwareEnvironmentVariable</fct>
-            <fct>GetFirmwareEnvironmentVariableEx</fct>
-            <fct>GetFirmwareType</fct>
-            <fct>GetNativeSystemInfo</fct>
-            <fct>GetProductInfo</fct>
-            <fct>GetSystemDirectory</fct>
-            <fct>GetSystemFirmwareTable</fct>
-            <fct>GetSystemInfo</fct>
-            <fct>GetSystemRegistryQuota</fct>
-            <fct>GetSystemWindowsDirectory</fct>
-            <fct>GetSystemWow64Directory</fct>
-            <fct>GetUserName</fct>
-            <fct>GetUserNameEx</fct>
-            <fct>GetVersion</fct>
-            <fct>GetVersionEx</fct>
-            <fct>GetWindowsDirectory</fct>
-            <fct>IsNativeVhdBoot</fct>
-            <fct>IsProcessorFeaturePresent</fct>
-            <fct>NtQuerySystemInformation</fct>
-            <fct>QueryPerformanceCounter</fct>
-            <fct>QueryPerformanceFrequency</fct>
-            <fct>SetComputerName</fct>
-            <fct>SetComputerNameEx</fct>
-            <fct>SetFirmwareEnvironmentVariable</fct>
-            <fct>SetFirmwareEnvironmentVariableEx</fct>
-            <fct>TranslateName</fct>
-            <fct>VerifyVersionInfo</fct>
-            <fct>VerSetConditionMask</fct>
-            <fct>ZwQuerySystemInformation</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4016"
-             text="Package Query"
-             url="http://msdn.microsoft.com/en-us/lib/windows/desktop/hh446597(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>ClosePackageInfo</fct>
-            <fct>FindPackagesByPackageFamily</fct>
-            <fct>FormatApplicationUserModelId</fct>
-            <fct>GetApplicationUserModelId</fct>
-            <fct>GetCurrentApplicationUserModelId</fct>
-            <fct>GetCurrentPackageFamilyName</fct>
-            <fct>GetCurrentPackageFullName</fct>
-            <fct>GetCurrentPackageId</fct>
-            <fct>GetCurrentPackageInfo</fct>
-            <fct>GetCurrentPackagePath</fct>
-            <fct>GetPackageApplicationIds</fct>
-            <fct>GetPackageFamilyName</fct>
-            <fct>GetPackageFullName</fct>
-            <fct>GetPackageId</fct>
-            <fct>GetPackageInfo</fct>
-            <fct>GetPackagePath</fct>
-            <fct>GetPackagePathByFullName</fct>
-            <fct>GetPackagesByPackageFamily</fct>
-            <fct>GetStagedPackageOrigin</fct>
-            <fct>GetStagedPackagePathByFullName</fct>
-            <fct>OpenPackageInfoByFullName</fct>
-            <fct>PackageFamilyNameFromFullName</fct>
-            <fct>PackageFamilyNameFromId</fct>
-            <fct>PackageFullNameFromId</fct>
-            <fct>PackageIdFromFullName</fct>
-            <fct>PackageNameAndPublisherIdFromFamilyName</fct>
-            <fct>ParseApplicationUserModelId</fct>
-            <fct>PackageOrigin</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4017"
-             text="Setup"
-             url="https://msdn.microsoft.com/en-us/library/aa376947(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>InstallHinfSection</fct>
-            <fct>SetupAddInstallSectionToDiskSpaceList</fct>
-            <fct>SetupAddSectionToDiskSpaceList</fct>
-            <fct>SetupAddToDiskSpaceList</fct>
-            <fct>SetupAddToSourceList</fct>
-            <fct>SetupAdjustDiskSpaceList</fct>
-            <fct>SetupBackupError</fct>
-            <fct>SetupCancelTemporarySourceList</fct>
-            <fct>SetupCloseFileQueue</fct>
-            <fct>SetupCloseInfFile</fct>
-            <fct>SetupCommitFileQueue</fct>
-            <fct>SetupCopyError</fct>
-            <fct>SetupConfigureWmiFromInfSection</fct>
-            <fct>SetupCopyOEMInf</fct>
-            <fct>SetupCreateDiskSpaceList</fct>
-            <fct>SetupDecompressOrCopyFile</fct>
-            <fct>SetupDefaultQueueCallback</fct>
-            <fct>SetupDeleteError</fct>
-            <fct>SetupDuplicateDiskSpaceList</fct>
-            <fct>SetupDestroyDiskSpaceList</fct>
-            <fct>SetupEnumInfSections</fct>
-            <fct>SetupFindFirstLine</fct>
-            <fct>SetupFindNextLine</fct>
-            <fct>SetupFindNextMatchLine</fct>
-            <fct>SetupFreeSourceList</fct>
-            <fct>SetupGetBinaryField</fct>
-            <fct>SetupGetFieldCount</fct>
-            <fct>SetupGetFileCompressionInfov</fct>
-            <fct>SetupGetFileCompressionInfoEx</fct>
-            <fct>SetupGetFileQueueCount</fct>
-            <fct>SetupGetFileQueueFlags</fct>
-            <fct>SetupGetInfFileList</fct>
-            <fct>SetupGetInfInformation</fct>
-            <fct>SetupGetIntField</fct>
-            <fct>SetupGetLineByIndex</fct>
-            <fct>SetupGetLineCount</fct>
-            <fct>SetupGetLineText</fct>
-            <fct>SetupGetMultiSzField</fct>
-            <fct>SetupGetSourceFileLocation</fct>
-            <fct>SetupGetSourceFileSize</fct>
-            <fct>SetupGetSourceInfo</fct>
-            <fct>SetupGetStringField</fct>
-            <fct>SetupGetTargetPath</fct>
-            <fct>SetupInitDefaultQueueCallback</fct>
-            <fct>SetupInitDefaultQueueCallbackEx</fct>
-            <fct>SetupInitializeFileLog</fct>
-            <fct>SetupInstallFile</fct>
-            <fct>SetupInstallFileEx</fct>
-            <fct>SetupInstallFilesFromInfSection</fct>
-            <fct>SetupInstallFromInfSection</fct>
-            <fct>SetupInstallServicesFromInfSection</fct>
-            <fct>SetupInstallServicesFromInfSectionEx</fct>
-            <fct>SetupIterateCabinet</fct>
-            <fct>SetupLogError</fct>
-            <fct>SetupLogFile</fct>
-            <fct>SetupOpenAppendInfFile</fct>
-            <fct>SetupOpenFileQueue</fct>
-            <fct>SetupOpenInfFile</fct>
-            <fct>SetupOpenLog</fct>
-            <fct>SetupCloseLog</fct>
-            <fct>SetupOpenMasterInf</fct>
-            <fct>SetupPromptForDisk</fct>
-            <fct>SetupPromptReboot</fct>
-            <fct>SetupQueryDrivesInDiskSpaceList</fct>
-            <fct>SetupQueryFileLog</fct>
-            <fct>SetupQueryInfFileInformation</fct>
-            <fct>SetupQueryInfOriginalFileInformation</fct>
-            <fct>SetupQueryInfVersionInformation</fct>
-            <fct>SetupQuerySourceList</fct>
-            <fct>SetupQuerySpaceRequiredOnDrive</fct>
-            <fct>SetupQueueCopy</fct>
-            <fct>SetupQueueCopyIndirect</fct>
-            <fct>SetupQueueCopySection</fct>
-            <fct>SetupQueueDefaultCopy</fct>
-            <fct>SetupQueueDelete</fct>
-            <fct>SetupQueueDeleteSection</fct>
-            <fct>SetupQueueRename</fct>
-            <fct>SetupQueueRenameSection</fct>
-            <fct>SetupRemoveFileLogEntry</fct>
-            <fct>SetupRemoveFromDiskSpaceList</fct>
-            <fct>SetupRemoveFromSourceList</fct>
-            <fct>SetupRemoveInstallSectionFromDiskSpaceList</fct>
-            <fct>SetupRemoveSectionFromDiskSpaceList</fct>
-            <fct>SetupRenameError</fct>
-            <fct>SetupScanFileQueue</fct>
-            <fct>SetupSetDirectoryId</fct>
-            <fct>SetupSetDirectoryIdEx</fct>
-            <fct>SetupSetFileQueueAlternatePlatform</fct>
-            <fct>SetupSetFileQueueFlags</fct>
-            <fct>SetupSetPlatformPathOverride</fct>
-            <fct>SetupSetSourceList</fct>
-            <fct>SetupTermDefaultQueueCallback</fct>
-            <fct>SetupTerminateFileLog</fct>
-            <fct>SetupUninstallNewlyCopiedInfs</fct>
-            <fct>SetupUninstallOEMInf</fct>
-            <fct>SetupVerifyInfFile</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4018"
-             text="Structured Storage"
-             url="http://msdn.microsoft.com/en-us/lib/windows/desktop/aa379134(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>CreateILockBytesOnHGlobal</fct>
-            <fct>CreateStreamOnHGlobal</fct>
-            <fct>FmtIdToPropStgName</fct>
-            <fct>FreePropVariantArray</fct>
-            <fct>GetConvertStg</fct>
-            <fct>GetHGlobalFromILockBytes</fct>
-            <fct>GetHGlobalFromStream</fct>
-            <fct>OleConvertIStorageToOLESTREAM</fct>
-            <fct>OleConvertIStorageToOLESTREAMEx</fct>
-            <fct>OleConvertOLESTREAMToIStorage</fct>
-            <fct>OleConvertOLESTREAMToIStorageEx</fct>
-            <fct>PropStgNameToFmtId</fct>
-            <fct>PropVariantClear</fct>
-            <fct>PropVariantCopy</fct>
-            <fct>PropVariantInit</fct>
-            <fct>ReadClassStg</fct>
-            <fct>ReadClassStm</fct>
-            <fct>ReadFmtUserTypeStg</fct>
-            <fct>StgConvertPropertyToVariant</fct>
-            <fct>SetConvertStg</fct>
-            <fct>StgConvertVariantToProperty</fct>
-            <fct>StgCreateDocfile</fct>
-            <fct>StgCreateDocfileOnILockBytes</fct>
-            <fct>StgCreatePropSetStg</fct>
-            <fct>StgCreatePropStg</fct>
-            <fct>StgCreateStorageEx</fct>
-            <fct>StgDeserializePropVariant</fct>
-            <fct>StgGetIFillLockBytesOnFile</fct>
-            <fct>StgGetIFillLockBytesOnILockBytes</fct>
-            <fct>StgIsStorageFile</fct>
-            <fct>StgIsStorageILockBytes</fct>
-            <fct>StgOpenAsyncDocfileOnIFillLockBytes</fct>
-            <fct>StgOpenLayoutDocfile</fct>
-            <fct>StgOpenPropStg</fct>
-            <fct>StgOpenStorage</fct>
-            <fct>StgOpenStorageEx</fct>
-            <fct>StgOpenStorageOnILockBytes</fct>
-            <fct>StgPropertyLengthAsVariant</fct>
-            <fct>StgSetTimes</fct>
-            <fct>StgSerializePropVariant</fct>
-            <fct>WriteClassStg</fct>
-            <fct>WriteClassStm</fct>
-            <fct>WriteFmtUserTypeStg</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4019"
-         text="Dynamic Data Exchange Management Library (DDEML)"
-         url="http://msdn.microsoft.com/en-us/lib/windows/desktop/ms648712(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>DdeAbandonTransaction</fct>
-            <fct>DdeAccessData</fct>
-            <fct>DdeAddData</fct>
-            <fct>DdeCallback</fct>
-            <fct>DdeClientTransaction</fct>
-            <fct>DdeCmpStringHandles</fct>
-            <fct>DdeConnect</fct>
-            <fct>DdeConnectList</fct>
-            <fct>DdeCreateDataHandle</fct>
-            <fct>DdeCreateStringHandle</fct>
-            <fct>DdeDisconnect</fct>
-            <fct>DdeDisconnectList</fct>
-            <fct>DdeEnableCallback</fct>
-            <fct>DdeFreeDataHandle</fct>
-            <fct>DdeFreeStringHandle</fct>
-            <fct>DdeGetData</fct>
-            <fct>DdeGetLastError</fct>
-            <fct>DdeImpersonateClient</fct>
-            <fct>DdeInitialize</fct>
-            <fct>DdeKeepStringHandle</fct>
-            <fct>DdeNameService</fct>
-            <fct>DdePostAdvise</fct>
-            <fct>DdeQueryConvInfo</fct>
-            <fct>DdeQueryNextServer</fct>
-            <fct>DdeQueryString</fct>
-            <fct>DdeReconnect</fct>
-            <fct>DdeSetUserHandle</fct>
-            <fct>DdeUnaccessData</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4020"
-     text="Clipboard"
-     url="http://msdn.microsoft.com/en-us/lib/windows/desktop/ff468802(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>AddClipboardFormatListener</fct>
-            <fct>ChangeClipboardChain</fct>
-            <fct>CloseClipboard</fct>
-            <fct>CountClipboardFormats</fct>
-            <fct>EmptyClipboard</fct>
-            <fct>EnumClipboardFormats</fct>
-            <fct>GetClipboardData</fct>
-            <fct>GetClipboardFormatName</fct>
-            <fct>GetClipboardOwner</fct>
-            <fct>GetClipboardSequenceNumber</fct>
-            <fct>GetClipboardViewer</fct>
-            <fct>GetOpenClipboardWindow</fct>
-            <fct>GetPriorityClipboardFormat</fct>
-            <fct>GetUpdatedClipboardFormats</fct>
-            <fct>IsClipboardFormatAvailable</fct>
-            <fct>OpenClipboard</fct>
-            <fct>RegisterClipboardFormat</fct>
-            <fct>RemoveClipboardFormatListener</fct>
-            <fct>SetClipboardData</fct>
-            <fct>SetClipboardViewer</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4021"
-         text="WinINet"
-         url="http://msdn.microsoft.com/en-us/lib/windows/desktop/aa385473(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>CleanupCredentialCache</fct>
-            <fct>CommitUrlCacheEntryA</fct>
-            <fct>CommitUrlCacheEntryW</fct>
-            <fct>CreateMD5SSOHash</fct>
-            <fct>CreateUrlCacheEntry</fct>
-            <fct>CreateUrlCacheGroup</fct>
-            <fct>DeleteUrlCacheEntry</fct>
-            <fct>DeleteUrlCacheGroup</fct>
-            <fct>DetectAutoProxyUrl</fct>
-            <fct>FindCloseUrlCache</fct>
-            <fct>FindFirstUrlCacheEntry</fct>
-            <fct>FindFirstUrlCacheEntryEx</fct>
-            <fct>FindFirstUrlCacheGroup</fct>
-            <fct>FindNextUrlCacheEntry</fct>
-            <fct>FindNextUrlCacheEntryEx</fct>
-            <fct>FindNextUrlCacheGroup</fct>
-            <fct>FtpCommand</fct>
-            <fct>FtpCreateDirectory</fct>
-            <fct>FtpDeleteFile</fct>
-            <fct>FtpFindFirstFile</fct>
-            <fct>FtpGetCurrentDirectory</fct>
-            <fct>FtpGetFile</fct>
-            <fct>FtpGetFileSize</fct>
-            <fct>FtpOpenFile</fct>
-            <fct>FtpPutFile</fct>
-            <fct>FtpRemoveDirectory</fct>
-            <fct>FtpRenameFile</fct>
-            <fct>FtpSetCurrentDirectory</fct>
-            <fct>GetUrlCacheConfigInfo</fct>
-            <fct>GetUrlCacheEntryInfo</fct>
-            <fct>GetUrlCacheEntryInfoEx</fct>
-            <fct>GetUrlCacheGroupAttribute</fct>
-            <fct>GopherAttributeEnumerator</fct>
-            <fct>GopherCreateLocator</fct>
-            <fct>GopherFindFirstFile</fct>
-            <fct>GopherGetAttribute</fct>
-            <fct>GopherGetLocatorType</fct>
-            <fct>GopherOpenFile</fct>
-            <fct>HttpAddRequestHeaders</fct>
-            <fct>HttpEndRequest</fct>
-            <fct>HttpOpenRequest</fct>
-            <fct>HttpQueryInfo</fct>
-            <fct>HttpSendRequest</fct>
-            <fct>HttpSendRequestEx</fct>
-            <fct>InternetAttemptConnect</fct>
-            <fct>InternetAutodial</fct>
-            <fct>InternetAutodialHangup</fct>
-            <fct>InternetCanonicalizeUrl</fct>
-            <fct>InternetCheckConnection</fct>
-            <fct>InternetClearAllPerSiteCookieDecisions</fct>
-            <fct>InternetCloseHandle</fct>
-            <fct>InternetCombineUrl</fct>
-            <fct>InternetConfirmZoneCrossing</fct>
-            <fct>InternetConnect</fct>
-            <fct>InternetCrackUrl</fct>
-            <fct>InternetCreateUrl</fct>
-            <fct>InternetDeInitializeAutoProxyDll</fct>
-            <fct>InternetDial</fct>
-            <fct>InternetEnumPerSiteCookieDecision</fct>
-            <fct>InternetErrorDlg</fct>
-            <fct>InternetFindNextFile</fct>
-            <fct>InternetGetConnectedState</fct>
-            <fct>InternetGetConnectedStateEx</fct>
-            <fct>InternetGetCookie</fct>
-            <fct>InternetGetCookieEx</fct>
-            <fct>InternetGetLastResponseInfo</fct>
-            <fct>InternetGetPerSiteCookieDecision</fct>
-            <fct>InternetGetProxyInfo</fct>
-            <fct>InternetGoOnline</fct>
-            <fct>InternetHangUp</fct>
-            <fct>InternetInitializeAutoProxyDll</fct>
-            <fct>InternetLockRequestFile</fct>
-            <fct>InternetOpen</fct>
-            <fct>InternetOpenUrl</fct>
-            <fct>InternetQueryDataAvailable</fct>
-            <fct>InternetQueryOption</fct>
-            <fct>InternetReadFile</fct>
-            <fct>InternetReadFileEx</fct>
-            <fct>InternetSetCookie</fct>
-            <fct>InternetSetCookieEx</fct>
-            <fct>InternetSetDialState</fct>
-            <fct>InternetSetFilePointer</fct>
-            <fct>InternetSetOption</fct>
-            <fct>InternetSetOptionEx</fct>
-            <fct>InternetSetPerSiteCookieDecision</fct>
-            <fct>InternetSetStatusCallback</fct>
-            <fct>InternetStatusCallback</fct>
-            <fct>InternetTimeFromSystemTime</fct>
-            <fct>InternetTimeToSystemTime</fct>
-            <fct>InternetUnlockRequestFile</fct>
-            <fct>InternetWriteFile</fct>
-            <fct>PrivacyGetZonePreferenceW</fct>
-            <fct>PrivacySetZonePreferenceW</fct>
-            <fct>ReadUrlCacheEntryStream</fct>
-            <fct>ResumeSuspendedDownload</fct>
-            <fct>RetrieveUrlCacheEntryFile</fct>
-            <fct>RetrieveUrlCacheEntryStream</fct>
-            <fct>SetUrlCacheEntryGroup</fct>
-            <fct>SetUrlCacheEntryInfo</fct>
-            <fct>SetUrlCacheGroupAttribute</fct>
-            <fct>UnlockUrlCacheEntryFile</fct>
-            <fct>UnlockUrlCacheEntryStream</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4022"
-         text="DLL"
-         url="http://msdn.microsoft.com/en-us/lib/windows/desktop/ms682599(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>AddDllDirectory</fct>
-            <fct>DisableThreadLibraryCalls</fct>
-            <fct>DllMain</fct>
-            <fct>FreeLibrary</fct>
-            <fct>FreeLibraryAndExitThread</fct>
-            <fct>GetDllDirectory</fct>
-            <fct>GetModuleFileName</fct>
-            <fct>GetModuleHandle</fct>
-            <fct>GetModuleHandleEx</fct>
-            <fct>GetProcAddress</fct>
-            <fct>LoadLibrary</fct>
-            <fct>LoadLibraryEx</fct>
-            <fct>LoadModule</fct>
-            <fct>LoadPackagedLibrary</fct>
-            <fct>RemoveDllDirectory</fct>
-            <fct>SetDefaultDllDirectories</fct>
-            <fct>SetDllDirectory</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-        id="4023"
-        text="Process and Thread"
-        url="http://msdn.microsoft.com/en-us/lib/windows/desktop/ms684847(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>AssignProcessToJobObject</fct>
-            <fct>AttachThreadInput</fct>
-            <fct>AvQuerySystemResponsiveness</fct>
-            <fct>AvRevertMmThreadCharacteristics</fct>
-            <fct>AvRtCreateThreadOrderingGroup</fct>
-            <fct>AvRtCreateThreadOrderingGroupEx</fct>
-            <fct>AvRtDeleteThreadOrderingGroup</fct>
-            <fct>AvRtJoinThreadOrderingGroup</fct>
-            <fct>AvRtLeaveThreadOrderingGroup</fct>
-            <fct>AvRtWaitOnThreadOrderingGroup</fct>
-            <fct>AvSetMmMaxThreadCharacteristics</fct>
-            <fct>AvSetMmThreadCharacteristics</fct>
-            <fct>AvSetMmThreadPriority</fct>
-            <fct>BindIoCompletionCallback</fct>
-            <fct>CallbackMayRunLong</fct>
-            <fct>CancelThreadpoolIo</fct>
-            <fct>CleanupGroupCancelCallback</fct>
-            <fct>CloseThreadpool</fct>
-            <fct>CloseThreadpoolCleanupGroup</fct>
-            <fct>CloseThreadpoolCleanupGroupMembers</fct>
-            <fct>CloseThreadpoolIo</fct>
-            <fct>CloseThreadpoolTimer</fct>
-            <fct>CloseThreadpoolWait</fct>
-            <fct>CloseThreadpoolWork</fct>
-            <fct>ConvertFiberToThread</fct>
-            <fct>ConvertThreadToFiber</fct>
-            <fct>ConvertThreadToFiberEx</fct>
-            <fct>CreateFiber</fct>
-            <fct>CreateFiberEx</fct>
-            <fct>CreateJobObject</fct>
-            <fct>CreateProcess</fct>
-            <fct>CreateProcessAsUser</fct>
-            <fct>CreateProcessWithLogonW</fct>
-            <fct>CreateProcessWithTokenW</fct>
-            <fct>CreateRemoteThread</fct>
-            <fct>CreateRemoteThreadEx</fct>
-            <fct>CreateThread</fct>
-            <fct>CreateThreadpool</fct>
-            <fct>CreateThreadpoolCleanupGroup</fct>
-            <fct>CreateThreadpoolIo</fct>
-            <fct>CreateThreadpoolTimer</fct>
-            <fct>CreateThreadpoolWait</fct>
-            <fct>CreateThreadpoolWork</fct>
-            <fct>CreateUmsCompletionList</fct>
-            <fct>CreateUmsThreadContext</fct>
-            <fct>DeleteFiber</fct>
-            <fct>DeleteProcThreadAttributeList</fct>
-            <fct>DeleteUmsCompletionList</fct>
-            <fct>DeleteUmsThreadContext</fct>
-            <fct>DequeueUmsCompletionListItems</fct>
-            <fct>DestroyThreadpoolEnvironment</fct>
-            <fct>DisassociateCurrentThreadFromCallback</fct>
-            <fct>EnterUmsSchedulingMode</fct>
-            <fct>ExecuteUmsThread</fct>
-            <fct>ExitProcess</fct>
-            <fct>ExitThread</fct>
-            <fct>FiberProc</fct>
-            <fct>FlsAlloc</fct>
-            <fct>FlsCallback</fct>
-            <fct>FlsFree</fct>
-            <fct>FlsGetValue</fct>
-            <fct>FlsSetValue</fct>
-            <fct>FlushProcessWriteBuffers</fct>
-            <fct>FreeEnvironmentStrings</fct>
-            <fct>FreeLibraryWhenCallbackReturns</fct>
-            <fct>GetActiveProcessorCount</fct>
-            <fct>GetActiveProcessorGroupCount</fct>
-            <fct>GetAutoRotationState</fct>
-            <fct>GetDisplayAutoRotationPreferencesByProcessId</fct>
-            <fct>GetDisplayAutoRotationPreferences</fct>
-            <fct>GetCommandLine</fct>
-            <fct>GetCurrentProcess</fct>
-            <fct>GetCurrentProcessId</fct>
-            <fct>GetCurrentProcessorNumber</fct>
-            <fct>GetCurrentProcessorNumberEx</fct>
-            <fct>GetCurrentThread</fct>
-            <fct>GetCurrentThreadId</fct>
-            <fct>GetCurrentThreadStackLimits</fct>
-            <fct>GetCurrentUmsThread</fct>
-            <fct>GetEnvironmentStrings</fct>
-            <fct>GetEnvironmentVariable</fct>
-            <fct>GetExitCodeProcess</fct>
-            <fct>GetExitCodeThread</fct>
-            <fct>GetGuiResources</fct>
-            <fct>GetLogicalProcessorInformation</fct>
-            <fct>GetLogicalProcessorInformationEx</fct>
-            <fct>GetMaximumProcessorCount</fct>
-            <fct>GetMaximumProcessorGroupCount</fct>
-            <fct>GetNextUmsListItem</fct>
-            <fct>GetNumaAvailableMemoryNode</fct>
-            <fct>GetNumaAvailableMemoryNodeEx</fct>
-            <fct>GetNumaHighestNodeNumber</fct>
-            <fct>GetNumaNodeNumberFromHandle</fct>
-            <fct>GetNumaNodeProcessorMask</fct>
-            <fct>GetNumaNodeProcessorMaskEx</fct>
-            <fct>GetNumaProcessorNode</fct>
-            <fct>GetNumaProcessorNodeEx</fct>
-            <fct>GetNumaProximityNode</fct>
-            <fct>GetNumaProximityNodeEx</fct>
-            <fct>GetPriorityClass</fct>
-            <fct>GetProcessAffinityMask</fct>
-            <fct>GetProcessGroupAffinity</fct>
-            <fct>GetProcessHandleCount</fct>
-            <fct>GetProcessId</fct>
-            <fct>GetProcessIdOfThread</fct>
-            <fct>GetProcessInformation</fct>
-            <fct>GetProcessIoCounters</fct>
-            <fct>GetProcessMitigationPolicy</fct>
-            <fct>GetProcessPriorityBoost</fct>
-            <fct>GetProcessShutdownParameters</fct>
-            <fct>GetProcessTimes</fct>
-            <fct>GetProcessVersion</fct>
-            <fct>GetProcessWorkingSetSize</fct>
-            <fct>GetProcessWorkingSetSizeEx</fct>
-            <fct>GetProcessorSystemCycleTime</fct>
-            <fct>GetStartupInfo</fct>
-            <fct>GetThreadGroupAffinity</fct>
-            <fct>GetThreadId</fct>
-            <fct>GetThreadIdealProcessorEx</fct>
-            <fct>GetThreadInformation</fct>
-            <fct>GetThreadIOPendingFlag</fct>
-            <fct>GetThreadPriority</fct>
-            <fct>GetThreadPriorityBoost</fct>
-            <fct>GetThreadTimes</fct>
-            <fct>GetUmsCompletionListEvent</fct>
-            <fct>GetUmsSystemThreadInformation</fct>
-            <fct>InitializeProcThreadAttributeList</fct>
-            <fct>InitializeThreadpoolEnvironment</fct>
-            <fct>IoCompletionCallback</fct>
-            <fct>IsImmersiveProcess</fct>
-            <fct>IsProcessInJob</fct>
-            <fct>IsProcessCritical</fct>
-            <fct>IsThreadAFiber</fct>
-            <fct>IsThreadpoolTimerSet</fct>
-            <fct>IsWow64Message</fct>
-            <fct>IsWow64Process</fct>
-            <fct>LeaveCriticalSectionWhenCallbackReturns</fct>
-            <fct>NeedCurrentDirectoryForExePath</fct>
-            <fct>NtGetCurrentProcessorNumber</fct>
-            <fct>NtQueryInformationProcess</fct>
-            <fct>NtQueryInformationThread</fct>
-            <fct>OpenJobObject</fct>
-            <fct>OpenProcess</fct>
-            <fct>OpenThread</fct>
-            <fct>QueryFullProcessImageName</fct>
-            <fct>QueryIdleProcessorCycleTime</fct>
-            <fct>QueryIdleProcessorCycleTimeEx</fct>
-            <fct>QueryInformationJobObject</fct>
-            <fct>QueryProcessAffinityUpdateMode</fct>
-            <fct>QueryProcessCycleTime</fct>
-            <fct>QueryThreadCycleTime</fct>
-            <fct>QueryThreadpoolStackInformation</fct>
-            <fct>QueryUmsThreadInformation</fct>
-            <fct>QueueUserWorkItem</fct>
-            <fct>ReleaseMutexWhenCallbackReturns</fct>
-            <fct>ReleaseSemaphoreWhenCallbackReturns</fct>
-            <fct>ResumeThread</fct>
-            <fct>SetDisplayAutoRotationPreferences</fct>
-            <fct>SetEnvironmentVariable</fct>
-            <fct>SetEventWhenCallbackReturns</fct>
-            <fct>SetInformationJobObject</fct>
-            <fct>SetPriorityClass</fct>
-            <fct>SetProcessAffinityMask</fct>
-            <fct>SetProcessAffinityUpdateMode</fct>
-            <fct>SetProcessInformation</fct>
-            <fct>SetProcessMitigationPolicy</fct>
-            <fct>SetProcessPriorityBoost</fct>
-            <fct>SetProcessRestrictionExemption</fct>
-            <fct>SetProcessShutdownParameters</fct>
-            <fct>SetProcessWorkingSetSize</fct>
-            <fct>SetProcessWorkingSetSizeEx</fct>
-            <fct>SetThreadAffinityMask</fct>
-            <fct>SetThreadGroupAffinity</fct>
-            <fct>SetThreadIdealProcessor</fct>
-            <fct>SetThreadIdealProcessorEx</fct>
-            <fct>SetThreadInformation</fct>
-            <fct>SetThreadpoolCallbackCleanupGroup</fct>
-            <fct>SetThreadpoolCallbackLibrary</fct>
-            <fct>SetThreadpoolCallbackPersistent</fct>
-            <fct>SetThreadpoolCallbackPool</fct>
-            <fct>SetThreadpoolCallbackPriority</fct>
-            <fct>SetThreadpoolCallbackRunsLong</fct>
-            <fct>SetThreadpoolStackInformation</fct>
-            <fct>SetThreadpoolThreadMaximum</fct>
-            <fct>SetThreadpoolThreadMinimum</fct>
-            <fct>SetThreadpoolTimer</fct>
-            <fct>SetThreadpoolWait</fct>
-            <fct>SetThreadPriority</fct>
-            <fct>SetThreadPriorityBoost</fct>
-            <fct>SetThreadStackGuarantee</fct>
-            <fct>SetUmsThreadInformation</fct>
-            <fct>SimpleCallback</fct>
-            <fct>Sleep</fct>
-            <fct>SleepEx</fct>
-            <fct>StartThreadpoolIo</fct>
-            <fct>SubmitThreadpoolWork</fct>
-            <fct>SuspendThread</fct>
-            <fct>SwitchToFiber</fct>
-            <fct>SwitchToThread</fct>
-            <fct>TerminateJobObject</fct>
-            <fct>TerminateProcess</fct>
-            <fct>TerminateThread</fct>
-            <fct>ThreadProc</fct>
-            <fct>TimerCallback</fct>
-            <fct>TlsAlloc</fct>
-            <fct>TlsFree</fct>
-            <fct>TlsGetValue</fct>
-            <fct>TlsSetValue</fct>
-            <fct>TpInitializeCallbackEnviron</fct>
-            <fct>TpDestroyCallbackEnviron</fct>
-            <fct>TpSetCallbackActivationContext</fct>
-            <fct>TpSetCallbackCleanupGroup</fct>
-            <fct>TpSetCallbackFinalizationCallback</fct>
-            <fct>TpSetCallbackLongFunction</fct>
-            <fct>TpSetCallbackNoActivationContext</fct>
-            <fct>TpSetCallbackPersistent</fct>
-            <fct>TpSetCallbackPriority</fct>
-            <fct>TpSetCallbackRaceWithDll</fct>
-            <fct>TpSetCallbackThreadpool</fct>
-            <fct>TrySubmitThreadpoolCallback</fct>
-            <fct>UmsSchedulerProc</fct>
-            <fct>UmsThreadYield</fct>
-            <fct>UpdateProcThreadAttribute</fct>
-            <fct>UserHandleGrantAccess</fct>
-            <fct>WaitCallback</fct>
-            <fct>WaitForInputIdle</fct>
-            <fct>WaitForThreadpoolIoCallbacks</fct>
-            <fct>WaitForThreadpoolTimerCallbacks</fct>
-            <fct>WaitForThreadpoolWaitCallbacks</fct>
-            <fct>WaitForThreadpoolWorkCallbacks</fct>
-            <fct>WinExec</fct>
-            <fct>WorkCallback</fct>
-            <fct>Wow64SuspendThread</fct>
-            <fct>ZwQueryInformationProcess</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4024"
-             text="WinHTTP"
-             url="http://msdn.microsoft.com/en-us/lib/windows/desktop/aa384257(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>WinHttpAddRequestHeaders</fct>
-            <fct>WinHttpCheckPlatform</fct>
-            <fct>WinHttpCloseHandle</fct>
-            <fct>WinHttpConnect</fct>
-            <fct>WinHttpCrackUrl</fct>
-            <fct>WinHttpCreateProxyResolver</fct>
-            <fct>WinHttpCreateUrl</fct>
-            <fct>WinHttpDetectAutoProxyConfigUrl</fct>
-            <fct>WinHttpFreeProxyResult</fct>
-            <fct>WinHttpGetDefaultProxyConfiguration</fct>
-            <fct>WinHttpGetIEProxyConfigForCurrentUser</fct>
-            <fct>WinHttpGetProxyForUrl</fct>
-            <fct>WinHttpGetProxyForUrlEx</fct>
-            <fct>WinHttpGetProxyResult</fct>
-            <fct>WinHttpOpen</fct>
-            <fct>WinHttpOpenRequest</fct>
-            <fct>WinHttpQueryAuthSchemes</fct>
-            <fct>WinHttpQueryDataAvailable</fct>
-            <fct>WinHttpQueryHeaders</fct>
-            <fct>WinHttpQueryOption</fct>
-            <fct>WinHttpReadData</fct>
-            <fct>WinHttpReceiveResponse</fct>
-            <fct>WinHttpResetAutoProxy</fct>
-            <fct>WinHttpSendRequest</fct>
-            <fct>WinHttpSetCredentials</fct>
-            <fct>WinHttpSetDefaultProxyConfiguration</fct>
-            <fct>WinHttpSetOption</fct>
-            <fct>WinHttpSetStatusCallback</fct>
-            <fct>WinHttpSetTimeouts</fct>
-            <fct>WinHttpTimeFromSystemTime</fct>
-            <fct>WinHttpTimeToSystemTime</fct>
-            <fct>WinHttpWriteData</fct>
-            <fct>WinHttpWebSocketClose</fct>
-            <fct>WinHttpWebSocketCompleteUpgrade</fct>
-            <fct>WinHttpWebSocketQueryCloseStatus</fct>
-            <fct>WinHttpWebSocketReceive</fct>
-            <fct>WinHttpWebSocketSend</fct>
-            <fct>WinHttpWebSocketShutdown</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-
-    <feature
-        id="4025"
-        text="Zw Routines"
-        url="http://msdn.microsoft.com/en-us/lib/windows/hardware/ff567122(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>ZwAllocateLocallyUniqueId</fct>
-            <fct>ZwAllocateVirtualMemory</fct>
-            <fct>ZwClose</fct>
-            <fct>ZwCreateDirectoryObject</fct>
-            <fct>ZwCreateEvent</fct>
-            <fct>ZwCreateFile</fct>
-            <fct>ZwCreateKey</fct>
-            <fct>ZwCreateKeyTransacted</fct>
-            <fct>ZwCreateSection</fct>
-            <fct>ZwCurrentProcess</fct>
-            <fct>ZwCurrentThread</fct>
-            <fct>ZwDeleteFile</fct>
-            <fct>ZwDeleteKey</fct>
-            <fct>ZwDeleteValueKey</fct>
-            <fct>ZwDeviceIoControlFile</fct>
-            <fct>ZwDuplicateObject</fct>
-            <fct>ZwDuplicateToken</fct>
-            <fct>ZwEnumerateKey</fct>
-            <fct>ZwEnumerateValueKey</fct>
-            <fct>ZwFlushBuffersFile</fct>
-            <fct>ZwFlushBuffersFileEx</fct>
-            <fct>ZwFlushKey</fct>
-            <fct>ZwFlushVirtualMemory</fct>
-            <fct>ZwFreeVirtualMemory</fct>
-            <fct>ZwFsControlFile</fct>
-            <fct>ZwLoadDriver</fct>
-            <fct>ZwLockFile</fct>
-            <fct>ZwMakeTemporaryObject</fct>
-            <fct>ZwMapViewOfSection</fct>
-            <fct>ZwNotifyChangeKey</fct>
-            <fct>ZwOpenDirectoryObject</fct>
-            <fct>ZwOpenEvent</fct>
-            <fct>ZwOpenFile</fct>
-            <fct>ZwOpenKey</fct>
-            <fct>ZwOpenKeyEx</fct>
-            <fct>ZwOpenKeyTransacted</fct>
-            <fct>ZwOpenKeyTransactedEx</fct>
-            <fct>ZwOpenProcess</fct>
-            <fct>ZwOpenProcessTokenEx</fct>
-            <fct>ZwOpenSection</fct>
-            <fct>ZwOpenSymbolicLinkObject</fct>
-            <fct>ZwOpenThreadTokenEx</fct>
-            <fct>ZwQueryDirectoryFile</fct>
-            <fct>ZwQueryEaFile</fct>
-            <fct>ZwQueryFullAttributesFile</fct>
-            <fct>ZwQueryInformationFile</fct>
-            <fct>ZwQueryInformationToken</fct>
-            <fct>ZwQueryKey</fct>
-            <fct>ZwQueryObject</fct>
-            <fct>ZwQueryQuotaInformationFile</fct>
-            <fct>ZwQuerySecurityObject</fct>
-            <fct>ZwQuerySymbolicLinkObject</fct>
-            <fct>ZwQueryValueKey</fct>
-            <fct>ZwQueryVolumeInformationFile</fct>
-            <fct>ZwReadFile</fct>
-            <fct>ZwSetEaFile</fct>
-            <fct>ZwSetEvent</fct>
-            <fct>ZwSetInformationFile</fct>
-            <fct>ZwSetInformationThread</fct>
-            <fct>ZwSetInformationToken</fct>
-            <fct>ZwSetQuotaInformationFile</fct>
-            <fct>ZwSetSecurityObject</fct>
-            <fct>ZwSetValueKey</fct>
-            <fct>ZwSetVolumeInformationFile</fct>
-            <fct>ZwTerminateProcess</fct>
-            <fct>ZwUnloadDriver</fct>
-            <fct>ZwUnlockFile</fct>
-            <fct>ZwUnmapViewOfSection</fct>
-            <fct>ZwWaitForSingleObject</fct>
-            <fct>ZwWriteFile</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-        id="4026"
-        text="Rtl Routines"
-        url="http://msdn.microsoft.com/en-us/lib/windows/hardware/ff553354(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>RtlAbsoluteToSelfRelativeSD</fct>
-            <fct>RtlAddAccessAllowedAce</fct>
-            <fct>RtlAddAccessAllowedAceEx</fct>
-            <fct>RtlAddAce</fct>
-            <fct>RtlAllocateAndInitializeSid</fct>
-            <fct>RtlAllocateHeap</fct>
-            <fct>RtlAppendStringToString</fct>
-            <fct>RtlCaptureContext</fct>
-            <fct>RtlCaptureStackBackTrace</fct>
-            <fct>RtlCompareMemoryUlong</fct>
-            <fct>RtlCompressBuffer</fct>
-            <fct>RtlComputeCrc32</fct>
-            <fct>RtlCompressChunks</fct>
-            <fct>RtlConvertSidToUnicodeString</fct>
-            <fct>RtlCopyLuid</fct>
-            <fct>RtlCopySid</fct>
-            <fct>RtlCreateAcl</fct>
-            <fct>RtlCreateHeap</fct>
-            <fct>RtlCreateSecurityDescriptorRelative</fct>
-            <fct>RtlCreateSystemVolumeInformationFolder</fct>
-            <fct>RtlCreateUnicodeString</fct>
-            <fct>RtlCustomCPToUnicodeN</fct>
-            <fct>RtlDecompressBuffer</fct>
-            <fct>RtlDecompressBufferEx</fct>
-            <fct>RtlDecompressChunks</fct>
-            <fct>RtlDecompressFragment</fct>
-            <fct>RtlDelete</fct>
-            <fct>RtlDeleteAce</fct>
-            <fct>RtlDeleteNoSplay</fct>
-            <fct>RtlDeleteElementGenericTable</fct>
-            <fct>RtlDeleteElementGenericTableAvl</fct>
-            <fct>RtlDescribeChunk</fct>
-            <fct>RtlDestroyHeap</fct>
-            <fct>RtlDowncaseUnicodeString</fct>
-            <fct>RtlEnumerateGenericTable</fct>
-            <fct>RtlEnumerateGenericTableAvl</fct>
-            <fct>RtlEnumerateGenericTableLikeADirectory</fct>
-            <fct>RtlEnumerateGenericTableWithoutSplaying</fct>
-            <fct>RtlEnumerateGenericTableWithoutSplayingAvl</fct>
-            <fct>RtlEqualPrefixSid</fct>
-            <fct>RtlEqualSid</fct>
-            <fct>RtlFillMemoryUlong</fct>
-            <fct>RtlFillMemoryUlonglong</fct>
-            <fct>RtlFindUnicodePrefix</fct>
-            <fct>RtlFreeHeap</fct>
-            <fct>RtlFreeOemString</fct>
-            <fct>RtlFreeSid</fct>
-            <fct>RtlGenerate8dot3Name</fct>
-            <fct>RtlGetAce</fct>
-            <fct>RtlGetCompressionWorkSpaceSize</fct>
-            <fct>RtlGetDaclSecurityDescriptor</fct>
-            <fct>RtlGetElementGenericTable</fct>
-            <fct>RtlGetElementGenericTableAvl</fct>
-            <fct>RtlGetGroupSecurityDescriptor</fct>
-            <fct>RtlGetOwnerSecurityDescriptor</fct>
-            <fct>RtlGetSaclSecurityDescriptor</fct>
-            <fct>RtlIdentifierAuthoritySid</fct>
-            <fct>RtlInitCodePageTable</fct>
-            <fct>RtlInitializeGenericTable</fct>
-            <fct>RtlInitializeGenericTableAvl</fct>
-            <fct>RtlInitializeSid</fct>
-            <fct>RtlInitializeSplayLinks</fct>
-            <fct>RtlInitializeUnicodePrefix</fct>
-            <fct>RtlInsertAsLeftChild</fct>
-            <fct>RtlInsertAsRightChild</fct>
-            <fct>RtlInsertElementGenericTable</fct>
-            <fct>RtlInsertElementGenericTableAvl</fct>
-            <fct>RtlInsertElementGenericTableFullAvl</fct>
-            <fct>RtlInsertUnicodePrefix</fct>
-            <fct>RtlIsGenericTableEmpty</fct>
-            <fct>RtlIsGenericTableEmptyAvl</fct>
-            <fct>RtlIsLeftChild</fct>
-            <fct>RtlIsNameLegalDOS8Dot3</fct>
-            <fct>RtlIsRightChild</fct>
-            <fct>RtlIsRoot</fct>
-            <fct>RtlIsValidOemCharacter</fct>
-            <fct>RtlLeftChild</fct>
-            <fct>RtlLengthRequiredSid</fct>
-            <fct>RtlLengthSid</fct>
-            <fct>RtlLookupElementGenericTable</fct>
-            <fct>RtlLookupElementGenericTableAvl</fct>
-            <fct>RtlLookupElementGenericTableFullAvl</fct>
-            <fct>RtlLookupFirstMatchingElementGenericTableAvl</fct>
-            <fct>RtlMultiByteToUnicodeN</fct>
-            <fct>RtlMultiByteToUnicodeSize</fct>
-            <fct>RtlNextUnicodePrefix</fct>
-            <fct>RtlNtStatusToDosError</fct>
-            <fct>RtlNtStatusToDosErrorNoTeb</fct>
-            <fct>RtlNumberGenericTableElements</fct>
-            <fct>RtlNumberGenericTableElementsAvl</fct>
-            <fct>RtlOemStringToCountedUnicodeSize</fct>
-            <fct>RtlOemStringToCountedUnicodeString</fct>
-            <fct>RtlOemStringToUnicodeSize</fct>
-            <fct>RtlxOemStringToUnicodeSize</fct>
-            <fct>RtlOemStringToUnicodeString</fct>
-            <fct>RtlOemToUnicodeN</fct>
-            <fct>RtlOffsetToPointer</fct>
-            <fct>RtlParent</fct>
-            <fct>RtlPointerToOffset</fct>
-            <fct>RtlRandom</fct>
-            <fct>RtlRandomEx</fct>
-            <fct>RtlRealPredecessor</fct>
-            <fct>RtlRealSuccessor</fct>
-            <fct>RtlRemoveUnicodePrefix</fct>
-            <fct>RtlReserveChunk</fct>
-            <fct>RtlRightChild</fct>
-            <fct>RtlSecondsSince1970ToTime</fct>
-            <fct>RtlSecondsSince1980ToTime</fct>
-            <fct>RtlSelfRelativeToAbsoluteSD</fct>
-            <fct>RtlSetGroupSecurityDescriptor</fct>
-            <fct>RtlSetOwnerSecurityDescriptor</fct>
-            <fct>RtlSplay</fct>
-            <fct>RtlSubAuthorityCountSid</fct>
-            <fct>RtlSubAuthoritySid</fct>
-            <fct>RtlSubtreePredecessor</fct>
-            <fct>RtlSubtreeSuccessor</fct>
-            <fct>RtlTimeToSecondsSince1970</fct>
-            <fct>RtlTimeToSecondsSince1980</fct>
-            <fct>RtlUnicodeStringToAnsiSize</fct>
-            <fct>RtlUnicodeStringToCountedOemString</fct>
-            <fct>RtlUnicodeStringToOemSize</fct>
-            <fct>RtlxUnicodeStringToOemSize</fct>
-            <fct>RtlUnicodeStringToOemString</fct>
-            <fct>RtlUnicodeToCustomCPN</fct>
-            <fct>RtlUnicodeToMultiByteN</fct>
-            <fct>RtlUnicodeToMultiByteSize</fct>
-            <fct>RtlUnicodeToOemN</fct>
-            <fct>RtlUpcaseUnicodeStringToCountedOemString</fct>
-            <fct>RtlUpcaseUnicodeStringToOemString</fct>
-            <fct>RtlUpcaseUnicodeToCustomCPN</fct>
-            <fct>RtlUpcaseUnicodeToMultiByteN</fct>
-            <fct>RtlUpcaseUnicodeToOemN</fct>
-            <fct>RtlValidSid</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-        id="4027"
-        text="Nt Routines"
-        url="http://msdn.microsoft.com/en-us/lib/windows/hardware/ff557720(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>NtAcceptConnectPort</fct>
-            <fct>NtAllocateLocallyUniqueId</fct>
-            <fct>NtAllocateVirtualMemory</fct>
-            <fct>NtAdjustPrivilegesToken</fct>
-            <fct>NtClose</fct>
-            <fct>NtCommitComplete</fct>
-            <fct>NtCommitEnlistment</fct>
-            <fct>NtCommitTransaction</fct>
-            <fct>NtCompleteConnectPort</fct>
-            <fct>NtCreateDirectoryObject</fct>
-            <fct>NtCreateEnlistment</fct>
-            <fct>NtCreateEvent</fct>
-            <fct>NtCreateFile</fct>
-            <fct>NtCreateKey</fct>
-            <fct>NtCreateResourceManager</fct>
-            <fct>NtCreateSection</fct>
-            <fct>NtCreateTransaction</fct>
-            <fct>NtCreateTransactionManager</fct>
-            <fct>NtCreateWaitablePort</fct>
-            <fct>NtCurrentProcess</fct>
-            <fct>NtCurrentTeb</fct>
-            <fct>NtCurrentThread</fct>
-            <fct>NtDeleteFile</fct>
-            <fct>NtDeleteKey</fct>
-            <fct>NtDeleteValueKey</fct>
-            <fct>NtDeviceIoControlFile</fct>
-            <fct>NtDuplicateObject</fct>
-            <fct>NtDuplicateToken</fct>
-            <fct>NtEnumerateKey</fct>
-            <fct>NtEnumerateTransactionObject</fct>
-            <fct>NtEnumerateValueKey</fct>
-            <fct>NtFlushBuffersFile</fct>
-            <fct>NtFlushBuffersFileEx</fct>
-            <fct>NtFlushKey</fct>
-            <fct>NtFlushVirtualMemory</fct>
-            <fct>NtFreeVirtualMemory</fct>
-            <fct>NtFsControlFile</fct>
-            <fct>NtGetNotificationResourceManager</fct>
-            <fct>NtLoadDriver</fct>
-            <fct>NtLockFile</fct>
-            <fct>NtMakeTemporaryObject</fct>
-            <fct>NtMapViewOfSection</fct>
-            <fct>NtNotifyChangeKey</fct>
-            <fct>NtOpenDirectoryObject</fct>
-            <fct>NtOpenEnlistment</fct>
-            <fct>NtOpenEvent</fct>
-            <fct>NtOpenFile</fct>
-            <fct>NtOpenKey</fct>
-            <fct>NtOpenProcess</fct>
-            <fct>NtOpenProcessTokenEx</fct>
-            <fct>NtOpenResourceManager</fct>
-            <fct>NtOpenSection</fct>
-            <fct>NtOpenSymbolicLinkObject</fct>
-            <fct>NtOpenThreadTokenEx</fct>
-            <fct>NtOpenTransaction</fct>
-            <fct>NtOpenTransactionManager</fct>
-            <fct>NtReplyPort</fct>
-            <fct>NtReplyWaitReceivePort</fct>
-            <fct>NtPrepareComplete</fct>
-            <fct>NtPrepareEnlistment</fct>
-            <fct>NtPrePrepareComplete</fct>
-            <fct>NtPrePrepareEnlistment</fct>
-            <fct>NtQueryDirectoryFile</fct>
-            <fct>NtQueryFullAttributesFile</fct>
-            <fct>NtQueryInformationEnlistment</fct>
-            <fct>NtQueryInformationFile</fct>
-            <fct>NtQueryInformationResourceManager</fct>
-            <fct>NtQueryInformationToken</fct>
-            <fct>NtQueryInformationTransaction</fct>
-            <fct>NtQueryInformationTransactionManager</fct>
-            <fct>NtQueryKey</fct>
-            <fct>NtQueryObject</fct>
-            <fct>NtQueryQuotaInformationFile</fct>
-            <fct>NtQuerySecurityObject</fct>
-            <fct>NtQuerySymbolicLinkObject</fct>
-            <fct>NtQueryValueKey</fct>
-            <fct>NtQueryVolumeInformationFile</fct>
-            <fct>NtReadFile</fct>
-            <fct>NtReadOnlyEnlistment</fct>
-            <fct>NtRecoverEnlistment</fct>
-            <fct>NtRecoverResourceManager</fct>
-            <fct>NtRecoverTransactionManager</fct>
-            <fct>NtRenameTransactionManager</fct>
-            <fct>NtRollbackComplete</fct>
-            <fct>NtRollbackEnlistment</fct>
-            <fct>NtRollbackTransaction</fct>
-            <fct>NtRollforwardTransactionManager</fct>
-            <fct>NtSetEvent</fct>
-            <fct>NtSetInformationEnlistment</fct>
-            <fct>NtSetInformationFile</fct>
-            <fct>NtSetInformationResourceManager</fct>
-            <fct>NtSetInformationThread</fct>
-            <fct>NtSetInformationToken</fct>
-            <fct>NtSetInformationTransaction</fct>
-            <fct>NtSetInformationTransactionManager</fct>
-            <fct>NtSetQuotaInformationFile</fct>
-            <fct>NtSetSecurityObject</fct>
-            <fct>NtSetValueKey</fct>
-            <fct>NtSetVolumeInformationFile</fct>
-            <fct>NtSinglePhaseReject</fct>
-            <fct>NtTerminateProcess</fct>
-            <fct>NtUnloadDriver</fct>
-            <fct>NtUnlockFile</fct>
-            <fct>NtUnmapViewOfSection</fct>
-            <fct>NtWaitForSingleObject</fct>
-            <fct>NtWriteFile</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature id="4028"
-text="DHCP Server Management"
-url="http://msdn.microsoft.com/en-us/lib/windows/desktop/aa363379(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>DhcpAddFilterV4</fct>
-            <fct>DhcpAddServer</fct>
-            <fct>DhcpAddSubnetElement</fct>
-            <fct>DhcpAddSubnetElementV4</fct>
-            <fct>DhcpAddSubnetElementV5</fct>
-            <fct>DhcpAuditLogGetParams</fct>
-            <fct>DhcpAuditLogSetParams</fct>
-            <fct>DhcpCreateClass</fct>
-            <fct>DhcpCreateClientInfo</fct>
-            <fct>DhcpCreateClientInfoV4</fct>
-            <fct>DhcpCreateClientInfoVQ</fct>
-            <fct>DhcpCreateOption</fct>
-            <fct>DhcpCreateOptionV5</fct>
-            <fct>DhcpCreateSubnet</fct>
-            <fct>DhcpCreateSubnetVQ</fct>
-            <fct>DhcpDeleteClass</fct>
-            <fct>DhcpDeleteClientInfo</fct>
-            <fct>DhcpDeleteFilterV4</fct>
-            <fct>DhcpDeleteServer</fct>
-            <fct>DhcpDeleteSubnet</fct>
-            <fct>DhcpDeleteSuperScopeV4</fct>
-            <fct>DhcpDsCleanup</fct>
-            <fct>DhcpDsInit</fct>
-            <fct>DhcpEnumClasses</fct>
-            <fct>DhcpEnumFilterV4</fct>
-            <fct>DhcpEnumOptions</fct>
-            <fct>DhcpEnumOptionsV5</fct>
-            <fct>DhcpEnumOptionValues</fct>
-            <fct>DhcpEnumOptionValuesV5</fct>
-            <fct>DhcpEnumServers</fct>
-            <fct>DhcpEnumSubnetClients</fct>
-            <fct>DhcpEnumSubnetClientsV4</fct>
-            <fct>DhcpEnumSubnetClientsV5</fct>
-            <fct>DhcpEnumSubnetClientsVQ</fct>
-            <fct>DhcpEnumSubnetClientsFilterStatusInfo</fct>
-            <fct>DhcpEnumSubnetElements</fct>
-            <fct>DhcpEnumSubnetElementsV4</fct>
-            <fct>DhcpEnumSubnetElementsV5</fct>
-            <fct>DhcpEnumSubnets</fct>
-            <fct>DhcpGetAllOptions</fct>
-            <fct>DhcpGetAllOptionValues</fct>
-            <fct>DhcpGetClassInfo</fct>
-            <fct>DhcpGetClientInfo</fct>
-            <fct>DhcpGetClientInfoV4</fct>
-            <fct>DhcpGetClientInfoVQ</fct>
-            <fct>DhcpGetClientOptions</fct>
-            <fct>DhcpGetFilterV4</fct>
-            <fct>DhcpGetMibInfoV5</fct>
-            <fct>DhcpGetOptionInfo</fct>
-            <fct>DhcpGetOptionInfoV5</fct>
-            <fct>DhcpGetOptionValue</fct>
-            <fct>DhcpGetOptionValueV5</fct>
-            <fct>DhcpGetServerBindingInfo</fct>
-            <fct>DhcpGetServerSpecificStrings</fct>
-            <fct>DhcpGetSubnetDelayOffer</fct>
-            <fct>DhcpGetSubnetInfo</fct>
-            <fct>DhcpGetSubnetInfoVQ</fct>
-            <fct>DhcpGetSuperScopeInfoV4</fct>
-            <fct>DhcpGetVersion</fct>
-            <fct>DhcpGetThreadOptions</fct>
-            <fct>DhcpHlprAddV4PolicyCondition</fct>
-            <fct>DhcpHlprAddV4PolicyExpr</fct>
-            <fct>DhcpHlprAddV4PolicyRange</fct>
-            <fct>DhcpHlprCreateV4Policy</fct>
-            <fct>DhcpHlprFreeV4Policy</fct>
-            <fct>DhcpHlprIsV4PolicySingleUC</fct>
-            <fct>DhcpHlprIsV4PolicyValid</fct>
-            <fct>DhcpHlprIsV4PolicyWellFormed</fct>
-            <fct>DhcpHlprModifyV4PolicyExpr</fct>
-            <fct>DhcpHlprResetV4PolicyExpr</fct>
-            <fct>DhcpModifyClass</fct>
-            <fct>DhcpRemoveOption</fct>
-            <fct>DhcpRemoveOptionV5</fct>
-            <fct>DhcpRemoveOptionValue</fct>
-            <fct>DhcpRemoveOptionValueV5</fct>
-            <fct>DhcpRemoveSubnetElement</fct>
-            <fct>DhcpRemoveSubnetElementV4</fct>
-            <fct>DhcpRemoveSubnetElementV5</fct>
-            <fct>DhcpRpcFreeMemory</fct>
-            <fct>DhcpScanDatabase</fct>
-            <fct>DhcpServerBackupDatabase</fct>
-            <fct>DhcpServerGetConfig</fct>
-            <fct>DhcpServerGetConfigV4</fct>
-            <fct>DhcpServerGetConfigVQ</fct>
-            <fct>DhcpServerQueryAttribute</fct>
-            <fct>DhcpServerQueryAttributes</fct>
-            <fct>DhcpServerQueryDnsRegCredentials</fct>
-            <fct>DhcpServerRedoAuthorization</fct>
-            <fct>DhcpServerRestoreDatabase</fct>
-            <fct>DhcpServerSetConfig</fct>
-            <fct>DhcpServerSetConfigV4</fct>
-            <fct>DhcpServerSetConfigVQ</fct>
-            <fct>DhcpServerSetDnsRegCredentialsV5</fct>
-            <fct>DhcpSetClientInfo</fct>
-            <fct>DhcpSetClientInfoV4</fct>
-            <fct>DhcpSetClientInfoVQ</fct>
-            <fct>DhcpSetFilterV4</fct>
-            <fct>DhcpSetOptionInfo</fct>
-            <fct>DhcpSetOptionInfoV5</fct>
-            <fct>DhcpSetOptionValue</fct>
-            <fct>DhcpSetOptionValueV5</fct>
-            <fct>DhcpSetOptionValues</fct>
-            <fct>DhcpSetOptionValuesV5</fct>
-            <fct>DhcpSetServerBindingInfo</fct>
-            <fct>DhcpSetSubnetDelayOffer</fct>
-            <fct>DhcpSetSubnetInfo</fct>
-            <fct>DhcpSetSubnetInfoVQ</fct>
-            <fct>DhcpSetSuperScopeV4</fct>
-            <fct>DhcpSetThreadOptions</fct>
-            <fct>DhcpV4FailoverAddScopeToRelationship</fct>
-            <fct>DhcpV4FailoverCreateRelationship</fct>
-            <fct>DhcpV4FailoverDeleteRelationship</fct>
-            <fct>DhcpV4FailoverDeleteScopeFromRelationship</fct>
-            <fct>DhcpV4FailoverEnumRelationship</fct>
-            <fct>DhcpV4FailoverGetAddressStatus</fct>
-            <fct>DhcpV4FailoverGetClientInfo</fct>
-            <fct>DhcpV4FailoverGetRelationship</fct>
-            <fct>DhcpV4FailoverGetScopeRelationship</fct>
-            <fct>DhcpV4FailoverGetScopeStatistics</fct>
-            <fct>DhcpV4FailoverGetSystemTime</fct>
-            <fct>DhcpV4FailoverSetRelationship</fct>
-            <fct>DhcpV4FailoverTriggerAddrAllocation</fct>
-            <fct>DhcpV4GetFreeIPAddress</fct>
-            <fct>DhcpV4EnumSubnetClients</fct>
-            <fct>DhcpV4EnumSubnetReservations</fct>
-            <fct>DhcpV4CreateClientInfo</fct>
-            <fct>DhcpV4GetClientInfo</fct>
-            <fct>DhcpV4RemoveOptionValue</fct>
-            <fct>DhcpV4GetAllOptionValues</fct>
-            <fct>DhcpV4SetOptionValues</fct>
-            <fct>DhcpV4SetOptionValue</fct>
-            <fct>DhcpV4GetOptionValue</fct>
-            <fct>DhcpV4CreatePolicy</fct>
-            <fct>DhcpV4EnumPolicies</fct>
-            <fct>DhcpV4GetPolicy</fct>
-            <fct>DhcpV4SetPolicy</fct>
-            <fct>DhcpV4DeletePolicy</fct>
-            <fct>DhcpV4SetPolicyEnforcement</fct>
-            <fct>DhcpV4QueryPolicyEnforcement</fct>
-            <fct>DhcpV4AddPolicyRange</fct>
-            <fct>DhcpV4RemovePolicyRange</fct>
-            <fct>DhcpAddSubnetElementV6</fct>
-            <fct>DhcpCreateClassV6</fct>
-            <fct>DhcpCreateOptionV6</fct>
-            <fct>DhcpCreateSubnetV6</fct>
-            <fct>DhcpDeleteClassV6</fct>
-            <fct>DhcpDeleteClientInfoV6</fct>
-            <fct>DhcpDeleteSubnetV6</fct>
-            <fct>DhcpEnumClassesV6</fct>
-            <fct>DhcpEnumOptionsV6</fct>
-            <fct>DhcpEnumOptionValuesV6</fct>
-            <fct>DhcpEnumSubnetsV6</fct>
-            <fct>DhcpEnumSubnetClientsV6</fct>
-            <fct>DhcpEnumSubnetElementsV6</fct>
-            <fct>DhcpGetAllOptionsV6</fct>
-            <fct>DhcpGetAllOptionValuesV6</fct>
-            <fct>DhcpGetClientInfoV6</fct>
-            <fct>DhcpGetMibInfoV6</fct>
-            <fct>DhcpGetOptionInfoV6</fct>
-            <fct>DhcpGetOptionValueV6</fct>
-            <fct>DhcpGetServerBindingInfoV6</fct>
-            <fct>DhcpGetSubnetInfoV6</fct>
-            <fct>DhcpModifyClassV6</fct>
-            <fct>DhcpRemoveOptionV6</fct>
-            <fct>DhcpRemoveOptionValueV6</fct>
-            <fct>DhcpRemoveSubnetElementV6</fct>
-            <fct>DhcpServerGetConfigV6</fct>
-            <fct>DhcpServerSetConfigV6</fct>
-            <fct>DhcpSetClientInfoV6</fct>
-            <fct>DhcpSetOptionInfoV6</fct>
-            <fct>DhcpSetOptionValueV6</fct>
-            <fct>DhcpSetServerBindingInfoV6</fct>
-            <fct>DhcpSetSubnetInfoV6</fct>
-            <fct>DhcpV6CreateClientInfo</fct>
-            <fct>DhcpV6GetFreeIPAddress</fct>
-            <fct>DhcpV6GetStatelessStatistics</fct>
-            <fct>DhcpV6GetStatelessStoreParams</fct>
-            <fct>DhcpV6SetStatelessStoreParams</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-id="4029"
-text="Network Management"
-url="http://msdn.microsoft.com/en-us/lib/windows/desktop/aa370675(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>GetNetScheduleAccountInformation</fct>
-            <fct>NetAccessAdd</fct>
-            <fct>NetAccessCheck</fct>
-            <fct>NetAccessDel</fct>
-            <fct>NetAccessEnum</fct>
-            <fct>NetAccessGetInfo</fct>
-            <fct>NetAccessGetUserPerms</fct>
-            <fct>NetAccessSetInfo</fct>
-            <fct>NetAddAlternateComputerName</fct>
-            <fct>NetAlertRaise</fct>
-            <fct>NetAlertRaiseEx</fct>
-            <fct>NetApiBufferAllocate</fct>
-            <fct>NetApiBufferFree</fct>
-            <fct>NetApiBufferReallocate</fct>
-            <fct>NetApiBufferSize</fct>
-            <fct>NetAuditClear</fct>
-            <fct>NetAuditRead</fct>
-            <fct>NetAuditWrite</fct>
-            <fct>NetConfigGet</fct>
-            <fct>NetConfigGetAll</fct>
-            <fct>NetConfigSet</fct>
-            <fct>NetCreateProvisioningPackage</fct>
-            <fct>NetEnumerateComputerNames</fct>
-            <fct>NetErrorLogClear</fct>
-            <fct>NetErrorLogRead</fct>
-            <fct>NetErrorLogWrite</fct>
-            <fct>NetGetAnyDCName</fct>
-            <fct>NetGetDCName</fct>
-            <fct>NetGetDisplayInformationIndex</fct>
-            <fct>NetGetJoinableOUs</fct>
-            <fct>NetGetJoinInformation</fct>
-            <fct>NetGroupAdd</fct>
-            <fct>NetGroupAddUser</fct>
-            <fct>NetGroupDel</fct>
-            <fct>NetGroupDelUser</fct>
-            <fct>NetGroupEnum</fct>
-            <fct>NetGroupGetInfo</fct>
-            <fct>NetGroupGetUsers</fct>
-            <fct>NetGroupSetInfo</fct>
-            <fct>NetGroupSetUsers</fct>
-            <fct>NetJoinDomain</fct>
-            <fct>NetLocalGroupAdd</fct>
-            <fct>NetLocalGroupAddMember</fct>
-            <fct>NetLocalGroupAddMembers</fct>
-            <fct>NetLocalGroupDel</fct>
-            <fct>NetLocalGroupDelMember</fct>
-            <fct>NetLocalGroupDelMembers</fct>
-            <fct>NetLocalGroupEnum</fct>
-            <fct>NetLocalGroupGetInfo</fct>
-            <fct>NetLocalGroupGetMembers</fct>
-            <fct>NetLocalGroupSetInfo</fct>
-            <fct>NetLocalGroupSetMembers</fct>
-            <fct>NetLogonSetServiceBits</fct>
-            <fct>NetMessageBufferSend</fct>
-            <fct>NetMessageNameAdd</fct>
-            <fct>NetMessageNameDel</fct>
-            <fct>NetMessageNameEnum</fct>
-            <fct>NetMessageNameGetInfo</fct>
-            <fct>NetProvisionComputerAccount</fct>
-            <fct>NetQueryDisplayInformation</fct>
-            <fct>NetRemoveAlternateComputerName</fct>
-            <fct>NetRemoteComputerSupports</fct>
-            <fct>NetRemoteTOD</fct>
-            <fct>NetRenameMachineInDomain</fct>
-            <fct>NetRequestOfflineDomainJoin</fct>
-            <fct>NetRequestProvisioningPackageInstall</fct>
-            <fct>NetScheduleJobAdd</fct>
-            <fct>NetScheduleJobDel</fct>
-            <fct>NetScheduleJobEnum</fct>
-            <fct>NetScheduleJobGetInfo</fct>
-            <fct>NetServerComputerNameAdd</fct>
-            <fct>NetServerComputerNameDel</fct>
-            <fct>NetServerDiskEnum</fct>
-            <fct>NetServerEnum</fct>
-            <fct>NetServerGetInfo</fct>
-            <fct>NetServerSetInfo</fct>
-            <fct>NetServerTransportAdd</fct>
-            <fct>NetServerTransportAddEx</fct>
-            <fct>NetServerTransportDel</fct>
-            <fct>NetServerTransportEnum</fct>
-            <fct>NetServiceControl</fct>
-            <fct>NetServiceEnum</fct>
-            <fct>NetServiceGetInfo</fct>
-            <fct>NetServiceInstall</fct>
-            <fct>NetSetPrimaryComputerName</fct>
-            <fct>NetUnjoinDomain</fct>
-            <fct>NetUseAdd</fct>
-            <fct>NetUseDel</fct>
-            <fct>NetUseEnum</fct>
-            <fct>NetUseGetInfo</fct>
-            <fct>NetUserAdd</fct>
-            <fct>NetUserChangePassword</fct>
-            <fct>NetUserDel</fct>
-            <fct>NetUserEnum</fct>
-            <fct>NetUserGetGroups</fct>
-            <fct>NetUserGetInfo</fct>
-            <fct>NetUserGetLocalGroups</fct>
-            <fct>NetUserModalsGet</fct>
-            <fct>NetUserModalsSet</fct>
-            <fct>NetUserSetGroups</fct>
-            <fct>NetUserSetInfo</fct>
-            <fct>NetValidateName</fct>
-            <fct>NetValidatePasswordPolicyFree</fct>
-            <fct>NetValidatePasswordPolicy</fct>
-            <fct>NetWkstaGetInfo</fct>
-            <fct>NetWkstaSetInfo</fct>
-            <fct>NetWkstaTransportAdd</fct>
-            <fct>NetWkstaTransportDel</fct>
-            <fct>NetWkstaTransportEnum</fct>
-            <fct>NetWkstaUserEnum</fct>
-            <fct>NetWkstaUserGetInfo</fct>
-            <fct>NetWkstaUserSetInfo</fct>
-            <fct>SetNetScheduleAccountInformation</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-        id="4030"
-        text="Domain Name Server (DNS)"
-        url="http://msdn.microsoft.com/en-us/lib/windows/desktop/ms682058(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>DnsAcquireContextHandle</fct>
-            <fct>DnsCancelQuery</fct>
-            <fct>DnsExtractRecordsFromMessage</fct>
-            <fct>DnsFree</fct>
-            <fct>DnsFreeProxyName</fct>
-            <fct>DnsGetProxyInformation</fct>
-            <fct>DnsModifyRecordsInSet</fct>
-            <fct>DnsNameCompare</fct>
-            <fct>DnsQuery_</fct>
-            <fct>DnsQueryConfig</fct>
-            <fct>DnsQueryEx</fct>
-            <fct>DnsRecordCompare</fct>
-            <fct>DnsRecordCopyEx</fct>
-            <fct>DnsRecordListFree</fct>
-            <fct>DnsRecordSetCompare</fct>
-            <fct>DnsRecordSetCopyEx</fct>
-            <fct>DnsRecordSetDetach</fct>
-            <fct>DnsReleaseContextHandle</fct>
-            <fct>DnsReplaceRecordSet</fct>
-            <fct>DnsValidateName</fct>
-            <fct>DnsValidateServerStatus</fct>
-            <fct>DnsWriteQuestionToBuffer</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-        id="4031"
-        text="Mailslot"
-        url="http://msdn.microsoft.com/en-us/lib/windows/desktop/aa365580(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>CreateMailslot</fct>
-            <fct>GetMailslotInfo</fct>
-            <fct>SetMailslotInfo</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-id="4032"
-text="RPC"
-url="http://msdn.microsoft.com/en-us/lib/windows/desktop/aa378623(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>I_RpcBindingInqLocalClientPID</fct>
-            <fct>DceErrorInqText</fct>
-            <fct>MesBufferHandleReset</fct>
-            <fct>MesDecodeBufferHandleCreate</fct>
-            <fct>MesDecodeIncrementalHandleCreate</fct>
-            <fct>MesEncodeDynBufferHandleCreate</fct>
-            <fct>MesEncodeFixedBufferHandleCreate</fct>
-            <fct>MesEncodeIncrementalHandleCreate</fct>
-            <fct>MesHandleFree</fct>
-            <fct>MesIncrementalHandleReset</fct>
-            <fct>MesInqProcEncodingId</fct>
-            <fct>RpcAbnormalTermination</fct>
-            <fct>RpcAsyncAbortCall</fct>
-            <fct>RpcAsyncCancelCall</fct>
-            <fct>RpcAsyncCompleteCall</fct>
-            <fct>RpcAsyncGetCallStatus</fct>
-            <fct>RpcAsyncInitializeHandle</fct>
-            <fct>RpcAsyncRegisterInfo</fct>
-            <fct>RpcBindingBind</fct>
-            <fct>RpcBindingCopy</fct>
-            <fct>RpcBindingCreate</fct>
-            <fct>RpcBindingFree</fct>
-            <fct>RpcBindingFromStringBinding</fct>
-            <fct>RpcBindingInqAuthClient</fct>
-            <fct>RpcBindingInqAuthClientEx</fct>
-            <fct>RpcBindingInqAuthInfo</fct>
-            <fct>RpcBindingInqAuthInfoEx</fct>
-            <fct>RpcBindingInqObject</fct>
-            <fct>RpcBindingInqOption</fct>
-            <fct>RpcBindingReset</fct>
-            <fct>RpcBindingServerFromClient</fct>
-            <fct>RpcBindingSetAuthInfo</fct>
-            <fct>RpcBindingSetAuthInfoEx</fct>
-            <fct>RpcBindingSetObject</fct>
-            <fct>RpcBindingSetOption</fct>
-            <fct>RpcBindingToStringBinding</fct>
-            <fct>RpcBindingUnbind</fct>
-            <fct>RpcBindingVectorFree</fct>
-            <fct>RpcCancelThread</fct>
-            <fct>RpcCancelThreadEx</fct>
-            <fct>RpcCertGeneratePrincipalName</fct>
-            <fct>RpcDiagnoseError</fct>
-            <fct>RpcEpRegister</fct>
-            <fct>RpcEpRegisterNoReplace</fct>
-            <fct>RpcEpResolveBinding</fct>
-            <fct>RpcEpUnregister</fct>
-            <fct>RpcErrorAddRecord</fct>
-            <fct>RpcErrorClearInformation</fct>
-            <fct>RpcErrorEndEnumeration</fct>
-            <fct>RpcErrorGetNextRecord</fct>
-            <fct>RpcErrorGetNumberOfRecords</fct>
-            <fct>RpcErrorLoadErrorInfo</fct>
-            <fct>RpcErrorResetEnumeration</fct>
-            <fct>RpcErrorSaveErrorInfo</fct>
-            <fct>RpcErrorStartEnumeration</fct>
-            <fct>RpcExceptionFilter</fct>
-            <fct>RpcFreeAuthorizationContext</fct>
-            <fct>RpcGetAuthorizationContextForClient</fct>
-            <fct>RpcIfInqId</fct>
-            <fct>RpcImpersonateClient</fct>
-            <fct>RpcMgmtEnableIdleCleanup</fct>
-            <fct>RpcMgmtEpEltInqBegin</fct>
-            <fct>RpcIfIdVectorFree</fct>
-            <fct>RpcMgmtEpEltInqDone</fct>
-            <fct>RpcMgmtEpEltInqNext</fct>
-            <fct>RpcMgmtEpUnregister</fct>
-            <fct>RpcMgmtInqComTimeout</fct>
-            <fct>RpcMgmtInqDefaultProtectLevel</fct>
-            <fct>RpcMgmtInqIfIds</fct>
-            <fct>RpcMgmtInqServerPrincName</fct>
-            <fct>RpcMgmtInqStats</fct>
-            <fct>RpcMgmtIsServerListening</fct>
-            <fct>RpcMgmtSetAuthorizationFn</fct>
-            <fct>RpcMgmtSetCancelTimeout</fct>
-            <fct>RpcMgmtSetComTimeout</fct>
-            <fct>RpcMgmtSetServerStackSize</fct>
-            <fct>RpcMgmtStatsVectorFree</fct>
-            <fct>RpcMgmtStopServerListening</fct>
-            <fct>RpcMgmtWaitServerListen</fct>
-            <fct>RpcNetworkInqProtseqs</fct>
-            <fct>RpcNetworkIsProtseqValid</fct>
-            <fct>RpcNsBindingExport</fct>
-            <fct>RpcNsBindingExportPnP</fct>
-            <fct>RpcNsBindingImportBegin</fct>
-            <fct>RpcNsBindingImportDone</fct>
-            <fct>RpcNsBindingImportNext</fct>
-            <fct>RpcNsBindingInqEntryName</fct>
-            <fct>RpcNsBindingLookupBegin</fct>
-            <fct>RpcNsBindingLookupDone</fct>
-            <fct>RpcNsBindingLookupNext</fct>
-            <fct>RpcNsBindingSelect</fct>
-            <fct>RpcNsBindingUnexport</fct>
-            <fct>RpcNsBindingUnexportPnP</fct>
-            <fct>RpcNsEntryExpandName</fct>
-            <fct>RpcNsEntryObjectInqBegin</fct>
-            <fct>RpcNsEntryObjectInqDone</fct>
-            <fct>RpcNsEntryObjectInqNext</fct>
-            <fct>RpcNsGroupDelete</fct>
-            <fct>RpcNsGroupMbrAdd</fct>
-            <fct>RpcNsGroupMbrInqBegin</fct>
-            <fct>RpcNsGroupMbrInqDone</fct>
-            <fct>RpcNsGroupMbrInqNext</fct>
-            <fct>RpcNsGroupMbrRemove</fct>
-            <fct>RpcNsMgmtBindingUnexport</fct>
-            <fct>RpcNsMgmtEntryCreate</fct>
-            <fct>RpcNsMgmtEntryDelete</fct>
-            <fct>RpcNsMgmtEntryInqIfIds</fct>
-            <fct>RpcNsMgmtHandleSetExpAge</fct>
-            <fct>RpcNsMgmtInqExpAge</fct>
-            <fct>RpcNsMgmtSetExpAge</fct>
-            <fct>RpcNsProfileDelete</fct>
-            <fct>RpcNsProfileEltAdd</fct>
-            <fct>RpcNsProfileEltInqBegin</fct>
-            <fct>RpcNsProfileEltInqDone</fct>
-            <fct>RpcNsProfileEltInqNext</fct>
-            <fct>RpcNsProfileEltRemove</fct>
-            <fct>RpcObjectInqType</fct>
-            <fct>RpcObjectSetInqFn</fct>
-            <fct>RpcObjectSetType</fct>
-            <fct>RpcProtseqVectorFree</fct>
-            <fct>RpcRaiseException</fct>
-            <fct>RpcRevertToSelf</fct>
-            <fct>RpcRevertToSelfEx</fct>
-            <fct>RpcServerInqBindingHandle</fct>
-            <fct>RpcServerInqBindings</fct>
-            <fct>RpcServerInqCallAttributes</fct>
-            <fct>RpcServerInqDefaultPrincName</fct>
-            <fct>RpcServerInqIf</fct>
-            <fct>RpcServerInterfaceGroupActivate</fct>
-            <fct>RpcServerInterfaceGroupClose</fct>
-            <fct>RpcServerInterfaceGroupCreate</fct>
-            <fct>RpcServerInterfaceGroupDeactivate</fct>
-            <fct>RpcServerInterfaceGroupInqBindings</fct>
-            <fct>RpcServerListen</fct>
-            <fct>RpcServerRegisterAuthInfo</fct>
-            <fct>RpcServerRegisterIf</fct>
-            <fct>RpcServerRegisterIf2</fct>
-            <fct>RpcServerRegisterIf3</fct>
-            <fct>RpcServerRegisterIfEx</fct>
-            <fct>RpcServerSubscribeForNotification</fct>
-            <fct>RpcServerTestCancel</fct>
-            <fct>RpcServerUnregisterIf</fct>
-            <fct>RpcServerUnregisterIfEx</fct>
-            <fct>RpcServerUnsubscribeForNotification</fct>
-            <fct>RpcServerUseAllProtseqs</fct>
-            <fct>RpcServerUseAllProtseqsEx</fct>
-            <fct>RpcServerUseAllProtseqsIf</fct>
-            <fct>RpcServerUseAllProtseqsIfEx</fct>
-            <fct>RpcServerUseProtseq</fct>
-            <fct>RpcServerUseProtseqEx</fct>
-            <fct>RpcServerUseProtseqEp</fct>
-            <fct>RpcServerUseProtseqEpEx</fct>
-            <fct>RpcServerUseProtseqIf</fct>
-            <fct>RpcServerUseProtseqIfEx</fct>
-            <fct>RpcSmAllocate</fct>
-            <fct>RpcSmClientFree</fct>
-            <fct>RpcSmDestroyClientContext</fct>
-            <fct>RpcSmDisableAllocate</fct>
-            <fct>RpcSmEnableAllocate</fct>
-            <fct>RpcSmFree</fct>
-            <fct>RpcSmGetThreadHandle</fct>
-            <fct>RpcSmSetClientAllocFree</fct>
-            <fct>RpcSmSetThreadHandle</fct>
-            <fct>RpcSmSwapClientAllocFree</fct>
-            <fct>RpcSsAllocate</fct>
-            <fct>RpcSsContextLockExclusive</fct>
-            <fct>RpcSsContextLockShared</fct>
-            <fct>RpcSsDestroyClientContext</fct>
-            <fct>RpcSsDisableAllocate</fct>
-            <fct>RpcSsDontSerializeContext</fct>
-            <fct>RpcSsEnableAllocate</fct>
-            <fct>RpcSsFree</fct>
-            <fct>RpcSsGetThreadHandle</fct>
-            <fct>RpcSsSetClientAllocFree</fct>
-            <fct>RpcSsSetThreadHandle</fct>
-            <fct>RpcSsSwapClientAllocFree</fct>
-            <fct>RpcStringBindingCompose</fct>
-            <fct>RpcStringBindingParse</fct>
-            <fct>RpcStringFree</fct>
-            <fct>RpcTestCancel</fct>
-            <fct>UuidCompare</fct>
-            <fct>UuidCreate</fct>
-            <fct>UuidCreateNil</fct>
-            <fct>UuidCreateSequential</fct>
-            <fct>UuidEqual</fct>
-            <fct>UuidFromString</fct>
-            <fct>UuidHash</fct>
-            <fct>UuidIsNil</fct>
-            <fct>UuidToString</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-id="4033"
-text="SEH"
-url="http://msdn.microsoft.com/en-us/lib/windows/desktop/ms680659(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>AbnormalTermination</fct>
-            <fct>AddVectoredContinueHandler</fct>
-            <fct>AddVectoredExceptionHandler</fct>
-            <fct>GetExceptionCode</fct>
-            <fct>GetExceptionInformation</fct>
-            <fct>RaiseException</fct>
-            <fct>RaiseFailFastException</fct>
-            <fct>RemoveVectoredContinueHandler</fct>
-            <fct>RemoveVectoredExceptionHandler</fct>
-            <fct>RtlAddFunctionTable</fct>
-            <fct>RtlAddGrowableFunctionTable</fct>
-            <fct>RtlCaptureContext</fct>
-            <fct>RtlDeleteFunctionTable</fct>
-            <fct>RtlDeleteGrowableFunctionTable</fct>
-            <fct>RtlGrowFunctionTable</fct>
-            <fct>RtlInstallFunctionTableCallback</fct>
-            <fct>RtlRestoreContext</fct>
-            <fct>SetUnhandledExceptionFilter</fct>
-            <fct>UnhandledExceptionFilter</fct>
-            <fct>VectoredHandler</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-      id="4034"
-      text="Service"
-      url="http://msdn.microsoft.com/en-us/lib/windows/desktop/ms685942(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>ChangeServiceConfig</fct>
-            <fct>ChangeServiceConfig2</fct>
-            <fct>CloseServiceHandle</fct>
-            <fct>ControlService</fct>
-            <fct>ControlServiceEx</fct>
-            <fct>CreateService</fct>
-            <fct>DeleteService</fct>
-            <fct>EnumDependentServices</fct>
-            <fct>EnumServicesStatus</fct>
-            <fct>EnumServicesStatusEx</fct>
-            <fct>GetServiceDisplayName</fct>
-            <fct>GetServiceKeyName</fct>
-            <fct>Handler</fct>
-            <fct>HandlerEx</fct>
-            <fct>InstallELAMCertificateInfo</fct>
-            <fct>LockServiceDatabase</fct>
-            <fct>NotifyBootConfigStatus</fct>
-            <fct>NotifyServiceStatusChange</fct>
-            <fct>OpenSCManager</fct>
-            <fct>OpenService</fct>
-            <fct>QueryServiceConfig</fct>
-            <fct>QueryServiceConfig2</fct>
-            <fct>QueryServiceDynamicInformation</fct>
-            <fct>QueryServiceLockStatus</fct>
-            <fct>QueryServiceStatus</fct>
-            <fct>QueryServiceStatusEx</fct>
-            <fct>RegisterServiceCtrlHandler</fct>
-            <fct>RegisterServiceCtrlHandlerEx</fct>
-            <fct>ServiceMain</fct>
-            <fct>SetServiceBits</fct>
-            <fct>SetServiceStatus</fct>
-            <fct>StartService</fct>
-            <fct>StartServiceCtrlDispatcher</fct>
-            <fct>UnlockServiceDatabase</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-id="4035"
-text=""
-url="http://msdn.microsoft.com/en-us/lib/windows/desktop/aa364232(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>AddUsersToEncryptedFile</fct>
-            <fct>AreFileApisANSI</fct>
-            <fct>CancelIo</fct>
-            <fct>CancelIoEx</fct>
-            <fct>CancelSynchronousIo</fct>
-            <fct>CheckNameLegalDOS8Dot3</fct>
-            <fct>CloseEncryptedFileRaw</fct>
-            <fct>CopyFile</fct>
-            <fct>CopyFile2</fct>
-            <fct>CopyFile2ProgressRoutine</fct>
-            <fct>CopyFileEx</fct>
-            <fct>CopyFileTransacted</fct>
-            <fct>CopyProgressRoutine</fct>
-            <fct>CreateFile</fct>
-            <fct>CreateFile2</fct>
-            <fct>CreateFileTransacted</fct>
-            <fct>CreateHardLink</fct>
-            <fct>CreateHardLinkTransacted</fct>
-            <fct>CreateIoCompletionPort</fct>
-            <fct>CreateSymbolicLink</fct>
-            <fct>CreateSymbolicLinkTransacted</fct>
-            <fct>DecryptFile</fct>
-            <fct>DeleteFile</fct>
-            <fct>DeleteFileTransacted</fct>
-            <fct>DuplicateEncryptionInfoFile</fct>
-            <fct>EncryptFile</fct>
-            <fct>EncryptionDisable</fct>
-            <fct>ExportCallback</fct>
-            <fct>FileEncryptionStatus</fct>
-            <fct>FileIOCompletionRoutine</fct>
-            <fct>FindClose</fct>
-            <fct>FindFirstFile</fct>
-            <fct>FindFirstFileEx</fct>
-            <fct>FindFirstFileNameTransactedW</fct>
-            <fct>FindFirstFileNameW</fct>
-            <fct>FindFirstFileTransacted</fct>
-            <fct>FindFirstStreamTransactedW</fct>
-            <fct>FindFirstStreamW</fct>
-            <fct>FindNextFile</fct>
-            <fct>FindNextFileNameW</fct>
-            <fct>FindNextStreamW</fct>
-            <fct>FlushFileBuffers</fct>
-            <fct>FreeEncryptionCertificateHashList</fct>
-            <fct>GetBinaryType</fct>
-            <fct>GetCompressedFileSize</fct>
-            <fct>GetCompressedFileSizeTransacted</fct>
-            <fct>GetExpandedName</fct>
-            <fct>GetFileAttributes</fct>
-            <fct>GetFileAttributesEx</fct>
-            <fct>GetFileAttributesTransacted</fct>
-            <fct>GetFileBandwidthReservation</fct>
-            <fct>GetFileInformationByHandle</fct>
-            <fct>GetFileInformationByHandleEx</fct>
-            <fct>GetFileSize</fct>
-            <fct>GetFileSizeEx</fct>
-            <fct>GetFileType</fct>
-            <fct>GetFinalPathNameByHandle</fct>
-            <fct>GetFullPathName</fct>
-            <fct>GetFullPathNameTransacted</fct>
-            <fct>GetLongPathName</fct>
-            <fct>GetLongPathNameTransacted</fct>
-            <fct>GetQueuedCompletionStatus</fct>
-            <fct>GetQueuedCompletionStatusEx</fct>
-            <fct>GetShortPathName</fct>
-            <fct>GetTempFileName</fct>
-            <fct>GetTempPath</fct>
-            <fct>ImportCallback</fct>
-            <fct>LockFile</fct>
-            <fct>LockFileEx</fct>
-            <fct>LZClose</fct>
-            <fct>LZCopy</fct>
-            <fct>LZInit</fct>
-            <fct>LZOpenFile</fct>
-            <fct>LZRead</fct>
-            <fct>LZSeek</fct>
-            <fct>MoveFile</fct>
-            <fct>MoveFileEx</fct>
-            <fct>MoveFileTransacted</fct>
-            <fct>MoveFileWithProgress</fct>
-            <fct>OpenEncryptedFileRaw</fct>
-            <fct>OpenFile</fct>
-            <fct>OpenFileById</fct>
-            <fct>PostQueuedCompletionStatus</fct>
-            <fct>QueryRecoveryAgentsOnEncryptedFile</fct>
-            <fct>QueryUsersOnEncryptedFile</fct>
-            <fct>ReadEncryptedFileRaw</fct>
-            <fct>ReadFile</fct>
-            <fct>ReadFileEx</fct>
-            <fct>ReadFileScatter</fct>
-            <fct>RemoveUsersFromEncryptedFile</fct>
-            <fct>ReOpenFile</fct>
-            <fct>ReplaceFile</fct>
-            <fct>SearchPath</fct>
-            <fct>SetEndOfFile</fct>
-            <fct>SetFileApisToANSI</fct>
-            <fct>SetFileApisToOEM</fct>
-            <fct>SetFileAttributes</fct>
-            <fct>SetFileAttributesTransacted</fct>
-            <fct>SetFileBandwidthReservation</fct>
-            <fct>SetFileCompletionNotificationModes</fct>
-            <fct>SetFileInformationByHandle</fct>
-            <fct>SetFileIoOverlappedRange</fct>
-            <fct>SetFilePointer</fct>
-            <fct>SetFilePointerEx</fct>
-            <fct>SetFileShortName</fct>
-            <fct>SetFileValidData</fct>
-            <fct>SetSearchPathMode</fct>
-            <fct>SetUserFileEncryptionKey</fct>
-            <fct>UnlockFile</fct>
-            <fct>UnlockFileEx</fct>
-            <fct>Wow64DisableWow64FsRedirection</fct>
-            <fct>SetSearchPWow64EnableWow64FsRedirection</fct>
-            <fct>Wow64RevertWow64FsRedirection</fct>
-            <fct>WriteEncryptedFileRaw</fct>
-            <fct>WriteFile</fct>
-            <fct>SetSearchPWriteFileEx</fct>
-            <fct>WriteFileGather</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-        id="4036"
-        text="Video Capture"
-        url="http://msdn.microsoft.com/en-us/lib/dd757693(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>capControlCallback</fct>
-            <fct>capCreateCaptureWindow</fct>
-            <fct>capErrorCallback</fct>
-            <fct>capGetDriverDescription</fct>
-            <fct>capStatusCallback</fct>
-            <fct>capVideoStreamCallback</fct>
-            <fct>capWaveStreamCallback</fct>
-            <fct>capYieldCallback</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-        id="4037"
-        text="Cabinet"
-        url="http://msdn.microsoft.com/en-us/lib/ff797921(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>DeleteExtractedFiles</fct>
-            <fct>DllGetVersion</fct>
-            <fct>Extract</fct>
-            <fct>FCIAddFile</fct>
-            <fct>FCICreate</fct>
-            <fct>FCIDestroy</fct>
-            <fct>FCIFlushCabinet</fct>
-            <fct>FCIFlushFolder</fct>
-            <fct>FDICopy</fct>
-            <fct>FDICreate</fct>
-            <fct>FDIDestroy</fct>
-            <fct>FDIIsCabinet</fct>
-            <fct>FDITruncateCabinet</fct>
-            <fct>GetDllVersion</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-           id="4038"
-           text="Single-Instance Store Backup Support"
-           url="http://msdn.microsoft.com/en-us/lib/windows/desktop/aa362538(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>SisCreateBackupStructure</fct>
-            <fct>SisCreateRestoreStructure</fct>
-            <fct>SisCSFilesToBackupForLink</fct>
-            <fct>SisFreeAllocatedMemory</fct>
-            <fct>SisFreeBackupStructure</fct>
-            <fct>SisFreeRestoreStructure</fct>
-            <fct>SisRestoredCommonStoreFile</fct>
-            <fct>SisRestoredLink</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-           id="4039"
-           text="Performance Counters"
-           url="http://msdn.microsoft.com/en-us/lib/windows/desktop/aa373078(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>ClosePerformanceData</fct>
-            <fct>CollectPerformanceData</fct>
-            <fct>ControlCallback</fct>
-            <fct>CounterCleanup</fct>
-            <fct>CounterInitialize</fct>
-            <fct>CounterPathCallBack</fct>
-            <fct>LoadPerfCounterTextStrings</fct>
-            <fct>OpenPerformanceData</fct>
-            <fct>PdhAddCounter</fct>
-            <fct>PdhAddEnglishCounter</fct>
-            <fct>PdhBindInputDataSource</fct>
-            <fct>PdhBrowseCounters</fct>
-            <fct>PdhBrowseCountersH</fct>
-            <fct>PdhCalculateCounterFromRawValue</fct>
-            <fct>PdhCloseLog</fct>
-            <fct>PdhCloseQuery</fct>
-            <fct>PdhCollectQueryData</fct>
-            <fct>PdhCollectQueryDataEx</fct>
-            <fct>PdhCollectQueryDataWithTime</fct>
-            <fct>PdhComputeCounterStatistics</fct>
-            <fct>PdhConnectMachine</fct>
-            <fct>PdhEnumLogSetNames</fct>
-            <fct>PdhEnumMachines</fct>
-            <fct>PdhEnumMachinesH</fct>
-            <fct>PdhEnumObjectItems</fct>
-            <fct>PdhEnumObjectItemsH</fct>
-            <fct>PdhEnumObjects</fct>
-            <fct>PdhEnumObjectsH</fct>
-            <fct>PdhExpandCounterPath</fct>
-            <fct>PdhExpandWildCardPath</fct>
-            <fct>PdhExpandWildCardPathH</fct>
-            <fct>PdhFormatFromRawValue</fct>
-            <fct>PdhGetCounterInfo</fct>
-            <fct>PdhGetCounterTimeBase</fct>
-            <fct>PdhGetDataSourceTimeRange</fct>
-            <fct>PdhGetDataSourceTimeRangeH</fct>
-            <fct>PdhGetDefaultPerfCounter</fct>
-            <fct>PdhGetDefaultPerfCounterH</fct>
-            <fct>PdhGetDefaultPerfObject</fct>
-            <fct>PdhGetDefaultPerfObjectH</fct>
-            <fct>PdhGetDllVersion</fct>
-            <fct>PdhGetFormattedCounterArray</fct>
-            <fct>PdhGetFormattedCounterValue</fct>
-            <fct>PdhGetLogFileSize</fct>
-            <fct>PdhGetRawCounterArray</fct>
-            <fct>PdhGetRawCounterValue</fct>
-            <fct>PdhIsRealTimeQuery</fct>
-            <fct>PdhLookupPerfIndexByName</fct>
-            <fct>PdhLookupPerfNameByIndex</fct>
-            <fct>PdhMakeCounterPath</fct>
-            <fct>PdhOpenLog</fct>
-            <fct>PdhOpenQuery</fct>
-            <fct>PdhOpenQueryH</fct>
-            <fct>PdhParseCounterPath</fct>
-            <fct>PdhParseInstanceName</fct>
-            <fct>PdhReadRawLogRecord</fct>
-            <fct>PdhRemoveCounter</fct>
-            <fct>PdhSelectDataSource</fct>
-            <fct>PdhSetCounterScaleFactor</fct>
-            <fct>PdhSetDefaultRealTimeDataSource</fct>
-            <fct>PdhSetQueryTimeRange</fct>
-            <fct>PdhUpdateLog</fct>
-            <fct>PdhUpdateLogFileCatalog</fct>
-            <fct>PdhValidatePath</fct>
-            <fct>PdhValidatePathEx</fct>
-            <fct>PerfCreateInstance</fct>
-            <fct>PerfDecrementULongCounterValue</fct>
-            <fct>PerfDecrementULongLongCounterValue</fct>
-            <fct>PerfDeleteInstance</fct>
-            <fct>PerfIncrementULongCounterValue</fct>
-            <fct>PerfIncrementULongLongCounterValue</fct>
-            <fct>PerfQueryInstance</fct>
-            <fct>PerfSetCounterRefValue</fct>
-            <fct>PerfSetCounterSetInfo</fct>
-            <fct>PerfSetULongCounterValue</fct>
-            <fct>PerfSetULongLongCounterValue</fct>
-            <fct>PerfStartProvider</fct>
-            <fct>PerfStartProviderEx</fct>
-            <fct>PerfStopProvider</fct>
-            <fct> UnloadPerfCounterTextStrings</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-       id="4040"
-       text="Atom"
-       url="http://msdn.microsoft.com/en-us/lib/windows/desktop/ff468795(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>AddAtom</fct>
-            <fct>DeleteAtom</fct>
-            <fct>FindAtom</fct>
-            <fct>GetAtomName</fct>
-            <fct>GlobalAddAtom</fct>
-            <fct>GlobalDeleteAtom</fct>
-            <fct>GlobalFindAtom</fct>
-            <fct>GlobalGetAtomName</fct>
-            <fct>InitAtomTable</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-   id="4041"
-   text="Device Management"
-   url="http://msdn.microsoft.com/en-us/lib/windows/desktop/aa363234(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>CdromDisableDigitalPlayback</fct>
-            <fct>CdromEnableDigitalPlayback</fct>
-            <fct>CdromIsDigitalPlaybackEnabled</fct>
-            <fct>CdromKnownGoodDigitalPlayback</fct>
-            <fct>DeviceIoControl</fct>
-            <fct>DvdLauncher</fct>
-            <fct>InstallNewDevice</fct>
-            <fct>RegisterDeviceNotification</fct>
-            <fct>UnregisterDeviceNotification</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
- id="4042"
- text="Remote Access Service"
- url="http://msdn.microsoft.com/en-us/lib/windows/desktop/aa446739(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>CmFree</fct>
-            <fct>CmMalloc</fct>
-            <fct>ORASADFunc</fct>
-            <fct>RASADFunc</fct>
-            <fct>RasClearConnectionStatistics</fct>
-            <fct>RasClearLinkStatistics</fct>
-            <fct>RasConnectionNotification</fct>
-            <fct>RasCreatePhonebookEntry</fct>
-            <fct>RasCustomDeleteEntryNotify</fct>
-            <fct>RasCustomDial</fct>
-            <fct>RasCustomDialDlg</fct>
-            <fct>RasCustomEntryDlg</fct>
-            <fct>RasCustomHangUp</fct>
-            <fct>RasDeleteEntry</fct>
-            <fct>RasDeleteSubEntry</fct>
-            <fct>RasDial</fct>
-            <fct>RasDialDlg</fct>
-            <fct>RasDialFunc</fct>
-            <fct>RasDialFunc1</fct>
-            <fct>RasDialFunc2</fct>
-            <fct>RasEditPhonebookEntry</fct>
-            <fct>RasEntryDlg</fct>
-            <fct>RasEnumAutodialAddresses</fct>
-            <fct>RasEnumConnections</fct>
-            <fct>RasEnumDevices</fct>
-            <fct>RasEnumEntries</fct>
-            <fct>RasFreeEapUserIdentity</fct>
-            <fct>RasGetAutodialAddress</fct>
-            <fct>RasGetAutodialEnable</fct>
-            <fct>RasGetAutodialParam</fct>
-            <fct>RasGetConnectionStatistics</fct>
-            <fct>RasGetConnectStatus</fct>
-            <fct>RasGetCountryInfo</fct>
-            <fct>RasGetCredentials</fct>
-            <fct>RasGetCustomAuthData</fct>
-            <fct>RasGetEapUserData</fct>
-            <fct>RasGetEapUserIdentity</fct>
-            <fct>RasGetEntryDialParams</fct>
-            <fct>RasGetEntryProperties</fct>
-            <fct>RasGetErrorString</fct>
-            <fct>RasGetLinkStatistics</fct>
-            <fct>RasGetNapStatus</fct>
-            <fct>RasGetProjectionInfo</fct>
-            <fct>RasGetProjectionInfoEx</fct>
-            <fct>RasGetQuarantineConnectionId</fct>
-            <fct>RasGetSubEntryHandle</fct>
-            <fct>RasGetSubEntryProperties</fct>
-            <fct>RasHangUp</fct>
-            <fct>RasInvokeEapUI</fct>
-            <fct>RasMonitorDlg</fct>
-            <fct>RasPBDlgFunc</fct>
-            <fct>RasPhonebookDlg</fct>
-            <fct>RasRenameEntry</fct>
-            <fct>RasSetAutodialAddress</fct>
-            <fct>RasSetAutodialEnable</fct>
-            <fct>RasSetAutodialParam</fct>
-            <fct>RasSetCommSettings</fct>
-            <fct>RasSetCredentials</fct>
-            <fct>RasSetCustomAuthData</fct>
-            <fct>RasSetEapUserData</fct>
-            <fct>RasSetEntryDialParams</fct>
-            <fct>RasSetEntryProperties</fct>
-            <fct>RasSetSubEntryProperties</fct>
-            <fct>RasUpdateConnection</fct>
-            <fct>RasValidateEntryName</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
- id="4043"
- text="Remote Access Service Custom Scripting"
- url="http://msdn.microsoft.com/en-us/lib/windows/desktop/aa378089(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>RasCustomScriptExecute</fct>
-            <fct>RasGetBuffer</fct>
-            <fct>RasFreeBuffer</fct>
-            <fct>RasSendBuffer</fct>
-            <fct>RasReceiveBuffer</fct>
-            <fct>RasRetrieveBuffer</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
- id="4044"
- text="WinSNMP"
- url="http://msdn.microsoft.com/en-us/lib/windows/desktop/aa379364(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct></fct>
-            <fct>SnmpCancelMsg</fct>
-            <fct>SnmpCleanup</fct>
-            <fct>SnmpClose</fct>
-            <fct>SnmpContextToStr</fct>
-            <fct>SnmpCountVbl</fct>
-            <fct>SnmpCreatePdu</fct>
-            <fct>SnmpCreateSession</fct>
-            <fct>SnmpCreateVbl</fct>
-            <fct>SnmpDecodeMsg</fct>
-            <fct>SnmpDeleteVb</fct>
-            <fct>SnmpDuplicatePdu</fct>
-            <fct>SnmpDuplicateVbl</fct>
-            <fct>SnmpEncodeMsg</fct>
-            <fct>SnmpEntityToStr</fct>
-            <fct>SnmpFreeContext</fct>
-            <fct>SnmpFreeDescriptor</fct>
-            <fct>SnmpFreeEntity</fct>
-            <fct>SnmpFreePdu</fct>
-            <fct>SnmpFreeVbl</fct>
-            <fct>SnmpGetLastError</fct>
-            <fct>SnmpGetPduData</fct>
-            <fct>SnmpGetRetransmitMode</fct>
-            <fct>SnmpGetRetry</fct>
-            <fct>SnmpGetTimeout</fct>
-            <fct>SnmpGetTranslateMode</fct>
-            <fct>SnmpGetVb</fct>
-            <fct>SnmpGetVendorInfo</fct>
-            <fct>SnmpListen</fct>
-            <fct>SnmpOidCompare</fct>
-            <fct>SnmpOidCopy</fct>
-            <fct>SnmpOidToStr</fct>
-            <fct>SnmpOpen</fct>
-            <fct>SnmpRecvMsg</fct>
-            <fct>SnmpRegister</fct>
-            <fct>SnmpSendMsg</fct>
-            <fct>SnmpSetPduData</fct>
-            <fct>SnmpSetPort</fct>
-            <fct>SnmpSetRetransmitMode</fct>
-            <fct>SnmpSetRetry</fct>
-            <fct>SnmpSetTimeout</fct>
-            <fct>SnmpSetTranslateMode</fct>
-            <fct>SnmpSetVb</fct>
-            <fct>SnmpStartup</fct>
-            <fct>SnmpStrToContext</fct>
-            <fct>SnmpStrToEntity</fct>
-            <fct>SnmpStrToOid</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
- id="4045"
- text="Router Information"
- url="http://msdn.microsoft.com/en-us/lib/windows/desktop/aa375890(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>MprInfoBlockAdd</fct>
-            <fct>MprInfoBlockFind</fct>
-            <fct>MprInfoBlockQuerySize</fct>
-            <fct>MprInfoBlockRemove</fct>
-            <fct>MprInfoBlockSet</fct>
-            <fct>MprInfoCreate</fct>
-            <fct>MprInfoDelete</fct>
-            <fct>MprInfoDuplicate</fct>
-            <fct>MprInfoRemoveAll</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-    id="4046"
-    text="RPC Network Data Representation (NDR) Engine"
-    url="http://msdn.microsoft.com/en-us/lib/windows/desktop/hh802751(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>NdrAsyncClientCall</fct>
-            <fct>NdrClearOutParameters</fct>
-            <fct>NdrClientCall</fct>
-            <fct>NdrClientCall2</fct>
-            <fct>NdrConformantArrayUnmarshall</fct>
-            <fct>NdrConformantStringBufferSize</fct>
-            <fct>NdrConformantStringMarshall</fct>
-            <fct>NdrConformantStringUnmarshall</fct>
-            <fct>NdrContextHandleInitialize</fct>
-            <fct>NdrContextHandleSize</fct>
-            <fct>NdrContextHandleMemorySize</fct>
-            <fct>NdrConvert</fct>
-            <fct>NdrCStdStubBuffer_Release</fct>
-            <fct>NdrCStdStubBuffer2_Release</fct>
-            <fct>NdrDllCanUnloadNow</fct>
-            <fct>NdrDllGetClassObject</fct>
-            <fct>NdrDllRegisterProxy</fct>
-            <fct>NdrDllUnregisterProxy</fct>
-            <fct>NdrGetUserMarshalInfo</fct>
-            <fct>NdrInterfacePointerBufferSize</fct>
-            <fct>NdrInterfacePointerFree</fct>
-            <fct>NdrInterfacePointerMarshall</fct>
-            <fct>NdrInterfacePointerUnmarshall</fct>
-            <fct>NdrOleAllocate</fct>
-            <fct>NdrOleFree</fct>
-            <fct>NdrPointerBufferSize</fct>
-            <fct>NdrPointerFree</fct>
-            <fct>NdrPointerMarshall</fct>
-            <fct>NdrPointerUnmarshall</fct>
-            <fct>NdrProxyErrorHandler</fct>
-            <fct>NdrProxyFreeBuffer</fct>
-            <fct>NdrProxyGetBuffer</fct>
-            <fct>NdrProxyInitialize</fct>
-            <fct>NdrProxySendReceive</fct>
-            <fct>NdrSimpleTypeMarshall</fct>
-            <fct>NdrSimpleTypeUnmarshall</fct>
-            <fct>NdrStubCall2</fct>
-            <fct>NdrStubForwardingFunction</fct>
-            <fct>NdrStubGetBuffer</fct>
-            <fct>NdrStubInitialize</fct>
-            <fct>NdrUserMarshalBufferSize</fct>
-            <fct>NdrUserMarshalFree</fct>
-            <fct>NdrUserMarshalMarshall</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-    id="4047"
-    text="Power Management Functions"
-    url="http://msdn.microsoft.com/en-us/lib/windows/desktop/aa373163(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>CallNtPowerInformation</fct>
-            <fct>CanUserWritePwrScheme</fct>
-            <fct>DeletePwrScheme</fct>
-            <fct>DeviceNotifyCallbackRoutine</fct>
-            <fct>DevicePowerClose</fct>
-            <fct>DevicePowerEnumDevices</fct>
-            <fct>DevicePowerOpen</fct>
-            <fct>DevicePowerSetDeviceState</fct>
-            <fct>EnumPwrSchemes</fct>
-            <fct>GetActivePwrScheme</fct>
-            <fct>GetCurrentPowerPolicies</fct>
-            <fct>GetDevicePowerState</fct>
-            <fct>GetPwrCapabilities</fct>
-            <fct>GetPwrDiskSpindownRange</fct>
-            <fct>GetSystemPowerStatus</fct>
-            <fct>IsPwrHibernateAllowed</fct>
-            <fct>IsPwrShutdownAllowed</fct>
-            <fct>IsPwrSuspendAllowed</fct>
-            <fct>IsSystemResumeAutomatic</fct>
-            <fct>PowerCanRestoreIndividualDefaultPowerScheme</fct>
-            <fct>PowerClearRequest</fct>
-            <fct>PowerCreatePossibleSetting</fct>
-            <fct>PowerCreateRequest</fct>
-            <fct>PowerCreateSetting</fct>
-            <fct>PowerDeleteScheme</fct>
-            <fct>PowerDeterminePlatformRole</fct>
-            <fct>PowerDeterminePlatformRoleEx</fct>
-            <fct>PowerDuplicateScheme</fct>
-            <fct>PowerEnumerate</fct>
-            <fct>PowerGetActiveScheme</fct>
-            <fct>PowerImportPowerScheme</fct>
-            <fct>PowerIsSettingRangeDefined</fct>
-            <fct>PowerReadACDefaultIndex</fct>
-            <fct>PowerReadACValue</fct>
-            <fct>PowerReadACValueIndex</fct>
-            <fct>PowerReadDCDefaultIndex</fct>
-            <fct>PowerReadDCValue</fct>
-            <fct>PowerReadDCValueIndex</fct>
-            <fct>PowerReadDescription</fct>
-            <fct>PowerReadFriendlyName</fct>
-            <fct>PowerReadIconResourceSpecifier</fct>
-            <fct>PowerReadPossibleDescription</fct>
-            <fct>PowerReadPossibleFriendlyName</fct>
-            <fct>PowerReadPossibleValue</fct>
-            <fct>PowerReadSettingAttributes</fct>
-            <fct>PowerReadValueIncrement</fct>
-            <fct>PowerReadValueMax</fct>
-            <fct>PowerReadValueMin</fct>
-            <fct>PowerReadValueUnitsSpecifier</fct>
-            <fct>PowerRegisterSuspendResumeNotification</fct>
-            <fct>PowerRemovePowerSetting</fct>
-            <fct>PowerReplaceDefaultPowerSchemes</fct>
-            <fct>PowerRestoreDefaultPowerSchemes</fct>
-            <fct>PowerRestoreIndividualDefaultPowerScheme</fct>
-            <fct>PowerSetActiveScheme</fct>
-            <fct>PowerSetRequest</fct>
-            <fct>PowerSettingAccessCheck</fct>
-            <fct>PowerSettingAccessCheckEx</fct>
-            <fct>PowerSettingRegisterNotification</fct>
-            <fct>PowerSettingUnregisterNotification</fct>
-            <fct>PowerUnregisterSuspendResumeNotification</fct>
-            <fct>PowerWriteACDefaultIndex</fct>
-            <fct>PowerWriteACValueIndex</fct>
-            <fct>PowerWriteDCDefaultIndex</fct>
-            <fct>PowerWriteDCValueIndex</fct>
-            <fct>PowerWriteDescription</fct>
-            <fct>PowerWriteFriendlyName</fct>
-            <fct>PowerWriteIconResourceSpecifier</fct>
-            <fct>PowerWritePossibleDescription</fct>
-            <fct>PowerWritePossibleFriendlyName</fct>
-            <fct>PowerWritePossibleValue</fct>
-            <fct>PowerWriteSettingAttributes</fct>
-            <fct>PowerWriteValueIncrement</fct>
-            <fct>PowerWriteValueMax</fct>
-            <fct>PowerWriteValueMin</fct>
-            <fct>PowerWriteValueUnitsSpecifier</fct>
-            <fct>ReadGlobalPwrPolicy</fct>
-            <fct>ReadProcessorPwrScheme</fct>
-            <fct>ReadPwrScheme</fct>
-            <fct>RegisterPowerSettingNotification</fct>
-            <fct>RegisterSuspendResumeNotification</fct>
-            <fct>RequestWakeupLatency</fct>
-            <fct>SetActivePwrScheme</fct>
-            <fct>SetSuspendState</fct>
-            <fct>SetSystemPowerState</fct>
-            <fct>SetThreadExecutionState</fct>
-            <fct>UnregisterPowerSettingNotification</fct>
-            <fct>UnregisterSuspendResumeNotification</fct>
-            <fct>WriteGlobalPwrPolicy</fct>
-            <fct>WriteProcessorPwrScheme</fct>
-            <fct>WritePwrScheme</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-    id="4048"
-    text="Remote Desktop Functions"
-    url="http://msdn.microsoft.com/en-us/library/aa383464(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>ProcessIdToSessionId</fct>
-            <fct>TLSConnectToLsServer</fct>
-            <fct>TLSDisconnectFromServer</fct>
-            <fct>TLSGetServerCertificate</fct>
-            <fct>TLSKeyPackEnumBegin</fct>
-            <fct>TLSKeyPackEnumEnd</fct>
-            <fct>TLSKeyPackEnumNext</fct>
-            <fct>TLSLicenseEnumBegin</fct>
-            <fct>TLSLicenseEnumEnd</fct>
-            <fct>TLSLicenseEnumNext</fct>
-            <fct>VirtualChannelClose</fct>
-            <fct>VirtualChannelEntry</fct>
-            <fct>VirtualChannelInit</fct>
-            <fct>VirtualChannelInitEvent</fct>
-            <fct>VirtualChannelOpen</fct>
-            <fct>VirtualChannelOpenEvent</fct>
-            <fct>VirtualChannelWrite</fct>
-            <fct>WTSCloseServer</fct>
-            <fct>WTSConnectSession</fct>
-            <fct>WTSCreateListener</fct>
-            <fct>WTSDisconnectSession</fct>
-            <fct>WTSEnableChildSessions</fct>
-            <fct>WTSEnumerateListeners</fct>
-            <fct>WTSEnumerateProcesses</fct>
-            <fct>WTSEnumerateProcessesEx</fct>
-            <fct>WTSEnumerateServers</fct>
-            <fct>WTSEnumerateSessions</fct>
-            <fct>WTSEnumerateSessionsEx</fct>
-            <fct>WTSFreeMemory</fct>
-            <fct>WTSFreeMemoryEx</fct>
-            <fct>WTSGetActiveConsoleSessionId</fct>
-            <fct>WTSGetChildSessionId</fct>
-            <fct>WTSGetListenerSecurity</fct>
-            <fct>WTSIsChildSessionsEnabled</fct>
-            <fct>WTSLogoffSession</fct>
-            <fct>WTSOpenServer</fct>
-            <fct>WTSOpenServerEx</fct>
-            <fct>WTSQueryListenerConfig</fct>
-            <fct>WTSQuerySessionInformation</fct>
-            <fct>WTSQueryUserConfig</fct>
-            <fct>WTSQueryUserToken</fct>
-            <fct>WTSRegisterSessionNotification</fct>
-            <fct>WTSRegisterSessionNotificationEx</fct>
-            <fct>WTSSendMessage</fct>
-            <fct>WTSSetListenerSecurity</fct>
-            <fct>WTSSetUserConfig</fct>
-            <fct>WTSShutdownSystem</fct>
-            <fct>WTSStartRemoteControlSession</fct>
-            <fct>WTSStopRemoteControlSession</fct>
-            <fct>WTSTerminateProcess</fct>
-            <fct>WTSUnRegisterSessionNotification</fct>
-            <fct>WTSUnRegisterSessionNotificationEx</fct>
-            <fct>WTSVirtualChannelClose</fct>
-            <fct>WTSVirtualChannelOpen</fct>
-            <fct>WTSVirtualChannelOpenEx</fct>
-            <fct>WTSVirtualChannelPurgeInput</fct>
-            <fct>WTSVirtualChannelPurgeOutput</fct>
-            <fct>WTSVirtualChannelQuery</fct>
-            <fct>WTSVirtualChannelRead</fct>
-            <fct>WTSVirtualChannelWrite</fct>
-            <fct>WTSWaitSystemEvent</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-    id="4049"
-    text="WLan Functions"
-    url="http://msdn.microsoft.com/en-us/library/windows/desktop/ms706274(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>WFDCancelOpenSession</fct>
-            <fct>WFDCloseDisplaySinkSession</fct>
-            <fct>WFDCloseHandle</fct>
-            <fct>WFDCloseSession</fct>
-            <fct>WFDOpenHandle</fct>
-            <fct>WFDOpenLegacySession</fct>
-            <fct>WFDSetDisplaySinkPersistedGroupIDList</fct>
-            <fct>WFDStartDisplaySink</fct>
-            <fct>WFDStartOpenSession</fct>
-            <fct>WFDStopDisplaySink</fct>
-            <fct>WFDUpdateDeviceVisibility</fct>
-            <fct>WlanAllocateMemory</fct>
-            <fct>WlanCloseHandle</fct>
-            <fct>WlanConnect</fct>
-            <fct>WlanDeleteProfile</fct>
-            <fct>WlanDisconnect</fct>
-            <fct>WlanEnumInterfaces</fct>
-            <fct>WlanExtractPsdIEDataList</fct>
-            <fct>WlanFreeMemory</fct>
-            <fct>WlanGetAvailableNetworkList</fct>
-            <fct>WlanGetFilterList</fct>
-            <fct>WlanGetInterfaceCapability</fct>
-            <fct>WlanGetNetworkBssList</fct>
-            <fct>WlanGetProfile</fct>
-            <fct>WlanGetProfileCustomUserData</fct>
-            <fct>WlanGetProfileList</fct>
-            <fct>WlanGetSecuritySettings</fct>
-            <fct>WlanHostedNetworkForceStart</fct>
-            <fct>WlanHostedNetworkForceStop</fct>
-            <fct>WlanHostedNetworkInitSettings</fct>
-            <fct>WlanHostedNetworkQueryProperty</fct>
-            <fct>WlanHostedNetworkQuerySecondaryKey</fct>
-            <fct>WlanHostedNetworkQueryStatus</fct>
-            <fct>WlanHostedNetworkRefreshSecuritySettings</fct>
-            <fct>WlanHostedNetworkSetProperty</fct>
-            <fct>WlanHostedNetworkSetSecondaryKey</fct>
-            <fct>WlanHostedNetworkStartUsing</fct>
-            <fct>WlanHostedNetworkStopUsing</fct>
-            <fct>WlanIhvControl</fct>
-            <fct>WlanOpenHandle</fct>
-            <fct>WlanQueryAutoConfigParameter</fct>
-            <fct>WlanQueryInterface</fct>
-            <fct>WlanReasonCodeToString</fct>
-            <fct>WlanRegisterNotification</fct>
-            <fct>WlanRegisterVirtualStationNotification</fct>
-            <fct>WlanRenameProfile</fct>
-            <fct>WlanSaveTemporaryProfile</fct>
-            <fct>WlanScan</fct>
-            <fct>WlanSetAutoConfigParameter</fct>
-            <fct>WlanSetFilterList</fct>
-            <fct>WlanSetInterface</fct>
-            <fct>WlanSetProfile</fct>
-            <fct>WlanSetProfileCustomUserData</fct>
-            <fct>WlanSetProfileEapUserData</fct>
-            <fct>WlanSetProfileEapXmlUserData</fct>
-            <fct>WlanSetProfileList</fct>
-            <fct>WlanSetProfilePosition</fct>
-            <fct>WlanSetPsdIEDataList</fct>
-            <fct>WlanSetSecuritySettings</fct>
-            <fct>WlanUIEditProfile</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-    id="4050"
-    text="SNMP Functions"
-    url="https://msdn.microsoft.com/en-us/library/windows/desktop/aa378988(v=vs.85).aspx">
-      <libs>
-        <lib name="">
-          <fcts>
-            <fct>SnmpExtensionClose</fct>
-            <fct>SnmpExtensionInit</fct>
-            <fct>SnmpExtensionInitEx</fct>
-            <fct>SnmpExtensionMonitor</fct>
-            <fct>SnmpExtensionQuery</fct>
-            <fct>SnmpExtensionQueryEx</fct>
-            <fct>SnmpExtensionTrap</fct>
-            <fct>SnmpMgrClose</fct>
-            <fct>SnmpMgrCtl</fct>
-            <fct>SnmpMgrGetTrap</fct>
-            <fct>SnmpMgrGetTrapEx</fct>
-            <fct>SnmpMgrOidToStr</fct>
-            <fct>SnmpMgrOpen</fct>
-            <fct>SnmpMgrRequest</fct>
-            <fct>SnmpMgrStrToOid</fct>
-            <fct>SnmpMgrTrapListen</fct>
-            <fct>SnmpSvcGetUptime</fct>
-            <fct>SnmpSvcSetLogLevel</fct>
-            <fct>SnmpSvcSetLogType</fct>
-            <fct>SnmpUtilAsnAnyCpy</fct>
-            <fct>SnmpUtilAsnAnyFree</fct>
-            <fct>SnmpUtilDbgPrint</fct>
-            <fct>SnmpUtilIdsToA</fct>
-            <fct>SnmpUtilMemAlloc</fct>
-            <fct>SnmpUtilMemFree</fct>
-            <fct>SnmpUtilMemReAlloc</fct>
-            <fct>SnmpUtilOctetsCmp</fct>
-            <fct>SnmpUtilOctetsCpy</fct>
-            <fct>SnmpUtilOctetsFree</fct>
-            <fct>SnmpUtilOctetsNCmp</fct>
-            <fct>SnmpUtilOidAppend</fct>
-            <fct>SnmpUtilOidCmp</fct>
-            <fct>SnmpUtilOidCpy</fct>
-            <fct>SnmpUtilOidFree</fct>
-            <fct>SnmpUtilOidNCmp</fct>
-            <fct>SnmpUtilOidToA</fct>
-            <fct>SnmpUtilPrintAsnAny</fct>
-            <fct>SnmpUtilPrintOid</fct>
-            <fct>SnmpUtilVarBindCpy</fct>
-            <fct>SnmpUtilVarBindListCpy</fct>
-            <fct>SnmpUtilVarBindFree</fct>
-            <fct>SnmpUtilVarBindListFree</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-id="4051"
-text="WdbgExts Extension"
-url="http://msdn.microsoft.com/en-us/library/windows/hardware/ff561243(v=vs.85).aspx">
-      <libs>
-        <lib bl="1" name="wlanapi.dll">
-          <fcts>
-            <fct bl="1">WinDbgExtensionDllInit</fct>
-            <fct bl="1">ExtensionApiVersion</fct>
-            <fct bl="1">CheckVersion</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-
-    <feature
-  id="4052"
-  text="DDE"
-  url="https://msdn.microsoft.com/en-us/library/windows/desktop/ff468836(v=vs.85).aspx">
-      <libs>
-        <lib bl="1" name="">
-          <fcts>
-            <fct bl="1">DdeSetQualityOfService</fct>
-            <fct bl="1">FreeDDElParam</fct>
-            <fct bl="1">ImpersonateDdeClientWindow</fct>
-            <fct bl="1">PackDDElParam</fct>
-            <fct bl="1">ReuseDDElParam</fct>
-            <fct bl="1">UnpackDDElParam</fct>
-          </fcts>
-        </lib>
-      </libs>
-    </feature>
-  </features>
-
-</xml>
\ No newline at end of file
diff --git a/assemblyline_v4_service/common/pestudio/xml/functions.xml b/assemblyline_v4_service/common/pestudio/xml/functions.xml
deleted file mode 100644
index a6f9202b..00000000
--- a/assemblyline_v4_service/common/pestudio/xml/functions.xml
+++ /dev/null
@@ -1,5824 +0,0 @@
-<!--
-functions.xml is part of the pestudio (www.winitor.com)
-It contains the functions and libraries that will be detected as blackListed by pestudio. 
--->
-<xml version="1.0" encoding="utf-8">
-
-  <libs>
-    <md5 bl="1">5CE8DE7A4FF8849D59B13DF2A4E2C31DC</md5>
-    <md5 bl="1">593C94C569F19D93D0CF8BBB63DC3B4C9</md5>
-    <md5 bl="1">50CE1C890C1E18ED679968BD9575A52E5</md5>
-    <md5 bl="1">50CE1C890C1E18ED679968BD9575A52E5</md5>
-    <md5 bl="1">5CCE66D62D021BC3B4A6DB74D4D108B41</md5>
-    <md5 bl="1">5F2E321E66E9BD634397421E8EB7AC8E5</md5>
-    <md5 bl="1">52402D383393816F7068525CB8AD8975E</md5>
-    <md5 bl="1">511DD7DA7FAA0130DAC2560930E90C8B1</md5>
-    <md5 bl="1">503B3CCEB253FD782590CF0EFAFD49D5F</md5>
-    <md5 bl="1">5FBCE77DD083CCA93EF30E8750C8FB084</md5>
-    <md5 bl="1">5BA56D8A814AF24F2EFDCD342300DD13A</md5>
-    <md5 bl="1">5EC2FB1C71E58CC1B5C6287C3D1A87463</md5>
-    <md5 bl="1">57EF56A024343BACA47051E3C217BEDBF</md5>
-    <md5 bl="1">5744DCC4CBBFBB18FE3878C4E769EC48F</md5>
-    <md5 bl="1">5371C1DF899F9B148A09E3C6F58C37793</md5>
-    <md5 bl="1">524146F762FD984D5A7F17EA96FA0EE0D</md5>
-    <md5 bl="1">5926F5110613064317E0C6D2D56491C1B</md5>
-    <md5 bl="1">5A8BB2EF9F6D3BB6DB348C00E750EE705</md5>
-    <md5 bl="1">58AA320A3D34CF89EF63BF801DD497490</md5>
-    <md5 bl="1">579EFB776FA67344C7D1B769C0DD1B58A</md5>
-    <md5 bl="1">53C6A69DF4F6E99BE875BDF2A069616C3</md5>
-    <md5 bl="1">515C3664E4A1D248208F05BA8DE2B3C49</md5>
-    <md5 bl="1">5155ACD56CDE9A6DBE32466D1659FF33A</md5>
-    <md5 bl="1">502C4A2085D6F5459A11E1B1023E581F3</md5>
-    <md5 bl="1">5A8B84A09F66AC4769B493896EBB9A722</md5>
-    <md5 bl="1">5EAA8A85FAFEAE73500D3FF85285CF8D8</md5>
-    <md5 bl="1">5625CF242D3ADE7F38EF5ABD0A8612813</md5>
-    <md5 bl="1">50502C36F4EC4C6D2D67F6415BD45AC80</md5>
-    <md5 bl="1">574725393C8662759C6DA558B0B232028</md5>
-    <md5 bl="1">5465ED7AEC726186DCB3FE0D3E99650AD</md5>
-    <md5 bl="1">5D8B41862611B0CDDE43250D8AC6F1777</md5>
-    <md5 bl="1">5b1f86a4c9c7a619427fd81cc684975a4</md5>
-
-    <topapis>
-      <!-- list built based on https://www.bnxnet.com/top-maliciously-used-apis/-->
-      <topapi>GetProcAddress</topapi>
-      <topapi>LoadLibrary</topapi>
-      <topapi>GetModuleHandle</topapi>
-      <topapi>ExitProcess</topapi>
-      <topapi>VirtualAlloc</topapi>
-      <topapi>WriteFile</topapi>
-      <topapi>GetModuleFileName</topapi>
-      <topapi>CloseHandle</topapi>
-      <topapi>RegCloseKey</topapi>
-      <topapi>VirtualFree</topapi>
-      <topapi>GetLastError</topapi>
-      <topapi>Sleep</topapi>
-      <topapi>FreeLibrary</topapi>
-      <topapi>GetCommandLine</topapi>
-      <topapi>MultiByteToWideChar</topapi>
-      <topapi>ReadFile</topapi>
-      <topapi>SetFilePointer</topapi>
-      <topapi>RegQueryValueEx</topapi>
-      <topapi>GetCurrentThreadId</topapi>
-      <topapi>GetTickCount</topapi>
-      <topapi>GetStdHandle</topapi>
-      <topapi>MessageBox</topapi>
-      <topapi>GetStartupInfo</topapi>
-      <topapi>RegOpenKeyEx</topapi>
-      <topapi>GetCurrentProcess</topapi>
-      <topapi>EnterCriticalSection</topapi>
-      <topapi>LeaveCriticalSection</topapi>
-      <topapi>WideCharToMultiByte</topapi>
-      <topapi>DeleteCriticalSection</topapi>
-      <topapi>VirtualProtect</topapi>
-      <topapi>InitializeCriticalSection</topapi>
-      <topapi>LocalAlloc</topapi>
-      <topapi>FindClose</topapi>
-      <topapi>CreateThread</topapi>
-      <topapi>RtlUnwind</topapi>
-    </topapis>
-    
-    <families>
-      <family id="1">COOKIEBAG</family>
-      <family id="2">GREENCAT</family>
-      <family id="3">LONGRUN</family>
-      <family id="4">MACROMAIL</family>
-      <family id="5">MAPIGET</family>
-      <family id="6">NEWSREELS</family>
-      <family id="7">SWORD</family>
-      <family id="8">STARSYPOUND</family>
-      <family id="9">TABMSGSQL</family>
-      <family id="10">TARSIP-MOON</family>
-      <family id="11">TARSIP-ECLIPSE</family>
-      <family id="12">WARP</family>
-      <family id="13">WEBC2</family>
-      <family id="14">WEBC2-ADSPACE</family>
-      <family id="15">WEBC2-BOLID</family>
-      <family id="16">WEBC2-CLOVER</family>
-      <family id="17">WEBC2-CSON</family>
-      <family id="18">WEBC2-GREENCAT</family>
-      <family id="19">WEBC2-KT3</family>
-      <family id="20">WEBC2-RAVE</family>
-      <family id="21">WEBC2-YAHOO</family>
-      <family id="22">WEBC2-Y21K</family>
-    </families>
-
-    <!-- imphash -->
-    <imphashes>
-      <imphash bl="1" family="">2c26ec4a570a502ed3e8484295581989</imphash>
-      <imphash bl="1" family="">b722c33458882a1ab65a13e99efe357e</imphash>
-      <imphash bl="1" family="">2d24325daea16e770eb82fa6774d70f1</imphash>
-      <imphash bl="1" family="">0d72b49ed68430225595cc1efb43ced9</imphash>
-      <imphash bl="1" family="">959711e93a68941639fd8b7fba3ca28f</imphash>
-      <imphash bl="1" family="">4cec0085b43f40b4743dc218c585f2ec</imphash>
-      <imphash bl="1" family="">3b10d6b16f135c366fc8e88cba49bc6c</imphash>
-      <imphash bl="1" family="">4f0aca83dfe82b02bbecce448ce8be00</imphash>
-      <imphash bl="1" family="">ee22b62aa3a63b7c17316d219d555891</imphash>
-      <imphash bl="1" family="">a1a42f57ff30983efda08b68fedd3cfc</imphash>
-      <imphash bl="1" family="">7276a74b59de5761801b35c672c9ccb4</imphash>
-    </imphashes>
-
-    <lib name="msxfs.dll" bl="1" dp="0"></lib>
-    <lib name="dsauth.dll" bl="1" dp="0"></lib>
-    <lib name="mscat32.dll" bl="1" dp="0"></lib>
-    <lib name="ieframe.dll" bl="1" dp="0"></lib>
-    <lib name="mtxoci.dll" bl="1" dp="0"></lib>
-    <lib name="msoert2.dll" bl="1" dp="0"></lib>
-    <lib name="lz32.dll" bl="1" dp="0"></lib>
-    <lib name="iassam.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="certcli.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="wlanui.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="avifil32.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="ndis.sys" bl="1" dp="0" ro="1"></lib>
-    <lib name="authz.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="regapi.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="msgina.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="profmap.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="msdart.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="sqlunirl.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="rtm.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="adsldpc.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="mprddm.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="mprddm.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="rasctrs.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="raschap.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="cryptdlg.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="wpcap.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="snmpapi.dll" bl="1" dp="1" ro="1"></lib>
-    <lib name="acledit.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="dciman32.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="msoeacct.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="dbnmpntw.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="dhcpsapi.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="azroles.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="guard32.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="hotplug.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="itss.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="iexplorer.exe" bl="1" dp="0" ro="1"></lib>
-    <lib name="rdpclip.exe" bl="1" dp="0" ro="1"></lib>
-    <lib name="ctfmon.exe" bl="1" dp="0" ro="1"></lib>
-    <lib name="imm32.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="perfctrs.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="msports.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="lsass.exe" bl="1" dp="0" ro="1"></lib>
-    <lib name="sqlwoa.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="cdosys.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="resutils.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="eappprxy.dll" bl="1" dp="0" ro="1"></lib>
-    <lib name="urlredir.dll" bl="1" dp="0"></lib>
-    <lib name="shimeng.dll" bl="1" dp="0"></lib>
-    <lib name="apphelp.dll" bl="1" dp="0"></lib>
-    <lib name="schannel.dll" bl="1" dp="0"></lib>
-    <lib name="firewallapi.dll" bl="1" dp="0"></lib>
-    <lib name="clusapi.dll" bl="1" dp="0"></lib>
-    <lib name="tapi32.dll" bl="1" dp="0"></lib>
-    <lib name="advpack.dll" bl="1" dp="0"></lib>
-    <lib name="clfsw32.dll" bl="1" dp="0"></lib>
-    <lib name="activeds.dll" bl="1" dp="0"></lib>
-    <lib name="avrt.dll" bl="1" dp="0"></lib>
-    <lib name="gpedit.dll" bl="1" dp="0"></lib>
-    <lib name="iisutil.dll" bl="1" dp="0"></lib>
-    <lib name="winrnr.dll" bl="1" dp="0"></lib>
-    <lib name="oleacc.dll" bl="1" dp="0"></lib>
-    <lib name="shdocvw.dll" bl="0" dp="0"></lib>
-    <lib name="ncrypt.dll" bl="1" dp="0"></lib>
-    <lib name="samlib.dll" bl="1" dp="0"></lib>
-    <lib name="nsi.dll" bl="1" dp="0"></lib>
-    <lib name="vssapi.dll" bl="1" dp="0"></lib>
-    <lib name="dxva2.dll" bl="1" dp="0"></lib>
-    <lib name="msdrm.dll" bl="1" dp="0"></lib>
-    <lib name="srcore.dll" bl="1" dp="0"></lib>
-    <lib name="spp.dll" bl="1" dp="0"></lib>
-    <lib name="ndfapi.dll" bl="1" dp="0"></lib>
-    <lib name="netutils.dll" bl="1" dp="0"></lib>
-    <lib name="slc.dll" bl="1" dp="0"></lib>
-    <lib name="rastls.dll" bl="1" dp="0"></lib>
-    <lib name="detoured.dll" bl="1" dp="0"></lib>
-    <lib name="mspdb100.dll" bl="0" dp="0"></lib>
-    <lib name="colbact.dll" bl="1" dp="0"></lib>
-    <lib name="nvcuda.dll" bl="1" dp="0"></lib>
-    <lib name="zlib1.dll" bl="1" dp="0"></lib>
-    <lib name="mspdb71.dll" bl="0" dp="0"></lib>
-    <lib name="Update.dll" bl="1" dp="0"></lib>
-    <lib name="sbiedll.dll" bl="1" dp="0"></lib>
-    <lib name="Spoon-Plugin.dll" bl="1" dp="0"></lib>
-    <lib name="Au3Zipc.dll" bl="1" dp="0"></lib>
-    <lib name="wdigest.dll" bl="1" dp="0"></lib>
-    <lib name="bcrypt.dll" bl="1" dp="0"></lib>
-    <lib name="dwmapi.dll" bl="1" dp="0"></lib>
-    <lib name="netmsg.dll" bl="0" dp="0"></lib>
-    <lib name="msident.dll" bl="1" dp="0"></lib>
-    <lib name="cfgmgr32.dll" bl="1" dp="0"></lib>
-    <lib name="dsprop.dll" bl="0" dp="0"></lib>
-    <lib name="pstorec.dll" bl="1" dp="0"></lib>
-    <lib name="adsldp.dll" bl="1" dp="0"></lib>
-    <lib name="rsaenh.dll" bl="1" dp="0"></lib>
-    <lib name="sfc_os.dll" bl="1" dp="0"></lib>
-    <lib name="hid.dll" bl="1" dp="0"></lib>
-    <lib name="rasman.dll" bl="1" dp="0"></lib>
-    <lib name="msdtcprx.dll" bl="1" dp="0"></lib>
-    <lib name="console.dll" bl="1" dp="0"></lib>
-    <lib name="msrating.dll" bl="1" dp="0"></lib>
-    <lib name="svchost.exe" bl="1" dp="0"></lib>
-    <lib name="schtask.exe" bl="1" dp="0"></lib>
-    <lib name="firefox.exe" bl="1" dp="0"></lib>
-    <lib name="vmtoolsd.exe" bl="1" dp="0"></lib>
-    <lib name="chrome.exe" bl="1" dp="0"></lib>
-    <lib name="mshta.exe" bl="1" dp="0"></lib>
-    <lib name="cscript.exe" bl="1" dp="0"></lib>
-    <lib name="wscript.exe" bl="1" dp="0"></lib>
-    <lib name="logger.exe" bl="1" dp="0"></lib>
-    <lib name="tor.exe" bl="1" dp="0"></lib>
-    <lib name="at.exe" bl="1" dp="0"></lib>
-    <lib name="dumprep.exe" bl="1" dp="0"></lib>
-    <lib name="vmsrvc.exe" bl="1" dp="0"></lib>
-    <lib name="vmusrvc.exe" bl="1" dp="0"></lib>
-    <lib name="VBoxService.exe" bl="1" dp="0"></lib>
-    <lib name="VBoxTray.exe" bl="1" dp="0"></lib>
-    <lib name="regedt32.exe" bl="1" dp="0"></lib>
-    <lib name="cmd.exe" bl="1" dp="0"></lib>
-    <lib name="winrar.exe" bl="1" dp="0"></lib>
-    <lib name="iexplore.exe" bl="1" dp="0"></lib>
-    <lib name="pagefile.exe" bl="1" dp="0"></lib>
-    <lib name="regedit.exe" bl="1" dp="0"></lib>
-    <lib name="RavService.exe" bl="1" dp="0"></lib>
-    <lib name="reg.exe" bl="1" dp="0"></lib>
-    <lib name="net.exe" bl="1" dp="0"></lib>
-    <lib name="sc.exe" bl="1" dp="0"></lib>
-    <lib name="outlook.exe" bl="1" dp="0"></lib>
-    <lib name="packed.exe" bl="1" dp="0"></lib>
-    <lib name="svchostdll.exe" bl="1" dp="0"></lib>
-    <lib name="iptools.exe" bl="1" dp="0"></lib>
-    <lib name="wireshark.exe" bl="1" dp="0"></lib>
-    <lib name="chrome.exe" bl="1" dp="0"></lib>
-    <lib name="client.exe" bl="1" dp="0"></lib>
-    <lib name="desktop.exe" bl="1" dp="0"></lib>
-    <lib name="adobeflash.exe" bl="1" dp="0"></lib>
-    <lib name="win-firewall.exe" bl="1" dp="0"></lib>
-    <lib name="winsys32.sys" bl="1" dp="0"></lib>
-    <lib name="dwm.exe" bl="1" dp="0"></lib>
-    <lib name="services.exe" bl="1" dp="0"></lib>
-    <lib name="mfc42ul.dll" bl="1" dp="0"></lib>
-    <lib name="msnmsgr.exe" bl="1" dp="0"></lib>
-    <lib name="opera.exe" bl="1" dp="0"></lib>
-    <lib name="navigator.exe" bl="1" dp="0"></lib>
-    <lib name="netscape.exe" bl="1" dp="0"></lib>
-    <lib name="mozilla.exe" bl="1" dp="0"></lib>
-    <lib name="pidgin.exe" bl="1" dp="0"></lib>
-    <lib name="java.exe" bl="1" dp="0"></lib>
-    <lib name="jucheck.exe" bl="1" dp="0"></lib>
-    <lib name="skype.exe" bl="1" dp="0"></lib>
-    <lib name="SkypePM.exe" bl="1" dp="0"></lib>
-    <lib name="seamonkey.exe" bl="1" dp="0"></lib>
-    <lib name="thunderbird.exe" bl="1" dp="0"></lib>
-    <lib name="devenv.exe" bl="1" dp="0"></lib>
-    <lib name="steam.exe" bl="1" dp="0"></lib>
-    <lib name="wininit.exe" bl="1" dp="0"></lib>
-    <lib name="crss.exe" bl="1" dp="0"></lib>
-    <lib name="smss.exe" bl="1" dp="0"></lib>
-    <lib name="stub32.exe" bl="1" dp="0"></lib>
-    <lib name="wmiprvse.exe" bl="1" dp="0"></lib>
-    <lib name="ulib.dll" bl="1" dp="0"></lib>
-    <lib name="osuninst.dll" bl="1" dp="0"></lib>
-    <lib name="ifsutil.dll" bl="1" dp="0"></lib>
-    <lib name="logonui.exe" bl="1" dp="0"></lib>
-    <lib name="spoolsv.exe" bl="1" dp="0"></lib>
-    <lib name="winlogon.exe" bl="1" dp="0"></lib>
-    <lib name="alg.exe" bl="1" dp="0"></lib>
-    <lib name="recycled.exe" bl="1" dp="0"></lib>
-    <lib name="arp.exe" bl="1" dp="0"></lib>
-    <lib name="hostname.exe" bl="1" dp="0"></lib>
-    <lib name="ipconfig.exe" bl="1" dp="0"></lib>
-    <lib name="iprip.exe" bl="1" dp="0"></lib>
-    <lib name="ping.exe" bl="1" dp="0"></lib>
-    <lib name="Updater.exe" bl="1" dp="0"></lib>
-    <lib name="Binder.exe" bl="1" dp="0"></lib>
-    <lib name="tracert.exe" bl="1" dp="0"></lib>
-    <lib name="rsh.exe" bl="1" dp="0"></lib>
-    <lib name="route.exe" bl="1" dp="0"></lib>
-    <lib name="rexec.exe" bl="1" dp="0"></lib>
-    <lib name="ncpa.cpl" bl="1" dp="0"></lib>
-    <lib name="hhctrl.ocx" bl="1" dp="0"></lib>
-    <lib name="mso.dll" bl="1" dp="0"></lib>
-    <lib name="excel.exe" bl="1" dp="0"></lib>
-    <lib name="fltMgr.sys" bl="1" dp="0"></lib>
-    <lib name="cmpbk32.dll" bl="1" dp="0"></lib>
-    <lib name="qutil.dll" bl="1" dp="0"></lib>
-    <lib name="upnphost.dll" bl="1" dp="0"></lib>
-    <lib name="hlink.dll" bl="1" dp="0"></lib>
-    <lib name="msjetoledb40" bl="1" dp="0"></lib>
-    <lib name="inseng.dll" bl="1" dp="0"></lib>
-    <lib name="winupd.exe" bl="1" dp="0"></lib>
-    <lib name="mshta.exe" bl="1" dp="0"></lib>
-    <lib name="scrobj.dll" bl="1" dp="0"></lib>
-
-    <lib name="wlanapi.dll" bl="1" dp="0">
-        <fcts>
-          <fct bl="1">WinDbgExtensionDllInit</fct>
-          <fct bl="1">ExtensionApiVersion</fct>
-          <fct bl="1">CheckVersion</fct>
-        </fcts>
-    </lib>
-
-    <lib name="wab32.dll" bl="1" dp="0">
-      <fcts>
-        <fct bl="1">WABOpen</fct>
-        <fct bl="1">WABCreateIProp</fct>
-        <fct bl="1">WABOpenEx</fct>
-      </fcts>
-    </lib>
-    
-    <lib name="atl80.dll" bl="0">
-      <fcts>
-        <fct od="15" bl="0">AtlComModuleGetClassObject</fct>
-        <fct od="18" bl="1">AtlComModuleRegisterServer</fct>
-        <fct od="22" bl="1">AtlComModuleUnregisterServer</fct>
-        <fct od="23" bl="1">AtlUpdateRegistryFromResourceD</fct>
-        <fct od="30" bl="0">AtlComPtrAssign</fct>
-        <fct od="31" bl="0">AtlComQIPtrAssign</fct>
-        <fct od="32" bl="0">AtlInternalQueryInterface</fct>
-        <fct od="34" bl="0">AtlGetVersion</fct>
-        <fct od="58" bl="0">AtlModuleAddTermFunc</fct>
-        <fct od="61" bl="1">AtlCreateRegistrar</fct>
-        <fct od="64" bl="0">AtlCallTermFunc</fct>
-      </fcts>
-    </lib>
-
-    <lib name="" bl="1">
-      <fcts>
-        <fct>PasswordChangeNotif</fct>
-        <fct>ServiceMain</fct>
-        <fct>HalDispatchTable</fct>
-        <fct>Navigate</fct>
-        <fct>Navigate2</fct>
-        <fct>ExecWB</fct>
-        <fct>PasswordChangeNotif</fct>
-        <fct>InstallHook</fct>
-      </fcts>
-    </lib>
-
-    <lib name="drprov.dll" bl="1" dp="0" ro="1">
-      <fcts>
-        <fct bl="1">AVIFileWriteData</fct>
-      </fcts>
-    </lib>
-
-    <lib name="ssleay32.dll" bl="0" dp="0" ro="1">
-      <fcts>
-        <fct od="5"  dp="0" un="0" pv="0" bl="0" ad="0">SSL_CTX_check_private_key</fct>
-        <fct od="6"  dp="0" un="0" pv="0" bl="0" ad="0">SSL_CTX_ctrl</fct>
-        <fct od="7"  dp="0" un="0" pv="0" bl="0" ad="0">SSL_CTX_flush_sessions</fct>
-        <fct od="8"  dp="0" un="0" pv="0" bl="0" ad="0">SSL_CTX_free</fct>
-        <fct od="9"  dp="0" un="0" pv="0" bl="0" ad="0">SSL_CTX_get_client_CA_list</fct>
-        <fct od="10" dp="0" un="0" pv="0" bl="0" ad="0">SSL_CTX_get_verify_callback</fct>
-        <fct od="12" dp="0" un="0" pv="0" bl="0" ad="0">SSL_CTX_new</fct>
-        <fct od="15" dp="0" un="0" pv="0" bl="0" ad="0">SSL_CTX_set_cipher_list</fct>
-        <fct od="16" dp="0" un="0" pv="0" bl="0" ad="0">SSL_CTX_set_client_CA_list</fct>
-        <fct od="17" dp="0" un="0" pv="0" bl="0" ad="0">SSL_CTX_set_default_passwd_cb</fct>
-        <fct od="18" dp="0" un="0" pv="0" bl="0" ad="0">ssl3_ciphers</fct>
-        <fct od="19" dp="0" un="0" pv="0" bl="0" ad="0">SSL_CTX_set_ssl_version</fct>
-        <fct od="21" dp="0" un="0" pv="0" bl="0" ad="0">SSL_CTX_set_verify</fct>
-        <fct od="30" dp="0" un="0" pv="0" bl="0" ad="0">SSL_CTX_use_certificate_file</fct>
-        <fct od="31" dp="0" un="0" pv="0" bl="0" ad="0">SSL_SESSION_free</fct>
-        <fct od="32" dp="0" un="0" pv="0" bl="0" ad="0">SSL_SESSION_new</fct>
-        <fct od="33" dp="0" un="0" pv="0" bl="0" ad="0">SSL_SESSION_print</fct>
-        <fct od="34" dp="0" un="0" pv="0" bl="0" ad="0">SSL_SESSION_print_fp4</fct>
-        <fct od="35" dp="0" un="0" pv="0" bl="0" ad="0">SSL_accept</fct>
-        <fct od="36" dp="0" un="0" pv="0" bl="0" ad="0">SSL_add_client_CA</fct>
-        <fct od="37" dp="0" un="0" pv="0" bl="0" ad="0">SSL_alert_desc_string</fct>
-        <fct od="38" dp="0" un="0" pv="0" bl="0" ad="0">SSL_alert_desc_string_long</fct>
-        <fct od="39" dp="0" un="0" pv="0" bl="0" ad="0">SSL_alert_type_string</fct>
-        <fct od="40" dp="0" un="0" pv="0" bl="0" ad="0">SSL_alert_type_string_long</fct>
-        <fct od="41" dp="0" un="0" pv="0" bl="0" ad="0">SSL_check_private_key</fct>
-        <fct od="42" dp="0" un="0" pv="0" bl="0" ad="0">SSL_clear</fct>
-        <fct od="43" dp="0" un="0" pv="0" bl="0" ad="0">SSL_connect</fct>
-        <fct od="44" dp="0" un="0" pv="0" bl="0" ad="0">SSL_copy_session_id</fct>
-        <fct od="45" dp="0" un="0" pv="0" bl="0" ad="0">SSL_ctrl</fct>
-        <fct od="46" dp="0" un="0" pv="0" bl="0" ad="0">SSL_dup</fct>
-        <fct od="47" dp="0" un="0" pv="0" bl="0" ad="0">SSL_dup_CA_list</fct>
-        <fct od="48" dp="0" un="0" pv="0" bl="0" ad="0">SSL_free</fct>
-        <fct od="49" dp="0" un="0" pv="0" bl="0" ad="0">SSL_get_certificate</fct>
-        <fct od="52" dp="0" un="0" pv="0" bl="0" ad="0">SSL_get_cipher_list</fct>
-        <fct od="55" dp="0" un="0" pv="0" bl="0" ad="0">SSL_get_ciphers</fct>
-        <fct od="56" dp="0" un="0" pv="0" bl="0" ad="0">SSL_get_client_CA_list</fct>
-        <fct od="57" dp="0" un="0" pv="0" bl="0" ad="0">SSL_get_default_timeout</fct>
-        <fct od="58" dp="0" un="0" pv="0" bl="0" ad="0">SSL_get_error</fct>
-        <fct od="59" dp="0" un="0" pv="0" bl="0" ad="0">SSL_get_fd</fct>
-        <fct od="60" dp="0" un="0" pv="0" bl="0" ad="0">SSL_get_peer_cert_chain</fct>
-        <fct od="61" dp="0" un="0" pv="0" bl="0" ad="0">SSL_get_peer_certificate</fct>
-        <fct od="63" dp="0" un="0" pv="0" bl="0" ad="0">SSL_get_rbio</fct>
-        <fct od="64" dp="0" un="0" pv="0" bl="0" ad="0">SSL_get_read_ahead</fct>
-        <fct od="65" dp="0" un="0" pv="0" bl="0" ad="0">SSL_get_shared_ciphers</fct>
-        <fct od="66" dp="0" un="0" pv="0" bl="0" ad="0">SSL_get_ssl_method</fct>
-        <fct od="70" dp="0" un="0" pv="0" bl="0" ad="0">SSL_get_verify_mode</fct>
-        <fct od="74" dp="0" un="0" pv="0" bl="0" ad="0">SSL_load_error_strings</fct>
-        <fct od="75" dp="0" un="0" pv="0" bl="0" ad="0">SSL_new</fct>
-        <fct od="76" dp="0" un="0" pv="0" bl="0" ad="0">SSL_peek</fct>
-        <fct od="77" dp="0" un="0" pv="0" bl="0" ad="0">SSL_pending</fct>
-        <fct od="78" dp="0" un="0" pv="0" bl="0" ad="0">SSL_read</fct>
-        <fct od="79" dp="0" un="0" pv="0" bl="0" ad="0">SSL_renegotiate</fct>
-        <fct od="80" dp="0" un="0" pv="0" bl="0" ad="0">SSL_rstate_string</fct>
-        <fct od="85" dp="0" un="0" pv="0" bl="0" ad="0">SSL_set_client_CA_list</fct>
-        <fct od="86" dp="0" un="0" pv="0" bl="0" ad="0">SSL_set_connect_state</fct>
-        <fct od="87" dp="0" un="0" pv="0" bl="0" ad="0">SSL_set_fd</fct>
-        <fct od="88" dp="0" un="0" pv="0" bl="0" ad="0">SSL_set_read_ahead</fct>
-        <fct od="89" dp="0" un="0" pv="0" bl="0" ad="0">SSL_set_rfd</fct>
-        <fct od="90" dp="0" un="0" pv="0" bl="0" ad="0">SSL_set_session</fct>
-        <fct od="96" dp="0" un="0" pv="0" bl="0" ad="0">SSL_shutdown</fct>
-        <fct od="108" dp="0" un="0" pv="0" bl="0" ad="0">SSL_write</fct>
-        <fct od="110" dp="0" un="0" pv="0" bl="0" ad="0">SSLv23_client_method</fct>
-        <fct od="150" dp="0" un="0" pv="0" bl="0" ad="0">SSL_get_SSL_CTX</fct>
-        <fct od="151" dp="0" un="0" pv="0" bl="0" ad="0">SSL_get_ex_data</fct>
-        <fct od="153" dp="0" un="0" pv="0" bl="0" ad="0">SSL_get_quiet_shutdown</fct>
-        <fct od="154" dp="0" un="0" pv="0" bl="0" ad="0">SSL_get_session</fct>
-        <fct od="155" dp="0" un="0" pv="0" bl="0" ad="0">SSL_get_shutdown</fct>
-        <fct od="157" dp="0" un="0" pv="0" bl="0" ad="0">SSL_get_verify_result</fct>
-        <fct od="158" dp="0" un="0" pv="0" bl="0" ad="0">SSL_set_ex_data</fct>
-        <fct od="160" dp="0" un="0" pv="0" bl="0" ad="0">SSL_set_info_callback</fct>
-        <fct od="178" dp="0" un="0" pv="0" bl="0" ad="0">SSL_CTX_set_timeout</fct>
-        <fct od="183" dp="0" un="0" pv="0" bl="0" ad="0">SSL_library_init</fct>
-        <fct od="242" dp="0" un="0" pv="0" bl="0" ad="0">SSL_get1_session</fct>
-      </fcts>
-    </lib>
-
-    <lib name="libeay32.dll" bl="0" dp="0" ro="1">
-      <fcts>
-        <fct od="7"  dp="0" un="0" pv="0" bl="0" ad="0">ASN1_INTEGER_get</fct>
-        <fct od="66"  dp="0" un="0" pv="0" bl="0" ad="0">BIO_free</fct>
-        <fct od="100"  dp="0" un="0" pv="0" bl="0" ad="0">BIO_set</fct>
-        <fct od="101"  dp="0" un="0" pv="0" bl="0" ad="0">BIO_set_cipher</fct>
-        <fct od="102"  dp="0" un="0" pv="0" bl="0" ad="0">BIO_set_tcp_ndelay</fct>
-        <fct od="103"  dp="0" un="0" pv="0" bl="0" ad="0">BIO_sock_cleanup</fct>
-        <fct od="104"  dp="0" un="0" pv="0" bl="0" ad="0">BIO_sock_error</fct>
-        <fct od="105"  dp="0" un="0" pv="0" bl="0" ad="0">BIO_sock_init</fct>
-        <fct od="106"  dp="0" un="0" pv="0" bl="0" ad="0">BIO_sock_non_fatal_error</fct>
-        <fct od="107"  dp="0" un="0" pv="0" bl="0" ad="0">BIO_sock_should_retry</fct>
-        <fct od="108"  dp="0" un="0" pv="0" bl="0" ad="0">BIO_socket_ioctl</fct>
-        <fct od="109"  dp="0" un="0" pv="0" bl="0" ad="0">BIO_write</fct>
-        <fct od="110"  dp="0" un="0" pv="0" bl="0" ad="0">BN_CTX_free</fct>
-        <fct od="111"  dp="0" un="0" pv="0" bl="0" ad="0">BN_CTX_new</fct>
-        <fct od="112"  dp="0" un="0" pv="0" bl="0" ad="0">BN_MONT_CTX_free</fct>
-        <fct od="113"  dp="0" un="0" pv="0" bl="0" ad="0">BN_MONT_CTX_new</fct>
-        <fct od="114"  dp="0" un="0" pv="0" bl="0" ad="0">BN_MONT_CTX_set</fct>
-        <fct od="115"  dp="0" un="0" pv="0" bl="0" ad="0">BN_add</fct>
-        <fct od="116"  dp="0" un="0" pv="0" bl="0" ad="0">BN_add_word</fct>
-        <fct od="117"  dp="0" un="0" pv="0" bl="0" ad="0">BN_hex2bn</fct>
-        <fct od="118"  dp="0" un="0" pv="0" bl="0" ad="0">BN_bin2bn</fct>
-        <fct od="119"  dp="0" un="0" pv="0" bl="0" ad="0">BN_bn2hex</fct>
-        <fct od="120"  dp="0" un="0" pv="0" bl="0" ad="0">BN_bn2bin</fct>
-        <fct od="121"  dp="0" un="0" pv="0" bl="0" ad="0">BN_clear</fct>
-        <fct od="122"  dp="0" un="0" pv="0" bl="0" ad="0">BN_clear_bit</fct>
-        <fct od="123"  dp="0" un="0" pv="0" bl="0" ad="0">BN_clear_free</fct>
-        <fct od="124"  dp="0" un="0" pv="0" bl="0" ad="0">BN_cmp</fct>
-        <fct od="125"  dp="0" un="0" pv="0" bl="0" ad="0">BN_copy</fct>
-        <fct od="126"  dp="0" un="0" pv="0" bl="0" ad="0">BN_div</fct>
-        <fct od="127"  dp="0" un="0" pv="0" bl="0" ad="0">BN_div_word</fct>
-        <fct od="128"  dp="0" un="0" pv="0" bl="0" ad="0">BN_dup</fct>
-        <fct od="129"  dp="0" un="0" pv="0" bl="0" ad="0">BN_free</fct>
-        <fct od="130"  dp="0" un="0" pv="0" bl="0" ad="0">BN_from_montgomery</fct>
-        <fct od="131"  dp="0" un="0" pv="0" bl="0" ad="0">BN_gcd</fct>
-        <fct od="132"  dp="0" un="0" pv="0" bl="0" ad="0">BN_generate_prime</fct>
-        <fct od="133"  dp="0" un="0" pv="0" bl="0" ad="0">BN_get_word</fct>
-        <fct od="134"  dp="0" un="0" pv="0" bl="0" ad="0">BN_is_bit_set</fct>
-        <fct od="135"  dp="0" un="0" pv="0" bl="0" ad="0">BN_is_prime</fct>
-        <fct od="136"  dp="0" un="0" pv="0" bl="0" ad="0">BN_lshift</fct>
-        <fct od="137"  dp="0" un="0" pv="0" bl="0" ad="0">BN_lshift1</fct>
-        <fct od="138"  dp="0" un="0" pv="0" bl="0" ad="0">BN_mask_bits</fct>
-        <fct od="140"  dp="0" un="0" pv="0" bl="0" ad="0">BN_mod_exp</fct>
-        <fct od="146"  dp="0" un="0" pv="0" bl="0" ad="0">BN_mod_mul_montgomery</fct>
-        <fct od="220"  dp="0" un="0" pv="0" bl="0" ad="0">DSAparams_print</fct>
-        <fct od="221"  dp="0" un="0" pv="0" bl="0" ad="0">DSAparams_print_fp</fct>
-        <fct od="222"  dp="0" un="0" pv="0" bl="0" ad="0">ERR_clear_error</fct>
-        <fct od="223"  dp="0" un="0" pv="0" bl="0" ad="0">ERR_error_string</fct>
-        <fct od="224"  dp="0" un="0" pv="0" bl="0" ad="0">ERR_free_strings</fct>
-        <fct od="225"  dp="0" un="0" pv="0" bl="0" ad="0">ERR_func_error_string</fct>
-        <fct od="226"  dp="0" un="0" pv="0" bl="0" ad="0">ERR_get_err_state_table</fct>
-        <fct od="227"  dp="0" un="0" pv="0" bl="0" ad="0">ERR_get_error</fct>
-        <fct od="228"  dp="0" un="0" pv="0" bl="0" ad="0">ERR_get_error_line</fct>
-        <fct od="229"  dp="0" un="0" pv="0" bl="0" ad="0">ERR_get_state</fct>
-        <fct od="250"  dp="0" un="0" pv="0" bl="0" ad="0">ERR_print_errors</fct>
-        <fct od="251"  dp="0" un="0" pv="0" bl="0" ad="0">ERR_print_errors_fp</fct>
-        <fct od="252"  dp="0" un="0" pv="0" bl="0" ad="0">ERR_put_error</fct>
-        <fct od="253"  dp="0" un="0" pv="0" bl="0" ad="0">ERR_reason_error_string</fct>
-        <fct od="254"  dp="0" un="0" pv="0" bl="0" ad="0">ERR_remove_state</fct>
-        <fct od="255"  dp="0" un="0" pv="0" bl="0" ad="0">EVP_BytesToKey</fct>
-        <fct od="320"  dp="0" un="0" pv="0" bl="0" ad="0">EVP_idea_ecb</fct>
-        <fct od="321"  dp="0" un="0" pv="0" bl="0" ad="0">EVP_idea_ofb</fct>
-        <fct od="322"  dp="0" un="0" pv="0" bl="0" ad="0">EVP_md2</fct>
-        <fct od="323"  dp="0" un="0" pv="0" bl="0" ad="0">EVP_md5</fct>
-        <fct od="324"  dp="0" un="0" pv="0" bl="0" ad="0">EVP_md_null</fct>
-        <fct od="325"  dp="0" un="0" pv="0" bl="0" ad="0">EVP_rc2_cbc</fct>
-        <fct od="326"  dp="0" un="0" pv="0" bl="0" ad="0">EVP_rc2_cfb64</fct>
-        <fct od="327"  dp="0" un="0" pv="0" bl="0" ad="0">EVP_rc2_ecb</fct>
-        <fct od="328"  dp="0" un="0" pv="0" bl="0" ad="0">EVP_rc2_ofb</fct>
-        <fct od="329"  dp="0" un="0" pv="0" bl="0" ad="0">EVP_rc4</fct>
-        <fct od="330"  dp="0" un="0" pv="0" bl="0" ad="0">EVP_read_pw_string</fct>
-        <fct od="339"  dp="0" un="0" pv="0" bl="0" ad="0">MD5</fct>
-        <fct od="340"  dp="0" un="0" pv="0" bl="0" ad="0">MD5_Final</fct>
-        <fct od="341"  dp="0" un="0" pv="0" bl="0" ad="0">MD5_Init</fct>
-        <fct od="342"  dp="0" un="0" pv="0" bl="0" ad="0">MD5_Update</fct>
-        <fct od="356"  dp="0" un="0" pv="0" bl="0" ad="0">OBJ_obj2nid</fct>
-        <fct od="361"  dp="0" un="0" pv="0" bl="0" ad="0">OBJ_nid2ln</fct>
-        <fct od="464"  dp="0" un="0" pv="0" bl="0" ad="0">RAND_bytes</fct>
-        <fct od="465"  dp="0" un="0" pv="0" bl="0" ad="0">RAND_cleanup</fct>
-        <fct od="466"  dp="0" un="0" pv="0" bl="0" ad="0">RAND_file_name</fct>
-        <fct od="467"  dp="0" un="0" pv="0" bl="0" ad="0">RAND_load_file</fct>
-        <fct od="468"  dp="0" un="0" pv="0" bl="0" ad="0">RAND_screen</fct>
-        <fct od="469"  dp="0" un="0" pv="0" bl="0" ad="0">RAND_seed</fct>
-        <fct od="470"  dp="0" un="0" pv="0" bl="0" ad="0">RAND_write_file</fct>
-        <fct od="471"  dp="0" un="0" pv="0" bl="0" ad="0">RC2_cbc_encrypt</fct>
-        <fct od="472"  dp="0" un="0" pv="0" bl="0" ad="0">RC2_cfb64_encrypt</fct>
-        <fct od="473"  dp="0" un="0" pv="0" bl="0" ad="0">RC2_ecb_encrypt</fct>
-        <fct od="474"  dp="0" un="0" pv="0" bl="0" ad="0">RC2_encrypt</fct>
-        <fct od="475"  dp="0" un="0" pv="0" bl="0" ad="0">RC2_ofb64_encrypt</fct>
-        <fct od="476"  dp="0" un="0" pv="0" bl="0" ad="0">RC2_set_key</fct>
-        <fct od="477"  dp="0" un="0" pv="0" bl="0" ad="0">RC4</fct>
-        <fct od="478"  dp="0" un="0" pv="0" bl="0" ad="0">RC4_options</fct>
-        <fct od="479"  dp="0" un="0" pv="0" bl="0" ad="0">RC4_set_key</fct>
-        <fct od="480"  dp="0" un="0" pv="0" bl="0" ad="0">RSAPrivateKey_asn1_meth</fct>
-        <fct od="500"  dp="0" un="0" pv="0" bl="0" ad="0">SHA</fct>
-        <fct od="501"  dp="0" un="0" pv="0" bl="0" ad="0">SHA1</fct>
-        <fct od="502"  dp="0" un="0" pv="0" bl="0" ad="0">SHA1_Final</fct>
-        <fct od="503"  dp="0" un="0" pv="0" bl="0" ad="0">SHA1_Init</fct>
-        <fct od="504"  dp="0" un="0" pv="0" bl="0" ad="0">SHA1_Update</fct>
-        <fct od="505"  dp="0" un="0" pv="0" bl="0" ad="0">SHA_Final</fct>
-        <fct od="506"  dp="0" un="0" pv="0" bl="0" ad="0">SHA_Init</fct>
-        <fct od="507"  dp="0" un="0" pv="0" bl="0" ad="0">SHA_Update</fct>
-        <fct od="509"  dp="0" un="0" pv="0" bl="0" ad="0">OpenSSL_add_all_ciphers</fct>
-        <fct od="510"  dp="0" un="0" pv="0" bl="0" ad="0">OpenSSL_add_all_digests</fct>
-        <fct od="511"  dp="0" un="0" pv="0" bl="0" ad="0">TXT_DB_create_index</fct>
-        <fct od="512"  dp="0" un="0" pv="0" bl="0" ad="0">TXT_DB_free</fct>
-        <fct od="513"  dp="0" un="0" pv="0" bl="0" ad="0">TXT_DB_get_by_index</fct>
-        <fct od="514"  dp="0" un="0" pv="0" bl="0" ad="0">TXT_DB_insert</fct>
-        <fct od="515"  dp="0" un="0" pv="0" bl="0" ad="0">TXT_DB_read</fct>
-        <fct od="516"  dp="0" un="0" pv="0" bl="0" ad="0">TXT_DB_write</fct>
-        <fct od="585"  dp="0" un="0" pv="0" bl="0" ad="0">X509_NAME_oneline</fct>
-        <fct od="641"  dp="0" un="0" pv="0" bl="0" ad="0">X509_free</fct>
-        <fct od="653"  dp="0" un="0" pv="0" bl="0" ad="0">X509_get_issuer_name</fct>
-        <fct od="656"  dp="0" un="0" pv="0" bl="0" ad="0">X509_get_serialNumber0</fct>
-        <fct od="657"  dp="0" un="0" pv="0" bl="0" ad="0">X509_get_subject_name0</fct>
-        <fct od="746"  dp="0" un="0" pv="0" bl="0" ad="0">d2i_PKCS7_bio</fct>
-        <fct od="780"  dp="0" un="0" pv="0" bl="0" ad="0">DES_cfb64_encrypt</fct>
-        <fct od="781"  dp="0" un="0" pv="0" bl="0" ad="0">DES_cfb_encrypt</fct>
-        <fct od="782"  dp="0" un="0" pv="0" bl="0" ad="0">DES_decrypt3</fct>
-        <fct od="783"  dp="0" un="0" pv="0" bl="0" ad="0">DES_ecb3_encrypt</fct>
-        <fct od="784"  dp="0" un="0" pv="0" bl="0" ad="0">DES_ecb_encrypt</fct>
-        <fct od="785"  dp="0" un="0" pv="0" bl="0" ad="0">DES_ede3_cbc_encrypt</fct>
-        <fct od="786"  dp="0" un="0" pv="0" bl="0" ad="0">DES_ede3_cfb64_encrypt</fct>
-        <fct od="787"  dp="0" un="0" pv="0" bl="0" ad="0">DES_ede3_ofb64_encrypt</fct>
-        <fct od="788"  dp="0" un="0" pv="0" bl="0" ad="0">DES_enc_read</fct>
-        <fct od="789"  dp="0" un="0" pv="0" bl="0" ad="0">DES_enc_write</fct>
-        <fct od="790"  dp="0" un="0" pv="0" bl="0" ad="0">DES_encrypt1</fct>
-        <fct od="809"  dp="0" un="0" pv="0" bl="0" ad="0">DES_set_odd_parity</fct>
-        <fct od="904"  dp="0" un="0" pv="0" bl="0" ad="0">sk_find</fct>
-        <fct od="905"  dp="0" un="0" pv="0" bl="0" ad="0">sk_free</fct>
-        <fct od="962"  dp="0" un="0" pv="0" bl="0" ad="0">HMAC</fct>
-        <fct od="1095" dp="0" un="0" pv="0" bl="0" ad="0">BN_init</fct>
-        <fct od="1653"  dp="0" un="0" pv="0" bl="0" ad="0">sk_value</fct>
-        <fct od="1654"  dp="0" un="0" pv="0" bl="0" ad="0">sk_num</fct>
-        <fct od="1882"  dp="0" un="0" pv="0" bl="0" ad="0">BIO_new_mem_buf</fct>
-        <fct od="2145" dp="0" un="0" pv="0" bl="0" ad="0">PKCS7_verify</fct>
-        <fct od="2146" dp="0" un="0" pv="0" bl="0" ad="0">PKCS7_encrypt</fct>
-        <fct od="2147" dp="0" un="0" pv="0" bl="0" ad="0">DES_set_key_unchecked</fct>
-        <fct od="2148" dp="0" un="0" pv="0" bl="0" ad="0">SMIME_crlf_copy</fct>
-        <fct od="2149" dp="0" un="0" pv="0" bl="0" ad="0">i2d_ASN1_PRINTABLESTRING</fct>
-        <fct od="2150" dp="0" un="0" pv="0" bl="0" ad="0">PKCS7_get0_signers</fct>
-        <fct od="2200" dp="0" un="0" pv="0" bl="0" ad="0">X509at_get_attr_by_OBJ</fct>
-        <fct od="2201" dp="0" un="0" pv="0" bl="0" ad="0">RAND_add</fct>
-        <fct od="2202" dp="0" un="0" pv="0" bl="0" ad="0">BIO_number_written</fct>
-        <fct od="2203" dp="0" un="0" pv="0" bl="0" ad="0">BIO_number_read</fct>
-        <fct od="2204" dp="0" un="0" pv="0" bl="0" ad="0">X509_STORE_CTX_get1_chain</fct>
-        <fct od="2205" dp="0" un="0" pv="0" bl="0" ad="0">ERR_load_RAND_strings</fct>
-        <fct od="2206" dp="0" un="0" pv="0" bl="0" ad="0">RAND_pseudo_bytes</fct>
-        <fct od="2250" dp="0" un="0" pv="0" bl="0" ad="0">PEM_write_bio_X509_REQ_NEW</fct>
-        <fct od="2251" dp="0" un="0" pv="0" bl="0" ad="0">PEM_write_X509_REQ_NEW</fct>
-        <fct od="2252" dp="0" un="0" pv="0" bl="0" ad="0">BIO_callback_ctrl</fct>
-        <fct od="2253" dp="0" un="0" pv="0" bl="0" ad="0">RAND_egd</fct>
-        <fct od="2254" dp="0" un="0" pv="0" bl="0" ad="0">RAND_status</fct>
-        <fct od="2433" dp="0" un="0" pv="0" bl="0" ad="0">MD4</fct>
-        <fct od="2434" dp="0" un="0" pv="0" bl="0" ad="0">MD4_Transform</fct>
-        <fct od="2435" dp="0" un="0" pv="0" bl="0" ad="0">MD4_Final</fct>
-        <fct od="2436" dp="0" un="0" pv="0" bl="0" ad="0">MD4_Update</fct>
-        <fct od="2437" dp="0" un="0" pv="0" bl="0" ad="0">MD4_Init</fct>
-        <fct od="3712"  dp="0" un="0" pv="0" bl="0" ad="0">SHA256_Final</fct>
-        <fct od="3479"  dp="0" un="0" pv="0" bl="0" ad="0">SHA256_Init</fct>
-        <fct od="3765"  dp="0" un="0" pv="0" bl="0" ad="0">SHA256_Update</fct>
-      </fcts>
-    </lib>
-
-
-    <lib name="packet.dll" bl="1" dp="0" ro="1">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketAllocatePacket</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketCloseAdapter</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketFreePacket</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketGetAdapterNames</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketGetAirPcapHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketGetDriverVersion</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketGetNetInfoEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketGetNetType</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketGetReadEvent</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketGetStats</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketGetStatsEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketGetVersion</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketInitPacket</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketIsDumpEnded</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketLibraryVersion</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketOpenAdapter</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketReceivePacket</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketRequest</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketSendPacket</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketSendPackets</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketSetBpf</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketSetBuff</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketSetDumpLimits</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketSetDumpName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketSetHwFilter</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketSetLoopbackBehavior</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketSetMinToCopy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketSetMode</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketSetNumWrites</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketSetReadTimeout</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketSetSnapLen</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PacketStopDriver</fct>
-      </fcts>
-    </lib>
-
-
-    <lib name="msimg32.dll" bl="1" dp="0" ro="1">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DllInitialize</fct>
-      </fcts>
-    </lib>
-
-    <lib name="mshtml.dll" bl="1" dp="0" ro="1"></lib>
-
-    <lib name="cmdial32.dll" bl="1" dp="0" ro="1">
-      <fcts>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">InetDialHandler</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">CmCustomDialDlg</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">AutoDialFunc</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">CmReConnect</fct>
-      </fcts>
-    </lib>
-
-    <lib name="esent.dll" bl="1" dp="0">
-      <fcts>
-        <fct un="1">JetGetCounter</fct>
-      </fcts>
-    </lib>
-
-    <lib name="odbc32.dll" bl="1" dp="0">
-      <fcts>
-        <fct></fct>
-        <fct od="1" dp="0" un="0" pv="0" bl="1">SQLAllocConnect</fct>
-        <fct od="2" dp="0" un="0" pv="0" bl="1">SQLAllocEnv</fct>
-        <fct od="3" dp="0" un="0" pv="0" bl="1">SQLAllocStmt</fct>
-        <fct od="4" dp="0" un="0" pv="0" bl="1">SQLBindCol</fct>
-        <fct od="5" dp="0" un="0" pv="0" bl="1">SQLCancel</fct>
-        <fct od="7" dp="0" un="0" pv="0" bl="1">SQLConnect</fct>
-        <fct od="9" dp="0" un="0" pv="0" bl="1">SQLDisconnect</fct>
-        <fct od="11" dp="0" un="0" pv="0" bl="1">SQLExecDirect</fct>
-        <fct od="12" dp="0" un="0" pv="0" bl="1">SQLExecute</fct>
-        <fct od="13" dp="0" un="0" pv="0" bl="1">SQLFetch</fct>
-        <fct od="16" dp="0" un="0" pv="0" bl="1">SQLFreeStmt</fct>
-        <fct od="18" dp="0" un="0" pv="0" bl="1">SQLNumResultCols</fct>
-        <fct od="19" dp="0" un="0" pv="0" bl="1">SQLPrepare</fct>
-        <fct od="20" dp="0" un="0" pv="0" bl="1">SQLRowCount</fct>
-        <fct od="23" dp="0" un="0" pv="0" bl="1">SQLTransact</fct>
-        <fct od="24" dp="0" un="0" pv="0" bl="1">SQLAllocHandle</fct>
-        <fct od="25" dp="0" un="0" pv="0" bl="1">SQLBindParam</fct>
-        <fct od="26" dp="0" un="0" pv="0" bl="1">SQLCloseCursor</fct>
-        <fct od="28" dp="0" un="0" pv="0" bl="1">SQLCopyDesc</fct>
-        <fct od="29" dp="0" un="0" pv="0" bl="1">SQLEndTran</fct>
-        <fct od="30" dp="0" un="0" pv="0" bl="1">SQLFetchScroll</fct>
-        <fct od="31" dp="0" un="0" pv="0" bl="1">SQLFreeHandle</fct>
-        <fct od="39" dp="0" un="0" pv="0" bl="1">SQLSetConnectAttr</fct>
-        <fct od="40" dp="0" un="0" pv="0" bl="1">SQLColumns</fct>
-        <fct od="41" dp="0" un="0" pv="0" bl="1">SQLDriverConnect</fct>
-        <fct od="42" dp="0" un="0" pv="0" bl="1">SQLGetConnectOption</fct>
-        <fct od="43" dp="0" un="0" pv="0" bl="1">SQLGetData</fct>
-        <fct od="44" dp="0" un="0" pv="0" bl="1">SQLGetFunctions</fct>
-        <fct od="45" dp="0" un="0" pv="0" bl="1">SQLGetInfo</fct>
-        <fct od="48" dp="0" un="0" pv="0" bl="1">SQLParamData</fct>
-        <fct od="49" dp="0" un="0" pv="0" bl="1">SQLPutData</fct>
-        <fct od="50" dp="0" un="0" pv="0" bl="1">SQLSetConnectOption</fct>
-        <fct od="55" dp="0" un="0" pv="0" bl="1">SQLBrowseConnect</fct>
-        <fct od="56" dp="0" un="0" pv="0" bl="1">SQLColumnPrivileges</fct>
-        <fct od="61" dp="0" un="0" pv="0" bl="1">SQLMoreResults</fct>
-        <fct od="62" dp="0" un="0" pv="0" bl="1">SQLNativeSql</fct>
-        <fct od="63" dp="0" un="0" pv="0" bl="1">SQLNumParams</fct>
-        <fct od="64" dp="0" un="0" pv="0" bl="1">SQLParamOptions</fct>
-        <fct od="65" dp="0" un="0" pv="0" bl="1">SQLPrimaryKeys</fct>
-        <fct od="66" dp="0" un="0" pv="0" bl="1">SQLProcedureColumns</fct>
-        <fct od="67" dp="0" un="0" pv="0" bl="1">SQLProcedures</fct>
-        <fct od="68" dp="0" un="0" pv="0" bl="1">SQLSetPos</fct>
-        <fct od="69" dp="0" un="0" pv="0" bl="1">SQLSetScrollOptions</fct>
-        <fct od="70" dp="0" un="0" pv="0" bl="1">SQLTablePrivileges</fct>
-        <fct od="71" dp="0" un="0" pv="0" bl="1">SQLDrivers</fct>
-        <fct od="72" dp="0" un="0" pv="0" bl="1">SQLBindParameter</fct>
-        <fct od="73" dp="0" un="0" pv="0" bl="1">SQLSetDescField</fct>
-        <fct od="74" dp="0" un="0" pv="0" bl="1">SQLSetDescRec</fct>
-        <fct od="75" dp="0" un="0" pv="0" bl="1">SQLSetEnvAttr</fct>
-        <fct od="76" dp="0" un="0" pv="0" bl="1">SQLSetStmtAttr</fct>
-        <fct od="77" dp="0" un="0" pv="0" bl="1">SQLAllocHandleStd</fct>
-        <fct od="78" dp="0" un="0" pv="0" bl="1">SQLBulkOperations</fct>
-        <fct od="79" dp="0" un="0" pv="0" bl="1">CloseODBCPerfData</fct>
-        <fct od="80" dp="0" un="0" pv="0" bl="1">CollectODBCPerfData</fct>
-        <fct od="87" dp="0" un="0" pv="0" bl="1">DllBidEntryPoint</fct>
-        <fct od="88" dp="0" un="0" pv="0" bl="1">GetODBCSharedData</fct>
-        <fct od="89" dp="0" un="0" pv="0" bl="1">LockHandle</fct>
-        <fct od="90" dp="0" un="0" pv="0" bl="1">ODBCInternalConnect</fct>
-        <fct od="91" dp="0" un="0" pv="0" bl="1">OpenODBCPerfData</fct>
-        <fct od="92" dp="0" un="0" pv="0" bl="1">PostComponentError</fct>
-        <fct od="93" dp="0" un="0" pv="0" bl="1">PostODBCComponentError</fct>
-        <fct od="94" dp="0" un="0" pv="0" bl="1">PostODBCError</fct>
-        <fct od="95" dp="0" un="0" pv="0" bl="1">SQLCancelHandle</fct>
-        <fct od="96" dp="0" un="0" pv="0" bl="1">SearchStatusCode</fct>
-        <fct od="107" dp="0" un="0" pv="0" bl="1">SQLConnect</fct>
-        <fct od="108" dp="0" un="0" pv="0" bl="1">SQLDescribeColW</fct>
-        <fct od="111" dp="0" un="0" pv="0" bl="1">SQLExecDirect</fct>
-        <fct od="117" dp="0" un="0" pv="0" bl="1">SQLGetCursorName</fct>
-        <fct od="119" dp="0" un="0" pv="0" bl="1">SQLPrepare</fct>
-        <fct od="127" dp="0" un="0" pv="0" bl="1">SQLColAttribute</fct>
-        <fct od="132" dp="0" un="0" pv="0" bl="1">SQLGetConnectAttr</fct>
-        <fct od="133" dp="0" un="0" pv="0" bl="1">SQLGetDescField</fct>
-        <fct od="134" dp="0" un="0" pv="0" bl="1">SQLGetDescRec</fct>
-        <fct od="136" dp="0" un="0" pv="0" bl="1">SQLGetDiagRecW</fct>
-        <fct od="138" dp="0" un="0" pv="0" bl="1">SQLGetStmtAttr</fct>
-        <fct od="139" dp="0" un="0" pv="0" bl="1">SQLSetConnectAttr</fct>
-        <fct od="140" dp="0" un="0" pv="0" bl="1">SQLColumns</fct>
-        <fct od="141" dp="0" un="0" pv="0" bl="1">SQLDriverConnect</fct>
-        <fct od="142" dp="0" un="0" pv="0" bl="1">SQLGetConnectOption</fct>
-        <fct od="145" dp="0" un="0" pv="0" bl="1">SQLGetInfo</fct>
-        <fct od="147" dp="0" un="0" pv="0" bl="1">SQLGetTypeInfo</fct>
-        <fct od="150" dp="0" un="0" pv="0" bl="1">SQLSetConnectOption</fct>
-        <fct od="152" dp="0" un="0" pv="0" bl="1">SQLSpecialColumns</fct>
-        <fct od="153" dp="0" un="0" pv="0" bl="1">SQLStatistics</fct>
-        <fct od="154" dp="0" un="0" pv="0" bl="1">SQLTables</fct>
-        <fct od="155" dp="0" un="0" pv="0" bl="1">SQLBrowseConnect</fct>
-        <fct od="156" dp="0" un="0" pv="0" bl="1">SQLColumnPrivileges</fct>
-        <fct od="157" dp="0" un="0" pv="0" bl="1">SQLDataSources</fct>
-        <fct od="160" dp="0" un="0" pv="0" bl="1">SQLForeignKeys</fct>
-        <fct od="162" dp="0" un="0" pv="0" bl="1">SQLNativeSql</fct>
-        <fct od="170" dp="0" un="0" pv="0" bl="1">SQLTablePrivileges</fct>
-        <fct od="171" dp="0" un="0" pv="0" bl="1">SQLDrivers</fct>
-        <fct od="173" dp="0" un="0" pv="0" bl="1">SQLSetDescField</fct>
-        <fct od="176" dp="0" un="0" pv="0" bl="1">SQLSetStmtAttr</fct>
-        <fct od="207" dp="0" un="0" pv="0" bl="1">SQLConnect</fct>
-        <fct od="211" dp="0" un="0" pv="0" bl="1">SQLExecDirect</fct>
-        <fct od="239" dp="0" un="0" pv="0" bl="1">SQLSetConnectAttr</fct>
-        <fct od="241" dp="0" un="0" pv="0" bl="1">SQLDriverConnect</fct>
-        <fct od="242" dp="0" un="0" pv="0" bl="1">SQLGetConnectOption</fct>
-        <fct od="253" dp="0" un="0" pv="0" bl="1">SQLStatistics</fct>
-        <fct od="255" dp="0" un="0" pv="0" bl="1">SQLBrowseConnect</fct>
-        <fct od="256" dp="0" un="0" pv="0" bl="1">SQLColumnPrivileges</fct>
-        <fct od="257" dp="0" un="0" pv="0" bl="1">SQLDataSources</fct>
-        <fct od="262" dp="0" un="0" pv="0" bl="1">SQLNativeSql</fct>
-        <fct od="270" dp="0" un="0" pv="0" bl="1">SQLTablePrivileges</fct>
-        <fct od="271" dp="0" un="0" pv="0" bl="1">SQLDrivers</fct>
-      </fcts>
-    </lib>
-
-    <lib name="winshfhc.dll" bl="1" dp="0">
-      <fcts>
-        <fct od="101" dp="0" un="0" pv="0" bl="0" ad="0">EstimateFileRiskLevel</fct>
-      </fcts>
-    </lib>
-
-    <lib name="netplwiz.dll" bl="1" dp="0" >
-      <fcts>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">PassportWizardRunDll</fct>
-      </fcts>
-    </lib>
-
-    <lib name="mydocs.dll" bl="1" dp="0">
-      <fcts>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">PerUserInit</fct>
-      </fcts>
-    </lib>
-
-   
-    <lib name="shimgvw.dll" bl="1" dp="0">
-      <fcts>
-        <fct  dp="1" un="0" pv="0" bl="1" ad="0">ImageRecompress</fct>
-      </fcts>
-    </lib>
-
-    <lib name="riched20.dll" bl="0" dp="0">
-      <fcts>
-        <fct od="4" p="0" un="0" pv="0" bl="0" ad="0">CreateTextServices</fct>
-      </fcts>
-    </lib>
-
-    <lib name="rasapi32.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RasGetConnectStatus</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RasHangUp</fct>
-      </fcts>
-    </lib>
-
-    <lib name="xmllite.dll" bl="1" dp="0">
-      <fcts>
-      </fcts>
-    </lib>
-
-    <lib name="wldap32.dll" bl="1" dp="0">
-      <fcts>
-        <fct od="22"   dp="0" un="0" pv="0" bl="0" ad="0">ldap_err2string</fct>
-        <fct od="26"   dp="0" un="0" pv="0" bl="0" ad="0">ldap_first_entry</fct>
-        <fct od="27"   dp="0" un="0" pv="0" bl="0" ad="0">ldap_next_entry</fct>
-        <fct od="30"   dp="0" un="0" pv="0" bl="0" ad="0">ldap_get_dn</fct>
-        <fct od="32"   dp="0" un="0" pv="0" bl="0" ad="0">ldap_first_attribute</fct>
-        <fct od="33"   dp="0" un="0" pv="0" bl="0" ad="0">ldap_next_attribute</fct>
-        <fct od="35"   dp="0" un="0" pv="0" bl="0" ad="0">ldap_get_values_len</fct>
-        <fct od="41"   dp="0" un="0" pv="0" bl="0" ad="0">ldap_msgfree</fct>
-        <fct od="46"   dp="0" un="0" pv="0" bl="0" ad="0">ldap_unbind_s</fct>
-        <fct od="50"   dp="0" un="0" pv="0" bl="0" ad="0">ldap_search_s</fct>
-        <fct od="60"   dp="0" un="0" pv="0" bl="0" ad="0">ldap_simple_bind_s</fct>
-        <fct od="79"   dp="0" un="0" pv="0" bl="0" ad="0">ldap_value_free_len</fct>
-        <fct od="143"  dp="0" un="0" pv="0" bl="0" ad="0">ldap_init</fct>
-        <fct od="146"  dp="0" un="0" pv="0" bl="1" ad="0">ldap_memfree</fct>
-        <fct od="211"  dp="0" un="0" pv="0" bl="0" ad="0">ldap_set_option</fct>
-        <fct od="301"  dp="0" un="0" pv="0" bl="0" ad="0">ber_free</fct>
-      </fcts>
-    </lib>
-
-    <lib name="scarddlg.dll" bl="1" dp="0">
-      <fcts>
-        <fct od="1" dp="0" un="0" pv="0" bl="1" ad="0">GetOpenCardNameA</fct>
-        <fct od="2" dp="0" un="0" pv="0" bl="1" ad="0">GetOpenCardNameW</fct>
-        <fct od="3" dp="0" un="0" pv="0" bl="1" ad="0">SCardDlgExtendedError</fct>
-        <fct od="4" dp="0" un="0" pv="0" bl="1" ad="0">SCardUIDlgSelectCardA</fct>
-        <fct od="5" dp="0" un="0" pv="0" bl="1" ad="0">SCardUIDlgSelectCardW</fct>
-      </fcts>
-    </lib>
-
-    <lib name="sisbkup.dll" bl="1" dp="0">
-      <fcts>
-      </fcts>
-    </lib>
-
-    <lib name="mswsock.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">NPLoadNameSpaces</fct>
-      </fcts>
-    </lib>
-
-    <lib name="wintrust.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinVerifyTrust</fct>
-      </fcts>
-    </lib>
-
-    <lib name="onex.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">OneXAddEapAttributes</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">OneXAddTLV</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">OneXCompareAuthParams</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">OneXCopyAuthParams</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">OneXCreateDefaultProfile</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">OneXCreateDiscoveryProfiles</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">OneXCreateSupplicantPort</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">OneXDeInitialize</fct>
-      </fcts>
-    </lib>
-
-    <lib name="lsasrv.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LsaGetLogonSessionData</fct>
-      </fcts>
-    </lib>
-
-    <lib name="gdi32.dll" bl="0" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EngLoadModule</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTAcquireKeyedMutex</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTCheckExclusiveOwnership</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTCheckMonitorPowerState</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTCheckOcclusion</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTCheckSharedResourceAccess</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTCheckVidPnExclusiveOwnership</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTCloseAdapter</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTConfigureSharedResource</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTCreateAllocation2</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTCreateAllocation</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTCreateContext</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTCreateDCFromMemory</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTCreateDevice</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTCreateKeyedMutex</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTCreateOverlay</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTCreateSynchronizationObject2</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTCreateSynchronizationObject</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTDestroyAllocation</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTDestroyContext</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTDestroyDCFromMemory</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTDestroyDevice</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTDestroyKeyedMutex</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTDestroyOverlay</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTDestroySynchronizationObject</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTEscape</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTFlipOverlay</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTGetContextSchedulingPriority</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTGetDeviceState</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTGetDisplayModeList</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTGetMultisampleMethodList</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTGetOverlayState</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTGetPresentHistory</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTGetPresentQueueEvent</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTGetProcessSchedulingPriorityClass</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTGetRuntimeData</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTGetScanLine</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTGetSharedPrimaryHandle</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTInvalidateActiveVidPn</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTLock</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTOpenAdapterFromDeviceName</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTOpenAdapterFromGdiDisplayName</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTOpenAdapterFromHdc</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTOpenKeyedMutex</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTOpenResource2</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTOpenResource</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTOpenSynchronizationObject</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTPollDisplayChildren</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTPresent</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTQueryAdapterInfo</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTQueryAllocationResidency</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTQueryResourceInfo</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTQueryStatistics</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTReleaseKeyedMutex</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTReleaseProcessVidPnSourceOwners</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTRender</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTSetAllocationPriority</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTSetContextSchedulingPriority</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTSetDisplayMode</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTSetDisplayPrivateDriverFormat</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTSetGammaRamp</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTSetProcessSchedulingPriorityClass</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTSetQueuedLimit</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTSetVidPnSourceOwner</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTSharedPrimaryLockNotification</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTSharedPrimaryUnLockNotification</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTSignalSynchronizationObject2</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTSignalSynchronizationObject</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTUnlock</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTUpdateOverlay</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTWaitForIdle</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTWaitForSynchronizationObject2</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTWaitForSynchronizationObject</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">D3DKMTWaitForVerticalBlankEvent</fct>
-      </fcts>
-    </lib>
-
-    <lib name="query.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CICreateCommand</fct>
-      </fcts>
-    </lib>
-
-    <lib name="security.dll" bl="1" dp="0">
-      <fcts>
-      </fcts>
-    </lib>
-
-    <lib name="rastapi.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">PortCompressionSetInfo</fct>
-      </fcts>
-    </lib>
-
-    <lib name="msutb.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ClosePopupTipbar</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">GetChildTipbar</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">GetPopupTipbar</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SetRegisterLangBand</fct>
-      </fcts>
-    </lib>
-
-    <lib name="pdh.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="0" ad="0">PdhOpenQuery</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PdhAddCounter</fct>
-        <fct dp="0" un="0" pv="0" bl="0" ad="0">PdhCollectQueryData</fct>
-        <fct dp="0" un="0" pv="0" bl="0" ad="0">PdhGetFormattedCounterValue</fct>
-        <fct dp="0" un="0" pv="0" bl="0" ad="0">PdhCloseQuery</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">PdhAdd009CounterA</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">PdhAdd009CounterW</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">PdhCreateSQLTablesA</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">PdhCreateSQLTablesW</fct>
-        <fct dp="0" un="1" pv="0" bl="0" ad="0">SetSoftwareUpdateAdvertisementState</fct>
-        <fct dp="0" un="1" pv="0" bl="0" ad="0">GetSoftwareUpdateInfo</fct>
-      </fcts>
-    </lib>
-
-    <lib name="msvbvm60.dll" bl="0" dp="0">
-      <fcts>
-        <fct od="100" bl="1">ThunRTMain</fct>
-        <fct od="186" bl="1">ProcCallEngine</fct>
-        <fct od="187" bl="1">DllFunctionCall</fct>
-        <fct od="199" bl="1">MethCallEngine</fct>
-        <fct od="512" bl="0">rtcLeftBstr</fct>
-        <fct od="513" bl="0">rtcLeftVar</fct>
-        <fct od="514" bl="0">rtcRightBstr</fct>
-        <fct od="515" bl="0">rtcRightVar</fct>
-        <fct od="516" bl="0">rtcAnsiValueBstr</fct>
-        <fct od="517" bl="0">rtcLowerCaseBstr</fct>
-        <fct od="518" bl="0">rtcLowerCaseVar</fct>
-        <fct od="519" bl="0">rtcTrimBstr</fct>
-        <fct od="520" bl="0">rtcTrimVar</fct>
-        <fct od="521" bl="0">rtcLeftTrimBstr</fct>
-        <fct od="522" bl="0">rtcLeftTrimVar</fct>
-        <fct od="523" bl="0">rtcRightTrimBstr</fct>
-        <fct od="524" bl="0">rtcRightTrimVar</fct>
-        <fct od="525" bl="0">rtcSpaceBstr</fct>
-        <fct od="526" bl="0">rtcSpaceVar</fct>
-        <fct od="527" bl="0">rtcUpperCaseBstr</fct>
-        <fct od="528" bl="0">rtcUpperCaseVar</fct>
-        <fct od="529" bl="1">rtcKillFiles</fct>
-        <fct od="530" bl="1">rtcChangeDir</fct>
-        <fct od="531" bl="1">rtcMakeDir</fct>
-        <fct od="532" bl="1">rtcRemoveDir</fct>
-        <fct od="533" bl="1">rtcChangeDrive</fct>
-        <fct od="538" bl="0">rtcPackDate</fct>
-        <fct od="539" bl="0">rtcPackTime</fct>
-        <fct od="540" bl="0">rtcGetDateValue</fct>
-        <fct od="541" bl="0">rtcGetTimeValue</fct>
-        <fct od="542" bl="0">rtcGetDayOfMonth</fct>
-        <fct od="543" bl="0">rtcGetHourOfDay</fct>
-        <fct od="544" bl="0">rtcGetMinuteOfHour</fct>
-        <fct od="545" bl="0">rtcGetMonthOfYear</fct>
-        <fct od="546" bl="0">rtcGetPresentDate</fct>
-        <fct od="547" bl="0">rtcGetSecondOfMinute</fct>
-        <fct od="548" bl="0">rtcSetDateVar</fct>
-        <fct od="549" bl="0">rtcSetDateBstr</fct>
-        <fct od="550" bl="0">rtcSetTimeVar</fct>
-        <fct od="551" bl="0">rtcSetTimeBstr</fct>
-        <fct od="552" bl="0">rtcGetDayOfWeek</fct>
-        <fct od="553" bl="0">rtcGetYear</fct>
-        <fct od="544" bl="0">rtcGetMinuteOfHour</fct>
-        <fct od="545" bl="0">rtcGetMonthOfYear</fct>
-        <fct od="546" bl="0">rtcGetPresentDate</fct>
-        <fct od="570" bl="0">rtcFileLength</fct>
-        <fct od="576" bl="0">rtcFileCopy</fct>
-        <fct od="578" bl="0">rtcFileLen</fct>
-        <fct od="579" bl="0">rtcGetFileAttr</fct>
-        <fct od="580" bl="0">rtcSetFileAttr</fct>
-        <fct od="581" bl="0">rtcR8ValFromBstr</fct>
-        <fct od="582" bl="1">rtcSin</fct>
-        <fct od="583" bl="1">rtcCos</fct>
-        <fct od="584" bl="1">rtcTan</fct>
-        <fct od="585" bl="1">rtcAtn</fct>
-        <fct od="586" bl="1">rtcExp</fct>
-        <fct od="587" bl="1">rtcLog</fct>
-        <fct od="593" bl="1">rtcRandomNext</fct>
-        <fct od="594" bl="1">rtcRandomize</fct>
-        <fct od="595" bl="0">rtcMsgBox</fct>
-        <fct od="597" bl="1">rtcAppActivate</fct>
-        <fct od="598" bl="0">rtcDoEvents</fct>
-        <fct od="599" bl="1">rtcSendKeys</fct>
-        <fct od="600" bl="1">rtcShell</fct>
-        <fct od="623" bl="1">__vbaWriteFile</fct>
-        <fct od="624" bl="1">rtcGetHostLCID</fct>
-        <fct od="625" bl="1">rtcCreateObject</fct>
-        <fct od="626" bl="1">rtcGetObject</fct>
-        <fct od="627" bl="1">rtcAppleScript</fct>
-        <fct od="628" bl="1">rtcMidBstr</fct>
-        <fct od="629" bl="1">rtcMidVar</fct>
-        <fct od="630" bl="1">rtcInStr</fct>
-        <fct od="644" bl="1">VarPtr</fct>
-        <fct od="645" bl="0">rtcDir</fct>
-        <fct od="680" bl="0">rtcRate</fct>
-        <fct od="681" bl="0">rtcImmediateIf</fct>
-        <fct od="685" bl="0">rtcErrObj</fct>
-        <fct od="686" bl="0">rtUI1FromErrVar</fct>
-        <fct od="687" bl="0">rtcVarDateFromVar</fct>
-        <fct od="688" bl="0">_adj_fdiv_m32</fct>
-        <fct od="689" bl="0">rtcGetSetting</fct>
-        <fct od="690" bl="0">rtcSaveSetting</fct>
-        <fct od="691" bl="0">rtcDeleteSetting</fct>
-        <fct od="692" bl="0">rtcGetAllSettings</fct>
-        <fct od="693" bl="0">rtcByteValueBstr</fct>
-        <fct od="694" bl="0">rtcBstrFromByte</fct>
-        <fct od="695" bl="0">rtcVarBstrFromByte</fct>
-        <fct od="696" bl="0">rtcCharValueBstr</fct>
-        <fct od="697" bl="0">rtcBstrFromChar</fct>
-        <fct od="698" bl="0">rtcVarBstrFromChar</fct>
-        <fct od="699" bl="0">rtcSetCurrentCalendar</fct>
-        <fct od="700" bl="0">rtcGetCurrentCalendar</fct>
-        <fct od="701" bl="0">_adj_fdiv_m32i</fct>
-        <fct od="702" bl="0">rtcFormatNumber2</fct>
-        <fct od="703" bl="0">rtcFormatCurrency</fct>
-        <fct od="704" bl="0">rtcFormatPercent</fct>
-        <fct od="705" bl="0">rtcFormatDateTime</fct>
-        <fct od="706" bl="0">rtcWeekdayName</fct>
-        <fct od="707" bl="0">rtcMonthName</fct>
-        <fct od="708" bl="0">rtcFilter</fct>
-        <fct od="709" bl="0">rtcInStrRev</fct>
-        <fct od="710" bl="0">rtcJoin</fct>
-        <fct od="711" bl="0">rtcSplit</fct>
-        <fct od="712" bl="0">rtcReplace</fct>
-        <fct od="713" bl="0">rtcStrReverse</fct>
-        <fct od="714" bl="0">rtcRound</fct>
-        <fct od="715" bl="1">rtcCallByNameE1B6</fct>
-        <fct od="716" bl="1">rtcCreateObject2</fct>
-        <fct od="717" bl="0">rtcStrConvVar2</fct>
-      </fcts>
-    </lib>
-
-    <lib name="odbccp32.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLConfigDriver</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLConfigDriver</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLCreateDataSource</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLCreateDataSourceEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLCreateDataSource</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLGetAvailableDrivers</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLGetConfigMode</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLGetInstalledDrivers</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLGetPrivateProfileString</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLGetTranslator</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLInstallDriver</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLInstallDriverEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLInstallDriverManager</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLInstallODBC</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLInstallTranslator</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLInstallTranslatorEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLInstallerError</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLLoadDataSourcesListBox</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLLoadDriverListBox</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLManageDataSources</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLPostInstallerError</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLReadFileDSN</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLRemoveDSNFromIni</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLRemoveDefaultDataSource</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLRemoveDriver</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLRemoveDriverManager</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLRemoveTranslator</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLSetConfigMode</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLValidDSN</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLWriteDSNToIni</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLWriteFileDSN</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLWritePrivateProfileString</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SelectTransDlg</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CloseODBCPerfData</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CollectODBCPerfData</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetODBCSharedData</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ODBCInternalConnectW</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ODBCQualifyFileDSNW</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OpenODBCPerfData</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLConnect</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLCopyDesc</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLDrivers</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLEndTran</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLExecDirect</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLExecute</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLGetConnectAttr</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLGetConnectOption</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLGetData</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLGetFunctions</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLNativeSql</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLProcedures</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLSetConnectAttr</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLTables</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SQLTransact</fct>
-      </fcts>
-    </lib>
-
-    <lib name="kernel32.dll" bl="0" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1">SetFilePointerEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1">SetFilePointer</fct>
-        <fct dp="0" un="0" pv="0" bl="1">SetEndOfFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetConsoleProcessList</fct>
-        <fct dp="0" un="0" pv="0" bl="1">BaseFlushAppcompatCache</fct>
-        <fct dp="0" un="0" pv="0" bl="1">BaseCheckAppcompatCache</fct>
-        <fct dp="0" un="0" pv="0" bl="1">ReOpenFile</fct>
-        <fct dp="0" un="1" pv="0" bl="1">ExpungeConsoleCommandHistory</fct>
-        <fct dp="1" un="0" pv="0" bl="0">RequestWakeupLatency</fct>
-        <fct dp="0" un="1" pv="0" bl="0">IMPQueryIMEW</fct>
-        <fct dp="0" un="1" pv="0" bl="0">SetMessageWaitingIndicator</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetThreadSelectorEntry</fct>
-        <fct dp="1" un="0" pv="0" bl="0">LocalLock</fct>
-        <fct dp="1" un="0" pv="0" bl="0">LocalSize</fct>
-        <fct dp="1" un="0" pv="0" bl="0">GlobalWire</fct>
-        <fct dp="0" un="0" pv="0" bl="1">Heap32Next</fct>
-        <fct dp="0" un="0" pv="0" bl="1">Heap32First</fct>
-        <fct dp="0" un="0" pv="0" bl="1">VerifyVersionInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1">CompareFileTime</fct>
-        <fct dp="0" un="0" pv="0" bl="1">SetConsoleTitle</fct>
-        <fct dp="0" un="1" pv="0" bl="1">GetNumberOfConsoleInputEvents</fct>
-        <fct dp="0" un="1" pv="0" bl="1">WriteConsoleOutputAttribute</fct>
-        <fct dp="0" un="1" pv="0" bl="1">GlobalCompact</fct>
-        <fct dp="0" un="0" pv="0" bl="1">SearchPath</fct>
-        <fct dp="0" un="0" pv="1" bl="1">SetTimeZoneInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1">FlushConsoleInputBuffer</fct>
-        <fct dp="0" un="0" pv="0" bl="1">ReadConsoleOutputCharacter</fct>
-        <fct dp="0" un="0" pv="0" bl="1">PurgeComm</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetDefaultCommConfig</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetCommProperties</fct>
-        <fct dp="0" un="0" pv="0" bl="1">CommConfigDialog</fct>
-        <fct dp="0" un="0" pv="0" bl="1">SetFileApisToOEM</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetNamedPipeHandleState</fct>
-        <fct dp="1" un="0" pv="0" bl="1">GetCommConfig</fct>
-        <fct dp="0" un="0" pv="0" bl="0" us="1">FoldString</fct>
-        <fct dp="1" un="0" pv="0" bl="0">_hread</fct>
-        <fct dp="1" un="0" pv="0" bl="0">_hwrite</fct>
-        <fct dp="1" un="0" pv="0" bl="0">_lclose</fct>
-        <fct dp="1" un="0" pv="0" bl="0">_lcreat</fct>
-        <fct dp="1" un="0" pv="0" bl="0">_llseek</fct>
-        <fct dp="1" un="0" pv="0" bl="0">_lopen</fct>
-        <fct dp="1" un="0" pv="0" bl="0">_lread</fct>
-        <fct dp="1" un="0" pv="0" bl="0">_lwrite</fct>
-        <fct dp="1" un="0" pv="0" bl="0">EnumCalendarInfoEx</fct>
-        <fct dp="1" un="0" pv="0" bl="0">OpenFile</fct>
-        <fct dp="1" un="0" pv="0" bl="0">SetHandleCount</fct>
-        <fct dp="1" un="0" pv="0" bl="0">IsBadStringPtr</fct>
-        <fct dp="1" un="0" pv="0" bl="0">GetLocaleInfo</fct>
-        <fct dp="1" un="0" pv="0" bl="0">GetPrivateProfileSection</fct>
-        <fct dp="1" un="0" pv="0" bl="1">GetPrivateProfileSectionNames</fct>
-        <fct dp="1" un="0" pv="0" bl="0">GetPrivateProfileStruct</fct>
-        <fct dp="1" un="0" pv="0" bl="1">GetProfileInt</fct>
-        <fct dp="1" un="0" pv="0" bl="0">GetProfileSection</fct>
-        <fct dp="1" un="0" pv="0" bl="0">GetProfileString</fct>
-        <fct dp="1" un="0" pv="0" bl="0">GetVersion</fct>
-        <fct dp="1" un="0" pv="0" bl="0">GlobalFix</fct>
-        <fct dp="1" un="0" pv="0" bl="0">GlobalAlloc</fct>
-        <fct dp="1" un="0" pv="0" bl="0">GlobalFlags</fct>
-        <fct dp="1" un="0" pv="0" bl="0">GlobalUnlock</fct>
-        <fct dp="1" un="0" pv="0" bl="0">GlobalLock</fct>
-        <fct dp="1" un="0" pv="0" bl="0">GetStringTypeA</fct>
-        <fct dp="1" un="0" pv="0" bl="0">GlobalFree</fct>
-        <fct dp="1" un="0" pv="0" bl="0">GlobalReAlloc</fct>
-        <fct dp="1" un="0" pv="0" bl="0">GlobalHandle</fct>
-        <fct dp="1" un="0" pv="0" bl="0">IsBadReadPtr</fct>
-        <fct dp="1" un="0" pv="0" bl="0">LoadModule</fct>
-        <fct dp="1" un="0" pv="0" bl="0">LocalAlloc</fct>
-        <fct dp="1" un="0" pv="0" bl="0">LocalFree</fct>
-        <fct dp="1" un="0" pv="0" bl="0">LocalReAlloc</fct>
-        <fct dp="1" un="0" pv="0" bl="0">LCMapString</fct>
-        <fct dp="1" un="0" pv="0" bl="0">WritePrivateProfileStruct</fct>
-        <fct dp="1" un="0" pv="0" bl="1">WriteProfileSection</fct>
-        <fct dp="1" un="0" pv="0" bl="1">WriteProfileString</fct>
-        <fct dp="0" un="0" pv="1" bl="1">SetSystemTimeAdjustment</fct>
-        <fct dp="0" un="0" pv="0" bl="1">FindCloseChangeNotification</fct>
-        <fct dp="0" un="0" pv="0" bl="1">IsSystemResumeAutomatic</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetSystemDirectory</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetProcessIoCounters</fct>
-        <fct dp="1" un="0" pv="0" bl="1">SetSystemPowerState</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetProcessTimes</fct>
-        <fct dp="0" un="0" pv="0" bl="1">SetProcessShutdownParameters</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetProcessShutdownParameters</fct>
-        <fct dp="0" un="0" pv="0" bl="1">MapUserPhysicalPagesScatter</fct>
-        <fct dp="0" un="0" pv="0" bl="1">AllocateUserPhysicalPages</fct>
-        <fct dp="0" un="0" pv="0" bl="1">FatalExit</fct>
-        <fct dp="0" un="1" pv="0" bl="1">GlobalUnWire</fct>
-        <fct dp="0" un="0" pv="0" bl="1">CeipIsOptedIn</fct>
-        <fct dp="0" un="0" pv="0" bl="1">IsNativeVhdBoot</fct>
-        <fct dp="0" un="0" pv="0" bl="1">DnsHostnameToComputerName</fct>
-        <fct dp="0" un="0" pv="0" bl="1">SetCommMask</fct>
-        <fct dp="0" un="0" pv="0" bl="1">SetCommState</fct>
-        <fct dp="0" un="0" pv="0" bl="1">SetCommTimeouts</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetCommModemStatus</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetCommTimeouts</fct>
-        <fct dp="0" un="0" pv="0" bl="1">CreateSymbolicLink</fct>
-        <fct dp="0" un="0" pv="0" bl="1">CreateSymbolicLinkTransacted</fct>
-        <fct dp="0" un="0" pv="0" bl="1">CreateHardLink</fct>
-        <fct dp="0" un="0" pv="0" bl="1">ConvertThreadToFiber</fct>
-        <fct dp="0" un="0" pv="0" bl="1">CreateFiberEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1">DelayLoadFailureHook</fct>
-        <fct dp="0" un="0" pv="0" bl="1">DeleteFiber</fct>
-        <fct dp="0" un="0" pv="0" bl="1">EnumSystemFirmwareTables</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetPhysicallyInstalledSystemMemory</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetSystemFirmwareTable</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetConsoleScreenBufferInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetCurrentProcessorNumber</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetCurrentProcessorNumberEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetOEMCP</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetDevicePowerState</fct>
-        <fct dp="0" un="0" pv="0" bl="1">FindActCtxSectionString</fct>
-        <fct dp="0" un="0" pv="0" bl="1">FindFirstVolumeMountPoint</fct>
-        <fct dp="0" un="0" pv="0" bl="1">FindNextVolumeMountPoint</fct>
-        <fct dp="0" un="0" pv="0" bl="1">FreeLibraryWhenCallbackReturns</fct>
-        <fct dp="0" un="0" pv="0" bl="1">FreeUserPhysicalPages</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetCompressedFileSize</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetWriteWatch</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetVolumeInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetLargestConsoleWindowSize</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetLogicalDriveStrings</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetGeoInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetUserGeoID</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetProcessVersion</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetDeviceDriverBaseName</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetLogicalDrives</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetProductInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetCurrentPackageId</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetConsoleWindow</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetTempFileName</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetProcessId</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetModuleHandleEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetThreadTimes</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetSystemInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetNativeSystemInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetExitCodeThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetProcessAffinityMask</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetTimeZoneInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetThreadLocale</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetFileAttributes</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetProcessWindowStation</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetUserObjectInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetUserObjectSecurity</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetDesktopWindow</fct>
-        <fct dp="0" un="0" pv="0" bl="1">CreateDesktop</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetThreadDesktop</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetConsoleAlias</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetConsoleAliasExes</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetConsoleAliasExesLength</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetConsoleAliases</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetConsoleAliasesLength</fct>
-        <fct dp="0" un="1" pv="0" bl="1">GetConsoleCommandHistory</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetConsoleCommandHistoryLength</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetConsoleDisplayMode</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetConsoleFontInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetConsoleFontSize</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetConsoleHardwareState</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetConsoleInputWaitHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetCurrentConsoleFont</fct>
-        <fct dp="0" un="0" pv="0" bl="1">GetNumberOfConsoleFonts</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1">TransactNamedPipe</fct>
-        <fct dp="0" un="0" pv="0" bl="1">CreateThreadpool</fct>
-        <fct dp="0" un="0" pv="0" bl="1">CreateThreadpoolCleanupGroup</fct>
-        <fct dp="0" un="0" pv="0" bl="1">CreateThreadpoolIo</fct>
-        <fct dp="0" un="0" pv="0" bl="1">CreateThreadpoolTimer</fct>
-        <fct dp="0" un="0" pv="0" bl="1">CreateThreadpoolWait</fct>
-        <fct dp="0" un="0" pv="0" bl="1">CreateThreadpoolWork</fct>
-        <fct dp="0" un="0" pv="0" bl="1">MapViewOfFileEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1">ReadFileScatter</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1">WTSGetActiveConsoleSessionId</fct>
-        <fct dp="0" un="0" pv="0" bl="1">VerSetConditionMask</fct>
-        <fct dp="0" un="0" pv="0" bl="1">FreeEnvironmentStrings</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1">ExitThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1">VirtualUnlock</fct>
-        <fct dp="0" un="0" pv="0" bl="1">WriteConsoleInput</fct>
-        <fct dp="0" un="0" pv="0" bl="1">OpenThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1">HeapSummary</fct>
-        <fct dp="0" un="0" pv="0" bl="1">ConsoleMenuControl</fct>
-        <fct dp="0" un="0" pv="0" bl="1">NlsGetCacheUpdateCount</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1">QueryWorkingSet</fct>
-        <fct dp="0" un="0" pv="0" bl="1">QueryFullProcessImageName</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1">AddVectoredExceptionHandler</fct>
-        <fct dp="0" un="0" pv="0" bl="1">EnumCalendarInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1">EnumResourceLanguages</fct>
-        <fct dp="0" un="0" pv="0" bl="1">EnumResourceTypes</fct>
-        <fct dp="0" un="0" pv="0" bl="1">SetThreadLocale</fct>
-        <fct dp="0" un="0" pv="0" bl="1">NetScheduleJobAdd</fct>
-        <fct dp="0" un="0" pv="0" bl="1">EnumDeviceDrivers</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1">ReplaceFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1">HeapWalk</fct>
-        <fct dp="0" un="0" pv="0" bl="1">CloseWindowStation</fct>
-        <fct dp="0" un="0" pv="0" bl="1">CreateSemaphore</fct>
-        <fct dp="0" un="0" pv="0" bl="1">ReleaseSemaphore</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1">CreateDirectory</fct>
-        <fct dp="0" un="0" pv="0" bl="1">CreateDirectoryEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1">ReadDirectoryChanges</fct>
-        <fct dp="0" un="1" pv="0" bl="1">RegisterConsoleVDM</fct>
-        <fct dp="0" un="1" pv="0" bl="1">VDMOperationStarted</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1">CreateWindowStation</fct>
-        <fct dp="0" un="0" pv="0" bl="1">EnumWindowStations</fct>
-        <fct dp="0" un="0" pv="0" bl="1">OpenWindowStation</fct>
-        <fct dp="0" un="0" pv="0" bl="1">CloseDesktop</fct>
-        <fct dp="0" un="0" pv="0" bl="1">CreateDesktopEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1">EnumDesktops</fct>
-        <fct dp="0" un="0" pv="0" bl="1">EnumDesktopWindows</fct>
-        <fct dp="0" un="0" pv="0" bl="1">OpenDesktop</fct>
-        <fct dp="0" un="0" pv="0" bl="1">SwitchDesktop</fct>
-        <fct dp="0" un="0" pv="0" bl="1">OpenInputDesktop</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AttachConsole</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AddConsoleAlias</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WriteConsole</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WriteConsoleOutput</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ReadConsole</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ReadConsoleInput</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ReadConsoleInputEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AllocConsole</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FreeConsole</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GenerateConsoleCtrlEvent</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetConsoleTitle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FillConsoleOutputCharacter</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CloseConsoleHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ConsoleSubst</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ExpungeConsoleCommandHistory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InvalidateConsoleDIBits</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OpenConsole</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ShowConsoleCursor</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">VerifyConsoleIoHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DuplicateConsoleHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetConsoleInputExeName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetConsoleKeyboardLayoutName</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AddClipboardFormatListener</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ChangeClipboardChain</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CloseClipboard</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CountClipboardFormats</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EmptyClipboard</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumClipboardFormats</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetClipboardData</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetClipboardFormatName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetClipboardOwner</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetClipboardSequenceNumber</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetClipboardViewer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetOpenClipboardWindow</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetPriorityClipboardFormat</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetUpdatedClipboardFormats</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IsClipboardFormatAvailable</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OpenClipboard</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegisterClipboardFormat</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RemoveClipboardFormatListener</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegisterClipboardFormat</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ResolveDelayLoadedAPI</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ResolveDelayLoadsFromDll</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PackDDElParam</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UnpackDDElParam</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FreeDDElParam</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LockWorkStation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LockSetForegroundWindow</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinHelp</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CallWindowProc</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">keybd_event</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UnregisterHotKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetDoubleClickTime</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumThreadWindows</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">BroadcastSystemMessage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">BroadcastSystemMessageEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetInputState</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetMessageExtraInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetMessagePos</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetMessageTime</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetQueueStatus</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PeekMessage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PeekConsoleInput</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PostMessage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PostQuitMessage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PostThreadMessage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InSendMessage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InSendMessageEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegisterWindowMessage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ReplyMessage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SendAsyncProc</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SendMessageTimeout</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SendMessage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SendMessageCallback</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SendNotifyMessage</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WaitMessage</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetKeyboardState</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetCapture</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetGUIThreadInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">BlockInput</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ChangeWindowMessageFilter</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ChangeWindowMessageFilterEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LockWorkStation</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">BackupRead</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">BackupSeek</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">BackupWrite</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreateTapePartition</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EraseTape</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetTapeParameters</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetTapePosition</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetTapeStatus</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PrepareTape</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WriteTapemark</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetLogicalProcessorInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="0" ad="0">OpenEvent</fct>
-        <fct dp="0" un="0" pv="0" bl="0" ad="0">ResetEvent</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetSystemPowerStatus</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ExitProcess</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetFileType</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IsValidLanguageGroup</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EncodePointer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DecodePointer</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindResource</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LockResource</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindResourceEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">BeginUpdateResource</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EndUpdateResource</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LoadResource</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SizeofResource</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">FreeResource</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EraseTape</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetTapeStatus</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlCaptureStackBackTrace</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegisterEventSource</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegisterHotKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumResourceNames</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetProcessMitigationPolicy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetProcessDEPPolicy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">QueryPerformanceFrequency</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MoveFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MoveFileEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MoveFileWithProgress</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MoveFileTransacted</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">HeapQueryInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InterlockedPushEntrySList</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetLogicalProcessorInformationEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UnlockFileEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LockFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LockFileEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UnlockFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CopyLZFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LZCopy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LZCreateFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LZInit</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LZOpenFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LZSeek</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LZStart</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetThreadStackGuarantee</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetEnvironmentVariable</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetFileAttributes</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetProcessAffinityMask</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetThreadAffinityMask</fct>
-        <fct dp="0" un="0" pv="0" bl="0" ad="0">SetEvent</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetTapeParameters</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetTapePosition</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetMessageExtraInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetKeyboardState</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetClipboardData</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetClipboardViewer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetConsoleIcon</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetConsoleInputExeName</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SetConsoleCursor</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetConsoleCtrlHandler</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetConsoleMode</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetThreadDesktop</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetUserObjectInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetUserObjectSecurity</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetProcessWindowStation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetCurrentDirectory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetComputerName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetComputerNameEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetDefaultDllDirectories</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetFirmwareEnvironmentVariable</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetFirmwareEnvironmentVariableEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetConsoleDisplayMode</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetConsoleFont</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetConsoleHardwareState</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetConsoleKeyShortcuts</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SetConsoleMaximumWindowSize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetConsoleMenuClose</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SetConsoleNumberOfCommands</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetConsolePalette</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetLastConsoleEventActive</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetDllDirectory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetProcessDEPPolicy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetLastError</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetThreadPriority</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetNamedPipeHandleState</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetErrorMode</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SetVDMCurrentDirectories</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RegisterWowBaseHandlers</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ZwProtectVirtualMemory</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SetCPGlobal</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">BaseInitAppcompatCacheSupport</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SetStdHandleEx</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">CheckElevationEnabled</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">Basep8BitStringToDynamicUnicodeString</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">BaseGetNamedObjectDirectory</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">BaseFormatTimeOut</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RtlAcquireResourceExclusive</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RtlAcquireResourceShared</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RtlDeleteResource</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RtlDumpResource</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RtlInitializeResource</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RtlLockCurrentThread</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RtlReleaseResource</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RtlTraceDatabaseAdd</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RtlTraceDatabaseCreate</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RtlTraceDatabaseDestroy</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RtlTraceDatabaseEnumerate</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RtlTraceDatabaseFind</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RtlTraceDatabaseLock</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RtlTraceDatabaseUnlock</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RtlTraceDatabaseValidate</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RtlUnlockCurrentThread</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">AddCommasExport</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">AppCompat_RunDLL</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">CheckStagingArea</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">CreateAutoListParser</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">CreateInfoTipFromItem</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">CreateInfoTipFromItem2</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">DisconnectWindowsDialog</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">GetAppPathFromLink</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">GetSqmableFileName</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">Int64ToString</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">IsElevationRequired</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">IsSearchEnabled</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">LargeIntegerToString</fct>
-        <fct dp="1" un="1" pv="0" bl="1" ad="0">LinkWindow_RegisterClass</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">PathGetPathDisplayName</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">PathIsTemporary</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">Printers_RegisterWindow</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">Printers_UnregisterWindow</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">Printer_AddPrinterPropPages</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">Printer_LoadIcons</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RefreshBrowserLayout</fct>
-        <fct od="311" dp="0" un="1" pv="0" bl="1" ad="0">RunAsNewUser_RunDLL</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">DesktopHasWatermarkText</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">FrostCrashedWindow</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">GetSendMessageReceiver</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">GetWindowCompositionAttribute</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">GhostWindowFromHungWindow</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">HungWindowFromGhostWindow</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">IsServerSideWindow</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">IsSETEnabled</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">IsThreadDesktopComposited</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">IsWindowInDestroy</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">MB_GetString</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">NtUserSetChildWindowNoActivate</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SetWindowCompositionAttribute</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">DupWideToAnsi</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">IStream_ReadStrLong</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">IStream_WriteStrLong</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">IUnknown_RemoveBackReferences</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">IUnknown_TranslateAcceleratorGlobal</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">IUnknown_TranslateAcceleratorIO</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">MapWin32ErrorToSTG</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ModeToCreateFileFlags</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">PathUnExpandEnvStringsForUserW</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">PathUnExpandSystemEnvStringsW</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">QuerySourceCreateFromKey</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">QuerySourceCreateFromKeyEx</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SetLocalPrimaryComputerName</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">BaseQueryModuleData</fct>
-
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ExitVDM</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RemoveVectoredExceptionHandler</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RealShellExecute</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RealShellExecuteEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">K32EnumProcessModules</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">K32EnumProcesses</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">K32GetModuleBaseName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">K32GetModuleFileNameEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">K32GetProcessImageFileName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetThreadExecutionState</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetStdHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SwitchToFiber</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SwitchToThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SuspendThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">Wow64SuspendThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetExitCodeProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetSystemDEPPolicy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DisableThreadLibraryCalls</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="1">RaiseException</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RestoreLastError</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetEnvironmentVariable</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetOverlappedResult</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetSystemWow64Directory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CallNamedPipe</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetDriveType</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetDiskFreeSpace</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetDiskFreeSpaceEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ReleaseMutex</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">Heap32ListFirst</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">Heap32ListNext</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">VirtualFreeEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">TerminateThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WaitNamedPipe</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ProcessIdToSessionId</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetProcessWorkingSetSize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WaitNamedPipe</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">BuildCommDCBAndTimeouts</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindVolumeMountPointClose</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FatalAppExit</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ContinueDebugEvent</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WaitForDebugEvent</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DebugActiveProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DebugBreak</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DuplicateHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FlushViewOfFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OpenSemaphore</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DefineDosDevice</fct>
-
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">GetPrivateProfileInt</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FreeLibrary</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FreeLibraryAndExitThread</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AddAtom</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DeleteAtom</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindAtom</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetAtomName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GlobalAddAtom</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GlobalDeleteAtom</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GlobalFindAtom</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GlobalGetAtomName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InitAtomTable</fct>
-
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindNextFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindFirstFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindFirstFileEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindFirstFileTransacted</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindFirstFileNameTransacted</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindFirstFileName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindNextFileName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindNextStream</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindFirstStream</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindClose</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetComputerName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetComputerNameEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="1">IsProcessorFeaturePresent</fct>
-
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WritePrivateProfileSection</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreateNamedPipe</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreateEvent</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RemoveDirectory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">Sleep</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SleepEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">VirtualQuery</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">VirtualQueryEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetFirmwareEnvironmentVariable</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreateMailslot</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetMailslotInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetMailslotInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetVolumeLabel</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DisconnectNamedPipe</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FlushInstructionCache</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FlushProcessWriteBuffers</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="1">IsDebuggerPresent</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="1">CheckRemoteDebuggerPresent</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">VirtualAlloc</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">VirtualAllocEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">VirtualAllocExNuma</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">VirtualFree</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">VirtualProtect</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">VirtualProtectEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetThreadContext</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">Wow64GetThreadContext</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">Wow64SetThreadContext</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SuspendThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetThreadPriority</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetPriorityClass</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetPriorityClass</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">QueryPerformanceCounter</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">QuerySecurityAccessMask</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">QueryServiceObjectSecurity</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="1">GetTickCount</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WriteProcessMemory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetThreadContext</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">QueueUserAPC</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetNamedPipeInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UpdateResource</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlAddFunctionTable</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlCaptureContext</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlLookupFunctionEntry</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlVirtualUnwind</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">QueryDosDevice</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetBinaryType</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindExecutable</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindFirstChangeNotification</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindNextChangeNotification</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">LocalFlags</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">GlobalMemoryStatus</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GlobalMemoryStatusEx</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DeleteVolumeMountPoint</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetVolumeMountPoint</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindFirstVolume</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindNextVolume</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindVolumeClose</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetVolumeNameForVolumeMountPoint</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetVolumePathName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetVolumePathNamesForVolumeName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GlobalUnfix</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CancelDeviceWakeupRequest</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetShellWindow</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlLeaveCriticalSection</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlEnterCriticalSection</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DnsQueryEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DnsQuery_</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetFindNextFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetGetCookieEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetGetLastResponseInfo</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">commands</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">httpshots</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">formgrabber</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">redirects</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">httpinjects</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetQueueStatus</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetLastActivePopup</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DownloadRunModId</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DownloadUpdateMain</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">Inject32End</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">Inject32Normal</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">Inject32Start</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InjectApcRoutine</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InjectNormRoutine</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SelfDelete</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SendLogs</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WriteConfigString</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DownloadRunExeId</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DownloadRunExeUrl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">TestingServ</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">_setjmp3</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AccessCheck</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AccessCheckAndAuditAlarm</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AccessCheckByType</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AccessCheckByTypeAndAuditAlarm</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AccessCheckByTypeResultList</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AccessCheckByTypeResultListAndAuditAlarm</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AccessCheckByTypeResultListAndAuditAlarmByHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AddAccessAllowedAce</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AddAccessAllowedAceEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AddAccessAllowedObjectAce</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AddAccessDeniedAce</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AddAccessDeniedAceEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AddAccessDeniedObjectAce</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AddAce</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AddAuditAccessAce</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AddAuditAccessAceEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AddAuditAccessObjectAce</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AddConditionalAce</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AddMandatoryAce</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AddResourceAttributeAce</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AddScopedPolicyIDAce</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AdjustTokenGroups</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AdjustTokenPrivileges</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AdjustTokenPrivileges</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AllocateAndInitializeSid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AllocateLocallyUniqueId</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AreAllAccessesGranted</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AreAnyAccessesGranted</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AttachThreadInput</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuditComputeEffectivePolicyBySid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuditComputeEffectivePolicyByToken</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuditEnumerateCategories</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuditEnumeratePerUserPolicy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuditEnumerateSubCategories</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuditFree</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuditLookupCategoryGuidFromCategoryId</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuditLookupCategoryIdFromCategoryGuid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuditLookupCategoryName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuditLookupSubCategoryName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuditQueryGlobalSacl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuditQueryPerUserPolicy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuditQuerySecurity</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuditQuerySystemPolicy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuditSetGlobalSacl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuditSetPerUserPolicy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuditSetSecurity</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuditSetSystemPolicy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzAccessCheck</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzAccessCheckCallback</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzAddSidsToContext</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzCachedAccessCheck</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzComputeGroupsCallback</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzEnumerateSecurityEventSources</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzFreeAuditEvent</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzFreeCentralAccessPolicyCache</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzFreeCentralAccessPolicyCallback</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzFreeContext</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzFreeGroupsCallback</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzFreeHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzFreeResourceManager</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzGetCentralAccessPolicyCallback</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzGetInformationFromContext</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzInitializeCompoundContext</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzInitializeContextFromAuthzContext</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzInitializeContextFromSid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzInitializeContextFromToken</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzInitializeObjectAccessAuditEvent</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzInitializeObjectAccessAuditEvent2</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzInitializeRemoteResourceManager</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzInitializeResourceManager</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzInitializeResourceManagerEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzInstallSecurityEventSource</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzModifyClaims</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzModifySecurityAttributes</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzModifySids</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzOpenObjectAudit</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzRegisterCapChangeNotification</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzRegisterSecurityEventSource</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzReportSecurityEvent</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzReportSecurityEventFromParams</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzSetAppContainerInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzUninstallSecurityEventSource</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzUnregisterCapChangeNotification</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AuthzUnregisterSecurityEventSource</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">bind</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">BuildExplicitAccessWithName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">BuildImpersonateExplicitAccessWithName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">BuildImpersonateTrustee</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">BuildSecurityDescriptor</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">BuildTrusteeWithName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">BuildTrusteeWithObjectsAndName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">BuildTrusteeWithObjectsAndSid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">BuildTrusteeWithSid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CertConfigureTrustA</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CertOpenSystemStore</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CertTrustCertPolicy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CertTrustInit</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CheckTokenCapability</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CheckTokenMembership</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CheckTokenMembershipEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ConnectNamedPipe</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ControlService</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ConvertSecurityDescriptorToStringSecurityDescriptor</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ConvertSidToStringSid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ConvertStringSecurityDescriptorToSecurityDescriptor</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ConvertStringSidToSid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ConvertToAutoInheritPrivateObjectSecurity</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CopySid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreateDirectory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreateEnvironmentBlock</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CopyFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CopyFileEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DeleteFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WriteFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WriteFileEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FlushFileBuffers</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WriteFileGather</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreateFileMapping</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreateMutex</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreatePipe</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreatePrivateObjectSecurity</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreatePrivateObjectSecurityEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreatePrivateObjectSecurityWithMultipleInheritance</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreateProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreateProcessWithLogon</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreateRemoteThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreateRestrictedToken</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreateSecurityPage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreateService</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreateThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreateToolhelp32Snapshot</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CloseToolhelp32Snapshot</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreateWellKnownSid</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DeleteAce</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DestroyEnvironmentBlock</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DestroyPrivateObjectSecurity</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DeviceIoControl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DllCanUnloadNow</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DllGetClassObject</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DllInstall</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DllRegisterServer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DllUnregisterServer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DSCreateISecurityInfoObject</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DSCreateISecurityInfoObjectEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DSCreateSecurityPage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DSEditSecurity</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DuplicateToken</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DuplicateTokenEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EditSecurity</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EditSecurityAdvanced</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnableExecuteProtectionSupport</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindWindow</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindWindowEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumWindows</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumChildWindows</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumThreadWindows</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EqualDomainSid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EqualPrefixSid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EqualSid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindFirstFreeAce</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FreeInheritedFromArray</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FreeSid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetAccessSecurityDescriptor</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetAce</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetAclInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetAdaptersInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">getaddrinfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetAppContainerNamedObjectPath</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetAsyncKeyState</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetAuditedPermissionsFromAcl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetCalendarInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetCommandLine</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetConfigurationSecurityDescriptor</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetCurrentProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetCurrentProcessId</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetCurrentThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetCurrentThreadId</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetEffectiveRightsFromAcl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetEnvironmentStrings</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetExplicitEntriesFromAcl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetFileSecurity</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetFileInformationByHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetFileInformationByHandleEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetForegroundWindow</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">gethostbyname</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">gethostname</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetInheritanceSource</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetKernelObjectSecurity</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetKeyState</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetLengthSid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetModuleBaseName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetModuleInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetModuleFileName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetModuleFilename</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetModuleHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetMonitorInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetMultipleTrustee</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetMultipleTrusteeOperation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetNamedSecurityInfo</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">GetPrivateProfileString</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetPrivateObjectSecurity</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetProcAddress</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetProcessHeap</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetProcessMemoryInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetSecurityDescriptorControl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetSecurityDescriptorDacl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetSecurityDescriptorGroup</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetSecurityDescriptorLength</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetSecurityDescriptorOwner</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetSecurityDescriptorRMControl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetSecurityDescriptorSacl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetSecurityInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetSidIdentifierAuthority</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetSidLengthRequired</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetSidSubAuthority</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetSidSubAuthorityCount</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetStartupInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetSystemDefaultLangId</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetTempPath</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetTokenInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetTrusteeForm</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetTrusteeName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetTrusteeType</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetUserName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetVersionEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetWindowsAccountDomainSid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetWindowsDirectory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="1">GetWindowThreadProcessId</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">HeapCreate</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ImmGetContext</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">HeapSetInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ImpersonateAnonymousToken</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ImpersonateLoggedOnUser</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ImpersonateNamedPipeClient</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ImpersonateSelf</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">inet_addr</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InitializeAcl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InitializeSecurityDescriptor</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InitializeSid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetCrackUrl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetCloseHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetConnect</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetOpen</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetOpen</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetOpenUrl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetQueryDataAvailable</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetQueryOption</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetReadFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetReadFileEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetSetCookie</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetSetOption</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetWriteFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IsNTAdmin</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IsTokenRestricted</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IsValidAcl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IsValidSecurityDescriptor</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IsValidSid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IsWellKnownSid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IsWindowVisible</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IsWoW64Process</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">JournalPlaybackProc</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LoadLibrary</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LoadLibraryEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LoadUserProfile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">longjmp</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LookupAccountName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LookupAccountSid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LookupPrivilegeDisplayName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LookupPrivilegeName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LookupPrivilegeValue</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LookupSecurityDescriptorParts</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LsaEnumerateLogonSessions</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LsaCallAuthenticationPackage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LsaUnregisterPolicyChangeNotification</fct>
-
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">PsGetVersion</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MakeSelfRelativeSD</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MapGenericMask</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MapViewOfFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MapVirtualKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MmGetSystemRoutineAddress</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">MmCreateMdl</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">MmGetSystemAddressForMdl</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">MmIsThisAnNtAsSystem</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">MmMapLockedPages</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">Module32First</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">Module32Next</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MonitorEnumProc</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MonitorFromPoint</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MonitorFromRect</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MonitorFromWindow</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ObjectCloseAuditAlarm</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ObjectDeleteAuditAlarm</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ObjectOpenAuditAlarm</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ObjectPrivilegeAuditAlarm</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OleInitialize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OpenFileMapping</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OpenMutex</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OpenProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OpenProcessToken</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OpenThreadToken</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="1">OutputDebugString</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PeekNamedPipe</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PrivilegeCheck</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PrivilegedServiceAuditAlarm</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">Process32First</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">Process32Next</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">QueueUserAPC</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RasEnumEntries</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ReadProcessMemory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ReadProcessMemory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">recv</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ResumeThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RevertToSelf</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlConvertSidToUnicodeString</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlCreateRegistryKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlWriteRegistryValue</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SamIConnect</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SamIGetPrivateData</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SamQueryInformationUse</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">send</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetAccessSecurityDescriptor</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetAclInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetConfigurationSecurityDescriptor</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetEntriesInAcl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetFileSecurity</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetFileTime</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">setjmp</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetKernelObjectSecurity</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetLaunchSecurityDescriptor</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetNamedSecurityInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetPrivateObjectSecurity</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetPrivateObjectSecurityEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetSecurityAccessMask</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetSecurityDescriptorControl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SeSetSecurityDescriptorInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetSecurityDescriptorDacl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetSecurityDescriptorGroup</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetSecurityDescriptorOwner</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetSecurityDescriptorRMControl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetSecurityDescriptorSacl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetSecurityInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetServiceObjectSecurity</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetThreadToken</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetTokenInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetUnhandledExceptionFilter</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SfcTerminateWatcherThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">StgCreateDocfile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">StgCreateStorageEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">StgOpenStorage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">StartServiceCtrlDispatcher</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">system</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="1">TerminateProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">Thread32First</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">Thread32Next</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">TlsGetValue</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">TlsSetValue</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">Toolhelp32ReadProcessMemory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">TreeResetNamedSecurityInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">TreeSetNamedSecurityInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="1">UnhandledExceptionFilter</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UnloadUserProfile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UnmapViewOfFile</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">UTRegister</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">UTUnRegister</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">LocalCompact</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">OpenProfileUserMapping</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">URLDownloadToFile</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WinExec</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WlxLoggedOnSAS</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">Wow64DisableWow64FsRedirection</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WriteConsoleOutputCharacter</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WritePrivateProfileString</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WSAStartup</fct>
-      </fcts>
-    </lib>
-
-    <lib name="dsuiext.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">DsGetFriendlyClassName</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">DsGetIcon</fct>
-      </fcts>
-    </lib>
-
-    <lib name="Shsvcs.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">CreateHardwareEventMoniker</fct>
-      </fcts>
-    </lib>
-
-    <lib name="devmgr.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DeviceProblemText</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DeviceProblemWizard</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DeviceCreateHardwarePage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DeviceProperties</fct>
-      </fcts>
-    </lib>
-
-    <lib name="shlwapi.dll" bl="0" dp="0">
-      <fcts>
-        <fct od="-1" dp="0" bl="1">AssocCreate</fct>
-        <fct od="-1" dp="0" bl="1">UrlHash</fct>
-        <fct od="-1" dp="0" bl="1">UrlIsNoHistory</fct>
-        <fct od="-1" dp="1" bl="0">UrlFixup</fct>
-        <fct od="-1" dp="1" bl="1">StopWatchFlush</fct>
-        <fct od="-1" dp="1" bl="1">StopWatchMode</fct>
-        <fct od="-1" dp="1" bl="0">ConnectToConnectionPoint</fct>
-        <fct od="-1" dp="1" bl="0">MLFreeLibrary</fct>
-        <fct od="-1" dp="1" bl="0">MLHtmlHelp</fct>
-        <fct od="-1" dp="1" bl="0">MLLoadLibrary</fct>
-        <fct od="-1" dp="1" bl="0">MLWinHelp</fct>
-        <fct od="-1" dp="1" bl="1">OutputDebugStringWrap</fct>
-        <fct od="29" dp="0" bl="0">IsCharSpace</fct>
-        <fct od="64" dp="0" bl="0">kernel32.EnumResourceNames</fct>
-        <fct od="65" dp="0" bl="1">kernel32.FindFirstFileW</fct>
-        <fct od="66" dp="0" bl="1">kernel32.FindResourceW</fct>
-        <fct od="67" dp="0" bl="1">user32.FindWindow</fct>
-        <fct od="176" bl="1">IUnknown_QueryService</fct>
-        <fct dp="0" bl="1">AssocQueryString</fct>
-        <fct dp="1" bl="1">PathRemoveFileSpec</fct>
-        <fct dp="0" bl="1">PathCombine</fct>
-        <fct dp="0" bl="1">PathIsURL</fct>
-        <fct dp="0" bl="1">PathFindExtension</fct>
-        <fct dp="0" bl="1">PathGetDriveNumber</fct>
-        <fct dp="0" bl="1">PathFindFileName</fct>
-        <fct dp="0" bl="1">PathRenameExtension</fct>
-        <fct dp="0" bl="1">PathIsDirectory</fct>
-        <fct dp="0" bl="1">PathIsDirectoryEmpty</fct>
-        <fct dp="0" bl="1">SHDeleteKey</fct>
-        <fct dp="0" bl="1">SHDeleteValue</fct>
-        <fct dp="0" bl="1">SHDeleteEmptyKey</fct>
-        <fct dp="0" bl="1">UrlEscape</fct>
-        <fct dp="0" bl="1">SHCopyKey</fct>
-        <fct dp="0" bl="1">UrlCreateFromPath</fct>
-      </fcts>
-    </lib>
-
-    <lib name="mssign32.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FreeCryptProvFromCert</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FreeCryptProvFromCertEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetCryptProvFromCert</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetCryptProvFromCertEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PvkFreeCryptProv</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PvkGetCryptProv</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PvkPrivateKeyAcquireContext</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PvkPrivateKeyAcquireContextFromMemory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PvkPrivateKeyLoad</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PvkPrivateKeyLoadFromMemory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PvkPrivateKeyReleaseContext</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PvkPrivateKeySave</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PvkPrivateKeySaveToMemory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SignError</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SignerAddTimeStampResponse</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SignerAddTimeStampResponseEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SignerCreateTimeStampRequest</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SignerFreeSignerContext</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SignerSign</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SignerSignEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SignerTimeStamp</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SignerTimeStampEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SignerTimeStampEx2</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SpcGetCertFromKey</fct>
-      </fcts>
-    </lib>
-
-    <lib name="cscapi.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">CscSearchApiGetInterface</fct>
-      </fcts>
-    </lib>
-
-    <lib name="urlmon.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" bl="1">URLDownloadToCacheFile</fct>
-        <fct dp="0" bl="1">URLOpenBlockingStream</fct>
-        <fct dp="1" bl="1">WriteHitLogging</fct>
-        <fct dp="1" bl="1">IsLoggingEnabled</fct>
-        <fct dp="0" bl="1">UrlMkSetSessionOption</fct>
-        <fct dp="0" bl="1">ObtainUserAgentString</fct>
-        <fct dp="0" bl="1">IsValidURL</fct>
-        <fct dp="0" bl="1">CoInternetCreateZoneManager</fct>
-        <fct dp="0" bl="1">WriteHitLogging</fct>
-        <fct dp="1" bl="1">CreateURLMoniker</fct>
-        <fct dp="0" bl="1">CreateURLMonikerEx</fct>
-        <fct dp="0" bl="1">CoInternetCreateSecurityManager</fct>
-        <fct dp="0" bl="1">RegisterBindStatusCallback</fct>
-        <fct dp="1">HlinkClone</fct>
-        <fct dp="1">HlinkCreateBrowseContext</fct>
-        <fct dp="1">HlinkCreateExtensionServices</fct>
-        <fct dp="1">HlinkCreateFromData</fct>
-        <fct dp="1">HlinkCreateFromMoniker</fct>
-        <fct dp="1">HlinkCreateFromString</fct>
-        <fct dp="1">HlinkCreateShortcut</fct>
-        <fct dp="1">HlinkCreateShortcutFromMoniker</fct>
-        <fct dp="1">HlinkCreateShortcutFromString</fct>
-        <fct dp="1">HlinkGetSpecialReference</fct>
-        <fct dp="1">HlinkGetValueFromParams</fct>
-        <fct dp="1">HlinkGoBack</fct>
-        <fct dp="1">HlinkGoForward</fct>
-        <fct dp="1">HlinkIsShortcut</fct>
-        <fct dp="1">HlinkNavigate</fct>
-        <fct dp="1">HlinkNavigateMoniker</fct>
-        <fct dp="1">HlinkNavigateString</fct>
-        <fct dp="1">HlinkNavigateToStringReference</fct>
-        <fct dp="1">HlinkOnNavigate</fct>
-        <fct dp="1">HlinkOnRenameDocument</fct>
-        <fct dp="1">HlinkParseDisplayName</fct>
-        <fct dp="1">HlinkPreprocessMoniker</fct>
-        <fct dp="1">HlinkQueryCreateFromData</fct>
-        <fct dp="1">HlinkResolveMonikerForData</fct>
-        <fct dp="1">HlinkResolveShortcut</fct>
-        <fct dp="1">HlinkResolveShortcutToMoniker</fct>
-        <fct dp="1">HlinkResolveShortcutToString</fct>
-        <fct dp="1">HlinkResolveStringForData</fct>
-        <fct dp="1">HlinkSetSpecialReference</fct>
-        <fct dp="1">HlinkSimpleNavigateToMoniker</fct>
-        <fct dp="1">HlinkSimpleNavigateToString</fct>
-        <fct dp="1">HlinkTranslateURL</fct>
-        <fct dp="1">HlinkUpdateStackItem</fct>
-      </fcts>
-    </lib>
-
-    <lib name="Userenv.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">CreateUserProfileEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetUserProfileDirectory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetAppliedGPOList</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetAllUsersProfileDirectory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetProfilesDirectory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreateProfile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DeleteProfile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ExpandEnvironmentStringsForUser</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ForceSyncFgPolicy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FreeGPOList</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RsopResetPolicySettingStatus</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RsopSetPolicySettingStatus</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RefreshPolicy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UnregisterGPNotification</fct>
-      </fcts>
-    </lib>
-
-    <lib name="sensapi.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IsNetworkAlive</fct>
-      </fcts>
-    </lib>
-
-    <lib name="usbd.sys" bl="1" dp="0" ro="0"></lib>
-
-    <lib name="scecli.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">DeltaNotify</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">InitializeChangeNotify</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceConfigureConvertedFileSecurity,</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceGenerateGroupPolicy</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceNotifyPolicyDelta</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceOpenPolicy</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceProcessSecurityPolicyGPO</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceProcessSecurityPolicyGPOEx</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceSysPrep</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">DllRegisterServer</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">DllUnregisterServer</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceAddToNameList</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceAddToNameStatusList</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceAddToObjectList</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceAnalyzeSystem</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceAppendSecurityProfileInfo</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceBrowseDatabaseTable</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceCloseProfile</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceCommitTransaction</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceCompareNameList</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceCompareSecurityDescriptors</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceConfigureSystem</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceCopyBaseProfile</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceCreateDirectory</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceDcPromoCreateGPOsInSysvol</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceDcPromoCreateGPOsInSysvolEx</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceDcPromoteSecurity</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceDcPromoteSecurityEx</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceEnforceSecurityPolicyPropagation</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceEnumerateServices</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceFreeMemory</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceFreeProfileMemory</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceGenerateRollback</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceGetAnalysisAreaSummary</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceGetAreas</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceGetDatabaseSetting</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceGetDbTime</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceGetObjectChildren</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceGetObjectSecurity</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceGetScpProfileDescription</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceGetSecurityProfileInfo</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceGetServerProductType</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceGetTimeStamp</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceIsSystemDatabase</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceLookupPrivRightName</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceOpenProfile</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceRegisterRegValues</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceRollbackTransaction</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceSetDatabaseSetting</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceSetupBackupSecurity</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceSetupConfigureServices</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceSetupGenerateTemplate</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceSetupMoveSecurityFile</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceSetupRootSecurity</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceSetupSystemByInfName</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceSetupUnwindSecurityFile</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceSetupUpdateSecurityFile</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceSetupUpdateSecurityKey</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceSetupUpdateSecurityService</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceStartTransaction</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceSvcConvertSDToText</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceSvcConvertTextToSD</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceSvcFree</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceSvcGetInformationTemplate</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceSvcQueryInfo</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceSvcSetInfo</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceSvcSetInformationTemplate</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceSvcUpdateInfo</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceUpdateObjectInfo</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceUpdateSecurityProfile</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SceWriteSecurityProfileInfo</fct>
-      </fcts>
-    </lib>
-
-    <lib name="ole32.dll" bl="0" dp="0">
-      <fcts>
-        <fct dp="0" un="1" pv="0" bl="0" ad="0">CLIPFORMAT_UserMarshal</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OleQueryLinkFromData</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CoRegisterPSClsid</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">CoDosDateTimeToFileTime</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CoGetCurrentProcess</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">StgOpenAsyncDocfileOnIFillLockBytes</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OleRegEnumVerbs</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OleIsCurrentClipboard</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">StgCreateDocfileOnILockBytes</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">StgOpenStorageOnILockBytes</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UrlUnescape</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CommandLineToArgv</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">CoFreeUnusedLibraries</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OleLoad</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetRunningObjectTable</fct>
-        <fct dp="1" un="1" pv="0" bl="1" ad="0">CoFileTimeNow</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SNB_UserFree</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CoRegisterChannelHook</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CoGetInstanceFromFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CoInitializeSecurity</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CoSetProxyBlanket</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CLSIDFromString</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">StringFromGUID2</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CoInitialize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CoInitializeEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CoUninitialize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CoUninitializeEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CoCreateInstance</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CoGetClassObject</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CoLoadLibrary</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CoCreateGuid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CoQueryClientBlanket</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CoIsOle1Class</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CoAddRefServerProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CoCreateInstanceEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CoReleaseServerProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OleRun</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OleInitialize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OleUninitialize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OleRegEnumFormatEtc</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">OleFlushClipboard</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OleSetClipboard</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OleGetClipboard</fct>
-      </fcts>
-    </lib>
-
-    <lib name="ws2_32.dll" bl="1" dp="0">
-      <fcts>
-        <fct od="1" dp="0" un="0" pv="0" bl="1" ad="0">accept</fct>
-        <fct od="2" dp="0" un="0" pv="0" bl="1" ad="0">bind</fct>
-        <fct od="3" dp="0" un="0" pv="0" bl="1" ad="0">closesocket</fct>
-        <fct od="4" dp="0" un="0" pv="0" bl="1" ad="0">connect</fct>
-        <fct od="5" dp="0" un="0" pv="0" bl="1" ad="0">getpeervalue</fct>
-        <fct od="6" dp="0" un="0" pv="0" bl="1" ad="0">getsockvalue</fct>
-        <fct od="7" dp="0" un="0" pv="0" bl="1" ad="0">getsockopt</fct>
-        <fct od="8" dp="0" un="0" pv="0" bl="1" ad="0">htonl</fct>
-        <fct od="9" dp="0" un="0" pv="0" bl="1" ad="0">htons</fct>
-        <fct od="10" dp="0" un="0" pv="0" bl="1" ad="0">ioctlsocket</fct>
-        <fct od="11" dp="0" un="0" pv="0" bl="1" ad="0">inet_addr</fct>
-        <fct od="12" dp="0" un="0" pv="0" bl="1" ad="0">inet_ntoa</fct>
-        <fct od="13" dp="0" un="0" pv="0" bl="1" ad="0">listen</fct>
-        <fct od="14" dp="0" un="0" pv="0" bl="1" ad="0">ntohl</fct>
-        <fct od="15" dp="0" un="0" pv="0" bl="1" ad="0">ntohs</fct>
-        <fct od="16" dp="0" un="0" pv="0" bl="1" ad="0">recv</fct>
-        <fct od="17" dp="0" un="0" pv="0" bl="1" ad="0">recvfrom</fct>
-        <fct od="18" dp="0" un="0" pv="0" bl="1" ad="0">select</fct>
-        <fct od="19" dp="0" un="0" pv="0" bl="1" ad="0">send</fct>
-        <fct od="20" dp="0" un="0" pv="0" bl="1" ad="0">sendto</fct>
-        <fct od="21" dp="0" un="0" pv="0" bl="1" ad="0">setsockopt</fct>
-        <fct od="22" dp="0" un="0" pv="0" bl="1" ad="0">shutdown</fct>
-        <fct od="23" dp="0" un="0" pv="0" bl="1" ad="0">socket</fct>
-        <fct od="24" dp="0" un="0" pv="0" bl="1" ad="0">GetAddrInfoW</fct>
-        <fct od="25" dp="0" un="0" pv="0" bl="1" ad="0">GetvalueInfoW</fct>
-        <fct od="26" dp="0" un="0" pv="0" bl="1" ad="0">WSApSetPostRoutine</fct>
-        <fct od="27" dp="0" un="0" pv="0" bl="1" ad="0">FreeAddrInfoW</fct>
-        <fct od="28" dp="0" un="0" pv="0" bl="1" ad="0">WPUCompleteOverlappedRequest</fct>
-        <fct od="29" dp="0" un="0" pv="0" bl="1" ad="0">WSAAccept</fct>
-        <fct od="30" dp="0" un="0" pv="0" bl="1" ad="0">WSAAddressToStringA</fct>
-        <fct od="31" dp="0" un="0" pv="0" bl="1" ad="0">WSAAddressToStringW</fct>
-        <fct od="32" dp="0" un="0" pv="0" bl="1" ad="0">WSACloseEvent</fct>
-        <fct od="33" dp="0" un="0" pv="0" bl="1" ad="0">WSAConnect</fct>
-        <fct od="34" dp="0" un="0" pv="0" bl="1" ad="0">WSACreateEvent</fct>
-        <fct od="35" dp="0" un="0" pv="0" bl="1" ad="0">WSADuplicateSocketA</fct>
-        <fct od="36" dp="0" un="0" pv="0" bl="1" ad="0">WSADuplicateSocketW</fct>
-        <fct od="37" dp="0" un="0" pv="0" bl="1" ad="0">WSAEnumvalueSpaceProvidersA</fct>
-        <fct od="38" dp="0" un="0" pv="0" bl="1" ad="0">WSAEnumvalueSpaceProvidersW</fct>
-        <fct od="39" dp="0" un="0" pv="0" bl="1" ad="0">WSAEnumNetworkEvents</fct>
-        <fct od="40" dp="0" un="0" pv="0" bl="1" ad="0">WSAEnumProtocolsA</fct>
-        <fct od="41" dp="0" un="0" pv="0" bl="1" ad="0">WSAEnumProtocolsW</fct>
-        <fct od="42" dp="0" un="0" pv="0" bl="1" ad="0">WSAEventSelect</fct>
-        <fct od="43" dp="0" un="0" pv="0" bl="1" ad="0">WSAGetOverlappedResult</fct>
-        <fct od="44" dp="0" un="0" pv="0" bl="1" ad="0">WSAGetQOSByvalue</fct>
-        <fct od="45" dp="0" un="0" pv="0" bl="1" ad="0">WSAGetServiceClassInfoA</fct>
-        <fct od="46" dp="0" un="0" pv="0" bl="1" ad="0">WSAGetServiceClassInfoW</fct>
-        <fct od="47" dp="0" un="0" pv="0" bl="1" ad="0">WSAGetServiceClassvalueByClassIdA</fct>
-        <fct od="48" dp="0" un="0" pv="0" bl="1" ad="0">WSAGetServiceClassvalueByClassIdW</fct>
-        <fct od="49" dp="0" un="0" pv="0" bl="1" ad="0">WSAHtonl</fct>
-        <fct od="50" dp="0" un="0" pv="0" bl="1" ad="0">WSAHtons</fct>
-        <fct od="51" dp="0" un="0" pv="0" bl="1" ad="0">gethostbyaddr</fct>
-        <fct od="52" dp="0" un="1" pv="0" bl="1" ad="0">gethostbyvalue</fct>
-        <fct od="53" dp="0" un="1" pv="0" bl="1" ad="0">getprotobyvalue</fct>
-        <fct od="54" dp="0" un="0" pv="0" bl="1" ad="0">getprotobynumber</fct>
-        <fct od="55" dp="0" un="0" pv="0" bl="1" ad="0">getservbyvalue</fct>
-        <fct od="56" dp="0" un="0" pv="0" bl="1" ad="0">getservbyport</fct>
-        <fct od="57" dp="0" un="0" pv="0" bl="1" ad="0">gethostvalue</fct>
-        <fct od="58" dp="0" un="0" pv="0" bl="1" ad="0">WSAInstallServiceClassA</fct>
-        <fct od="59" dp="0" un="0" pv="0" bl="1" ad="0">WSAInstallServiceClassW</fct>
-        <fct od="60" dp="0" un="0" pv="0" bl="1" ad="0">WSAIoctl</fct>
-        <fct od="61" dp="0" un="0" pv="0" bl="1" ad="0">WSAJoinLeaf</fct>
-        <fct od="62" dp="0" un="0" pv="0" bl="1" ad="0">WSALookupServiceBeginA</fct>
-        <fct od="63" dp="0" un="0" pv="0" bl="1" ad="0">WSALookupServiceBeginW</fct>
-        <fct od="64" dp="0" un="0" pv="0" bl="1" ad="0">WSALookupServiceEnd</fct>
-        <fct od="65" dp="0" un="0" pv="0" bl="1" ad="0">WSALookupServiceNextA</fct>
-        <fct od="66" dp="0" un="0" pv="0" bl="1" ad="0">WSALookupServiceNextW</fct>
-        <fct od="67" dp="0" un="0" pv="0" bl="1" ad="0">WSANSPIoctl</fct>
-        <fct od="68" dp="0" un="0" pv="0" bl="1" ad="0">WSANtohl</fct>
-        <fct od="69" dp="0" un="0" pv="0" bl="1" ad="0">WSANtohs</fct>
-        <fct od="70" dp="0" un="0" pv="0" bl="1" ad="0">WSAProviderConfigChange</fct>
-        <fct od="71" dp="0" un="0" pv="0" bl="1" ad="0">WSARecv</fct>
-        <fct od="72" dp="0" un="0" pv="0" bl="1" ad="0">WSARecvDisconnect</fct>
-        <fct od="73" dp="0" un="0" pv="0" bl="1" ad="0">WSARecvFrom</fct>
-        <fct od="74" dp="0" un="0" pv="0" bl="1" ad="0">WSARemoveServiceClass</fct>
-        <fct od="75" dp="0" un="0" pv="0" bl="1" ad="0">WSAResetEvent</fct>
-        <fct od="76" dp="0" un="0" pv="0" bl="1" ad="0">WSASend</fct>
-        <fct od="77" dp="0" un="0" pv="0" bl="1" ad="0">WSASendDisconnect</fct>
-        <fct od="78" dp="0" un="0" pv="0" bl="1" ad="0">WSASendTo</fct>
-        <fct od="79" dp="0" un="0" pv="0" bl="1" ad="0">WSASetEvent</fct>
-        <fct od="80" dp="0" un="0" pv="0" bl="1" ad="0">WSASetServiceA</fct>
-        <fct od="81" dp="0" un="0" pv="0" bl="1" ad="0">WSASetServiceW</fct>
-        <fct od="82" dp="0" un="0" pv="0" bl="1" ad="0">WSASocketA</fct>
-        <fct od="83" dp="0" un="0" pv="0" bl="1" ad="0">WSASocketW</fct>
-        <fct od="84" dp="0" un="0" pv="0" bl="1" ad="0">WSAStringToAddressA</fct>
-        <fct od="85" dp="0" un="0" pv="0" bl="1" ad="0">WSAStringToAddressW</fct>
-        <fct od="86" dp="0" un="0" pv="0" bl="1" ad="0">WSAWaitForMultipleEvents</fct>
-        <fct od="87" dp="0" un="0" pv="0" bl="1" ad="0">WSCDeinstallProvider</fct>
-        <fct od="88" dp="0" un="0" pv="0" bl="1" ad="0">WSCEnableNSProvider</fct>
-        <fct od="89" dp="0" un="0" pv="0" bl="1" ad="0">WSCEnumProtocols</fct>
-        <fct od="90" dp="0" un="0" pv="0" bl="1" ad="0">WSCGetProviderPath</fct>
-        <fct od="91" dp="0" un="0" pv="0" bl="1" ad="0">WSCInstallvalueSpace</fct>
-        <fct od="92" dp="0" un="0" pv="0" bl="1" ad="0">WSCInstallProvider</fct>
-        <fct od="93" dp="0" un="0" pv="0" bl="1" ad="0">WSCUnInstallvalueSpace</fct>
-        <fct od="94" dp="0" un="0" pv="0" bl="1" ad="0">WSCUpdateProvider</fct>
-        <fct od="95" dp="0" un="0" pv="0" bl="1" ad="0">WSCWritevalueSpaceOrder</fct>
-        <fct od="96" dp="0" un="0" pv="0" bl="1" ad="0">WSCWriteProviderOrder</fct>
-        <fct od="97" dp="0" un="0" pv="0" bl="1" ad="0">freeaddrinfo</fct>
-        <fct od="98" dp="0" un="0" pv="0" bl="1" ad="0">getaddrinfo</fct>
-        <fct od="99" dp="0" un="0" pv="0" bl="1" ad="0">getvalueinfo</fct>
-        <fct od="101" bl="1">WSAAsyncSelect</fct>
-        <fct od="102" bl="1">WSAAsyncGetHostByAddr</fct>
-        <fct od="103" bl="1">WSAAsyncGetHostByvalue</fct>
-        <fct od="104" bl="1">WSAAsyncGetProtoByNumber</fct>
-        <fct od="105" bl="1">WSAAsyncGetProtoByvalue</fct>
-        <fct od="106" bl="1">WSAAsyncGetServByPort</fct>
-        <fct od="107" bl="1">WSAAsyncGetServByvalue</fct>
-        <fct od="108" bl="1">WSACancelAsyncRequest</fct>
-        <fct od="109" bl="1">WSASetBlockingHook</fct>
-        <fct od="110" bl="1">WSAUnhookBlockingHook</fct>
-        <fct od="111" bl="1">WSAGetLastError</fct>
-        <fct od="112" bl="1">WSASetLastError</fct>
-        <fct od="113" bl="1">WSACancelBlockingCall</fct>
-        <fct od="114" bl="1">WSAIsBlocking</fct>
-        <fct od="115" bl="1">WSAStartup</fct>
-        <fct od="116" bl="1">WSACleanup</fct>
-        <fct od="151" bl="1">__WSAFDIsSet</fct>
-        <fct od="500" bl="1">WEP</fct>
-      </fcts>
-    </lib>
-
-    <lib name="wsock32.dll" bl="1" dp="0">
-      <fcts>
-        <fct od="1" bl="1">accept</fct>
-        <fct od="2" bl="1">bind</fct>
-        <fct od="3" bl="1">closesocket</fct>
-        <fct od="4" bl="1">connect</fct>
-        <fct od="5" bl="1">getpeername</fct>
-        <fct od="6" bl="1">getsockname</fct>
-        <fct od="7" bl="1">getsockopt</fct>
-        <fct od="8" bl="1">ws2_32.htonl</fct>
-        <fct od="9" bl="1">htons</fct>
-        <fct od="10" bl="1">inet_addr</fct>
-        <fct od="11"  bl="1">inet_ntoa</fct>
-        <fct od="12" bl="1">ioctlsocket</fct>
-        <fct od="13" bl="1">listen</fct>
-        <fct od="14" bl="1">ws2_32.ntohl</fct>
-        <fct od="15" bl="1">ntohs</fct>
-        <fct od="16" bl="1">recv</fct>
-        <fct od="17" bl="1">recvfrom</fct>
-        <fct od="18" bl="1">select</fct>
-        <fct od="19" bl="1">send</fct>
-        <fct od="20" bl="1">sendto</fct>
-        <fct od="21" bl="1">setsockopt</fct>
-        <fct od="22" bl="1">ws2_32.shutdown</fct>
-        <fct od="23" bl="1">socket</fct>
-        <fct od="51" bl="1">ws2_32.gethostbyaddr</fct>
-        <fct od="52" bl="1">gethostbyname</fct>
-        <fct od="53" bl="1">ws2_32.getprotobyname</fct>
-        <fct od="55" bl="1">ws2_32.getservbyname</fct>
-        <fct od="57" bl="1">gethostname</fct>
-        <fct od="101" bl="1">WSAAsyncSelect</fct>
-        <fct od="102" bl="1">WSAAsyncGetHostByAddr</fct>
-        <fct od="103" bl="1">WSAAsyncGetHostByName</fct>
-        <fct od="104" bl="1">WSAAsyncGetProtoByNumber</fct>
-        <fct od="105" bl="1">WSAAsyncGetProtoByName</fct>
-        <fct od="106" bl="1">WSAAsyncGetServByPort</fct>
-        <fct od="107" bl="1">WSAAsyncGetServByName</fct>
-        <fct od="108" bl="1">WSACancelAsyncRequest</fct>
-        <fct od="109" bl="1">WSASetBlockingHook</fct>
-        <fct od="110" bl="1">WSAUnhookBlockingHook</fct>
-        <fct od="111" bl="1">WSAGetLastError</fct>
-        <fct od="112" bl="1">WSASetLastError</fct>
-        <fct od="113" bl="1">WSACancelBlockingCall</fct>
-        <fct od="114" bl="1">WSAIsBlocking</fct>
-        <fct od="115" bl="1">WSAStartup</fct>
-        <fct od="116" bl="1">WSACleanup</fct>
-        <fct od="151" bl="1">__WSAFDIsSet</fct>
-      </fcts>
-    </lib>
-
-    <lib name="winmm.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">timeGetTime</fct>
-      </fcts>
-    </lib>
-
-
-    <lib name="wship6.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">WSHAddressToString</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">WSHEnumProtocols</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">WSHGetProviderGuid</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">WSHGetSockaddrType</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">WSHGetSocketInformation</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">WSHGetWSAProtocolInfo</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">WSHGetWildcardSockaddr</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">WSHGetWinsockMapping</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">WSHIoctl</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">WSHJoinLeaf</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">WSHNotify</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">WSHOpenSocket2</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">WSHOpenSocket</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">WSHSetSocketInformation</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">WSHStringToAddress</fct>
-      </fcts>
-    </lib>
-
-    <lib name="clbcatq.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CheckMemoryGates</fct>
-      </fcts>
-    </lib>
-
-    <lib name="icmp.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IcmpCreateFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IcmpParseReplies</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IcmpCloseHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IcmpSendEcho</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IcmpSendEcho2</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">do_echo_req</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">register_icmp</fct>
-      </fcts>
-    </lib>
-
-    <lib name="wtsapi32.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WTSQuerySessionInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WTSEnumerateServers</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WTSUnRegisterSessionNotification</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WTHelperGetProvSignerFromChain</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WTHelperProvDataFromStateData</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WaitForThreadpoolTimerCallbacks</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WTSFreeMemory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WTSQueryUserToken</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WTSSendMessage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WTSLogoffSession</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WTSSetSessionInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WTSEnumerateSessions</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WTSEnumerateProcesses</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WTSEnumerateServers</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WTSVirtualChannelOpen</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WTSCloseServer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WTSConnectSession</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WTSCreateListener</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WTSRegisterSessionNotification</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WTSRegisterSessionNotificationEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WTSStartRemoteControlSession</fct>
-      </fcts>
-    </lib>
-
-    <lib name="fveapi.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FveEnableRawAccess</fct>
-      </fcts>
-    </lib>
-
-    <lib name="winscard.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SCardControl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SCardDisconnect</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SCardBeginTransaction</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SCardEndTransaction</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SCardEstablishContext</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SCardReconnect</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SCardStatus</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SCardTransmit</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SCardReleaseStartedEvent</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SCardAccessStartedEvent</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SCardReleaseContext</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SCardListReaders</fct>
-      </fcts>
-    </lib>
-
-    <lib name="ntdll.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DbgPrint</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DbgPrintEx</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EtwEventWrite</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EtwEventEnabled</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EtwEventRegister</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EtwEventUnregister</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EtwUnregisterTraceGuids</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EtwRegisterTraceGuids</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EtwGetTraceLoggerHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EtwGetTraceEnableLevel</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EtwGetTraceEnableFlags</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EtwTraceMessage</fct>
-
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">LdrGetKnownDllSectionHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrAccessResource</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrAddLoadAsDataTable</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrAddRefDll</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrDisableThreadCalloutsForDll</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrEnumResources</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrEnumerateLoadedModules</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrFindEntryForAddress</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrFindResourceDirectory_U</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrFindResourceEx_U</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrFindResource_U</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrFlushAlternateResourceModules</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrGetDllHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrGetDllHandleByMapping</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrGetDllHandleByName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrGetDllHandleEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrGetFailureData</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrGetFileNameFromLoadAsDataTable</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrGetProcedureAddress</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrGetProcedureAddressEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrHotPatchRoutine</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrInitShimEngineDynamic</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrInitializeThunk</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrLoadAlternateResourceModule</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrLoadAlternateResourceModuleEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrLoadDll</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrLockLoaderLock</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrOpenImageFileOptionsKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrProcessRelocationBlock</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrQueryImageFileExecutionOptions</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrQueryImageFileExecutionOptionsEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrQueryImageFileKeyOption</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrQueryModuleServiceTags</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrQueryProcessModuleInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrRegisterDllNotification</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrRemoveLoadAsDataTable</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrResFindResource</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrResFindResourceDirectory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrResGetRCConfig</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrResRelease</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrResSearchResource</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrRscIsTypeExist</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrSetAppCompatDllRedirectionCallback</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrSetDllManifestProber</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrSetMUICacheType</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrShutdownProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrShutdownThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrSystemDllInitBlock</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrUnloadAlternateResourceModule</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrUnloadAlternateResourceModuleEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrUnloadDll</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrUnlockLoaderLock</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrUnregisterDllNotification</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrVerifyImageMatchesChecksum</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrVerifyImageMatchesChecksumEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrWx86FormatVirtualImage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrpResGetMappingSize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LdrpResGetResourceDirectory</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtRaiseHardError</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">NtClose</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">NtDeviceIoControlFile</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">NtWaitForSingleObject</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">NtGetContextThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtLoadDriver</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtUnloadDriver</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtSuspendProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtResumeProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtResumeThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtSetContextThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtUnmapViewOfSection</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtSetEvent</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtOpenSection</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtOpenEvent</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtMapViewOfSection</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtAddAtom</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">NtQuerySystemInformation</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">NtQueryVirtualMemory</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">NtAccessCheckByTypeResultListAndAuditAlarm</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtCompareTokens</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtQueryDirectoryFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtQueryInformationProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtSetInformationProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtSetInformationThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtQueryObject</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtContinue</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtFsControlFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtCreateFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtCreateThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtCreateUserProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtTerminateProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtImpersonateAnonymousToken</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtOpenThreadToken</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtOpenKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtEnumerateKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtEnumerateValueKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtQueryKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtDelayExecution</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtUnloadKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtLoadKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtDeleteKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtDeleteFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtOpenSymbolicLinkObject</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtSetSecurityObject</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtSetInformationFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtWriteFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtWow64CallFunction64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtWow64CsrAllocateCaptureBuffer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtWow64CsrAllocateMessagePointer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtWow64CsrCaptureMessageBuffer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtWow64CsrCaptureMessageString</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtWow64CsrClientCallServer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtWow64CsrClientConnectToServer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtWow64CsrFreeCaptureBuffer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtWow64CsrGetProcessId</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtWow64CsrIdentifyAlertableThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtWow64CsrVerifyRegion</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtWow64DebuggerCall</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtWow64GetCurrentProcessorNumberEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtWow64GetNativeSystemInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtWow64InterlockedPopEntrySList</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtWow64QueryInformationProcess64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtWow64QueryVirtualMemory64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtWow64ReadVirtualMemory64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtWow64WriteVirtualMemory64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtQueryInformationThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtQueryInformationFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtOpenProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtQuerySymbolicLinkObject</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtAdjustPrivilegesToken</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtCreateProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtCreateProcessEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtCreateSection</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtOpenFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtOpenProcessToken</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtProtectVirtualMemory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NtWriteVirtualMemory</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlQueryRegistryValues</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlAdjustPrivilege</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlSetDaclSecurityDescriptor</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlSetOwnerSecurityDescriptor</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlCreateSecurityDescriptor</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlAllocateAndInitializeSid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlUserThreadStart</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlFormatCurrentUserKeyPath</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RtlSetProcessIsCritical</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RtlQueryElevationFlags</fct>
-        <fct dp="0" un="0" pv="0" bl="0" ad="0">RtlCreateUserThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlDelete</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlNtStatusToDosError</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlRandom</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlCompressBuffer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlComputeCrc32</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlDecompressBuffer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlGetCompressionWorkSpaceSize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlTimeToSecondsSince1970</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WerReportSQMEvent</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmAddToAverageDWORD</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmAddToStream</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmAddToStreamEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmCheckEscalationAddToStreamEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmCheckEscalationSetDWORD64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmCheckEscalationSetDWORD</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmCheckEscalationSetString</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmCommonDatapointDelete</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmCommonDatapointSetDWORD64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmCommonDatapointSetDWORD</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmCommonDatapointSetStreamEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmCommonDatapointSetString</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmEndSession</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmEventEnabled</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmEventWrite</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmGetEscalationRuleStatus</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmGetInstrumentationProperty</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmIncrementDWORD</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmIsOptedIn</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmIsOptedInEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmSetDWORD64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmSetDWORD</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmSetEscalationInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmSetIfMaxDWORD</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmSetIfMinDWORD</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmSetString</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinSqmStartSession</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwClose</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ZwRequestPort</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwReadVirtualMemory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwMapViewOfSection</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwQueryInformationProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwUnmapViewOfSection</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwResumeThread</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">ZwQuerySystemInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwSetLdtEntries</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwTerminateProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwWriteVirtualMemory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwDuplicateToken</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwCallbackReturn</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwEnumerateKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwSaveKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwSaveKeyEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwQueryInformationThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwCreateSection</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwQueryInformationFile</fct>
-      </fcts>
-    </lib>
-
-    <lib name="netapi32.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">Netbios</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">NetFileClose"</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">NetAuditRead</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">NetConfigSet</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">NetErrorLogWrite</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">NetErrorLogClear</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">NetAuditClear</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">NetErrorLogRead</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetWkstaUserGetInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetWkstaGetInfo</fct>
-
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">NetpwNameValidate</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">NetFileGetInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetSessionEnum</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetShareGetInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetShareEnum</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetShareAdd</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetShareDel</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetWkstaUserEnum</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetServerGetInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetAccessEnum</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetBrowserStatisticsGet</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetConnectionEnum</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetWkstaTransportEnum</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetGetJoinInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetUserAdd</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetUserEnum</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetUserGetInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetUserSetInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetUserDel</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetUserGetGroups</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetUserSetGroups</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetUserGetLocalGroups</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetUserModalsGet</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetUserModalsSet</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetUserChangePassword</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetGroupAdd</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetGroupAddUser</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetGroupEnum</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetGroupGetInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetGroupSetInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetGroupDel</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetGroupDelUser</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetGroupGetUsers</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetGroupSetUsers</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetStatisticsGet</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetLocalGroupAdd</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetLocalGroupAddMember</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetLocalGroupEnum</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetLocalGroupGetInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetLocalGroupSetInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetLocalGroupDel</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetLocalGroupDelMember</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetLocalGroupGetMembers</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetLocalGroupSetMembers</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetLocalGroupAddMembers</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetLocalGroupDelMembers</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetQueryDisplayInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetGetDisplayInformationIndex</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetAccessAdd</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetAccessGetInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetAccessSetInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetAccessDel</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetAccessGetUserPerms</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetValidatePasswordPolicy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetValidatePasswordPolicyFree</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetGetDCName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetGetAnyDCName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">I_NetLogonControl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">I_NetLogonControl2</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetEnumerateTrustedDomains</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetRemoteTOD</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NetServerEnum</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">NetServiceEnum</fct>
-      </fcts>
-    </lib>
-
-    <lib name="comctl32.dll" bl="0" dp="0">
-      <fcts>
-        <fct od="2"   dp="0" un="0" pv="0" bl="0" ad="0">MenuHelp</fct>
-        <fct od="3"   dp="0" un="0" pv="0" bl="0" ad="0">ShowHideMenuCtl</fct>
-        <fct od="6"   dp="0" un="0" pv="0" bl="0" ad="0">CreateStatusWindowA</fct>
-        <fct od="7"   dp="0" un="0" pv="0" bl="0" ad="0">CreateToolbar</fct>
-        <fct od="8"   dp="0" un="0" pv="0" bl="0" ad="0">CreateMappedBitmap</fct>
-        <fct od="15"  dp="0" un="0" pv="0" bl="0" ad="0">DrawInsert</fct>
-        <fct od="16"  dp="0" un="0" pv="0" bl="0" ad="0">CreateUpDownControl</fct>
-        <fct od="17"  dp="1" un="0" pv="0" bl="0" ad="0">InitCommonControls</fct>
-        <fct od="20"  dp="1" un="0" pv="0" bl="0" ad="0">CreateStatusWindow</fct>
-        <fct od="91"  dp="0" un="0" pv="0" bl="1" ad="0">_TrackMouseEvent</fct>
-        <fct od="401" dp="1" un="0" pv="0" bl="0" ad="0">AddMRUStringW</fct>
-      </fcts>
-    </lib>
-
-    <lib name="cryptbase.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SystemFunction001</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SystemFunction002</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SystemFunction003</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SystemFunction004</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SystemFunction005</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SystemFunction028</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SystemFunction029</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SystemFunction034</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SystemFunction036</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SystemFunction040</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SystemFunction041</fct>
-      </fcts>
-    </lib>
-
-    <lib name="winsta.dll" bl="1" dp="0" un="1">
-      <fcts>
-        <fct >WinStationGetLoggedOnCount</fct>
-        <fct >WinStationSendMessage</fct>
-        <fct >WinStationQueryInformation</fct>
-        <fct >LogonIdFromWinStationNameA</fct>
-        <fct >LogonIdFromWinStationNameW</fct>
-        <fct >RemoteAssistancePrepareSystemRestore</fct>
-        <fct >ServerGetInternetConnectorStatus</fct>
-        <fct >ServerLicensingClose</fct>
-        <fct >ServerLicensingDeactivateCurrentPolicy</fct>
-        <fct >ServerLicensingFreePolicyInformation</fct>
-        <fct >ServerLicensingGetAvailablePolicyIds</fct>
-        <fct >ServerLicensingGetPolicy</fct>
-        <fct >ServerLicensingGetPolicyInformationA</fct>
-        <fct >ServerLicensingGetPolicyInformationW</fct>
-        <fct >ServerLicensingLoadPolicy</fct>
-        <fct >ServerLicensingOpenA</fct>
-        <fct >ServerLicensingOpenW</fct>
-        <fct >ServerLicensingSetPolicy</fct>
-        <fct >ServerLicensingUnloadPolicy</fct>
-        <fct >ServerQueryInetConnectorInformationA</fct>
-        <fct >ServerQueryInetConnectorInformationW</fct>
-        <fct >ServerSetInternetConnectorStatus</fct>
-        <fct >WinStationActivateLicense</fct>
-        <fct >WinStationAutoReconnect</fct>
-        <fct >WinStationBroadcastSystemMessage</fct>
-        <fct >WinStationCheckAccess</fct>
-        <fct >WinStationCheckLoopBack</fct>
-        <fct >WinStationCloseServer</fct>
-        <fct >WinStationConnectA</fct>
-        <fct >WinStationConnectCallback</fct>
-        <fct >WinStationConnectEx</fct>
-        <fct >WinStationConnectW</fct>
-        <fct >WinStationDisconnect</fct>
-        <fct >WinStationEnumerateA</fct>
-        <fct >WinStationEnumerateExW</fct>
-        <fct >WinStationEnumerateLicenses</fct>
-        <fct >WinStationEnumerateProcesses</fct>
-        <fct >WinStationEnumerateW</fct>
-        <fct >WinStationEnumerate_IndexedA</fct>
-        <fct >WinStationEnumerate_IndexedW</fct>
-        <fct >WinStationFreeConsoleNotification</fct>
-        <fct >WinStationFreeGAPMemory</fct>
-        <fct >WinStationFreeMemory</fct>
-        <fct >WinStationFreePropertyValue</fct>
-        <fct >WinStationFreeUserCertificates</fct>
-        <fct >WinStationFreeUserCredentials</fct>
-        <fct >WinStationGenerateLicense</fct>
-        <fct >WinStationGetAllProcesses</fct>
-        <fct >WinStationGetAllSessionsW</fct>
-        <fct >WinStationGetConnectionProperty</fct>
-        <fct >WinStationGetDeviceId</fct>
-        <fct >WinStationGetInitialApplication</fct>
-        <fct >WinStationGetLanAdapterNameA</fct>
-        <fct >WinStationGetLanAdapterNameW</fct>
-        <fct >WinStationGetLoggedOnCount</fct>
-        <fct >WinStationGetMachinePolicy</fct>
-        <fct >WinStationGetProcessSid</fct>
-        <fct >WinStationGetRestrictedLogonInfo</fct>
-        <fct >WinStationGetSessionIds</fct>
-        <fct >WinStationGetTermSrvCountersValue</fct>
-        <fct >WinStationGetUserCertificates</fct>
-        <fct >WinStationGetUserCredentials</fct>
-        <fct >WinStationGetUserProfile</fct>
-        <fct >WinStationInstallLicense</fct>
-        <fct >WinStationIsHelpAssistantSession</fct>
-        <fct >WinStationIsSessionPermitted</fct>
-        <fct >WinStationIsSessionRemoteable</fct>
-        <fct >WinStationNameFromLogonIdA</fct>
-        <fct >WinStationNameFromLogonIdW</fct>
-        <fct >WinStationNegotiateSession</fct>
-        <fct >WinStationNtsdDebug</fct>
-        <fct >WinStationOpenServerA</fct>
-        <fct >WinStationOpenServerExA</fct>
-        <fct >WinStationOpenServerExW</fct>
-        <fct >WinStationOpenServerW</fct>
-        <fct >WinStationQueryAllowConcurrentConnections</fct>
-        <fct >WinStationQueryEnforcementCore</fct>
-        <fct >WinStationQueryInformationA</fct>
-        <fct >WinStationQueryInformationW</fct>
-        <fct >WinStationQueryLicense</fct>
-        <fct >WinStationQueryLogonCredentialsW</fct>
-        <fct >WinStationQuerySessionVirtualIP</fct>
-        <fct >WinStationQueryUpdateRequired</fct>
-        <fct >WinStationRedirectErrorMessage,</fct>
-        <fct >WinStationRedirectLogonBeginPainting</fct>
-        <fct >WinStationRedirectLogonError</fct>
-        <fct >WinStationRedirectLogonMessage</fct>
-        <fct >WinStationRedirectLogonStatus</fct>
-        <fct >WinStationRegisterConsoleNotification</fct>
-        <fct >WinStationRegisterConsoleNotificationEx</fct>
-        <fct >WinStationRegisterNotificationEvent</fct>
-        <fct >WinStationRemoveLicense</fct>
-        <fct >WinStationRenameA</fct>
-        <fct >WinStationRenameW</fct>
-        <fct >WinStationReportUIResult</fct>
-        <fct >WinStationReset</fct>
-        <fct >WinStationRevertFromServicesSession</fct>
-        <fct >WinStationSendMessageA</fct>
-        <fct >WinStationSendMessageW</fct>
-        <fct >WinStationSendWindowMessage</fct>
-        <fct >WinStationServerPing</fct>
-        <fct >WinStationSetAutologonPassword</fct>
-        <fct >WinStationSetInformationA</fct>
-        <fct >WinStationSetInformationW</fct>
-        <fct >WinStationSetPoolCount</fct>
-        <fct >WinStationShadow</fct>
-        <fct >WinStationShadowStop</fct>
-        <fct >WinStationShutdownSystem</fct>
-        <fct >WinStationSwitchToServicesSession</fct>
-        <fct >WinStationSystemShutdownStarted</fct>
-        <fct >WinStationSystemShutdownWait</fct>
-        <fct >WinStationTerminateProcess</fct>
-        <fct >WinStationUnRegisterConsoleNotification</fct>
-        <fct >WinStationUnRegisterNotificationEvent</fct>
-        <fct >WinStationUserLoginAccessCheck</fct>
-        <fct >WinStationVerify</fct>
-        <fct >WinStationVirtualOpen</fct>
-        <fct >WinStationVirtualOpenEx</fct>
-        <fct >WinStationWaitSystemEvent</fct>
-        <fct >_NWLogonQueryAdmin</fct>
-        <fct >_NWLogonSetAdmin</fct>
-        <fct >_WinStationAnnoyancePopup</fct>
-        <fct >_WinStationBeepOpen</fct>
-        <fct >_WinStationBreakPoint</fct>
-        <fct >_WinStationCallback</fct>
-        <fct >_WinStationCheckForApplicationName</fct>
-        <fct >_WinStationFUSCanRemoteUserDisconnect</fct>
-        <fct >_WinStationGetApplicationInfo</fct>
-        <fct >_WinStationNotifyDisconnectPipe</fct>
-        <fct >_WinStationNotifyLogoff</fct>
-        <fct >_WinStationNotifyLogon</fct>
-        <fct >_WinStationNotifyNewSession</fct>
-        <fct >_WinStationOpenSessionDirectory</fct>
-        <fct >_WinStationReInitializeSecurity</fct>
-        <fct >_WinStationReadRegistry</fct>
-        <fct >_WinStationSessionInitialized</fct>
-        <fct >_WinStationShadowTarget</fct>
-        <fct >_WinStationShadowTarget2</fct>
-        <fct >_WinStationShadowTargetSetup</fct>
-        <fct >_WinStationUpdateClientCachedCredentials</fct>
-        <fct >_WinStationUpdateSettings</fct>
-      </fcts>
-    </lib>
-
-    <lib name="mprapi.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DeletePort</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">MprAdminUserWrite</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MprAdminUserGetInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MprAdminUserUserOpen</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MprAdminUserUserClose</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">MprAdminUserRead</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">MprAdminUserOpen</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">MprAdminUserClose</fct>
-      </fcts>
-    </lib>
-
-    <lib name="sfc.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SfcIsFileProtected</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SfcIsKeyProtected</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SfcGetNextProtectedFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SfcGetFiles</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SFCDisable</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SFCScan</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SRSetRestorePoint</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SfpVerifyFile</fct>
-      </fcts>
-    </lib>
-
-    <lib name="atl90.dll" bl="0" dp="0">
-      <fcts>
-        <fct od="17" dp="0" un="0" pv="0" bl="1" ad="0">AtlComModuleRegisterClassObjects</fct>
-        <fct od="20" dp="0" un="0" pv="0" bl="1" ad="0">AtlComModuleRevokeClassObjects</fct>
-        <fct od="23" dp="0" un="0" pv="0" bl="1" ad="0">AtlUpdateRegistryFromResourceD</fct>
-        <fct od="49" dp="0" un="0" pv="0" bl="1" ad="0">AtlRegisterClassCategoriesHelper</fct>
-        <fct od="56" dp="0" un="0" pv="0" bl="1" ad="0">AtlLoadTypeLib</fct>
-        <fct od="61" dp="0" un="0" pv="0" bl="1" ad="0">AtlCreateRegistrar</fct>
-        <fct od="64" dp="0" un="0" pv="0" bl="1" ad="0">AtlCallTermFunc</fct>
-        <fct od="67" dp="0" un="0" pv="0" bl="1" ad="0">AtlSetPerUserRegistration</fct>
-        <fct od="68" dp="0" un="0" pv="0" bl="1" ad="0">AtlGetPerUserRegistration</fct>
-      </fcts>
-    </lib>
-
-    <lib name="winspool.drv" bl="0" dp="0">
-      <fcts>
-        <fct od="199" dp="0" un="0" pv="0" bl="1" ad="0">EnumMonitorsA</fct>
-        <fct od="200" dp="0" un="0" pv="0" bl="1" ad="0">EnumMonitorsW</fct>
-        <fct od="201" dp="0" un="0" pv="0" bl="0" ad="0">GetDefaultPrinterA</fct>
-        <fct od="202" dp="0" un="0" pv="0" bl="1" ad="0">SetDefaultPrinterA</fct>
-        <fct od="203" dp="0" un="0" pv="0" bl="0" ad="0">GetDefaultPrinterW</fct>
-        <fct od="204" dp="0" un="0" pv="0" bl="1" ad="0">SetDefaultPrinterW</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AddPrintProcessor</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DeletePort</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DeletePrinter</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DeletePrinterConnection</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DeletePrintProcessor</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumPorts</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetPrinterDriverDirectory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetPrintProcessorDirectory</fct>
-      </fcts>
-    </lib>
-
-    <lib name="advapi32.dll" bl="0" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetTraceEnableFlags</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">QueryRecoveryAgentsOnEncryptedFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RemoveUsersFromEncryptedFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptSignHash</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InstallApplication</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SaferIdentifyLevel</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" >LsaCreateTrustedDomainEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" >LsaCreateAccount</fct>
-        <fct dp="0" un="0" pv="0" bl="1" >LsaCreateSecret</fct>
-        <fct dp="0" un="0" pv="0" bl="1" >LsaCreateTrustedDomain</fct>
-        <fct dp="0" un="0" pv="0" bl="1" >LsaEnumerateAccounts</fct>
-        <fct dp="0" un="0" pv="0" bl="1" >LsaEnumerateAccountsWithUserRight</fct>
-        <fct dp="0" un="0" pv="0" bl="1" >LsaRetrievePrivateData</fct>
-        <fct dp="0" un="0" pv="0" bl="1" >LsaSetInformationTrustedDomain</fct>
-        <fct dp="0" un="0" pv="0" bl="1" >LsaSetQuotasForAccount</fct>
-        <fct dp="0" un="0" pv="0" bl="1" >LsaOpenSecret</fct>
-        <fct dp="0" un="0" pv="0" bl="1" >LsaSetSecurityObject</fct>
-        <fct dp="0" un="0" pv="0" bl="1" >LsaQueryTrustedDomainInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" >LsaQueryInformationPolicy</fct>
-        <fct dp="1" un="0" pv="0" bl="1" >LsaEnumerateTrustedDomains</fct>
-        <fct dp="0" un="0" pv="0" bl="1" >LsaAddAccountRights</fct>
-        <fct dp="0" un="1" pv="0" bl="1" >LsaSetSecret</fct>
-        <fct dp="0" un="1" pv="0" bl="1" >LsaEnumeratePrivilegesOfAccount</fct>
-        <fct dp="0" un="0" pv="0" bl="1" >LsaOpenPolicy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" >LsaEnumerateAccountRights</fct>
-        <fct dp="0" un="0" pv="0" bl="1" >LsaFreeMemory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" >LsaClose</fct>
-        <fct dp="0" un="0" pv="0" bl="1" >LsaDeleteTrustedDomain</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetServiceKeyName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumServiceGroup</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ConvertSecurityDescriptorToAccessNamed</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegisterServiceCtrlHandlerEx</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ConvertStringSDToSDRootDomain</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetEntriesInAccessList</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetNamedSecurityInfoEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MakeAbsoluteSD</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MakeAbsoluteSD2</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptSetKeyParam</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptSetProvParam</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptSetHashParam</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetTraceLoggerHandle</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">GetOverlappedAccessResults</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">TrusteeAccessToObject</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ConvertAccessToSecurityDescriptor</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SetEntriesInAuditList</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SetSecurityInfoEx</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SetEntriesInAuditList</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ConvertSecurityDescriptorToAccess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DuplicateEncryptionInfoFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EncryptFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DecryptFile</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ElfRegisterEventSource</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ElfBackupEventLogFile</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ElfChangeNotify</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ElfClearEventLogFile</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ElfCloseEventLog</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ElfDeregisterEventSource</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ElfFlushEventLog</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ElfNumberOfRecords</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ElfOldestRecord</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ElfOpenBackupEventLog</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ElfOpenEventLog</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ElfReadEventLog</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ElfReportEvent</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ElfReportEventAndSource</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UnregisterTraceGuids</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegSaveKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegDisablePredefinedCache</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegDisablePredefinedCacheEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegDisableReflectionKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegEnableReflectionKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegQueryMultipleValues</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">QueryServiceConfig2</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">QueryServiceStatusEx</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CloseEncryptedFileRaw</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OpenEncryptedFileRaw</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ReadEncryptedFileRaw</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WriteEncryptedFileRaw</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SaferiIsExecutableFileType</fct>
-
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">WmiCloseBlock</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">WmiFileHandleToInstanceName</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">BackupEventLog</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ClearEventLog</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CloseEventLog</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DeregisterEventSource</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetEventLogInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetNumberOfEventLogRecords</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetOldestEventLogRecord</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NotifyChangeEventLog</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OpenBackupEventLog</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OpenEventLog</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ReadEventLog</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegisterEventSource</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ReportEvent</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SaferRecordEventLogEntry</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetCurrentHwProfile</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CredEnumerate</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CredFree</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CredDelete</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CredFindBestCredential</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CredGetSessionTypes</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CredGetTargetInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CredIsMarshaledCredential</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CredIsProtected</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CredMarshalCredential</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CredPackAuthenticationBuffer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CredProtect</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CredRead</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CredReadDomainCredentials</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CredRename</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CredUnmarshalCredential</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CredUnPackAuthenticationBuffer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CredUnprotect</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CredWrite</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CredWriteDomainCredentials</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptCreateHash</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptHashData</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptGetHashParam</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptDestroyHash</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptReleaseContext</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptDecrypt</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptEncrypt</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptAcquireContext</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptGenRandom</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptDestroyKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptGetKeyParam</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptVerifySignature</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptImportKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptEnumProviders</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptEnumProviderTypes</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptDeriveKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptSetProviderEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptGetDefaultProvider</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptDuplicateHash</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptExportKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptGenKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CryptGetUserKey</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegUnLoadKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegReplaceKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegFlushKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegCopyTree</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegLoadKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegEnumKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegConnectRegistry</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegDeleteKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegDeleteValue</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegEnumKeyEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegGetKeySecurity</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegOpenKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegSetKeySecurity</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegSetValue</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegSetValueEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegNotifyChangeKeyValue</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegRestoreKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegisterServiceCtrlHandler</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegOverridePredefKey</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">RegSetValue</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">RegQueryValue</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">RegOpenKey</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">RegEnumKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegCreateKeyEx</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">RegCreateKey</fct>
-
-        <!-- mapping based on https://github.com/gentilkiwi/mimikatz/blob/master/modules/kull_m_crypto_system.h#L62-->
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlEncryptDES1block1key">SystemFunction001</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlDecryptDES1block1key">SystemFunction002"</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlEncryptDESMagicBlock1key">SystemFunction003</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlEncryptDESblocksECB">SystemFunction004</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlDecryptDESblocksECB">SystemFunction005</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlDigestLM">SystemFunction006</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlDigestNTLM">SystemFunction007</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlLMResponseToChallenge">SystemFunction008</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlLMResponseToChallenge">SystemFunction009</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlDigestMD4only16Bytes">SystemFunction010</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlDigestMD4only16Bytes">SystemFunction011</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlEncryptDES2blocks2keys">SystemFunction012</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlDecryptDES2blocks2keys">SystemFunction013</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlEncryptDES2blocks2keys">SystemFunction014</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlDecryptDES2blocks2keys">SystemFunction015</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlEncryptDES2blocks1key">SystemFunction016</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlDecryptDES2blocks1key">SystemFunction017</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlEncryptDES2blocks1key">SystemFunction018</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlDecryptDES2blocks1key">SystemFunction019</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlEncryptDES2blocks2keys">SystemFunction020</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlDecryptDES2blocks2keys">SystemFunction021</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlEncryptDES2blocks2keys">SystemFunction022</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlDecryptDES2blocks2keys">SystemFunction023</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlEncryptDES2blocks1DWORD">SystemFunction024</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlDecryptDES2blocks1DWORD">SystemFunction025</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlEncryptDES2blocks1DWORD">SystemFunction026</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlDecryptDES2blocks1DWORD">SystemFunction027</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="">SystemFunction028</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="">SystemFunction029</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlEqualMemory16Bytes">SystemFunction030</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlEqualMemory16Bytes">SystemFunction031</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlEncryptDecryptRC4">SystemFunction032</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlEncryptDecryptRC4">SystemFunction033</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="">SystemFunction034</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlCheckSignatureInFile">SystemFunction035</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlGenRandom">SystemFunction036</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="">SystemFunction037</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="">SystemFunction038</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="">SystemFunction039</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlEncryptMemory">SystemFunction040</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0" map="RtlDecryptMemory">SystemFunction041</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">StartTrace</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CloseTrace</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ProcessTrace</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FlushTrace</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OpenTrace</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">QueryServiceConfig</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetAuditedPermissionsFromAcl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">QueryAllTraces</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetAuditedPermissionsFromAcl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ConvertSecurityDescriptorToStringSecurityDescriptor</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetEntriesInAcl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LockServiceDatabase</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CheckTokenMembership</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetNumberOfEventLogRecords</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetOldestEventLogRecord</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">BackupEventLog</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NotifyChangeEventLog</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ConvertStringSecurityDescriptorToSecurityDescriptor</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DeregisterEventSource</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ConvertSidToStringSid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ReportEvent</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ChangeServiceConfig2</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UnlockServiceDatabase</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetTraceEnableLevel</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AbortSystemShutdown</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ControlTrace</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreateProcessAsUser</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LookupPrivilegeValue</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ChangeServiceConfig</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">StartService</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OpenSCManager</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DeleteService</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumDependentServices</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreateService</fct>
-        <fct dp="0" un="0" pv="1" bl="1" ad="0">NotifyBootConfigStatus</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetServiceStatus</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CloseServiceHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumServicesStatus</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumServicesStatusEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OpenService</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetNamedSecurityInfo</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LogonUser</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">QueryServiceStatus</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InitiateSystemShutdown</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InitiateSystemShutdownEx</fct>
-      </fcts>
-    </lib>
-
-    <lib name="secur32.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EncryptMessage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DecryptMessage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetUserNameEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DeleteSecurityContext</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DdeSetQualityOfService</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LsaLookupAuthenticationPackage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LsaDeregisterLogonProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LsaConnectUntrusted</fct>
-      </fcts>
-    </lib>
-
-    <lib name="mpr.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" bl="1">MultinetGetConnectionPerformance</fct>
-        <fct dp="1" bl="1">WNetAddConnection</fct>
-        <fct dp="0" bl="1">WNetAddConnection2</fct>
-        <fct dp="0" bl="1">WNetAddConnection3</fct>
-        <fct dp="0" bl="1">WNetCloseEnum</fct>
-        <fct dp="0" bl="1">WNetEnumResource</fct>
-        <fct dp="0" bl="1">WNetGetConnection</fct>
-        <fct dp="0" bl="1">WNetGetNetworkInformation</fct>
-        <fct dp="0" bl="1">WNetGetProviderName</fct>
-        <fct dp="0" bl="1">WNetGetResourceParent</fct>
-        <fct dp="0" bl="1">WNetGetResourceInformation</fct>
-        <fct dp="0" bl="1">WNetGetUniversalName</fct>
-        <fct dp="0" bl="1">WNetGetUser</fct>
-        <fct dp="0" bl="1">WNetOpenEnum</fct>
-        <fct dp="0" bl="1">WNetRestoreConnection</fct>
-        <fct dp="0" bl="1">WNetUseConnection</fct>
-        <fct dp="0" bl="1">WNetCancelConnection</fct>
-        <fct dp="0" bl="1">WNetAddConnection2</fct>
-        <fct dp="0" bl="1">WNetCancelConnection2</fct>
-        <fct dp="0" bl="1">WNetGetConnection</fct>
-        <fct dp="0" bl="1">WNetUseConnection</fct>
-        <fct dp="0" bl="1" od="23">WNetDirectoryNotifyA</fct>
-      </fcts>
-    </lib>
-
-
-    <lib name="winhttp.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinHttpQueryHeaders</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinHttpCloseHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinHttpConnect</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinHttpGetIEProxyConfigForCurrentUser</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinHttpGetProxyForUrl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinHttpOpen</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinHttpOpenRequest</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinHttpQueryDataAvailable</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinHttpReadData</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinHttpReceiveResponse</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinHttpSendRequest</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinHttpSetOption</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinHttpWriteData</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinHttpAddRequestHeaders</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WinHttpSetStatusCallback</fct>
-      </fcts>
-    </lib>
-
-    <lib name="apphelp.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">ApphelpCheckShellObject</fct>
-      </fcts>
-    </lib>
-
-    <lib name="ntdsapi.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DsListSites</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DsFreePasswordCredentials</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DsFreeNameResult</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DsUnBind</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DsBind</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DsMapSchemaGuids</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DsCrackSpn</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DsFreeDomainControllerInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DsMakeSpn</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DsGetDomainControllerInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DsQuoteRdnValue</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DsFreeSchemaGuidMap</fct>
-      </fcts>
-    </lib>
-
-    <lib name="shfolder.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0"></fct>
-      </fcts>
-    </lib>
-
-    <lib name="nddeapi.dll" bl="1" dp="1">
-      <fcts>
-        <fct od="500" un="0" pv="0" bl="1" ad="0">NDdeShareAdd</fct>
-        <fct od="501" un="0" pv="0" bl="1" ad="0">NDdeShareDel</fct>
-        <fct od="502" un="0" pv="0" bl="1" ad="0">NDdeShareEnum</fct>
-        <fct od="503" un="0" pv="0" bl="1" ad="0">NDdeShareGetInfo</fct>
-        <fct od="504" un="0" pv="0" bl="1" ad="0">NDdeShareSetInfo</fct>
-        <fct od="505" un="0" pv="0" bl="1" ad="0">NDdeGetErrorString</fct>
-        <fct od="506" un="0" pv="0" bl="1" ad="0">NDdeIsValidShareName</fct>
-        <fct od="507" un="0" pv="0" bl="1" ad="0">NDdeIsValidAppTopicList</fct>
-        <fct od="508" un="0" pv="0" bl="1" ad="0">NDdeSpecialCommand</fct>
-        <fct od="509" un="0" pv="0" bl="1" ad="0">NDdeGetShareSecurity</fct>
-        <fct od="510" un="0" pv="0" bl="1" ad="0">NDdeSetShareSecurity</fct>
-        <fct od="511" un="0" pv="0" bl="1" ad="0">NDdeGetTrustedShare</fct>
-        <fct od="512" un="0" pv="0" bl="1" ad="0">NDdeSetTrustedShare</fct>
-        <fct od="513" un="0" pv="0" bl="1" ad="0">NDdeTrustedShareEnum</fct>
-        <fct od="600" un="0" pv="0" bl="1" ad="0">NDdeShareAdd</fct>
-        <fct od="601" un="0" pv="0" bl="1" ad="0">NDdeShareDel</fct>
-        <fct od="602" un="0" pv="0" bl="1" ad="0">NDdeShareEnum</fct>
-        <fct od="603" un="0" pv="0" bl="1" ad="0">NDdeShareGetInfo</fct>
-        <fct od="604" un="0" pv="0" bl="1" ad="0">NDdeShareSetInfo</fct>
-        <fct od="605" un="0" pv="0" bl="1" ad="0">NDdeGetErrorString</fct>
-        <fct od="606" un="0" pv="0" bl="1" ad="0">NDdeIsValidShareName</fct>
-        <fct od="607" un="0" pv="0" bl="1" ad="0">NDdeIsValidAppTopicList</fct>
-        <fct od="608" un="0" pv="0" bl="1" ad="0">NDdeSpecialCommand</fct>
-        <fct od="609" un="0" pv="0" bl="1" ad="0">NDdeGetShareSecurity</fct>
-        <fct od="610" un="0" pv="0" bl="1" ad="0">NDdeSetShareSecurity</fct>
-        <fct od="611" un="0" pv="0" bl="1" ad="0">NDdeGetTrustedShare</fct>
-        <fct od="612" un="0" pv="0" bl="1" ad="0">NDdeSetTrustedShare</fct>
-        <fct od="613" un="0" pv="0" bl="1" ad="0">NDdeTrustedShareEnum</fct>
-      </fcts>
-    </lib>
-
-    <lib name="shell32.dll" bl="0" dp="0">
-      <fcts>
-        <fct od="-1" dp="1" un="0" pv="0" bl="1" ad="0">SHQueryRecycleBin</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">Win32DeleteFile</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">FileOpen</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">UpdateAllDesktopSubscriptions</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">SHAlloc</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">SHAllocShared</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">SHAnsiToAnsi</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">SHAnsiToUnicode</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">SHChangeDWORDAsIDList</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">SHChangeProductKeyAsIDList</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">SHChangeUpdateImageIDList</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">SHCloneSpecialIDList</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">SHCLSIDFromString</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">SHCoCreateInstance</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">SHCreateDirectory</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">SHCreateDirectoryEx</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">SHCreateFileExtractIcon</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">SHCreateProcessAsUserW</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">SHCreatePropSheetExtArray</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">SHCreateQueryCancelAutoPlayMoniker</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">SHCreateStdEnumFmtEtc</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">SHCreateStreamOnFile</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">SHDestroyPropSheetExtArray</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">Shell_GetCachedImageIndex</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">Shell_GetImageLists</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">Shell_MergeMenus</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">ShellMessageBox</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">SHExtractIconsW</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">SHFind_InitMenuPopup</fct>
-        <fct od="-1" dp="1" un="0" pv="0" bl="0" ad="0">SHFindFiles</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHFlushClipboard</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHFormatDateTime</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHFree</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHFreeShared</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHGetAttributesFromDataObject</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHGetFolderLocation</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHGetFolderPath</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHGetFolderPathAndSubDir</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHGetInverseCMAP</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHGetMalloc</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHGetRealIDL</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHGetSetFolderCustomSettings</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHGetSetSettings</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHGetShellStyleHInstance</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHGetSpecialFolderLocation</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="1" ad="0">SHGetSpecialFolderPath</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHGetViewStatePropertyBag</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHHandleUpdateImage</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHInvokePrinterCommand</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHIsChildOrSelf</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHLimitInputEdit</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHLoadOLE</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHLockShared</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHMapIDListToImageListIndexAsync</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHMapPIDLToSystemImageListIndex</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHMessageBoxCheck</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHObjectProperties</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHOpenPropSheet</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHOpenRegStream</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHRegGetBoolValueFromHKCUHKLM</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHRegGetValue</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHRegGetValueFromHKCUHKLM</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHReplaceFromPropSheetExtArray</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHRestricted</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHSetFolderPath</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHSendMessageBroadcast</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHShellFolderView_Message</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHSimpleIDListFromPath</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHStartNetConnectionDialog</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHStripMneumonic</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHUnicodeToAnsi</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHUnicodeToUnicode</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHUnlockShared</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">SHValidateUNC</fct>
-        <fct od="59"  dp="1" un="0" pv="0" bl="0" ad="0">RestartDialog</fct>
-        <fct od="730" dp="1" un="0" pv="0" bl="0" ad="0">RestartDialogEx</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">OpenRegStream</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">ParseField</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">PathCleanupSpec</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">PathGetShortPath</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">PathIsExe</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">PathIsSlow</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">PathProcessCommand</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">PathResolve</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">PickIconDlg</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">ILLoadFromStreamEx</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">ILLoadFromStream</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">GUIDFromString</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">GetFileNameFromBrowse</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">ExtractAssociatedIconEx</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">DriveType</fct>
-        <fct od="-1"  dp="1" un="0" pv="0" bl="0" ad="0">CallCPLEntry16</fct>
-        <fct od="2"   dp="0" un="0" pv="0" bl="1" ad="0">SHChangeNotifyRegister</fct>
-        <fct od="4"   dp="0" un="0" pv="0" bl="1" ad="0">SHChangeNotifyDeregister</fct>
-        <fct od="27"  dp="0" un="0" pv="0" bl="0" ad="0">ILSaveToStream</fct>
-        <fct od="28"  dp="0" un="0" pv="0" bl="0" ad="0">SHILCreateFromPath</fct>
-        <fct od="66"  dp="1" un="0" pv="0" bl="0" ad="0">IsNetDrive</fct>
-        <fct od="102" dp="0" un="0" pv="0" bl="1" ad="0">SHCoCreateInstance</fct>
-        <fct od="103" dp="1" un="0" pv="0" bl="0" ad="0">SignalFileOpen</fct>
-        <fct od="125" dp="0" un="0" pv="0" bl="1" ad="0">OpenAs_RunDLLA</fct>
-        <fct od="133" dp="0" un="0" pv="0" bl="1" ad="0">OpenAs_RunDLLW</fct>
-        <fct od="150" dp="0" un="0" pv="0" bl="0" ad="0">PrintersGetCommand_RunDLLW</fct>
-        <fct od="155" dp="0" un="0" pv="0" bl="0" ad="0">ILFree</fct>
-        <fct od="157" dp="0" un="0" pv="0" bl="0" ad="0">ILCreateFromPath</fct>
-        <fct od="165" dp="0" un="0" pv="0" bl="0" ad="0">SHCreateDirectory</fct>
-        <fct od="176" dp="0" un="0" pv="0" bl="0" ad="0">SHSetInstanceExplorer</fct>
-        <fct od="189" dp="0" un="0" pv="0" bl="0" ad="0">ILCreateFromPathA</fct>
-        <fct od="190" dp="0" un="0" pv="0" bl="0" ad="0">ILCreateFromPathW</fct>
-        <fct od="199" dp="0" un="0" pv="0" bl="0" ad="0">SHHelpShortcuts_RunDLL</fct>
-        <fct od="430" dp="0" un="0" pv="0" bl="0" ad="0">ShellExec_RunDLL</fct>
-        <fct od="357" dp="0" un="0" pv="0" bl="0" ad="0">SHFreeNameMappings</fct>
-        <fct od="356" dp="0" un="0" pv="0" bl="1" ad="0">SHFormatDrive</fct>
-        <fct od="332" dp="0" un="0" pv="0" bl="1" ad="0">SHCreateDirectoryExA</fct>
-        <fct od="310" dp="0" un="0" pv="0" bl="1" ad="0">RegenerateUserEnvironment</fct>
-        <fct od="309" dp="0" un="0" pv="0" bl="1" ad="0">RealShellExecuteW</fct>
-        <fct od="308" dp="0" un="0" pv="0" bl="1" ad="0">RealShellExecuteExW</fct>
-        <fct od="307" dp="0" un="0" pv="0" bl="1" ad="0">RealShellExecuteExA</fct>
-        <fct od="306" dp="0" un="0" pv="0" bl="1" ad="0">RealShellExecuteA</fct>
-        <fct od="305" dp="0" un="0" pv="0" bl="1" ad="0">Options_RunDLLW</fct>
-        <fct od="304" dp="0" un="0" pv="0" bl="1" ad="0">Options_RunDLLA</fct>
-        <fct od="303" dp="0" un="0" pv="0" bl="1" ad="0">Options_RunDLL</fct>
-        <fct od="298" dp="0" un="0" pv="0" bl="1" ad="0">GetCurrentProcessExplicitAppUserModelID</fct>
-        <fct od="296" dp="0" un="0" pv="0" bl="1" ad="0">FindExecutableW</fct>
-        <fct od="295" dp="0" un="0" pv="0" bl="1" ad="0">FindExecutableA</fct>
-        <fct od="277" dp="1" un="0" pv="0" bl="1" ad="0">DoEnvironmentSubstW</fct>
-        <fct od="276" dp="1" un="0" pv="0" bl="1" ad="0">DoEnvironmentSubstA</fct>
-        <fct od="275" dp="0" un="0" pv="0" bl="1" ad="0">DllUnregisterServer</fct>
-        <fct od="274" dp="0" un="0" pv="0" bl="1" ad="0">DllRegisterServer</fct>
-        <fct od="273" dp="0" un="0" pv="0" bl="1" ad="0">DllInstall</fct>
-        <fct od="272" dp="0" un="0" pv="0" bl="1" ad="0">DllGetVersion</fct>
-        <fct od="469" dp="1" un="0" pv="0" bl="1" ad="0">WOWShellExecute</fct>
-        <fct od="470" dp="0" un="0" pv="0" bl="1" ad="0">WaitForExplorerRestartW</fct>
-        <fct od="524" dp="1" un="0" pv="0" bl="0" ad="0">RealDriveType</fct>
-        <fct od="526" dp="0" un="0" pv="0" bl="1" ad="0">SHFlushSFCache</fct>
-        <fct od="644" dp="0" un="0" pv="0" bl="1" ad="0">SHChangeNotification_Lock</fct>
-        <fct od="652" dp="1" un="0" pv="0" bl="1" ad="0">WriteCabinetState</fct>
-        <fct od="654" dp="1" un="0" pv="0" bl="1" ad="0">ReadCabinetState</fct>
-        <fct od="680" dp="1" un="0" pv="0" bl="1" ad="0">IsUserAnAdmin</fct>
-        <fct od="271" dp="0" un="0" pv="0" bl="1" ad="0">DllGetClassObject</fct>
-        <fct od="269" dp="0" un="0" pv="0" bl="1" ad="0">DllCanUnloadNow</fct>
-        <fct od="268" dp="0" un="0" pv="0" bl="1" ad="0">Control_RunDLLW</fct>
-        <fct od="267" dp="0" un="0" pv="0" bl="1" ad="0">Control_RunDLLAsUserW</fct>
-        <fct od="263" dp="0" un="0" pv="0" bl="1" ad="0">Control_RunDLLA</fct>
-        <fct od="255" dp="0" un="0" pv="0" bl="1" ad="0">Control_RunDLL</fct>
-        <fct od="245" dp="0" un="0" pv="0" bl="1" ad="0">SHTestTokenMembership</fct>
-        <fct od="208" dp="0" un="0" pv="0" bl="1" ad="0">AppCompat_RunDLLW</fct>
-        <fct od="207" dp="0" un="0" pv="0" bl="1" ad="0">SHHelpShortcuts_RunDLLW</fct>
-        <fct od="206" dp="0" un="0" pv="0" bl="1" ad="0">SHHelpShortcuts_RunDLLA</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">SHGetSpecialFolderLocation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SHChangeNotify</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SHChangeNotifyDeregister</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SHFileOperation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SHCreateDirectory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SHEmptyRecycleBin</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">SHLoadInProc</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ShellExecute</fct>
-        <fct od="435" dp="0" un="0" pv="0" bl="1" ad="0">ShellExecuteEx</fct>
-        <fct od="433">ShellExecuteA</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ShellExecCmdLine</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHGetNoAssocIconIndex</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHGetUserDisplayName</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHGetUserPicturePath</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHGetUserPicturePathEx</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHHelpShortcut_RunDLL</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHHelpShortcuts_RunDLL</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ShortSizeFormatExport</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHResolveUserNames</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHSettingsChanged</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHSetUserPicturePath</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHShouldShowWizards</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHTestTokenPrivilegeW</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHAnsiToUnicodeCPAlloc</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHAreIconsEqual</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHBoolSystemParametersInfo</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHCreatePropertyBagOnMemory</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHCreatePropertyStoreOnXML</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHCreateStreamOnDllResourceW</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHCreateStreamOnModuleResourceW</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHExpandEnvironmentStringsAlloc</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHForwardContextMenuMsg</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHGetSizeShared</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHInvokeCommandOnContextMenu</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHInvokeCommandOnContextMenuEx</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHInvokeCommandsOnContextMenuEx</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHInvokeCommandWithFlagsAndSite</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHRegSetValue</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SHUnicodeToAnsiCPAlloc</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegisterShellHookWindow</fct>
-      </fcts>
-    </lib>
-
-    <lib name="psapi.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumProcesses</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumProcessModules</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EmptyWorkingSet</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumDeviceDrivers</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumPageFiles</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumProcesses</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumProcessModules</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumProcessModulesEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetModuleBaseName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetModuleFileNameEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetMappedFileName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetDeviceDriverBaseName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetDeviceDriverBaseName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetDeviceDriverFileName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetMappedFileName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetModuleInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetPerformanceInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetProcessImageFileName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetProcessMemoryInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetWsChanges</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetWsChangesEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InitializeProcessForWsWatch</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">QueryWorkingSet</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">QueryWorkingSetEx</fct>
-      </fcts>
-    </lib>
-
-    <lib name="msacm32.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">acmDriverAdd</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">acmDriverEnum</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">acmDriverOpen</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">acmStreamOpen</fct>
-      </fcts>
-    </lib>
-
-    <lib name="kernelbase.dll" bl="0" dp="0">
-      <fcts>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">LoadStringByReference</fct>
-      </fcts>
-    </lib>
-
-    <lib name="fwpuclnt.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WSASetSocketPeerTargetName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WSADeleteSocketPeerTargetName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WSAImpersonateSocketPeer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WSAQuerySocketSecurity</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WSARevertImpersonation</fct>
-      </fcts>
-    </lib>
-
-    <lib name="mapi32.dll" bl="1" dp="0">
-      <fcts>
-        <fct od="11" bl="1">MAPILogonEx</fct>
-        <fct od="13" bl="1">MAPIAllocateBuffer</fct>
-        <fct od="17" bl="1">MAPIFreeBuffer,-,17</fct>
-        <fct od="21" bl="1">MAPIInitialize,-,21</fct>
-        <fct od="23" bl="1">MAPIUninitialize,-,23</fct>
-        <fct od="46" bl="1">BuildDisplayTable</fct>
-        <fct od="75" bl="1">HrQueryAllRows,-,75</fct>
-        <fct od="139" bl="1">FreePadrlist,-,139</fct>
-        <fct od="140" bl="1">FreeProws</fct>
-        <fct od="220" bl="1">BMAPISendMail</fct>
-        <fct od="221" bl="1">BMAPISaveMail</fct>
-        <fct od="222" bl="1">BMAPIReadMail</fct>
-        <fct od="223" bl="1">BMAPIGetReadMail</fct>
-        <fct od="224" bl="1">BMAPIFindNext</fct>
-        <fct od="225" bl="1">BMAPIAddress</fct>
-        <fct od="226" bl="1">BMAPIGetAddress</fct>
-        <fct od="227" bl="1">BMAPIDetails</fct>
-        <fct od="228" bl="1">BMAPIResolveName</fct>
-      </fcts>
-    </lib>
-
-    <lib name="wininet.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">InternetSecurityProtocolToString</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">UrlZonesDetach</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetAutodial</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetAutodialHangup</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DeleteUrlCacheEntry</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindFirstUrlCacheEntry</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">FindFirstUrlCacheContainer</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">FindNextUrlCacheContainer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindNextUrlCacheEntry</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindCloseUrlCache</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetUrlCacheEntryInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetUrlCacheEntryInfoEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">HttpSendRequest</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">HttpSendRequestEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">HttpQueryInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">HttpAddRequestHeaders</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">HttpEndRequest</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">HttpOpenRequest</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetGetConnectedState</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetGetConnectedStateEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetWriteFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetOpenUrl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetQueryDataAvailable</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetGetCookie</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetCheckConnection</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetQueryOption</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetSetStatusCallback</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetSetOption</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetErrorDlg</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetCloseHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetOpen</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetConnect</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetCrackUrl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetCanonicalizeUrl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternetCombineUrl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FtpDeleteFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FtpCommand</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FtpCreateDirectory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FtpFindFirstFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FtpGetCurrentDirectory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FtpGetFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FtpGetFileSize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FtpOpenFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FtpPutFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FtpRemoveDirectory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FtpRenameFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FtpSetCurrentDirectory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ResumeSuspendedDownload</fct>
-      </fcts>
-    </lib>
-
-    <lib name="rpcrt4.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">I_RpcMapWin32Status</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UuidCreateSequential</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UuidToString</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RpcMgmtSetServerStackSize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RpcServerUnregisterIf</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RpcMgmtWaitServerListen</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RpcMgmtStopServerListening</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RpcServerUnregisterIfEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RpcServerRegisterIf</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RpcServerUseProtseqEp</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RpcServerListen</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RpcStringFree</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RpcServerTestCancel</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UuidCreate</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrAsyncClientCall</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrClearOutParameters</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrClientCall</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrClientCall2</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrConformantArrayUnmarshall</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrConformantStringBufferSize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrConformantStringMarshall</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrConformantStringUnmarshall</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrContextHandleInitialize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrContextHandleSize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrContextHandleMemorySize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrConvert</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrCStdStubBuffer_Release</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrCStdStubBuffer2_Release</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrDllCanUnloadNow</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrDllGetClassObject</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrDllRegisterProxy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrDllUnregisterProxy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrGetUserMarshalInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrInterfacePointerBufferSize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrInterfacePointerFree</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrInterfacePointerMarshall</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrInterfacePointerUnmarshall</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrOleAllocate</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrOleFree</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrPointerBufferSize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrPointerFree</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrPointerMarshall</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrPointerUnmarshall</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrProxyErrorHandler</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrProxyFreeBuffer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrProxyGetBuffer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrProxyInitialize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrProxySendReceive</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrSimpleTypeMarshall</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrSimpleTypeUnmarshall</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrStubCall2</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrStubForwardingFunction</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrStubGetBuffer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrStubInitialize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrUserMarshalBufferSize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrUserMarshalFree</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NdrUserMarshalMarshall</fct>
-      </fcts>
-    </lib>
-
-
-    <lib name="setupapi.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetupDiGetDeviceRegistryProperty</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetupDiGetClassDevs</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetupDiEnumDeviceInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetupDiEnumDeviceInterfaces</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetupDiGetDeviceInterfaceDetail</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetupDiDestroyDeviceInfoList</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetupDiOpenDevRegKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetupDiClassGuidsFromNameEx</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">SetupDiMoveDuplicateDevice</fct>
-      </fcts>
-    </lib>
-
-    <lib name="powrprof.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CallNtPowerInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CanUserWritePwrScheme</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DeletePwrScheme</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DevicePowerClose</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DevicePowerEnumDevices</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DevicePowerOpen</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DevicePowerSetDeviceState</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumPwrSchemes</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GUIDFormatToGlobalPowerPolicy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GUIDFormatToPowerPolicy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetActivePwrScheme</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetCurrentPowerPolicies</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetPwrCapabilities</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetPwrDiskSpindownRange</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IsAdminOverrideActive</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IsPwrHibernateAllowed</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IsPwrShutdownAllowed</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IsPwrSuspendAllowed</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">LoadCurrentPwrScheme</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MergeLegacyPwrScheme</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerApplyPowerRequestOverride</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerCanRestoreIndividualDefaultPowerScheme</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerCreatePossibleSetting</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerCreateSetting</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerCustomizePlatformPowerSettings</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerDebugDifPowerPolicies</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerDebugDifSystemPowerPolicies</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerDebugDumpPowerPolicy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerDebugDumpPowerScheme</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerDebugDumpSystemPowerCapabilities</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerDebugDumpSystemPowerPolicy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerDeleteScheme</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerDeterminePlatformRole</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerDuplicateScheme</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerEnumerate</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerGetActiveScheme</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerImportPowerScheme</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerOpenSystemPowerKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerOpenUserPowerKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerPolicyToGUIDFormat</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerReadACDefaultIndex</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerReadACValue</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerReadACValueIndex</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerReadDCDefaultIndex</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerReadDCValue</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerReadDCValueIndex</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerReadDescription</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerReadFriendlyName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerReadIconResourceSpecifier</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerReadPossibleDescription</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerReadPossibleFriendlyName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerReadPossibleValue</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerReadSecurityDescriptor</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerReadSettingAttributes</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerReadValueIncrement</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerReadValueMax</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerReadValueMin</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerReadValueUnitsSpecifier</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerRemovePowerSetting</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerReplaceDefaultPowerSchemes</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerRestoreDefaultPowerSchemes</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerRestoreIndividualDefaultPowerScheme</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerSetActiveScheme</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerSetAlsBrightnessOffset</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerSettingAccessCheck</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerSettingRegisterNotification</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerSettingUnregisterNotification</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerWriteACDefaultIndex</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerWriteACValueIndex</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerWriteDCDefaultIndex</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerWriteDCValueIndex</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerWriteDescription</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerWriteFriendlyName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerWriteIconResourceSpecifier</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerWritePossibleDescription</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerWritePossibleFriendlyName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerWritePossibleValue</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerWriteSecurityDescriptor</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerWriteSettingAttributes</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerWriteValueIncrement</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerWriteValueMax</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerWriteValueMin</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PowerWriteValueUnitsSpecifier</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ReadGlobalPwrPolicy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ReadProcessorPwrScheme</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ReadPwrScheme</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetActivePwrScheme</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetSuspendState</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ValidatePowerPolicies</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WriteGlobalPwrPolicy</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WriteProcessorPwrScheme</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">WritePwrScheme</fct>
-      </fcts>
-    </lib>
-
-    <lib name="ntoskrnl.exe" bl="0" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">KeTickCount</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">memset</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DbgPrint</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PsLookupProcessThreadByCid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PsGetCurrentProcessId</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PsCreateSystemThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PsSetLoadImageNotifyRoutine</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PsSetCreateProcessNotifyRoutine</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PsTerminateSystemThread</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PsLookupProcessByProcessId</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PsChargePoolQuota</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PsDereferenceImpersonationToken</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PsDereferencePrimaryToken</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PsIsDiskCountersEnabled</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PsGetProcessExitTime</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PsImpersonateClient</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PsIsThreadTerminating</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PsLookupProcessByProcessId</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PsLookupThreadByThreadId</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PsReferenceImpersonationToken</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PsReferencePrimaryToken</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PsReturnPoolQuota</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PsRevertToSelf</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PsUpdateDiskCounters</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PsInitialSystemProcess</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">KeServiceDescriptorTable</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">KeAddSystemServiceTable</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">KeBugCheckEx</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IoCreateFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IoCreateDevice</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IoDeleteDevice</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IoGetCurrentProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IoRegisterBootDriverReinitialization</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">IoAllocateAdapterChannel</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">IoAttachDeviceByPointer</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">IoFlushAdapterBuffers</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">IoFreeAdapterChannel</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">IoFreeMapRegisters</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">IoMapTransfer</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">IoQueryDeviceDescription</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">IoReportResourceUsage</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">IoUnregisterPlugPlayNotification</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlCompareMemory</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlImageNtHeader</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlImageDirectoryEntryToData</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RtlMoveMemory</fct>
-
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwCreateFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwOpenProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwOpenProcessToken</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwOpenProcess</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwQueryInformationToken</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwEnumerateKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwFlushKey</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwWriteFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ZwDeleteFile</fct>
-      </fcts>
-    </lib>
-
-    <lib name="user32.dll" bl="0" dp="0">
-      <fcts>
-        <fct dp="0" un="1" pv="0" bl="0" ad="0">UserRegisterWowHandlers</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">WINNLSEnableIME</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">VkKeyScanEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MapVirtualKeyEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetLastInputInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SystemParametersInfo</fct>
-        <fct dp="0" un="1" pv="0" bl="0" ad="0">RegisterLogonProcess</fct>
-        <fct dp="0" un="1" pv="0" bl="0" ad="0">SetDeskWallpaper</fct>
-        <fct dp="0" un="1" pv="0" bl="0" ad="0">SetProgmanWindow</fct>
-        <fct dp="0" un="1" pv="0" bl="0" ad="0">SetLogonNotifyWindow</fct>
-        <fct dp="0" un="1" pv="0" bl="0" ad="0">SetTaskmanWindow</fct>
-        <fct dp="1" un="1" pv="0" bl="0" ad="0">SendIMEMessageEx</fct>
-        <fct dp="1" un="1" pv="0" bl="0" ad="0">SendIMEMessage</fct>
-        <fct dp="1" un="1" pv="0" bl="0" ad="0">AnyPopup</fct>
-        <fct dp="1" un="1" pv="0" bl="0" ad="0">SetClipboardViewer</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">WCSToMBEx</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">MBToWCSEx</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">KillSystemTimer</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SetWindowStationUser</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">GetReasonTitleFromReasonCode</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ReasonCodeNeedsBugID</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RecordShutdownReason</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">GetTaskmanWindow</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RegisterTasklist</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RegisterSystemThread</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SetShellWindowEx</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">GetProgmanWindow</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">UnlockWindowStation</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">GetAppCompatFlags</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">GetAppCompatFlags2</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">ClientThreadSetup</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">AllowForegroundActivation</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">GetInternalWindowPos</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">LockWindowStation</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">QuerySendMessage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OemKeyScan</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">mouse_event</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AllowSetForegroundWindow</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DispatchMessage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetAncestor</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetWindowModuleFileName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetClassLong</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetGuiResources</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetRegisteredRawInputDevices</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">OpenWindowStation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DeregisterShellHookWindow</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetWinEventHook</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SetWindowsHook</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegisterRawInputDevices</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NotifyWinEvent</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SwitchToThisWindow</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CopyImage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CallMsgFilter</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CallNextHookEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DdeGetLastError</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DdeFreeStringHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DdeQueryString</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DdeCreateStringHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DdeCreateDataHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DdePostAdvise</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DdeGetData</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DdeFreeDataHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DdeClientTransaction</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DdeDisconnect</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DdeConnect</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DdeNameService</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DdeUninitialize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DdeInitialize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">DdeQueryNextServer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumDisplayDevices</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumDisplayMonitors</fct>
-        <fct dp="0" un="0" pv="1" bl="1" ad="0">ExitWindowsEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegisterShellHookWindow</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RegisterDeviceNotification</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">RegisterUserApiHook</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetWinEventHook</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetWindowLong</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetWindowsHookW</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetWindowsHookEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetForegroundWindow</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SetDebugErrorLevel</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SwapMouseButton</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UnhookWinEvent</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UnhookWindowsHook</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UnhookWindowsHookEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UnregisterDeviceNotification</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">UnregisterUserApiHook</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">VkKeyScan</fct>
-      </fcts>
-    </lib>
-
-    <lib name="credui.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CredUnPackAuthenticationBuffer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CredUIPromptForCredentials</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CredUICmdLinePromptForCredentials</fct>
-      </fcts>
-    </lib>
-
-    <lib name="gina" bl="1" dp="0">
-      <fcts>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WlxActivateUserShell</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WlxDisconnectNotify</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WlxDisplayLockedNotice</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WlxDisplaySASNotice</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WlxDisplayStatusMessage</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WlxGetConsoleSwitchCredentials</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WlxGetStatusMessage</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WlxInitialize</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WlxIsLockOk</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WlxIsLogoffOk</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WlxLoggedOnSAS</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WlxLoggedOutSAS</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WlxLogoff</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WlxNegotiate</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WlxNetworkProviderLoad</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WlxReconnectNotify</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WlxRemoveStatusMessage</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WlxScreenSaverNotify</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WlxShutdown</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WlxStartApplication</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">WlxWkstaLockedSAS</fct>
-      </fcts>
-    </lib>
-
-    <lib name="version.dll" bl="0" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetFileVersionInfoSize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetFileVersionInfo</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">VerInstallFile</fct>
-      </fcts>
-    </lib>
-
-    <lib name="mspdb80.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PDBOpenValidate5</fct>
-      </fcts>
-    </lib>
-
-    <lib name="msvcrt.dll" bl="0" dp="0">
-      <fcts>
-        <fct dp="0" bl="1" ad="0">_invoke_watson</fct>
-        <fct dp="0" bl="1" ad="0">_crt_debugger_hook</fct>
-        <fct dp="1" bl="0" ad="0">_loaddll</fct>
-        <fct dp="1" bl="0" ad="0">_getdllprocaddr</fct>
-        <fct dp="1" bl="0" ad="0">_unloaddll</fct>
-        <fct dp="1" bl="0" ad="0">_acmdln</fct>
-        <fct dp="1" bl="0" ad="0">_tcmdln</fct>
-        <fct dp="1" bl="0" ad="0">_wcmdln</fct>
-        <fct dp="1" bl="0" ad="0">_amblksiz</fct>
-        <fct dp="1" bl="0" ad="0">_daylight</fct>
-        <fct dp="1" bl="0" ad="0">_dstbias</fct>
-        <fct dp="1" bl="0" ad="0">_timezone</fct>
-        <fct dp="1" bl="0" ad="0">_tzname</fct>
-        <fct dp="1" bl="0" ad="0">errno</fct>
-        <fct dp="1" bl="0" ad="0">_doserrno</fct>
-        <fct dp="1" bl="0" ad="0">_sys_errlist</fct>
-        <fct dp="1" bl="0" ad="0">_sys_nerr</fct>
-        <fct dp="1" bl="0" ad="0">_environ</fct>
-        <fct dp="1" bl="0" ad="0">_wenviron</fct>
-        <fct dp="1" bl="0" ad="0">_fileinfo</fct>
-        <fct dp="1" bl="0" ad="0">_fmode</fct>
-        <fct dp="1" bl="0" ad="0">_iob</fct>
-        <fct dp="1" bl="0" ad="0">_wcsrev</fct>
-        <fct dp="0" bl="1" ad="0">fwrite</fct>
-        <fct dp="0" bl="1" ad="0">getenv</fct>
-        <fct dp="0" bl="1" ad="0">_resetstkoflw</fct>
-        <fct dp="0" bl="1" ad="0">_wgetenv</fct>
-        <fct dp="0" bl="1" ad="0">_wexecve</fct>
-        <fct dp="0" bl="1" ad="0">_execve</fct>
-        <fct dp="0" bl="1" ad="0">__setusermatherr</fct>
-        <fct dp="0" bl="1" ad="0">__p__commode</fct>
-        <fct dp="0" bl="1" ad="0">_execlpe</fct>
-        <fct dp="1" bl="0" ad="0">yn</fct>
-        <fct dp="1" bl="0" ad="0">y1</fct>
-        <fct dp="1" bl="0" ad="0">y0</fct>
-        <fct dp="1" bl="0" ad="0">wvsprintfW</fct>
-        <fct dp="1" bl="0" ad="0">wvsprintfA</fct>
-        <fct dp="1" bl="0" ad="0">wvsprintf</fct>
-        <fct dp="1" bl="0" ad="0" us="1">wvnsprintf</fct>
-        <fct dp="1" bl="0" ad="0" us="1">wsprintf</fct>
-        <fct dp="1" bl="0" ad="0">printf</fct>
-        <fct dp="1" bl="0" ad="0">_printf_l</fct>
-        <fct dp="1" bl="0" ad="0">wprintf</fct>
-        <fct dp="1" bl="0" ad="0">_wprintf_l</fct>
-        <fct dp="1" bl="0" ad="0">wscanf</fct>
-        <fct dp="1" bl="0" ad="0">write</fct>
-        <fct dp="1" bl="0" ad="0" us="1">wnsprintf</fct>
-        <fct dp="1" bl="0" ad="0">wmemmove</fct>
-        <fct dp="1" bl="0" ad="0">wmemcpy</fct>
-        <fct dp="1" bl="0" ad="0">wctomb</fct>
-        <fct dp="1" bl="0" ad="0">wcsupr</fct>
-        <fct dp="1" bl="0" ad="0">wcstombs</fct>
-        <fct dp="1" bl="0" ad="0">wcstok</fct>
-        <fct dp="1" bl="0" ad="0">wcsset</fct>
-        <fct dp="1" bl="0" ad="0">wcsrtombs</fct>
-        <fct dp="1" bl="0" ad="0">wcsrev</fct>
-        <fct dp="1" bl="0" ad="0">wcsnset</fct>
-        <fct dp="1" bl="0" ad="0">wcsnicmp</fct>
-        <fct dp="1" bl="0" ad="0">wcsncpy</fct>
-        <fct dp="1" bl="0" ad="0">wcsncat_l</fct>
-        <fct dp="1" bl="0" ad="0">wcsncat</fct>
-        <fct dp="1" bl="0" ad="0">wcslwr</fct>
-        <fct dp="1" bl="0" ad="0">wcslen</fct>
-        <fct dp="1" bl="0" ad="0">wcsicoll</fct>
-        <fct dp="1" bl="0" ad="0">wcsicmp</fct>
-        <fct dp="1" bl="0" ad="0">wcsdup</fct>
-        <fct dp="1" bl="0" ad="0">wcscpy</fct>
-        <fct dp="1" bl="0" ad="0">wcscat</fct>
-        <fct dp="1" bl="0" ad="0">wcrtomb</fct>
-        <fct dp="1" bl="0" ad="0">wcrtomb</fct>
-        <fct dp="1" bl="0" ad="0">vswprintf</fct>
-        <fct dp="1" bl="0" ad="0">vsprintf</fct>
-        <fct dp="1" bl="0" ad="0">vsnprintf</fct>
-        <fct dp="1" bl="0" ad="0">unlink</fct>
-        <fct dp="1" bl="0" ad="0">ungetch</fct>
-        <fct dp="1" bl="0" ad="0">umask</fct>
-        <fct dp="1" bl="0" ad="0">ultoa</fct>
-        <fct dp="1" bl="0" ad="0">tzset</fct>
-        <fct dp="1" bl="0" ad="0">toascii</fct>
-        <fct dp="1" bl="0" ad="0">tmpfile</fct>
-        <fct dp="1" bl="0" ad="0">tempnam</fct>
-        <fct dp="1" bl="0" ad="0">tell</fct>
-        <fct dp="1" bl="0" ad="0">swscanf</fct>
-        <fct dp="1" bl="0" ad="0">swprintf</fct>
-        <fct dp="1" bl="0" ad="0">swab</fct>
-        <fct dp="1" bl="0" ad="0">strupr</fct>
-        <fct dp="1" bl="0" ad="0">strtok</fct>
-        <fct dp="1" bl="0" ad="0">strtok</fct>
-        <fct dp="1" bl="0" ad="0">strset</fct>
-        <fct dp="1" bl="0" ad="0">strrev</fct>
-        <fct dp="1" bl="0" ad="0">strnset</fct>
-        <fct dp="1" bl="0" ad="0">strnicmp</fct>
-        <fct dp="1" bl="0" ad="0">StrNCpyW</fct>
-        <fct dp="1" bl="0" ad="0">StrNCpyA</fct>
-        <fct dp="1" bl="0" ad="0">strncpy</fct>
-        <fct dp="1" bl="0" ad="0">StrNCpy</fct>
-        <fct dp="1" bl="0" ad="0">strncpy</fct>
-        <fct dp="1" bl="0" ad="0">strncpy</fct>
-        <fct dp="1" bl="0" ad="0" us="1">StrNCat</fct>
-        <fct dp="1" bl="0" ad="0">strncat</fct>
-        <fct dp="1" bl="0" ad="0">StrNCat</fct>
-        <fct dp="1" bl="0" ad="0">strncat</fct>
-        <fct dp="1" bl="0" ad="0">strncat</fct>
-        <fct dp="1" bl="0" ad="0">strlwr</fct>
-        <fct dp="1" bl="0" ad="0">strlen</fct>
-        <fct dp="1" bl="0" ad="0">StrLen</fct>
-        <fct dp="1" bl="0" ad="0">stricmp</fct>
-        <fct dp="1" bl="0" ad="0">strerrorv</fct>
-        <fct dp="1" bl="0" ad="0" us="1">strdup</fct>
-        <fct dp="1" bl="0" ad="0" us="1">StrCpy</fct>
-        <fct dp="1" bl="0" ad="0" us="1">StrCpyN</fct>
-        <fct dp="1" bl="0" ad="0">strcpynA</fct>
-        <fct dp="1" bl="0" ad="0">StrCpyA</fct>
-        <fct dp="1" bl="0" ad="0">StrCpy</fct>
-        <fct dp="1" bl="0" ad="0">strcmpi</fct>
-        <fct dp="1" bl="0" ad="0" us="1">StrCat</fct>
-        <fct dp="1" bl="0" ad="0">StrCatN</fct>
-        <fct dp="1" bl="0" ad="0" us="1">StrCatChainW</fct>
-        <fct dp="1" bl="0" ad="0" us="1">StrCatBuff</fct>
-        <fct dp="1" bl="0" ad="0">StrCatA</fct>
-        <fct dp="1" bl="0" ad="0">StrCat</fct>
-        <fct dp="1" bl="0" ad="0">sscanf</fct>
-        <fct dp="1" bl="0" ad="0">sprintf</fct>
-        <fct dp="1" bl="0" ad="0">spawnvpe</fct>
-        <fct dp="1" bl="0" ad="0">spawnvp</fct>
-        <fct dp="1" bl="0" ad="0">spawnve</fct>
-        <fct dp="1" bl="0" ad="0">spawnv</fct>
-        <fct dp="1" bl="0" ad="0">spawnlpe</fct>
-        <fct dp="1" bl="0" ad="0">spawnlp</fct>
-        <fct dp="1" bl="0" ad="0">spawnle</fct>
-        <fct dp="1" bl="0" ad="0">spawnl</fct>
-        <fct dp="1" bl="0" ad="0">sopen</fct>
-        <fct dp="1" bl="0" ad="0">snscanf</fct>
-        <fct dp="1" bl="0" ad="0">snwscanf</fct>
-        <fct dp="1" bl="0" ad="0">setmode</fct>
-        <fct dp="1" bl="0" ad="0">setbuf</fct>
-        <fct dp="1" bl="0" ad="0">scanf</fct>
-        <fct dp="1" bl="0" ad="0">rmtmp</fct>
-        <fct dp="1" bl="0" ad="0">rmdir</fct>
-        <fct dp="1" bl="0" ad="0">read</fct>
-        <fct dp="1" bl="0" ad="0">putw</fct>
-        <fct dp="1" bl="0" ad="0">putenv</fct>
-        <fct dp="1" bl="0" ad="0">putch</fct>
-        <fct dp="1" bl="0" ad="0">outpw</fct>
-        <fct dp="1" bl="0" ad="0">outp</fct>
-        <fct dp="1" bl="0" ad="0">open</fct>
-        <fct dp="1" bl="0" ad="0">OemToCharW</fct>
-        <fct dp="1" bl="0" ad="0">OemToCharA</fct>
-        <fct dp="1" bl="0" ad="0">OemToChar</fct>
-        <fct dp="1" bl="0" ad="0">nsprintf</fct>
-        <fct dp="1" bl="0" ad="0">mktemp</fct>
-        <fct dp="1" bl="0" ad="0">mkdir</fct>
-        <fct dp="1" bl="0" ad="0">memmove</fct>
-        <fct dp="1" bl="0" ad="0">memicmp</fct>
-        <fct dp="1" bl="0" ad="0">memcpy</fct>
-        <fct dp="1" bl="0" ad="0">memccpy</fct>
-        <fct dp="1" bl="0" ad="0">mbstowcs</fct>
-        <fct dp="1" bl="0" ad="0">mbsrtowcs</fct>
-        <fct dp="1" bl="0" ad="0">Makepath</fct>
-        <fct dp="1" bl="0" ad="0">ltoa</fct>
-        <fct dp="1" bl="0" ad="0">lstrncat</fct>
-        <fct dp="1" bl="0" ad="0" us="1">lstrlen</fct>
-        <fct dp="1" bl="0" ad="0" us="1">lstrcpy</fct>
-        <fct dp="1" bl="0" ad="0" >lstrcpynW</fct>
-        <fct dp="1" bl="0" ad="0">lstrcpynA</fct>
-        <fct dp="1" bl="0" ad="0">lstrcpyn</fct>
-        <fct dp="1" bl="0" ad="0" us="1">lstrcat</fct>
-        <fct dp="1" bl="0" ad="0">lstrcatn</fct>
-        <fct dp="1" bl="0" ad="0">lstrcatn</fct>
-        <fct dp="1" bl="0" ad="0">lseek</fct>
-        <fct dp="1" bl="0" ad="0">lsearch</fct>
-        <fct dp="1" bl="0" ad="0">localtime</fct>
-        <fct dp="1" bl="0" ad="0">lfind</fct>
-        <fct dp="1" bl="0" ad="0">kbhit</fct>
-        <fct dp="1" bl="0" ad="0">jn</fct>
-        <fct dp="1" bl="0" ad="0">j1</fct>
-        <fct dp="1" bl="0" ad="0">j0</fct>
-        <fct dp="1" bl="0" ad="0">itoa</fct>
-        <fct dp="1" bl="0" ad="0">iscsymf</fct>
-        <fct dp="1" bl="0" ad="0">iscsym</fct>
-        <fct dp="1" bl="0" ad="0">IsBadWritePtr</fct>
-        <fct dp="1" bl="0" ad="0">IsBadStringPtr</fct>
-        <fct dp="1" bl="0" ad="0">IsBadHugeWritePtr</fct>
-        <fct dp="1" bl="0" ad="0">IsBadHugeReadPtr</fct>
-        <fct dp="1" bl="0" ad="0">IsBadCodePtr</fct>
-        <fct dp="1" bl="0" ad="0">isatty</fct>
-        <fct dp="1" bl="0" ad="0">isascii</fct>
-        <fct dp="1" bl="0" ad="0">inpw</fct>
-        <fct dp="1" bl="0" ad="0">inp</fct>
-        <fct dp="1" bl="0" ad="0">hypot</fct>
-        <fct dp="1" bl="0" ad="0">gmtime</fct>
-        <fct dp="1" bl="0" ad="0">getw</fct>
-        <fct dp="1" bl="0" ad="0">gets</fct>
-        <fct dp="1" bl="0" ad="0">getpid</fct>
-        <fct dp="1" bl="0" ad="0">getenv</fct>
-        <fct dp="1" bl="0" ad="0">getcwd</fct>
-        <fct dp="1" bl="0" ad="0">getche</fct>
-        <fct dp="1" bl="0" ad="0">_getch</fct>
-        <fct dp="1" bl="0" ad="0">gcvt</fct>
-        <fct dp="1" bl="0" ad="0">fwscanf</fct>
-        <fct dp="1" bl="0" ad="0">fscanf</fct>
-        <fct dp="1" bl="0" ad="0">freopen</fct>
-        <fct dp="1" bl="0" ad="0">fputchar</fct>
-        <fct dp="1" bl="0" ad="0">fopen</fct>
-        <fct dp="1" bl="0" ad="0">fprintf</fct>
-        <fct dp="1" bl="0" ad="0">flushall</fct>
-        <fct dp="1" bl="0" ad="0">fileno</fct>
-        <fct dp="1" bl="0" ad="0">filelength</fct>
-        <fct dp="1" bl="0" ad="0">fgetchar</fct>
-        <fct dp="1" bl="0" ad="0">fdopen</fct>
-        <fct dp="1" bl="0" ad="0">fcvt</fct>
-        <fct dp="1" bl="0" ad="0">fcloseall</fct>
-        <fct dp="1" bl="0" ad="0">execvpe</fct>
-        <fct dp="1" bl="0" ad="0">execvp</fct>
-        <fct dp="1" bl="0" ad="0">execve</fct>
-        <fct dp="1" bl="0" ad="0">execv</fct>
-        <fct dp="1" bl="0" ad="0">execlpe</fct>
-        <fct dp="1" bl="0" ad="0">execlp</fct>
-        <fct dp="1" bl="0" ad="0">execle</fct>
-        <fct dp="1" bl="0" ad="0">execl</fct>
-        <fct dp="1" bl="0" ad="0">eof</fct>
-        <fct dp="1" bl="0" ad="0">ecvt</fct>
-        <fct dp="1" bl="0" ad="0">dup2</fct>
-        <fct dp="1" bl="0" ad="0">dup</fct>
-        <fct dp="1" bl="0" ad="0">cwait</fct>
-        <fct dp="1" bl="0" ad="0">ctime</fct>
-        <fct dp="1" bl="0" ad="0">cscanf</fct>
-        <fct dp="1" bl="0" ad="0">creat</fct>
-        <fct dp="1" bl="0" ad="0">cputs</fct>
-        <fct dp="1" bl="0" ad="0">cprintf</fct>
-        <fct dp="1" bl="0" ad="0">close</fct>
-        <fct dp="1" bl="0" ad="0">chsize</fct>
-        <fct dp="1" bl="0" ad="0">chmod</fct>
-        <fct dp="1" bl="0" ad="0">chdir</fct>
-        <fct dp="1" bl="0" ad="0">CharToOemW</fct>
-        <fct dp="1" bl="0" ad="0">CharToOemBuffW</fct>
-        <fct dp="1" bl="0" ad="0">CharToOemBuffA</fct>
-        <fct dp="1" bl="0" ad="0">CharToOemA</fct>
-        <fct dp="1" bl="0" ad="0">CharToOem</fct>
-        <fct dp="1" bl="0" ad="0">vfprintf</fct>
-        <fct dp="1" bl="0" ad="0">cgets</fct>
-        <fct dp="1" bl="0" ad="0">cabs</fct>
-        <fct dp="1" bl="0" ad="0">asctime</fct>
-        <fct dp="1" bl="0" ad="0">alloca</fct>
-        <fct dp="1" bl="0" ad="0">access</fct>
-        <fct dp="1" bl="0" ad="0">_wstrtime</fct>
-        <fct dp="1" bl="0" ad="0">_wstrdate</fct>
-        <fct dp="1" bl="0" ad="0">_wsplitpath</fct>
-        <fct dp="1" bl="0" ad="0">_wsopen</fct>
-        <fct dp="1" bl="0" ad="0">_wsearchenv</fct>
-        <fct dp="1" bl="0" ad="0">_wscanf_l</fct>
-        <fct dp="1" bl="0" ad="0">_wscanf</fct>
-        <fct dp="1" bl="0" ad="0">_wopen</fct>
-        <fct dp="1" bl="0" ad="0">_wmktemp</fct>
-        <fct dp="1" bl="0" ad="0">_wmakepath</fct>
-        <fct dp="1" bl="0" ad="0">_wgetenv</fct>
-        <fct dp="1" bl="0" ad="0">_wfreopen</fct>
-        <fct dp="1" bl="0" ad="0">_wfopen</fct>
-        <fct dp="1" bl="0" ad="0">_wctomb_l</fct>
-        <fct dp="1" bl="0" ad="0">_wctime64</fct>
-        <fct dp="1" bl="0" ad="0">_wctime32</fct>
-        <fct dp="1" bl="0" ad="0">_wctime</fct>
-        <fct dp="1" bl="0" ad="0">_wcsupr_l</fct>
-        <fct dp="1" bl="0" ad="0">_wcsupr</fct>
-        <fct dp="1" bl="0" ad="0">_wcstombs_l</fct>
-        <fct dp="1" bl="0" ad="0">_wcstok_l</fct>
-        <fct dp="1" bl="0" ad="0">_wcsset_l</fct>
-        <fct dp="1" bl="0" ad="0">_wcsset</fct>
-        <fct dp="1" bl="0" ad="0">_wcsnset_l</fct>
-        <fct dp="1" bl="0" ad="0">_wcsnset</fct>
-        <fct dp="1" bl="0" ad="0">_wcsncpy_l</fct>
-        <fct dp="1" bl="0" ad="0">_wcsncpy</fct>
-        <fct dp="1" bl="0" ad="0">_wcslwr_l</fct>
-        <fct dp="1" bl="0" ad="0">_wcslwr</fct>
-        <fct dp="1" bl="0" ad="0">_wcserror</fct>
-        <fct dp="1" bl="0" ad="0">_wcreat</fct>
-        <fct dp="1" bl="0" ad="0">_wasctime</fct>
-        <fct dp="1" bl="0" ad="0">_vswprintf_l</fct>
-        <fct dp="1" bl="0" ad="0">_vstprintf</fct>
-        <fct dp="1" bl="0" ad="0">_vsprintf_l</fct>
-        <fct dp="1" bl="0" ad="0">_vsnwprintf_l</fct>
-        <fct dp="1" bl="0" ad="0">_vsntprintf</fct>
-        <fct dp="1" bl="0" ad="0">_vsnprintf_l</fct>
-        <fct dp="1" bl="0" ad="0">_vsnprintf</fct>
-        <fct dp="1" bl="0" ad="0">_umask</fct>
-        <fct dp="1" bl="0" ad="0">_ultow</fct>
-        <fct dp="1" bl="0" ad="0">_ultot</fct>
-        <fct dp="1" bl="0" ad="0">_ultoa</fct>
-        <fct dp="1" bl="0" ad="0">_ui64tow</fct>
-        <fct dp="1" bl="0" ad="0">_ui64tot</fct>
-        <fct dp="1" bl="0" ad="0">_ui64toa</fct>
-        <fct dp="1" bl="0" ad="0">_tsplitpath</fct>
-        <fct dp="1" bl="0" ad="0">_tscanf</fct>
-        <fct dp="1" bl="0" ad="0">_tmakepath</fct>
-        <fct dp="1" bl="0" ad="0">_tcstok</fct>
-        <fct dp="1" bl="0" ad="0">_tcsncpy</fct>
-        <fct dp="1" bl="0" ad="0">_tcsncat</fct>
-        <fct dp="1" bl="0" ad="0">_tcscpy</fct>
-        <fct dp="1" bl="0" ad="0">_tcscat</fct>
-        <fct dp="1" bl="0" ad="0">_tccpy</fct>
-        <fct dp="1" bl="0" ad="0">_tccat</fct>
-        <fct dp="1" bl="0" ad="0">_swscanf_l</fct>
-        <fct dp="1" bl="0" ad="0">_swprintf_l</fct>
-        <fct dp="1" bl="0" ad="0">_stscanf</fct>
-        <fct dp="1" bl="0" ad="0">_strupr_l</fct>
-        <fct dp="1" bl="0" ad="0">_strupr</fct>
-        <fct dp="1" bl="0" ad="0">_strupr</fct>
-        <fct dp="1" bl="0" ad="0">_strtok_l</fct>
-        <fct dp="1" bl="0" ad="0">_strtime</fct>
-        <fct dp="1" bl="0" ad="0">_strset_l</fct>
-        <fct dp="1" bl="0" ad="0">_strset</fct>
-        <fct dp="1" bl="0" ad="0">_strnset_l</fct>
-        <fct dp="1" bl="0" ad="0">_strnset</fct>
-        <fct dp="1" bl="0" ad="0">_strncpy_l</fct>
-        <fct dp="1" bl="0" ad="0">_strncat_l</fct>
-        <fct dp="1" bl="0" ad="0">_strlwr_l</fct>
-        <fct dp="1" bl="0" ad="0">_strlwr</fct>
-        <fct dp="1" bl="0" ad="0">_strerror</fct>
-        <fct dp="1" bl="0" ad="0">_strdate</fct>
-        <fct dp="1" bl="0" ad="0">_stprintf</fct>
-        <fct dp="1" bl="0" ad="0">_sscanf_l</fct>
-        <fct dp="1" bl="0" ad="0">_sprintf_l</fct>
-        <fct dp="1" bl="0" ad="0">_splitpath</fct>
-        <fct dp="1" bl="0" ad="0">_sopen</fct>
-        <fct dp="1" bl="0" ad="0">_snwscanf_l</fct>
-        <fct dp="1" bl="0" ad="0">_snwscanf</fct>
-        <fct dp="1" bl="0" ad="0">_snwprintf_l</fct>
-        <fct dp="1" bl="0" ad="0">_snwprintf</fct>
-        <fct dp="1" bl="0" ad="0">_sntscanf</fct>
-        <fct dp="1" bl="0" ad="0">_sntprintf</fct>
-        <fct dp="1" bl="0" ad="0">_snscanf_l</fct>
-        <fct dp="1" bl="0" ad="0">_snscanf</fct>
-        <fct dp="1" bl="0" ad="0">_snprintf_l</fct>
-        <fct dp="1" bl="0" ad="0">_snprintf</fct>
-        <fct dp="1" bl="0" ad="0">_searchenv</fct>
-        <fct dp="1" bl="0" ad="0">_scanf_l</fct>
-        <fct dp="1" bl="0" ad="0">_open</fct>
-        <fct dp="1" bl="0" ad="0">_mktemp</fct>
-        <fct dp="1" bl="0" ad="0">_mbsupr_l</fct>
-        <fct dp="1" bl="0" ad="0">_mbsupr</fct>
-        <fct dp="1" bl="0" ad="0">_mbstrlen</fct>
-        <fct dp="1" bl="0" ad="0">_mbstowcs_l</fct>
-        <fct dp="1" bl="0" ad="0">_mbstowcs_l</fct>
-        <fct dp="1" bl="0" ad="0">_mbstok_l</fct>
-        <fct dp="1" bl="0" ad="0">_mbstok</fct>
-        <fct dp="1" bl="0" ad="0">_mbsset_l</fct>
-        <fct dp="1" bl="0" ad="0">_mbsset</fct>
-        <fct dp="1" bl="0" ad="0">_mbsnset_l</fct>
-        <fct dp="1" bl="0" ad="0">_mbsnset</fct>
-        <fct dp="1" bl="0" ad="0">_mbsncpy_l</fct>
-        <fct dp="1" bl="0" ad="0">_mbsncpy</fct>
-        <fct dp="1" bl="0" ad="0">_mbsncat_l</fct>
-        <fct dp="1" bl="0" ad="0">_mbsncat</fct>
-        <fct dp="1" bl="0" ad="0">_mbsnbset_l</fct>
-        <fct dp="1" bl="0" ad="0">_mbsnbset</fct>
-        <fct dp="1" bl="0" ad="0">_mbsnbcpy_l</fct>
-        <fct dp="1" bl="0" ad="0">_mbsnbcpy</fct>
-        <fct dp="1" bl="0" ad="0">_mbsnbcat_l</fct>
-        <fct dp="1" bl="0" ad="0">_mbsnbcat</fct>
-        <fct dp="1" bl="0" ad="0">_mbslwr_l</fct>
-        <fct dp="1" bl="0" ad="0">_mbslwr</fct>
-        <fct dp="1" bl="0" ad="0">_mbslen</fct>
-        <fct dp="1" bl="0" ad="0">_mbscpy</fct>
-        <fct dp="1" bl="0" ad="0">_mbscat</fct>
-        <fct dp="1" bl="0" ad="0">_mbccpy_l</fct>
-        <fct dp="1" bl="0" ad="0">_mbccpy</fct>
-        <fct dp="1" bl="0" ad="0">_mbccat</fct>
-        <fct dp="1" bl="0" ad="0">_makepath</fct>
-        <fct dp="1" bl="0" ad="0">_ltow</fct>
-        <fct dp="1" bl="0" ad="0">_ltoa</fct>
-        <fct dp="1" bl="0" ad="0">_localtime64</fct>
-        <fct dp="1" bl="0" ad="0">_localtime32</fct>
-        <fct dp="1" bl="0" ad="0">_itow</fct>
-        <fct dp="1" bl="0" ad="0">_i64tow</fct>
-        <fct dp="1" bl="0" ad="0">_i64toa</fct>
-        <fct dp="1" bl="0" ad="0">_gmtime64</fct>
-        <fct dp="1" bl="0" ad="0">_gmtime32</fct>
-        <fct dp="1" bl="0" ad="0">_getws</fct>
-        <fct dp="1" bl="0" ad="0">_gettws</fct>
-        <fct dp="1" bl="0" ad="0">_getts</fct>
-        <fct dp="1" bl="0" ad="0">_gcvt</fct>
-        <fct dp="1" bl="0" ad="0">_fwscanf_l</fct>
-        <fct dp="1" bl="0" ad="0">_fstrncpy</fct>
-        <fct dp="1" bl="0" ad="0">_fstrncat</fct>
-        <fct dp="1" bl="0" ad="0">_fscanf_l</fct>
-        <fct dp="1" bl="0" ad="0">_fcvt</fct>
-        <fct dp="1" bl="0" ad="0">_ecvt</fct>
-        <fct dp="1" bl="0" ad="0">_cwscanf_l</fct>
-        <fct dp="1" bl="0" ad="0">_cwscanf</fct>
-        <fct dp="1" bl="0" ad="0">_ctime64</fct>
-        <fct dp="1" bl="0" ad="0">_ctime32</fct>
-        <fct dp="1" bl="0" ad="0">_cscanf_l</fct>
-        <fct dp="1" bl="0" ad="0">_cscanf</fct>
-        <fct dp="1" bl="0" ad="0">_creat</fct>
-        <fct dp="1" bl="0" ad="0">_controlfp</fct>
-        <fct dp="1" bl="0" ad="0">_controlfp</fct>
-        <fct dp="1" bl="0" ad="0">__control87_2</fct>
-        <fct dp="1" bl="0" ad="0">_chsize</fct>
-        <fct dp="1" bl="0" ad="0">_cgetws</fct>
-        <fct dp="1" bl="0" ad="0">_cgets</fct>
-        <fct dp="1" bl="0" ad="0">_alloca</fct>
-        <fct dp="1" bl="0" ad="0">__wcserror</fct>
-        <fct dp="1" bl="0" ad="0">__vswprintf_l</fct>
-        <fct dp="1" bl="0" ad="0">__swprintf_l</fct>
-        <fct dp="1" bl="0" ad="0">_ftccat</fct>
-        <fct dp="1" bl="0" ad="0">_ftccpy</fct>
-        <fct dp="1" bl="0" ad="0">makepath</fct>
-        <fct dp="1" bl="0" ad="0">ualstrcpyW</fct>
-        <fct dp="1" bl="0" ad="0">_ftcscpy</fct>
-        <fct dp="1" bl="0" ad="0">_ftcscat</fct>
-        <fct dp="1" bl="0" ad="0">_fstrcpy</fct>
-        <fct dp="1" bl="0" ad="0">_fstrcat</fct>
-        <fct dp="0" bl="1" ad="0">srand</fct>
-        <fct dp="0" bl="1" ad="0">rand</fct>
-      </fcts>
-    </lib>
-
-    <lib name="msasn1.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ASN1BERDecNull</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ASN1BERDecEoid</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ASN1BERDecBool</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ASN1BERDecCheck</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ASN1BERDecCharString</fct>
-      </fcts>
-    </lib>
-
-    <lib name="ntshrui.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetNetResourceFromLocalPath</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">CanShareFolderW</fct>
-      </fcts>
-    </lib>
-
-    <lib name="dhcpcsvc.dll" bl="1" dp="0">
-      <fcts>
-      </fcts>
-    </lib>
-
-    <lib name="imagehlp.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UpdateDebugInfoFileEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CheckSumMappedFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumerateLoadedModulesW64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ImageNtHeader</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ImageRvaToVa</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">StackWalk64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymCleanup</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymFromAddr</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymFunctionTableAccess64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymGetModuleInfo64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymGetModuleBase64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymGetModuleInfoW64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymGetOptions</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymGetSymFromName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymInitialize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymLoadModule64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymRegisterCallback64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymSetOptions</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymUnloadModule64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RemoveRelocations</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">BindImage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">BindImageEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CheckSumMappedFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumerateLoadedModules64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumerateLoadedModules</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumerateLoadedModulesEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindDebugInfoFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindDebugInfoFileEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindExecutableImage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindExecutableImageEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindFileInPath</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FindFileInSearchPath</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetImageConfigInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetImageUnusedHeaderBytes</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetTimestampForLoadedLibrary</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ImageAddCertificate</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ImageDirectoryEntryToData</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ImageDirectoryEntryToDataEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ImageEnumerateCertificates</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ImageGetCertificateData</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ImageGetCertificateHeader</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ImageGetDigestStream</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ImageLoad</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ImageRemoveCertificate</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ImageRvaToSection</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ImageUnload</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ImagehlpApiVersion</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ImagehlpApiVersionEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MakeSureDirectoryPathExists</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MapAndLoad</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">MapDebugInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MapFileAndCheckSum</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ReBaseImage64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ReBaseImage</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RemovePrivateCvSymbolic</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">RemovePrivateCvSymbolicEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SearchTreeForFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetImageConfigInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SplitSymbols</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">StackWalk</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymEnumSym</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">TouchFileTimes</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UnDecorateSymbolName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UnMapAndLoad</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UnmapDebugInformation</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UpdateDebugInfoFile</fct>
-      </fcts>
-    </lib>
-
-    <lib name="wsnmp32.dll" bl="1" dp="0">
-      <fcts>
-        <fct od="100"  dp="0" un="0" pv="0" bl="1" ad="0">SnmpGetTranslateMode</fct>
-        <fct od="101"  dp="0" un="0" pv="0" bl="1" ad="0">SnmpSetTranslateMode</fct>
-        <fct od="102"  dp="0" un="0" pv="0" bl="1" ad="0">SnmpGetRetransmitMode</fct>
-        <fct od="103"  dp="0" un="0" pv="0" bl="1" ad="0">SnmpSetRetransmitMode</fct>
-        <fct od="104"  dp="0" un="0" pv="0" bl="1" ad="0">SnmpGetTimeout</fct>
-        <fct od="105"  dp="0" un="0" pv="0" bl="1" ad="0">SnmpSetTimeout</fct>
-        <fct od="106"  dp="0" un="0" pv="0" bl="1" ad="0">SnmpGetRetry</fct>
-        <fct od="107"  dp="0" un="0" pv="0" bl="1" ad="0">SnmpSetRetry</fct>
-        <fct od="108"  dp="0" un="0" pv="0" bl="1" ad="0">SnmpConveyAgentAddress</fct>
-        <fct od="109"  dp="0" un="0" pv="0" bl="1" ad="0">SnmpSetAgentAddress</fct>
-        <fct od="120"  dp="0" un="0" pv="0" bl="1" ad="0">SnmpGetVendorInfo</fct>
-        <fct od="200"  dp="0" un="0" pv="0" bl="1" ad="0">SnmpStartup</fct>
-        <fct od="201"  dp="0" un="0" pv="0" bl="1" ad="0">SnmpCleanup</fct>
-        <fct od="202"  dp="0" un="0" pv="0" bl="1" ad="0">SnmpOpen</fct>
-        <fct od="203"  dp="0" un="0" pv="0" bl="1" ad="0">SnmpClose</fct>
-        <fct od="204"  dp="0" un="0" pv="0" bl="1" ad="0">SnmpSendMsg</fct>
-        <fct od="205"  dp="0" un="0" pv="0" bl="1" ad="0">SnmpRecvMsg</fct>
-        <fct od="206"  dp="0" un="0" pv="0" bl="1" ad="0">SnmpRegister</fct>
-        <fct od="220">SnmpCreateSession</fct>
-        <fct od="221">SnmpListen</fct>
-        <fct od="222">SnmpCancelMsg</fct>
-        <fct od="291">SnmpStartupEx</fct>
-        <fct od="292">SnmpCleanupEx</fct>
-        <fct od="293">SnmpListenEx</fct>
-        <fct od="300">SnmpStrToEntity</fct>
-        <fct od="301">SnmpEntityToStr</fct>
-        <fct od="302">SnmpFreeEntity</fct>
-        <fct od="320">SnmpSetPort</fct>
-        <fct od="400">SnmpStrToContext</fct>
-        <fct od="401">SnmpContextToStr</fct>
-        <fct od="402">SnmpFreeContext</fct>
-        <fct od="500">SnmpCreatePdu</fct>
-        <fct od="501">SnmpGetPduData</fct>
-        <fct od="502">SnmpSetPduData</fct>
-        <fct od="503">SnmpDuplicatePdu</fct>
-        <fct od="504">SnmpFreePdu</fct>
-        <fct od="600">SnmpCreateVbl</fct>
-        <fct od="601">SnmpDuplicateVbl</fct>
-        <fct od="602">SnmpFreeVbl</fct>
-        <fct od="603">SnmpCountVbl</fct>
-        <fct od="604">SnmpGetVb</fct>
-        <fct od="605">SnmpSetVb</fct>
-        <fct od="606">SnmpDeleteVb</fct>
-        <fct od="900">SnmpFreeDescriptor</fct>
-        <fct od="901">SnmpEncodeMsg</fct>
-        <fct od="902">SnmpDecodeMsg</fct>
-        <fct od="903">SnmpStrToOid</fct>
-        <fct od="904">SnmpOidToStr</fct>
-        <fct od="905">SnmpOidCopy</fct>
-        <fct od="906">SnmpOidCompare</fct>
-        <fct od="999">SnmpGetLastError</fct>
-      </fcts>
-    </lib>
-
-    <lib name="crypt32.dll" bl="1" dp="0">
-      <fcts>
-      </fcts>
-    </lib>
-
-    <lib name="cryptdll.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MD5Init</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MD5Update</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MD5Final</fct>
-      </fcts>
-    </lib>
-
-    <lib name="msvfw32.dll" bl="1" dp="0">
-      <fcts>
-        <fct od="2">VideoForWindowsVersion</fct>
-      </fcts>
-    </lib>
-
-    <lib name="msi.dll" bl="1" dp="0">
-      <fcts>
-        <fct od="7">MsiCloseAllHandles</fct>
-        <fct od="8">MsiCloseHandle</fct>
-        <fct od="9">MsiCollectUserInfoA</fct>
-        <fct od="10">MsiCollectUserInfoW</fct>
-        <fct od="14">MsiConfigureFeatureW</fct>
-        <fct od="15">MsiConfigureProductA</fct>
-        <fct od="16">MsiConfigureProductW</fct>
-        <fct od="17">MsiCreateRecord</fct>
-        <fct od="18">MsiDatabaseApplyTransform</fct>
-        <fct od="19">MsiDatabaseApplyTransform</fct>
-        <fct od="20">MsiDatabaseCommit</fct>
-        <fct od="21">MsiDatabaseExport</fct>
-        <fct od="22">MsiDatabaseExport</fct>
-        <fct od="23">MsiDatabaseGenerateTransform</fct>
-        <fct od="24">MsiDatabaseGenerateTransform</fct>
-        <fct od="25">MsiDatabaseGetPrimaryKeys</fct>
-        <fct od="26">MsiDatabaseGetPrimaryKeys</fct>
-        <fct od="27">MsiDatabaseImport</fct>
-        <fct od="28">MsiDatabaseImport</fct>
-        <fct od="29">MsiDatabaseMerge</fct>
-        <fct od="30">MsiDatabaseMerge</fct>
-        <fct od="31">MsiDatabaseOpenView</fct>
-        <fct od="32">MsiDatabaseOpenView</fct>
-        <fct od="33">MsiDoActionA</fct>
-        <fct od="34">MsiDoActionW</fct>
-        <fct od="35">MsiEnableUIPreview</fct>
-        <fct od="36">MsiEnumClientsA</fct>
-        <fct od="37">MsiEnumClientsW</fct>
-        <fct od="38">MsiEnumComponentQualifiersA</fct>
-        <fct od="39">MsiEnumComponentQualifiersW</fct>
-        <fct od="40">MsiEnumComponentsA</fct>
-        <fct od="41">MsiEnumComponentsW</fct>
-        <fct od="42">MsiEnumFeaturesA</fct>
-        <fct od="44">MsiEnumProductsA</fct>
-        <fct od="45">MsiEnumProductsW</fct>
-        <fct od="46">MsiEvaluateConditionA</fct>
-        <fct od="47">MsiEvaluateConditionW</fct>
-        <fct od="48">MsiGetLastErrorRecord</fct>
-        <fct od="49">MsiGetActiveDatabase</fct>
-        <fct od="50">MsiGetComponentState</fct>
-        <fct od="51">MsiGetComponentStateW</fct>
-        <fct od="52">MsiGetDatabaseState</fct>
-        <fct od="53">MsiGetFeatureCostA</fct>
-        <fct od="54">MsiGetFeatureCostW</fct>
-        <fct od="55">MsiGetFeatureInfoA</fct>
-        <fct od="56">MsiGetFeatureInfoW</fct>
-        <fct od="57">MsiGetFeatureStateA</fct>
-        <fct od="58">MsiGetFeatureStateW</fct>
-        <fct od="59">MsiGetFeatureUsageA</fct>
-        <fct od="60">MsiGetFeatureUsageW</fct>
-        <fct od="61">MsiGetFeatureValidStatesA</fct>
-        <fct od="62">MsiGetFeatureValidStatesW</fct>
-        <fct od="63">MsiGetLanguage</fct>
-        <fct od="64">MsiGetMode</fct>
-        <fct od="65">MsiGetProductCodeA</fct>
-        <fct od="66">MsiGetProductCodeW</fct>
-        <fct od="67">MsiGetProductInfoA</fct>
-        <fct od="68">MsiGetProductInfoFromScriptA</fct>
-        <fct od="69">MsiGetProductInfoFromScriptW</fct>
-        <fct od="70">MsiGetProductInfoW</fct>
-        <fct od="71">MsiGetProductPropertyA</fct>
-        <fct od="72">MsiGetProductPropertyW</fct>
-        <fct od="73">MsiGetPropertyA</fct>
-        <fct od="74">MsiGetPropertyW</fct>
-        <fct od="75">MsiGetSourcePath</fct>
-        <fct od="76">MsiGetSourcePath</fct>
-        <fct od="77">MsiGetSummaryInformation</fct>
-        <fct od="78">MsiGetSummaryInformationW</fct>
-        <fct od="79">MsiGetTargetPathA</fct>
-        <fct od="80">MsiGetTargetPathW</fct>
-        <fct od="88">MsiInstallProduct</fct>
-        <fct od="90">MsiLocateComponent</fct>
-        <fct od="91">MsiOpenDatabaseA</fct>
-        <fct od="92">MsiOpenDatabaseW</fct>
-        <fct od="93">MsiOpenPackageA</fct>
-        <fct od="94">MsiOpenPackageW</fct>
-        <fct od="95">MsiOpenProductA</fct>
-        <fct od="96">MsiOpenProductW</fct>
-        <fct od="97">MsiPreviewBillboardA</fct>
-        <fct od="98">MsiPreviewBillboardW</fct>
-        <fct od="99">MsiPreviewDialogA</fct>
-        <fct od="100">MsiPreviewDialogW</fct>
-        <fct od="111">MsiQueryFeatureState</fct>
-        <fct od="112">MsiQueryProductState</fct>
-        <fct od="113">MsiQueryProductState</fct>
-        <fct od="114">MsiRecordDataSize</fct>
-        <fct od="115">MsiRecordGetFieldCount</fct>
-        <fct od="116">MsiRecordGetInteger</fct>
-        <fct od="118">MsiRecordGetString</fct>
-        <fct od="120">MsiRecordReadStream</fct>
-        <fct od="124">MsiRecordSetStringA</fct>
-        <fct od="125">MsiRecordSetStrings</fct>
-        <fct od="130">MsiReinstallProductA</fct>
-        <fct od="137">MsiSetExternalUI</fct>
-        <fct od="115">MsiRecordGetFieldCount</fct>
-        <fct od="129">MsiReinstallFeatureW</fct>
-        <fct od="141">MsiSetInternalUI</fct>
-        <fct od="150">MsiSummaryInfoGetPropertyW</fct>
-        <fct od="151">MsiSummaryInfoPersist</fct>
-        <fct od="152">MsiSummaryInfoSetProperty</fct>
-        <fct od="153">MsiSummaryInfoSetProperty</fct>
-        <fct od="154">MsiUseFeature</fct>
-        <fct od="155">MsiUseFeature</fct>
-        <fct od="156">MsiVerifyPackage</fct>
-        <fct od="157">MsiVerifyPackage</fct>
-        <fct od="158">MsiViewClose</fct>
-        <fct od="159">MsiViewExecute</fct>
-        <fct od="160">MsiViewFetch</fct>
-        <fct od="161">MsiViewGetError</fct>
-        <fct od="162">MsiViewGetError</fct>
-        <fct od="163">MsiViewModify</fct>
-        <fct od="164">MsiDatabaseIsTablePersistent</fct>
-        <fct od="165">MsiDatabaseIsTablePersistent</fct>
-        <fct od="166">MsiViewGetColumnInfo</fct>
-        <fct od="167">MsiRecordClearData</fct>
-        <fct od="168">MsiEnableLog</fct>
-        <fct od="169">MsiEnableLog</fct>
-        <fct od="170">MsiFormatRecordA</fct>
-        <fct od="171">MsiFormatRecord</fct>
-        <fct od="173">MsiGetComponentPathW</fct>
-        <fct od="174">MsiApplyPatchA</fct>
-        <fct od="175">MsiApplyPatchW</fct>
-        <fct od="176">MsiAdvertiseScriptA</fct>
-        <fct od="177">MsiAdvertiseScriptW</fct>
-        <fct od="178">MsiGetPatchInfoA</fct>
-        <fct od="179">MsiGetPatchInfoW</fct>
-        <fct od="180">MsiEnumPatchesA</fct>
-        <fct od="181">MsiEnumPatchesW</fct>
-        <fct od="182">DllGetVersion</fct>
-        <fct od="183">MsiGetProductCodeFromPackageCodeA</fct>
-        <fct od="184">MsiGetProductCodeFromPackageCodeW</fct>
-        <fct od="185">MsiCreateTransformSummaryInfoA</fct>
-        <fct od="186">MsiCreateTransformSummaryInfoW</fct>
-        <fct od="187">MsiQueryFeatureStateFromDescriptorA</fct>
-        <fct od="188">MsiQueryFeatureStateFromDescriptorW</fct>
-        <fct od="189">MsiConfigureProductExA</fct>
-        <fct od="190">MsiConfigureProductEx</fct>
-        <fct od="191">MsiInvalidateFeatureCache</fct>
-        <fct od="192">MsiUseFeatureExA</fct>
-        <fct od="193">MsiUseFeatureExW</fct>
-        <fct od="194">MsiGetFileVersionA</fct>
-        <fct od="195">MsiGetFileVersionW</fct>
-        <fct od="200">MsiDecomposeDescriptor</fct>
-        <fct od="201">MsiDecomposeDescriptor</fct>
-        <fct od="202">MsiProvideQualifiedComponentEx</fct>
-        <fct od="203">MsiProvideQualifiedComponentEx</fct>
-        <fct od="204">MsiEnumRelatedProductsA</fct>
-        <fct od="205">MsiEnumRelatedProductsW</fct>
-        <fct od="206">MsiSetFeatureAttributesA</fct>
-        <fct od="207">MsiSetFeatureAttributesW</fct>
-        <fct od="210">MsiSourceListAddSourceA</fct>
-        <fct od="211">MsiSourceListAddSourceW</fct>
-        <fct od="212">MsiSourceListForceResolutionA</fct>
-        <fct od="213">MsiSourceListForceResolutionW</fct>
-        <fct od="214">MsiIsProductElevatedA</fct>
-        <fct od="215">MsiIsProductElevatedW</fct>
-        <fct od="218">MsiGetFileHashA</fct>
-        <fct od="219">MsiGetFileHashW</fct>
-        <fct od="220">MsiEnumComponentCostsA</fct>
-        <fct od="221">MsiEnumComponentCostsW</fct>
-        <fct od="222">MsiCreateAndVerifyInstallerDirectory</fct>
-        <fct od="223">MsiGetFileSignatureInformationA</fct>
-        <fct od="224">MsiGetFileSignatureInformationW</fct>
-        <fct od="225">MsiProvideAssemblyA</fct>
-        <fct od="226">MsiProvideAssemblyW</fct>
-        <fct od="231">MsiOpenPackageExA</fct>
-        <fct od="232">MsiOpenPackageExW</fct>
-        <fct od="233">MsiDeleteUserDataA</fct>
-        <fct od="234">MsiDeleteUserDataW</fct>
-        <fct od="238">MsiRemovePatches</fct>
-        <fct od="239">MsiApplyMultiplePatchesA</fct>
-        <fct od="240">MsiApplyMultiplePatchesW</fct>
-        <fct od="241">MsiExtractPatchXMLDataA</fct>
-        <fct od="242">MsiExtractPatchXMLDataW</fct>
-        <fct od="243">MsiGetPatchInfoExA</fct>
-        <fct od="244">MsiGetPatchInfoExW</fct>
-        <fct od="245">MsiEnumProductsExA</fct>
-        <fct od="246">MsiEnumProductsExW</fct>
-        <fct od="247">MsiGetProductInfoExA</fct>
-        <fct od="248">MsiGetProductInfoExW</fct>
-        <fct od="249">MsiQueryComponentStateA</fct>
-        <fct od="250">MsiQueryComponentStateW</fct>
-        <fct od="251">MsiQueryFeatureStateExA</fct>
-        <fct od="252">MsiQueryFeatureStateExW</fct>
-        <fct od="253">MsiDeterminePatchSequenceA</fct>
-        <fct od="254">MsiDeterminePatchSequenceW</fct>
-        <fct od="255">MsiSourceListAddSourceExA</fct>
-        <fct od="256">MsiSourceListAddSourceExW</fct>
-        <fct od="257">MsiSourceListClearSourceA</fct>
-        <fct od="258">MsiSourceListClearSourceW</fct>
-        <fct od="259">MsiSourceListClearAllExA</fct>
-        <fct od="260">MsiSourceListClearAllExW</fct>
-      </fcts>
-    </lib>
-
-    <lib name="oledlg.dll" bl="0" dp="0">
-      <fcts>
-        <fct od="1">OleUIAddVerbMenuA</fct>
-        <fct od="5">OleUIEditLinksA</fct>
-        <fct od="7">OleUIConvertA</fct>
-        <fct od="8">OleUIBusyA</fct>
-      </fcts>
-    </lib>
-
-    <lib name="usp10.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ScriptBreak</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ScriptStringOut</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ScriptStringAnalyse</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ScriptLayout</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ScriptItemize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ScriptShape</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ScriptFreeCache</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ScriptPlace</fct>
-      </fcts>
-    </lib>
-
-    <lib name="mscoree.dll" bl="0" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CLRCreateInstance</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">CorBindToRuntime</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">CorBindToRuntimeEx</fct>
-      </fcts>
-    </lib>
-
-    <lib name="iphlpapi.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="1" pv="0" bl="0" ad="0">NTPTimeToNTFileTime</fct>
-        <fct dp="0" un="1" pv="0" bl="0" ad="0">GetExtendedUdpTable</fct>
-        <fct dp="0" un="1" pv="0" bl="0" ad="0">GetExtendedTcpTable</fct>
-        <fct dp="0" un="1" pv="0" bl="0" ad="0">AllocateAndGetUdpExTable2FromStack</fct>
-        <fct dp="0" un="1" pv="0" bl="0" ad="0">AllocateAndGetTcpExTable2FromStack</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AllocateAndGetIpAddrTableFromStack</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">Icmp6CreateFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">Icmp6ParseReplies</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">Icmp6SendEcho2</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IcmpCloseHandle</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IcmpCreateFile</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IcmpSendEcho</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IcmpSendEcho2</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IcmpSendEcho2Ex</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IcmpParseReplies</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IcmpSendEcho</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">IcmpSendEcho2</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">CreateIpNetEntry</fct>
-        <fct dp="0" un="0" pv="1" bl="1" ad="0">DeleteIpAddress</fct>
-        <fct dp="0" un="0" pv="1" bl="1" ad="0">DeleteIpNetEntry</fct>
-        <fct dp="0" un="0" pv="1" bl="1" ad="0">DeleteIpNetEntry2</fct>
-        <fct dp="0" un="0" pv="1" bl="1" ad="0">DeleteIpForwardEntry</fct>
-        <fct dp="0" un="0" pv="1" bl="1" ad="0">DeleteIpForwardEntry2</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetNetworkParams</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetAdaptersAddresses</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetTcpTable</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetBestRoute</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetIfTable</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetTcpStatistics</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetTcpStatisticsEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetIpAddrTable</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetAdapterIndex</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetIpStatistics</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetIfEntry</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetIcmpStatistics</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetUdpTable</fct>
-        <fct dp="0" un="0" pv="1" bl="1" ad="0">SetIpNetEntry</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetIpTTL</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SendARP</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternalSetIpStats</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetIpForwardEntry</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternalSetIpForwardEntry</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AddIPAddress</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">FlushIpNetTable</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">GetIpNetTable</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SetAdapterIpAddress</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NhpAllocateAndGetInterfaceInfoFromStack</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">NhGetGuidFromInterfaceName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">InternalGetUdpTable</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">UnenableRouter</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">register_icmp</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">_PfUnBindInterface@4</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">_PfDeleteInterface@4</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">_PfCreateInterface@24</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">_PfAddFiltersToInterface@24</fct>
-      </fcts>
-    </lib>
-
-    <lib name="dbghelp.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumDirTree</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymFromAddr</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymGetModuleBase64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymFunctionTableAccess64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymCleanup</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">StackWalk64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymInitialize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymFunctionTableAccess64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymGetModuleBase64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">StackWalk64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ImageNtHeader</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymUnloadModule64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymLoadModule64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymLoadModuleEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymGetOptions</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymSetOptions</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">MiniDumpWriteDump</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymGetSymFromName</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymFromAddr</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymCleanup</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymGetModuleInfoW64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymRegisterCallback64</fct>
-        <fct dp="1" un="0" pv="0" bl="1" ad="0">EnumerateLoadedModules</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">EnumerateLoadedModulesW64</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymInitialize</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">ImageDirectoryEntryToData</fct>
-        <fct dp="0" un="1" pv="0" bl="1" ad="0">SymEnumSym</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">SymEnumerateSymbolsW</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">MapDebugInformation</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">SymEnumerateSymbols64</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">SymGetSymFromAddr64</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">SymGetSymFromName64</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">SymGetSymNext64</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">SymGetSymPrev64</fct>
-        <fct dp="1" un="0" pv="0" bl="0" ad="0">UnMapDebugInformation</fct>
-      </fcts>
-    </lib>
-
-    <lib name="pstorec.dll" bl="1" dp="0">
-      <fcts>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PStoreCreateInstance</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">PStoreEnumProviders</fct>
-      </fcts>
-    </lib>
-
-    <lib name="dsound.dll" bl="1" dp="0">
-      <fcts>
-        <fct od="1" bl="1" ad="0">DirectSoundCreate</fct>
-        <fct od="2" bl="1" ad="0">DirectSoundEnumerate</fct>
-        <fct od="3" bl="1" ad="0">DirectSoundEnumerate</fct>
-        <fct od="6" bl="1" ad="0">DirectSoundCaptureCreate</fct>
-        <fct od="7" bl="1" ad="0">DirectSoundCaptureEnumerate</fct>
-        <fct od="8" bl="1" ad="0">DirectSoundCaptureEnumerate</fct>
-        <fct od="9" bl="1" ad="0">GetDeviceID</fct>
-        <fct od="10" bl="1" ad="0">DirectSoundFullDuplexCreate</fct>
-        <fct od="11" bl="1" ad="0">DirectSoundCreate8</fct>
-        <fct od="12" bl="1" ad="0">DirectSoundCaptureCreate8</fct>
-      </fcts>
-    </lib>
-
-    <lib name="atl.dll" bl="0" dp="0">
-      <fcts>
-        <fct od="10" dp="0" un="0" pv="0" bl="0" ad="0">AtlAdvise</fct>
-        <fct od="11" dp="0" un="0" pv="0" bl="0" ad="0">AtlUnadvise</fct>
-        <fct od="12" dp="0" un="0" pv="0" bl="0" ad="0">AtlFreeMarshalStream</fct>
-        <fct od="13" dp="0" un="0" pv="0" bl="1" ad="0">AtlMarshalPtrInProc</fct>
-        <fct od="14" dp="0" un="0" pv="0" bl="0" ad="0">AtlUnmarshalPtr</fct>
-        <fct od="15" dp="0" un="0" pv="0" bl="0" ad="0">AtlModuleGetClassObject</fct>
-        <fct od="16" dp="0" un="0" pv="0" bl="0" ad="0">AtlModuleInit</fct>
-        <fct od="17" dp="0" un="0" pv="0" bl="0" ad="0">AtlModuleRegisterClassObjects</fct>
-        <fct od="18" dp="0" un="0" pv="0" bl="0" ad="0">AtlModuleRegisterServer</fct>
-        <fct od="19" dp="0" un="0" pv="0" bl="0" ad="0">AtlModuleRegisterTypeLib</fct>
-        <fct od="20" dp="0" un="0" pv="0" bl="0" ad="0">AtlModuleRevokeClassObjects</fct>
-        <fct od="21" dp="0" un="0" pv="0" bl="0" ad="0">AtlModuleTerm</fct>
-        <fct od="22" dp="0" un="0" pv="0" bl="0" ad="0">AtlModuleUnregisterServer</fct>
-        <fct od="23" dp="0" un="0" pv="0" bl="0" ad="0">AtlModuleUpdateRegistryFromResourceD</fct>
-        <fct od="24" dp="0" un="0" pv="0" bl="0" ad="0">AtlWaitWithMessageLoop</fct>
-        <fct od="25" dp="0" un="0" pv="0" bl="0" ad="0">AtlSetErrorInfo</fct>
-        <fct od="26" dp="0" un="0" pv="0" bl="0" ad="0">AtlCreateTargetDC</fct>
-        <fct od="27" dp="0" un="0" pv="0" bl="0" ad="0">AtlHiMetricToPixel</fct>
-        <fct od="28" dp="0" un="0" pv="0" bl="0" ad="0">AtlPixelToHiMetric</fct>
-        <fct od="29" dp="0" un="0" pv="0" bl="0" ad="0">AtlDevModeW2</fct>
-        <fct od="30" dp="0" un="0" pv="0" bl="0" ad="0">AtlComPtrAssign</fct>
-        <fct od="31" dp="0" un="0" pv="0" bl="0" ad="0">AtlComQIPtrAssign</fct>
-        <fct od="32" dp="0" un="0" pv="0" bl="0" ad="0">AtlInternalQueryInterface</fct>
-        <fct od="33" dp="0" un="0" pv="0" bl="0" ad="0">DllCanUnloadNow</fct>
-        <fct od="34" dp="0" un="0" pv="0" bl="0" ad="0">AtlGetVersion</fct>
-        <fct od="35" dp="0" un="0" pv="0" bl="0" ad="0">AtlAxDialogBox</fct>
-        <fct od="36" dp="0" un="0" pv="0" bl="0" ad="0">AtlAxDialogBox</fct>
-        <fct od="37" dp="0" un="0" pv="0" bl="1" ad="0">AtlAxCreateDialog</fct>
-        <fct od="39" dp="0" un="0" pv="0" bl="1" ad="0">AtlAxCreateControl</fct>
-        <fct od="41" dp="0" un="0" pv="0" bl="1" ad="0">AtlAxAttachControl</fct>
-        <fct od="40" dp="0" un="0" pv="0" bl="1" ad="0">AtlAxCreateControlEx</fct>
-        <fct od="42" dp="0" un="0" pv="0" bl="1" ad="0">AtlAxWinInit</fct>
-        <fct od="43" dp="0" un="0" pv="0" bl="0" ad="0">AtlModuleAddCreateWndData</fct>
-        <fct od="44" dp="0" un="0" pv="0" bl="0" ad="0">AtlModuleExtractCreateWndData</fct>
-        <fct od="45" dp="0" un="0" pv="0" bl="0" ad="0">AtlModuleRegisterWndClassInfo</fct>
-        <fct od="46" dp="0" un="0" pv="0" bl="0" ad="0">AtlModuleRegisterWndClassInfo</fct>
-        <fct od="47" dp="0" un="0" pv="0" bl="0" ad="0">AtlAxGetControl</fct>
-        <fct od="48" dp="0" un="0" pv="0" bl="1" ad="0">AtlAxGetHost</fct>
-        <fct od="49" dp="0" un="0" pv="0" bl="0" ad="0">AtlRegisterClassCategoriesHelper</fct>
-        <fct od="50" dp="0" un="0" pv="0" bl="0" ad="0">AtlIPersistStreamInit_Load</fct>
-        <fct od="51" dp="0" un="0" pv="0" bl="0" ad="0">AtlIPersistStreamInit_Save</fct>
-        <fct od="52" dp="0" un="0" pv="0" bl="0" ad="0">AtlIPersistPropertyBag_Load</fct>
-        <fct od="53" dp="0" un="0" pv="0" bl="0" ad="0">AtlIPersistPropertyBag_Save</fct>
-        <fct od="54" dp="0" un="0" pv="0" bl="0" ad="0">AtlGetObjectSourceInterface</fct>
-        <fct od="54" dp="0" un="0" pv="0" bl="0" ad="0">AtlModuleUnRegisterTypeLib</fct>
-        <fct od="56" dp="0" un="0" pv="0" bl="0" ad="0">AtlModuleLoadTypeLib</fct>
-        <fct od="57" dp="0" un="0" pv="0" bl="0" ad="0">AtlModuleUnregisterServerEx</fct>
-        <fct od="58" dp="0" un="0" pv="0" bl="0" ad="0">AtlModuleAddTermFunc</fct>
-        <fct od="59" dp="0" un="0" pv="0" bl="0" ad="0">AtlSetErrorInfo2</fct>
-        <fct od="60" dp="0" un="0" pv="0" bl="0" ad="0">AtlIPersistStreamInit_GetSizeMax</fct>
-        <fct od="61" dp="0" un="0" pv="0" bl="0" ad="0">DllGetClassObject</fct>
-        <fct od="62" dp="0" un="0" pv="0" bl="0" ad="0">DllRegisterServer</fct>
-        <fct od="63" dp="0" un="0" pv="0" bl="0" ad="0">DllUnregisterServer</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AtlAxCreateControlLic</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AtlAxCreateControlLicEx</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AtlAxGetControl</fct>
-        <fct dp="0" un="0" pv="0" bl="1" ad="0">AtlAxWinTerm</fct>
-      </fcts>
-    </lib>
-
-    <lib name="oleaut32.dll" bl="0" dp="0">
-      <fcts>
-        <fct od="2" bl="0" ad="0">SysAllocString</fct>
-        <fct od="4" bl="0" ad="0">SysAllocStringLen</fct>
-        <fct od="6" bl="0" ad="0">SysFreeString</fct>
-        <fct od="7" bl="0" ad="0">SysStringLen</fct>
-        <fct od="8" bl="0" ad="0">VariantInit</fct>
-        <fct od="9" bl="0" ad="0">VariantClear</fct>
-        <fct od="10" bl="0" ad="0">VariantCopy</fct>
-        <fct od="12" bl="0" ad="0">VariantChangeType</fct>
-        <fct od="16" bl="0" ad="0">SafeArrayDestroy</fct>
-        <fct od="19" bl="0" ad="0">SafeArrayGetUBound</fct>
-        <fct od="20" bl="0" ad="0">SafeArrayGetLBound</fct>
-        <fct od="23" bl="0" ad="0">SafeArrayAccessData</fct>
-        <fct od="24" bl="0" ad="0">SafeArrayUnaccessData</fct>
-        <fct od="25" bl="0" ad="0">SafeArrayGetElement</fct>
-        <fct od="114" bl="0" ad="0">VarBstrFromDate</fct>
-        <fct od="144" bl="0" ad="0">DllCanUnloadNow</fct>
-        <fct od="145" bl="0" ad="0">DllGetClassObject</fct>
-        <fct od="147" bl="0" ad="0">VariantChangeTypeEx</fct>
-        <fct od="150" bl="0" ad="0">SysAllocStringByteLen</fct>
-        <fct od="151" bl="1" ad="0">DllRegisterServer</fct>
-        <fct od="160" bl="1" ad="0">CreateTypeLib</fct>
-        <fct od="161" bl="1" ad="0">LoadTypeLib</fct>
-        <fct od="162" bl="1" ad="0">LoadRegTypeLib</fct>
-        <fct od="163" bl="1" ad="0">RegisterTypeLib</fct>
-        <fct od="183" bl="1" ad="0">LoadTypeLibEx</fct>
-        <fct od="184" bl="0" ad="0">SystemTimeToVariantTime</fct>
-        <fct od="185" bl="0" ad="0">VariantTimeToSystemTime</fct>
-        <fct od="186" bl="1" ad="0">UnRegisterTypeLib</fct>
-        <fct od="200" bl="0" ad="0">GetErrorInfo</fct>
-        <fct od="201" bl="0" ad="0">SetErrorInfo</fct>
-        <fct od="202" bl="0" ad="0">CreateErrorInfo</fct>
-        <fct od="290" bl="0" ad="0">VARIANT_UserFree</fct>
-        <fct od="291" bl="0" ad="0">LPSAFEARRAY_UserSize</fct>
-        <fct od="318" bl="0" ad="0">VarCat</fct>
-        <fct od="331" bl="0" ad="0">VarUdateFromDate</fct>
-        <fct od="411" bl="0" ad="0">SafeArrayCreateVector</fct>
-        <fct od="418" bl="0" ad="0">OleLoadPicture</fct>
-        <fct od="420" bl="0" ad="0">OleCreateFontIndirect</fct>
-      </fcts>
-    </lib>
-
-    <lib name="dnsapi.dll" bl="1" dp="0">
-      <fcts>
-        <fct bl="1" ad="0">DnsAcquireContextHandle</fct>
-        <fct bl="1" ad="0">DnsCancelQuery</fct>
-        <fct bl="1" ad="0">DnsExtractRecordsFromMessage</fct>
-        <fct bl="1" ad="0">DnsFree</fct>
-        <fct bl="1" ad="0">DnsFreeProxyName</fct>
-        <fct bl="1" ad="0">DnsGetProxyInformation</fct>
-        <fct bl="1" ad="0">DnsModifyRecordsInSet</fct>
-        <fct bl="1" ad="0">DnsNameCompare</fct>
-        <fct bl="1" ad="0">DnsQuery_</fct>
-        <fct bl="1" ad="0">DnsQueryConfig</fct>
-        <fct bl="1" ad="0">DnsQueryEx</fct>
-        <fct bl="1" ad="0">DnsRecordCompare</fct>
-        <fct bl="1" ad="0">DnsRecordCopyEx</fct>
-        <fct bl="1" ad="0">DnsRecordListFree</fct>
-        <fct bl="1" ad="0">DnsRecordSetCompare</fct>
-        <fct bl="1" ad="0">DnsRecordSetCopyEx</fct>
-        <fct bl="1" ad="0">DnsRecordSetDetach</fct>
-        <fct bl="1" ad="0">DnsReleaseContextHandle</fct>
-        <fct bl="1" ad="0">DnsReplaceRecordSet</fct>
-        <fct bl="1" ad="0">DnsValidateName</fct>
-        <fct bl="1" ad="0">DnsValidateServerStatus</fct>
-        <fct bl="1" ad="0">DnsWriteQuestionToBuffer</fct>
-      </fcts>
-    </lib>
-
-    <lib name="avicap32.dll" bl="0" dp="0">
-      <fcts>
-        <fct bl="1" ad="0">capControlCallback</fct>
-        <fct bl="1" ad="0">capCreateCaptureWindow</fct>
-        <fct bl="1" ad="0">capErrorCallback</fct>
-        <fct bl="1" ad="0">capGetDriverDescription</fct>
-        <fct bl="1" ad="0">capStatusCallback</fct>
-        <fct bl="1" ad="0">capVideoStreamCallback</fct>
-        <fct bl="1" ad="0">capWaveStreamCallback</fct>
-        <fct bl="1" ad="0">capYieldCallback</fct>
-      </fcts>
-    </lib>
-
-
-    <lib name="odbctrac.dll" bl="1" dp="0">
-      <fcts>
-        <fct bl="1" ad="0">TraceReturn</fct>
-        <fct bl="1" ad="0">TraceVersion</fct>
-        <fct bl="1" ad="0">TraceSQLConnect</fct>
-        <fct bl="1" ad="0">TraceSQLCancel</fct>
-      </fcts>
-    </lib>
-
-    <lib name="cabinet.dll" bl="1" dp="0">
-      <fcts>
-        <fct od="1">GetDllVersion</fct>
-        <fct od="2">DllGetVersion</fct>
-        <fct od="3">Extract</fct>
-        <fct od="4">DeleteExtractedFiles</fct>
-        <fct od="12" bl="1" ad="0">FCIFlushFolder</fct>
-        <fct od="13">FCIFlushCabinet</fct>
-        <fct od="14" bl="1" ad="0">FCIDestroy</fct>
-        <fct bl="1" ad="0">FCIFlushCabinet</fct>
-        <fct bl="1" ad="0">FCIAddFile</fct>
-        <fct bl="1" ad="0">FCICreate</fct>
-        <fct od="20" bl="1" ad="0">FDICreate</fct>
-        <fct od="21">FDIIsCabinet</fct>
-        <fct od="22" bl="1" ad="0">FDICopy</fct>
-        <fct od="23" bl="1" ad="0">FDIDestroy</fct>
-        <fct od="24">FDITruncateCabinet</fct>
-      </fcts>
-    </lib>
-
-    <lib name="rpcns4.dll" bl="1" dp="0" ro="0"></lib>
-
-    <lib name="force.exe" bl="1" dp="0" ro="0"></lib>
-
-    <lib name="Au3Zip.dll" bl="1" dp="0">
-      <fcts>
-        <fct bl="1" ad="0">AU3_GetPluginDetails</fct>
-        <fct bl="1" ad="0">WinDetectHiddenText</fct>
-        <fct bl="1" ad="0">WinSearchChildren</fct>
-        <fct bl="1" ad="0">WinTextMatchMode</fct>
-        <fct bl="1" ad="0">WinTitleMatchMode</fct>
-        <fct bl="1" ad="0">WinWaitDelay</fct>
-        <fct bl="1" ad="0">FileRecycle</fct>
-        <fct bl="1" ad="0">GUICtrlSendMsg</fct>
-        <fct bl="1" ad="0">GUICtrlSendToDummy</fct>
-        <fct bl="1" ad="0">GUICtrlSetBkColor</fct>
-        <fct bl="1" ad="0">GUICtrlSetColor</fct>
-        <fct bl="1" ad="0">GUICtrlSetCursor</fct>
-        <fct bl="1" ad="0">GUICtrlSetData</fct>
-        <fct bl="1" ad="0">Send</fct>
-        <fct bl="1" ad="0">SendKeyDelay</fct>
-        <fct bl="1" ad="0">SendKeyDownDelay</fct>
-        <fct bl="1" ad="0">SendKeepActive</fct>
-        <fct bl="1" ad="0">SendCommandID</fct>
-        <fct bl="1" ad="0">SendAttachMode</fct>
-        <fct bl="1" ad="0">SendCapslockMode</fct>
-        <fct bl="1" ad="0">ControlSend</fct>
-        <fct bl="1" ad="0">UDPSend</fct>
-        <fct bl="1" ad="0">_FTP_Command</fct>
-        <fct bl="1" ad="0">_INetSmtpMail</fct>
-        <fct bl="1" ad="0">_viExecCommand</fct>
-        <fct bl="1" ad="0">_WinAPI_BroadcastSystemMessage</fct>
-        <fct bl="1" ad="0">_WinAPI_SendMessageTimeout</fct>
-      </fcts>
-    </lib>
-
-    <lib name="" bl="1" dp="0">
-      <fcts>
-        <fct bl="1" >SEAddMemoryGuard</fct>
-        <fct bl="1" >SECheckCountryID</fct>
-        <fct bl="1" >SECheckExecTime</fct>
-        <fct bl="1" >SECheckExpDate</fct>
-        <fct bl="1" >SECheckHardwareID</fct>
-        <fct bl="1" >SECheckLicenseFile</fct>
-        <fct bl="1" >SECheckLicenseFileEx</fct>
-        <fct bl="1" >SECheckNumDays</fct>
-        <fct bl="1" >SECheckNumExec</fct>
-        <fct bl="1" >SECheckProtection</fct>
-        <fct bl="1" >SECheckTotalExecTime</fct>
-        <fct bl="1" >SEDecodeString</fct>
-        <fct bl="1" >SEDelMemoryGuard</fct>
-        <fct bl="1" >SEFreeString</fct>
-        <fct bl="1" >SEGetAppStatus</fct>
-        <fct bl="1" >SEGetExecTimeLeft</fct>
-        <fct bl="1" >SEGetExecTimeUsed</fct>
-        <fct bl="1" >SEGetHardwareID</fct>
-        <fct bl="1" >SEGetLicenseHash</fct>
-        <fct bl="1" >SEGetLicenseTrialInfo</fct>
-        <fct bl="1" >SEGetLicenseUserInfo</fct>
-        <fct bl="1" >SEGetNumDaysLeft</fct>
-        <fct bl="1" >SEGetNumDaysUsed</fct>
-        <fct bl="1" >SEGetNumExecLeft</fct>
-        <fct bl="1" >SEGetNumExecUsed</fct>
-        <fct bl="1" >SEGetProtectionDate</fct>
-        <fct bl="1" >SEGetTotalExecTimeLeft</fct>
-        <fct bl="1" >SEGetTotalExecTimeUsed</fct>
-        <fct bl="1" >SENotifyLicenseBanned</fct>
-        <fct bl="1" >SEProtectEnd</fct>
-        <fct bl="1" >SEProtectStart</fct>
-        <fct bl="1" >SEProtectStartMutation</fct>
-        <fct bl="1" >SEProtectStartUltra</fct>
-        <fct bl="1" >SEProtectStartVirtualization</fct>
-        <fct bl="1" >SEResetTrial</fct>
-        <fct bl="1" >SESetAppStatus</fct>
-        <fct bl="1" >SESetExecTime</fct>
-        <fct bl="1" >SESetNumExecUsed</fct>
-        <fct bl="1" >SESetTotalExecTime</fct>
-        <fct bl="1" >SEUnProtectEnd</fct>
-        <fct bl="1" >SEUnProtectStart</fct>
-      </fcts>
-    </lib>
-
-    <lib name="mfc42.dll" bl="0" dp="0" ro="1">
-      <fcts>
-        <fct od="275" bl="0">CArchiveStream</fct>
-        <fct od="276" bl="0">CAsyncMonikerFile</fct>
-        <fct od="278" bl="0">CAsyncSocket</fct>
-        <fct od="296" bl="0">CCommandLineInfo</fct>
-        <fct od="302" bl="0">CCriticalSection</fct>
-        <fct od="317" bl="0">CDatabase</fct>
-        <fct od="321" bl="0">CDBException</fct>
-        <fct od="322" bl="0">CDBVariant</fct>
-        <fct od="333" bl="0">CDockState</fct>
-        <fct od="334" bl="0">CDocManager</fct>
-        <fct od="335" bl="0">CDocObjectServer</fct>
-        <fct od="336" bl="0">CDocObjectServerItem</fct>
-        <fct od="347" bl="0">CEnumFormatEtc</fct>
-        <fct od="348" bl="0">CEvent:SECURITY_ATTRIBUTES</fct>
-        <fct od="349" bl="0">CException</fct>
-        <fct od="350" bl="0">CException</fct>
-        <fct od="352" bl="0">CFile</fct>
-        <fct od="353" bl="0">CFile</fct>
-        <fct od="354" bl="0">CFile</fct>
-        <fct od="690" bl="0">CInternetSession</fct>
-        <fct od="689" bl="0">CInternetFile</fct>
-        <fct od="688" bl="0">CInternetException</fct>
-        <fct od="687" bl="0">CInternetConnection</fct>
-        <fct od="975" bl="0">CFrameWnd::ActivateFrame</fct>
-        <fct od="976" bl="0">CMDIChildWnd::ActivateFrame</fct>
-        <fct od="1089" bl="0">CWinApp::AddToRecentFileList</fct>
-        <fct od="1134" bl="0">AfxEnableControlContainer</fct>
-        <fct od="1131" bl="0">AfxDllCanUnloadNow</fct>
-        <fct od="1165" bl="0">AfxGetInProcServer</fct>
-        <fct od="1168" bl="0">AfxGetModuleState</fct>
-        <fct od="1269" bl="0">AfxThrowOleException</fct>
-        <fct od="1641" bl="0">CGdiObject::Attach</fct>
-        <fct od="1768" bl="0">CWnd::CenterWindow</fct>
-        <fct od="1971" bl="0">CAsyncSocket::Close</fct>
-        <fct od="3341" bl="0">CDaoWorkspace::GetLoginTimeout</fct>
-        <fct od="2135" bl="1">CFile::CreateControl</fct>
-        <fct od="2140" bl="0">COleException::CreateDispatch</fct>
-        <fct od="2393" bl="1">CException::Delete</fct>
-        <fct od="2396" bl="0">CWinThread::Delete</fct>
-        <fct od="2399" bl="0">CDocument::DeleteContents</fct>
-        <fct od="2446" bl="0">CWnd::DestroyWindow</fct>
-        <fct od="2506" bl="0">COleFrameHook::DoEnableModeless</fct>
-        <fct od="2510" bl="0">CDocument::DoFileSave</fct>
-        <fct od="2542" bl="0">CDocument::DoSave</fct>
-        <fct od="2621" bl="0">CWinApp::Enable3dControls</fct>
-        <fct od="2613" bl="0">COleDataSource</fct>
-        <fct od="2717" bl="1">CDaoQueryDef::Execute</fct>
-        <fct od="2725" bl="0">CWinApp::ExitInstance</fct>
-        <fct od="2879" bl="0">CFrameWnd::GetActiveFrame</fct>
-        <fct od="2971" bl="0">GetClipBox</fct>
-        <fct od="2977" bl="1">CDaoDatabase::GetConnect</fct>
-        <fct od="2878" bl="0">CFrameWnd::GetActiveDocument</fct>
-        <fct od="2980" bl="1">CDatabase::GetConnectInfo</fct>
-        <fct od="2982" bl="0">ConnectionPoint::GetConnectionHook</fct>
-        <fct od="3054" bl="0">COleDateTime::GetDay</fct>
-        <fct od="3131" bl="0">CSimpleException::GetErrorMessage</fct>
-        <fct od="3142" bl="0">CDocObjectServer::GetExtent</fct>
-        <fct od="3147" bl="0">CCmdTarget::GetExtraConnectionPoints</fct>
-        <fct od="3172" bl="0">GetFile::CFileException</fct>
-        <fct od="3254" bl="0">COleIPFrameWnd::GetInPlaceMenu</fct>
-        <fct od="3313" bl="1">CGopherFileFind::GetLastWriteTime</fct>
-        <fct od="3351" bl="0">CMDIChildWnd::GetMessageBar</fct>
-        <fct od="3403" bl="0">CFrameWnd::GetMessageString</fct>
-        <fct od="3820" bl="0">CPictureHolder::GetType</fct>
-        <fct od="3826" bl="0">COleDispatchImpl::GetTypeInfoCount</fct>
-        <fct od="4073" bl="0">CDaoRecordset::IsFieldStatusNullable</fct>
-        <fct od="4074" bl="0">CDaoRecordset::IsFieldStatusNullableKnown</fct>
-        <fct od="4077" bl="0">CFrameWnd::IsFrameWnd</fct>
-        <fct od="4152" bl="0">CMDIChildWnd::LoadFrame</fct>
-        <fct od="4303" bl="0">CFrameWnd::NegotiateBorderSpace</fct>
-        <fct od="4459" bl="1">COleControl::OnCreate</fct>
-        <fct od="4616" bl="0">CDocument::OnFileSave</fct>
-        <fct od="4621" bl="0">COleServerDoc::OnFileUpdate</fct>
-        <fct od="4831" bl="0">CEnumUnknown::OnNext</fct>
-        <fct od="4847" bl="0">COleControl::OnOcmCtlColorEdit</fct>
-        <fct od="4467" bl="0">CFrameWnd::OnCreateClient</fct>
-        <fct od="4992" bl="0">COleControl::OnSetExtent</fct>
-        <fct od="5012" bl="0">CFrameWnd::OnSetPreviewMode</fct>
-        <fct od="5180" bl="0">CDaoWorkspace::Open</fct>
-        <fct od="5273" bl="0">CDataExchange::PrepareOleCtrl</fct>
-        <fct od="5298" bl="1">CSocket::ProcessAuxQueue</fct>
-        <fct od="5303" bl="1">CWinThread::ProcessWndProcException</fct>
-        <fct od="5472" bl="0">CFrameWnd::RecalcLayout</fct>
-        <fct od="6055" bl="0">CWnd::SetOccDialogInfo</fct>
-        <fct od="6211" bl="0">COleControlSite::ShowObject</fct>
-        <fct od="6370" bl="0">COleControl::WindowProc</fct>
-        <fct od="6371" bl="0">COlePropertyPage::WindowProc</fct>
-        <fct od="6372" bl="0">CParkingWnd::WindowProc</fct>
-      </fcts>
-    </lib>
-
-    <lib name="mfc42u.dll" bl="0" dp="0" ro="1">
-      <fcts>
-        <fct od="275" bl="0">CArchiveStream</fct>
-        <fct od="276" bl="0">CAsyncMonikerFile</fct>
-        <fct od="278" bl="0">CAsyncSocket</fct>
-        <fct od="296" bl="0">CCommandLineInfo</fct>
-        <fct od="302" bl="0">CCriticalSection</fct>
-        <fct od="317" bl="0">CDatabase</fct>
-        <fct od="321" bl="0">CDBException</fct>
-        <fct od="322" bl="0">CDBVariant</fct>
-        <fct od="333" bl="0">CDockState</fct>
-        <fct od="334" bl="0">CDocManager</fct>
-        <fct od="335" bl="0">CDocObjectServer</fct>
-        <fct od="336" bl="0">CDocObjectServerItem</fct>
-        <fct od="347" bl="0">CEnumFormatEtc</fct>
-        <fct od="348" bl="0">CEvent:SECURITY_ATTRIBUTES</fct>
-        <fct od="349" bl="0">CException</fct>
-        <fct od="350" bl="0">CException</fct>
-        <fct od="352" bl="0">CFile</fct>
-        <fct od="353" bl="0">CFile</fct>
-        <fct od="354" bl="0">CFile</fct>
-        <fct od="690" bl="0">CInternetSession</fct>
-        <fct od="689" bl="0">CInternetFile</fct>
-        <fct od="688" bl="0">CInternetException</fct>
-        <fct od="687" bl="0">CInternetConnection</fct>
-        <fct od="975" bl="0">CFrameWnd::ActivateFrame</fct>
-        <fct od="976" bl="0">CMDIChildWnd::ActivateFrame</fct>
-        <fct od="1089" bl="0">CWinApp::AddToRecentFileList</fct>
-        <fct od="1134" bl="0">AfxEnableControlContainer</fct>
-        <fct od="1131" bl="0">AfxDllCanUnloadNow</fct>
-        <fct od="1165" bl="0">AfxGetInProcServer</fct>
-        <fct od="1168" bl="0">AfxGetModuleState</fct>
-        <fct od="1269" bl="0">AfxThrowOleException</fct>
-        <fct od="1641" bl="0">CGdiObject::Attach</fct>
-        <fct od="1768" bl="0">CWnd::CenterWindow</fct>
-        <fct od="1971" bl="0">CAsyncSocket::Close</fct>
-        <fct od="3341" bl="0">CDaoWorkspace::GetLoginTimeout</fct>
-        <fct od="2135" bl="1">CFile::CreateControl</fct>
-        <fct od="2140" bl="0">COleException::CreateDispatch</fct>
-        <fct od="2393" bl="1">CException::Delete</fct>
-        <fct od="2396" bl="0">CWinThread::Delete</fct>
-        <fct od="2399" bl="0">CDocument::DeleteContents</fct>
-        <fct od="2446" bl="0">CWnd::DestroyWindow</fct>
-        <fct od="2506" bl="0">COleFrameHook::DoEnableModeless</fct>
-        <fct od="2510" bl="0">CDocument::DoFileSave</fct>
-        <fct od="2542" bl="0">CDocument::DoSave</fct>
-        <fct od="2621" bl="0">CWinApp::Enable3dControls</fct>
-        <fct od="2613" bl="0">COleDataSource</fct>
-        <fct od="2717" bl="1">CDaoQueryDef::Execute</fct>
-        <fct od="2725" bl="0">CWinApp::ExitInstance</fct>
-        <fct od="2879" bl="0">CFrameWnd::GetActiveFrame</fct>
-        <fct od="2971" bl="0">GetClipBox</fct>
-        <fct od="2977" bl="1">CDaoDatabase::GetConnect</fct>
-        <fct od="2878" bl="0">CFrameWnd::GetActiveDocument</fct>
-        <fct od="2980" bl="1">CDatabase::GetConnectInfo</fct>
-        <fct od="2982" bl="0">ConnectionPoint::GetConnectionHook</fct>
-        <fct od="3054" bl="0">COleDateTime::GetDay</fct>
-        <fct od="3131" bl="0">CSimpleException::GetErrorMessage</fct>
-        <fct od="3142" bl="0">CDocObjectServer::GetExtent</fct>
-        <fct od="3147" bl="0">CCmdTarget::GetExtraConnectionPoints</fct>
-        <fct od="3172" bl="0">GetFile::CFileException</fct>
-        <fct od="3254" bl="0">COleIPFrameWnd::GetInPlaceMenu</fct>
-        <fct od="3313" bl="1">CGopherFileFind::GetLastWriteTime</fct>
-        <fct od="3351" bl="0">CMDIChildWnd::GetMessageBar</fct>
-        <fct od="3403" bl="0">CFrameWnd::GetMessageString</fct>
-        <fct od="3820" bl="0">CPictureHolder::GetType</fct>
-        <fct od="3826" bl="0">COleDispatchImpl::GetTypeInfoCount</fct>
-        <fct od="4073" bl="0">CDaoRecordset::IsFieldStatusNullable</fct>
-        <fct od="4074" bl="0">CDaoRecordset::IsFieldStatusNullableKnown</fct>
-        <fct od="4077" bl="0">CFrameWnd::IsFrameWnd</fct>
-        <fct od="4152" bl="0">CMDIChildWnd::LoadFrame</fct>
-        <fct od="4303" bl="0">CFrameWnd::NegotiateBorderSpace</fct>
-        <fct od="4459" bl="1">COleControl::OnCreate</fct>
-        <fct od="4616" bl="0">CDocument::OnFileSave</fct>
-        <fct od="4621" bl="0">COleServerDoc::OnFileUpdate</fct>
-        <fct od="4831" bl="0">CEnumUnknown::OnNext</fct>
-        <fct od="4847" bl="0">COleControl::OnOcmCtlColorEdit</fct>
-        <fct od="4467" bl="0">CFrameWnd::OnCreateClient</fct>
-        <fct od="4992" bl="0">COleControl::OnSetExtent</fct>
-        <fct od="5012" bl="0">CFrameWnd::OnSetPreviewMode</fct>
-        <fct od="5180" bl="0">CDaoWorkspace::Open</fct>
-        <fct od="5273" bl="0">CDataExchange::PrepareOleCtrl</fct>
-        <fct od="5298" bl="1">CSocket::ProcessAuxQueue</fct>
-        <fct od="5303" bl="1">CWinThread::ProcessWndProcException</fct>
-        <fct od="5472" bl="0">CFrameWnd::RecalcLayout</fct>
-        <fct od="6055" bl="0">CWnd::SetOccDialogInfo</fct>
-        <fct od="6211" bl="0">COleControlSite::ShowObject</fct>
-        <fct od="6370" bl="0">COleControl::WindowProc</fct>
-        <fct od="6371" bl="0">COlePropertyPage::WindowProc</fct>
-        <fct od="6372" bl="0">CParkingWnd::WindowProc</fct>
-      </fcts>
-    </lib>
-
-  </libs>
-</xml>
diff --git a/assemblyline_v4_service/common/pestudio/xml/languages.xml b/assemblyline_v4_service/common/pestudio/xml/languages.xml
deleted file mode 100644
index e067243f..00000000
--- a/assemblyline_v4_service/common/pestudio/xml/languages.xml
+++ /dev/null
@@ -1,375 +0,0 @@
-<!--
-languages.xml is part of the pestudio (www.winitor.com)
-It contains the languages that will be detected as blackListed by pestudio. 
--->
-<xml version="1.0" encoding="utf-8">
-
-  <!-- 
-  You can edit this part using the id according to your needs
-  Please use following URL as Reference for the appropriate ids
-  http://msdn.microsoft.com/en-us/library/dd318693(v=vs.85).aspx 
-  -->
-  <languages>
-    <language id="0x0C00" bl="0">neutral</language>
-    <language id="0x1400" bl="0">neutral</language>
-    <language id="0x007F" bl="0">neutral</language>
-    <language id="0x0000" bl="0">neutral</language>
-    <language id="0x0800" bl="0">neutral</language>
-    <language id="0x1000" bl="0">neutral</language>
-    <language id="0x080c" bl="1">French Belgium</language>
-    <language id="0x0C0C" bl="1">French Canada</language>
-    <language id="0x040c" bl="0">French France</language>
-    <language id="0x140C" bl="0">French Luxembourg</language>
-    <language id="0x180C" bl="0">French Monaco</language>
-    <language id="0x100C" bl="0">French Switzerland</language>
-    <language id="0x2801" bl="1">Syria</language>
-    <language id="0x0401" bl="1">Saudi Arabia</language>
-    <language id="0x0436" bl="0">Afrikaans</language>
-    <language id="0x041C" bl="1">Albanian</language>
-    <language id="0x0484" bl="0">Alsatian</language>
-    <language id="0x045E" bl="0">Amharic</language>
-    <language id="0x1401" bl="0">Arabic</language>
-    <language id="0x3C01" bl="0">Arabic Bahrain</language>
-    <language id="0x0C01" bl="0">Arabic Egypt</language>
-    <language id="0x0801" bl="0">Arabic Iraq</language>
-    <language id="0x2C01" bl="0">Arabic Jordan</language>
-    <language id="0x3401" bl="0">Arabic Kuwait</language>
-    <language id="0x3001" bl="0">Arabic Lebanon</language>
-    <language id="0x1001" bl="0">Arabic Libya</language>
-    <language id="0x1801" bl="0">Arabic Morocco</language>
-    <language id="0x2001" bl="0">Arabic Oman</language>
-    <language id="0x4001" bl="0">Arabic Qatar</language>
-    <language id="0x0401" bl="0">Arabic Saudi</language>
-    <language id="0x2801" bl="0">Arabic Syria</language>
-    <language id="0x1C01" bl="0">Arabic Tunisia</language>
-    <language id="0x3801" bl="0">Arabic U.A.E</language>
-    <language id="0x042B" bl="0">Armenian</language>
-    <language id="0x044D" bl="0">Assamese</language>
-    <language id="0x082C" bl="0">Azeri</language>
-    <language id="0x0445" bl="0">Bangla</language>
-    <language id="0x046D" bl="0">Bashkir</language>
-    <language id="0x042D" bl="0">Basque</language>
-    <language id="0x0423" bl="0">Belarusian</language>
-    <language id="0x781A" bl="1">Bosnian</language>
-    <language id="0x201A" bl="1">Bosnian</language>
-    <language id="0x047E" bl="1">Breton</language>
-    <language id="0x0402" bl="0">Bulgarian</language>
-    <language id="0x0492" bl="0">Central Kurdish</language>
-    <language id="0x045C" bl="0">Cherokee</language>
-    <language id="0x0403" bl="0">Catalan</language>
-    <language id="0x0C04" bl="1">Chinese Hong Kong</language>
-    <language id="0x1404" bl="1">Chinese Macao SAR</language>
-    <language id="0x1004" bl="1">Chinese Singapore</language>
-    <language id="0x0804" bl="1">Chinese Simplified</language>
-    <language id="0x0404" bl="1">Chinese Traditional</language>
-    <language id="0x0483" bl="0">Corsican</language>
-    <language id="0x001A" bl="0">Croatian neutral</language>
-    <language id="0x101A" bl="0">Croatian Bosnia Herzegovina</language>
-    <language id="0x041A" bl="0">Croatian Croatia</language>
-    <language id="0x0405" bl="1">Czech</language>
-    <language id="0x0406" bl="0">Danish Denmark</language>
-    <language id="0x048C" bl="1">Dari</language>
-    <language id="0x0465" bl="1">Divehi Maldives </language>
-    <language id="0x0813" bl="0">Belgium Dutch</language>
-    <language id="0x0413" bl="0">netherlands</language>
-    <language id="0x0409" bl="0">English United States</language>
-    <language id="0x0C09" bl="0">English Australia</language>
-    <language id="0x2809" bl="0">English Belize</language>
-    <language id="0x1009" bl="0">English Canada</language>
-    <language id="0x2409" bl="0">English Caribbean</language>
-    <language id="0x4009" bl="0">English India</language>
-    <language id="0x1809" bl="0">English Ireland</language>
-    <language id="0x1809" bl="0">English Ireland</language>
-    <language id="0x2009" bl="0">English Jamaica</language>
-    <language id="0x4409" bl="0">English Malaysia</language>
-    <language id="0x1409" bl="0">English new Zealand</language>
-    <language id="0x3409" bl="0">English Philippines</language>
-    <language id="0x4809" bl="0">English Singapore</language>
-    <language id="0x1c09" bl="0">English South Africa</language>
-    <language id="0x2C09" bl="0">English Trinidad and Tobago</language>
-    <language id="0x0809" bl="0">English United Kingdom</language>
-    <language id="0x3009" bl="0">English Zimbabwe</language>
-    <language id="0x0425" bl="0">Estonian</language>
-    <language id="0x0438" bl="0">Faroese</language>
-    <language id="0x0464" bl="0">Filipino</language>
-    <language id="0x040B" bl="0">Finnish</language>
-    <language id="0x0462" bl="0">Frisian</language>
-    <language id="0x0456" bl="0">Galician</language>
-    <language id="0x0437" bl="0">Georgian</language>
-    <language id="0x0400" bl="0">neutral</language>
-    <language id="0x0407" bl="0">German</language>
-    <language id="0x0C07" bl="0">German Austria</language>
-    <language id="0x1407" bl="0">German Lichtenstein</language>
-    <language id="0x1007" bl="0">German Luxembourg</language>
-    <language id="0x0807" bl="0">German Switzerland</language>
-    <language id="0x0408" bl="0">Greek</language>
-    <language id="0x046F" bl="0">Greenlandic</language>
-    <language id="0x0447" bl="0">Gujarati</language>
-    <language id="0x0468" bl="0">Hausa</language>
-    <language id="0x0475" bl="1">Hawiian</language>
-    <language id="0x040D" bl="0">Hebrew</language>
-    <language id="0x0439" bl="0">Hindi</language>
-    <language id="0x040E" bl="0">Hungarian</language>
-    <language id="0x040F" bl="0">Icelandic</language>
-    <language id="0x0470" bl="0">Igb</language>
-    <language id="0x0421" bl="0">Indonesian</language>
-    <language id="0x085D" bl="0">Inuktitut</language>
-    <language id="0x083C" bl="0">Irish</language>
-    <language id="0x0434" bl="0">isiXhosa</language>
-    <language id="0x0435" bl="0">isiZulu</language>
-    <language id="0x0410" bl="0">Italian</language>
-    <language id="0x0411" bl="0">Japanese</language>
-    <language id="0x044B" bl="0">Kannada</language>
-    <language id="0x043F" bl="0">Kazakh</language>
-    <language id="0x0453" bl="0">Khmer</language>
-    <language id="0x0486" bl="0">Kiche</language>
-    <language id="0x0487" bl="0">Kinyarwanda</language>
-    <language id="0x0457" bl="0">Konkani</language>
-    <language id="0x0412" bl="1">Korean</language>
-    <language id="0x0440" bl="0">Kyrgyz</language>
-    <language id="0x0454" bl="0">Lao</language>
-    <language id="0x0426" bl="0">Latvian</language>
-    <language id="0x0427" bl="0">Lithuanian</language>
-    <language id="0x082E" bl="0">Lower Sorbian</language>
-    <language id="0x046E" bl="0">Luxembourgish</language>
-    <language id="0x042F" bl="0">Macedonian</language>
-    <language id="0x083E" bl="0">Malay</language>
-    <language id="0x044C" bl="0">Malayalam</language>
-    <language id="0x043A" bl="0">Maltese</language>
-    <language id="0x0481" bl="1">Maori</language>
-    <language id="0x047A" bl="0">Mapudungun</language>
-    <language id="0x044E" bl="0">Marathi</language>
-    <language id="0x047C" bl="0">Mohawk</language>
-    <language id="0x0450" bl="0">Mongolian</language>
-    <language id="0x0461" bl="0">nepali</language>
-    <language id="0x0414" bl="0">norwegian</language>
-    <language id="0x0482" bl="0">Occitan</language>
-    <language id="0x0448" bl="0">Oriya</language>
-    <language id="0x0463" bl="0">Pashto</language>
-    <language id="0x0429" bl="0">Persian</language>
-    <language id="0x0415" bl="0">Polish</language>
-    <language id="0x0416" bl="0">Portuguese</language>
-    <language id="0x0867" bl="0">Pular</language>
-    <language id="0x0446" bl="0">Punjabi</language>
-    <language id="0x046B" bl="0">Quechua</language>
-    <language id="0x0418" bl="1">Romanian</language>
-    <language id="0x0417" bl="0">Romansh</language>
-    <language id="0x0419" bl="1">Russian</language>
-    <language id="0x0485" bl="0">Sakha</language>
-    <language id="0x243B" bl="0">Sami</language>
-    <language id="0x103B" bl="0">Sami</language>
-    <language id="0x0C3B" bl="0">Sami</language>
-    <language id="0x203B" bl="0">Sami</language>
-    <language id="0x183B" bl="0">Sami</language>
-    <language id="0x044F" bl="0">Sanskrit</language>
-    <language id="0x7C1A" bl="0">Serbian</language>
-    <language id="0x046C" bl="0">Sesotho sa Leboa</language>
-    <language id="0x0832" bl="0">Setswana Tswana</language>
-    <language id="0x0859" bl="0">Sindhi</language>
-    <language id="0x045B" bl="0">Sinhala</language>
-    <language id="0x041B" bl="1">Slovak</language>
-    <language id="0x0424" bl="1">Slovenian</language>
-    <language id="0x2C0A" bl="0">Spanish</language>
-    <language id="0x400A" bl="0">Spanish Bolivia</language>
-    <language id="0x340A" bl="0">Spanish Chile</language>
-    <language id="0x240A" bl="0">Spanish Colombia</language>
-    <language id="0x140A" bl="0">Spanish Costa Rica</language>
-    <language id="0x1C0A" bl="0">Spanish Dominican Republic</language>
-    <language id="0x300A" bl="0">Spanish Ecuador</language>
-    <language id="0x440A" bl="0">Spanish El Salvador</language>
-    <language id="0x100A" bl="0">Spanish Guatemala</language>
-    <language id="0x480A" bl="0">Spanish Honduras</language>
-    <language id="0x080A" bl="0">Spanish Mexico</language>
-    <language id="0x4C0A" bl="0">Spanish nicaragua</language>
-    <language id="0x180A" bl="0">Spanish Panama</language>
-    <language id="0x3C0A" bl="0">Spanish Paraguay</language>
-    <language id="0x280A" bl="0">Spanish Peru</language>
-    <language id="0x500A" bl="0">Spanish Puerto Rico</language>
-    <language id="0x0C0A" bl="0">Spanish Spain</language>
-    <language id="0x040A" bl="0">Spanish Spain Traditional</language>
-    <language id="0x540A" bl="0">Spanish United States</language>
-    <language id="0x380A" bl="0">Spanish Uruguay</language>
-    <language id="0x200A" bl="0">Spanish Venezuela</language>
-    <language id="0x0441" bl="0">Swahili</language>
-    <language id="0x081D" bl="0">Swedish</language>
-    <language id="0x041D" bl="0">Swedish</language>
-    <language id="0x045A" bl="0">Syria</language>
-    <language id="0x0428" bl="0">Tajik</language>
-    <language id="0x085F" bl="0">Tamazight</language>
-    <language id="0x0449" bl="0">Tamil</language>
-    <language id="0x0444" bl="0">Tatar</language>
-    <language id="0x044A" bl="1">Telugu</language>
-    <language id="0x041E" bl="0">Thai</language>
-    <language id="0x0451" bl="0">Tibetan</language>
-    <language id="0x0873" bl="0">Tigrinya</language>
-    <language id="0x041F" bl="0">Turkish</language>
-    <language id="0x0442" bl="0">Turkmen</language>
-    <language id="0x0422" bl="0">Ukrainian</language>
-    <language id="0x042E" bl="0">Upper Sorbian</language>
-    <language id="0x0820" bl="0">Urdu</language>
-    <language id="0x0480" bl="0">Uyghur</language>
-    <language id="0x0843" bl="0">Uzbek</language>
-    <language id="0x0803" bl="0">Valencian</language>
-    <language id="0x042A" bl="0">Vietnamese</language>
-    <language id="0x0452" bl="0">Welsh</language>
-    <language id="0x0488" bl="0">Wolof</language>
-    <language id="0x0478" bl="0">Yi</language>
-    <language id="0x046A" bl="0">Yoruba</language>
-  </languages>
-
-  <codepages>
-    <codepage id="037">IBM EBCDIC US-Canada</codepage>
-    <codepage id="437">OEM United States</codepage>
-    <codepage id="500">IBM EBCDIC International</codepage>
-    <codepage id="708">Arabic</codepage>
-    <codepage id="709">Arabic</codepage>
-    <codepage id="710">Arabic</codepage>
-    <codepage id="720">Arabic</codepage>
-    <codepage id="737">OEM Greek)</codepage>
-    <codepage id="775">OEM Baltic</codepage>
-    <codepage id="850">OEM Multilingual Latin 1</codepage>
-    <codepage id="852">OEM Latin 2</codepage>
-    <codepage id="855">OEM Cyrillic (primarily Russian)</codepage>
-    <codepage id="857">OEM Turkish</codepage>
-    <codepage id="858">OEM Multilingual Latin 1 + Euro symbol</codepage>
-    <codepage id="860">OEM Portuguese</codepage>
-    <codepage id="861">OEM Icelandic</codepage>
-    <codepage id="862">OEM Hebrew</codepage>
-    <codepage id="863">OEM French Canadian</codepage>
-    <codepage id="864">OEM Arabic</codepage>
-    <codepage id="865">OEM nordic</codepage>
-    <codepage id="866">OEM Russian</codepage>
-    <codepage id="869">OEM Modern Greek</codepage>
-    <codepage id="870">IBM EBCDIC Multilingual</codepage>
-    <codepage id="874">ANSI/OEM Thai</codepage>
-    <codepage id="875">EBCDIC Greek Modern</codepage>
-    <codepage id="932">ANSI/OEM Japanese</codepage>
-    <codepage id="936">ANSI/OEM Simplified Chinese</codepage>
-    <codepage id="949">ANSI/OEM Korean</codepage>
-    <codepage id="950">ANSI/OEM Traditional Chinese</codepage>
-    <codepage id="1026">IBM EBCDIC Turkish (Latin 5)</codepage>
-    <codepage id="1047">IBM EBCDIC Latin 1/Open System</codepage>
-    <codepage id="1140">IBM EBCDIC US-Canada</codepage>
-    <codepage id="1141">IBM EBCDIC Germany</codepage>
-    <codepage id="1142">IBM EBCDIC Denmark-Norway</codepage>
-    <codepage id="1143">IBM EBCDIC Finland-Sweden</codepage>
-    <codepage id="1144">IBM EBCDIC Italy</codepage>
-    <codepage id="1145">IBM EBCDIC Latin America-Spain</codepage>
-    <codepage id="1146">IBM EBCDIC United Kingdom</codepage>
-    <codepage id="1147">IBM EBCDIC France</codepage>
-    <codepage id="1148">IBM EBCDIC International</codepage>
-    <codepage id="1149">IBM EBCDIC Icelandic</codepage>
-    <codepage id="1200">Unicode UTF-16, little endian</codepage>
-    <codepage id="1201">Unicode UTF-16, big endian</codepage>
-    <codepage id="1250">ANSI Central European</codepage>
-    <codepage id="1251">ANSI Cyrillic</codepage>
-    <codepage id="1252">ANSI Latin 1</codepage>
-    <codepage id="1253">ANSI Greek</codepage>
-    <codepage id="1254">ANSI Turkish</codepage>
-    <codepage id="1255">ANSI Hebrew</codepage>
-    <codepage id="1256">ANSI Arabic</codepage>
-    <codepage id="1257">ANSI Baltic</codepage>
-    <codepage id="1258">ANSI/OEM Vietnamese</codepage>
-    <codepage id="1361">Korean (Johab)</codepage>
-    <codepage id="10000">MAC Roman</codepage>
-    <codepage id="10001">Japanese (Mac)</codepage>
-    <codepage id="10002">MAC Traditional Chinese (Big5)</codepage>
-    <codepage id="10003">Korean</codepage>
-    <codepage id="10004">Arabic</codepage>
-    <codepage id="10005">Hebrew</codepage>
-    <codepage id="10006">Greek</codepage>
-    <codepage id="10007">Cyrillic</codepage>
-    <codepage id="10008">MAC Simplified Chinese</codepage>
-    <codepage id="10010">Romanian</codepage>
-    <codepage id="10017">Ukrainian</codepage>
-    <codepage id="10021">Thai</codepage>
-    <codepage id="10029">MAC Latin 2</codepage>
-    <codepage id="10079">Icelandic</codepage>
-    <codepage id="10081">Turkish</codepage>
-    <codepage id="10082">Croatian</codepage>
-    <codepage id="12000">UTF-32, little endian</codepage>
-    <codepage id="12001">Unicode UTF-32, big endian</codepage>
-    <codepage id="20000">CNS Taiwan</codepage>
-    <codepage id="20001">TCA Taiwan</codepage>
-    <codepage id="20002">Eten Taiwan</codepage>
-    <codepage id="20003">IBM5550 Taiwan</codepage>
-    <codepage id="20004">TeleText Taiwan</codepage>
-    <codepage id="20005">Wang Taiwan</codepage>
-    <codepage id="20105">IRV International Alphabet</codepage>
-    <codepage id="20106">IA5 German</codepage>
-    <codepage id="20107">IA5 Swedish</codepage>
-    <codepage id="20108">IA5 norwegian</codepage>
-    <codepage id="20127">US-ASCII</codepage>
-    <codepage id="20261">T.61</codepage>
-    <codepage id="20269">ISO 6937 non-Spacing Accent</codepage>
-    <codepage id="20273">IBM EBCDIC Germany</codepage>
-    <codepage id="20277">IBM EBCDIC Denmark-norway</codepage>
-    <codepage id="20278">IBM EBCDIC Finland-Sweden</codepage>
-    <codepage id="20280">IBM EBCDIC Italy</codepage>
-    <codepage id="20284">IBM EBCDIC Latin America-Spain</codepage>
-    <codepage id="20285">IBM EBCDIC United Kingdom</codepage>
-    <codepage id="20290">IBM EBCDIC Japanese Katakana Extended</codepage>
-    <codepage id="20297">IBM EBCDIC France</codepage>
-    <codepage id="20420">IBM EBCDIC Arabic</codepage>
-    <codepage id="20423">IBM EBCDIC Greek</codepage>
-    <codepage id="20424">IBM EBCDIC Hebrew</codepage>
-    <codepage id="20833">IBM EBCDIC Korean Extended</codepage>
-    <codepage id="20838">IBM EBCDIC Thai</codepage>
-    <codepage id="20866">Russian</codepage>
-    <codepage id="20871">IBM EBCDIC Icelandic</codepage>
-    <codepage id="20880">IBM EBCDIC Cyrillic Russian</codepage>
-    <codepage id="20905">IBM EBCDIC Turkish</codepage>
-    <codepage id="20924">IBM EBCDIC Latin</codepage>
-    <codepage id="20932">Japanese</codepage>
-    <codepage id="20936">Simplified Chinese</codepage>
-    <codepage id="20949">Korean Wansung</codepage>
-    <codepage id="21025">IBM EBCDIC Cyrillic Serbian-Bulgarian</codepage>
-    <codepage id="21027">deprecated</codepage>
-    <codepage id="21866">Ukrainian (KOI8-U)</codepage>
-    <codepage id="28591">ISO 8859-1 Latin 1</codepage>
-    <codepage id="28592">ISO 8859-2 Central European</codepage>
-    <codepage id="28593">ISO 8859-3 Latin 3</codepage>
-    <codepage id="28594">ISO 8859-4 Baltic</codepage>
-    <codepage id="28595">ISO 8859-5 Cyrillic</codepage>
-    <codepage id="28596">ISO 8859-6 Arabic</codepage>
-    <codepage id="28597">SO 8859-7 Greek</codepage>
-    <codepage id="28598">ISO 8859-8 Hebrew</codepage>
-    <codepage id="28599">ISO 8859-9 Turkish</codepage>
-    <codepage id="28603">ISO 8859-13 Estonian</codepage>
-    <codepage id="28605">ISO 8859-15 Latin 9</codepage>
-    <codepage id="29001">Europa 3</codepage>
-    <codepage id="38598">ISO 8859-8 Hebrew</codepage>
-    <codepage id="50220">ISO 2022 Japanese</codepage>
-    <codepage id="50221">ISO 2022 Japanese</codepage>
-    <codepage id="50222">ISO 2022 Japanese</codepage>
-    <codepage id="50225">ISO 2022 Korean</codepage>
-    <codepage id="50227">ISO 2022 Simplified Chinese</codepage>
-    <codepage id="50229">ISO 2022 Traditional Chinese</codepage>
-    <codepage id="50930">EBCDIC Japanese Extended</codepage>
-    <codepage id="50931">EBCDIC US-Canada and Japanese</codepage>
-    <codepage id="50933">EBCDIC Korean Extended and Korean</codepage>
-    <codepage id="50935">EBCDIC Simplified Chinese Extended and Simplified Chinese</codepage>
-    <codepage id="50936">EBCDIC Simplified Chinese</codepage>
-    <codepage id="50937">EBCDIC US-Canada and Traditional Chinese</codepage>
-    <codepage id="50939">EBCDIC Japanese (Latin) Extended and Japanese</codepage>
-    <codepage id="51932">EUC Japanese</codepage>
-    <codepage id="51936">EUC Simplified Chinese</codepage>
-    <codepage id="51949">EUC Korean</codepage>
-    <codepage id="51950">EUC Traditional Chinese</codepage>
-    <codepage id="52936">HZ-GB2312 Simplified Chinese</codepage>
-    <codepage id="54936">GB18030 Simplified Chinese</codepage>
-    <codepage id="57002">ISCII Devanagari</codepage>
-    <codepage id="57003">ISCII Bengali</codepage>
-    <codepage id="57004">ISCII Tamil</codepage>
-    <codepage id="57005">ISCII Telugu</codepage>
-    <codepage id="57006">ISCII Assamese</codepage>
-    <codepage id="57007">ISCII Oriya</codepage>
-    <codepage id="57008">ISCII Kannada</codepage>
-    <codepage id="57009">ISCII Malayalam</codepage>
-    <codepage id="57010">ISCII Gujarati</codepage>
-    <codepage id="57011">ISCII Punjabi</codepage>
-    <codepage id="65000">Unicode (UTF-7)</codepage>
-    <codepage id="65001">Unicode (UTF-8)</codepage>
-  </codepages>
-
-</xml>
diff --git a/assemblyline_v4_service/common/pestudio/xml/resources.xml b/assemblyline_v4_service/common/pestudio/xml/resources.xml
deleted file mode 100644
index f7a50cd3..00000000
--- a/assemblyline_v4_service/common/pestudio/xml/resources.xml
+++ /dev/null
@@ -1,511 +0,0 @@
-<!--
-resources.xml is part of the pestudio (www.winitor.com)
-It contains the MD5 of the "well-known" resources detected as blackListed by pestudio.
--->
-<xml version="1.0" encoding="utf-8">
-
-  <resources>
-    <resource id="0" type="1" name="10">9169CFD16C29D67C272110C98D99FAA0</resource>
-    <resource id="0" type="1" name="10">E90C0F3F64201C4ABE053F03685227E6</resource>
-    <resource id="0" type="1" name="10">3F503C5B58D429020C13B8777C90A0A7</resource>
-    <resource id="0" type="1" name="10">BB8A97C30CCF21CEA5B65C1B3437A9CF</resource>
-    <resource id="0" type="1" name="10">18DEEB86648B4AD4CBB54CE7A0BAC23A</resource>
-    <resource id="0" type="1" name="10">D8614B4527F37ADD0DEA8A1EB6602D9A</resource>
-    <resource id="0" type="1" name="10">DC8828ACADF7FC1E3B5243E98F28BA2E</resource>
-    <resource id="0" type="1" name="10">F1F8DD2BE32FEE1DFEFA05931FF3F741</resource>
-    <resource id="0" type="1" name="10">1C9152CA4E98467F2222373A31895656</resource>
-    <resource id="0" type="1" name="10">E296BDC5D85FE5D9FC98A84E8CE20646</resource>
-    <resource id="0" type="1" name="10">4959293BE73FF9ED16CFA3DA2238E7EA</resource>
-    <resource id="0" type="1" name="10">6702B90C5864ADCDC8B47E5A6AD12F41</resource>
-    <resource id="0" type="1" name="10">C3394A1B82898C219C212D17996EFE8E</resource>
-    <resource id="0" type="1" name="10">4AA1872BD44D4C27324219547CEA292A</resource>
-    <resource id="0" type="1" name="10">3549F68D2766BBE560F0817CCFB10623</resource>
-    <resource id="0" type="1" name="10">444F0DDD1F84957AD323A5BA2AFBE5FA</resource>
-    <resource id="0" type="1" name="10">DE01111B81541B4B2A428B79B24045A0</resource>
-    <resource id="0" type="1" name="10">EB85FA5580E17004196AEEB718F4D5E1</resource>
-    <resource id="0" type="1" name="10">17BC0DF705FF9093929AEB5DE3ED569B</resource>
-    <resource id="0" type="1" name="10">E6B2E03204104703F2F52B5421D630D9</resource>
-    <resource id="0" type="1" name="10">9231C7349D760F77D38CB0901AF078B0</resource>
-    <resource id="0" type="1" name="10">B8FBBD3E478611354B749068A7EBEF70</resource>
-    <resource id="0" type="1" name="10">30834EC3CF0FA7F523DCBACFCB29F96B</resource>
-    <resource id="0" type="1" name="10">5EA49897E04010D41CA8BA23302FC4F3</resource>
-    <resource id="0" type="1" name="10">64580AF1E3B4739E5FB8EC58B79EE7F8</resource>
-    <resource id="0" type="1" name="10">137F549D5CA7B9FBE85D17C2CDE1947D</resource>
-    <resource id="0" type="1" name="10">C618C9640E539622E4A3789E801B1867</resource>
-    <resource id="0" type="1" name="10">A1FE17D347B1156212CDC11E9007B60C</resource>
-    <resource id="0" type="1" name="10">87296F8F8BE3838BD1578CC933115352</resource>
-    <resource id="0" type="1" name="10">1899BCC2D01CF773F8DE7D36D4CF71BE</resource>
-    <resource id="0" type="1" name="10">6A037D68D7AE1E10FB5177AE00A3E53F</resource>
-    <resource id="0" type="1" name="10">E4D0A554CCB5BC70AE04708BAE42290B</resource>
-    <resource id="0" type="1" name="10">1A214429314D7FBAB656C908BCD70FD2</resource>
-    <resource id="0" type="1" name="10">1193E37985638AE509758B0E30309D1B</resource>
-    <resource id="0" type="1" name="10">9E23E43D5B35D0AFF563F63A1FC9CB09</resource>
-    <resource id="0" type="1" name="10">57C5E491FD1F4766D507333A194A8F92</resource>
-    <resource id="0" type="1" name="10">6F8AF2B9EEC13BD7E3CC7CCD947BE9C7</resource>
-    <resource id="0" type="1" name="10">B6873B8CFD1CF8890AE2616CD92A48C2</resource>
-    <resource id="0" type="1" name="10">6F8AF2B9EEC13BD7E3CC7CCD947BE9C7</resource>
-    <resource id="0" type="1" name="10">B6873B8CFD1CF8890AE2616CD92A48C2</resource>
-    <resource id="0" type="1" name="10">6F8AF2B9EEC13BD7E3CC7CCD947BE9C7</resource>
-    <resource id="0" type="1" name="10">B6873B8CFD1CF8890AE2616CD92A48C2</resource>
-    <resource id="0" type="1" name="10">242FE4BAE927CF380507169339294131</resource>
-    <resource id="0" type="1" name="10">909D03DE4694F7A8EC4FFE5FA24A3152</resource>
-    <resource id="0" type="1" name="10">664BA9A824DCE9261944F773912B39C2</resource>
-    <resource id="0" type="1" name="10">E3382B6A21544C03B23552E84043A733</resource>
-    <resource id="0" type="1" name="10">02EF9E192F55B1B970B5A894C068C5DC</resource>
-    <resource id="0" type="1" name="10">6C17A1B99ACD02374AF61B396361B430</resource>
-    <resource id="0" type="1" name="10">D14591DA67A51E346B91E7600656AEA7</resource>
-    <resource id="0" type="1" name="10">011C6ED16ACB4DC46B4DF44005FB5EC3</resource>
-    <resource id="0" type="1" name="10">22643A9505A56B069EB4B371611EACD8</resource>
-    <resource id="0" type="1" name="10">D4742746CD02263535B0E1A250256B46</resource>
-    <resource id="0" type="1" name="10">BC4C88DCB309E3C4740E1E2488E94D93</resource>
-    <resource id="0" type="1" name="10">BE743AEB7A0B66DB50D4B4BCA06F25D3</resource>
-    <resource id="0" type="1" name="10">9B0D8E918F4D74B60D88F00F68565875</resource>
-    <resource id="0" type="1" name="10">FF9DA435637956C5E80B0845C9EA4D36</resource>
-    <resource id="0" type="1" name="10">154BC0506D993EDC97B2F5103C052009</resource>
-    <resource id="0" type="1" name="10">1B2A520AF7D2B911FA80AD122B5032F4</resource>
-    <resource id="0" type="1" name="10">399D1914A61AA0E1330757AE645DED7E</resource>
-    <resource id="0" type="1" name="10">FBC89C665E149B5CF1865EF48FB8D916</resource>
-    <resource id="0" type="1" name="10">79438F24B4D1B5FC1978FD55612E9B5B</resource>
-    <resource id="0" type="1" name="10">C7548B9FAE303DB9D12C921A9AE60FFA</resource>
-    <resource id="0" type="1" name="10">B00CB5CDFD5BE17756EF9ABC01198C07</resource>
-    <resource id="0" type="1" name="10">DBF94E02F2BE7BC54E4D68841C86700B</resource>
-    <resource id="0" type="1" name="10">A5C21062D577BE7E18F5C53596A1A509</resource>
-    <resource id="0" type="1" name="10">6B9EB151A1F11F98EF3A42B65DF4699B</resource>
-    <resource id="0" type="1" name="10">A2434F1408690B727C7643C77375F431</resource>
-    <resource id="0" type="1" name="10">479019C4B33CD047E7616BE11C259C88</resource>
-    <resource id="0" type="1" name="10">F20C08B113FC6ED06851D8B950904B05</resource>
-    <resource id="0" type="1" name="10">3C8EF3403E591C4DCA44D8FCE418C38E</resource>
-    <resource id="0" type="1" name="10">CBBD546133D0B02BA583C65413C6BC6F</resource>
-    <resource id="0" type="1" name="10">55EC6C603E56E6DB01A6F3894B402C73</resource>
-    <resource id="0" type="1" name="10">F22C1D8389B0377620FF1BBC10D3AE80</resource>
-    <resource id="0" type="1" name="10">6C442AE314625F3D64854A7C1CBA36F5</resource>
-    <resource id="0" type="1" name="10">1E3BD999F3727EDE7FEC53EE1FDA98A1</resource>
-    <resource id="0" type="1" name="10">B0BB1475C896C2AF080C296425694A90</resource>
-    <resource id="0" type="1" name="10">7EA944FF867D7A5F5E61ADCE6C8FC93F</resource>
-    <resource id="0" type="1" name="10">6129A042CACD74E0F0C81FBE14C3AE58</resource>
-    <resource id="0" type="1" name="10">D5F92E469B8C5167407304F2D8874BAB</resource>
-    <resource id="0" type="1" name="10">A2254D71F30DD4CD7E8DCDE0BE16C763</resource>
-    <resource id="0" type="1" name="10">358F214E250968CC031C55939688E620</resource>
-    <resource id="0" type="1" name="10">CEB01C8C564F22F5998FAF96B24C3EAE</resource>
-    <resource id="0" type="1" name="10">4CBFE99178EFDA38EBA3DF3CB048AF62</resource>
-    <resource id="0" type="1" name="10">1BA3F98E7C4AB9389DBF32009B4FC2E4</resource>
-    <resource id="0" type="1" name="10">81A51D91E4D5D2F3CAC667407DD0F10C</resource>
-    <resource id="0" type="1" name="10">572F311EA3C45509E5174758BEC84C67</resource>
-    <resource id="0" type="1" name="10">D217A9BB52ECA606D83E7A5D653C96F6</resource>
-    <resource id="0" type="1" name="10">03D5E7392D047800CDD3AA5695508BD9</resource>
-    <resource id="0" type="1" name="10">2448C3A71B68242B42E44F5A07933800</resource>
-    <resource id="0" type="1" name="10">1A973D5420B563AEC9730631842C3100</resource>
-    <resource id="0" type="1" name="10">B4AA26F1F89BEB4F11A6A3E226A1E056</resource>
-    <resource id="0" type="1" name="10">EDD239647A6FA9551AAA2DA58BE866C9</resource>
-    <resource id="0" type="1" name="10">D5E93D437E309149B11D2E82AB1E4F11</resource>
-    <resource id="0" type="1" name="10">E92159842313FB935BA3D4522F93E107</resource>
-    <resource id="0" type="1" name="10">D0FF39BB38F7D10B09EB154761CBF703</resource>
-    <resource id="0" type="1" name="10">97E6E94A014A210407000E326EEC7C52</resource>
-    <resource id="0" type="1" name="10">8A3E32532E6992D762B208FBF8AC750B</resource>
-    <resource id="0" type="1" name="10">EBE292D6C56A61E2CAB05756855F65BF</resource>
-    <resource id="0" type="1" name="10">35EF65177428564AC61813783F423CC6</resource>
-    <resource id="0" type="1" name="10">D6328D4D0753D321206E3EDD55A91C56</resource>
-    <resource id="0" type="1" name="10">C13D23D023ECF90CB99DAC5BD29B9313</resource>
-    <resource id="0" type="1" name="10">91871906ECE08557583327828337273B</resource>
-    <resource id="0" type="1" name="10">13B5EB244C1D36EC97FE15A77576652B</resource>
-    <resource id="0" type="1" name="10">460671DD981DDEE71BCAF56A34831442</resource>
-    <resource id="0" type="1" name="10">7EFD59FC12887001E0317BC646551050</resource>
-
-
-    <resource id="1" type="1" name="20">C931EB3CE69DD95FC1FCB47C3F73658B</resource>
-    <resource id="1" type="1" name="20">F3CB9D43BE7149A07EFDD32E72168B97</resource>
-    <resource id="1" type="1" name="20">A5DF136449E71051E787F7F2564B8158</resource>
-    <resource id="1" type="1" name="20">C3FEC2C43E7DFD935C90940D55BC274A</resource>
-    <resource id="1" type="1" name="20">58E1ED2B09B80CD6CEE38D26C90BFFEF</resource>
-    <resource id="1" type="1" name="20">6413D97BEE274B598C29084EE4C947AF</resource>
-    <resource id="1" type="1" name="20">726B2EA4D3A3C18FAB8B9A70A926FCBA</resource>
-    <resource id="1" type="1" name="20">A510252295828679049879AC3B32E26F</resource>
-    <resource id="1" type="1" name="20">344B352D9BFAB34DDFD5B9E3EBA40924</resource>
-    <resource id="1" type="1" name="20">94AE24A5A7CD8C7D665E21082C1F82BD</resource>
-    <resource id="1" type="1" name="20">5FF19ADD2BBFD24900C30590B723BCA2</resource>
-    <resource id="1" type="1" name="20">D453E2532C0E8AE4B2EC15E220B522D3</resource>
-    <resource id="1" type="1" name="20">3232EDF7C55B0C69281E8C14081F3005</resource>
-
-    <resource id="2" type="1" name="32">5E0424A037ED1CF4B86D9CAED970DFF9</resource>
-    <resource id="2" type="1" name="32">E90A939E1107E27E1D95C25E2EB0F65A</resource>
-    <resource id="2" type="1" name="32">44B38E737F03387A86DB70708B9C5C4A</resource>
-    <resource id="2" type="1" name="32">4C7576E8F541BB3E4915569E56509AE1</resource>
-    <resource id="2" type="1" name="32">7684234AAE030B0E361B77C545F619AD</resource>
-    <resource id="2" type="1" name="32">30678F5B06BC441A5BD8ED2848236144</resource>
-    <resource id="2" type="1" name="32">C50E91E6D59210580879F7BC5BD36D62</resource>
-    <resource id="2" type="1" name="32">011BDE7B9C82D9453B7222950F92B18B</resource>
-    <resource id="2" type="1" name="32">489350E7DBC2BD241EEEAF928C84198B</resource>
-    <resource id="2" type="1" name="32">A0873ADC85C929C39F54B1E889C20411</resource>
-    <resource id="2" type="1" name="32">02F5AA301D295FA4EE30646E84CCDC84</resource>
-    <resource id="2" type="1" name="32">619569EE7F33365F88C67E5792ED5545</resource>
-    <resource id="2" type="1" name="32">4AAC2B52C5AC1670EBDE434FD25A57E3</resource>
-
-    <resource id="3" type="1" name="40">A6A1FC387776122DA43D5D1FFC73AB14</resource>
-    <resource id="3" type="1" name="40">7537DC8AA212AE903A8CBA12E73C2819</resource>
-    <resource id="3" type="1" name="40">A26CAEE6F15E6536BC4DD217227D313D</resource>
-    <resource id="3" type="1" name="40">D9BBB1FC017CAF205D9A1092B05A8931</resource>
-    <resource id="3" type="1" name="40">5F8E7F65DDE26797265FF08C20E0F50E</resource>
-    <resource id="3" type="1" name="40">A20A4A65692AB511B9DC51AA02028B27</resource>
-    <resource id="3" type="1" name="40">2D8A3FDED4712D6AC221F9878E6A74FF</resource>
-    <resource id="3" type="1" name="40">5735C880F81FDECB98E3FB900933C3D5</resource>
-    <resource id="3" type="1" name="40">BB1FD2B9E0171148E824D98C02CC6E82</resource>
-    <resource id="3" type="1" name="40">FE0A80ADF462320DD46C4B02C7BD1041</resource>
-    <resource id="3" type="1" name="40">3CA321CD8113E0B8FEF6993E8E3B8759</resource>
-    <resource id="3" type="1" name="40">F33E761C82E8FCD44C5841ACF8EBDC81</resource>
-
-
-    <resource id="4" type="1" name="50">5F8E7F65DDE26797265FF08C20E0F50E</resource>
-    <resource id="4" type="1" name="50">A20A4A65692AB511B9DC51AA02028B27</resource>
-    <resource id="4" type="1" name="50">11D5D480A7B2C686AC2189DD34B9DB40</resource>
-    <resource id="4" type="1" name="50">ADDB99E27F9A3CAAD37DFA6D93824EFE</resource>
-    <resource id="4" type="1" name="50">39997C551CBD6B80C680353B064EFB23</resource>
-    <resource id="4" type="1" name="40">B2859863B159FCEFC043467ED11417D9</resource>
-
-    <resource id="5" type="1" name="60">2C67143AFC3909B3EACA8C11C187C904</resource>
-    <resource id="5" type="1" name="60">095C4AE7800A5BAF13B314129421C290</resource>
-    <resource id="5" type="1" name="60">4C367C5E16D12F80995F3B1CF127244E</resource>
-    <resource id="5" type="1" name="60">2F75B7DEFE46ACAC49BA80826711E295</resource>
-    <resource id="5" type="1" name="60">53EE7373CC8C75AC0B3E2651EE6C2397</resource>
-    <resource id="5" type="1" name="60">840AA4B2D92E1643D5A3368E83794D58</resource>
-
-    <resource id="6" type="1" name="70">24799CA590D42134E7103B06D46FD960</resource>
-    <resource id="6" type="1" name="70">E6C5053BA1C848D7E16701A2D08FB8C6</resource>
-
-    <resource id="7" type="1" name="100">A1ED7997BD50C296AAB05FCC8388A4E0</resource>
-    <resource id="7" type="1" name="100">8A992A1952774487BD0C0C6B7B1388F8</resource>
-    <resource id="7" type="1" name="100">60BF656112A8DA82519EF19AEB9F5E3B</resource>
-    <resource id="7" type="1" name="100">56860B98C85BB21038F01C1E194E6460</resource>
-    <resource id="7" type="1" name="100">2DBF9CC24FA6009561FAF807C21C0FBB</resource>
-    <resource id="7" type="1" name="100">8AE2737AE3E04FDF0082602BFDB29102</resource>
-    <resource id="7" type="1" name="100">06B51ACA3C7CE72714A04676359E72C3</resource>
-    <resource id="7" type="1" name="100">BC0D13EF4C056308DE3F06C5D45EDA52</resource>
-    <resource id="7" type="1" name="100">44C8C8006607D2BEFB077C0D606E00A9</resource>
-    <resource id="7" type="1" name="100">9CE845F74F9BCAE467F9437D7B05EF11</resource>
-    <resource id="7" type="1" name="100">E6E0262EF4FF2CAC9437DC0B1611C133</resource>
-    <resource id="7" type="1" name="100">4275F915E6034CDCB5F606B6DFDDAD7D</resource>
-    <resource id="7" type="1" name="100">03CA4863E2106A76D71E870B44E78D28</resource>
-    <resource id="7" type="1" name="100">ECEB823490EBCD43AE2B6FFF8C9F87ED</resource>
-    <resource id="7" type="1" name="100">467D35B1994FF99564D9C582BDA6BEDE</resource>
-    <resource id="7" type="1" name="100">A058DA3DFD64D65AC7395DA49AB9798B</resource>
-    <resource id="7" type="1" name="100">9C8CC2C612B616A435C747A92A4C3F2D</resource>
-    <resource id="7" type="1" name="100">7F1B5216B92533AF64D2649ED7A0C776</resource>
-    <resource id="7" type="1" name="100">7F1B5216B92533AF64D2649ED7A0C776</resource>
-    <resource id="7" type="1" name="100">EE62326BEE5D061EC1106369DC7FBBC0</resource>
-    <resource id="7" type="1" name="100">D0AA6B4D0CE81668F70DDCD94339F156</resource>
-    <resource id="7" type="1" name="100">F2797CB14A4023810217A1C77C5710C5</resource>
-    <resource id="7" type="1" name="100">8815C3B9C9BF1D41229ACAEC22728387</resource>
-    <resource id="7" type="1" name="100">1D6E85FDF0E89434EF4F5387F40693D6</resource>
-    <resource id="7" type="1" name="100">7B85CAEFFE313D9A1B1431E3ED805A5A</resource>
-    <resource id="7" type="1" name="100">B56D4711501D1B40EA415E105D9137A7</resource>
-    <resource id="7" type="1" name="100">B5F9D009156EBE07FB0F25C148E4A2A5</resource>
-    <resource id="7" type="1" name="100">FB983256140DD7C07A7957A5AB4DB997</resource>
-    <resource id="7" type="1" name="100">1DAFFB0D65AB793FAFCE375E6F8C93C4</resource>
-    <resource id="7" type="1" name="100">157E93F142DA0938BDFBEC079B473809</resource>
-    <resource id="7" type="1" name="100">B0681B3B4F35D66F842EC45712278844</resource>
-    <resource id="7" type="1" name="100">BA94CA63109CE80F7FF07F8B32F48BAD</resource>
-    <resource id="7" type="1" name="100">BACA0BD675B44B8DB1263E690E15ACBE</resource>
-    <resource id="7" type="1" name="100">BCA790B2BD380D03C12F6DB36844201B</resource>
-    <resource id="7" type="1" name="100">07719E9A1BFE3BDB00653C03C9646064</resource>
-    <resource id="7" type="1" name="100">DEE90234C613EA3A55C056BB02687B1C</resource>
-    <resource id="7" type="1" name="100">5AAC683855FE0EE3DBE9B1B2B36B5ECE</resource>
-    <resource id="7" type="1" name="100">29C7D5A955774F1B28CA51ED4538B931</resource>
-    <resource id="7" type="1" name="100">DB89345020D2E729450B05DF74BB2E99</resource>
-    <resource id="7" type="1" name="100">6E21109C959B09A054871214E7A2EB64</resource>
-    <resource id="7" type="1" name="100">29E12D9AB0E6DEDE8395C14600FAAA14</resource>
-    <resource id="7" type="1" name="100">D7A0796C0EB65BCE03FC7E9302132F50</resource>
-    <resource id="7" type="1" name="100">E05DADD071C308E892B2CDD494A92B4F</resource>
-    <resource id="7" type="1" name="100">3B1785B7485D77046F2BD14DD2D02D4E</resource>
-    <resource id="7" type="1" name="100">B80CBC64CB6E6ACF2BCEF757D3BE7B47</resource>
-    <resource id="7" type="1" name="100">35D0626505772B37FE3A883310D91D7A</resource>
-    <resource id="7" type="1" name="100">F918A9311FC55AA02733653E783EAF71</resource>
-    <resource id="7" type="1" name="100">E46C30C58F3CB44E236643F6EB6E85E5</resource>
-    <resource id="7" type="1" name="100">B796C796B3D8AC08799CBC5A4D104F9F</resource>
-    <resource id="7" type="1" name="100">846A77216562E12267837F95A0AD51C7</resource>
-    <resource id="7" type="1" name="100">99E5D6E15B7BA7337B6996D7FBE938EC</resource>
-    <resource id="7" type="1" name="100">A449F658F94FCAD046CD45CDC227F656</resource>
-    <resource id="7" type="1" name="100">282E7F4F550128BD16EAD0885EDA40C1</resource>
-    <resource id="7" type="1" name="100">C167923A143FCDC75DA6F69D71AA3937</resource>
-    <resource id="7" type="1" name="100">E3049F65F3ABC5632E8A18707645785F</resource>
-    <resource id="7" type="1" name="100">DC066CB931F579D516A1A37EF7D1A661</resource>
-    <resource id="7" type="1" name="100">D81A2466D8410C5ECC212F99BA3AFB7E</resource>
-    <resource id="7" type="1" name="100">BB1A64D7B7F2BB8D709978857A7BA08A</resource>
-    <resource id="7" type="1" name="100">00CFA6576E567CF775AD0567817685CA</resource>
-    <resource id="7" type="1" name="100">2BD1617E44BB44DB5F26DCEAC89C9B1E</resource>
-    <resource id="7" type="1" name="100">3F3A5A5B0D794E4B144C63C100CC57C2</resource>
-    <resource id="7" type="1" name="100">99419B12B8F7519179FCE2C8F083A092</resource>
-    <resource id="7" type="1" name="100">7E179152E2AE85BBAB0A0DDF1D4067CD</resource>
-    <resource id="7" type="1" name="100">4612876C7FDCFEC715337F0D167E6CAA</resource>
-    <resource id="7" type="1" name="100">8B8DE9C0798619DD7C151D951999FE57</resource>
-    <resource id="7" type="1" name="100">5101F6FB77200F2C4647607F8D807607</resource>
-    <resource id="7" type="1" name="100">39710FE2245A6211FC13C5DF75223B57</resource>
-    <resource id="7" type="1" name="100">D4C60781C5DF23D788C62B1FB2968CC2</resource>
-    <resource id="7" type="1" name="100">EB3A2CB47E8054B73D66E1D8E716009F</resource>
-    <resource id="7" type="1" name="100">2C2D5464A4233F4C255DE05F46701B33</resource>
-    <resource id="7" type="1" name="100">4A1546C9E094A221D6BA88BF4EAA3728</resource>
-    <resource id="7" type="1" name="100">08A537E9415A81733C1648B5F568D2F7</resource>
-    <resource id="7" type="1" name="100">75A0B1A202814178CB553CD89A739B0F</resource>
-    <resource id="7" type="1" name="100">8A2672BB14DEB958210FBC05C30145F4</resource>
-    <resource id="7" type="1" name="100">F7FE951D84798F911C72F1E0F871B56C</resource>
-    <resource id="7" type="1" name="100">B6C6FA376FA6DF020D146DF0A6763482</resource>
-    <resource id="7" type="1" name="100">6FC9EAE77EF4637E10DD3ABED06137D3</resource>
-    <resource id="7" type="1" name="100">9C96D4E394E3C1DE27E9CEC412D43F96</resource>
-    <resource id="7" type="1" name="100">2F56E8C9647325B52A2F40DE4D21EE0E</resource>
-    <resource id="7" type="1" name="100">17969F580FF0C708428DCA3E948405EC</resource>
-    <resource id="7" type="1" name="100">1E178242A43451F4E99A7D99A425C3EF</resource>
-    <resource id="7" type="1" name="100">1B18459A10D22AFC628779631DD377ED</resource>
-    <resource id="7" type="1" name="100">FAC5759F56FE23412DD8408882BDA5AD</resource>
-    <resource id="7" type="1" name="100">623599656EF92AB06FB114D5BD89FC80</resource>
-    <resource id="7" type="1" name="100">A39E2C6AB70ED5954F52FE31F7CB9647</resource>
-    <resource id="7" type="1" name="100">08674C0389647BCCE7A0C7B2A2385F86</resource>
-    <resource id="7" type="1" name="100">5CD093BE7B5B80F8F9BED61174E747DF</resource>
-    <resource id="7" type="1" name="100">AF072272EC49043084EAA03D85413C41</resource>
-    <resource id="7" type="1" name="100">19B41C0049693AD063140564A05A15D4</resource>
-    <resource id="7" type="1" name="100">583F03DF62CED4CE8FCE473E03A45AF8</resource>
-    <resource id="7" type="1" name="100">FA66DB1B92E0DF9EE1B2968AEFCD2BC7</resource>
-    <resource id="7" type="1" name="100">996969D9DD9B639D44504388D7B0128E</resource>
-    <resource id="7" type="1" name="100">CB89BB646689F03BBF0B69470DA1FEB6</resource>
-    <resource id="7" type="1" name="100">91E76CEA5EF0C6C4973CF6A025FB9AAA</resource>
-    <resource id="7" type="1" name="100">DAC5F0C754C4ED921E10792E6942FF23</resource>
-    <resource id="7" type="1" name="100">CF8B63BBBFE18A2B7266E74D8989F0B5</resource>
-    <resource id="7" type="1" name="100">F730C64DAAE0131A358FF51541E691CC</resource>
-    <resource id="7" type="1" name="100">B07E1536B478EA6B806C9263414BD9F7</resource>
-    <resource id="7" type="1" name="100">D522598072DC48BB6AEF6F0BB40B4CC2</resource>
-    <resource id="7" type="1" name="100">1BA76EAB257E68B286E564CBE07DCD26</resource>
-    <resource id="7" type="1" name="100">5BCA57194380C34002C0DD086A242EE7</resource>
-    <resource id="7" type="1" name="100">A0F1A9E664389E2FAE01C9519598ABBF</resource>
-    <resource id="7" type="1" name="100">AD4CDD3A5337E568D3F55E8F024B4526</resource>
-    <resource id="7" type="1" name="100">C219F66CFCCF208C3D9272B32C90A4EE</resource>
-    <resource id="7" type="1" name="100">17DE37ED86693CDA2140F01B194B5557</resource>
-    <resource id="7" type="1" name="100">A4FDE844456B29D6850DAF42A5807672</resource>
-    <resource id="7" type="1" name="100">D6312274160C34503BC625F9598F8E43</resource>
-    <resource id="7" type="1" name="100">380E8FA64D4DF8BA3F817E81C1087CBB</resource>
-    <resource id="7" type="1" name="100">7EE265D09E41EF3139D93B7050D10DBD</resource>
-    <resource id="7" type="1" name="100">53DF7815DD9AD3493275650237CB6BD8</resource>
-    <resource id="7" type="1" name="100">6CC3E2A7D3200766361CCE948CC2F693</resource>
-    <resource id="7" type="1" name="100">EDB68DFA3A0C4F34D1C2B24FE84CCE32</resource>
-    <resource id="7" type="1" name="100">80591A4642B92F1A9CBCD69A23111809</resource>
-    <resource id="7" type="1" name="100">D5AE730A7B7B2BB8E560FF844C93B49E</resource>
-    <resource id="7" type="1" name="100">69D95E2689633F96263753675856A576</resource>
-    <resource id="7" type="1" name="100">0DCE307B9A89BCF569E3AEF9FDA2DB7F</resource>
-    <resource id="7" type="1" name="100">77307C66ADA4BD02BFAD41A837011DEB</resource>
-    <resource id="7" type="1" name="100">6835F4C66937B5E1ACACF8839AFE6E52</resource>
-    <resource id="7" type="1" name="100">60B7EE275052309CFE13AC808ED31B51</resource>
-    <resource id="7" type="1" name="100">F227C2ABF18E255A547FCF87615B8E01</resource>
-    <resource id="7" type="1" name="100">BF163EDA3408D4EA99E1C49DE22BB4BF</resource>
-    <resource id="7" type="1" name="100">A75DBC888460875868739C709251BA83</resource>
-    <resource id="7" type="1" name="100">62C69EE86977F85A5883180553AADC18</resource>
-    <resource id="7" type="1" name="100">55189FF66957A034473AC7084B153CC1</resource>
-    <resource id="7" type="1" name="100">FB585460A906CF7229C078029C20E3E7</resource>
-    <resource id="7" type="1" name="100">12EC2FC8D86C65116BE55ADCD388DA88</resource>
-    <resource id="7" type="1" name="100">D7416167A3F1B4F5F2025F7E98D9C4DA</resource>
-    <resource id="7" type="1" name="100">057D1ED62042EF154B2430DFEC4D9A28</resource>
-    <resource id="7" type="1" name="100">75A9DD706983E639CE995713F0C8F81F</resource>
-    <resource id="7" type="1" name="100">AA9F1D12DA051B3C7E0677F15F7187B5</resource>
-    <resource id="7" type="1" name="100">2C5034D947E301BCAED257F1782281C4</resource>
-    <resource id="7" type="1" name="100">368D2E77FE3952DACCDCEF3BF254A9C8</resource>
-    <resource id="7" type="1" name="100">D4BA95484230181AF6BB70A658043FF3</resource>
-    <resource id="7" type="1" name="100">29D6C17E6CD15BFC90009AAA138D3864</resource>
-    <resource id="7" type="1" name="100">ABA82F41761F8A60CDE98838C6A552FC</resource>
-    <resource id="7" type="1" name="100">F2C0BDDEDFAC53630A528BC2FEEBF2DC</resource>
-    <resource id="7" type="1" name="100">A66AA3EA7848A5729A4D2EBEC5F9426D</resource>
-    <resource id="7" type="1" name="100">95F41B1D89E6AD15EC5012F74D49D7DE</resource>
-    <resource id="7" type="1" name="100">E8C2EA04B31E3E8E9E0EFB76E7E51615</resource>
-    <resource id="7" type="1" name="100">740B18E8E0D70DB3D0A5EC1D4B2883DF</resource>
-    <resource id="7" type="1" name="100">2A8F5C47916544CF12DF6F971D4BF804</resource>
-    <resource id="7" type="1" name="100">1075512898849EAF97D4E54B0FDE1E50</resource>
-    <resource id="7" type="1" name="100">00FB241D750DA51E810E5DF59E922900</resource>
-    <resource id="7" type="1" name="100">AB03342B57FAF4B4FC9244E3A9118E7A</resource>
-    <resource id="7" type="1" name="100">5E9E6BB6D9F5E46D32089F5A228C40F5</resource>
-    <resource id="7" type="1" name="100">CBF06ADD981DCA3588A1C8092DA52400</resource>
-    <resource id="7" type="1" name="100">885B5EACC906143F5A5FBC46FE8ADA47</resource>
-    <resource id="7" type="1" name="100">75CB594E565B7232DF391F8C06FB722F</resource>
-    <resource id="7" type="1" name="100">49CF37CE1395B81E15B3A9F162C4D34E</resource>
-    <resource id="7" type="1" name="100">D26FA664BC7A6B0F7DC53D4AA2468A71</resource>
-    <resource id="7" type="1" name="100">DD4092D5B47C9C2BE1DB2114E9F03557</resource>
-    <resource id="7" type="1" name="100">3C63650266399F0DD5DDC7481016D673</resource>
-    <resource id="7" type="1" name="100">F6E73653376433FDDD9AD55521BB6043</resource>
-    <resource id="7" type="1" name="100">5B697094E12F1CA8C053CEE1F534A826</resource>
-    <resource id="7" type="1" name="100">C91BAE1FC957C6B257B5D09057DFFB0C</resource>
-    <resource id="7" type="1" name="100">02B32306D0E4EBAD89F3FEB7D42B16E4</resource>
-    <resource id="7" type="1" name="100">FFB785FEBCC17D0E116D2EF6B4D4A2FC</resource>
-    <resource id="7" type="1" name="100">1C28E5FB4EED75FECD379EEA0BB86DBD</resource>
-    <resource id="7" type="1" name="100">714403D8593572CB9E2D5B610FFC6EB3</resource>
-    <resource id="7" type="1" name="100">068BC955D31AABCAF994BB141E21E591</resource>
-    <resource id="7" type="1" name="100">787580971802A9F92FA112645158D243</resource>
-    <resource id="7" type="1" name="100">A9B11B24953BD3805FEEDE9B85041A20</resource>
-    <resource id="7" type="1" name="100">361237F8639164F16A20CA99C583215A</resource>
-    <resource id="7" type="1" name="100">159AB8C7629FD7CF5635A8C055886480</resource>
-    <resource id="7" type="1" name="100">26C88A3BBC6534EE14424B27F0B1206A</resource>
-    <resource id="7" type="1" name="100">6CAE1C7E416610BC70D9D1318131D837</resource>
-    <resource id="7" type="1" name="100">07E714F4A1F39156B67A1654FAF0CB1D</resource>
-    <resource id="7" type="1" name="100">63EBA0BC08D9A568080506AFE17CA2E9</resource>
-    <resource id="7" type="1" name="100">A1F5BC09FDF3D4C4A1E8BB29376E6B85</resource>
-
-    <resource id="8" type="1" name="110">C8AD15FFE7C53280184269F6FEC09504</resource>
-    <resource id="8" type="1" name="110">2E0885355CAC8A3390565C5DAFA6022B</resource>
-    <resource id="8" type="1" name="110">05BB37CC4531FE1654D1ABBDC646CEED</resource>
-    <resource id="8" type="1" name="110">32280A1FE2A95CB52E6D3F5996DFDB1C</resource>
-    <resource id="8" type="1" name="110">2E8B843FEEA3A5D376BDE41235300C99</resource>
-    <resource id="8" type="1" name="110">19B245C3B365A46ADD6C7E875CCA63B8</resource>
-    <resource id="8" type="1" name="110">D8D5BD5B0E73779900EE253E3CA73B40</resource>
-    <resource id="8" type="1" name="110">421607C11EFBCCB2ED2E18AFA3DA34A3</resource>
-    <resource id="8" type="1" name="110">E47F0BBBBAF6EC8A6BA89DE01F3340DD</resource>
-    <resource id="8" type="1" name="110">54F61D18E7F794580D5D821892B15C2A</resource>
-    <resource id="8" type="1" name="110">30DEC2B13BD7C0DD83D74A833AA650C7</resource>
-    <resource id="8" type="1" name="110">3CAC4EA2EEAE9680AB9004CB48FEB843</resource>
-    <resource id="8" type="1" name="110">29C19E1DE3090617C1F272B3FE4B956C</resource>
-    <resource id="8" type="1" name="110">44DEC974890AA54E1231F019810A5A7D</resource>
-    <resource id="8" type="1" name="110">5CBA59151FB1D307DB19D01113C7D644</resource>
-    <resource id="8" type="1" name="110">05F1A4100B82D174400D376E59EA4032</resource>
-    <resource id="8" type="1" name="110">44692635ADB994B18FD1BBE1B89EAE8A</resource>
-    <resource id="8" type="1" name="110">F2EFA3A7D7E1A0EA2222BC03326CE56B</resource>
-    <resource id="8" type="1" name="110">F0AD1B8815E933A2E34E770439574E68</resource>
-    <resource id="8" type="1" name="110">4402AAD7B76F97CD25A63556BD386F45</resource>
-    <resource id="8" type="1" name="110">94D2333F0ACE68BC98CE8B379445F469</resource>
-    <resource id="8" type="1" name="110">85477B0DAB461F62B51B79AF761BC042</resource>
-    <resource id="8" type="1" name="110">6F1D7A5156DA1D8D609C700D7F856C57</resource>
-
-    <resource id="9" type="1" name="200">063315629ADB9C84B22673219200D1F7</resource>
-    <resource id="9" type="1" name="200">93BA82BE92A45505EE061CCBA34E5ECF</resource>
-    <resource id="9" type="1" name="200">9D6C41957BE093DBD3F2E3FBF6E70609</resource>
-
-    <resource id="10" type="1" name="210">79789DC8EB29D34D2DC4CA4597678C96</resource>
-    <resource id="10" type="1" name="210">BD505B1D1A9C1E8B1FDB379637A2EB00</resource>
-    <resource id="10" type="1" name="210">472C9FAC5D5C06A7C524835FC8D5AB98</resource>
-    <resource id="10" type="1" name="210">875428C8A68F86911FD8D3B537BEDF87</resource>
-    <resource id="10" type="1" name="210">F780A82E83114AB86869E7AC81D68473</resource>
-    <resource id="10" type="1" name="210">8CFD33F4BFF0F19AAC8A8AF71B0CE30F</resource>
-
-    <resource id="11" type="1" name="300">5DDC94F3A935D7742D868238CB8EBCA8</resource>
-    <resource id="11" type="1" name="300">0EB4A39028CB3AE4D7E9CC62DAD71ACD</resource>
-    <resource id="11" type="1" name="300">32AFE38C0D0DC3FDF0C3C485887D3E43</resource>
-    <resource id="11" type="1" name="300">6748E3D22A0734B78EB691A3C360A767</resource>
-    <resource id="11" type="1" name="300">4A7CD59B1C3C1BAA90D7C6D3182990D0</resource>
-
-    <resource id="12" type="1" name="310">757E9E2E7CF80A929501A81F7CA1EB33</resource>
-    <resource id="12" type="1" name="310">CA16B16F5905D430078E613019FEAAB1</resource>
-    <resource id="12" type="1" name="310">C3B04343D9A1EBED8BE094B7D3DB2A9E</resource>
-    <resource id="12" type="1" name="310">C5AF786BFD9FD1C53C8FE9F0BD9CE38B</resource>
-    <resource id="12" type="1" name="310">0A451222F7037983439A58E3B44DB529</resource>
-    <resource id="12" type="1" name="310">90ED3AAC2A942E3067E6471B32860E77</resource>
-    <resource id="12" type="1" name="310">AF05DD5BD4C3B1FC94922C75ED4F9519</resource>
-
-    <resource id="13" type="1" name="320">77C64818523675C19429AEE1EC8A0544</resource>
-    <resource id="13" type="1" name="320">DE81BCCB6410C9E4ACB325F67F268BC5</resource>
-    <resource id="13" type="1" name="320">E9356775B7B8159CFAD335FA2C2B22D5</resource>
-    <resource id="13" type="1" name="320">41491A39D90ED5934E44C6A505F15EE5</resource>
-    <resource id="13" type="1" name="320">D7B0560BD281FF19FF0611E0D353E191</resource>
-    <resource id="13" type="1" name="320">F71DC11B5BA14E4E23B83041D878ADB3</resource>
-
-    <resource id="14" type="1" name="330">DAC970882C0B2BBF2BA730CDD029CC15</resource>
-    <resource id="14" type="1" name="330">7AF648367DBCFF7D2CEDB0129130831C</resource>
-    <resource id="14" type="1" name="330">3EB35BB107D7B980380FC299BCB78339</resource>
-    <resource id="14" type="1" name="330">541C3A8A0F459E81C477F257581D74B9</resource>
-    <resource id="14" type="1" name="330">5503D51A4796F866F06DB06D96B2B6F2</resource>
-    <resource id="14" type="1" name="330">B73040E84B34D849887B960439EE7B74</resource>
-    <resource id="14" type="1" name="330">D462755A29E7D78005E4F1E643BD3A23</resource>
-    <resource id="14" type="1" name="330">1470DD46FBC7A3CCF2ED443979BE87EF</resource>
-    <resource id="14" type="1" name="330">255247F964ABE807FCA929BE8D7636D1</resource>
-    <resource id="14" type="1" name="330">4174B6C6A8B32C89430A8B0142E55868</resource>
-    <resource id="14" type="1" name="330">B075E283F89FFF26DB1C1AACAF696EC1</resource>
-
-    <resource id="15" type="1" name="340">FE5312D721B8A2DA30D5C84E039651CB</resource>
-    <resource id="15" type="1" name="340">FFCA4B680C5BBC45B7218541811B2F23</resource>
-    <resource id="15" type="1" name="340">ACAB3C15838798165F41DEB1DD1B623E</resource>
-    <resource id="15" type="1" name="340">F6A9C501AAC7DCE9AC5CCF82BBDC404E</resource>
-    <resource id="15" type="1" name="340">3FAD76BA87D6EDE772739BE863C83B5A</resource>
-    <resource id="15" type="1" name="340">2E25811C524ABE0A72EA1240DA9E00FC</resource>
-    <resource id="15" type="1" name="340">2065035FBC5003C4369CCF7DCF3313A8</resource>
-    <resource id="15" type="1" name="340">C0B1A95D8E2191DE7DB362CC6405FE80</resource>
-    <resource id="15" type="1" name="340">C21C852B74B17597BE42E28D58739EFE</resource>
-    <resource id="15" type="1" name="340">29B291AD75C93524E2D6B72A2E77F183</resource>
-    <resource id="15" type="1" name="340">ADD1001134F11A0F1783F9719ECF0A34</resource>
-    <resource id="15" type="1" name="340">E7B4E12CE14DCBA2010746F8DDB16A58</resource>
-    <resource id="15" type="1" name="340">A160FBC7D6053ACACB1F0C1A413A4C45</resource>
-
-    <resource id="16" type="1" name="350">6295B471FE26A142E3F55CEA4A0AF053</resource>
-    <resource id="16" type="1" name="350">02BCEDCF1264C2D5217C8E741E94F037</resource>
-    <resource id="16" type="1" name="350">A7755A1FF142CD6A5A434E31C12BEE74</resource>
-    <resource id="16" type="1" name="350">5AA227AD281A94BDDA70072FFEEF26B7</resource>
-    <resource id="16" type="1" name="350">4E93012888E56D9DED57FDB88F7E76DA</resource>
-    <resource id="16" type="1" name="350">F4879D701A7E0C7E7000B8B306009F20</resource>
-
-    <resource id="17" type="1" name="360">D15F3AB6307B00B16A901CD1CDDB79E1</resource>
-    <resource id="17" type="1" name="360">73E41278C4BBBA3B306C7EB63CDEC358</resource>
-    <resource id="17" type="1" name="360">1E94BA78A024E8899C819B99B0D4CC2C</resource>
-    <resource id="17" type="1" name="360">65F2B0A5D69167E2E8EB76CDCFCC9BC9</resource>
-    <resource id="17" type="1" name="360">B65944552F5CA6302AB035DB1B24A771</resource>
-    <resource id="17" type="1" name="360">ADACC3DC9471484536AA1B262F72EFA0</resource>
-    <resource id="17" type="1" name="360">0A400870F302760354EB3EBEF58E9EB9</resource>
-    <resource id="17" type="1" name="360">F557CA256E937C9FD12E2F6C204F1A40</resource>
-    <resource id="17" type="1" name="360">CCC1BFCE314E6DD914F6C30502A30342</resource>
-    <resource id="17" type="1" name="360">05EF8D62DD1E5DF7DE6BA787B824ED44</resource>
-    <resource id="17" type="1" name="360">554CFE27588E9423F6E2C47A9640993B</resource>
-    <resource id="17" type="1" name="360">A8E18848F9EA6B3A299E1B6C805A7564</resource>
-
-    <resource id="18" type="1" name="370"></resource>
-
-    <resource id="19" type="1" name="380">0BA1831B7248135B589F5FDCD9B7CB9F</resource>
-    <resource id="19" type="1" name="380">DCC9157A17E21F817D3384818CEFDA0F</resource>
-    <resource id="19" type="1" name="380">D2D4506DB2896B8203998750A4010014</resource>
-    <resource id="19" type="1" name="380">C134274B538EE6DCEC8AF51297549355</resource>
-    <resource id="19" type="1" name="380">560F2FF1EDB5A5DD5CEA27A63C97A32B</resource>
-    <resource id="19" type="1" name="380">1BE7A9A07F9BEB7D9AA634EC9DCD7DE4</resource>
-    <resource id="19" type="1" name="380">E83070CA7104D41C9DBB4EB3956B94B5</resource>
-    <resource id="19" type="1" name="380">6CC98FDAB476552D89A6C810C9780248</resource>
-
-    <resource id="20" type="1" name="390">278767E0B269E408DC8AFFBE8EA44657</resource>
-    <resource id="20" type="1" name="390">BAB1CA8EFFB14E5C330B488965AB3050</resource>
-    <resource id="20" type="1" name="390">12D9198BAE7E3FF83A0A94F91191D73E</resource>
-    <resource id="20" type="1" name="390">75E2E64FBC4240B2F782A14A7D38FBF5</resource>
-
-    <resource id="22" type="1" name="">213F00823670FF279BCC72A79B0F00E3</resource>
-    <resource id="22" type="1" name="">F265AC589740F933A30F0AF7C4A048D6</resource>
-    <resource id="22" type="1" name="">D7ED7D03D3FE6F6505BEFA742304DBE6</resource>
-    <resource id="22" type="1" name="">5116A41F859EC654DD9BF609688CDCD1</resource>
-    <resource id="22" type="1" name="">8A407DC9759D8DD0C8B9B32E858CD63E</resource>
-    <resource id="22" type="1" name="">7D3CDB98C278F5E9E33389AC56BBA098</resource>
-    <resource id="22" type="1" name="">BE537B756D8E61AA684D75F46ED59685</resource>
-    <resource id="22" type="1" name="">43FB66072ADD8EB17ED080ACCCD6274F</resource>
-    <resource id="22" type="1" name="">11E050FA9184385D5D3EAEAD0028C659</resource>
-    <resource id="22" type="1" name="">BEF052A836721603944223065DF03278</resource>
-    <resource id="22" type="1" name="">DE6AD028F9014F7D62C3939EBA34C995</resource>
-    <resource id="22" type="1" name="">5EE01927605E4703CEE0F2E5D5812B90</resource>
-    <resource id="22" type="1" name="">86B067A58C669BF96610A854C15D2832</resource>
-    <resource id="22" type="1" name="">DE40ECFF2F08541E4A5A0D94470FFE86</resource>
-    <resource id="22" type="1" name="">C71D2B63FBE3F38BBA270A74853C64B4</resource>
-    <resource id="22" type="1" name="">7BD38937D4711B70B0B985F4F07FE8FD</resource>
-    <resource id="22" type="1" name="">6A13C17B50A406AFFF371A34E1B2C1AF</resource>
-    <resource id="22" type="1" name="">58CADCC9126954A3204DD8720718587D</resource>
-    <resource id="22" type="1" name="">D8A973A9B4AAB8754398EFD4A2535C56</resource>
-    <resource id="22" type="1" name="">77637E2E3DFEBFF0D1DA4AEAF8463438</resource>
-    <resource id="22" type="1" name="">954648FFBD241AA4A5ED799118319D54</resource>
-    <resource id="22" type="1" name="">F2867A190CD54451443A6333678CD06E</resource>
-    <resource id="22" type="1" name="">4D2D5129F2AB29060C6D2487745F6BEF</resource>
-    <resource id="22" type="1" name="">1E377AB0B3E156D069D26E552518CD85</resource>
-    
-    <resource id="23" type="1" name="">264EB6533830801B97488E747D891510</resource>
-    <resource id="23" type="1" name="">384A022AEBEFEC13B4218D882142DB1F</resource>
-    <resource id="23" type="1" name="">1016B022E1AB1094B4A0303761B8ED1F</resource>
-    <resource id="23" type="1" name="">C48F445A0E277DE95DF1014E61A75FCC</resource>
-    <resource id="23" type="1" name="">904C830A1260577B0780E72737777863</resource>
-    <resource id="23" type="1" name="">E663480F4094BF5C3CE27CD838EEBB0E</resource>
-
-    <resource id="24" type="1" name="">7CB87C9A0E0C15E8DA06336D44327D59</resource>
-
-    <resource id="25" type="1" name="">838D0D01192C393CD864CF8E7C391CD8</resource>
-    <resource id="25" type="1" name="">C1B6B44825A78BF2007808F813C4C25C</resource>
-    <resource id="25" type="1" name="">B4D9C8C7C549AEC53E5ED7D64349C783</resource>
-    <resource id="25" type="1" name="">63BDC75737FC8AAE202A5DBAFCF6CCF6</resource>
-    <resource id="25" type="1" name="">C8B08CDAF8B66217EC37DCEA2476C529</resource>
-    <resource id="25" type="1" name="">3872F93E6150BED21206FE2FE28618A5</resource>
-    <resource id="25" type="1" name="">0ED7649A7DE6DF5C640C9D6C7602A9DE</resource>
-
-    <resource id="26" type="1" name="">3B7DC7C94632D90387958DA410273467</resource>
-
-    <!-- manifests -->
-    <resource id="40" type="2" name="0">E16D70327CD8942745B3B399D8FAF30A</resource>
-
-  </resources>
-
-</xml>
diff --git a/assemblyline_v4_service/common/pestudio/xml/signatures.xml b/assemblyline_v4_service/common/pestudio/xml/signatures.xml
deleted file mode 100644
index 14355e11..00000000
--- a/assemblyline_v4_service/common/pestudio/xml/signatures.xml
+++ /dev/null
@@ -1,29105 +0,0 @@
-<xml version="1.0" encoding="utf-8" bl="0">
-  <!--
-signatures.xml file is part of the pestudio (www.winitor.com)
-It contains the file Signatures detected by pestudio.
-	
-	Biggest part of this file is originating from:
-		http://handlers.sans.org/jclausing/userdb.txt
-		...
-	-->
-
-  <sigs>
-    <sig id="100" bl="0">
-      <text>!EP (ExE Pack) V1.0 -> Elite Coding Group</text>
-      <pattern>60 68 xx xx xx xx B8 xx xx xx xx FF 10</pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="101" bl="0">
-      <text>!EP(ExE Pack) V1.0 -> 6aHguT g-l-u-k</text>
-      <pattern>
-        60 68 xx xx xx xx B8 xx xx xx xx FF 10 68 xx xx xx xx 50 B8 xx xx xx xx FF 10 68 xx xx xx xx
-        6A 40 FF D0 89 05 xx xx xx xx 89 C7 BE xx xx xx xx 60 FC B2 80 31 DB A4 B3 02 E8 6D 00 00 00
-        73 F6 31 C9 E8 64 00 00 00 73 1C 31 C0 E8 5B 00 00 00 73 23 B3 02 41
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="102" bl="0">
-      <text>!EP(ExE Pack) V1.4 lite b2 -> 6aHguT g-l-u-k</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 xx xx xx
-        xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx 00 00
-        00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 4B 45 52 4E 45
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="103" bl="0">
-      <text>!EP(ExE Pack) V1.4 lite final -> 6aHguT g-l-u-k</text>
-      <pattern>
-        90 90 90 90 61 B8 xx xx xx xx FF E0 55 8B EC 60 55 8B 75 08 8B 7D 0C E8 02 00 00 00 EB 04 8B
-        1C 24 C3 81 C3 00 02 00 00 53 57 8B 07 89 03 83 C7 04 83 C3 04 4E 75 F3 5F 5E FC B2 80 8A 06
-        46 88 07 47 02 D2 75 05 8A 16 46 12 D2 73 EF 02 D2 75 05 8A 16 46 12
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="104" bl="0">
-      <text>!EPack 1.4 lite (final) - by 6aHguT</text>
-      <pattern>
-        33 C0 8B C0 68 xx xx xx xx 68 xx xx xx xx E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="105" bl="0">
-      <text>!EPack V1.4 lite final -> 6aHguT</text>
-      <pattern>
-        33 C0 8B C0 68 xx xx xx xx 68 xx xx xx xx E8 xx 00 00 00 68 xx xx xx xx 68 xx xx xx xx E8 xx 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="106" bl="0">
-      <text>$pirit v1.5</text>
-      <pattern>
-        xx xx xx 5B 24 55 50 44 FB 32 2E 31 5D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="107" bl="0">
-      <text>
-        PseudoSigner 0.2 Yoda's Protector 1.02 --> Anorganix
-      </text>
-      <pattern>
-        E8 03 00 00 00 EB 01 90 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="108" bl="0">
-      <text>.BJFnt v1.1b</text>
-      <pattern>
-        EB 01 EA 9C EB 01 EA 53 EB 01 EA 51 EB 01 EA 52 EB 01 EA 56
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="109" bl="0">
-      <text>.BJFnt v1.2 RC</text>
-      <pattern>
-        EB 02 69 B1 83 EC 04 EB 03 CD 20 EB EB 01 EB 9C EB 01 EB EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="110" bl="0">
-      <text>.BJFnt v1.3</text>
-      <pattern>
-        EB 03 3A 4D 3A 1E EB 02 CD 20 9C EB 02 CD 20 EB 02 CD 20 60
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="111" bl="0">
-      <text>.BJFnt v1.3</text>
-      <pattern>
-        EB xx 3A xx xx 1E EB xx CD 20 9C EB xx CD 20 EB xx CD 20 60 EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="112" bl="0">
-      <text>.NET DLL -> Microsoft</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 5F 43 6F 72 44 6C 6C 4D 61 69 6E 00 6D 73 63 6F 72 65 65 2E 64 6C 6C
-        00 00 xx 00 00 FF 25
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="113" bl="0">
-      <text>.NET executable -> Microsoft</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 5F 43 6F 72 45 78 65 4D 61 69 6E 00 6D 73 63 6F 72 65 65 2E 64 6C 6C
-        00 00 00 00 00 FF 25
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="114" bl="0">
-      <text>.NET executable</text>
-      <pattern>
-        FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="115" bl="0">
-      <text>32Lite v0.03a</text>
-      <pattern>
-        60 06 FC 1E 07 BE xx xx xx xx 6A 04 68 xx 10 xx xx 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="116" bl="0">
-      <text>3DMark Database file</text>
-      <pattern>
-        33 44 4D 61 72 6B 20 44 61 74 61 62 61 73 65 20 46 69 6C 65
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="117" bl="0">
-      <text>624 (Six to Four) v1.0</text>
-      <pattern>
-        50 55 4C 50 83 xx xx FC BF xx xx BE xx xx B5 xx 57 F3 A5 C3 33 ED
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="118" bl="0">
-      <text>MSLRH v32a -> emadicius</text>
-      <pattern>
-        EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4
-        08 74 04 75 02 EB 02 EB 01 81 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83
-        C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83
-        C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF
-        FF E8 F2 FF FF FF 83 C4 08 2B 04 24 74 04 75 02 EB 02 EB 01 81 83 C4 04 E8 0A 00 00 00 E8 EB
-        0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 3D FF 0F 00 00 EB 01 68 EB 02 CD 20 EB 01 E8
-        76 1B EB 01 68 EB 02 CD 20 EB 01 E8 CC 66 B8 FE 00 74 04 75 02 EB 02 EB 01 81 66 E7 64 E8 0A
-        00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 0F
-        31 50 0F 31
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="119" bl="0">
-      <text>A program by Jupiter ..</text>
-      <pattern>
-        2B C0 74 05 68 xx xx xx xx 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="120" bl="0">
-      <text>A3E (TXT2COM)</text>
-      <pattern>
-        1E 33 C0 50 BE xx xx 81 C6 xx xx B8 xx xx 8E C0 BF xx xx B9 xx xx F3 A5 CB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="121" bl="0">
-      <text>Aase Crypter - by santasdad</text>
-      <pattern>
-        55 8B EC 83 C4 F0 53 B8 A0 3E 00 10 E8 93 DE FF FF 68 F8 42 00 10 E8 79 DF FF FF 68 00 43 00 10 68 0C 43 00 10 E8 42 DF FF FF 50 E8 44 DF FF FF A3 98 66 00 10 83 3D 98 66 00 10 00 75 13 6A 00 68 18 43 00 10 68 1C 43 00 10 6A 00 E8 4B DF FF FF 68 2C 43 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="122" bl="0">
-      <text>Aase Crypter - by santasdad</text>
-      <pattern>
-        55 8B EC 83 C4 F0 53 B8 A0 3E 00 10 E8 93 DE FF FF 68 F8 42 00 10 E8 79 DF FF FF 68 00 43 00 10 68 0C 43 00 10 E8 42 DF FF FF 50 E8 44 DF FF FF A3 98 66 00 10 83 3D 98 66 00 10 00 75 13 6A 00 68 18 43 00 10 68 1C 43 00 10 6A 00 E8 4B DF FF FF 68 2C 43 00 10 68 0C 43 xx xx xx xx DF FF FF 50 E8 0E DF FF FF A3 94 66 00 10 83 3D 94 66 00 10 00 75 13 6A 00 68 18 43 00 10 68 38 43 00 10 6A 00 E8 15 DF FF FF 68 48 43 00 10 68 0C 43 00 10 E8 D6 DE FF FF 50 E8 D8 DE FF FF A3 A0 66 00 10 83 3D A0 66 00 10 00 75 13 6A 00 68 18 43 00 10 68 58 43 00 10 6A 00 E8 DF DE FF FF 68 6C 43 00 10 68 0C 43 00 10 E8 A0 DE FF FF 50 E8 A2 DE FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="123" bl="0">
-      <text>ABC Cryptor 1.0 - by ZloY</text>
-      <pattern>
-        68 FF 64 24 F0 68 58 58 58 58 90 FF D4 50 8B 40 F2 05 B0 95 F6 95 0F 85 01 81 BB FF 68 xx xx xx xx BF 00 xx xx xx B9 00 xx xx xx 80 37 xx 47 39 CF 75 F8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="124" bl="0">
-      <text>ACE Archive</text>
-      <pattern>
-        xx xx xx xx xx xx xx 2A 2A 41 43 45 2A 2A
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="125" bl="0">
-      <text>AcidCrypt</text>
-      <pattern>
-        60 B9 xx xx xx 00 BA xx xx xx 00 BE xx xx xx 00 02 38 40 4E 75 FA 8B C2 8A 18 32 DF C0 CB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="126" bl="0">
-      <text>AcidCrypt</text>
-      <pattern>
-        BE xx xx xx xx 02 38 40 4E 75 FA 8B C2 8A 18 32 DF C0 CB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="127" bl="0">
-      <text>ACProtect 1.09g -> Risco software Inc.</text>
-      <pattern>
-        60 F9 50 E8 01 00 00 00 7C 58 58 49 50 E8 01 00 00 00 7E 58 58 79 04 66 B9 B8 72 E8 01 00 00
-        00 7A 83 C4 04 85 C8 EB 01 EB C1 F8 BE 72 03 73 01 74 0F 81 01 00 00 00 F9 EB 01 75 F9 E8 01
-        00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="128" bl="0">
-      <text>ACProtect 1.4x -> RISCO soft</text>
-      <pattern>
-        47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C
-        65 41 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 45 78 69 74 50 72 6F 63 65 73 73
-        00 00 00 4D 65 73 73 61 67 65 42 6F 78 41 00 90 4D 69 6E 65 49 6D 70
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="129" bl="0">
-      <text>ACProtect 1.4x -> RISCO soft</text>
-      <pattern>
-        47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C
-        65 41 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 45 78 69 74 50 72 6F 63 65 73 73
-        00 00 00 4D 65 73 73 61 67 65 42 6F 78 41 00 90 4D 69 6E 65 49 6D 70 6F 72 74 5F 45 6E 64 73
-        73 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="130" bl="0">
-      <text>ACProtect V1.3X -> risco</text>
-      <pattern>
-        60 50 E8 01 00 00 00 75 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="131" bl="0">
-      <text>ACProtect v1.41</text>
-      <pattern>
-        60 76 03 77 01 7B 74 03 75 01 78 47 87 EE E8 01 00 00 00 76 83 C4 04 85 EE EB 01 7F 85 F2 EB 01 79 0F 86 01 00 00 00 FC EB 01 78 79 02 87 F2 61 51 8F 05 19 38 01 01 60 EB 01 E9 E9 01 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="132" bl="0">
-      <text>ACProtect V1.4X -> risco</text>
-      <pattern>
-        60 E8 01 00 00 00 7C 83 04 24 06 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="133" bl="0">
-      <text>ACProtect v1.90g -> Risco software Inc.</text>
-      <pattern>
-        60 0F 87 02 00 00 00 1B F8 E8 01 00 00 00 73 83 04 24 06 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="134" bl="0">
-      <text>ACProtect/UltraProtect 1.0X-2.0X -> RiSco</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx
-        00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx
-        xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 44 4C 4C 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="135" bl="0">
-      <text>ACProtect/UltraProtect 1.0X-2.0X -> RiSco</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 44 4C 4C 00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 55 53 45 52 33 32 2E 44 4C 4C 00 xx xx xx xx 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 45 78 69 74 50 72 6F 63 65 73 73 00 00 00 4D 65 73 73 61 67 65 42 6F 78 41 00 90 4D 69 6E 65 49 6D 70 6F 72 74 5F 45 6E 64 73 73 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="136" bl="0">
-      <text>ActiveMARK 5.x -> Trymedia Systems Inc. (h)</text>
-      <pattern>
-        20 2D 2D 4D 50 52 4D 4D 47 56 41 2D 2D 00 75 73 65 72 33 32 2E 64 6C 6C 00 4D 65 73 73 61 67 65 42 6F 78 41 00 54 68 69 73 20 61 70 70 6C 69 63 61 74 69 6F 6E 20 63 61 6E 6E 6F 74 20 72 75 6E 20 77 69 74 68 20 61 6E 20 61 63 74 69 76 65 20 64 65 62 75 67
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ActiveMARK 5.x -> Trymedia Systems,Inc. (h)</text>
-      <pattern>
-        20 2D 2D 4D 50 52 4D 4D 47 56 41 2D 2D 00 75 73 65 72 33 32 2E 64 6C 6C 00 4D 65 73 73 61 67 65 42 6F 78 41 00 54 68 69 73 20 61 70 70 6C 69 63 61 74 69 6F 6E 20 63 61 6E 6E 6F 74 20 72 75 6E 20 77 69 74 68 20 61 6E 20 61 63 74 69 76 65 20 64 65 62 75 67 67 65 72 20 69 6E 20 6D 65 6D 6F 72 79 2E 0D 0A 50 6C 65 61 73 65 20 75 6E 6C 6F 61 64 20 74 68 65 20 64 65 62 75 67 67 65 72 20 61 6E 64 20 72 65 73 74 61 72 74 20 74 68 65 20 61 70 70 6C 69 63 61 74 69 6F 6E 2E 00 57 61 72 6E 69 6E 67
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="137" bl="0">
-      <text>
-        ActiveMARK TM
-      </text>
-      <pattern>
-        79 11 7F AB 9A 4A 83 B5 C9 6B 1A 48 F9 27 B4 25
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="138" bl="0">
-      <text>AdFlt2</text>
-      <pattern>
-        68 00 01 9C 0F A0 0F A8 60 FD 6A 00 0F A1 BE xx xx AD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="139" bl="0">
-      <text>Adlib Sample Audio file</text>
-      <pattern>
-        47 4F 4C 44 20 53 41 4D 50 4C 45
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="140" bl="0">
-      <text>Ady's Glue 1.10</text>
-      <pattern>
-        2E xx xx xx xx 0E 1F BF xx xx 33 DB 33 C0 AC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="141" bl="0">
-      <text>Ady`s Glue v0.10</text>
-      <pattern>
-        2E 8C 06 xx xx 0E 07 33 C0 8E D8 BE xx xx BF xx xx FC B9 xx xx 56 F3 A5 1E 07 5F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="142" bl="0">
-      <text>AHpack 0.1 -> FEUERRADER (h)</text>
-      <pattern>
-        60 68 54 xx xx xx B8 48 xx xx xx FF 10 68 B3 xx xx xx 50 B8 44 xx xx xx FF 10 68 00 xx xx xx 6A 40 FF D0 89 05 CA xx xx xx 89 C7 BE 00 10 xx xx 60 FC B2 80 31 DB A4 B3 02 E8 6D 00 00 00 73 F6 31 C9 E8 64 00 00 00 73 1C 31 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00 10 C0 73 F7 75 3F AA EB D4 E8 4D 00 00 00 29 D9 75 10 E8 42 00 00 00 EB 28 AC D1 E8 74 4D 11 C9 EB 1C 91 48 C1 E0 08 AC E8 2C 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 89 E8 B3 01 56 89 FE 29 C6 F3 A4 5E EB 8E 00 D2 75 05 8A 16 46 10 D2 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="143" bl="0">
-      <text>AHPack 0.1 -> FEUERRADER</text>
-      <pattern>
-        60 68 54 xx xx 00 B8 48 xx xx 00 FF 10 68 B3 xx xx 00 50 B8 44 xx xx 00 FF 10 68 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="144" bl="0">
-      <text>AHpack 0.1 -> FEUERRADER</text>
-      <pattern>
-        60 68 54 xx xx xx B8 48 xx xx xx FF 10 68 B3 xx xx xx 50 B8 44 xx xx xx FF 10 68 00 xx xx xx 6A 40 FF D0 89 05 CA xx xx xx 89 C7 BE 00 10 xx xx 60 FC B2 80 31 DB A4 B3 02 E8 6D 00 00 00 73 F6 31 C9 E8 64 00 00 00 73 1C 31 C0 E8 5B 00 00 00 73 23 B3 02 41
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="145" bl="0">
-      <text>AINEXE v2.1</text>
-      <pattern>
-        A1 xx xx 2D xx xx 8E D0 BC xx xx 8C D8 36 A3 xx xx 05 xx xx 36 A3 xx xx 2E A1 xx xx 8A D4 B1 04 D2 EA FE C9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="146" bl="0">
-      <text>AINEXE v2.30</text>
-      <pattern>
-        0E 07 B9 xx xx BE xx xx 33 FF FC F3 A4 A1 xx xx 2D xx xx 8E D0 BC xx xx 8C D8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="147" bl="0">
-      <text>Alex Protector 0.4 beta 1 by Alex</text>
-      <pattern>
-        60 E8 01 00 00 00 C7 83 C4 04 33 C9 E8 01 00 00 00 68 83 C4 04 E8 01 00 00 00 68 83 C4 04 B9 xx 00 00 00 E8 01 00 00 00 68 83 C4 04 E8 00 00 00 00 E8 01 00 00 00 C7 83 C4 04 8B 2C 24 83 C4 04 E8 01 00 00 00 A9 83 C4 04 81 ED 3C 13 40 00 E8 01 00 00 00 68
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="148" bl="0">
-      <text>Alex Protector 1.0 -> Alex</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 06 10 40 00 E8 24 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="149" bl="0">
-      <text>Alex Protector 1.0 beta 2 by Alex</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 06 10 40 00 E8 24 00 00 00 EB 01 E9 8B 44 24 0C EB 03 EB 03 C7 EB FB E8 01 00 00 00 A8 83 C4 04 83 80 B8 00 00 00 02 33 C0 EB 01 E9 C3 58 83 C4 04 EB 03 EB 03 C7 EB FB E8 01 00 00 00 A8 83 C4 04 50 64 FF 35 00 00 00 00 64 89 25
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="150" bl="0">
-      <text>Alex Protector 1.0 beta 2 by Alex</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 06 10 40 00 E8 24 00 00 00 EB 01 E9 8B 44 24 0C EB 03 EB 03 C7 EB FB E8 01 00 00 00 A8 83 C4 04 83 80 B8 00 00 00 02 33 C0 EB 01 E9 C3 58 83 C4 04 EB 03 EB 03 C7 EB FB E8 01 00 00 00 A8 83 C4 04 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 EB 01 E9 FF FF 60 EB 03 EB 03 C7 EB FB E8 01 00 00 00 A8 83 C4 04 0F 31 8B D8 EB 03 EB 03 C7 EB FB E8 01 00 00 00 A8 83 C4 04 8B CA EB 03 EB 03 C7 EB FB E8 01 00 00 00 A8 83 C4 04 0F 31 2B C3 EB 03 EB 03 C7 EB FB E8 01 00 00 00 A8 83 C4 04 1B D1 0F 31 03 C3 EB 03 EB 03 C7 EB FB E8 01 00 00 00 A8 83 C4 04 13 D1 0F 31 2B C3 EB 03 EB 03 C7 EB FB E8 01 00 00 00 A8 83 C4 04 EB 05 68 F0 0F C7 C8 EB 03 EB 03 C7 EB FB E8 01 00 00 00 A8 83 C4 04 1B D1 EB 03 EB 03 C7 EB FB E8 01 00 00 00 A8 83 C4 04 85
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="151" bl="0">
-      <text>Alex Protector v0.4 beta 1 by Alex</text>
-      <pattern>
-        60 E8 01 00 00 00 C7 83 C4 04 33 C9 E8 01 00 00 00 68 83 C4 04 E8 01 00 00 00 68 83 C4 04 B9 xx 00 00 00 E8 01 00 00 00 68 83 C4 04 E8 00 00 00 00 E8 01 00 00 00 C7 83 C4 04 8B 2C 24 83 C4 04 E8 01 00 00 00 A9 83 C4 04 81 ED 3C 13 40 00 E8 01 00 00 00 68 83 C4 04 E8 00 00 00 00 E8 00 00 00 00 49 E8 01 00 00 00 68 83 C4 04 85 C9 75 DF E8 B9 02 00 00 E8 01 00 00 00 C7 83 C4 04 8D 95 63 14 40 00 E8 01 00 00 00 C7 83 C4 04 90 90 90 E8 CA 01 00 00 01 02 03 04 05 68 90 60 8B 74 24 24 8B 7C 24 28 FC B2 80 33 DB A4 B3 02 E8 6D 00 00 00 73 F6 33 C9 E8 64 00 00 00 73 1C 33 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00 12 C0 73 F7 75 3F AA EB D4 E8 4D 00 00 00 2B CB 75 10 E8 42 00 00 00 EB 28 AC D1 E8 74 4D 13 C9 EB 1C 91 48 C1 E0 08 AC E8 2C 00 00 00 3D 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="152" bl="0">
-      <text>Alex Protector v1.0 -> Alex</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 06 10 40 00 E8 24 00 00 00 EB 01 E9 8B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="153" bl="0">
-      <text>Alias PIX/Vivid IMG Graphics format</text>
-      <pattern>
-        xx xx xx xx 00 00 xx xx 00 18 xx xx xx xx 01
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="154" bl="0">
-      <text>Alloy 4.x -> PGWare LLC</text>
-      <pattern>
-        9C 60 E8 02 00 00 00 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 07 30 40 00 87 DD 6A 04 68 00 10 00 00 68 00 02 00 00 6A 00 FF 95 A8 33 40 00 0B C0 0F 84 F6 01 00 00 89 85 2E 33 40 00 83 BD E8 32 40 00 01 74 0D 83 BD E4 32 40 00 01 74 2A 8B F8 EB 3E 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="155" bl="0">
-      <text>Alloy 4.x -> PGWare LLC</text>
-      <pattern>
-        9C 60 E8 02 00 00 00 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 07 30 40 00 87 DD 6A 04 68 00 10 00 00 68 00 02 00 00 6A 00 FF 95 A8 33 40 00 0B C0 0F 84 F6 01 00 00 89 85 2E 33 40 00 83 BD E8 32 40 00 01 74 0D 83 BD E4 32 40 00 01 74 2A 8B F8 EB 3E 68 D8 01 00 00 50 FF 95 CC 33 40 00 50 8D 85 28 33 40 00 50 FF B5 2E 33 40 00 FF 95 D0 33 40 00 58 83 C0 05 EB 0C 68 D8 01 00 00 50 FF 95 C0 33 40 00 8B BD 2E 33 40 00 03 F8 C6 07 5C 47 8D B5 00 33 40 00 AC 0A C0 74 03 AA EB F8 83 BD DC 32 40 00 01 74 7A 6A 00 68 80 00 00 00 6A 03 6A 00 6A 00 68 00 00 00 80 FF B5 2E 33 40 00 FF 95 B4 33 40 00 83 F8 FF 74 57 89 85 32 33 40 00 8D 85 56 33 40 00 8D 9D 5E 33 40 00 8D 8D 66 33 40 00 51 53 50 FF B5 32 33 40 00 FF 95 C4 33 40 00 FF B5 32 33 40 00 FF 95 B8 33 40 00 8B 85
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="156" bl="0">
-      <text>Alloy v1.x.2000</text>
-      <pattern>
-        9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 07 20 40 xx 87 DD 6A 04 68 xx 10 xx xx 68 xx 02 xx xx 6A xx FF 95 46 23 40 xx 0B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="157" bl="0">
-      <text>Aluwain v8.09</text>
-      <pattern>
-        8B EC 1E E8 xx xx 9D 5E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="158" bl="0">
-      <text>Amiga AIFF 8SFX Audio file</text>
-      <pattern>
-        46 4F 52 4D xx xx xx xx 38 53 56 58 56 48 44 52
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="159" bl="0">
-      <text>Amiga IFF/ILBM Graphics format</text>
-      <pattern>
-        46 4F 52 4D xx xx xx xx 49 4C 42 4D 42 4D 48 44
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="160" bl="0">
-      <text>ANDpakk2 0.06 - by Dmitry "AND" Andreev</text>
-      <pattern>
-        60 FC BE D4 00 40 00 BF 00 10 00 01 57 83 CD FF 33 C9 F9 EB 05 A4 02 DB 75 05 8A 1E 46 12 DB 72 F4 33 C0 40 02 DB 75 05 8A 1E 46 12 DB 13 C0 02 DB 75 05 8A 1E 46 12 DB 72 0E 48 02 DB 75 05 8A 1E 46 12 DB 13 C0 EB DC 83 E8 03 72 0F C1 E0 08 AC 83 F0 FF 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="161" bl="0">
-      <text>ANDpakk2 0.06 - by Dmitry + Andreev</text>
-      <pattern>
-        60 FC BE D4 00 40 00 BF 00 10 00 01 57 83 CD FF 33 C9 F9 EB 05 A4 02 DB 75 05 8A 1E 46 12 DB 72 F4 33 C0 40 02 DB 75 05 8A 1E 46 12 DB 13 C0 02 DB 75 05 8A 1E 46 12 DB 72 0E 48 02 DB 75 05 8A 1E 46 12 DB 13 C0 EB DC 83 E8 03 72 0F C1 E0 08 AC 83 F0 FF 74 4D D1 F8 8B E8 EB 09 02 DB 75 05 8A 1E 46 12 DB 13 C9 02 DB 75 05 8A 1E 46 12 DB 13 C9 75 1A 41 02 DB 75 05 8A 1E 46 12 DB 13 C9 02 DB 75 05 8A 1E 46 12 DB 73 EA 83 C1 02 81 FD 00 FB FF FF 83 D1 01 56 8D 34 2F F3 A4 5E E9 73 FF FF FF C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="162" bl="0">
-      <text>ANDpakk2 0.18 - by Dmitry + Andreev</text>
-      <pattern>
-        FC BE D4 00 40 00 BF 00 xx xx 00 57 83 CD FF 33 C9 F9 EB 05 A4 02 DB 75 05 8A 1E 46 12 DB 72 F4 33 C0 40 02 DB 75 05 8A 1E 46 12 DB 13 C0 02 DB 75 05 8A 1E 46 12 DB 72 0E 48 02 DB 75 05 8A 1E 46 12 DB 13 C0 EB DC 83 E8 03 72 0F C1 E0 08 AC 83 F0 FF 74 4D D1 F8 8B E8 EB 09 02 DB 75 05 8A 1E 46 12 DB 13 C9 02 DB 75 05 8A 1E 46 12 DB 13 C9 75 1A 41 02 DB 75 05 8A 1E 46 12 DB 13 C9 02 DB 75 05 8A 1E 46 12 DB 73 EA 83 C1 02 81 FD 00 FB FF FF 83 D1 01 56 8D 34 2F F3 A4 5E E9 73 FF FF FF C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="163" bl="0">
-      <text>Anskya Binder v1.1 -> Anskya</text>
-      <pattern>
-        BE xx xx xx 00 BB F8 11 40 00 33 ED 83 EE 04 39 2E 74 11
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="164" bl="0">
-      <text>Anskya NTPacker Generator -> Anskya</text>
-      <pattern>
-        55 8B EC 83 C4 F0 53 B8 88 1D 00 10 E8 C7 FA FF FF 6A 0A 68 20 1E 00 10 A1 14 31 00 10 50 E8 71 FB FF FF 8B D8 85 DB 74 2F 53 A1 14 31 00 10 50 E8 97 FB FF FF 85 C0 74 1F 53 A1 14 31 00 10 50 E8 5F FB FF FF 85 C0 74 0F 50 E8 5D FB FF FF 85 C0 74 05 E8 70
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="165" bl="0">
-      <text>Anskya NTPacker Generator -> Anskya</text>
-      <pattern>
-        55 8B EC 83 C4 F0 53 B8 88 1D 00 10 E8 C7 FA FF FF 6A 0A 68 20 1E 00 10 A1 14 31 00 10 50 E8 71 FB FF FF 8B D8 85 DB 74 2F 53 A1 14 31 00 10 50 E8 97 FB FF FF 85 C0 74 1F 53 A1 14 31 00 10 50 E8 5F FB FF FF 85 C0 74 0F 50 E8 5D FB FF FF 85 C0 74 05 E8 70 FC FF FF 5B E8 F2 F6 FF FF 00 00 48 45 41 52 54
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="166" bl="0">
-      <text>Anslym Crypter</text>
-      <pattern>
-        55 8B EC 83 C4 F0 53 56 B8 38 17 05 10 E8 5A 45 FB FF 33 C0 55 68 21 1C 05 10 64 FF 30 64 89 20 EB 08 FC FC FC FC FC FC 27 54 E8 85 4C FB FF 6A 00 E8 0E 47 FB FF 6A 0A E8 27 49 FB FF E8 EA 47 FB FF 6A 0A 68 30 1C 05 10 A1 60 56 05 10 50 E8 68 47 FB FF 8B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="167" bl="0">
-      <text>Anslym Crypter</text>
-      <pattern>
-        55 8B EC 83 C4 F0 53 56 B8 38 17 05 10 E8 5A 45 FB FF 33 C0 55 68 21 1C 05 10 64 FF 30 64 89 20 EB 08 FC FC FC FC FC FC 27 54 E8 85 4C FB FF 6A 00 E8 0E 47 FB FF 6A 0A E8 27 49 FB FF E8 EA 47 FB FF 6A 0A 68 30 1C 05 10 A1 60 56 05 10 50 E8 68 47 FB FF 8B D8 85 DB 0F 84 B6 02 00 00 53 A1 60 56 05 10 50 E8 F2 48 FB FF 8B F0 85 F6 0F 84 A0 02 00 00 E8 F3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="168" bl="0">
-      <text>Anslym FUD Crypter ! Sign by fly</text>
-      <pattern>
-        55 8B EC 83 C4 F0 53 56 B8 38 17 05 10 E8 5A 45 FB FF 33 C0 55 68 21 1C 05 10 64 FF 30 64 89 20 EB 08 FC FC FC FC FC FC 27 54 E8 85 4C FB FF 6A 00 E8 0E 47 FB FF 6A 0A E8 27 49 FB FF E8 EA 47 FB FF 6A 0A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="169" bl="0">
-      <text>Anti007 -> NsPacK Private</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 10 00 00 00 00 00 00 xx xx xx xx 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="170" bl="0">
-      <text>Anti007 V1.0-V2.X -> NsPacK Private</text>
-      <pattern>
-        00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 56 69 72 74 75 61 6C 50 72 6F 74 65 63 74 00 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 00 00 56 69 72 74 75 61 6C 46 72 65 65 00 00 00 45 78 69 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="171" bl="0">
-      <text>Anti007 V2.5-V2.6 -> NsPacK Private</text>
-      <pattern>
-        00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 56 69 72 74 75 61 6C 50 72 6F 74 65 63 74 00 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 00 00 56 69 72 74 75 61 6C 46 72 65 65 00 00 00 47 65 74 53
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="172" bl="0">
-      <text>Anti007 V2.6 -> LiuXingPing ! Sign by fly</text>
-      <pattern>
-        00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 56 69 72 74 75 61 6C 50 72 6F 74 65 63 74 00 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 00 00 56 69 72 74 75 61 6C 46 72 65 65 00 00 00 47 65 74 53 79 73 74 65 6D 44 69 72 65 63 74 6F 72 79 41 00 00 00 43 72 65 61 74 65 46 69 6C 65 41 00 00 00 57 72 69 74 65 46 69 6C 65 00 00 00 43 6C 6F 73 65 48 61 6E 64 6C 65 00 00 00 45 78 69 74 50 72 6F 63 65 73 73 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="173" bl="0">
-      <text>Anti007 V2.7-V3.5 -> NsPacK Private</text>
-      <pattern>
-        00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 56 69 72 74 75 61 6C 50 72 6F 74 65 63 74 00 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 00 00 56 69 72 74 75 61 6C 46 72 65 65 00 00 00 47 65 74 54
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="174" bl="0">
-      <text>Anticrack Software Protector v1.09 (ACProtect)</text>
-      <pattern>
-        60 xx xx xx xx xx xx xx xx 00 00 xx xx xx xx xx xx xx xx xx xx xx xx E8 01 00 00 00 xx 83 04 24 06 C3 xx xx xx xx xx 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="175" bl="0">
-      <text>AntiDote 1.0 Beta -> SIS-Team</text>
-      <pattern>
-        E8 BB FF FF FF 84 C0 74 2F 68 04 01 00 00 68 C0 23 60 00 6A 00 FF 15 08 10 60 00 E8 40 FF FF FF 50 68 78 11 60 00 68 68 11 60 00 68 C0 23 60 00 E8 AB FD FF FF 83 C4 10 33 C0 C2 10 00 90 90 90 8B 4C 24 08 56 8B 74 24 08 33 D2 8B C6 F7 F1 8B C6 85 D2 74 08 33 D2 F7 F1 40 0F AF C1 5E C3 90 8B 44 24 04 53 55 56 8B 48 3C 57 03 C8 33 D2 8B 79 54 8B 71 38 8B C7 F7 F6 85 D2 74 0C 8B C7 33 D2 F7 F6 8B F8 47 0F AF FE 33 C0 33 DB 66 8B 41 14 8D 54 08 18 33 C0 66 8B 41 06 89 54 24 14 8D 68 FF 85 ED 7C 37 33 C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="176" bl="0">
-      <text>AntiDote 1.0 beta -> Spy Instructor</text>
-      <pattern>
-        E8 BB FF FF FF 84 C0 74 2F 68 04 01 00 00 68 C0 23 60 00 6A 00 FF 15 08 10 60 00 E8 40 FF FF FF 50 68 78 11 60 00 68 68 11 60 00 68 C0 23 60 00 E8 AB FD FF FF 83 C4 10 33 C0 C2 10 00 90 90 90 8B 4C 24 08 56 8B 74 24 08 33 D2 8B C6 F7 F1 8B C6 85 D2 74 08
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="177" bl="0">
-      <text>AntiDote 1.0 beta -> Spy Instructor</text>
-      <pattern>
-        E8 BB FF FF FF 84 C0 74 2F 68 04 01 00 00 68 C0 23 60 00 6A 00 FF 15 08 10 60 00 E8 40 FF FF FF 50 68 78 11 60 00 68 68 11 60 00 68 C0 23 60 00 E8 AB FD FF FF 83 C4 10 33 C0 C2 10 00 90 90 90 8B 4C 24 08 56 8B 74 24 08 33 D2 8B C6 F7 F1 8B C6 85 D2 74 08 33 D2 F7 F1 40 0F AF C1 5E C3 90 8B 44 24 04 53 55 56 8B 48 3C 57 03 C8 33 D2 8B 79 54 8B 71 38 8B C7 F7 F6 85 D2 74 0C 8B C7 33 D2 F7 F6 8B F8 47 0F AF FE 33 C0 33 DB 66 8B 41 14 8D 54 08 18 33 C0 66 8B 41 06 89 54 24 14 8D 68 FF 85 ED 7C 37 33 C0 8B 4C 24 14 8D 04 80 8B 4C C1 08 85 C9 74 1A 8B C1 33 D2 F7 F6 85 D2 75 04 03 F9 EB 0C 8B C1 33 D2 F7 F6 40 0F AF C6 03 F8 43 8B C3 25 FF FF 00 00 3B C5 7E CB 8B C7 5F 5E 5D 5B C3 90 90 90 90 90 90 90 90 90 90 90 90 55 8B EC 6A FF 68 50 22 60 00 64 A1 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="178" bl="0">
-      <text>AntiDote 1.0 Demo / 1.2 -> SIS-Team</text>
-      <pattern>
-        00 00 00 00 09 01 47 65 74 43 6F 6D 6D 61 6E 64 4C 69 6E 65 41 00 DB 01 47 65 74 56 65 72 73 69 6F 6E 45 78 41 00 73 01 47 65 74 4D 6F 64 75 6C 65 46 69 6C 65 4E 61 6D 65 41 00 00 7A 03 57 61 69 74 46 6F 72 53 69 6E 67 6C 65 4F 62 6A 65 63 74 00 BF 02 52 65 73 75 6D 65 54 68 72 65 61 64 00 00 29 03 53 65 74 54 68 72 65 61 64 43 6F 6E 74 65 78 74 00 00 94 03 57 72 69 74 65 50 72 6F 63 65 73 73 4D 65 6D 6F 72 79 00 00 6B 03 56 69 72 74 75 61 6C 41 6C 6C 6F 63 45 78 00 00 A6 02 52 65 61 64 50 72 6F 63 65 73 73 4D 65 6D 6F 72 79 00 CA 01 47 65 74 54 68 72 65 61 64 43 6F 6E 74 65 78 74 00 00 62 00 43 72 65 61 74 65 50 72 6F 63 65 73 73 41 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="179" bl="0">
-      <text>AntiDote 1.0.Demo -> SIS-Team</text>
-      <pattern>
-        00 00 00 00 09 01 47 65 74 43 6F 6D 6D 61 6E 64 4C 69 6E 65 41 00 DB 01 47 65 74 56 65 72 73 69 6F 6E 45 78 41 00 73 01 47 65 74 4D 6F 64 75 6C 65 46 69 6C 65 4E 61 6D 65 41 00 00 7A 03 57 61 69 74 46 6F 72 53 69 6E 67 6C 65 4F 62 6A 65 63 74 00 BF 02 52
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="180" bl="0">
-      <text>AntiDote 1.0.Demo -> SIS-Team</text>
-      <pattern>
-        00 00 00 00 09 01 47 65 74 43 6F 6D 6D 61 6E 64 4C 69 6E 65 41 00 DB 01 47 65 74 56 65 72 73 69 6F 6E 45 78 41 00 73 01 47 65 74 4D 6F 64 75 6C 65 46 69 6C 65 4E 61 6D 65 41 00 00 7A 03 57 61 69 74 46 6F 72 53 69 6E 67 6C 65 4F 62 6A 65 63 74 00 BF 02 52 65 73 75 6D 65 54 68 72 65 61 64 00 00 29 03 53 65 74 54 68 72 65 61 64 43 6F 6E 74 65 78 74 00 00 94 03 57 72 69 74 65 50 72 6F 63 65 73 73 4D 65 6D 6F 72 79 00 00 6B 03 56 69 72 74 75 61 6C 41 6C 6C 6F 63 45 78 00 00 A6 02 52 65 61 64 50 72 6F 63 65 73 73 4D 65 6D 6F 72 79 00 CA 01 47 65 74 54 68 72 65 61 64 43 6F 6E 74 65 78 74 00 00 62 00 43 72 65 61 74 65 50 72 6F 63 65 73 73 41 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 DC 01 4D 65 73 73 61 67 65 42 6F 78 41 00 26 00 43 68 61 72 4C 6F 77 65 72 41 00 00 55 53 45 52 33 32 2E 64 6C 6C 00 00 C5 02 73 74 72 73 74 72 00 00 91 02 6D 61 6C 6C 6F 63 00 00 5E 02 66 72 65 65 00 00 4C 02 66 63 6C 6F 73 65 00 00 DA 00 5F 66 69 6C 62 75 66 00 64 02 66 74 65 6C 6C 00 62 02 66 73 65 65 6B 00 57 02 66 6F 70 65 6E 00 49 00 5F 5F 43 78 78 46 72 61 6D 65 48 61 6E 64 6C 65 72 00 4D 53 56 43 52 54 2E 64 6C 6C 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="181" bl="0">
-      <text>AntiDote 1.2 Beta (Demo) -> SIS-Team</text>
-      <pattern>
-        68 69 D6 00 00 E8 C6 FD FF FF 68 69 D6 00 00 E8 BC FD FF FF 83 C4 08 E8 A4 FF FF FF 84 C0 74 2F 68 04 01 00 00 68 B0 21 60 00 6A 00 FF 15 08 10 60 00 E8 29 FF FF FF 50 68 88 10 60 00 68 78 10 60 00 68 B0 21 60 00 E8 A4 FD FF FF 83 C4 10 33 C0 C2 10 00 90 90 90 90 90 90 90 90 90 90 90 90 8B 4C 24 08 56 8B 74 24 08 33 D2 8B C6 F7 F1 8B C6 85 D2 74 08 33 D2 F7 F1 40 0F AF C1 5E C3 90 8B 44 24 04 53 55 56 8B 48 3C 57 03 C8 33 D2 8B 79 54 8B 71 38 8B C7 F7 F6 85 D2 74 0C 8B C7 33 D2 F7 F6 8B F8 47 0F AF FE 33 C0 33 DB 66 8B 41 14 8D 54 08 18 33 C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="182" bl="0">
-      <text>AntiDote 1.2.Demo -> SIS-Team</text>
-      <pattern>
-        E8 F7 FE FF FF 05 CB 22 00 00 FF E0 E8 EB FE FF FF 05 BB 19 00 00 FF E0 E8 BD 00 00 00 08 B2 62 00 01 52 17 0C 0F 2C 2B 20 7F 52 79 01 30 07 17 29 4F 01 3C 30 2B 5A 3D C7 26 11 26 06 59 0E 78 2E 10 14 0B 13 1A 1A 3F 64 1D 71 33 57 21 09 24 8B 1B 09 37 08 61 0F 1D 1D 2A 01 87 35 4C 07 39 0B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="183" bl="0">
-      <text>AntiDote 1.2.DLL.Demo -> SIS-Team</text>
-      <pattern>
-        EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90 E9 08 32 90 90 90 90 90 90 90 90 90 90 80 7C 24 08 01 0F 85 xx xx xx xx 60 BE xx xx xx xx 8D BE xx xx xx xx 57 83 CD FF EB 0B 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="184" bl="0">
-      <text>AntiDote 1.2.DLL.Demo -> SIS-Team</text>
-      <pattern>
-        EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90 E9 08 32 90 90 90 90 90 90 90 90 90 90 80 7C 24 08 01 0F 85 xx xx xx xx 60 BE xx xx xx xx 8D BE xx xx xx xx 57 83 CD FF EB 0B 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0 08 8A 06 46 83 F0 FF 74 74 89 C5 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 75 20 41 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 83 C1 02 81 FD 00 F3 FF FF 83 D1 01 8D 14 2F 83 FD FC 76 0F 8A 02 42 88 07 47 49 75 F7 E9 63 FF FF FF 90 8B 02 83 C2 04 89 07 83 C7 04 83 E9 04 77 F1 01 CF E9 4C FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="185" bl="0">
-      <text>AntiDote 1.2/1.4 SE DLL -> SIS-Team</text>
-      <pattern>
-        EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90 E9 08 32 90 90 90 90 90 90 90 90 90 90 80 7C 24 08 01 0F 85 xx xx xx xx 60 BE xx xx xx xx 8D BE xx xx xx xx 57 83 CD FF EB 0B 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 xx 75 xx 8B 1E 83 EE FC 11 DB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="186" bl="0">
-      <text>AntiDote 1.4 SE -> SIS-Team</text>
-      <pattern>
-        68 90 03 00 00 E8 C6 FD FF FF 68 90 03 00 00 E8 BC FD FF FF 68 90 03 00 00 E8 B2 FD FF FF 50 E8 AC FD FF FF 50 E8 A6 FD FF FF 68 69 D6 00 00 E8 9C FD FF FF 50 E8 96 FD FF FF 50 E8 90 FD FF FF 83 C4 20 E8 78 FF FF FF 84 C0 74 4F 68 04 01 00 00 68 10 22 60 00 6A 00 FF 15 08 10 60 00 68 90 03 00 00 E8 68 FD FF FF 68 69 D6 00 00 E8 5E FD FF FF 50 E8 58 FD FF FF 50 E8 52 FD FF FF E8 DD FE FF FF 50 68 A4 10 60 00 68 94 10 60 00 68 10 22 60 00 E8 58 FD FF FF 83 C4 20 33 C0 C2 10 00 8B 4C 24 08 56 8B 74 24 08 33 D2 8B C6 F7 F1 8B C6 85 D2 74 08 33 D2 F7 F1 40 0F AF C1 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="187" bl="0">
-      <text>AntiDote V1.2 -> SIS-Team ! Sign by fly</text>
-      <pattern>
-        00 00 00 00 09 01 47 65 74 43 6F 6D 6D 61 6E 64 4C 69 6E 65 41 00 DB 01 47 65 74 56 65 72 73 69 6F 6E 45 78 41 00 73 01 47 65 74 4D 6F 64 75 6C 65 46 69 6C 65 4E 61 6D 65 41 00 00 7A 03 57 61 69 74 46 6F 72 53 69 6E 67 6C 65 4F 62 6A 65 63 74 00 BF 02 52 65 73 75 6D 65 54 68 72 65 61 64 00 00 29 03 53 65 74 54 68 72 65 61 64 43 6F 6E 74 65 78 74 00 00 94 03 57 72 69 74 65 50 72 6F 63 65 73 73 4D 65 6D 6F 72 79 00 00 6B 03 56 69 72 74 75 61 6C 41 6C 6C 6F 63 45 78 00 00 A6 02 52 65 61 64 50 72 6F 63 65 73 73 4D 65 6D 6F 72 79 00 CA 01 47 65 74 54 68 72 65 61 64 43 6F 6E 74 65 78 74 00 00 62 00 43 72 65 61 74 65 50 72 6F 63 65 73 73 41 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 26 00 43 68 61 72 4C 6F 77 65 72 41 00 00 55 53 45 52 33 32 2E 64 6C 6C 00 00 5E 02 66 72 65 65 00 00 4C 02 66 63 6C 6F 73 65 00 00 DA 00 5F 66 69 6C 62 75 66 00 91 02 6D 61 6C 6C 6F 63 00 00 64 02 66 74 65 6C 6C 00 62 02 66 73 65 65 6B 00 57 02 66 6F 70 65 6E 00 C5 02 73 74 72 73 74 72 00 00 4D 53 56 43 52 54 2E 64 6C 6C 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="188" bl="0">
-      <text>AntiDote V1.2.Demo -> SIS-Team</text>
-      <pattern>
-        E8 F7 FE FF FF 05 CB 22 00 00 FF E0 E8 EB FE FF FF 05 BB 19 00 00 FF E0 E8 BD 00 00 00 08 B2 62 00 01 52 17 0C 0F 2C 2B 20 7F 52 79 01 30 07 17 29 4F 01 3C 30 2B 5A 3D C7 26 11 26 06 59 0E 78 2E 10 14 0B 13 1A 1A 3F 64 1D 71 33 57 21 09 24 8B 1B 09 37 08
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>AntiDote v1.4 osCE *Sing by osC++CoDeR</text>
-      <pattern>
-        68 95 01 00 00 E8 D0 FD FF FF 68 95 01 00 00 E8 C3 FD FF FF 68 90 03 00 00 E8 BC FD FF FF 68 90 03 00 00 E8 B2 FD FF FF 50 E8 AC FD FF FF 50 E8 A6 FD FF FF 68 69 D6 00 00 E8 9C FD FF FF 50 E8 96 FD FF FF 50 E8 90 FD FF FF 83 C4 20 E8 78 FF FF FF 84 C0 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="189" bl="0">
-      <text>AntiDote V1.x -> SIS-Team</text>
-      <pattern>
-        68 xx xx 00 00 E8 xx FD FF FF 68 xx xx 00 00 E8 xx FD FF FF 68 90 03 00 00 E8 xx FD FF FF xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx E8 xx FD FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="190" bl="0">
-      <text>AntiVirus Vaccine v.1.03</text>
-      <pattern>
-        FA 33 DB B9 xx xx 0E 1F 33 F6 FC AD 35 xx xx 03 D8 E2
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="191" bl="0">
-      <text>aPack v0.62</text>
-      <pattern>
-        1E 06 8C C8 8E D8 xx xx xx 8E C0 50 BE xx xx 33 FF FC B6
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="192" bl="0">
-      <text>aPack v0.82</text>
-      <pattern>
-        1E 06 8C CB BA xx xx 03 DA 8D xx xx xx FC 33 F6 33 FF 48 4B 8E C0 8E DB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="193" bl="0">
-      <text>aPack v0.98 -m</text>
-      <pattern>
-        1E 06 8C C8 8E D8 05 xx xx 8E C0 50 BE xx xx 33 FF FC B2 xx BD xx xx 33 C9 50 A4 BB xx xx 3B F3 76
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="194" bl="0">
-      <text>aPack v0.98b (com)</text>
-      <pattern>
-        BE xx xx BF xx xx 8B CF FC 57 F3 A4 C3 BF xx xx 57 57 BE xx xx B2 xx BD xx xx 50 A4
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="195" bl="0">
-      <text>aPack v0.98b (DES not saved)</text>
-      <pattern>
-        8C CB BA xx xx 03 DA FC 33 F6 33 FF 4B 8E DB 8D xx xx xx 8E C0 B9 xx xx F3 A5 4A 75
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="196" bl="0">
-      <text>aPack v0.98b (exe)</text>
-      <pattern>
-        93 07 1F 05 xx xx 8E D0 BC xx xx EA
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="197" bl="0">
-      <text>APatch GUI v1.1</text>
-      <pattern>
-        52 31 C0 E8 FF FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="198" bl="0">
-      <text>Apex 3.0 alpha -> 500mhz</text>
-      <pattern>
-        5F B9 14 00 00 00 51 BE 00 10 40 00 B9 00 xx xx 00 8A 07 30 06 46 E2 FB 47 59 E2 EA 68 xx xx xx 00 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="199" bl="0">
-      <text>APEX_C (BLT Apex 4.0) -> 500mhz</text>
-      <pattern>
-        68 xx xx xx xx B9 FF FF FF 00 01 D0 F7 E2 72 01 48 E2 F7 B9 FF 00 00 00 8B 34 24 80 36 FD 46 E2 FA C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="200" bl="0">
-      <text>Apex_c beta -> 500mhz</text>
-      <pattern>
-        68 xx xx xx xx B9 FF FF FF 00 01 D0 F7 E2 72 01 48 E2 F7 B9 FF 00 00 00 8B 34 24 80 36 FD 46 E2 FA C3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="201" bl="0">
-      <text>Apex_c beta -> 500mhz</text>
-      <pattern>
-        68 xx xx xx xx B9 FF FF FF 00 01 D0 F7 E2 72 01 48 E2 F7 B9 FF 00 00 00 8B 34 24 80 36 FD 46 E2 FA C3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="202" bl="0">
-      <text>App Encryptor -> Silent Team</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 1F 1F 40 00 B9 7B 09 00 00 8D BD 67 1F 40 00 8B F7 AC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="203" bl="0">
-      <text>App Protector -> Silent Team</text>
-      <pattern>
-        E9 97 00 00 00 0D 0A 53 69 6C 65 6E 74 20 54 65 61 6D 20 41 70 70 20 50 72 6F 74 65 63 74 6F 72 0D 0A 43 72 65 61 74 65 64 20 62 79 20 53 69 6C 65 6E 74 20 53 6F 66 74 77 61 72 65 0D 0A 54 68 65 6E 6B 7A 20 74 6F 20 44 6F 63 68 74 6F 72 20 58 0D 0A 0D 0A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="204" bl="0">
-      <text>App Protector -> Silent Team</text>
-      <pattern>
-        E9 97 00 00 00 0D 0A 53 69 6C 65 6E 74 20 54 65 61 6D 20 41 70 70 20 50 72 6F 74 65 63 74 6F 72 0D 0A 43 72 65 61 74 65 64 20 62 79 20 53 69 6C 65 6E 74 20 53 6F 66 74 77 61 72 65 0D 0A 54 68 65 6E 6B 7A 20 74 6F 20 44 6F 63 68 74 6F 72 20 58 0D 0A 0D 0A 54 68 69 73 20 69 73 20 53 50 61 6B 65 64 20 41 70 70 6C 69 63 61 74 69 6F 6E 0D 0A 53 50 41 4B 20 63 6F 6D 70 72 69 6D 61 74 69 6F 6E 20 73 79 73 74 65 6D 20 69 73 20 AE 53 69 6C 65 6E 74 20 54 65 61 6D 99 0D 0A 60 E8 01 00 00 00 E8 83 C4 04 E8 01 00 00 00 E9 5D 81 ED 76 22 40 00 E8 04 02 00 00 E8 EB 08 EB 02 CD 20 FF 24 24 9A 66 BE 47 46 E8 01 00 00 00 9A 59 8D 95 C8 22 40 00 E8 01 00 00 00 69 58 66 BF 4D 4A E8 BF 01 00 00 8D 52 F9 E8 01 00 00 00 E8 5B 68 CC FF E2 9A FF E4 69 FF A5 E4 24 40 00 E9 E8 B9 FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="205" bl="0">
-      <text>ARC-SFX Archive</text>
-      <pattern>
-        8C C8 8C DB 8E D8 8E C0 89 xx xx xx 2B C3 A3 xx xx 89 xx xx xx BE xx xx B9 xx xx BF xx xx BA xx xx FC AC 32 C2 8A D8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="206" bl="0">
-      <text>ARJ SFX Custom</text>
-      <pattern>
-        60 BE 15 F0 40 00 8D BE EB 1F FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="207" bl="0">
-      <text>ARJ SFX Custom</text>
-      <pattern>
-        64 A1 00 00 00 00 55 8B EC 6A FF 68 18 C0 40 00 68 C4 A1 40 00 50 64 89 25 00 00 00 00 83 EC 60 53 56 57 89 65 E8 FF 15 38 03 41 00 A3 D0 D6 40 00 33 C0 A0 D1 D6 40 00 A3 DC D6 40 00 A1 D0 D6
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="208" bl="0">
-      <text>ARJ SFX Custom</text>
-      <pattern>
-        B8 xx xx xx xx 66 9C 60 50 8D 90 5C 01 00 00 68 00 00 40 00 83 3A 00 0F 84 C6 C1 FF FF 8B 04 24 8B 0A 0F BA F1 1F 73 13 FD 8B F0 8B F8 03 72 04 03 7A 08 F3 A5 83 C2 0C FC EB D9 83 C2 10 8B 5A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="209" bl="0">
-      <text>ARM Protector 0.1 by SMoKE</text>
-      <pattern>
-        E8 04 00 00 00 83 60 EB 0C 5D EB 05 45 55 EB 04 B8 EB F9 00 C3 E8 00 00 00 00 5D EB 01 00 81 ED 5E 1F 40 00 EB 02 83 09 8D B5 EF 1F 40 00 EB 02 83 09 BA A3 11 00 00 EB 01 00 8D 8D 92 31 40 00 8B 09 E8 14 00 00 00 83 EB 01 00 8B FE E8 00 00 00 00 58 83 C0
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="210" bl="0">
-      <text>ARM Protector 0.2-> SMoKE</text>
-      <pattern>
-        E8 04 00 00 00 83 60 EB 0C 5D EB 05 45 55 EB 04 B8 EB F9 00 C3 E8 00 00 00 00 5D EB 01 00 81 ED 09 20 40 00 EB 02 83 09 8D B5 9A 20 40 00 EB 02 83 09 BA 0B 12 00 00 EB 01 00 8D 8D A5 32 40 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="211" bl="0">
-      <text>ARM Protector 0.3 - by SMoKE</text>
-      <pattern>
-        E8 04 00 00 00 83 60 EB 0C 5D EB 05 45 55 EB 04 B8 EB F9 00 C3 E8 00 00 00 00 5D EB 01 00 81 ED 13 24 40 00 EB 02 83 09 8D B5 A4 24 40 00 EB 02 83 09 BA 4B 15 00 00 EB 01 00 8D 8D EF 39 40 00 8B 09 E8 14 00 00 00 83 EB 01 00 8B FE E8 00 00 00 00 58 83 C0 07 50 C3 00 EB 04 58 40 50 C3 8A 06 46 EB 01 00 D0 C8 E8 14 00 00 00 83 EB 01 00 2A C2 E8 00 00 00 00 5B 83 C3 07 53 C3 00 EB 04 5B 43 53 C3 EB 01 00 32 C2 E8 0B 00 00 00 00 32 C1 EB 01 00 C0 C0 02 EB 09 2A C2 5B EB 01 00 43 53 C3 88 07 EB 01 00 47 4A 75 B4
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="212" bl="0">
-      <text>ARM Protector v0.1 by SMoKE</text>
-      <pattern>
-        E8 04 00 00 00 83 60 EB 0C 5D EB 05 45 55 EB 04 B8 EB F9 00 C3 E8 00 00 00 00 5D EB 01 00 81 ED 5E 1F 40 00 EB 02 83 09 8D B5 EF 1F 40 00 EB 02 83 09 BA A3 11 00 00 EB 01 00 8D 8D 92 31 40 00 8B 09 E8 14 00 00 00 83 EB 01 00 8B FE E8 00 00 00 00 58 83 C0 07 50 C3 00 EB 04 58 40 50 C3 8A 06 46 EB 01 00 D0 C8 E8 14 00 00 00 83 EB 01 00 2A C2 E8 00 00 00 00 5B 83 C3 07 53 C3 00 EB 04 5B 43 53 C3 EB 01 00 32 C2 E8 0B 00 00 00 00 32 C1 EB 01 00 C0 C0 02 EB 09 2A C2 5B EB 01 00 43 53 C3 88 07 EB 01 00 47 4A 75 B4
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="213" bl="0">
-      <text>Armadillo 3.00a -> Silicon Realms Toolworks</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 50 51 EB 0F xx EB 0F xx EB 07 xx EB 0F xx EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC xx 59 58 50 51 EB 0F xx EB 0F xx EB 07 xx EB 0F xx EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC xx 59 58 50 51 EB 0F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="214" bl="0">
-      <text>Armadillo 3.00a -> Silicon Realms Toolworks</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 50 51 EB 0F xx EB 0F xx EB 07 xx EB 0F xx EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC xx 59 58 50 51 EB 0F xx EB 0F xx EB 07 xx EB 0F xx EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC xx 59 58 50 51 EB 0F xx EB 0F xx EB 07 xx EB 0F xx EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC xx 59 58 60 33 C9 75 02 EB 15 xx 33 C9 75 18 7A 0C 70 0E EB 0D xx 72 0E 79 F1 xx xx xx 79 09 74 F0 xx 87 DB 7A F0 xx xx 61 50 51 EB 0F xx EB 0F xx EB 07 xx EB 0F xx EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC xx 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 xx 8B 04 24 EB 03 7A 29 xx C6 00 90 C3 xx 70 F0 87 D2 71 07 xx xx 40 8B DB 7A 11 EB 08 xx EB F7 EB C3 xx 7A E9 70 DA 7B D1 71 F3 xx 7B F3 71 D6 xx 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 xx 33 C9 75 18 7A 0C 70 0E EB 0D xx 72 0E 79 F1 xx xx xx 79 09 74 F0 EB 87 xx 7A F0 xx xx 61 8B 9C BD 26 42
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="215" bl="0">
-      <text>Armadillo 3.01, 3.05</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 50 51 EB 0F
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="216" bl="0">
-      <text>Armadillo 3.10</text>
-      <pattern>
-        55 8B EC 6A FF 68 E0 97 44 00 68 20 C0 42 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 4C 41 44 00 33 D2 8A D4 89 15 90 A1 44 00 8B C8 81 E1 FF 00 00 00 89 0D 8C A1 44 00 C1 E1 08 03 CA 89 0D 88 A1 44 00 C1 E8 10 A3 84 A1
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="217" bl="0">
-      <text>Armadillo 3.6x -> Silicon Realms Toolworks</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 50 51 EB 0F xx EB 0F xx EB 07 xx EB 0F xx EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC xx 59 58 50 51 EB 0F xx EB 0F xx EB 07 xx EB 0F xx EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC xx 59 58 50 51 EB 0F xx EB 0F xx EB 07 xx EB 0F xx EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC xx 59 58 60 33 C9 75 02 EB 15 xx 33 C9 75 18 7A 0C 70 0E EB 0D xx 72 0E 79 F1 xx xx xx 79 09 74 F0 xx 87 DB 7A F0 xx xx 61 50 51 EB 0F xx EB 0F xx EB 07 xx EB 0F xx EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC xx 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 xx 8B 04 24 EB 03 7A 29 xx C6 00 90 C3 xx 70 F0 87 D2 71 07 xx xx 40 8B DB 7A 11 EB 08 xx EB F7 EB C3 xx 7A E9 70 DA 7B D1 71 F3 xx 7B F3 71 D6 xx 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 xx 33 C9 75 18 7A 0C 70 0E EB 0D xx 72 0E 79 F1 xx xx xx 79 09 74 F0 EB 87 xx 7A F0 xx xx 61 8B 9C BD AB 76
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="218" bl="0">
-      <text>Armadillo 3.7x -> Silicon Realms Toolworks</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 50 51 EB 0F xx EB 0F xx EB 07 xx EB 0F xx EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC xx 59 58 50 51 EB 0F xx EB 0F xx EB 07 xx EB 0F xx EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC xx 59 58 50 51 EB 0F xx EB 0F xx EB 07 xx EB 0F xx EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC xx 59 58 60 33 C9 75 02 EB 15 xx 33 C9 75 18 7A 0C 70 0E EB 0D xx 72 0E 79 F1 xx xx xx 79 09 74 F0 xx 87 DB 7A F0 xx xx 61 50 51 EB 0F xx EB 0F xx EB 07 xx EB 0F xx EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC xx 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 xx 8B 04 24 EB 03 7A 29 xx C6 00 90 C3 xx 70 F0 87 D2 71 07 xx xx 40 8B DB 7A 11 EB 08 xx EB F7 EB C3 xx 7A E9 70 DA 7B D1 71 F3 xx 7B F3 71 D6 xx 9D 61 83 ED 06 B8 3B 01 00 00 03 C5 33 DB 81 C3 01 01 01 01 31 18 81 38 78 54 00 00 74 04 31 18 EB EC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="219" bl="0">
-      <text>Armadillo 3.X-5.X -> Silicon Realms Toolworks</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 50 51 0F CA F7 D2 9C F7 D2 0F CA EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 9D 0F C9 8B CA F7 D1 59 58 50 51 0F CA F7 D2 9C F7 D2 0F CA EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="220" bl="0">
-      <text>Armadillo 3.X-5.X -> Silicon Realms Toolworks</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 50 51 0F CA F7 D2 9C F7 D2 0F CA EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 9D 0F C9 8B CA F7 D1 59 58 50 51 0F CA F7 D2 9C F7 D2 0F CA EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 9D 0F C9 8B CA F7 D1 59 58 50 51 0F CA F7 D2 9C F7 D2 0F CA EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 9D 0F C9 8B CA F7 D1 59 58 60 33 C9 75 02 EB 15 EB 33
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="221" bl="0">
-      <text>Armadillo 4.00.0053 -> Silicon Realms Toolworks</text>
-      <pattern>
-        55 8B EC 6A FF 68 20 8B 4B 00 68 80 E4 48 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 88 31 4B 00 33 D2 8A D4 89 15 A4 A1 4B 00 8B C8 81 E1 FF 00 00 00 89 0D A0 A1 4B 00 C1 E1 08 03 CA 89 0D 9C A1 4B 00 C1 E8 10 A3 98 A1
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="222" bl="0">
-      <text>Armadillo 4.10 -> Silicon Realms Toolworks</text>
-      <pattern>
-        55 8B EC 6A FF 68 F8 8E 4C 00 68 D0 EA 49 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 88 31 4C 00 33 D2 8A D4 89 15 7C A5 4C 00 8B C8 81 E1 FF 00 00 00 89 0D 78 A5 4C 00 C1 E1 08 03 CA 89 0D 74 A5 4C 00 C1 E8 10 A3 70 A5
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="223" bl="0">
-      <text>Armadillo 4.20 -> Silicon Realms Toolworks</text>
-      <pattern>
-        55 8B EC 6A FF 68 F8 8E 4C 00 68 F0 EA 49 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 88 31 4C 00 33 D2 8A D4 89 15 84 A5 4C 00 8B C8 81 E1 FF 00 00 00 89 0D 80 A5 4C 00 C1 E1 08 03 CA 89 0D 7C A5 4C 00 C1 E8 10 A3 78 A5
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="224" bl="0">
-      <text>Armadillo 4.30 - 4.40 -> Silicon Realms Toolworks</text>
-      <pattern>
-        55 8B EC 6A FF 68 40 xx xx 00 68 80 xx xx 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 88 xx xx 00 33 D2 8A D4 89 15 30 xx xx 00 8B C8 81 E1 FF 00 00 00 89 0D 2C xx xx 00 C1 E1 08 03 CA 89 0D 28 xx xx 00 C1 E8 10 A3 24
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="225" bl="0">
-      <text>Armadillo 4.30a -> Silicon Realms Toolworks (h)</text>
-      <pattern>
-        44 64 65 44 61 74 61 20 69 6E 69 74 69 61 6C 69 7A 65 64 20 28 41 4E 53 49 29 2C 20 61 70 70 20 73 74 72 69 6E 67 73 20 61 72 65 20 27 25 73 27 20 61 6E 64 20 27 25 73 27 00 00 00 44 64 65 44 61 74 61 20 69 6E 69 74 69 61 6C 69 7A 65 64 20 28 55 4E 49 43 4F 44 45 29 2C 20 61 70 70 20 73 74 72 69 6E 67 73 20 61 72 65 20 27 25 53 27 20 61 6E 64 20 27 25 53 27 00 00 00 00 50 75 74 53 74 72 69 6E 67 28 27 25 73 27 29 00 47 65 74 53 74 72 69 6E 67 28 29 2C 20 66 61 6C 73 65 00 00 47 65 74 53
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="226" bl="0">
-      <text>Armadillo 4.30a -> Silicon Realms Toolworks</text>
-      <pattern>
-        44 64 65 44 61 74 61 20 69 6E 69 74 69 61 6C 69 7A 65 64 20 28 41 4E 53 49 29 2C 20 61 70 70 20 73 74 72 69 6E 67 73 20 61 72 65 20 27 25 73 27 20 61 6E 64 20 27 25 73 27 00 00 00 44 64 65 44 61 74 61 20 69 6E 69 74 69 61 6C 69 7A 65 64 20 28 55 4E 49 43
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="227" bl="0">
-      <text>Armadillo 4.40 -> Silicon Realms Toolworks (h)</text>
-      <pattern>
-        31 2E 31 2E 34 00 00 00 C2 E0 94 BE 93 FC DE C6 B6 24 83 F7 D2 A4 92 77 40 27 CF EB D8 6F 50 B4 B5 29 24 FA 45 08 04 52 D5 1B D2 8C 8A 1E 6E FF 8C 5F 42 89 F1 83 B1 27 C5 69 57 FC 55 0A DD 44 BE 2A 02 97 6B 65 15 AA 31 E9 28 7D 49 1B DF B5 5D 08 A8 BA A8 73 DC F6 D1 05 42 55 53 79 73 74 65 6D 00 00 53 00 79 00 73 00 74 00 65 00 6D 00 00 00 00 00 44 44 45 20 50 72 6F 63 65 73 73 69 6E 67 00 00 53 77 50 44 44 45 00 00 44 00 44 00 45 00 20 00 50 00 72 00 6F 00 63 00 65 00 73 00 73 00 69 00 6E 00 67 00 00 00 00 00 53 00 77 00 50 00 44 00 44 00 45 00 00 00 00 00 3C 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="228" bl="0">
-      <text>Armadillo 4.40 -> Silicon Realms Toolworks</text>
-      <pattern>
-        31 2E 31 2E 34 00 00 00 C2 E0 94 BE 93 FC DE C6 B6 24 83 F7 D2 A4 92 77 40 27 CF EB D8 6F 50 B4 B5 29 24 FA 45 08 04 52 D5 1B D2 8C 8A 1E 6E FF 8C 5F 42 89 F1 83 B1 27 C5 69 57 FC 55 0A DD 44 BE 2A 02 97 6B 65 15 AA 31 E9 28 7D 49 1B DF B5 5D 08 A8 BA A8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="229" bl="0">
-      <text>Armadillo 4.44a public build -> Silicon Realms Toolworks (h)</text>
-      <pattern>
-        55 8B EC 83 EC 0C 53 56 57 8B 45 08 50 FF 15 xx xx xx xx 83 C4 04 89 45 FC 8B 45 FC 51 B9 00 08 00 00 B9 06 00 00 00 F7 D1 0F C8 F7 D1 41 41 41 41 41 41 41 83 C1 04 41 41 41 41 83 C1 03 41 41 41 41 41 41 49 41 FE C1 FE C1 FE C1 83 C1 0D FE C1 FE C1 FE C1 FE C1 FE C1 83 C1 0A 49 52 BA 04 00 00 00 03 CA 41 5A 0F C8 23 C1 59 F7 D8 1B C0 F7 D8 5A 89 45 F4 8B 0D xx xx xx xx 33 0D xx xx xx xx D1 E1 89 4D F8 83 7D F4 00 74 09 8B 55 F8 83 CA 01 89 55 F8 8B 45 F8 50 FF 15 xx xx xx xx 83 C4 04 5F 5E 5B 8B E5 5D C3 55 8B EC 83 EC 0C 53 56 57 8B 45 08 50 FF 15 xx xx xx xx 83 C4 04 89 45 FC 8B 45 FC 53 BB 80 00 00 00 EB 05 BB 04 00 00 00 BB 32 00 00 00 F7 D3 0F C8 F7 D3 43 43 83 E0 00 83 C3 08 4B 51 B9 04 00 00 00 03 D9 43 59 0F C8 40 5B 89 45 F4 8B 0D xx xx xx xx 33 0D xx xx xx xx D1 E1 89 4D F8 83 7D F4 00 74 09 8B 55 F8 83 CA 01 89 55 F8 8B 45 F8 50 FF 15 xx xx xx xx 83 C4 04 5F 5E 5B 8B E5 5D C3 55 8B EC 83 EC 0C 53 56 57 8B 45 08 50 FF 15 xx xx xx xx 83 C4 04 89 45 FC 8B 45 FC 70 07 7C 03 EB 05 E9 74 FB EB F9 53 BB FF FF 00 00 23 C3 51 B5 2C 80 ED 01 80 ED 20 FE CD FE CD 80 ED 04 FE CD 80 ED 03 FE CD 22 E5 B1 70 80 E9 02 FE C9 FE C9 FE C9 80 E9 06 F6 D0 0F C9 F6 D0 0F C9 FE C9 FE C9 80 E9 10 FE C9 FE C9 80 C1 0C FE C9 FE C9 FE C9 70 07 7C 03 EB 05 C7 74 FB EB F9 FE C9 FE C9 FE C9 FE C9 80 E9 10 80 E9 01 FE C9 FE C9 FE C9 FE C9 FE C9 FE C9 FE C9 FE C9 F7 D1 0F C8 F7 D1 0F C8 FE C1 80 C1 02 22 C1 59 5B 85 C0 0F 85 94 00 00 00 8B 45 FC 53 BB 00 08 00 00 EB 05 BB 80 00 00 00 BB 72 00 00 00 F7 D3 0F C8 F7 D3 43 43 83 C3 08 4B 51 B9 04 00 00 00 03 D9 43 59 0F C8 23 C3 5B F7 D8 1B C0 40 5A 8B C8 51 8B 45 FC 52 BA FF FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="230" bl="0">
-      <text>Armadillo 5.0 Dll -> Silicon Realms Toolworks</text>
-      <pattern>
-        83 7C 24 08 01 75 05 E8 DE 4B 00 00 FF 74 24 04 8B 4C 24 10 8B 54 24 0C E8 ED FE FF FF 59 C2 0C 00 6A 0C 68 xx xx xx xx E8 E5 24 00 00 8B 4D 08 33 FF 3B CF 76 2E 6A E0 58 33 D2 F7 F1 3B 45 0C 1B C0 40 75 1F E8 8F 15 00 00 C7 00 0C 00 00 00 57 57 57 57 57 E8 20 15 00 00 83 C4 14 33 C0 E9 D5 00 00 00 0F AF 4D 0C 8B F1 89 75 08 3B F7 75 03 33 F6 46 33 DB 89 5D E4 83 FE E0 77 69 83 3D xx xx xx xx 03 75 4B 83 C6 0F 83 E6 F0 89 75 0C 8B 45 08 3B 05 xx xx xx xx 77 37 6A 04 E8 D7 23 00 00 59 89 7D FC FF 75 08 E8 EC 53 00 00 59 89 45 E4 C7 45 FC FE FF FF FF E8 5F 00 00 00 8B 5D E4 3B DF 74 11 FF 75 08 57 53 E8 2B C5 FF FF 83 C4 0C 3B DF 75 61 56 6A 08 FF 35 xx xx xx xx FF 15 xx xx xx xx 8B D8 3B DF 75 4C 39 3D xx xx xx xx 74 33 56 E8 19 ED FF FF 59 85 C0 0F 85 72 FF FF FF 8B 45 10 3B C7 0F 84 50 FF FF FF C7 00 0C 00 00 00 E9 45 FF FF FF 33 FF 8B 75 0C 6A 04 E8 7D 22 00 00 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="231" bl="0">
-      <text>Armadillo 5.00 -> Silicon Realms Toolworks</text>
-      <pattern>
-        E8 E3 40 00 00 E9 16 FE FF FF 6A 0C 68 xx xx xx xx E8 44 15 00 00 8B 4D 08 33 FF 3B CF 76 2E 6A E0 58 33 D2 F7 F1 3B 45 0C 1B C0 40 75 1F E8 36 13 00 00 C7 00 0C 00 00 00 57 57 57 57 57 E8 C7 12 00 00 83 C4 14 33 C0 E9 D5 00 00 00 0F AF 4D 0C 8B F1 89 75
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="232" bl="0">
-      <text>Armadillo 5.00 -> Silicon Realms Toolworks</text>
-      <pattern>
-        E8 E3 40 00 00 E9 16 FE FF FF 6A 0C 68 xx xx xx xx E8 44 15 00 00 8B 4D 08 33 FF 3B CF 76 2E 6A E0 58 33 D2 F7 F1 3B 45 0C 1B C0 40 75 1F E8 36 13 00 00 C7 00 0C 00 00 00 57 57 57 57 57 E8 C7 12 00 00 83 C4 14 33 C0 E9 D5 00 00 00 0F AF 4D 0C 8B F1 89 75 08 3B F7 75 03 33 F6 46 33 DB 89 5D E4 83 FE E0 77 69 83 3D xx xx xx xx 03 75 4B 83 C6 0F 83 E6 F0 89 75 0C 8B 45 08 3B 05 xx xx xx xx 77 37 6A 04 E8 48 11 00 00 59 89 7D FC FF 75 08 E8 01 49 00 00 59 89 45 E4 C7 45 FC FE FF FF FF E8 5F 00 00 00 8B 5D E4 3B DF 74 11 FF 75 08 57 53 E8 66 D3 FF FF 83 C4 0C 3B DF 75 61 56 6A 08 FF 35 xx xx xx xx FF 15 xx xx xx xx 8B D8 3B DF 75 4C 39 3D xx xx xx xx 74 33 56 E8 AF F9 FF FF 59 85 C0 0F 85 72 FF FF FF 8B 45 10 3B C7 0F 84 50 FF FF FF C7 00 0C 00 00 00 E9 45 FF FF FF 33 FF 8B 75 0C 6A 04 E8 EE 0F 00 00 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="233" bl="0">
-      <text>Armadillo 5.00 Dll -> Silicon Realms Toolworks</text>
-      <pattern>
-        83 7C 24 08 01 75 05 E8 DE 4B 00 00 FF 74 24 04 8B 4C 24 10 8B 54 24 0C E8 ED FE FF FF 59 C2 0C 00 6A 0C 68 xx xx xx xx E8 E5 24 00 00 8B 4D 08 33 FF 3B CF 76 2E 6A E0 58 33 D2 F7 F1 3B 45 0C 1B C0 40 75 1F E8 8F 15 00 00 C7 00 0C 00 00 00 57 57 57 57 57
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="234" bl="0">
-      <text>Armadillo v1.60a</text>
-      <pattern>
-        55 8B EC 6A FF 68 98 71 40 00 68 48 2D 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="235" bl="0">
-      <text>Armadillo v1.71</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx xx 68 xx xx xx xx 64 A1
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="236" bl="0">
-      <text>Armadillo v1.72 - v1.73</text>
-      <pattern>
-        55 8B EC 6A FF 68 E8 C1 xx xx 68 F4 86 xx xx 64 A1 xx xx xx xx 50 64 89 25 xx xx xx xx 83 EC 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="237" bl="0">
-      <text>Armadillo v1.77</text>
-      <pattern>
-        55 8B EC 6A FF 68 B0 71 40 00 68 6C 37 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="238" bl="0">
-      <text>Armadillo v1.80</text>
-      <pattern>
-        55 8B EC 6A FF 68 E8 C1 00 00 68 F4 86 00 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="239" bl="0">
-      <text>Armadillo v1.82</text>
-      <pattern>
-        55 8B EC 6A FF 68 E0 C1 40 00 68 74 81 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="240" bl="0">
-      <text>Armadillo v1.83</text>
-      <pattern>
-        55 8B EC 6A FF 68 E0 C1 40 00 68 64 84 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="241" bl="0">
-      <text>Armadillo v1.84</text>
-      <pattern>
-        55 8B EC 6A FF 68 E8 C1 40 00 68 F4 86 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="242" bl="0">
-      <text>Armadillo v1.90</text>
-      <pattern>
-        55 8B EC 6A FF 68 10 F2 40 00 68 64 9A 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="243" bl="0">
-      <text>Armadillo v1.90a</text>
-      <pattern>
-        55 8B EC 64 FF 68 10 F2 40 00 68 14 9B 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="244" bl="0">
-      <text>Armadillo v1.90b1</text>
-      <pattern>
-        55 8B EC 6A FF 68 E0 C1 40 00 68 04 89 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="245" bl="0">
-      <text>Armadillo v1.90b2</text>
-      <pattern>
-        55 8B EC 6A FF 68 F0 C1 40 00 68 A4 89 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="246" bl="0">
-      <text>Armadillo v1.90b3</text>
-      <pattern>
-        55 8B EC 6A FF 68 08 E2 40 00 68 94 95 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="247" bl="0">
-      <text>Armadillo v1.90b4</text>
-      <pattern>
-        55 8B EC 6A FF 68 08 E2 40 00 68 B4 96 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="248" bl="0">
-      <text>Armadillo v1.90c</text>
-      <pattern>
-        55 8B EC 6A FF 68 10 F2 40 00 68 74 9D 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="249" bl="0">
-      <text>Armadillo v1.9x</text>
-      <pattern>
-        55 8B EC 6A FF 68 98 xx xx xx 68 10 xx xx xx 64 A1 xx xx xx xx 50 64 89 25 xx xx xx xx 83 EC 58 53 56 57 89 65 E8 FF 15
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="250" bl="0">
-      <text>Armadillo v1.xx - v2.xx</text>
-      <pattern>
-        55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 F6
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="251" bl="0">
-      <text>Armadillo v2.00</text>
-      <pattern>
-        55 8B EC 6A FF 68 00 02 41 00 68 C4 A0 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="252" bl="0">
-      <text>Armadillo v2.00b2-2.00b3</text>
-      <pattern>
-        55 8B EC 6A FF 68 00 F2 40 00 68 C4 A0 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="253" bl="0">
-      <text>Armadillo v2.01</text>
-      <pattern>
-        55 8B EC 6A FF 68 08 02 41 00 68 04 9A 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="254" bl="0">
-      <text>Armadillo v2.10b2</text>
-      <pattern>
-        55 8B EC 6A FF 68 18 12 41 00 68 24 A0 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="255" bl="0">
-      <text>Armadillo v2.20</text>
-      <pattern>
-        55 8B EC 6A FF 68 10 12 41 00 68 F4 A0 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="256" bl="0">
-      <text>Armadillo v2.20b1</text>
-      <pattern>
-        55 8B EC 6A FF 68 30 12 41 00 68 A4 A5 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="257" bl="0">
-      <text>Armadillo v2.50</text>
-      <pattern>
-        55 8B EC 6A FF 68 B8 xx xx xx 68 F8 xx xx xx 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 20 xx xx xx 33 D2 8A D4 89 15 D0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="258" bl="0">
-      <text>Armadillo v2.50b3</text>
-      <pattern>
-        55 8B EC 6A FF 68 B8 xx xx xx 68 F8 xx xx xx 64 A1 xx xx xx xx 50 64 89 25 xx xx xx xx 83 EC 58 53 56 57 89 65 E8 FF 15 20 xx xx xx 33 D2 8A D4 89 15 D0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="259" bl="0">
-      <text>Armadillo v2.51</text>
-      <pattern>
-        55 8B EC 6A FF 68 B8 xx xx xx 68 D0 xx xx xx 64 A1 xx xx xx xx 50 64 89 25 xx xx xx xx 83 EC 58 53 56 57 89 65 E8 FF 15 20
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="260" bl="0">
-      <text>Armadillo v2.52 beta2</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx xx B0 xx xx xx xx 68 60 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF xx xx xx 15 24
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="261" bl="0">
-      <text>Armadillo v2.52</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx xx E0 xx xx xx xx 68 D4 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF xx xx xx 15 38
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="262" bl="0">
-      <text>Armadillo v2.52</text>
-      <pattern>
-        55 8B EC 6A FF 68 E0 xx xx xx 68 D4 xx xx xx 64 A1 xx xx xx xx 50 64 89 25 xx xx xx xx 83 EC 58 53 56 57 89 65 E8 FF 15 38
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="263" bl="0">
-      <text>Armadillo v2.52b2</text>
-      <pattern>
-        55 8B EC 6A FF 68 B0 xx xx xx 68 60 xx xx xx 64 A1 xx xx xx xx 50 64 89 25 xx xx xx xx 83 EC 58 53 56 57 89 65 E8 FF 15 24
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="264" bl="0">
-      <text>Armadillo v2.53</text>
-      <pattern>
-        55 8B EC 6A FF 68 40 xx xx xx 68 54 xx xx xx 64 A1 xx xx xx xx 50 64 89 25 xx xx xx xx 83 EC 58 53 56 57 89 65 E8 FF 15 58 xx xx xx 33 D2 8A D4 89 15 EC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="265" bl="0">
-      <text>Armadillo v2.53</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx xx 40 xx xx xx xx 68 54 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF xx xx xx 15 58 33 D2 8A D4 89
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="266" bl="0">
-      <text>Armadillo v2.53b3</text>
-      <pattern>
-        55 8B EC 6A FF 68 D8 xx xx xx 68 14 xx xx xx 64 A1 xx xx xx xx 50 64 89 25 xx xx xx xx 83 EC 58 53 56 57 89 65 E8 FF 15
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="267" bl="0">
-      <text>Armadillo v2.5x - v2.6x</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx xx 68 xx xx xx xx 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 58 xx xx xx 33 D2 8A D4 89 15 EC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="268" bl="0">
-      <text>Armadillo v2.60</text>
-      <pattern>
-        55 8B EC 6A FF 68 D0 xx xx xx 68 34 xx xx xx 64 A1 xx xx xx xx 50 64 89 25 xx xx xx xx 83 EC 58 53 56 57 89 65 E8 FF 15 68 xx xx xx 33 D2 8A D4 89 15 84
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="269" bl="0">
-      <text>Armadillo v2.60a</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx xx 68 94 xx xx xx 64 A1 xx xx xx xx 50 64 89 25 xx xx xx xx 83 EC 58 53 56 57 89 65 E8 FF 15 6C xx xx xx 33 D2 8A D4 89 15 B4
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="270" bl="0">
-      <text>Armadillo v2.60b1</text>
-      <pattern>
-        55 8B EC 6A FF 68 50 xx xx xx 68 74 xx xx xx 64 A1 xx xx xx xx 50 64 89 25 xx xx xx xx 83 EC 58 53 56 57 89 65 E8 FF 15 58 xx xx xx 33 D2 8A D4 89 15 FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="271" bl="0">
-      <text>Armadillo v2.60b2</text>
-      <pattern>
-        55 8B EC 6A FF 68 90 xx xx xx 68 24 xx xx xx 64 A1 xx xx xx xx 50 64 89 25 xx xx xx xx 83 EC 58 53 56 57 89 65 E8 FF 15 60 xx xx xx 33 D2 8A D4 89 15 3C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="272" bl="0">
-      <text>Armadillo v2.60c</text>
-      <pattern>
-        55 8B EC 6A FF 68 40 xx xx xx 68 F4 xx xx xx 64 A1 xx xx xx xx 50 64 89 25 xx xx xx xx 83 EC 58 53 56 57 89 65 E8 FF 15 6C xx xx xx 33 D2 8A D4 89 15 F4
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="273" bl="0">
-      <text>Armadillo v2.61</text>
-      <pattern>
-        55 8B EC 6A FF 68 28 xx xx xx 68 E4 xx xx xx 64 A1 xx xx xx xx 50 64 89 25 xx xx xx xx 83 EC 58 53 56 57 89 65 E8 FF 15 6C xx xx xx 33 D2 8A D4 89 15 0C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="274" bl="0">
-      <text>Armadillo v2.65b1</text>
-      <pattern>
-        55 8B EC 6A FF 68 38 xx xx xx 68 40 xx xx xx 64 A1 xx xx xx xx 50 64 89 25 xx xx xx xx 83 EC 58 53 56 57 89 65 E8 FF 15 28 xx xx xx 33 D2 8A D4 89 15 F4
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="275" bl="0">
-      <text>Armadillo v2.75a</text>
-      <pattern>
-        55 8B EC 6A FF 68 68 xx xx xx 68 D0 xx xx xx 64 A1 xx xx xx xx 50 64 89 25 xx xx xx xx 83 EC 58 53 56 57 89 65 E8 FF 15 28 xx xx xx 33 D2 8A D4 89 15 24
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="276" bl="0">
-      <text>Armadillo v2.85</text>
-      <pattern>
-        55 8B EC 6A FF 68 68 xx xx xx 68 xx xx xx xx 64 A1 xx xx xx xx 50 64 89 25 xx xx xx xx 83 EC 58 53 56 57 89 65 E8 FF 15 28 xx xx xx 33 D2 8A D4 89 15 24
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="277" bl="0">
-      <text>Armadillo v2.xx (CopyMem II)</text>
-      <pattern>
-        6A xx 8B B5 xx xx xx xx C1 E6 04 8B 85 xx xx xx xx 25 07 xx xx 80 79 05 48 83 C8 F8 40 33 C9 8A 88 xx xx xx xx 8B 95 xx xx xx xx 81 E2 07 xx xx 80 79 05 4A 83 CA F8 42 33 C0 8A 82
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="278" bl="0">
-      <text>Armadillo v3.00</text>
-      <pattern>
-        60 E8 xx xx xx xx 5D 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 60 33 C9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="279" bl="0">
-      <text>Armadillo v3.00a</text>
-      <pattern>
-        60 E8 xx xx xx xx 5D 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 50 51 EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="280" bl="0">
-      <text>Armadillo v3.01 - v3.50a -> Silicon Realms Toolworks</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 50 51 EB 0F xx EB 0F xx EB 07 xx EB 0F xx EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC xx 59 58 50 51 EB 0F xx EB 0F xx EB 07 xx EB 0F xx EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC xx 59 58 50 51 EB 0F xx EB 0F xx EB 07 xx EB 0F xx EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC xx 59 58 60 33 C9 75 02 EB 15 xx 33 C9 75 18 7A 0C 70 0E EB 0D xx 72 0E 79 F1 xx xx xx 79 09 74 F0 xx 87 DB 7A F0 xx xx 61 50 51 EB 0F xx EB 0F xx EB 07 xx EB 0F xx EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC xx 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 xx 8B 04 24 EB 03 7A 29 xx C6 00 90 C3 xx 70 F0 87 D2 71 07 xx xx 40 8B DB 7A 11 EB 08 xx EB F7 EB C3 xx 7A E9 70 DA 7B D1 71 F3 xx 7B F3 71 D6 xx 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 xx 33 C9 75 18 7A 0C 70 0E EB 0D xx 72 0E 79 F1 xx xx xx 79 09 74 F0 EB 87 xx 7A F0 xx xx 61 8B 9C BD B8 43
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="281" bl="0">
-      <text>Armadillo v3.01, v3.05</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 60 33 C9 75 02 EB 15 EB 33 C9 75 18 7A 0C 70 0E EB 0D E8 72 0E 79 F1 FF 15 00 79 09 74 F0 EB 87 DB 7A F0 A0 33 61 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 A0 8B 04 24 EB 03 7A 29 E9 C6 00 90 C3 E8 70 F0 87 D2 71 07 E9 00 40 8B DB 7A 11 EB 08 E9 EB F7 EB C3 E8 7A E9 70 DA 7B D1 71 F3 E9 7B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="282" bl="0">
-      <text>Armadillo v3.10</text>
-      <pattern>
-        55 8B EC 6A FF 68 E0 97 44 00 68 20 C0 42 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 4C 41 44 00 33 D2 8A D4 89 15 90 A1 44 00 8B C8 81 E1 FF 00 00 00 89 0D 8C A1 44 00 C1 E1 08 03 CA 89 0D 88 A1 44 00 C1 E8 10 A3 84 A1 44 00 33 F6 56 E8 72 16 00 00 59 85 C0 75 08 6A 1C E8 B0 00 00 00 59 89 75 FC E8 3D 13 00 00 FF 15 30 40 44 00 A3 84 B7 44 00 E8 FB 11 00 00 A3 E0 A1 44 00 E8 A4 0F 00 00 E8 E6 0E 00 00 E8 4E F6 FF FF 89 75 D0 8D 45 A4 50 FF 15 38 40 44 00 E8 77 0E 00 00 89 45 9C F6 45 D0 01 74 06 0F B7 45 D4 EB 03 6A 0A 58 50 FF 75 9C 56 56 FF 15 7C 41 44 00 50 E8 49 D4 FE FF 89 45 A0 50 E8 3C F6 FF FF 8B 45 EC 8B 08 8B 09 89 4D 98 50 51 E8 B5 0C 00 00 59 59 C3 8B 65 E8 FF 75 98 E8 2E F6 FF FF 83 3D E8 A1 44 00 01 75 05
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="283" bl="0">
-      <text>Armadillo v3.xx</text>
-      <pattern>
-        60 E8 xx xx xx xx 5D 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="284" bl="0">
-      <text>Armadillo v4.00.0053 -> Silicon Realms Toolworks</text>
-      <pattern>
-        55 8B EC 6A FF 68 20 8B 4B 00 68 80 E4 48 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 88 31 4B 00 33 D2 8A D4 89 15 A4 A1 4B 00 8B C8 81 E1 FF 00 00 00 89 0D A0 A1 4B 00 C1 E1 08 03 CA 89 0D 9C A1 4B 00 C1 E8 10 A3 98 A1 4B 00 33 F6 56 E8 78 16 00 00 59 85 C0 75 08 6A 1C E8 B0 00 00 00 59 89 75 FC E8 43 13 00 00 FF 15 8C 30 4B 00 A3 A4 B7 4B 00 E8 01 12 00 00 A3 F8 A1 4B 00 E8 AA 0F 00 00 E8 EC 0E 00 00 E8 2D FA FF FF 89
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="285" bl="0">
-      <text>Armadillo v4.10 -> Silicon Realms Toolworks</text>
-      <pattern>
-        55 8B EC 6A FF 68 F8 8E 4C 00 68 D0 EA 49 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 88 31 4C 00 33 D2 8A D4 89 15 7C A5 4C 00 8B C8 81 E1 FF 00 00 00 89 0D 78 A5 4C 00 C1 E1 08 03 CA 89 0D 74 A5 4C 00 C1 E8 10 A3 70 A5 4C 00 33 F6 56 E8 78 16 00 00 59 85 C0 75 08 6A 1C E8 B0 00 00 00 59 89 75 FC E8 43 13 00 00 FF 15 8C 30 4C 00 A3 84 BB 4C 00 E8 01 12 00 00 A3 D0 A5 4C 00 E8 AA 0F 00 00 E8 EC 0E 00 00 E8 2D FA FF FF 89
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="286" bl="0">
-      <text>Armadillo v4.20 -> Silicon Realms Toolworks</text>
-      <pattern>
-        55 8B EC 6A FF 68 F8 8E 4C 00 68 F0 EA 49 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 88 31 4C 00 33 D2 8A D4 89 15 84 A5 4C 00 8B C8 81 E1 FF 00 00 00 89 0D 80 A5 4C 00 C1 E1 08 03 CA 89 0D 7C A5 4C 00 C1 E8 10 A3 78 A5 4C 00 33 F6 56 E8 78 16 00 00 59 85 C0 75 08 6A 1C E8 B0 00 00 00 59 89 75 FC E8 43 13 00 00 FF 15 8C 30 4C 00 A3 84 BB 4C 00 E8 01 12 00 00 A3 D8 A5 4C 00 E8 AA 0F 00 00 E8 EC 0E 00 00 E8 2D FA FF FF 89
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="287" bl="0">
-      <text>Armadillo v4.30 - 4.40 -> Silicon Realms Toolworks</text>
-      <pattern>
-        55 8B EC 6A FF 68 40 xx xx 00 68 80 xx xx 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 88 xx xx 00 33 D2 8A D4 89 15 30 xx xx 00 8B C8 81 E1 FF 00 00 00 89 0D 2C xx xx 00 C1 E1 08 03 CA 89 0D 28 xx xx 00 C1 E8 10 A3 24 xx xx 00 33 F6 56 E8 78 16 00 00 59 85 C0 75 08 6A 1C E8 B0 00 00 00 59 89 75 FC E8 43 13 00 00 FF 15 8C xx xx 00 A3 24
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="288" bl="0">
-      <text>Armadillo v4.30 - 4.40 -> Silicon Realms Toolworks</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 50 51 0F CA F7 D2 9C F7 D2 0F CA EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 9D 0F C9 8B CA F7 D1 59 58 50 51 0F CA F7 D2 9C F7 D2 0F CA EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 9D 0F C9 8B CA F7 D1 59 58 50 51 0F CA F7 D2 9C F7 D2 0F CA EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="289" bl="0">
-      <text>AsCrypt v0.1 -> SToRM - #3</text>
-      <pattern>
-        80 xx xx xx 83 xx xx xx xx 90 90 90 51 xx xx xx 01 00 00 00 83 xx xx E2
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="290" bl="0">
-      <text>AsCrypt v0.1 -> SToRM - needs to be added</text>
-      <pattern>
-        80 xx xx xx 83 xx xx xx xx 90 90 90 83 xx xx E2
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="291" bl="0">
-      <text>AsCrypt v0.1 -> SToRM - needs to be added</text>
-      <pattern>
-        80 xx xx xx 83 xx xx xx xx 90 90 90 E2
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="292" bl="0">
-      <text>AsCrypt v0.1 -> SToRM - needs to be added</text>
-      <pattern>
-        81 xx xx xx xx xx xx 83 xx xx xx xx xx xx xx 83 xx xx E2 xx EB
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="293" bl="0">
-      <text>ASDPack 2.0 -> asd</text>
-      <pattern>
-        00 00 00 00 xx xx xx xx 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx 00 00 00 00 4B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 8D 49 00 1F 01 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 90
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="294" bl="0">
-      <text>ASDPack 2.0 -> asd</text>
-      <pattern>
-        5B 43 83 7B 74 00 0F 84 08 00 00 00 89 43 14 E9
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="295" bl="0">
-      <text>ASDPack 2.0 -> asd</text>
-      <pattern>
-        8B 44 24 04 56 57 53 E8 CD 01 00 00 C3 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="296" bl="0">
-      <text>ASDPack v1.0 -> asd</text>
-      <pattern>
-        55 8B EC 56 53 E8 5C 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 xx xx xx 00 00 00 00 00 00 00 40 00 00 xx xx 00 00 00 00 00 00 00 00 00 xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx 00 00 00 00 00 00 00 00 00 00 xx xx 00 00 10 00 00 00 xx 00 00 00 xx xx 00 00 xx xx 00 00 xx xx 00 00 xx 00 00 00 xx xx 00 00 xx 00 00 00 xx xx 00 00 xx 00 00 00 xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5B 81 EB E6 1D 40 00 83 7D 0C 01 75 11 55 E8 4F 01 00 00 E8 6A 01 00 00 5D E8 2C 00 00 00 8B B3 1A 1E 40 00 03 B3 FA 1D 40 00 8B 76 0C AD 0B C0 74 0D FF 75 10 FF 75 0C FF 75 08 FF D0 EB EE B8 01 00 00 00 5B 5E C9 C2 0C 00 55 6A 00 FF 93 20 21 40 00 89 83 FA 1D 40 00 6A 40 68 00 10 00 00 FF B3 02 1E 40 00 6A 00 FF 93 2C 21 40 00 89 83 06 1E 40 00 8B 83 F2 1D 40 00 03 83 FA 1D 40 00 50 FF B3 06 1E 40 00 50 E8 6D 01 00 00 5F
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="297" bl="0">
-      <text>ASPack 1.08</text>
-      <pattern>
-        90 90 90 75 01 90 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="298" bl="0">
-      <text>ASPack v1.00b</text>
-      <pattern>
-        60 E8 xx xx xx xx 5D 81 ED 92 1A 44 xx B8 8C 1A 44 xx 03 C5 2B 85 CD 1D 44 xx 89 85 D9 1D 44 xx 80 BD C4 1D 44
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="299" bl="0">
-      <text>ASPack v1.01b</text>
-      <pattern>
-        60 E8 xx xx xx xx 5D 81 ED D2 2A 44 xx B8 CC 2A 44 xx 03 C5 2B 85 A5 2E 44 xx 89 85 B1 2E 44 xx 80 BD 9C 2E 44
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="300" bl="0">
-      <text>ASPack v1.02a</text>
-      <pattern>
-        60 E8 xx xx xx xx 5D 81 ED 3E D9 43 xx B8 38 xx xx xx 03 C5 2B 85 0B DE 43 xx 89 85 17 DE 43 xx 80 BD 01 DE 43 xx xx 75 15 FE 85 01 DE 43 xx E8 1D xx xx xx E8 79 02 xx xx E8 12 03 xx xx 8B 85 03 DE 43 xx 03 85 17 DE 43 xx 89 44 24 1C 61 FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="301" bl="0">
-      <text>ASPack v1.02b</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 96 78 43 00 B8 90 78 43 00 03 C5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="302" bl="0">
-      <text>ASPack v1.02b</text>
-      <pattern>
-        60 E8 xx xx xx xx 5D 81 ED 96 78 43 xx B8 90 78 43 xx 03 C5 2B 85 7D 7C 43 xx 89 85 89 7C 43 xx 80 BD 74 7C 43
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="303" bl="0">
-      <text>ASPack v1.03b</text>
-      <pattern>
-        60 E8 xx xx xx xx 5D 81 ED AE 98 43 xx B8 A8 98 43 xx 03 C5 2B 85 18 9D 43 xx 89 85 24 9D 43 xx 80 BD 0E 9D 43
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="304" bl="0">
-      <text>ASPack v1.04b</text>
-      <pattern>
-        60 E8 xx xx xx xx 5D 81 ED xx xx xx xx B8 xx xx xx xx 03 C5 2B 85 xx 12 9D xx 89 85 1E 9D xx xx 80 BD 08 9D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="305" bl="0">
-      <text>ASPack v1.05b</text>
-      <pattern>
-        60 E8 xx xx xx xx 5D 81 ED CE 3A 44 xx B8 C8 3A 44 xx 03 C5 2B 85 B5 3E 44 xx 89 85 C1 3E 44 xx 80 BD AC 3E 44
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="306" bl="0">
-      <text>ASPack v1.061b</text>
-      <pattern>
-        60 E8 xx xx xx xx 5D 81 ED EA A8 43 xx B8 E4 A8 43 xx 03 C5 2B 85 78 AD 43 xx 89 85 84 AD 43 xx 80 BD 6E AD 43
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="307" bl="0">
-      <text>ASPack v1.06b</text>
-      <pattern>
-        90 90 90 75 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="308" bl="0">
-      <text>ASPack v1.06b</text>
-      <pattern>
-        90 90 75 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="309" bl="0">
-      <text>ASPack v1.07b (DLL)</text>
-      <pattern>
-        60 E8 00 00 00 00 5D xx xx xx xx xx xx B8 xx xx xx xx 03 C5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="310" bl="0">
-      <text>ASPack v1.07b</text>
-      <pattern>
-        60 E8 xx xx xx xx 5D 81 ED xx xx xx xx B8 xx xx xx xx 03 C5 2B 85 xx 0B DE xx 89 85 17 DE xx xx 80 BD 01 DE
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="311" bl="0">
-      <text>ASPack v1.07b</text>
-      <pattern>
-        90 90 90 75 xx E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="312" bl="0">
-      <text>ASPack v1.08.01 -> Alexey Solodovnikov</text>
-      <pattern>
-        60 EB xx 5D EB xx FF xx xx xx xx xx E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="313" bl="0">
-      <text>ASPack v1.08.01</text>
-      <pattern>
-        60 EB 0A 5D EB 02 FF 25 45 FF E5 E8 E9 E8 F1 FF FF FF E9 81 xx xx xx 44 00 BB 10 xx 44 00 03 DD 2B 9D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="314" bl="0">
-      <text>ASPack v1.08.01</text>
-      <pattern>
-        60 EB 0A 5D EB 02 FF 25 45 FF E5 E8 E9 E8 F1 FF FF FF E9 81 xx xx xx 44 xx BB 10 xx 44 xx 03 DD 2B 9D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="315" bl="0">
-      <text>ASPack v1.08.01</text>
-      <pattern>
-        90 90 75 xx 90 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="316" bl="0">
-      <text>ASPack v1.08.01</text>
-      <pattern>
-        90 90 90 75 xx 90 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="317" bl="0">
-      <text>ASPack v1.08.02</text>
-      <pattern>
-        60 EB 0A 5D EB 02 FF 25 45 FF E5 E8 E9 E8 F1 FF FF FF E9 81 ED 23 6A 44 00 BB 10 xx 44 00 03 DD 2B 9D 72
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="318" bl="0">
-      <text>ASPack v1.08.02</text>
-      <pattern>
-        90 90 75 01 90 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="319" bl="0">
-      <text>ASPack v1.08.02</text>
-      <pattern>
-        90 75 01 90 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="320" bl="0">
-      <text>ASPack v1.08.03</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 0A 4A 44 00 BB 04 4A 44 00 03 DD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="321" bl="0">
-      <text>ASPack v1.08.03</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 0A 4A 44 00 BB 04 4A 44 00 03 DD 2B 9D B1 50 44 00 83 BD AC 50 44 00 00 89 9D BB 4E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="322" bl="0">
-      <text>ASPack v1.08.03</text>
-      <pattern>
-        60 E8 00 00 00 00 5D xx xx xx xx xx xx BB xx xx xx xx 03 DD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="323" bl="0">
-      <text>ASPack v1.08.03</text>
-      <pattern>
-        60 E8 00 00 00 00 5D xx xx xx xx xx xx BB xx xx xx xx 03 DD 2B 9D B1 50 44 00 83 BD AC 50 44 00 00 89 9D BB 4E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="324" bl="0">
-      <text>ASPack v1.08.04 -> Alexey Solodovnikov</text>
-      <pattern>
-        60 E8 41 06 00 00 EB 41
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="325" bl="0">
-      <text>ASPack v1.08.x</text>
-      <pattern>
-        60 EB 03 5D FF E5 E8 F8 FF FF FF 81 ED 1B 6A 44 00 BB 10 6A 44 00 03 DD 2B 9D 2A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="326" bl="0">
-      <text>ASPack v1.08</text>
-      <pattern>
-        90 75 01 FF E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="327" bl="0">
-      <text>ASPack v1.08</text>
-      <pattern>
-        90 90 90 75 01 FF E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="328" bl="0">
-      <text>ASPack v1.08</text>
-      <pattern>
-        90 90 75 01 FF E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="329" bl="0">
-      <text>ASPack v2.000 -> Alexey Solodovnikov</text>
-      <pattern>
-        60 E8 70 05 00 00 EB 4C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="330" bl="0">
-      <text>ASPack v2.001 -> Alexey Solodovnikov</text>
-      <pattern>
-        60 E8 72 05 00 00 EB 4C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="331" bl="0">
-      <text>ASPack v2.11</text>
-      <pattern>
-        60 E9 3D 04 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="332" bl="0">
-      <text>ASPack v2.11b</text>
-      <pattern>
-        60 E8 02 00 00 00 EB 09 5D 55 81 ED 39 39 44 00 C3 E9 3D 04 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="333" bl="0">
-      <text>ASPack v2.11c</text>
-      <pattern>
-        60 E8 02 00 00 00 EB 09 5D 55 81 ED 39 39 44 00 C3 E9 59 04 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="334" bl="0">
-      <text>ASPack v2.11d</text>
-      <pattern>
-        60 E8 02 00 00 00 EB 09 5D 55
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="335" bl="0">
-      <text>Aspack v2.12 -> www.aspack.com</text>
-      <pattern>
-        xx ?8 0? ?0 00 xx xx xx xx ?D xx xx xx xx xx xx xx xx xx 5? xx xx xx xx xx xx xx xx xx xx xx xx 0? ?3 xx xx 0? xx 0? xx xx xx xx xx 0? xx ?F xx xx ?3 0? xx xx 8? xx xx xx xx xx xx xx xx 0? ?0 0? xx xx xx xx xx xx xx xx xx xx xx xx xx ?F 95 xx xx xx xx 8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="336" bl="0">
-      <text>Aspack v2.12 -> www.aspack.com</text>
-      <pattern>
-        xx ?8 0? ?0 00 xx xx xx xx ?D xx xx xx xx xx xx xx xx xx 5? xx xx xx xx xx xx xx xx xx xx xx xx 0? ?3 xx xx 0? xx 0? xx xx xx xx xx 0? xx ?F xx xx ?3 0? xx xx 8? xx xx xx xx xx xx xx xx 0? ?0 0? xx xx xx xx xx xx xx xx xx xx xx xx xx ?F 95 xx xx xx xx 8? xx ?D xx xx xx xx 5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="337" bl="0">
-      <text>ASPack v2.12</text>
-      <pattern>
-        60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="338" bl="0">
-      <text>ASPack v2.12</text>
-      <pattern>
-        60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="339" bl="0">
-      <text>ASPack v2.1</text>
-      <pattern>
-        60 E8 72 05 00 00 EB 33 87 DB 90 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="340" bl="0">
-      <text>ASPack v2.xx</text>
-      <pattern>
-        A8 03 00 00 61 75 08 B8 01 00 00 00 C2 0C 00 68 00 00 00 00 C3 8B 85 26 04 00 00 8D 8D 3B 04 00 00 51 50 FF 95
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="341" bl="0">
-      <text>ASPack v2.xx</text>
-      <pattern>
-        A8 03 xx xx 61 75 08 B8 01 xx xx xx C2 0C xx 68 xx xx xx xx C3 8B 85 26 04 xx xx 8D 8D 3B 04 xx xx 51 50 FF 95
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="342" bl="0">
-      <text>ASPR Stripper v2.x unpacked</text>
-      <pattern>
-        BB xx xx xx xx E9 xx xx xx xx 60 9C FC BF xx xx xx xx B9 xx xx xx xx F3 AA 9D 61 C3 55 8B EC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="343" bl="0">
-      <text>ASProtect 1.23 RC4 build 08.07 (dll) -> Alexey Solodovnikov (h)</text>
-      <pattern>
-        60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB 00 xx xx xx 80 7D 4D 01 75 0C 8B 74 24 28 83 FE 01 89 5D 4E 75 31 8D 45 53 50 53 FF B5 D5 09 00 00 8D 45 35 50 E9 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="344" bl="0">
-      <text>ASProtect 1.23 RC4 build 08.07 (exe) -> Alexey Solodovnikov (h)</text>
-      <pattern>
-        90 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB xx xx xx xx 80 7D 4D 01 75 0C 8B 74 24 28 83 FE 01 89 5D 4E 75 31 8D 45 53 50 53 FF B5 D5 09 00 00 8D 45 35 50 E9 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="345" bl="0">
-      <text>ASProtect 1.33 - 2.1 Registered -> Alexey Solodovnikov</text>
-      <pattern>
-        68 01 xx xx xx E8 01 00 00 00 C3 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="346" bl="0">
-      <text>ASProtect 2.0</text>
-      <pattern>
-        68 01 xx 40 00 E8 01 00 00 00 C3 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="347" bl="0">
-      <text>ASProtect 2.3 SKE build 04.26 Beta</text>
-      <pattern>
-        68 01 60 40 00 E8 01 00 00 00 C3 C3 0D 6C 65 3E 09 84 BB 91 89 38 D0 5A 1D 60 6D AF D5 51 2D A9 2F E1 62 D8 C1 5A 8D 6B 6E 94 A7 F9 1D 26 8C 8E FB 08 A8 7E 9D 3B 0C DF 14 5E 62 14 7D 78 D0 6E
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="348" bl="0">
-      <text>ASProtect SKE 2.1/2.2 (dll) -> Alexey Solodovnikov (h)</text>
-      <pattern>
-        60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB 00 xx xx xx 80 7D 4D 01 75 0C 8B 74 24 28 83 FE 01 89 5D 4E 75 31 8D 45 53 50 53 FF B5 ED 09 00 00 8D 45 35 50 E9 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="349" bl="0">
-      <text>ASProtect SKE 2.1/2.2 (dll) -> Alexey Solodovnikov (h)</text>
-      <pattern>
-        60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB 00 xx xx xx 80 7D 4D 01 75 0C 8B 74 24 28 83 FE 01 89 5D 4E 75 31 8D 45 53 50 53 FF B5 ED 09 00 00 8D 45 35 50 E9 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 B8 F8 C0 A5 23 50 50 03 45 4E 5B 85 C0 74 1C EB 01 E8 81 FB F8 C0 A5 23 74 35 33 D2 56 6A 00 56 FF 75 4E FF D0 5E 83 FE 00 75 24 33 D2 8B 45 41 85 C0 74 07 52 52 FF 75 35 FF D0 8B 45 35 85 C0 74 0D 68 00 80 00 00 6A 00 FF 75 35 FF 55 3D 5B 0B DB 61 75 06 6A 01 58 C2 0C 00 33 C0 F7 D8 1B C0 40 C2 0C 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="350" bl="0">
-      <text>ASProtect SKE 2.1/2.2 (exe) -> Alexey Solodovnikov (h)</text>
-      <pattern>
-        90 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB 00 xx xx xx 80 7D 4D 01 75 0C 8B 74 24 28 83 FE 01 89 5D 4E 75 31 8D 45 53 50 53 FF B5 ED 09 00 00 8D 45 35 50 E9 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="351" bl="0">
-      <text>ASProtect SKE 2.1/2.2 (exe) -> Alexey Solodovnikov (h)</text>
-      <pattern>
-        90 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB 00 xx xx xx 80 7D 4D 01 75 0C 8B 74 24 28 83 FE 01 89 5D 4E 75 31 8D 45 53 50 53 FF B5 ED 09 00 00 8D 45 35 50 E9 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B8 F8 C0 A5 23 50 50 03 45 4E 5B 85 C0 74 1C EB 01 E8 81 FB F8 C0 A5 23 74 35 33 D2 56 6A 00 56 FF 75 4E FF D0 5E 83 FE 00 75 24 33 D2 8B 45 41 85 C0 74 07 52 52 FF 75 35 FF D0 8B 45 35 85 C0 74 0D 68 00 80 00 00 6A 00 FF 75 35 FF 55 3D 5B 0B DB 61 75 06 6A 01 58 C2 0C 00 33 C0 F7 D8 1B C0 40 C2 0C
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="352" bl="0">
-      <text>ASProtect SKE 2.1/2.2 (exe) -> Alexey Solodovnikov (h)</text>
-      <pattern>
-        90 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB 00 xx xx xx 80 7D 4D 01 75 0C 8B 74 24 28 83 FE 01 89 5D 4E 75 31 8D 45 53 50 53 FF B5 ED 09 00 00 8D 45 35 50 E9 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B8 F8 C0 A5 23 50 50 03 45 4E 5B 85 C0 74 1C EB 01 E8 81 FB F8 C0 A5 23 74 35 33 D2 56 6A 00 56 FF 75 4E FF D0 5E 83 FE 00 75 24 33 D2 8B 45 41 85 C0 74 07 52 52 FF 75 35 FF D0 8B 45 35 85 C0 74 0D 68 00 80 00 00 6A 00 FF 75 35 FF 55 3D 5B 0B DB 61 75 06 6A 01 58 C2 0C 00 33 C0 F7 D8 1B C0 40 C2 0C 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="353" bl="0">
-      <text>ASProtect SKE 2.3 -> Alexey Solodovnikov (h)</text>
-      <pattern>
-        90 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB 00 xx xx xx 80 7D 4D 01 75 0C 8B 74 24 28 83 FE 01 89 5D 4E 75 31 8D 45 53 50 53 FF B5 E5 0B 00 00 8D 45 35 50 E9 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx 00 00 00 00 B8 F8 C0 A5 23 50 50 03 45 4E 5B 85 C0 74 1C EB 01 E8 81 FB F8 C0 A5 23 74 35 33 D2 56 6A 00 56 FF 75 4E FF D0 5E 83 FE 00 75 24 33 D2 8B 45 41 85 C0 74 07 52 52 FF 75 35 FF D0 8B 45 35 85 C0 74 0D 68 00 80 00 00 6A 00 FF 75 35 FF 55 3D 5B 0B DB 61 75 06 6A 01 58 C2 0C 00 33 C0 F7 D8 1B C0 40 C2 0C
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="354" bl="0">
-      <text>ASProtect v1.0</text>
-      <pattern>
-        60 E8 01 xx xx xx 90 5D 81 ED xx xx xx xx BB xx xx xx xx 03 DD 2B 9D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="355" bl="0">
-      <text>ASProtect v1.1 MTE</text>
-      <pattern>
-        60 E9 xx xx xx xx 91 78 79 79 79 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="356" bl="0">
-      <text>ASProtect v1.1 MTEc</text>
-      <pattern>
-        90 60 E8 1B xx xx xx E9 FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="357" bl="0">
-      <text>ASProtect v1.1</text>
-      <pattern>
-        60 E9 xx 04 xx xx E9 xx xx xx xx xx xx xx EE
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="358" bl="0">
-      <text>ASProtect v1.2 -> Alexey Solodovnikov (h1)</text>
-      <pattern>
-        90 60 E8 1B 00 00 00 E9 FC 8D B5 0F 06 00 00 8B FE B9 97 00 00 00 AD 35 78 56 34 12 AB 49 75 F6 EB 04 5D 45 55 C3 E9 xx xx xx 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="359" bl="0">
-      <text>ASProtect v1.23 RC1</text>
-      <pattern>
-        68 01 xx xx 00 E8 01 00 00 00 C3 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="360" bl="0">
-      <text>ASProtect v1.23 RC4 build 08.07 (dll) -> Alexey Solodovnikov (h)</text>
-      <pattern>
-        60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB 00 xx xx xx 80 7D 4D 01 75 0C 8B 74 24 28 83 FE 01 89 5D 4E 75 31 8D 45 53 50 53 FF B5 D5 09 00 00 8D 45 35 50 E9 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 B8 F8 C0 A5 23 50 50 03 45 4E 5B 85 C0 74 1C EB 01 E8 81 FB F8 C0 A5 23 74 35 33 D2 56 6A 00 56 FF 75 4E FF D0 5E 83 FE 00 75 24 33 D2 8B 45 41 85 C0 74 07 52 52 FF 75 35 FF D0 8B 45 35 85 C0 74 0D 68 00 80 00 00 6A 00 FF 75 35 FF 55 3D 5B 0B DB 61 75 06 6A 01 58 C2 0C 00 33 C0 F7 D8 1B C0 40 C2 0C 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="361" bl="0">
-      <text>ASProtect v1.23 RC4 build 08.07 (exe) -> Alexey Solodovnikov (h)</text>
-      <pattern>
-        90 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB xx xx xx xx 80 7D 4D 01 75 0C 8B 74 24 28 83 FE 01 89 5D 4E 75 31 8D 45 53 50 53 FF B5 D5 09 00 00 8D 45 35 50 E9 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B8 F8 C0 A5 23 50 50 03 45 4E 5B 85 C0 74 1C EB 01 E8 81 FB F8 C0 A5 23 74 35 33 D2 56 6A 00 56 FF 75 4E FF D0 5E 83 FE 00 75 24 33 D2 8B 45 41 85 C0 74 07 52 52 FF 75 35 FF D0 8B 45 35 85 C0 74 0D 68 00 80 00 00 6A 00 FF 75 35 FF 55 3D 5B 0B DB 61 75 06 6A 01 58 C2 0C 00 33 C0 F7 D8 1B C0 40 C2 0C 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="362" bl="0">
-      <text>ASProtect v1.2x (New Strain)</text>
-      <pattern>
-        68 01 xx xx xx E8 01 xx xx xx C3 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="363" bl="0">
-      <text>ASProtect v1.2x</text>
-      <pattern>
-        00 00 68 01 xx xx xx C3 AA
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="364" bl="0">
-      <text>ASProtect V2.X DLL -> Alexey Solodovnikov</text>
-      <pattern>
-        60 E8 03 00 00 00 E9 xx xx 5D 45 55 C3 E8 01 00 00 00 EB 5D BB xx xx xx xx 03 DD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="365" bl="0">
-      <text>ASProtect v?.? -> If you know this version, post on PEiD board (h2)</text>
-      <pattern>
-        90 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB 00 xx xx 00 80 7D 4D 01 75 0C 8B 74 24 28 83 FE 01 89 5D 4E 75 31 8D 45 53 50 53 FF B5 DD 09 00 00 8D 45 35 50 E9 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="366" bl="0">
-      <text>ASProtect v?.? -> If you know this version, post on PEiD board</text>
-      <pattern>
-        90 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB 00 xx xx 00 80 7D 4D 01 75 0C 8B 74 24 28 83 FE 01 89 5D 4E 75 31 8D 45 53 50 53 FF B5 DD 09 00 00 8D 45 35 50 E9 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="367" bl="0">
-      <text>ASProtect vx.x</text>
-      <pattern>
-        60 xx xx xx xx xx 90 5D xx xx xx xx xx xx xx xx xx xx xx 03 DD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ass - crypter -> by santasdad</text>
-      <pattern>
-        55 8B EC 83 C4 EC 53 xx xx xx xx 89 45 EC B8 98 40 00 10 E8 AC EA FF FF 33 C0 55 68 78 51 00 10 64 xx xx xx xx 20 6A 0A 68 88 51 00 10 A1 E0 97 00 10 50 E8 D8 EA FF FF 8B D8 53 A1 E0 97 00 10 50 E8 12 EB FF FF 8B F8 53 A1 E0 97 00 10 50 E8 DC EA FF FF 8B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="368" bl="0">
-      <text>ass - crypter -> by santasdad</text>
-      <pattern>
-        55 8B EC 83 C4 EC 53 xx xx xx xx 89 45 EC B8 98 40 00 10 E8 AC EA FF FF 33 C0 55 68 78 51 00 10 64 xx xx xx xx 20 6A 0A 68 88 51 00 10 A1 E0 97 00 10 50 E8 D8 EA FF FF 8B D8 53 A1 E0 97 00 10 50 E8 12 EB FF FF 8B F8 53 A1 E0 97 00 10 50 E8 DC EA FF FF 8B D8 53 E8 DC EA FF FF 8B F0 85 F6 74 26 8B D7 4A B8 F0 97 00 10 E8 C9 E7 FF FF B8 F0 97 00 10 E8 B7 E7 FF FF 8B CF 8B D6 E8 EE EA FF FF 53 E8 98 EA FF FF 8D 4D EC BA 9C 51 00 10 A1 F0 97 00 10 E8 22 EB FF FF 8B 55 EC B8 F0 97 00 10 E8 89 E6 FF FF B8 F0 97 00 10 E8 7F E7 FF FF E8 6E EC FF FF 33 C0 5A 59 59 64 89 10 68 7F 51 00 10 8D 45 EC E8 11 E6 FF FF C3 E9 FF DF FF FF EB F0 5F 5E 5B E8 0D E5 FF FF 00 53 45 54 54 49 4E 47 53 00 00 00 00 FF FF FF FF 1C 00 00 00 45 4E 54 45 52 20 59 4F 55 52 20 4F 57 4E 20 50 41 53 53 57 4F 52 44 20 48 45 52 45
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="369" bl="0">
-      <text>ASYLUM Music File v.1.0</text>
-      <pattern>
-        41 53 59 4C 55 4D 20 4D 75 73 69 63 20 46 6F 72 6D 61 74 20 56 31 2E 30 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="370" bl="0">
-      <text>Audio-CD file</text>
-      <pattern>
-        52 49 46 46 xx xx xx xx 43 44 44 41 66 6D 74
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="371" bl="0">
-      <text>AutoDesk Animation file</text>
-      <pattern>
-        xx xx xx 00 12 AF xx xx 40 01 C8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="372" bl="0">
-      <text>AverCryptor 1.0 -> os1r1s</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 75 17 40 00 8B BD 9C 18 40 00 8B 8D A4 18 40 00 B8 BC 18 40 00 03 C5 80 30 05 83 F9 00 74 71 81 7F 1C AB 00 00 00 75 62 8B 57 0C 03 95 A0 18 40 00 33 C0 51 33 C9 66 B9 FA 00 66 83 F9 00 74 49 8B 57 0C 03 95 A0 18 40 00 8B 85 A8 18 40 00 83 F8 02 75 06 81 C2 00 02 00 00 51 8B 4F 10 83 F8 02 75 06 81 E9 00 02 00 00 57 BF C8 00 00 00 8B F1 E8 27 00 00 00 8B C8 5F B8 BC 18 40 00 03 C5 E8 24 00 00 00 59 49 EB B1 59 83 C7 28 49 EB 8A 8B 85 98 18 40 00 89 44 24 1C 61 FF E0 56 57 4F F7 D7 23 F7 8B C6 5F 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="373" bl="0">
-      <text>AverCryptor 1.02 beta -> os1r1s</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 0C 17 40 00 8B BD 33 18 40 00 8B 8D 3B 18 40 00 B8 51 18 40 00 03 C5 80 30 05 83 F9 00 74 71 81 7F 1C AB 00 00 00 75 62 8B 57 0C 03 95 37 18 40 00 33 C0 51 33 C9 66 B9 F7 00 66 83 F9 00 74 49 8B 57 0C 03 95 37 18 40 00 8B 85 3F 18 40 00 83 F8 02 75 06 81 C2 00 02 00 00 51 8B 4F 10 83 F8 02 75 06 81 E9 00 02 00 00 57 BF C8 00 00 00 8B F1 E8 27 00 00 00 8B C8 5F B8 51 18 40 00 03 C5 E8 24 00 00 00 59 49 EB B1 59 83 C7 28 49 EB 8A 8B 85 2F 18 40 00 89 44 24 1C 61 FF E0 56 57 4F F7 D7 23 F7 8B C6 5F 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="374" bl="0">
-      <text>AVI movie file</text>
-      <pattern>
-        52 49 46 46 xx xx xx xx 41 56 49 xx 4C 49 53 54
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="375" bl="0">
-      <text>AVP Antiviral Database</text>
-      <pattern>
-        41 56 50 20 41 6E 74 69 76 69 72 61 6C 20 44 61 74 61 62 61 73 65
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="376" bl="0">
-      <text>AVP Inspector Database</text>
-      <pattern>
-        47 68 6F 73 74 20 42 75 73 74 65 72
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="377" bl="0">
-      <text>AVPACK v1.20</text>
-      <pattern>
-        50 1E 0E 1F 16 07 33 F6 8B FE B9 xx xx FC F3 A5 06 BB xx xx 53 CB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="378" bl="0">
-      <text>AZProtect 0001 - by AlexZ aka AZCRC</text>
-      <pattern>
-        FC 33 C9 49 8B D1 33 C0 33 DB AC 32 C1 8A CD 8A EA 8A D6 B6 08 66 D1 EB 66 D1 D8 73 09 66 35 20 83 66 81 F3 B8 ED FE CE 75 EB 33 C8 33 D3 4F 75 D5 F7 D2 F7 D1 8B C2 C1 C0 10 66 8B C1 C3 F0 DA 55 8B EC 53 56 33 C9 33 DB 8B 4D 0C 8B 55 10 8B 75 08 4E 4A 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="379" bl="0">
-      <text>AZProtect 0001 - by AlexZ aka AZCRC</text>
-      <pattern>
-        EB 70 FC 60 8C 80 4D 11 00 70 25 81 00 40 0D 91 BB 60 8C 80 4D 11 00 70 21 81 1D 61 0D 81 00 40 CE 60 8C 80 4D 11 00 70 25 81 25 81 25 81 25 81 29 61 41 81 31 61 1D 61 00 40 B7 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 BE 00 xx xx 00 BF 00 00 40 00 EB 17 4B 45 52 4E 45 4C 33 32 2E 44 4C 4C 00 00 00 00 00 FF 25 xx xx xx 00 8B C6 03 C7 8B F8 57 55 8B EC 05 7F 00 00 00 50 E8 E5 FF FF FF BA 8C xx xx 00 89 02 E9 1A 01 00 00 xx 00 00 00 47 65 74 4D 6F 64 75 6C 65 46 69 6C 65 4E 61 6D 65 41 00 47 65 74 56 6F 6C 75 6D 65 49 6E 66 6F 72 6D 61 74 69 6F 6E 41 00 4D 65 73 73 61 67 65 42 6F 78 41 00 45 78 69 74 50 72 6F 63 65 73 73 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="380" bl="0">
-      <text>AZProtect 0001 - by AlexZ aka AZCRC</text>
-      <pattern>
-        FC 33 C9 49 8B D1 33 C0 33 DB AC 32 C1 8A CD 8A EA 8A D6 B6 08 66 D1 EB 66 D1 D8 73 09 66 35 20 83 66 81 F3 B8 ED FE CE 75 EB 33 C8 33 D3 4F 75 D5 F7 D2 F7 D1 8B C2 C1 C0 10 66 8B C1 C3 F0 DA 55 8B EC 53 56 33 C9 33 DB 8B 4D 0C 8B 55 10 8B 75 08 4E 4A 83 FB 08 72 05 33 DB 43 EB 01 43 33 C0 8A 04 31 8A 24 13 2A C4 88 04 31 E2 E6 5E 5B C9 C2 0C
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="381" bl="0">
-      <text>AZProtect 0x0001 -> AlexZ aka AZCRC</text>
-      <pattern>
-        EB 70 FC 60 8C 80 4D 11 00 70 25 81 00 40 0D 91 BB 60 8C 80 4D 11 00 70 21 81 1D 61 0D 81 00 40 CE 60 8C 80 4D 11 00 70 25 81 25 81 25 81 25 81 29 61 41 81 31 61 1D 61 00 40 B7 30 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="382" bl="0">
-      <text>AZProtect</text>
-      <pattern>
-        EB 70 FC 60 8C 80 4D 11 00 70 25 81 00 40 0D 91 BB 60 8C 80 4D 11 00 70 21 81 1D 61 0D 81 00 40 CE 60 8C 80 4D 11 00 70 25 81 25 81 25 81 25 81 29 61 41 81 31 61 1D 61 00 40 B7 30
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="383" bl="0">
-      <text>BamBam 0.01</text>
-      <pattern>
-        6A 14 E8 9A 05 00 00 8B D8 53 68 FB xx xx 00 E8 6C FD FF FF B9 05 00 00 00 8B F3 BF FB xx xx 00 53 F3 A5 E8 8D 05 00 00 8B 3D 03 xx xx 00 A1 2B xx xx 00 66 8B 15 2F xx xx 00 B9 80 xx xx 00 2B CF 89 45 E8 89 0D 6B xx xx 00 66 89 55 EC 8B 41 3C 33 D2 03 C1
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="384" bl="0">
-      <text>bambam V0.01 -> bedrock ! Sign by fly</text>
-      <pattern>
-        6A 14 E8 9A 05 00 00 8B D8 53 68 xx xx xx xx E8 6C FD FF FF B9 05 00 00 00 8B F3 BF xx xx xx xx 53 F3 A5 E8 8D 05 00 00 8B 3D xx xx xx xx A1 xx xx xx xx 66 8B 15 xx xx xx xx B9 xx xx xx xx 2B CF 89 45 E8 89 0D xx xx xx xx 66 89 55 EC 8B 41 3C 33 D2 03 C1 83 C4 10 66 8B 48 06 66 8B 50 14 81 E1 FF FF 00 00 8D 5C 02 18 8D 41 FF 85 C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="385" bl="0">
-      <text>bambam V0.01 -> bedrock</text>
-      <pattern>
-        6A 14 E8 9A 05 00 00 8B D8 53 68 xx xx xx xx E8 6C FD FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="386" bl="0">
-      <text>bambam V0.01 -> bedrock</text>
-      <pattern>
-        6A 14 E8 9A 05 00 00 8B D8 53 68 xx xx xx xx E8 6C FD FF FF B9 05 00 00 00 8B F3 BF xx xx xx xx 53 F3 A5 E8 8D 05 00 00 8B 3D xx xx xx xx A1 xx xx xx xx 66 8B 15 xx xx xx xx B9 xx xx xx xx 2B CF 89 45 E8 89 0D xx xx xx xx 66 89 55 EC 8B 41 3C 33 D2 03 C1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="387" bl="0">
-      <text>BamBam v0.01</text>
-      <pattern>
-        6A 14 E8 9A 05 00 00 8B D8 53 68 FB xx xx 00 E8 6C FD FF FF B9 05 00 00 00 8B F3 BF FB xx xx 00 53 F3 A5 E8 8D 05 00 00 8B 3D 03 xx xx 00 A1 2B xx xx 00 66 8B 15 2F xx xx 00 B9 80 xx xx 00 2B CF 89 45 E8 89 0D 6B xx xx 00 66 89 55 EC 8B 41 3C 33 D2 03 C1 83 C4 10 66 8B 48 06 66 8B 50 14 81 E1 FF FF 00 00 8D 5C 02 18 8D 41 FF 85 C0 0F 8E 39 01 00 00 89 45 F0 C6 45 FF 00 8D 7D E8 8B F3 8A 0E 8A 17 8A C1 3A CA 75 1E 84 C0 74 16 8A 56 01 8A 4F 01 8A C2 3A D1 75 0E 83 C6 02 83 C7 02 84 C0 75 DC 33 C0 EB 05 1B C0 83 D8 FF 85 C0 75 04 C6 45 FF 01 8B 43 10 85 C0 0F 84 DD 00 00 00 8B 43 08 50 E8 D7 04 00 00 8A 4D FF 83 C4 04 84 C9 8B 4B 08 89 45 F8 C7 45 F4 00 00 00 00 74 61 8B 15 07 xx xx 00 8B 35 6B xx xx 00 8B 7B 0C 2B CA 03 F2 8B D1 03 F7 8B F8 C1 E9 02 F3 A5
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="388" bl="0">
-      <text>bambam V0.04 -> bedrock ! Sign by fly</text>
-      <pattern>
-        BF xx xx xx xx 83 C9 FF 33 C0 68 xx xx xx xx F2 AE F7 D1 49 51 68 xx xx xx xx E8 11 0A 00 00 83 C4 0C 68 xx xx xx xx FF 15 xx xx xx xx 8B F0 BF xx xx xx xx 83 C9 FF 33 C0 F2 AE F7 D1 49 BF xx xx xx xx 8B D1 68 xx xx xx xx C1 E9 02 F3 AB 8B CA 83 E1 03 F3 AA BF xx xx xx xx 83 C9 FF 33 C0 F2 AE F7 D1 49 51 68 xx xx xx xx E8 C0 09 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="389" bl="0">
-      <text>bambam V0.04 -> bedrock</text>
-      <pattern>
-        BF xx xx xx xx 83 C9 FF 33 C0 68 xx xx xx xx F2 AE F7 D1 49 51 68 xx xx xx xx E8 11 0A 00 00 83 C4 0C 68 xx xx xx xx FF 15 xx xx xx xx 8B F0 BF xx xx xx xx 83 C9 FF 33 C0 F2 AE F7 D1 49 BF xx xx xx xx 8B D1 68 xx xx xx xx C1 E9 02 F3 AB 8B CA 83 E1 03 F3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="390" bl="0">
-      <text>BDC HelpSystem Help file</text>
-      <pattern>
-        42 44 43 20 48 65 6C 70 53 79 73 74 65 6D
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="391" bl="0">
-      <text>beria v0.07 public WIP -> symbiont (h)</text>
-      <pattern>
-        83 EC 18 53 8B 1D 00 30 xx xx 55 56 57 68 30 07 00 00 33 ED 55 FF D3 8B F0 3B F5 74 0D 89 AE 20 07 00 00 E8 88 0F 00 00 EB 02 33 F6 6A 10 55 89 35 30 40 xx xx FF D3 8B F0 3B F5 74 09 89 2E E8 3C FE FF FF EB 02 33 F6 6A 18 55 89 35 D8 43 xx xx FF D3 8B F0 3B F5 74 37 8B 46 0C 3B C5 8B 3D 04 30 xx xx 89 2E 89 6E 04 89 6E 08 74 06 50 FF D7 89 6E 0C 8B 46 10 3B C5 74 06 50 FF D7 89 6E 10 8B 46 14 3B C5 74 0A 50 FF D7 89 6E 14 EB 02 33 F6 6A 10 55 89 35 A4 40 xx xx FF D3 8B F0 3B F5 74 09 E8 08 12 00 00 8B C6 EB 02 33 C0 8B 48 08 8B 51 04 8B 09 8B 35 30 30 xx xx A3 D4 43 xx xx 8B 00 03 D0 52 03 C8 51 FF D6 8B 3D 24 30 xx xx 50 FF D7
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="392" bl="0">
-      <text>beria v0.07 public WIP -> symbiont</text>
-      <pattern>
-        83 EC 18 53 8B 1D 00 30 xx xx 55 56 57 68 30 07 00 00 33 ED 55 FF D3 8B F0 3B F5 74 0D 89 AE 20 07 00 00 E8 88 0F 00 00 EB 02 33 F6 6A 10 55 89 35 30 40 xx xx FF D3 8B F0 3B F5 74 09 89 2E E8 3C FE FF FF EB 02 33 F6 6A 18 55 89 35 D8 43 xx xx FF D3 8B F0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="393" bl="0">
-      <text>Berio 1.00 beta (h)</text>
-      <pattern>
-        90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 E9 01 12 00 00 90 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB 00 B0 01 00 83 BD 22 04 00 00 00 89 9D 22 04 00 00 0F 85 65 03 00 00 8D 85 2E 04 00 00 50 FF 95 4D 0F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="394" bl="0">
-      <text>Berio 2.00 beta (h)</text>
-      <pattern>
-        90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 E9 01 74 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="395" bl="0">
-      <text>BeRo Tiny Pascal -> BeRo</text>
-      <pattern>
-        E9 xx xx xx xx 20 43 6F 6D 70 69 6C 65 64 20 62 79 3A 20 42 65 52 6F 54 69 6E 79 50 61 73 63 61 6C 20 2D 20 28 43 29 20 43 6F 70 79 72 69 67 68 74 20 32 30 30 36 2C 20 42 65 6E 6A 61 6D 69 6E 20 27 42 65 52 6F 27 20 52 6F 73 73 65 61 75 78 20
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="396" bl="0">
-      <text>BeRoEXEPacker v1.00 (DLL) -> BeRo / Farbrausch</text>
-      <pattern>
-        83 7C 24 08 01 0F 85 xx xx xx xx 60 68 xx xx xx xx 68 xx xx xx xx 68 xx xx xx xx E8 xx xx xx xx BE xx xx xx xx B9 xx xx xx xx 8B F9 81 FE xx xx xx xx 7F 10 AC 47 04 18 2C 02 73 F0 29 3E 03 F1 03 F9 EB E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="397" bl="0">
-      <text>BeRoEXEPacker v1.00 (DLL) -> BeRo / Farbrausch</text>
-      <pattern>
-        83 7C 24 08 01 0F 85 xx xx xx xx 60 68 xx xx xx xx 68 xx xx xx xx 68 xx xx xx xx E8 xx xx xx xx BE xx xx xx xx B9 xx xx xx xx 8B F9 81 FE xx xx xx xx 7F 10 AC 47 04 18 2C 02 73 F0 29 3E 03 F1 03 F9 EB E8 BA xx xx xx xx 8D B2
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="398" bl="0">
-      <text>BeRoEXEPacker v1.00 (DLL) -> BeRo / Farbrausch</text>
-      <pattern>
-        83 7C 24 08 01 0F 85 xx xx xx xx 60 BE xx xx xx xx BF xx xx xx xx FC B2 80 33 DB A4 B3 02 E8 xx xx xx xx 73 F6 33 C9 E8 xx xx xx xx 73 1C 33 C0 E8 xx xx xx xx 73 23 B3 02 41 B0 10
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="399" bl="0">
-      <text>BeRoEXEPacker v1.00 (LZMA)</text>
-      <pattern>
-        60 68 xx xx xx xx 68 xx xx xx xx 68 xx xx xx xx E8 xx xx xx xx BE xx xx xx xx B9 04 00 00 00 8B F9 81 FE xx xx xx xx 7F 10 AC 47 04 18 2C 02 73 F0 29 3E 03 F1 03 F9 EB E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="400" bl="0">
-      <text>BeRoEXEPacker V1.00 -> BeRo ! Sign by fly</text>
-      <pattern>
-        BA xx xx xx xx 8D B2 xx xx xx xx 8B 46 xx 85 C0 74 51 03 C2 8B 7E xx 8B 1E 85 DB 75 02 8B DF 03 DA 03 FA 52 57 50 FF 15 xx xx xx xx 5F 5A 85 C0 74 2F 8B C8 8B 03 85 C0 74 22 0F BA F0 1F 72 04 8D 44 xx xx 51 52 57 50 51 FF 15 xx xx xx xx 5F 5A 59 85 C0 74 0B AB 83 C3 04 EB D8 83 C6 14 EB AA 61 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="401" bl="0">
-      <text>BeRoEXEPacker v1.00 -> BeRo / Farbrausch</text>
-      <pattern>
-        60 68 xx xx xx xx 68 xx xx xx xx 68 xx xx xx xx E8 xx xx xx xx BE xx xx xx xx B9 04 00 00 00 8B F9 81 FE xx xx xx xx 7F 10 AC 47 04 18 2C 02 73 F0 29 3E 03 F1 03 F9 EB E8 BA xx xx xx xx 8D B2
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="402" bl="0">
-      <text>BeRoEXEPacker v1.00 -> BeRo / Farbrausch</text>
-      <pattern>
-        60 BE xx xx xx xx BF xx xx xx xx FC xx xx xx xx A4 xx xx xx xx 00 xx xx xx xx 33 C9 E8 64 00 00 00 73 1C xx xx xx xx 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00 12 C0 73 F7 xx xx xx xx D4 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="403" bl="0">
-      <text>BeRoEXEPacker V1.00 -> BeRo</text>
-      <pattern>
-        BA xx xx xx xx 8D B2 xx xx xx xx 8B 46 xx 85 C0 74 51 03 C2 8B 7E xx 8B 1E 85 DB 75 02 8B DF 03 DA 03 FA 52 57 50 FF 15 xx xx xx xx 5F 5A 85 C0 74 2F 8B C8 8B 03 85 C0 74 22 0F BA F0 1F 72 04 8D 44 xx xx 51 52 57 50 51 FF 15 xx xx xx xx 5F 5A 59 85 C0 74
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="404" bl="0">
-      <text>
-        BeRoEXEPacker v1.00 LZBRR
-      </text>
-      <pattern>
-        60 BE xx xx xx xx BF xx xx xx xx FC B2 80 33 DB A4 B3 02 E8 xx xx xx xx 73 F6 33 C9 E8 xx xx xx xx 73 1C 33 C0 E8 xx xx xx xx 73 23 B3 02 41 B0 10
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="405" bl="0">
-      <text>
-        BeRoEXEPacker v1.00 LZBRS
-      </text>
-      <pattern>
-        60 BE xx xx xx xx BF xx xx xx xx FC AD 8D 1C 07 B0 80 3B FB 73 3B E8 1C 00 00 00 72 03 A4 EB F2 E8 1A 00 00 00 8D 51 FF E8 12 00 00 00 56 8B F7 2B F2 F3 A4 5E EB DB 02 C0 75 03 AC 12 C0 C3 33
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="406" bl="0">
-      <text>
-        BeRoEXEPacker v1.00 LZBRS
-      </text>
-      <pattern>
-        60 BE xx xx xx xx BF xx xx xx xx FC AD 8D 1C 07 B0 80 3B FB 73 3B E8 xx xx xx xx 72 03 A4 EB F2 E8 xx xx xx xx 8D 51 FF E8 xx xx xx xx 56 8B F7 2B F2 F3 A4 5E EB DB 02 C0 75 03 AC 12 C0 C3 33
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="407" bl="0">
-      <text>
-        BeRoEXEPacker v1.00 DLL LZBRS
-      </text>
-      <pattern>
-        83 7C 24 08 01 0F 85 xx xx xx xx 60 BE xx xx xx xx BF xx xx xx xx FC AD 8D 1C 07 B0 80 3B FB 73 3B E8 1C 00 00 00 72 03 A4 EB F2 E8 1A 00 00 00 8D 51 FF E8 12 00 00 00 56 8B F7 2B F2 F3 A4 5E EB DB 02 C0 75 03 AC 12 C0 C3 33
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="408" bl="0">
-      <text>
-        BeRoEXEPacker v1.00 DLL LZBRS
-      </text>
-      <pattern>
-        83 7C 24 08 01 0F 85 xx xx xx xx 60 BE xx xx xx xx BF xx xx xx xx FC AD 8D 1C 07 B0 80 3B FB 73 3B E8 xx xx xx xx 72 03 A4 EB F2 E8 xx xx xx xx 8D 51 FF E8 xx xx xx xx 56 8B F7 2B F2 F3 A4 5E EB DB 02 C0 75 03 AC 12 C0 C3 33
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="409" bl="0">
-      <text>BGI Stroked Font v.1.1</text>
-      <pattern>
-        50 4B 08 08 42 47 49 20 53 74 72 6F 6B 65 64 20 46 6F 6E 74 20 56 31 2E 31
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="410" bl="0">
-      <text>BlackEnergy DDoS Bot Crypter</text>
-      <pattern>
-        55 xx xx 81 EC 1C 01 00 00 53 56 57 6A 04 BE 00 30 00 00 56 FF 35 00 20 11 13 6A 00 E8 xx 03 00 00 xx xx 83 C4 10 xx FF 89 7D F4 0F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="411" bl="0">
-      <text>Blade Joiner v1.5</text>
-      <pattern>
-        55 8B EC 81 C4 E4 FE FF FF 53 56 57 33 C0 89 45 F0 89 85
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="412" bl="0">
-      <text>BlindSpot 1.0 -> s134k</text>
-      <pattern>
-        55 8B EC 81 EC 50 02 00 00 8D 85 B0 FE FF FF 53 56 A3 90 12 40 00 57 8D 85 B0 FD FF FF 68 00 01 00 00 33 F6 50 56 FF 15 24 10 40 00 56 68 80 00 00 00 6A 03 56 56 8D 85 B0 FD FF FF 68 00 00 00 80 50 FF 15 20 10 40 00 56 56 68 00 08 00 00 50 89 45 FC FF 15
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="413" bl="0">
-      <text>BlindSpot 1.0 -> s134k</text>
-      <pattern>
-        55 8B EC 81 EC 50 02 00 00 8D 85 B0 FE FF FF 53 56 A3 90 12 40 00 57 8D 85 B0 FD FF FF 68 00 01 00 00 33 F6 50 56 FF 15 24 10 40 00 56 68 80 00 00 00 6A 03 56 56 8D 85 B0 FD FF FF 68 00 00 00 80 50 FF 15 20 10 40 00 56 56 68 00 08 00 00 50 89 45 FC FF 15 1C 10 40 00 8D 45 F8 8B 1D 18 10 40 00 56 50 6A 34 FF 35 90 12 40 00 FF 75 FC FF D3 85 C0 0F 84 7F 01 00 00 39 75 F8 0F 84 76 01 00 00 A1 90 12 40 00 66 8B 40 30 66 3D 01 00 75 14 8D 85 E4 FE FF FF 68 04 01 00 00 50 FF 15 14 10 40 00 EB 2C 66 3D 02 00 75 14 8D 85 E4 FE FF FF 50 68 04 01 00 00 FF 15 10 10 40 00 EB 12 8D 85 E4 FE FF FF 68 04 01 00 00 50 FF 15 0C 10 40 00 8B 3D 08 10 40 00 8D 85 E4 FE FF FF 68 54 10 40 00 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="414" bl="0">
-      <text>BobPack v1.00 -> BoB / BobSoft</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 0C 24 89 CD 83 E9 06 81 ED xx xx xx xx E8 3D 00 00 00 89 85 xx xx xx xx 89 C2 B8 5D 0A 00 00 8D 04 08 E8 E4 00 00 00 8B 70 04 01 D6 E8 76 00 00 00 E8 51 01 00 00 E8 01 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="415" bl="0">
-      <text>BobSoft Mini Delphi -> BoB / BobSoft</text>
-      <pattern>
-        55 8B EC 83 C4 F0 53 56 B8 xx xx xx xx E8 xx xx xx xx 33 C0 55 68 xx xx xx xx 64 FF 30 64 89 20 B8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="416" bl="0">
-      <text>BobSoft Mini Delphi -> BoB / BobSoft</text>
-      <pattern>
-        55 8B EC 83 C4 F0 53 B8 xx xx xx xx E8 xx xx xx xx 33 C0 55 68 xx xx xx xx 64 FF 30 64 89 20 B8 xx xx xx xx E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="417" bl="0">
-      <text>BobSoft Mini Delphi -> BoB / BobSoft</text>
-      <pattern>
-        55 8B EC 83 C4 F0 B8 xx xx xx xx E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="418" bl="0">
-      <text>BookManager v9510</text>
-      <pattern>
-        FC A3 xx xx 89 1E xx xx 49 89 0E xx xx BB xx xx 8C 1F 83 xx xx 89 xx xx B8 xx xx 50 89 xx xx F7 D0 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="419" bl="0">
-      <text>BopCrypt v1.0</text>
-      <pattern>
-        60 BD xx xx xx xx E8 xx xx 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="420" bl="0">
-      <text>Borland C / Borland Builder</text>
-      <pattern>
-        3B CF 76 05 2B CF FC F3 AA 59
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="421" bl="0">
-      <text>Borland C++ 1991</text>
-      <pattern>
-        2E 8C 06 xx xx 2E 8C 1E xx xx BB xx xx 8E DB 1E E8 xx xx 1F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="422" bl="0">
-      <text>Borland C++ 1992, 1994</text>
-      <pattern>
-        8C C8 8E D8 8C 1E xx xx 8C 06 xx xx 8C 06 xx xx 8C 06
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="423" bl="0">
-      <text>Borland C++ 1994</text>
-      <pattern>
-        8C CA 2E 89 xx xx xx B4 30 CD 21 8B 2E xx xx 8B 1E xx xx 8E DA A3 xx xx 8C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="424" bl="0">
-      <text>Borland C++ DLL</text>
-      <pattern>
-        EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90 E9
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="425" bl="0">
-      <text>Borland C++ DLL</text>
-      <pattern>
-        EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90 E9 xx xx xx xx A1 xx xx xx xx C1 E0 02 A3 xx xx xx xx 8B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="426" bl="0">
-      <text>Borland C++ DLL</text>
-      <pattern>
-        EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90 E9 A1 C1 E0 02 A3 8B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="427" bl="0">
-      <text>Borland C++ for Win16 1991</text>
-      <pattern>
-        9A FF FF 00 00 0B C0 75 xx E9 xx xx 8C xx xx xx 89 xx xx xx 89 xx xx xx 89 xx xx xx 89 xx xx xx B8 FF FF 50 9A FF FF 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="428" bl="0">
-      <text>Borland C++ for Win32 1994</text>
-      <pattern>
-        A1 xx xx xx xx C1 xx xx A3 xx xx xx xx 83 xx xx xx xx 75 xx 57 51 33 C0 BF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="429" bl="0">
-      <text>Borland C++ for Win32 1995</text>
-      <pattern>
-        A1 xx xx xx xx C1 xx xx A3 xx xx xx xx 57 51 33 C0 BF xx xx xx xx B9 xx xx xx xx 3B CF 76
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="430" bl="0">
-      <text>Borland C++ for Win32 1999</text>
-      <pattern>
-        EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="431" bl="0">
-      <text>Borland C++ for Win32 1999</text>
-      <pattern>
-        EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90 E9 xx xx xx xx A1 xx xx xx xx C1 E0 02 A3 xx xx xx xx 52
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="432" bl="0">
-      <text>Borland C++</text>
-      <pattern>
-        A1 xx xx xx xx C1 E0 02 A3 xx xx xx xx 57 51 33 C0 BF xx xx xx xx B9 xx xx xx xx 3B CF 76 05 2B CF FC F3 AA 59 5F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="433" bl="0">
-      <text>Borland Delphi 3 -> Portions Copyright (c) 1983,96 Borland (h)</text>
-      <pattern>
-        50 6F 72 74 69 6F 6E 73 20 43 6F 70 79 72 69 67 68 74 20 28 63 29 20 31 39 38 33 2C 39 36 20 42 6F 72 6C 61 6E 64 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="434" bl="0">
-      <text>Borland Delphi 3 -> Portions Copyright (c) 1983,97 Borland (h)</text>
-      <pattern>
-        50 6F 72 74 69 6F 6E 73 20 43 6F 70 79 72 69 67 68 74 20 28 63 29 20 31 39 38 33 2C 39 37 20 42 6F 72 6C 61 6E 64 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="435" bl="0">
-      <text>Borland Delphi 5 -> Portions Copyright (c) 1983,99 Borland (h)</text>
-      <pattern>
-        50 6F 72 74 69 6F 6E 73 20 43 6F 70 79 72 69 67 68 74 20 28 63 29 20 31 39 38 33 2C 39 39 20 42 6F 72 6C 61 6E 64 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="436" bl="0">
-      <text>Borland Delphi DLL</text>
-      <pattern>
-        55 8B EC 83 C4 B4 B8 xx xx xx xx E8 xx xx xx xx E8 xx xx xx xx 8D 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="437" bl="0">
-      <text>Borland Delphi Setup Module</text>
-      <pattern>
-        55 8B EC 83 C4 xx 53 56 57 33 C0 89 45 F0 89 45 D4 89 45 D0 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="438" bl="0">
-      <text>Borland Delphi v2.0</text>
-      <pattern>
-        E8 xx xx xx xx 6A xx E8 xx xx xx xx 89 05 xx xx xx xx E8 xx xx xx xx 89 05 xx xx xx xx C7 05 xx xx xx xx 0A xx xx xx B8 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="439" bl="0">
-      <text>Borland Delphi v3.0</text>
-      <pattern>
-        50 6A xx E8 xx xx FF FF BA xx xx xx xx 52 89 05 xx xx xx xx 89 42 04 E8 xx xx xx xx 5A 58 E8 xx xx xx xx C3 55 8B EC 33 C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="440" bl="0">
-      <text>Borland Delphi v4.0 - v5.0</text>
-      <pattern>
-        50 6A 00 E8 xx xx FF FF BA xx xx xx xx 52 89 05 xx xx xx xx 89 42 04 C7 42 08 00 00 00 00 C7 42 0C 00 00 00 00 E8 xx xx xx xx 5A 58 E8 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="441" bl="0">
-      <text>Borland Delphi v4.0 - v5.0</text>
-      <pattern>
-        50 6A xx E8 xx xx FF FF BA xx xx xx xx 52 89 05 xx xx xx xx 89 42 04 C7 42 08 xx xx xx xx C7 42 0C xx xx xx xx E8 xx xx xx xx 5A 58 E8 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="442" bl="0">
-      <text>Borland Delphi v5.0 KOL</text>
-      <pattern>
-        55 8B EC 83 C4 F0 B8 xx xx 40 00 E8 xx xx FF FF E8 xx xx FF FF E8 xx xx FF FF 8B C0 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="443" bl="0">
-      <text>Borland Delphi v6.0 - v7.0</text>
-      <pattern>
-        53 8B D8 33 C0 A3 00 xx xx xx 06 A0 0E 80 xx xx 0F FA 30 xx xx xx 0A 10 xx xx xx 0A 30 xx xx xx 03 3C 0A 30 xx xx xx 03 3C 0A 30 xx xx xx E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="444" bl="0">
-      <text>Borland Delphi v6.0 - v7.0</text>
-      <pattern>
-        53 8B D8 33 C0 A3 0? xx xx ?0 6A 00 E8 0? xx ?0 FF A3 0? xx xx ?0 A1 0? xx xx ?0 A3 0? xx xx ?0 33 C0 A3 0? xx xx ?0 33 C0 A3 0? xx xx ?0 E8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="445" bl="0">
-      <text>Borland Delphi v6.0 - v7.0</text>
-      <pattern>
-        55 8B EC 83 C4 F0 B8 xx xx xx xx E8 xx xx xx xx E8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="446" bl="0">
-      <text>Borland Delphi v6.0 - v7.0</text>
-      <pattern>
-        55 8B EC 83 C4 F0 B8 xx xx xx xx E8 xx xx FB FF A1 xx xx xx xx 8B xx E8 xx xx FF FF 8B 0D xx xx xx xx A1 xx xx xx xx 8B 00 8B 15 xx xx xx xx E8 xx xx FF FF A1 xx xx xx xx 8B xx E8 xx xx FF FF E8 xx xx FB FF 8D 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="447" bl="0">
-      <text>Borland Delphi v6.0 - v7.0</text>
-      <pattern>
-        BA xx xx xx xx 83 7D 0C 01 75 xx 50 52 C6 05 xx xx xx xx xx 8B 4D 08 89 0D xx xx xx xx 89 4A 04
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="448" bl="0">
-      <text>Borland Delphi v6.0 - v7.0</text> // Hint = $0
-      <pattern>
-        53 8B D8 33 C0 A3 0: xx xx :0 6A 00 E8 0: xx :0 FF A3 0: xx xx :0 A1 0: xx xx :0 A3 0: xx xx :0 33 C0 A3 0: xx xx :0 33 C0 A3 0: xx xx :0 E8
-      </pattern><ep>false</ep>
-    </sig>
-
-    <sig id="449" bl="0">
-      <text>Borland Delphi v6.0 KOL</text>
-      <pattern>
-        55 8B EC 83 C4 F0 B8 xx xx 40 00 E8 xx xx FF FF A1 xx 72 40 00 33 D2 E8 xx xx FF FF A1 xx 72 40 00 8B 00 83 C0 14 E8 xx xx FF FF E8 xx xx FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="450" bl="0">
-      <text>Borland Delphi v6.0</text>
-      <pattern>
-        53 8B D8 33 C0 A3 xx xx xx xx 6A 00 E8 xx xx xx FF A3 xx xx xx xx A1 xx xx xx xx A3 xx xx xx xx 33 C0 A3 xx xx xx xx 33 C0 A3 xx xx xx xx E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="451" bl="0">
-      <text>Borland Delphi v6.0</text>
-      <pattern>
-        55 8B EC 83 C4 F0 B8 xx xx 45 00 E8 xx xx xx FF A1 xx xx 45 00 8B 00 E8 xx xx FF FF 8B 0D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="452" bl="0">
-      <text>Borland Pascal v7.0 for Windows</text>
-      <pattern>
-        9A FF FF 00 00 9A FF FF 00 00 55 89 E5 31 C0 9A FF FF 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="453" bl="0">
-      <text>Borland Pascal v7.0 Protected Mode</text>
-      <pattern>
-        B8 xx xx BB xx xx 8E D0 8B E3 8C D8 8E C0 0E 1F A1 xx xx 25 xx xx A3 xx xx E8 xx xx 83 3E xx xx xx 75
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="454" bl="0">
-      <text>Borland Pascal v7.0</text>
-      <pattern>
-        B8 xx xx 8E D8 8C xx xx xx 8C D3 8C C0 2B D8 8B C4 05 xx xx C1 xx xx 03 D8 B4 xx CD 21 0E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="455" bl="0">
-      <text>by Central Point Software</text>
-      <pattern>
-        50 51 52 56 57 8B EB 1E 2E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="456" bl="0">
-      <text>C.I Crypt V0.1 -> FearlesS</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00 47 65 74 50 72 6F 63 41 64 64 72
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="457" bl="0">
-      <text>C.I Crypt V0.2 -> FearlesS</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00 47 65 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="458" bl="0">
-      <text>CA Visual Objects 2.0 - 2.5</text>
-      <pattern>
-        89 25 xx xx xx xx 33 ED 55 8B EC E8 xx xx xx xx 8B D0 81 E2 FF 00 00 00 89 15 xx xx xx xx 8B D0 C1 EA 08 81 E2 FF 00 00 00 A3 xx xx xx xx D1 E0 0F 93 C3 33 C0 8A C3 A3 xx xx xx xx 68 FF 00 00 00 E8 xx xx xx xx 6A 00 E8 xx xx xx xx A3 xx xx xx xx BB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="459" bl="0">
-      <text>CA Visual Objects 2.0 - 2.5</text>
-      <pattern>
-        89 25 xx xx xx xx 33 ED 55 8B EC E8 xx xx xx xx 8B D0 81 E2 FF 00 00 00 89 15 xx xx xx xx 8B D0 C1 EA 08 81 E2 FF 00 00 00 A3 xx xx xx xx D1 E0 0F 93 C3 33 C0 8A C3 A3 xx xx xx xx 68 FF 00 00 00 E8 xx xx xx xx 6A 00 E8 xx xx xx xx A3 xx xx xx xx BB xx xx xx xx C7 03 44 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="460" bl="0">
-      <text>CALS Raster graphics format</text>
-      <pattern>
-        73 72 63 64 6F 63 69 64 3A 20
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="461" bl="0">
-      <text>Can2Exe v0.01</text>
-      <pattern>
-        0E 1F 0E 07 E8 xx xx E8 xx xx 3A C6 73
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="462" bl="0">
-      <text>CAN2EXE v0.01</text>
-      <pattern>
-        26 8E 06 xx xx B9 xx xx 33 C0 8B F8 F2 AE E3 xx 26 38 05 75 xx EB xx E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="463" bl="0">
-      <text>CauseWay DOS Extender v3.25</text>
-      <pattern>
-        FA 16 1F 26 xx xx xx 83 xx xx 8E D0 FB 06 16 07 BE xx xx 8B FE B9 xx xx F3 A4 07
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="464" bl="0">
-      <text>CC v2.61 Beta</text>
-      <pattern>
-        BA xx xx B4 30 CD 21 3C 02 73 xx 33 C0 06 50 CB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="465" bl="0">
-      <text>CD-Cops II</text>
-      <pattern>
-        53 60 BD xx xx xx xx 8D 45 xx 8D 5D xx E8 xx xx xx xx 8D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="466" bl="0">
-      <text>CDS SS 1.0 beta1 -> CyberDoom</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED CA 47 40 00 FF 74 24 20 E8 D3 03 00 00 0B C0 0F 84 13 03 00 00 89 85 B8 4E 40 00 66 8C D8 A8 04 74 0C C7 85 8C 4E 40 00 01 00 00 00 EB 12 64 A1 30 00 00 00 0F B6 40 02 0A C0 0F 85 E8 02 00 00 8D 85 F6 4C 40 00 50 FF B5 B8 4E 40 00 E8 FC 03 00 00 0B C0 0F 84 CE 02 00 00 E8 1E 03 00 00 89 85 90 4E 40 00 8D 85 03 4D 40 00 50 FF B5 B8 4E 40 00 E8 D7 03 00 00 0B C0 0F 84 A9 02 00 00 E8 F9 02 00 00 89 85 94 4E 40 00 8D 85 12 4D 40 00 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="467" bl="0">
-      <text>CDS SS v1.0 Beta 1 -> CyberDoom / Team-X</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED CA 47 40 00 FF 74 24 20 E8 D3 03 00 00 0B C0 0F 84 13 03 00 00 89 85 B8 4E 40 00 66 8C D8 A8 04 74 0C C7 85 8C 4E 40 00 01 00 00 00 EB 12 64 A1 30 00 00 00 0F B6 40 02 0A C0 0F 85 E8 02 00 00 8D 85 F6 4C 40 00 50 FF B5 B8 4E 40 00 E8 FC 03 00 00 0B C0 0F 84 CE 02 00 00 E8 1E 03 00 00 89 85 90 4E 40 00 8D 85 03 4D 40 00 50 FF B5 B8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="468" bl="0">
-      <text>Celsius Crypt 2.1 -> Z3r0</text>
-      <pattern>
-        55 89 E5 83 EC 08 C7 04 24 01 00 00 00 FF 15 84 92 44 00 E8 C8 FE FF FF 90 8D B4 26 00 00 00 00 55 89 E5 83 EC 08 C7 04 24 02 00 00 00 FF 15 84 92 44 00 E8 A8 FE FF FF 90 8D B4 26 00 00 00 00 55 8B 0D C4 92 44 00 89 E5 5D FF E1 8D 74 26 00 55 8B 0D AC 92 44 00 89 E5 5D FF E1 90 90 90 90 55 89 E5 5D E9 77 C2 00 00 90 90 90 90 90 90 90 55 89 E5 83 EC 28 8B 45 10 89 04 24 E8 3F 14 01 00 48 89 45 FC 8B 45 0C 48 89 45 F4 8D 45 F4 89 44 24 04 8D 45 FC 89 04 24 E8 12 A3 03 00 8B 00 89 45 F8 8B 45 FC 89 45 F0 C6 45 EF 01 C7 45 E8 00 00 00 00 8B 45 E8 3B 45 F8 73 39 80 7D EF 00 74 33 8B 45 F0 89 44 24 04 8B 45 10 89 04 24 E8 1C 1A 01 00 89 C1 8B 45 08 8B 55 E8 01 C2 0F B6 01 3A 02 0F 94 C0 88 45 EF 8D 45 F0 FF 08 8D 45 E8 FF 00 EB BF 83 7D F0 00 74 34 80 7D EF 00 74 2E 8B 45 F0 89 44 24 04 8B 45 10 89 04 24 E8 DD 19 01 00 89 C1 8B 45 08 8B 55 F8 01 C2 0F B6 01 3A 02 0F 94 C0 88 45 EF 8D 45 F0 FF 08 EB C6 C7 44 24 04 00 00 00 00 8B 45 10 89 04 24 E8 AE 19 01 00 89 C1 8B 45 08 8B 55 F8 01 C2 0F B6 01 3A 02 7F 0C 0F B6 45 EF 83 E0 01 88 45 E7 EB 04 C6 45 E7 00 0F B6 45 E7 88 45 EF 0F B6 45 EF C9 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="469" bl="0">
-      <text>Celsius Crypt 2.1 -> Z3r0</text>
-      <pattern>
-        55 89 E5 83 EC 28 8B 45 10 89 04 24 E8 3F 14 01 00 48 89 45 FC 8B 45 0C 48 89 45 F4 8D 45 F4 89 44 24 04 8D 45 FC 89 04 24 E8 12 A3 03 00 8B 00 89 45 F8 8B 45 FC 89 45 F0 C6 45 EF 01 C7 45 E8 00 00 00 00 8B 45 E8 3B 45 F8 73 39 80 7D EF 00 74 33 8B 45 F0 89 44 24 04 8B 45 10 89 04 24 E8 1C 1A 01 00 89 C1 8B 45 08 8B 55 E8 01 C2 0F B6 01 3A 02 0F 94 C0 88 45 EF 8D 45 F0 FF 08 8D 45 E8 FF 00 EB BF 83 7D F0 00 74 34 80 7D EF 00 74 2E 8B 45 F0 89 44 24 04 8B 45 10 89 04 24 E8 DD 19 01 00 89 C1 8B 45 08 8B 55 F8 01 C2 0F B6 01 3A 02 0F 94 C0 88 45 EF 8D 45 F0 FF 08 EB C6 C7 44 24 04 00 00 00 00 8B 45 10 89 04 24 E8 AE 19 01 00 89 C1 8B 45 08 8B 55 F8 01 C2 0F B6 01 3A 02 7F 0C 0F B6 45 EF 83 E0 01 88 45 E7 EB 04 C6 45 E7 00 0F B6 45 E7 88 45 EF 0F B6 45 EF C9 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="470" bl="0">
-      <text>CERBERUS v2.0</text>
-      <pattern>
-        9C 2B ED 8C xx xx 8C xx xx FA E4 xx 88 xx xx 16 07 BF xx xx 8E DD 9B F5 B9 xx xx FC F3 A5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="471" bl="0">
-      <text>CExe v1.0a</text>
-      <pattern>
-        55 8B EC 81 EC 0C 02 xx xx 56 BE 04 01 xx xx 8D 85 F8 FE FF FF 56 50 6A xx FF 15 54 10 40 xx 8A 8D F8 FE FF FF 33 D2 84 C9 8D 85 F8 FE FF FF 74 16
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="472" bl="0">
-      <text>CGM Graphics format</text>
-      <pattern>
-        00 2A 08 48 69 4A 61 61 6B 20 32
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="473" bl="0">
-      <text>CHECKPRG (c) 1992</text>
-      <pattern>
-        33 C0 BE xx xx 8B D8 B9 xx xx BF xx xx BA xx xx 47 4A 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ChinaProtect -> dummy ! Sign by fly</text>
-      <pattern>
-        C3 E8 xx xx xx xx B9 xx xx xx xx E8 xx xx xx xx FF 30 C3 B9 xx xx xx xx E8 xx xx xx xx FF 30 C3 B9 xx xx xx xx E8 xx xx xx xx FF 30 C3 B9 xx xx xx xx E8 xx xx xx xx FF 30 C3 56 8B xx xx xx 6A 40 68 00 10 00 00 8D xx xx 50 6A 00 E8 xx xx xx xx 89 30 83 C0 04 5E C3 8B 44 xx xx 56 8D xx xx 68 00 40 00 00 FF 36 56 E8 xx xx xx xx 68 00 80 00 00 6A 00 56 E8 xx xx xx xx 5E C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ChSfx (small) v1.1</text>
-      <pattern>
-        BA xx xx E8 xx xx 8B EC 83 EC xx 8C C8 BB xx xx B1 xx D3 EB 03 C3 8E D8 05 xx xx 89
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CICompress 1.0</text>
-      <pattern>
-        6A 04 68 00 10 00 00 FF 35 9C 14 40 00 6A 00 FF 15 38 10 40 00 A3 FC 10 40 00 97 BE 00 20 40 00 E8 71 00 00 00 3B 05 9C 14 40 00 75 61 6A 00 6A 20 6A 02 6A 00 6A 03 68 00 00 00 C0 68 94 10 40 00 FF 15 2C 10 40 00 A3 F8 10 40 00 6A 00 68 F4 10 40 00 FF 35
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CICompress v1.0</text>
-      <pattern>
-        6A 04 68 00 10 00 00 FF 35 9C 14 40 00 6A 00 FF 15 38 10 40 00 A3 FC 10 40 00 97 BE 00 20 40 00 E8 71 00 00 00 3B 05 9C 14 40 00 75 61 6A 00 6A 20 6A 02 6A 00 6A 03 68 00 00 00 C0 68 94 10 40 00 FF 15 2C 10 40 00 A3 F8 10 40 00 6A 00 68 F4 10 40 00 FF 35 9C 14 40 00 FF 35 FC 10 40 00 FF 35 F8 10 40 00 FF 15 34 10 40 00 FF 35 F8 10 40 00 FF 15 30 10 40 00 68 00 40 00 00 FF 35 9C 14 40 00 FF 35 FC 10 40 00 FF 15 3C 10 40 00 6A 00 FF 15 28 10 40 00 60 33 DB 33 C9 E8 7F 00 00 00 73 0A B1 08 E8 82 00 00 00 AA EB EF E8 6E 00 00 00 73 14 B1 04 E8 71 00 00 00 3C 00 74 EB 56 8B F7 2B F0 A4 5E EB D4 33 ED E8 51 00 00 00 72 10 B1 02 E8 54 00 00 00 3C 00 74 3B 8B E8 C1 C5 08 B1 08 E8 44 00 00 00 0B C5 50 33 ED E8 2E 00 00 00 72 0C B1 02 E8 31 00 00 00 8B E8 C1 C5 08
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CipherWall Self-Extrator/Decryptor (Console) 1.5</text>
-      <pattern>
-        90 61 BE 00 10 42 00 8D BE 00 00 FE FF C7 87 C0 20 02 00 0B 6E 5B 9B 57 83 CD FF EB 0E 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CipherWall Self-Extrator/Decryptor (Console) v1.5</text>
-      <pattern>
-        90 61 BE 00 10 42 00 8D BE 00 00 FE FF C7 87 C0 20 02 00 0B 6E 5B 9B 57 83 CD FF EB 0E 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0 08 8A 06 46 83 F0 FF 74 74 89 C5 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 75 20 41 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 83 C1 02 81 FD 00 F3 FF FF 83 D1 01 8D 14 2F 83 FD FC 76 0F 8A 02 42 88 07 47 49 75 F7 E9 63 FF FF FF 90 8B 02 83 C2 04 89 07 83 C7 04 83 E9 04 77 F1 01 CF E9 4C FF FF FF 5E 89 F7 B9 12 10 00 00 8A 07 47 2C E8 3C 01 77 F7 80 3F 06 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CipherWall Self-Extrator/Decryptor (GUI) 1.5</text>
-      <pattern>
-        90 61 BE 00 10 42 00 8D BE 00 00 FE FF C7 87 C0 20 02 00 F9 89 C7 6A 57 83 CD FF EB 0E 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CipherWall Self-Extrator/Decryptor (GUI) v1.5</text>
-      <pattern>
-        90 61 BE 00 10 42 00 8D BE 00 00 FE FF C7 87 C0 20 02 00 F9 89 C7 6A 57 83 CD FF EB 0E 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0 08 8A 06 46 83 F0 FF 74 74 89 C5 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 75 20 41 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 83 C1 02 81 FD 00 F3 FF FF 83 D1 01 8D 14 2F 83 FD FC 76 0F 8A 02 42 88 07 47 49 75 F7 E9 63 FF FF FF 90 8B 02 83 C2 04 89 07 83 C7 04 83 E9 04 77 F1 01 CF E9 4C FF FF FF 5E 89 F7 B9 52 10 00 00 8A 07 47 2C E8 3C 01 77 F7 80 3F 0E 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Code Virtualizer V1.3.1.0 -> Oreans Technologies ! Sign by fly</text>
-      <pattern>
-        60 9C FC E8 00 00 00 00 5F 81 EF xx xx xx xx 8B C7 81 C7 xx xx xx xx 3B 47 2C 75 02 EB 2E 89 47 2C B9 A7 00 00 00 EB 05 01 44 8F xx 49 0B C9 75 F7 83 7F 40 00 74 15 8B 77 40 03 F0 EB 09 8B 1E 03 D8 01 03 83 C6 04 83 3E 00 75 F2 8B 74 24 24 8B DE 03 F0 B9 01 00 00 00 33 C0 F0 0F B1 4F 30 75 F7 AC
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Code Virtualizer V1.3.1.0 -> Oreans Technologies</text>
-      <pattern>
-        60 9C FC E8 00 00 00 00 5F 81 EF xx xx xx xx 8B C7 81 C7 xx xx xx xx 3B 47 2C 75 02 EB 2E 89 47 2C B9 A7 00 00 00 EB 05 01 44 8F xx 49 0B C9 75 F7 83 7F 40 00 74 15 8B 77 40 03 F0 EB 09 8B 1E 03 D8 01 03 83 C6 04 83 3E 00 75 F2 8B 74 24 24 8B DE 03 F0 B9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Code-Lock vx.x</text>
-      <pattern>
-        43 4F 44 45 2D 4C 4F 43 4B 2E 4F 43 58 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CodeCrypt v0.14b</text>
-      <pattern>
-        E9 C5 02 00 00 EB 02 83 3D 58 EB 02 FF 1D 5B EB 02 0F C7 5F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CodeCrypt v0.15b</text>
-      <pattern>
-        E9 31 03 00 00 EB 02 83 3D 58 EB 02 FF 1D 5B EB 02 0F C7 5F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CodeCrypt v0.164</text>
-      <pattern>
-        E9 2E 03 00 00 EB 02 83 3D 58 EB 02 FF 1D 5B EB 02 0F C7 5F EB 03 FF 1D 34
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CodeCrypt v0.16b - v0.163b</text>
-      <pattern>
-        E9 2E 03 00 00 EB 02 83 3D 58 EB 02 FF 1D 5B EB 02 0F C7 5F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>codeCrypter 0.31 -> Tibbar</text>
-      <pattern>
-        50 58 53 5B 90 BB xx xx xx 00 FF E3 90 CC CC CC 55 8B EC 5D C3 CC CC CC CC CC CC CC CC CC CC CC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>codeCrypter 0.31</text>
-      <pattern>
-        50 58 53 5B 90 BB xx xx 40 00 FF E3 90 CC CC CC 55 8B EC 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>codeCrypter 0.31</text>
-      <pattern>
-        50 58 53 5B 90 BB xx xx 40 00 FF E3 90 CC CC CC 55 8B EC 5D C3 CC CC CC CC CC CC CC CC CC CC CC
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Com4mail v1.0</text>
-      <pattern>
-        42 45 47 49 4E 3D 3D 3D 74 66 75 64 23 6F 66 5F 43 6F 6D 34 4D 61 69 6C 5F 66 69 6C 65 23 0D 0A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>COMPACK v4.5 (2)</text>
-      <pattern>
-        BE xx xx E8 xx xx 5D 83 xx xx 55 50 53 51 52 0E 07 0E 1F 8B CE
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>COMPACK v5.1</text>
-      <pattern>
-        BD xx xx 50 06 8C CB 03 DD 8C D2 4B 8E DB BE xx xx BF xx xx 8E C2 B9 xx xx F3 A5 4A 4D 75 xx 8B F7 8E DA 0E 07 06 16
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>COP v1.0 (c) 1988</text>
-      <pattern>
-        BF xx xx BE xx xx B9 xx xx AC 32 xx xx xx AA E2 xx 8B xx xx xx EB xx 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Copy Protector v2.0</text>
-      <pattern>
-        2E A2 xx xx 53 51 52 1E 06 B4 xx 1E 0E 1F BA xx xx CD 21 1F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CopyControl v3.03</text>
-      <pattern>
-        CC 90 90 EB 0B 01 50 51 52 53 54 61 33 61 2D 35 CA D1 07 52 D1 A1 3C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CopyMinder -> Microcosm.Ltd ! Sign by fly</text>
-      <pattern>
-        83 25 xx xx xx xx EF 6A 00 E8 xx xx xx xx E8 xx xx xx xx CC FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CopyMinder -> Microcosm.Ltd</text>
-      <pattern>
-        83 25 xx xx xx xx EF 6A 00 E8 xx xx xx xx E8 xx xx xx xx CC FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25 xx xx xx xx FF 25
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CorelDraw 8 CDR Graphics format</text>
-      <pattern>
-        52 49 46 46 xx xx xx xx 43 44 52 38
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CorelDraw CMX Graphics format</text>
-      <pattern>
-        52 49 46 46 xx xx xx xx 43 4D 58 31
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CPAV</text>
-      <pattern>
-        E8 xx xx 4D 5A B1 01 93 01 00 00 02
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Cracked by AutoHack (1)</text>
-      <pattern>
-        FA 50 51 57 56 1E 06 2E 80 3E xx xx xx 74 xx 8E 06 xx xx 2B FF FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Cracked by Autohack (2)</text>
-      <pattern>
-        0E 1F B4 09 BA xx xx CD 21 FA 8E 06 xx xx BE xx xx 8B 0E xx xx 83 F9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CrackStop v1.01 (c) Stefan Esser 1997</text>
-      <pattern>
-        B4 48 BB FF FF B9 EB 27 8B EC CD 21 FA FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CreateInstall 2003.3.5</text>
-      <pattern>
-        81 EC 0C 04 00 00 53 56 57 55 68 60 50 40 00 6A 01 6A 00 FF 15 D8 80 40 00 8B F0 FF 15 D4 80 40 00 3D B7 00 00 00 75 0F 56 FF 15 B8 80 40 00 6A 02 FF 15 A4 80 40 00 33 DB E8 F2 FE FF FF 68 02 7F 00 00 89 1D 94 74 40 00 53 89 1D 98 74 40 00 FF 15 E4 80 40
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CreateInstall Stub vx.x</text>
-      <pattern>
-        55 8B EC 81 EC 20 02 00 00 53 56 57 6A 00 FF 15 18 61 40 00 68 00 70 40 00 89 45 08 FF 15 14 61 40 00 85 C0 74 27 6A 00 A1 00 20 40 00 50 FF 15 3C 61 40 00 8B F0 6A 06 56 FF 15 38 61 40 00 6A 03 56 FF 15 38 61 40 00 E9 36 03 00 00 68 02 7F 00 00 33 F6 56
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CreateInstall Stub vx.x</text>
-      <pattern>
-        55 8B EC 81 EC 20 02 00 00 53 56 57 6A 00 FF 15 18 61 40 00 68 00 70 40 00 89 45 08 FF 15 14 61 40 00 85 C0 74 27 6A 00 A1 00 20 40 00 50 FF 15 3C 61 40 00 8B F0 6A 06 56 FF 15 38 61 40 00 6A 03 56 FF 15 38 61 40 00 E9 36 03 00 00 68 02 7F 00 00 33 F6 56 BF 00 30 00 00 FF 15 20 61 40 00 50 FF 15 2C 61 40 00 6A 04 57 68 00 FF 01 00 56 FF 15 CC 60 40 00 6A 04 A3 CC 35 40 00 57 68 00 0F 01 00 56 FF 15 CC 60 40 00 68 00 01 00 00 BE B0 3F 40 00 56 A3 C4 30 40 00 FF 75 08 FF 15 10 61 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CreateInstall v2003.3.5</text>
-      <pattern>
-        81 EC 0C 04 00 00 53 56 57 55 68 60 50 40 00 6A 01 6A 00 FF 15 D8 80 40 00 8B F0 FF 15 D4 80 40 00 3D B7 00 00 00 75 0F 56 FF 15 B8 80 40 00 6A 02 FF 15 A4 80 40 00 33 DB E8 F2 FE FF FF 68 02 7F 00 00 89 1D 94 74 40 00 53 89 1D 98 74 40 00 FF 15 E4 80 40 00 50 FF 15 E0 80 40 00 8B 0D 00 50 40 00 E8 68 FF FF FF B9 40 0D 03 00 89 44 24 14 E8 5A FF FF FF 68 00 02 00 00 8B 2D D0 80 40 00 89 44 24 1C 8D 44 24 20 50 53 FF D5 8D 4C 24 1C 53 68 00 00 00 80 8B 3D CC 80 40 00 6A 03 53 6A 03 68 00 00 00 80 51 FF D7 8B F0 53 8D 44 24 14 8B 0D 00 50 40 00 8B 54 24 18 50 51 52 56 FF 15 C8 80 40 00 85 C0 0F 84 40 02 00 00 8B 15 00 50 40 00 3B 54 24 10 0F 85 30 02 00 00 6A FF A1 04 50 40 00 2B D0 8B 4C 24 18 03 C8 E8 9F FE FF FF 3B 05 10 50 40 00 0F 85 10 02 00 00 56 FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Creative Audio file</text>
-      <pattern>
-        43 72 65 61 74 69 76 65 20 56 6F 69 63 65 20 46 69 6C 65
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Crinkler V0.1-V0.2 -> Rune L.H.Stubbe and Aske Simon Christensen</text>
-      <pattern>
-        B9 xx xx xx xx 01 C0 68 xx xx xx xx 6A 00 58 50 6A 00 5F 48 5D BB 03 00 00 00 BE xx xx xx xx E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Crinkler V0.3-V0.4 -> Rune L.H.Stubbe and Aske Simon Christensen</text>
-      <pattern>
-        B8 00 00 42 00 31 DB 43 EB 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Crunch 4 -> Bit-Arts</text>
-      <pattern>
-        EB 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 E8 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Crunch 4.0</text>
-      <pattern>
-        EB 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 E8 00 00 00 00 5D 81 ED 18 00 00 00 8B C5 55 60 9C 2B 85 E9 06 00 00 89 85 E1 06 00 00 FF 74 24 2C E8 BB 01 00 00 0F 82 92 05 00 00 E8 F1 03 00 00 49 0F 88 86 05 00 00 68 6C D9 B2 96 33 C0 50 E8 24
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Crunch 5 -> Bit-Arts</text>
-      <pattern>
-        EB 15 03 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 68 00 00 00 00 55 E8 00 00 00 00 5D 81 ED 1D 00 00 00 8B C5 55 60 9C 2B 85 FC 07 00 00 89 85 E8 07 00 00 FF 74 24 2C E8 20 02 00 00 0F 82 94 06 00 00 E8 F3 04 00 00 49 0F 88 88 06 00 00 8B B5 E8 07 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Crunch 5 / Fusion 4 -> Bit-Arts</text>
-      <pattern>
-        EB 15 03 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 68 00 00 00 00 55 E8 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Crunch 5 Fusion 4</text>
-      <pattern>
-        EB 15 03 xx xx xx 06 xx xx xx xx xx xx xx xx xx xx xx 68 xx xx xx xx 55 E8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Crunch v4.0</text>
-      <pattern>
-        EB 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 E8 00 00 00 00 5D 81 ED 18 00 00 00 8B C5 55 60 9C 2B 85 E9 06 00 00 89 85 E1 06 00 00 FF 74 24 2C E8 BB 01 00 00 0F 82 92 05 00 00 E8 F1 03 00 00 49 0F 88 86 05 00 00 68 6C D9 B2 96 33 C0 50 E8 24 03 00 00 89 85 D9 41 00 00 68 EC 49 7B 79 33 C0 50 E8 11 03 00 00 89 85 D1 41 00 00 E8 67 05 00 00 E9 56 05 00 00 51 52 53 33 C9 49 8B D1 33 C0 33 DB AC 32 C1 8A CD 8A EA 8A D6 B6 08 66 D1 EB 66 D1 D8 73 09 66 35 20 83 66 81 F3 B8 ED FE CE 75 EB 33 C8 33 D3 4F 75 D5 F7 D2 F7 D1 5B 8B C2 C1 C0 10 66 8B C1 5A 59 C3 68 03 02 00 00 E8 80 04 00 00 0F 82 A8 02 00 00 96 8B 44 24 04 0F C8 8B D0 25 0F 0F 0F 0F 33 D0 C1 C0 08 0B C2 8B D0 25 33 33 33 33 33 D0 C1 C0 04 0B C2 8B D0 25 55 55 55 55 33 D0 C1 C0 02 0B C2
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Crunch v5 -> Bit-Arts</text>
-      <pattern>
-        EB 15 03 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 68 00 00 00 00 55 E8 00 00 00 00 5D 81 ED 1D 00 00 00 8B C5 55 60 9C 2B 85 FC 07 00 00 89 85 E8 07 00 00 FF 74 24 2C E8 20 02 00 00 0F 82 94 06 00 00 E8 F3 04 00 00 49 0F 88 88 06 00 00 8B B5 E8 07 00 00 8B 56 3C 8D 8C 32 C8 00 00 00 83 39 00 74 50 8B D9 53 68 BB D4 C3 79 33 C0 50 E8 0E 04 00 00 50 8D 95 EC 07 00 00 52 6A 04 68 00 10 00 00 FF B5 E8 07 00 00 FF D0 58 5B C7 03 00 00 00 00 C7 43 04 00 00 00 00 8D 95 F0 07 00 00 52 FF B5 EC 07 00 00 68 00 10 00 00 FF B5 E8 07 00 00 FF D0 68 6C D9 B2 96 33 C0 50 E8 C1 03 00 00 89 85 xx 46 00 00 68 EC 49 7B 79 33 C0 50 E8 AE 03 00 00 89 85 xx 46 00 00 E8 04 06 00 00 E9 F3 05 00 00 51 52 53 33 C9 49 8B D1 33 C0 33 DB AC 32 C1 8A CD 8A EA 8A D6 B6 08 66 D1 EB 66 D1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Crunch V5.0 -> Bitarts</text>
-      <pattern>
-        EB 15 03 00 00 00 06
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Crunch/PE 4.0</text>
-      <pattern>
-        EB 10 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 55 E8 xx xx xx xx 5D 81 ED 18 xx xx xx 8B C5 55 60 9C 2B 85 E9 06 xx xx 89 85 E1 06 xx xx FF 74 24 2C E8 BB 01 00 00 0F 82 92 05 00 00 E8 F1 03 00 00 49 0F 88 86 05 00 00 68 6C D9 B2 96 33 C0 50 E8 24
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Crunch/PE v1.0.x.x</text>
-      <pattern>
-        55 E8 xx xx xx xx 5D 83 ED 06 8B C5 55 60 89 AD xx xx xx xx 2B 85 xx xx xx xx 89 85 xx xx xx xx 80 BD xx xx xx xx xx 75 09 C6 85
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Crunch/PE v2.0.x.x</text>
-      <pattern>
-        55 E8 xx xx xx xx 5D 83 ED 06 8B C5 55 60 89 AD xx xx xx xx 2B 85 xx xx xx xx 89 85 xx xx xx xx 55 BB xx xx xx xx 03 DD 53 64 67 FF 36 xx xx 64 67 89 26
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Crunch/PE v3.0.x.x</text>
-      <pattern>
-        EB 10 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 55 E8 xx xx xx xx 5D 81 ED 18 xx xx xx 8B C5 55 60 9C 2B 85 xx xx xx xx 89 85 xx xx xx xx FF 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Crunch/PE v4.0</text>
-      <pattern>
-        EB 10 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 55 E8 xx xx xx xx 5D 81 ED 18 xx xx xx 8B C5 55 60 9C 2B 85 E9 06 xx xx 89 85 E1 06 xx xx FF 74 24 2C E8 BB 01 00 00 0F 82 92 05 00 00 E8 F1 03 00 00 49 0F 88 86 05 00 00 68 6C D9 B2 96 33 C0 50 E8 24 03 00 00 89 85 D9 41 00 00 68 EC 49 7B 79 33 C0 50 E8 11 03 00 00 89 85 D1 41 00 00 E8 67 05 00 00 E9 56 05 00 00 51 52 53 33 C9 49 8B D1 33 C0 33 DB AC 32 C1 8A CD 8A EA 8A D6 B6 08 66 D1 EB 66 D1 D8 73 09 66 35 20 83 66 81 F3 B8 ED FE CE 75 EB 33 C8 33 D3 4F 75 D5 F7 D2 F7 D1 5B 8B C2 C1 C0 10 66 8B C1 5A 59 C3 68 03 02 00 00 E8 80 04 00 00 0F 82 A8 02 00 00 96 8B 44 24 04 0F C8 8B D0 25 0F 0F 0F 0F 33 D0 C1 C0 08 0B C2 8B D0 25 33 33 33 33 33 D0 C1 C0 04 0B C2 8B D0 25 55 55 55 55 33 D0 C1 C0 02 0B C2
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Crunch/PE</text>
-      <pattern>
-        55 E8 xx xx xx xx 5D 83 ED 06 8B C5 55 60 89 AD xx xx xx xx 2B 85
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Cruncher v1.0</text>
-      <pattern>
-        2E xx xx xx xx 2E xx xx xx B4 30 CD 21 3C 03 73 xx BB xx xx 8E DB 8D xx xx xx B4 09 CD 21 06 33 C0 50 CB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CrypKey -> Kenonic Controls (h)</text>
-      <pattern>
-        8B 1D xx xx 3E 00 83 FB 00 75 0A E8 3C 00 00 00 E8 xx 0A 00 00 8B 44 24 08 50 E8 xx 02 00 00 A1 xx xx 3E 00 83 F8 01 74 06 FF 25 14 xx 3E 00 C3 C8 00 00 00 53 8B 5D 08 33 C0 8B 4D 0C 8B 13 33 D3 83 C3 04 03 C2 49 75 F4 5B C9 C3 56 68 xx xx 3E 00 E8 xx 16 00 00 8B F0 68 xx xx 3E 00 56 E8 xx 16 00 00 A3 xx xx 3E 00 68 xx xx 3E 00 56 E8 xx 16 00 00 A3 xx xx 3E 00 68 xx xx 3E 00 56 E8 xx xx 00 00 A3 xx xx 3E 00 68 xx xx 3E 00 56 E8 xx xx 00 00 A3 xx xx 3E 00 68 xx xx 3E 00 56 E8 xx xx 00 00 A3 xx xx 3E 00 68 xx xx 3E 00 56 E8 xx xx 00 00 A3 xx xx 3E 00 68 xx xx 3E 00 56 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CrypKey v5 - v6</text>
-      <pattern>
-        E8 xx xx xx xx 58 83 E8 05 50 5F 57 8B F7 81 EF xx xx xx xx 83 C6 39 BA xx xx xx xx 8B DF B9 0B xx xx xx 8B 06
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CrypKey V5.6.X -> Kenonic Controls Ltd.</text>
-      <pattern>
-        E8 xx xx xx xx E8 xx xx xx xx 83 F8 00 75 07 6A 00 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CrypKey V5.6.X DLL -> Kenonic Controls Ltd.</text>
-      <pattern>
-        8B 1D xx xx xx xx 83 FB 00 75 0A E8 xx xx xx xx E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CrypKey V6.1X DLL -> CrypKey (Canada) Inc.</text>
-      <pattern>
-        83 3D xx xx xx xx 00 75 34 68 xx xx xx xx E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CRYPT Version 1.7 (c) Dismember (COM)</text>
-      <pattern>
-        0E 17 9C 58 F6 C4 01 xx xx xx xx xx B4 01 BE xx xx BF xx xx B9 xx xx 68 xx xx 68 xx xx 68 xx xx 57 F3 A4 C3 B0 02 E6 21 60
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CRYPT Version 1.7 (c) Dismember (EXE)</text>
-      <pattern>
-        0E 17 9C 58 F6 xx xx 74 xx E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CryptCom v1.1</text>
-      <pattern>
-        BF xx xx 57 BE xx xx xx B9 xx xx F3 A4 C3 8B xx xx xx 8B xx xx xx BF xx xx 57 BE xx xx xx AD 33 C2 AB E2 xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Crypter 3.1 -> SLESH</text>
-      <pattern>
-        68 FF 64 24 F0 68 58 58 58 58 FF D4 50 8B 40 F2 05 B0 95 F6 95 0F 85 01 81 BB FF 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Cryptic 2.0 -> Tughack</text>
-      <pattern>
-        B8 00 00 40 00 BB xx xx xx 00 B9 00 10 00 00 BA xx xx xx 00 03 D8 03 C8 03 D1 3B CA 74 06 80 31 xx 41 EB F6 FF E3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Crypto-Lock 2.02 (Eng) -> Ryan Thian</text>
-      <pattern>
-        60 BE 15 90 40 00 8D BE EB 7F FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Crypto-Lock 2.02 (Eng) -> Ryan Thian</text>
-      <pattern>
-        60 BE xx 90 40 00 8D BE xx xx FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Crypto-Lock v2.02 (Eng) -> Ryan Thian</text>
-      <pattern>
-        60 BE 15 90 40 00 8D BE EB 7F FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Crypto-Lock v2.02 (Eng) -> Ryan Thian</text>
-      <pattern>
-        60 BE 15 90 40 00 8D BE EB 7F FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0 08 8A 06 46 83 F0 FF 74 74 89 C5 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 75 20 41 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 83 C1 02 81 FD 00 F3 FF FF 83 D1 01 8D 14 2F 83 FD FC 76 0F 8A 02 42 88 07 47 49 75 F7 E9 63 FF FF FF 90 8B 02 83 C2 04 89 07 83 C7 04 83 E9 04 77 F1 01 CF E9 4C FF FF FF 5E 89 F7 B9 55 00 00 00 8A 07 47 2C E8 3C 01 77 F7 80 3F 01 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4 29 F8 80 EB E8 01 F0 89 07
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Crypto-Lock v2.02 (Eng) -> Ryan Thian</text>
-      <pattern>
-        60 BE xx 90 40 00 8D BE xx xx FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0 08 8A 06 46 83 F0 FF 74 74 89 C5 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 75 20 41 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 83 C1 02 81 FD 00 F3 FF FF 83 D1 01 8D 14 2F 83 FD FC 76 0F 8A 02 42 88 07 47 49 75 F7 E9 63 FF FF FF 90 8B 02 83 C2 04 89 07 83 C7 04 83 E9 04 77 F1 01 CF E9 4C FF FF FF 5E 89 F7 B9 55 00 00 00 8A 07 47 2C E8 3C 01 77 F7 80 3F 01 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4 29 F8 80 EB E8 01 F0 89 07
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CRYPToCRACk's PE Protector V0.9.2 -> Lukas Fleischer ! Sign by fly</text>
-      <pattern>
-        E8 01 00 00 00 E8 58 5B 81 E3 00 FF FF FF 66 81 3B 4D 5A 75 37 84 DB 75 33 8B F3 03 xx xx 81 3E 50 45 00 00 75 26
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CRYPToCRACk's PE Protector v0.9.3 -> Lucas Fleischer (h)</text>
-      <pattern>
-        5B 81 E3 00 FF FF FF 66 81 3B 4D 5A 75 33 8B F3 03 73 3C 81 3E 50 45 00 00 75 26 0F B7 46 18 8B C8 69 C0 AD 0B 00 00 F7 E0 2D AB 5D 41 4B 69 C9 DE C0 00 00 03 C1 75 09 83 EC 04 0F 85 DD 00 00 00 81 EB 00 01 00 00 75 BE 90 72 xx xx xx xx 00 00 00 00 00 00 00 7A xx xx xx 72 xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx 00 00 00 00 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 C1 00 46 61 74 61 6C 45 78 69 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CRYPToCRACk's PE Protector V0.9.3 -> Lukas Fleischer ! Sign by fly</text>
-      <pattern>
-        5B 81 E3 00 FF FF FF 66 81 3B 4D 5A 75 33 8B F3 03 73 3C 81 3E 50 45 00 00 75 26 0F B7 46 18 8B C8 69 C0 AD 0B 00 00 F7 E0 2D AB 5D 41 4B 69 C9 DE C0 00 00 03 C1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>CrypWrap vx.x</text>
-      <pattern>
-        E8 B8 xx xx xx E8 90 02 xx xx 83 F8 xx 75 07 6A xx E8 xx xx xx xx FF 15 49 8F 40 xx A9 xx xx xx 80 74 0E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Cygwin32</text>
-      <pattern>
-        55 89 E5 83 EC 04 83 3D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>D1NS1G -> D1N</text>
-      <pattern>
-        18 37 00 00 00 00 00 00 01 00 0A 00 00 00 18 00 00 80 00 00 00 00 xx xx 18 37 00 00 00 00 02 00 00 00 88 00 00 80 38 00 00 80 96 00 00 80 50 00 00 80 00 00 00 00 xx xx 18 37 00 00 00 00 00 00 01 00 00 00 00 00 68 00 00 00 00 00 00 00 xx xx 18 37 00 00 00 00 00 00 01 00 00 00 00 00 78 00 00 00 B0 F0 00 00 10 00 00 00 00 00 00 00 00 00 00 00 C0 F0 00 00 60 00 00 00 00 00 00 00 00 00 00 00 06 00 44 00 56 00 43 00 4C 00 41 00 4C 00 0B 00 50 00 41 00 43 00 4B 00 41 00 47 00 45 00 49 00 4E 00 46 00 4F 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>D1S1G v1.1 Beta ++ Scrambled EXE -> D1N</text>
-      <pattern>
-        E8 07 00 00 00 E8 1E 00 00 00 C3 90 58 89 C2 89 C2 25 00 F0 FF FF 50 83 C0 55 8D 00 FF 30 8D 40 04 FF 30 52 C3 8D 40 00 55 8B EC 83 C4 E8 53 56 57 8B 4D 10 8B 45 08 89 45 F8 8B 45 0C 89 45 F4 8D 41 61 8B 38 8D 41 65 8B 00 03 C7 89 45 FC 8D 41 69 8B 00 03 C7 8D 51 6D 8B 12 03 D7 83 C1 71 8B 09 03 CF 2B CA 72 0A 41 87 D1 80 31 FF 41 4A 75 F9 89 45 F0 EB 71 8B
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>D1S1G v1.1 beta --> D1N</text>
-      <pattern>
-        00 00 00 00 xx xx xx xx 00 00 00 00 00 00 01 00 0A 00 00 00 18 00 00 80 00 00 00 00 xx xx xx xx 00 00 00 00 02 00 00 00 88 00 00 80 38 00 00 80 96 00 00 80 50 00 00 80 00 00 00 00 xx xx xx xx 00 00 00 00 00 00 01 00 00 00 00 00 68 00 00 00 00 00 00 00 xx xx xx xx 00 00 00 00 00 00 01 00 00 00 00 00 78 00 00 00 B0 xx xx 00 10 00 00 00 00 00 00 00 00 00 00 00 C0 xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 06 00 44 00 56 00 43 00 4C 00 41 00 4C 00 0B 00 50 00 41 00 43 00 4B 00 41 00 47 00 45 00 49 00 4E 00 46 00 4F 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DAEMON Protect v0.6.7</text>
-      <pattern>
-        60 60 9C 8C C9 32 C9 E3 0C 52 0F 01 4C 24 FE 5A 83 C2 0C 8B 1A 9D 61
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DalKrypt 1.0 - by DalKiT</text>
-      <pattern>
-        68 xx xx xx xx 58 68 xx xx xx 00 5F 33 DB EB 0D 8A 14 03 80 EA 07 80 F2 04 88 14 03 43 81 FB xx xx xx 00 72 EB FF E7
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DalKrypt 1.0 - by DalKiT</text>
-      <pattern>
-        68 00 10 40 00 58 68 xx xx xx 00 5F 33 DB EB 0D 8A 14 03 80 EA 07 80 F2 04 88 14 03 43 81 FB xx xx xx 00 72 EB FF E7
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DBPE v1.53</text>
-      <pattern>
-        9C 55 57 56 52 51 53 9C FA E8 xx xx xx xx 5D 81 ED 5B 53 40 xx B0 xx E8 xx xx xx xx 5E 83 C6 11 B9 27 xx xx xx 30 06 46 49 75 FA
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DBPE v2.10</text>
-      <pattern>
-        9C 6A 10 73 0B EB 02 C1 51 E8 06 xx xx xx C4 11 73 F7 5B CD 83 C4 04 EB 02 99 EB FF 0C 24 71 01 E8 79 E0 7A 01 75 83 C4 04 9D EB 01 75 68 5F 20 40 xx E8 B0 EF FF FF 72 03 73 01 75 BE
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DCrypt Private 0.9b -> drmist</text>
-      <pattern>
-        B9 xx xx xx 00 E8 00 00 00 00 58 68 xx xx xx 00 83 E8 0B 0F 18 00 D0 00 48 E2 FB C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DEF 1.0 -> bart/xt</text>
-      <pattern>
-        BE xx xx 40 00 6A xx 59 80 7E 07 00 74 11 8B 46 0C 05 00 00 40 00 8B 56 10 30 10 40 4A 75 FA 83 C6 28 E2 E4 68 xx xx 40 00 C3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DEF 1.0 -> bart/xt</text>
-      <pattern>
-        BE xx xx 40 00 6A xx 59 80 7E 07 00 74 11 8B 46 0C 05 00 00 40 00 8B 56 10 30 10 40 4A 75 FA 83 C6 28 E2 E4 68 xx xx 40 00 C3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DEF 1.00 (Eng) -> bart/xt</text>
-      <pattern>
-        BE xx 01 40 00 6A xx 59 80 7E 07 00 74 11 8B 46 0C 05 00 00 40 00 8B 56 10 30 10 40 4A 75 FA 83 C6 28 E2 E4 68 xx xx 40 00 C3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DEF v1.00 (Eng) -> bart/xt</text>
-      <pattern>
-        BE xx 01 40 00 6A xx 59 80 7E 07 00 74 11 8B 46 0C 05 00 00 40 00 8B 56 10 30 10 40 4A 75 FA 83 C6 28 E2 E4 68 xx xx 40 00 C3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DEF v1.0</text>
-      <pattern>
-        BE xx 01 40 00 6A 05 59 80 7E 07 00 74 11 8B 46
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DEF v1.0</text>
-      <pattern>
-        BE xx 01 40 00 6A xx 59 80 7E 07 00 74 11 8B 46 0C 05 00 00 40 00 8B 56 10 30 10 40 4A 75 FA 83 C6 28 E2 E4 68 xx 10 40 00 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>dePACK -> deNULL</text>
-      <pattern>
-        EB 01 DD 60 68 00 xx xx xx 68 xx xx 00 00 E8 xx 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Dev-C++ 4.9.9.2 -> Bloodshed Software</text>
-      <pattern>
-        55 89 E5 83 EC 08 C7 04 24 01 00 00 00 FF 15 xx xx xx 00 E8 C8 FE FF FF 90 8D B4 26 00 00 00 00 55 89 E5 83 EC 08 C7 04 24 02 00 00 00 FF 15 xx xx xx 00 E8 A8 FE FF FF 90 8D B4 26 00 00 00 00 55 8B 0D xx xx xx 00 89 E5 5D FF E1 8D 74 26 00 55 8B 0D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Dev-C++ v4</text>
-      <pattern>
-        55 89 E5 83 EC 08 83 C4 F4 6A xx A1 xx xx xx 00 FF D0 E8 xx FF FF FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Dev-C++ v5</text>
-      <pattern>
-        55 89 E5 83 EC 14 6A xx FF 15 xx xx xx 00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DIET v1.00, v1.00d</text>
-      <pattern>
-        BF xx xx 3B FC 72 xx B4 4C CD 21 BE xx xx B9 xx xx FD F3 A5 FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DIET v1.00d</text>
-      <pattern>
-        FC 06 1E 0E 8C C8 01 xx xx xx BA xx xx 03 xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DIET v1.02b, v1.10a, v1.20</text>
-      <pattern>
-        BE xx xx BF xx xx B9 xx xx 3B FC 72 xx B4 4C CD 21 FD F3 A5 FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DIET v1.44, v1.45f</text>
-      <pattern>
-        F8 9C 06 1E 57 56 52 51 53 50 0E FC 8C C8 BA xx xx 03 D0 52
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Ding Boy's PE-lock Phantasm v0.8</text>
-      <pattern>
-        55 57 56 52 51 53 E8 00 00 00 00 5D 8B D5 81 ED 0D 39 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Ding Boy's PE-lock Phantasm v1.0 / v1.1</text>
-      <pattern>
-        55 57 56 52 51 53 66 81 C3 EB 02 EB FC 66 81 C3 EB 02 EB FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Ding Boy's PE-lock Phantasm v1.5b3</text>
-      <pattern>
-        9C 55 57 56 52 51 53 9C FA E8 00 00 00 00 5D 81 ED 5B 53 40 00 B0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Ding Boy's PE-lock v0.07</text>
-      <pattern>
-        55 57 56 52 51 53 E8 00 00 00 00 5D 8B D5 81 ED 23 35 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>diPacker 1.x -> diProtector Software</text>
-      <pattern>
-        0F 00 2D E9 01 00 A0 E3 68 01 00 EB 8C 00 00 EB 2B 00 00 EB 00 00 20 E0 1C 10 8F E2 8E 20 8F E2 00 30 A0 E3 67 01 00 EB 0F 00 BD E8 00 C0 8F E2 00 F0 9C E5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>diProtector 1.x -> diProtector Software</text>
-      <pattern>
-        01 00 A0 E3 14 00 00 EB 00 00 20 E0 44 10 9F E5 03 2A A0 E3 40 30 A0 E3 AE 00 00 EB 30 00 8F E5 00 20 A0 E1 3A 0E 8F E2 00 00 80 E2 1C 10 9F E5 20 30 8F E2 0E 00 00 EB 14 00 9F E5 14 10 9F E5 7F 20 A0 E3 C5 00 00 EB 04 C0 8F E2 00 F0 9C E5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DiskDupe (c) MSD Configuration file</text>
-      <pattern>
-        4D 53 44 20 44 61 74 61 20 56 65 72 73
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DiskDupe (c) MSD Users file</text>
-      <pattern>
-        4D 53 44 20 55 73 65 72 73 20 56 65 72 73 69 6F 6E
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DJoin v0.7 public (RC4 encryption) -> drmist</text>
-      <pattern>
-        C6 05 xx xx 40 00 00 C6 05 xx xx 40 00 00 xx xx xx xx xx xx xx xx 00 xx xx xx xx 00 xx xx xx xx xx 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DJoin v0.7 public (xor encryption) -> drmist</text>
-      <pattern>
-        C6 05 xx xx 40 00 00 xx xx xx xx xx xx xx xx 00 xx xx xx xx 00 xx xx xx xx xx 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DOS/16M DOS Extender (c) Tenberry Software Inc 1987-1995</text>
-      <pattern>
-        BF xx xx 8E C7 8E D7 BC xx xx 36 xx xx xx xx FF xx xx xx 36 xx xx xx xx BE xx xx AC 8A D8 B7 00 xx xx 8B xx xx xx 4F 8E C7
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DOS32 v.3.3 DOS-Extender and Loader</text>
-      <pattern>
-        0E 1F FC 9C 5B 8B C3 80 F4 xx 50 9D 9C 58 3A E7 75 xx BA xx xx B4 09 CD 21 B4 4C CD 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DotFix Nice Protect 2.1 -> GPcH Soft</text>
-      <pattern>
-        E9 FF 00 00 00 60 8B 74 24 24 8B 7C 24 28 FC B2 80 33 DB A4 B3 02 E8 6D 00 00 00 73 F6 33 C9 E8 64 00 00 00 73 1C 33 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00 12 C0 73 F7 75 3F AA EB D4 E8 4D 00 00 00 2B CB 75 10 E8 42 00 00 00 EB 28 AC D1 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DotFix Nice Protect V2.1 -> GPcH Soft * Sign.By.haggar</text>
-      <pattern>
-        E9 FF 00 00 00 60 8B 74 24 24 8B 7C 24 28 FC B2 80 33 DB A4 B3 02 E8 6D 00 00 00 73 F6 33 C9 E8 64 00 00 00 73 1C 33 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00 12 C0 73 F7 75 3F AA EB D4 E8 4D 00 00 00 2B CB 75 10 E8 42 00 00 00 EB 28 AC D1 E8 74 4D 13 C9 EB 1C 91 48 C1 E0 08 AC E8 2C 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 8E 02 D2 75 05 8A 16 46 12 D2 C3 33 C9 41 E8 EE FF FF FF 13 C9 E8 E7 FF FF FF 72 F2 C3 2B 7C 24 28 89 7C 24 1C 61 C3 60 B8 xx xx xx xx 03 C5 50 B8 xx xx xx xx 03 C5 FF 10 BB xx xx xx xx 03 DD 83 C3 0C 53 50 B8 xx xx xx xx 03 C5 FF 10 6A 40 68 00 10 00 00 FF 74 24 2C 6A 00 FF D0 89 44 24 1C 61 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DotFix NiceProtect vna</text>
-      <pattern>
-        60 E8 55 00 00 00 8D BD 00 10 40 00 68 xx xx xx 00 03 3C 24 8B F7 90 68 31 10 40 00 9B DB E3 55 DB 04 24 8B C7 DB 44 24 04 DE C1 DB 1C 24 8B 1C 24 66 AD 51 DB 04 24 90 90 DA 8D 77 10 40 00 DB 1C 24 D1 E1 29
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Dr.Web Virus-Finding Engine -> InSoft EDV-Systeme</text>
-      <pattern>
-        B8 01 00 00 00 C2 0C 00 8D 80 00 00 00 00 8B D2 8B xx 24 04
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DragonArmor -> Orient</text>
-      <pattern>
-        BF 4C xx xx 00 83 C9 FF 33 C0 68 34 xx xx 00 F2 AE F7 D1 49 51 68 4C xx xx 00 E8 11 0A 00 00 83 C4 0C 68 4C xx xx 00 FF 15 00 xx xx 00 8B F0 BF 4C xx xx 00 83 C9 FF 33 C0 F2 AE F7 D1 49 BF 4C xx xx 00 8B D1 68 34 xx xx 00 C1 E9 02 F3 AB 8B CA 83 E1 03 F3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DragonArmor -> Orient</text>
-      <pattern>
-        BF 4C xx xx 00 83 C9 FF 33 C0 68 34 xx xx 00 F2 AE F7 D1 49 51 68 4C xx xx 00 E8 11 0A 00 00 83 C4 0C 68 4C xx xx 00 FF 15 00 xx xx 00 8B F0 BF 4C xx xx 00 83 C9 FF 33 C0 F2 AE F7 D1 49 BF 4C xx xx 00 8B D1 68 34 xx xx 00 C1 E9 02 F3 AB 8B CA 83 E1 03 F3 AA BF 5C xx xx 00 83 C9 FF 33 C0 F2 AE F7 D1 49 51 68 5C xx xx 00 E8 C0 09 00 00 8B 1D 04 xx xx 00 83 C4 0C 68 5C xx xx 00 56 FF D3 A3 D4 xx xx 00 BF 5C xx xx 00 83 C9 FF 33 C0 F2 AE F7 D1 49 BF 5C xx xx 00 8B D1 68 34 xx xx 00 C1 E9 02 F3 AB 8B CA 83 E1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Dropper Creator V0.1 -> Conflict</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 8D 05 xx xx xx xx 29 C5 8D 85 xx xx xx xx 31 C0 64 03 40 30 78 0C 8B 40 0C 8B 70 1C AD 8B 40 08 EB 09
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DSHIELD</text>
-      <pattern>
-        06 E8 xx xx 5E 83 EE xx 16 17 9C 58 B9 xx xx 25 xx xx 2E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Dual's Cryptor -> dual</text>
-      <pattern>
-        55 8B EC 81 EC 00 05 00 00 E8 00 00 00 00 5D 81 ED 0E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Dual's eXe 1.0</text>
-      <pattern>
-        55 8B EC 81 EC 00 05 00 00 E8 00 00 00 00 5D 81 ED 0E 00 00 00 8D 85 08 03 00 00 89 28 33 FF 8D 85 7D 02 00 00 8D 8D 08 03 00 00 2B C8 8B 9D 58 03 00 00 E8 1C 02 00 00 8D 9D 61 02 00 00 8D B5 7C 02 00 00 46 80 3E 00 74 24 56 FF 95 0A 04 00 00 46 80 3E 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Dual's eXe 1.0</text>
-      <pattern>
-        55 8B EC 81 EC 00 05 00 00 E8 00 00 00 00 5D 81 ED 0E 00 00 00 8D 85 08 03 00 00 89 28 33 FF 8D 85 7D 02 00 00 8D 8D 08 03 00 00 2B C8 8B 9D 58 03 00 00 E8 1C 02 00 00 8D 9D 61 02 00 00 8D B5 7C 02 00 00 46 80 3E 00 74 24 56 FF 95 0A 04 00 00 46 80 3E 00 75 FA 46 80 3E 00 74 E7 50 56 50 FF 95 0E 04 00 00 89 03 58 83 C3 04 EB E3 8D 85 24 03 00 00 50 68 1F 00 02 00 6A 00 8D 85 48 03 00 00 50 68 01 00 00 80 FF 95 69 02 00 00 83 BD 24 03 00 00 00 0F 84 8B 00 00 00 C7 85 28 03 00 00 04 00 00 00 8D 85 28 03 00 00 50 8D 85 20 03 00 00 50 8D 85 6C 03 00 00 50 6A 00 8D 85 62 03 00 00 50 FF B5 24 03 00 00 FF 95 71 02 00 00 83 BD 20 03 00 00 01 7E 02 EB 20 6A 40 8D 85 73 03 00 00 50 8D 85 82 03 00 00 50 6A 00 FF 95 61 02 00 00 6A 00 FF 95 65 02 00 00 FF 8D 20 03 00 00 FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Dual's eXe Encryptor 1.0b -> Dual</text>
-      <pattern>
-        55 8B EC 81 EC 00 05 00 00 E8 00 00 00 00 5D 81 ED 0E 00 00 00 8D 85 3A 04 00 00 89 28 33 FF 8D 85 80 03 00 00 8D 8D 3A 04 00 00 2B C8 8B 9D 8A 04 00 00 E8 24 02 00 00 8D 9D 58 03 00 00 8D B5 7F 03 00 00 46 80 3E 00 74 24 56 FF 95 58 05 00 00 46 80 3E 00 75 FA 46 80 3E 00 74 E7 50 56 50 FF 95 5C 05 00 00 89 03 58 83 C3 04 EB E3 8D 85 69 02 00 00 FF D0 8D 85 56 04 00 00 50 68 1F 00 02 00 6A 00 8D 85 7A 04 00 00 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>dUP 2.x Patcher -> www.diablo2oo2.cjb.net</text>
-      <pattern>
-        8B CB 85 C9 74 xx 80 3A 01 74 08 AC AE 75 0A 42 49 EB EF 47 46 42 49 EB E9
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>dUP v2.x Patcher --> www.diablo2oo2.cjb.net</text>
-      <pattern>
-        54 68 69 73 20 70 72 6F 67 72 61 6D 20 63 61 6E 6E 6F 74 20 62 65 20 72 75 6E 20 69 6E 20 44 4F 53 20 6D 6F
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>dUP2 -> diablo2oo2</text>
-      <pattern>
-        E8 xx xx xx xx E8 xx xx xx xx 8B F0 6A 00 68 xx xx xx xx 56 E8 xx xx xx xx A2 xx xx xx xx 6A 00 68 xx xx xx xx 56 E8 xx xx xx xx A2 xx xx xx xx 6A 00 68 xx xx xx xx 56 E8 xx xx xx xx A2 xx xx xx xx 68 xx xx xx xx 68 xx xx xx xx 56 E8 xx xx xx xx 3C 01 75
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>dUP2 -> diablo2oo2</text>
-      <pattern>
-        E8 xx xx xx xx E8 xx xx xx xx 8B F0 6A 00 68 xx xx xx xx 56 E8 xx xx xx xx A2 xx xx xx xx 6A 00 68 xx xx xx xx 56 E8 xx xx xx xx A2 xx xx xx xx 6A 00 68 xx xx xx xx 56 E8 xx xx xx xx A2 xx xx xx xx 68 xx xx xx xx 68 xx xx xx xx 56 E8 xx xx xx xx 3C 01 75 19 BE xx xx xx xx 68 00 02 00 00 56 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DxPack 1.0</text>
-      <pattern>
-        60 E8 xx xx xx xx 5D 8B FD 81 ED xx xx xx xx 2B B9 xx xx xx xx 81 EF xx xx xx xx 83 BD xx xx xx xx xx 0F 84
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DxPack V0.86 -> Dxd</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 8B FD 81 ED 06 10 40 00 2B BD 94 12 40 00 81 EF 06 00 00 00 83 BD 14 13 40 00 01 0F 84 2F 01 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DzA Patcher 1.3 Loader</text>
-      <pattern>
-        BF 00 40 40 00 99 68 48 20 40 00 68 00 20 40 00 52 52 52 52 52 52 52 57 E8 15 01 00 00 85 C0 75 1C 99 52 52 57 52 E8 CB 00 00 00 FF 35 4C 20 40 00 E8 D2 00 00 00 6A 00 E8 BF 00 00 00 99 68 58 20 40 00 52 52 68 63 10 40 00 52 52 E8 DB 00 00 00 6A FF FF 35
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DZA Patcher v1.3 -> DZA</text>
-      <pattern>
-        EB 08 35 48 34 30 4C 31 4E 00 60 E8 00 00 00 00 5D 8B D5 81 ED 44 73 40 00 2B 95 74 74 40 00 83 EA 10 89 95 70 74 40 00 8B 44 24 20 25 00 00 FF FF 80 38 4D 74 07 2D 00 00 01 00 EB F4 93 89 85 7C 74 40 00 8D BD 8C 74 40 00 E8 83 00 00 00 89 85 80 74 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DZA Patcher v1.3 -> DZA</text>
-      <pattern>
-        EB 08 35 48 34 30 4C 31 4E 00 60 E8 00 00 00 00 5D 8B D5 81 ED 44 73 40 00 2B 95 74 74 40 00 83 EA 10 89 95 70 74 40 00 8B 44 24 20 25 00 00 FF FF 80 38 4D 74 07 2D 00 00 01 00 EB F4 93 89 85 7C 74 40 00 8D BD 8C 74 40 00 E8 83 00 00 00 89 85 80 74 40 00 8D BD A4 74 40 00 E8 72 00 00 00 89 85 84 74 40 00 8D BD F0 73 40 00 57 FF D0 8D BD 99 74 40 00 E8 58 00 00 00 89 85 88 74 40 00 8B 85 78 74 40 00 03 85 70 74 40 00 99 8D 8D 6C 74 40 00 51 52 52 50 52 52 FF 95 80 74 40 00 8D BD C0 74 40 00 8B 0F E3 13 8A 5F 05 8A 01 3A C3 75 FA 8A 57 04 88 11 83 C7 06 EB E9 E8 00 00 00 00 5D 81 ED F5 73 40 00 6A 00 FF 95 88 74 40 00 61 C3 8B D3 0F B7 43 3C 03 D8 8B 5B 78 03 DA 0B FF 74 40 8B 73 20 03 F2 8B 4B 18 53 33 DB AD 03 C2 56 57 87 FE 97 AC 0A C0 75 07 80 3F 00 74 0B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>DzA Patcher v1.3 Loader</text>
-      <pattern>
-        BF 00 40 40 00 99 68 48 20 40 00 68 00 20 40 00 52 52 52 52 52 52 52 57 E8 15 01 00 00 85 C0 75 1C 99 52 52 57 52 E8 CB 00 00 00 FF 35 4C 20 40 00 E8 D2 00 00 00 6A 00 E8 BF 00 00 00 99 68 58 20 40 00 52 52 68 63 10 40 00 52 52 E8 DB 00 00 00 6A FF FF 35 48 20 40 00 E8 C2 00 00 00 E8 C8 FF FF FF BF 40 40 40 00 FF 35 4C 20 40 00 E8 A1 00 00 00 8B 0F 83 F9 00 74 B1 60 6A 00 6A 04 6A 01 51 FF 35 48 20 40 00 E8 75 00 00 00 61 60 BB 5C 20 40 00 6A 00 6A 01 53 51 FF 35 48 20 40 00 E8 75 00 00 00 61 A0 5C 20 40 00 8A 5F 05 3A C3 74 14 FF 35 4C 20 40 00 E8 4B 00 00 00 6A 03 E8 4A 00 00 00 EB A2 60 8D 5F 04 6A 00 6A 01 53 51 FF 35 48 20 40 00 E8 4B 00 00 00 61 83 C7 06 FF 35 4C 20 40 00 E8 1E 00 00 00 6A 03 E8 1D 00 00 00 E9 72 FF FF FF FF 25 70 30 40 00 FF 25 78
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>E language</text>
-      <pattern>
-        E8 06 00 00 00 50 E8 xx 01 00 00 55 8B EC 81 C4 F0 FE FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>E.S.O. Eclipse Operating System v.2.08 + DOS Extender</text>
-      <pattern>
-        8C C8 8E D8 BA xx xx E8 xx xx BB xx xx 8C C0 2B D8 B4 4A CD 21 BA xx xx 73 xx E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>E2C by DoP</text>
-      <pattern>
-        BE xx xx BF xx xx B9 xx xx FC 57 F3 A5 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EEXE Version 1.12</text>
-      <pattern>
-        B4 30 CD 21 3C 03 73 xx BA 1F 00 0E 1F B4 09 CD 21 B8 FF 4C CD 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Elicense System V4.0.0.0 -> ViaTech Inc</text>
-      <pattern>
-        00 00 00 00 63 79 62 00 65 6C 69 63 65 6E 34 30 2E 64 6C 6C 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Embed PE v1.13 -> cyclotron</text>
-      <pattern>
-        83 EC 50 60 68 5D B9 52 5A E8 2F 99 00 00 DC 99 F3 57 05 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EmbedPE 1.13 -> cyclotron</text>
-      <pattern>
-        83 EC 50 60 68 5D B9 52 5A E8 2F 99 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EmbedPE 1.13 -> cyclotron</text>
-      <pattern>
-        83 EC 50 60 68 5D B9 52 5A E8 2F 99 00 00 DC 99 F3 57 05 68 B8 5E 2D C6 DA FD 48 63 05 3C 71 B8 5E 97 7C 36 7E 32 7C 08 4F 06 51 64 10 A3 F1 4E CF 25 CB 80 D2 99 54 46 ED E1 D3 46 86 2D 10 68 93 83 5C 46 4D 43 9B 8C D6 7C BB 99 69 97 71 2A 2F A3 38 6B 33
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EmbedPE 1.13 -> cyclotron</text>
-      <pattern>
-        83 EC 50 60 68 5D B9 52 5A E8 2F 99 00 00 DC 99 F3 57 05 68 B8 5E 2D C6 DA FD 48 63 05 3C 71 B8 5E 97 7C 36 7E 32 7C 08 4F 06 51 64 10 A3 F1 4E CF 25 CB 80 D2 99 54 46 ED E1 D3 46 86 2D 10 68 93 83 5C 46 4D 43 9B 8C D6 7C BB 99 69 97 71 2A 2F A3 38 6B 33 A3 F5 0B 85 97 7C BA 1D 96 DD 07 F8 FD D2 3A 98 83 CC 46 99 9D DF 6F 89 92 54 46 9F 94 43 CC 41 43 9B 8C 61 B9 D8 6F 96 3B D1 07 32 24 DD 07 05 8E CB 6F A1 07 5C 62 20 E0 DB BA 9D 83 54 46 E6 83 51 7A 2B 94 54 64 8A 83 05 68 D7 5E 2D C6 B7 57 00 B3 E8 3C 71 B8 3C 97 7C 36 19 32 7C 08 2A 06 51 64 73 A3 F1 4E 92 25 CB 80 8D 99 54 46 B0 E1 D3 46 A5 2D 10 68 B6 83 91 46 F2 DF 64 FD D1 BC CA AA 70 E2 AB 39 AE 3B 5A 6F 9B 15 BD 25 98 25 30 4C AD 7D 55 07 A8 A3 AC 0A C1 BD 54 72 BC 83 54 82 A3 97 B1 1A B3 83 54 46 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EmbedPE V1.00-V1.24 -> cyclotron ! Sign by fly</text>
-      <pattern>
-        00 00 00 00 xx xx xx xx 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EmbedPE V1.00-V1.24 -> cyclotron</text>
-      <pattern>
-        00 00 00 00 xx xx xx xx 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EmbedPE v1.24 -> cyclotron</text>
-      <pattern>
-        83 EC 50 60 68 xx xx xx xx E8 CB FF 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EmbedPE V1.X -> cyclotron</text>
-      <pattern>
-        83 EC 50 60 68 xx xx xx xx E8 xx xx 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Encapsulated Postscript graphics file v2.0 EPSF-1.2</text>
-      <pattern>
-        25 21 50 53 2D 41 64 6F 62 65 2D 32 2E 30 20 45 50 53 46 2D 31 2E 32
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Encapsulated Postscript graphics file v3.0 EPSF-3.0</text>
-      <pattern>
-        25 21 50 53 2D 41 64 6F 62 65 2D 33 2E 30 20 45 50 53 46 2D 33 2E 30
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Encrypted by? RSCC/286 v1.01</text>
-      <pattern>
-        FE 52 53 43 43 2F 31 2E 30 31 FE
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Encrypted by? RSCC/286 v1.02</text>
-      <pattern>
-        FE 52 53 43 43 2F 31 2E 30 32 FE
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EncryptPE 1.2003.5.18 -> WFS</text>
-      <pattern>
-        60 9C 64 FF 35 00 00 00 00 E8 79
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EncryptPE 2.2004.8.10 - 2.2005.3.14 -> WFS</text>
-      <pattern>
-        60 9C 64 FF 35 00 00 00 00 E8 7A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EncryptPE V1.2003.3.18-V1.2003.5.18 -> WFS</text>
-      <pattern>
-        60 9C 64 FF 35 00 00 00 00 E8 79 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EncryptPE V2.2004.6.16-V2.2006.6.30 -> WFS ! Sign by fly</text>
-      <pattern>
-        60 9C 64 FF 35 00 00 00 00 E8 7A 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EncryptPE V2.2004.6.16-V2.2006.6.30 -> WFS</text>
-      <pattern>
-        60 9C 64 FF 35 00 00 00 00 E8 73 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EncryptPE V2.2006.1.15 -> WFS</text>
-      <pattern>
-        45 50 45 3A 20 45 6E 63 72 79 70 74 50 45 20 56 32 2E 32 30 30 36 2E 31 2E 31 35
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EncryptPE V2.2006.7.10 -> WFS</text>
-      <pattern>
-        60 9C 64 FF 35 00 00 00 00 E8 73 01 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EncryptPE V2.2006.7.10-V2.2007.04.11 -> WFS</text>
-      <pattern>
-        60 9C 64 FF 35 00 00 00 00 E8 1B 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Enigma protector 1.10 (unregistered)</text>
-      <pattern>
-        60 72 80 72 88 72 8C 72 90 72 94 72 98 72 9C 72 A0 72 A4 59 A8 B0 5C E8 39 D5 39 E4 39 F1 31 F9 5C 3D 58 CA 5F 56 B1 2D 20 7A 2E 30 16 32 72 2B 72 36 1C A5 33 A9 9C AD 9C B1 9C B5 9C B9 9C BD 9C C1 9C C5 9C C9 9C CD 9C D1 9C D5 9C D9 9C DD 9C E1 9C E5 89
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Enigma protector 1.10 (unregistered)</text>
-      <pattern>
-        60 72 80 72 88 72 8C 72 90 72 94 72 98 72 9C 72 A0 72 A4 59 A8 B0 5C E8 39 D5 39 E4 39 F1 31 F9 5C 3D 58 CA 5F 56 B1 2D 20 7A 2E 30 16 32 72 2B 72 36 1C A5 33 A9 9C AD 9C B1 9C B5 9C B9 9C BD 9C C1 9C C5 9C C9 9C CD 9C D1 9C D5 9C D9 9C DD 9C E1 9C E5 89 E9 51 0B C4 80 BC 7E 35 09 37 E7 C9 3D C9 45 C9 4D 74 92 BA E4 E9 24 6B DF 3E 0E 38 0C 49 10 27 80 51 A1 8E 3A A3 C8 AE 3B 1C 35
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Enigma Protector 1.1X-1.3X -> Sukhov Vladimir and Serge N. Markin</text>
-      <pattern>
-        55 8B EC 83 C4 F0 B8 00 10 40 00 E8 01 00 00 00 9A 83 C4 10 8B E5 5D E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Enigma Protector 1.X -> Sukhov Vladimir and Serge N. Markin</text>
-      <pattern>
-        00 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 00 00 56 69 72 74 75 61 6C 46 72 65 65 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 45 78 69 74 50 72 6F 63 65 73 73 00 00 00 4C 6F 61
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Enigma Protector 1.X -> Sukhov Vladimir and Serge N. Markin</text>
-      <pattern>
-        00 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 00 00 56 69 72 74 75 61 6C 46 72 65 65 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 45 78 69 74 50 72 6F 63 65 73 73 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 4D 65 73 73 61 67 65 42 6F 78 41 00 00 00 52 65 67 43 6C 6F 73 65 4B 65 79 00 00 00 53 79 73 46 72 65 65 53 74 72 69 6E 67 00 00 00 43 72 65 61 74 65 46 6F 6E 74 41 00 00 00 53 68 65 6C 6C 45 78 65 63 75 74 65 41 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ENIGMA Protector V1.1 -> Sukhov Vladimir</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 83 xx xx 81
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ENIGMA Protector V1.1 CracKed By: shoooo and fly -> Sukhov Vladimir</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 83 C5 FA 81
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ENIGMA Protector V1.1-V1.2 -> Sukhov Vladimir</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 83 ED 06 81
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ENIGMA Protector V1.X -> Sukhov Vladimir</text>
-      <pattern>
-        45 6E 69 67 6D 61 20 70 72 6F 74 65 63 74 6F 72 20 76 31
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EP 1.0</text>
-      <pattern>
-        50 83 C0 17 8B F0 97 33 C0 33 C9 B1 24 AC 86 C4 AC AA 86 C4 AA E2 F6 00 B8 40 00 03 00 3C 40 D2 33 8B 66 14 50 70 8B 8D 34 02 44 8B 18 10 48 70 03 BA 0C xx xx xx xx C0 33 FE 8B 30 AC 30 D0 C1 F0 10 C2 D0 30 F0 30 C2 C1 AA 10 42 42 CA C1 E2 04 5F E9 5E B1
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EP v1.0</text>
-      <pattern>
-        50 83 C0 17 8B F0 97 33 C0 33 C9 B1 24 AC 86 C4 AC AA 86 C4 AA E2 F6 00 B8 40 00 03 00 3C 40 D2 33 8B 66 14 50 70 8B 8D 34 02 44 8B 18 10 48 70 03 BA 0C xx xx xx xx C0 33 FE 8B 30 AC 30 D0 C1 F0 10 C2 D0 30 F0 30 C2 C1 AA 10 42 42 CA C1 E2 04 5F E9 5E B1 C0 30 xx 68 xx xx F3 00 C3 AA
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EP v2.0</text>
-      <pattern>
-        6A xx 60 E9 01 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EPW v1.2</text>
-      <pattern>
-        06 57 1E 56 55 52 51 53 50 2E xx xx xx xx 8C C0 05 xx xx 2E xx xx xx 8E D8 A1 xx xx 2E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EPW v1.30</text>
-      <pattern>
-        06 57 1E 56 55 52 51 53 50 2E 8C 06 08 00 8C C0 83 C0 10 2E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Erdas LAN/GIS Image graphics format</text>
-      <pattern>
-        48 45 41 44 37 34 00 00 03 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Escargot 0.1 (final) -> ++Meat</text>
-      <pattern>
-        EB 04 40 30 2E 31 60 68 61 xx xx xx 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 B8 92 xx xx xx 8B 00 FF D0 50 B8 CD xx xx xx 81 38 DE C0 37 13 75 2D 68 C9 xx xx xx 6A 40 68 00 xx 00 00 68 00 00 xx xx B8 96 xx xx xx 8B 00 FF D0 8B 44 24 F0 8B 4C 24 F4 EB 05 49 C6 04 01 40 0B C9 75 F7 BE 00 10 xx xx B9 00 xx xx 00 EB 05 49 80 34 31 40 0B C9 75 F7 58 0B C0 74 08 33 C0 C7 00 DE C0 AD 0B BE xx xx xx xx E9 AC 00 00 00 8B 46 0C BB 00 00 xx xx 03 C3 50 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Escargot 0.1 - by ueMeat</text>
-      <pattern>
-        EB 08 28 65 73 63 30 2E 31 29 60 68 2B xx xx xx 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 B8 5C xx xx xx 8B 00 FF D0 50 BE 00 10 xx xx B9 00 xx xx 00 EB 05 49 80 34 31 40 0B C9 75 F7 58 0B C0 74 08 33 C0 C7 00 DE C0 AD 0B BE xx xx xx xx E9 AC 00 00 00 8B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Escargot 0.1 - by ueMeat</text>
-      <pattern>
-        EB 08 28 65 73 63 30 2E 31 29 60 68 2B xx xx xx 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 B8 5C xx xx xx 8B 00 FF D0 50 BE 00 10 xx xx B9 00 xx xx 00 EB 05 49 80 34 31 40 0B C9 75 F7 58 0B C0 74 08 33 C0 C7 00 DE C0 AD 0B BE xx xx xx xx E9 AC 00 00 00 8B 46 0C BB 00 00 xx xx 03 C3 50 50 B8 54 xx xx xx 8B 00 FF D0 5F 80 3F 00 74 06 C6 07 00 47 EB F5 33 FF 8B 16 0B D2 75 03 8B 56 10 03 D3 03 D7 8B 0A C7 02 00 00 00 00 0B C9 74 4B F7 C1 00 00 00 80 74 14 81 E1 FF FF 00 00 50 51 50 B8 50
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Escargot V0.1 -> ++Meat</text>
-      <pattern>
-        EB 04 40 30 2E 31 60 68 61
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Exact Audio Copy -> (UnknownCompiler)</text>
-      <pattern>
-        E8 xx xx xx 00 31 ED 55 89 E5 81 EC xx 00 00 00 8D BD xx FF FF FF B9 xx 00 00 00 xx xx xx xx xx xx xx xx xx 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Exact Audio Copy</text>
-      <pattern>
-        E8 xx xx xx 00 31 ED 55 89 E5 81 EC xx 00 00 00 8D BD xx FF FF FF B9 xx 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Excalibur 1.03 -> forgot</text>
-      <pattern>
-        E9 00 00 00 00 60 E8 14 00 00 00 5D 81 ED 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Excalibur V1.03 -> forgot ! Sign by fly</text>
-      <pattern>
-        E9 00 00 00 00 60 E8 14 00 00 00 5D 81 ED 00 00 00 00 6A 45 E8 A3 00 00 00 68 00 00 00 00 E8 58 61 EB 39
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXcalibur v1.03 -> forgot/us (h)</text>
-      <pattern>
-        E9 00 00 00 00 60 E8 14 00 00 00 5D 81 ED 00 00 00 00 6A 45 E8 A3 00 00 00 68 00 00 00 00 E8 58 61 EB 39 20 45 78 63 61 6C 69 62 75 72 20 28 63 29 20 62 79 20 66 6F 72 67 6F 74 2F 75 53 2F 44 46 43 47 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXcalibur v1.03 -> forgot/us (h)</text>
-      <pattern>
-        E9 00 00 00 00 60 E8 14 00 00 00 5D 81 ED 00 00 00 00 6A 45 E8 A3 00 00 00 68 00 00 00 00 E8 58 61 EB 39 20 45 78 63 61 6C 69 62 75 72 20 28 63 29 20 62 79 20 66 6F 72 67 6F 74 2F 75 53 2F 44 46 43 47 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0D 0A 60 9C 9C 6A 63 73 0B EB 02 E8 E8 E8 06 00 00 00 E8 E8 73 F7 E8 E8 83 C4 04 EB 02 E8 E8 FF 0C 24 71 01 E8 79 E0 7A 01 E8 83 C4 04 9D EB 01 E8 E8 01 00 00 00 E9 5D 81 ED AE 28 40 00 9C 6A 63 73 0B EB 02 69 69 E8 06 00 00 00 69 69 73 F7 69 69 83 C4 04 EB 02 69 69 FF 0C 24 71 01 69 79 E0 7A 01 69 83 C4 04 9D EB 01 69 E8 E7 02 00 00 E8 9C 6A 63 73 0B EB 02 69 69 E8 06 00 00 00 69 69 73 F7 69 69 83 C4 04 EB 02 69 69 FF 0C 24 71 01 69 79 E0 7A 01 69 83 C4 04 9D EB 01 69 E8 B4 02 00 00 E8 60 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Exe Guarder 1.8 -> Exeicon.com (h)</text>
-      <pattern>
-        55 8B EC 83 C4 D0 53 56 57 8D 75 FC 8B 44 24 30 25 00 00 FF FF 81 38 4D 5A 90 00 74 07 2D 00 10 00 00 EB F1 89 45 FC E8 C8 FF FF FF 2D B2 04 00 00 89 45 F4 8B 06 8B 40 3C 03 06 8B 40 78 03 06 8B C8 8B 51 20 03 16 8B 59 24 03 1E 89 5D F0 8B 59 1C 03 1E 89
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Exe Guarder v1.8 -> Exeicon.com (h)</text>
-      <pattern>
-        55 8B EC 83 C4 D0 53 56 57 8D 75 FC 8B 44 24 30 25 00 00 FF FF 81 38 4D 5A 90 00 74 07 2D 00 10 00 00 EB F1 89 45 FC E8 C8 FF FF FF 2D B2 04 00 00 89 45 F4 8B 06 8B 40 3C 03 06 8B 40 78 03 06 8B C8 8B 51 20 03 16 8B 59 24 03 1E 89 5D F0 8B 59 1C 03 1E 89 5D EC 8B 41 18 8B C8 49 85 C9 72 5A 41 33 C0 8B D8 C1 E3 02 03 DA 8B 3B 03 3E 81 3F 47 65 74 50 75 40 8B DF 83 C3 04 81 3B 72 6F 63 41 75 33 8B DF 83 C3 08 81 3B 64 64 72 65 75 26 83 C7 0C 66 81 3F 73 73 75 1C 8B D0 03 D2 03 55 F0 0F B7 12 C1 E2 02 03 55 EC 8B 12 03 16 8B 4D F4 89 51 08 EB 04 40 49 75 A9 8B 5D F4 8D 83 A1 00 00 00 50 8B 06 50 FF 53 08 89 43 0C 8D 83 AE 00 00 00 50 8B 06 50 FF 53 08 89 43 10 8D 83 BA 00 00 00 50 8B 06 50 FF 53 08 89 43 14 8D 83 C6 00 00 00 50 8B 06 50 FF 53 08 89 43 18 8D 83 D7 00 00 00 50 8B 06 50 FF 53 08 89 43 1C 8D 83 E0 00 00 00 50 8B 06 50 FF 53 08
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE joiner -> Amok</text>
-      <pattern>
-        A1 14 A1 40 00 C1 E0 02 A3 18 A1 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Exe Locker 1.0 -> IonIce</text>
-      <pattern>
-        E8 00 00 00 00 60 8B 6C 24 20 81 ED 05 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Exe Locker v1.0 -> IonIce</text>
-      <pattern>
-        E8 00 00 00 00 60 8B 6C 24 20 81 ED 05 00 00 00 3E 8F 85 6C 00 00 00 3E 8F 85 68 00 00 00 3E 8F 85 64 00 00 00 3E 8F 85 60 00 00 00 3E 8F 85 5C 00 00 00 3E 8F 85 58 00 00 00 3E 8F 85 54 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE Manager Version 3.0 1994 (c) Solar Designer</text>
-      <pattern>
-        B4 30 1E 06 CD 21 2E xx xx xx BF xx xx B9 xx xx 33 C0 2E xx xx 47 E2
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE Packer v7.0 by TurboPower Software</text>
-      <pattern>
-        1E 06 8C C3 83 xx xx 2E xx xx xx xx B9 xx xx 8C C8 8E D8 8B F1 4E 8B FE
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE Shield 0.5 -> Smoke</text>
-      <pattern>
-        E8 04 00 00 00 83 60 EB 0C 5D EB 05 45 55 EB 04 B8 EB F9 00 C3 E8 00 00 00 00 5D 81 ED BC 1A 40 00 EB 01 00 8D B5 46 1B 40 00 BA B3 0A 00 00 EB 01 00 8D 8D F9 25 40 00 8B 09 E8 14 00 00 00 83 EB 01 00 8B FE E8 00 00 00 00 58 83 C0 07 50 C3 00 EB 04 58 40
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Exe Shield 2.7b</text>
-      <pattern>
-        EB 06 68 40 85 06 00 C3 9C 60 E8 02 00 00 00 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90 40 00 87 DD 8B 85 E6 90 40 00 01 85 33 90 40 00 66 C7 85 30 90 40 00 90 90 01 85 DA 90 40 00 01 85 DE 90 40 00 01 85 E2 90 40 00 BB 7B 11 00 00 03 9D EA 90 40
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE Shield v0.1b - v0.3b, v0.3 -> SMoKE</text>
-      <pattern>
-        E8 04 00 00 00 83 60 EB 0C 5D EB 05
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE Shield V0.5 -> Smoke</text>
-      <pattern>
-        E8 04 00 00 00 83 60 EB 0C 5D EB 05 45 55 EB 04 B8 EB F9 00 C3 E8 00 00 00 00 5D 81 ED BC 1A 40 00 EB 01 00 8D B5 46 1B 40 00 BA B3 0A 00 00 EB 01 00 8D 8D F9 25 40 00 8B 09 E8 14 00 00 00 83 EB 01 00 8B FE E8 00 00 00 00 58 83 C0 07 50 C3 00 EB 04 58 40 50 C3 8A 06 46 EB 01 00 D0 C8 E8 14 00 00 00 83 EB 01 00 2A C2 E8 00 00 00 00 5B 83 C3 07 53 C3 00 EB 04 5B 43 53 C3 EB 01 00 32 C2 E8 0B 00 00 00 00 32 C1 EB 01 00 C0 C0 02 EB 09 2A C2 5B EB 01 00 43 53 C3 88 07 EB 01 00 47 4A 75 B4 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE Shield V0.6 -> SMoKE</text>
-      <pattern>
-        E8 04 00 00 00 83 60 EB 0C 5D EB 05 45 55 EB 04 B8 EB F9 00 C3 E8 00 00 00 00 5D 81 ED D4 1A 40 00 EB 01 00 8D B5 5E 1B 40 00 BA A1 0B 00 00 EB 01 00 8D 8D FF 26 40 00 8B 09 E8 14 00 00 00 83 EB 01 00 8B FE E8 00 00 00 00 58 83 C0 07 50 C3 00 EB 04 58 40
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE Shield V0.6 -> SMoKE</text>
-      <pattern>
-        E8 04 00 00 00 83 60 EB 0C 5D EB 05 45 55 EB 04 B8 EB F9 00 C3 E8 00 00 00 00 5D 81 ED D4 1A 40 00 EB 01 00 8D B5 5E 1B 40 00 BA A1 0B 00 00 EB 01 00 8D 8D FF 26 40 00 8B 09 E8 14 00 00 00 83 EB 01 00 8B FE E8 00 00 00 00 58 83 C0 07 50 C3 00 EB 04 58 40 50 C3 8A 06 46 EB 01 00 D0 C8 E8 14 00 00 00 83 EB 01 00 2A C2 E8 00 00 00 00 5B 83 C3 07 53 C3 00 EB 04 5B 43 53 C3 EB 01 00 32 C2 E8 0B 00 00 00 00 32 C1 EB 01 00 C0 C0 02 EB 09 2A C2 5B EB 01 00 43 53 C3 88 07 EB 01 00 47 4A 75 B4 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Exe Shield v1.7</text>
-      <pattern>
-        EB 06 68 90 1F 06 00 C3 9C 60 E8 02 00 00 00 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Exe Shield v2.7</text>
-      <pattern>
-        EB 06 68 F4 86 06 00 C3 9C 60 E8 02 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Exe Shield v2.7b</text>
-      <pattern>
-        EB 06 68 40 85 06 00 C3 9C 60 E8 02 00 00 00 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90 40 00 87 DD 8B 85 E6 90 40 00 01 85 33 90 40 00 66 C7 85 30 90 40 00 90 90 01 85 DA 90 40 00 01 85 DE 90 40 00 01 85 E2 90 40 00 BB 7B 11 00 00 03 9D EA 90 40 00 03 9D E6 90 40 00 53 8B C3 8B FB 2D AC 90 40 00 89 85 AD 90 40 00 8D B5 AC 90 40 00 B9 40 04 00 00 F3 A5 8B FB C3 BD 00 00 00 00 8B F7 83 C6 54 81 C7 FF 10 00 00 56 57 57 56 FF 95 DA 90 40 00 8B C8 5E 5F 8B C1 C1 F9 02 F3 A5 03 C8 83 E1 03 F3 A4 EB 26 D0 12 5B 00 AC 12 5B 00 48 12 5B 00 00 00 40 00 00 D0 5A 00 00 10 5B 00 87 DB 87 DB 87 DB 87 DB 87 DB 87 DB 87 DB 8B 0E B5 E6 90 40 07 56 03 76 EE 0F 18 83 C6 14 12 35 97 80 8D BD 63 39 0D B9 06 86 02 07 F3 A5 6A 04 68 06 10 12 1B FF B5 51 29 EE 10 22 95
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Exe Shield v2.9</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 0B 20 40 00 B9 EB 08 00 00 8D BD 53 20 40 00 8B F7 AC xx xx xx F8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Exe Shield vx.x</text>
-      <pattern>
-        65 78 65 73 68 6C 2E 64 6C 6C C0 5D 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE Stealth 2.5</text>
-      <pattern>
-        60 90 EB 22 45 78 65 53 74 65 61 6C 74 68 20 2D 20 77 77 77 2E 77 65 62 74 6F 6F 6C 6D 61 73 74 65 72 2E 63 6F 6D E8 00 00 00 00 5D 81 ED 40 1E 40 00 B9 99 09 00 00 8D BD 88 1E 40 00 8B F7 AC
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE Stealth 2.73</text>
-      <pattern>
-        EB 00 EB 2F 53 68 61 72 65 77 61 72 65 20 2D 20 45 78 65 53 74 65 61 6C 74 68 00 EB 16 77 77 77 2E 77 65 62 74 6F 6F 6C 6D 61 73 74 65 72 2E 63 6F 6D 00 60 90 E8 00 00 00 00 5D 81 ED F0 27 40 00 B9 15 00 00 00 83 C1 05 EB 05 EB FE 83 C7 56 EB 00 83 E9 02
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE Stealth 2.74</text>
-      <pattern>
-        EB 00 EB 17 53 68 61 72 65 77 61 72 65 20 2D 20 45 78 65 53 74 65 61 6C 74 68 00 60 90 E8 00 00 00 00 5D 81 ED C4 27 40 00 B9 15 00 00 00 83 C1 04 83 C1 01 EB 05 EB FE 83 C7 56 EB 00 83 E9 02 81 C1 78 43 27 65 EB 00 81 C1 10 25 94 00 81 E9 63 85 00 00 B9
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Exe Stealth 2.75a -> WebtoolMaster</text>
-      <pattern>
-        EB 58 53 68 61 72 65 77 61 72 65 2D 56 65 72 73 69 6F 6E 20 45 78 65 53 74 65 61 6C 74 68 2C 20 63 6F 6E 74 61 63 74 20 73 75 70 70 6F 72 74 40 77 65 62 74 6F 6F 6C 6D 61 73 74 65 72 2E 63 6F 6D 20 2D 20 77 77 77 2E 77 65 62 74 6F 6F 6C 6D 61 73 74 65 72
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Exe Stealth 2.75a -> WebtoolMaster</text>
-      <pattern>
-        EB 58 53 68 61 72 65 77 61 72 65 2D 56 65 72 73 69 6F 6E 20 45 78 65 53 74 65 61 6C 74 68 2C 20 63 6F 6E 74 61 63 74 20 73 75 70 70 6F 72 74 40 77 65 62 74 6F 6F 6C 6D 61 73 74 65 72 2E 63 6F 6D 20 2D 20 77 77 77 2E 77 65 62 74 6F 6F 6C 6D 61 73 74 65 72 2E 63 6F 6D 00 90 60 90 E8 00 00 00 00 5D 81 ED F7 27 40 00 B9 15 00 00 00 83 C1 04 83 C1 01 EB 05 EB FE 83 C7 56 EB 00 EB 00 83 E9 02 81 C1 78 43 27 65 EB 00 81 C1 10 25 94 00 81 E9 63 85 00 00 B9 96 0C 00 00 90 8D BD 74 28 40 00 8B F7 AC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE Stealth v1.1</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED FB 1D 40 00 B9 7B 09 00 00 8B F7 AC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE Stealth v2.71</text>
-      <pattern>
-        EB 00 60 EB 00 E8 00 00 00 00 5D 81 ED B0 27 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE Stealth v2.72</text>
-      <pattern>
-        EB 00 EB 2F 53 68 61 72 65 77 61 72 65 20 2D 20
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE Stealth v2.76 -> WebToolMaster</text>
-      <pattern>
-        EB 65 45 78 65 53 74 65 61 6C 74 68 20 56 32 20 2D 20 77 77 77 2E 77 65 62 74 6F 6F 6C 6D 61 73 74 65 72 2E 63 6F 6D 20 59 4F 55 52 20 41 44 20 48 45 52 45 21 50 69 52 41 43 59 20 69 53 20 41
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE Stealth v2.7</text>
-      <pattern>
-        EB 00 60 EB 00 E8 00 00 00 00 5D 81 ED D3 26 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE2COM (Encrypted without selfcheck)</text>
-      <pattern>
-        B3 xx B9 xx xx BE xx xx BF xx xx EB xx 54 69 xx xx xx xx 03 xx xx 32 C3 AA 43 49 E3 xx EB xx BE xx xx 8B C6
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE2COM (Limited)</text>
-      <pattern>
-        BE xx xx 8B 04 3D xx xx 74 xx BA xx xx B4 09 CD 21 CD 20
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE2COM (Method 1)</text>
-      <pattern>
-        8C DB BE xx xx 8B C6 B1 xx D3 E8 03 C3 03 xx xx A3 xx xx 8C C8 05 xx xx A3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE2COM (Packed)</text>
-      <pattern>
-        BD xx xx 89 xx xx xx 81 xx xx xx xx xx 8C xx xx xx 8C C8 05 xx xx 8E C0 BE xx xx 8B FE 0E 57 54 59 F3 A4 06 68 xx xx CB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE2COM (regular)</text>
-      <pattern>
-        E9 8C CA 81 C3 xx xx 3B 16 xx xx 76 xx BA xx xx B4 09 CD 21 CD 20 0D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE2COM (With CRC check)</text>
-      <pattern>
-        B3 xx B9 xx xx 33 D2 BE xx xx 8B FE AC 32 C3 AA 43 49 32 E4 03 D0 E3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE32Pack v1.36</text>
-      <pattern>
-        3B C0 74 02 81 83 55 3B C0 74 02 81 83 53 3B C9 74 01 BC xx xx xx xx 02 81 xx xx xx xx xx xx xx 3B DB 74 01 BE 5D 8B D5 81 ED CC 8D 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE32Pack v1.37</text>
-      <pattern>
-        3B C0 74 02 81 83 55 3B C0 74 02 81 83 53 3B C9 74 01 BC xx xx xx xx 02 81 xx xx xx xx xx xx xx 3B DB 74 01 BE 5D 8B D5 81 ED 4C 8E 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE32Pack v1.38</text>
-      <pattern>
-        3B C0 74 02 81 83 55 3B C0 74 02 81 83 53 3B C9 74 01 BC xx xx xx xx 02 81 xx xx xx xx xx xx xx 3B DB 74 01 BE 5D 8B D5 81 ED DC 8D 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE32Pack v1.39</text>
-      <pattern>
-        3B C0 74 02 81 83 55 3B C0 74 02 81 83 53 3B C9 74 01 BC xx xx xx xx 02 81 xx xx xx xx xx xx xx 3B DB 74 01 BE 5D 8B D5 81 ED EC 8D 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXE32Pack v1.3x</text>
-      <pattern>
-        3B xx 74 02 81 83 55 3B xx 74 02 81 xx 53 3B xx 74 01 xx xx xx xx xx 02 81 xx xx E8 xx xx xx xx 3B 74 01 xx 5D 8B D5 81 ED
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ExeBundle v3.0 (small loader)</text>
-      <pattern>
-        00 00 00 00 60 BE 00 F0 40 00 8D BE 00 20 FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ExeBundle v3.0 (standard loader)</text>
-      <pattern>
-        00 00 00 00 60 BE 00 B0 42 00 8D BE 00 60 FD FF C7 87 B0 E4 02 00 31 3C 4B DF 57 83 CD FF EB 0E 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECrypt 1.0 -> ReBirth</text>
-      <pattern>
-        90 90 60 E8 00 00 00 00 5D 81 ED D1 27 40 00 B9 15 00 00 00 83 C1 04 83 C1 01 EB 05 EB FE 83 C7 56 EB 00 EB 00 83 E9 02 81 C1 78 43 27 65 EB 00 81 C1 10 25 94 00 81 E9 63 85 00 00 B9 96 0C 00 00 90 8D BD 4E 28 40 00 8B F7 AC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.0/2.1 (protected IAT) -> www.strongbit.com * Sign.By.haggar</text>
-      <pattern>
-        A4 xx xx xx 00 00 00 00 FF FF FF FF 3C xx xx xx 94 xx xx xx D8 xx xx xx 00 00 00 00 FF FF FF FF B8 xx xx xx D4 xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00 00 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 00 00 00 45 78 69 74 50 72 6F 63 65 73 73 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00 60 xx xx xx 70 xx xx xx 84 xx xx xx 00 00 00 00 75 73 65 72 33 32 2E 64 6C 6C 00 00 00 00 4D 65 73 73 61 67 65 42 6F 78 41
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.0/2.1 (protected IAT) -> www.strongbit.com</text>
-      <pattern>
-        A4 xx xx xx 00 00 00 00 FF FF FF FF 3C xx xx xx 94 xx xx xx D8 xx xx xx 00 00 00 00 FF FF FF FF B8 xx xx xx D4 xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00 00 00 00 00 47 65 74 4D 6F 64 75
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.0/2.1 -> www.strongbit.com * Sign.By.haggar</text>
-      <pattern>
-        55 8B EC 83 C4 F4 56 57 53 BE xx xx xx xx B8 00 00 xx xx 89 45 FC 89 C2 8B 46 0C 09 C0 0F 84 xx 00 00 00 01 D0 89 C3 50 FF 15 94 xx xx xx 09 C0 0F 85 0F 00 00 00 53 FF 15 98 xx xx xx 09 C0 0F 84 xx 00 00 00 89 45 F8 6A 00 8F 45 F4 8B 06 09 C0 8B 55 FC 0F 85 03 00 00 00 8B 46 10 01 D0 03 45 F4 8B 18 8B 7E 10 01 D7 03 7D F4 09 DB 0F 84 xx 00 00 00 F7 C3 00 00 00 80 0F 85 04 00 00 00 8D 5C 13 02 81 E3 FF FF FF xx 53 FF 75 F8 FF 15 9C xx xx xx 09 C0 0F 84 xx 00 00 00 89 07 83 45 F4 04 E9 A6 FF FF FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.0/2.1 -> www.strongbit.com</text>
-      <pattern>
-        55 8B EC 83 C4 F4 56 57 53 BE xx xx xx xx B8 00 00 xx xx 89 45 FC 89 C2 8B 46 0C 09 C0 0F 84 xx 00 00 00 01 D0 89 C3 50 FF 15 94 xx xx xx 09 C0 0F 85 0F 00 00 00 53 FF 15 98 xx xx xx 09 C0 0F 84 xx 00 00 00 89 45 F8 6A 00 8F 45 F4 8B 06 09 C0 8B 55 FC 0F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.1.17 -> Strongbit / SoftComplete Development (h)</text>
-      <pattern>
-        BE xx xx xx xx B8 00 00 xx xx 89 45 FC 89 C2 8B 46 0C 09 C0 0F 84 xx 00 00 00 01 D0 89 C3 50 FF 15 94 xx xx xx 09 C0 0F 85 0F 00 00 00 53 FF 15 98 xx xx xx 09 C0 0F 84 xx 00 00 00 89 45 F8 6A 00 8F 45 F4 8B 06 09 C0 8B 55 FC 0F 85 03 00 00 00 8B 46 10 01
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.1.17 -> Strongbit/SoftComplete Development (h)</text>
-      <pattern>
-        BE xx xx xx xx B8 00 00 xx xx 89 45 FC 89 C2 8B 46 0C 09 C0 0F 84 xx 00 00 00 01 D0 89 C3 50 FF 15 94 xx xx xx 09 C0 0F 85 0F 00 00 00 53 FF 15 98 xx xx xx 09 C0 0F 84 xx 00 00 00 89 45 F8 6A 00 8F 45 F4 8B 06 09 C0 8B 55 FC 0F 85 03 00 00 00 8B 46 10 01 D0 03 45 F4 8B 18 8B 7E 10 01 D7 03 7D F4 09 DB 0F 84 xx 00 00 00 F7 C3 00 00 00 80 0F 85 04 00 00 00 8D 5C 13 02 81 E3 FF FF FF 7F 53 FF 75 F8 FF 15 9C xx xx xx 09 C0 0F 84 xx 00 00 00 89 07 83 45 F4 04 E9 A6 FF FF FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.2.4 -> Strongbit/SoftComplete Development (h1)</text>
-      <pattern>
-        E8 F7 FE FF FF 05 xx xx 00 00 FF E0 E8 EB FE FF FF 05 xx xx 00 00 FF E0 E8 04 00 00 00 FF FF FF FF 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.2.4 -> Strongbit/SoftComplete Development (h2)</text>
-      <pattern>
-        E8 F7 FE FF FF 05 xx xx 00 00 FF E0 E8 EB FE FF FF 05 xx xx 00 00 FF E0 E8 xx 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.2.4 -> Strongbit/SoftComplete Development</text>
-      <pattern>
-        6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00 00 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 00 00 00 45 78 69 74 50 72 6F 63 65 73 73
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.2.6 (minimum protection) -> www.strongbit.com</text>
-      <pattern>
-        50 68 xx xx xx xx 58 81 E0 xx xx xx xx E9 xx xx xx 00 87 0C 24 59 E8 xx xx xx 00 89 45 F8 E9 xx xx xx xx 0F 83 xx xx xx 00 E9 xx xx xx xx 87 14 24 5A 57 68 xx xx xx xx E9 xx xx xx xx 58 81 C0 xx xx xx xx 2B 05 xx xx xx xx 81 C8 xx xx xx xx 81 E0
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.2.6 (minimum protection)</text>
-      <pattern>
-        50 68 xx xx xx xx 58 81 E0 xx xx xx xx E9 xx xx xx 00 87 0C 24 59 E8 xx xx xx 00 89 45 F8 E9 xx xx xx xx 0F 83 xx xx xx 00 E9 xx xx xx xx 87 14 24 5A 57 68 xx xx xx xx E9 xx xx xx xx 58 81 C0 xx xx xx xx 2B 05 xx xx xx xx 81 C8 xx xx xx xx 81 E0 xx xx xx xx E9 xx xx xx 00 C3 E9 xx xx xx xx C3 BF xx xx xx xx 81 CB xx xx xx xx BA xx xx xx xx 52 E9 xx xx xx 00 E8 xx xx xx 00 E9 xx xx xx 00 E9 xx xx xx xx 87 34 24 5E 66 8B 00 66 25 xx xx E9 xx xx xx xx 8B CD 87 0C 24 8B EC 51 89 EC 5D 8B 05 xx xx xx xx 09 C0 E9 xx xx xx xx 59 81 C1 xx xx xx xx C1 C1 xx 23 0D xx xx xx xx 81 F9 xx xx xx xx E9 xx xx xx xx C3 E9 xx xx xx 00 13 D0 0B F9 E9 xx xx xx xx 51 E8 xx xx xx xx 8B 64 24 08 31 C0 64 8F 05 00 00 00 00 5A E9 xx xx xx xx 3C A4 0F 85 xx xx xx 00 8B 45 FC 66 81 38 xx xx 0F 84 05 00 00 00 E9 xx xx xx xx 0F 84 xx xx xx xx E9 xx xx xx xx 87 3C 24 5F 31 DB 31 C9 31 D2 68 xx xx xx xx E9 xx xx xx xx 89 45 FC 33 C0 89 45 F4 83 7D FC 00 E9 xx xx xx xx 53 52 8B D1 87 14 24 81 C0 xx xx xx xx 0F 88 xx xx xx xx 3B CB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.2.6 DLL (minimum protection) -> www.strongbit.com</text>
-      <pattern>
-        50 8B C6 87 04 24 68 xx xx xx xx 5E E9 xx xx xx xx 85 C8 E9 xx xx xx xx 81 C3 xx xx xx xx 0F 81 xx xx xx 00 81 FA xx xx xx xx 33 D0 E9 xx xx xx 00 0F 8D xx xx xx 00 81 D5 xx xx xx xx F7 D1 0B 15 xx xx xx xx C1 C2 xx 81 C2 xx xx xx xx 9D E9 xx xx xx xx C1
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.2.6 DLL (minimum protection)</text>
-      <pattern>
-        50 8B C6 87 04 24 68 xx xx xx xx 5E E9 xx xx xx xx 85 C8 E9 xx xx xx xx 81 C3 xx xx xx xx 0F 81 xx xx xx 00 81 FA xx xx xx xx 33 D0 E9 xx xx xx 00 0F 8D xx xx xx 00 81 D5 xx xx xx xx F7 D1 0B 15 xx xx xx xx C1 C2 xx 81 C2 xx xx xx xx 9D E9 xx xx xx xx C1 E2 xx C1 E8 xx 81 EA xx xx xx xx 13 DA 81 E9 xx xx xx xx 87 04 24 8B C8 E9 xx xx xx xx 55 8B EC 83 C4 F8 89 45 FC 8B 45 FC 89 45 F8 8B 45 08 E9 xx xx xx xx 8B 45 E0 C6 00 00 FF 45 E4 E9 xx xx xx xx FF 45 E4 E9 xx xx xx 00 F7 D3 0F 81 xx xx xx xx E9 xx xx xx xx 87 34 24 5E 8B 45 F4 E8 xx xx xx 00 8B 45 F4 8B E5 5D C3 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.2.x -> SoftComplete Developement</text>
-      <pattern>
-        E8 F7 FE FF FF 05 xx xx 00 00 FF E0 E8 EB FE FF FF 05 xx xx 00 00 FF E0 E8 04 00 00 00 FF FF FF FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.2/2.3 (compressed code) -> www.strongbit.com</text>
-      <pattern>
-        E8 00 00 00 00 58 xx xx xx xx xx 8B 1C 24 81 EB xx xx xx xx B8 xx xx xx xx 50 6A 04 68 00 10 00 00 50 6A 00 B8 C4 xx xx xx 8B 04 18 FF D0 59 BA xx xx xx xx 01 DA 52 53 50 89 C7 89 D6 FC F3 A4 B9 xx xx xx xx 01 D9 FF D1 58 8B 1C 24 68 00 80 00 00 6A 00 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.2/2.3 (compressed code) -> www.strongbit.com</text>
-      <pattern>
-        E8 00 00 00 00 58 xx xx xx xx xx 8B 1C 24 81 EB xx xx xx xx B8 xx xx xx xx 50 6A 04 68 00 10 00 00 50 6A 00 B8 C4 xx xx xx 8B 04 18 FF D0 59 BA xx xx xx xx 01 DA 52 53 50 89 C7 89 D6 FC F3 A4 B9 xx xx xx xx 01 D9 FF D1 58 8B 1C 24 68 00 80 00 00 6A 00 50 B8 C8 xx xx xx 8B 04 18 FF D0 59 58 5B 83 EB 05 C6 03 B8 43 89 03 83 C3 04 C6 03 C3 09 C9 74 46 89 C3 E8 A0 00 00 00 FC AD 83 F8 FF 74 38 53 89 CB 01 C3 01 0B 83 C3 04 AC 3C FE 73 07 25 FF 00 00 00 EB ED 81 C3 FE 00 00 00 09 C0 7A 09 66 AD 25 FF FF 00 00 EB DA AD 4E 25 FF FF FF 00 3D FF FF FF 00 75 CC xx xx xx xx xx C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.2/2.3 (protected IAT) -> www.strongbit.com</text>
-      <pattern>
-        CC xx xx xx 00 00 00 00 FF FF FF FF 3C xx xx xx B4 xx xx xx 08 xx xx xx 00 00 00 00 FF FF FF FF E8 xx xx xx 04 xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00 00 00 00 00 47 65 74 4D 6F 64 75
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.3.9 (compressed resources) -> www.strongbit.com</text>
-      <pattern>
-        51 68 xx xx xx xx 59 81 F1 12 3C CB 98 E9 53 2C 00 00 F7 D7 E9 EB 60 00 00 83 45 F8 02 E9 E3 36 00 00 F6 45 F8 20 0F 84 1E 21 00 00 55 E9 80 62 00 00 87 0C 24 8B E9 xx xx xx xx 00 00 23 C1 81 E9 xx xx xx xx 57 E9 ED 00 00 00 0F 88 xx xx xx xx E9 2C 0D 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.3.9 (compressed resources)</text>
-      <pattern>
-        51 68 xx xx xx xx 59 81 F1 12 3C CB 98 E9 53 2C 00 00 F7 D7 E9 EB 60 00 00 83 45 F8 02 E9 E3 36 00 00 F6 45 F8 20 0F 84 1E 21 00 00 55 E9 80 62 00 00 87 0C 24 8B E9 xx xx xx xx 00 00 23 C1 81 E9 xx xx xx xx 57 E9 ED 00 00 00 0F 88 xx xx xx xx E9 2C 0D 00 00 81 ED BB 43 CB 79 C1 E0 1C E9 9E 14 00 00 0B 15 xx xx xx xx 81 E2 2A 70 7F 49 81 C2 9D 83 12 3B E8 0C 50 00 00 E9 A0 16 00 00 59 5B C3 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 E8 41 42 00 00 E9 93 33 00 00 31 DB 89 D8 59 5B C3 A1 xx xx xx xx 8A 00 2C 99 E9 82 30 00 00 0F 8A xx xx xx xx B8 01 00 00 00 31 D2 0F A2 25 FF 0F 00 00 E9 72 21 00 00 0F 86 57 0B 00 00 E9 xx xx xx xx C1 C0 03 E8 F0 36 00 00 E9 41 0A 00 00 81 F7 B3 6E 85 EA 81 C7 xx xx xx xx 87 3C 24 E9 74 52 00 00 0F 8E xx xx xx xx E8 5E 37 00 00 68 B1 74 96 13 5A E9 A1 04 00 00 81 D1 49 C0 12 27 E9 50 4E 00 00 C1 C8 1B 1B C3 81 E1 96 36 E5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.3.9 (minimum protection) -> www.strongbit.com</text>
-      <pattern>
-        68 xx xx xx xx E9 xx xx xx FF 50 C1 C8 18 89 05 xx xx xx xx C3 C1 C0 18 51 E9 xx xx xx FF 84 C0 0F 84 6A F9 FF FF E9 xx xx xx FF C3 E9 xx xx xx FF E8 CF E9 FF FF B8 01 00 00 00 E9 xx xx xx FF 2B D0 68 A0 36 80 D4 59 81 C9 64 98 FF 99 E9 xx xx xx FF 84 C0
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.3.9 (minimum protection)</text>
-      <pattern>
-        68 xx xx xx xx E9 xx xx xx FF 50 C1 C8 18 89 05 xx xx xx xx C3 C1 C0 18 51 E9 xx xx xx FF 84 C0 0F 84 6A F9 FF FF E9 xx xx xx FF C3 E9 xx xx xx FF E8 CF E9 FF FF B8 01 00 00 00 E9 xx xx xx FF 2B D0 68 A0 36 80 D4 59 81 C9 64 98 FF 99 E9 xx xx xx FF 84 C0 0F 84 8E EC FF FF E9 xx xx xx FF C3 87 3C 24 5F 8B 00 03 45 FC 83 C0 18 E9 xx xx xx FF 87 0C 24 59 B8 01 00 00 00 D3 E0 23 D0 E9 02 18 00 00 0F 8D DB 00 00 00 C1 E8 14 E9 CA 00 00 00 9D 87 0C 24 59 87 1C 24 68 AE 73 B9 96 E9 C5 10 00 00 0F 8A xx xx xx xx E9 xx xx xx FF 81 FD F5 FF 8F 07 E9 4F 10 00 00 C3 E9 5E 12 00 00 87 3C 24 E9 xx xx xx FF E8 xx xx xx FF 83 3D xx xx xx xx 00 0F 85 xx xx xx xx 8D 55 EC B8 xx xx xx xx E9 xx xx xx FF E8 A7 1A 00 00 E8 2A CB FF FF E9 xx xx xx FF C3 E9 xx xx xx FF 59 89 45 E0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.3.9 DLL (compressed resources) -> www.strongbit.com</text>
-      <pattern>
-        50 68 xx xx xx xx 58 C1 C0 0F E9 xx xx xx 00 87 04 24 58 89 45 FC E9 xx xx xx FF FF 05 xx xx xx xx E9 xx xx xx 00 C1 C3 18 E9 xx xx xx xx 8B 55 08 09 42 F8 E9 xx xx xx FF 83 7D F0 01 0F 85 xx xx xx xx E9 xx xx xx 00 87 34 24 5E 8B 45 FC 33 D2 56 8B F2 E9
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.3.9 DLL (compressed resources)</text>
-      <pattern>
-        50 68 xx xx xx xx 58 C1 C0 0F E9 xx xx xx 00 87 04 24 58 89 45 FC E9 xx xx xx FF FF 05 xx xx xx xx E9 xx xx xx 00 C1 C3 18 E9 xx xx xx xx 8B 55 08 09 42 F8 E9 xx xx xx FF 83 7D F0 01 0F 85 xx xx xx xx E9 xx xx xx 00 87 34 24 5E 8B 45 FC 33 D2 56 8B F2 E9 xx xx xx 00 BA xx xx xx xx E8 xx xx xx 00 A3 xx xx xx xx C3 E9 xx xx xx 00 C3 83 C4 04 C3 E9 xx xx xx FF 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 E8 xx xx xx 00 E9 xx xx xx FF C1 C2 03 81 CA xx xx xx xx 81 C2 xx xx xx xx 03 C2 5A E9 xx xx xx FF 81 E7 xx xx xx xx 81 EF xx xx xx xx 81 C7 xx xx xx xx 89 07 E9 xx xx xx xx 0F 89 xx xx xx xx 87 14 24 5A 50 C1 C8 10
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.3.9 DLL (minimum protection) -> www.strongbit.com</text>
-      <pattern>
-        51 68 xx xx xx xx 87 2C 24 8B CD 5D 81 E1 xx xx xx xx E9 xx xx xx 00 89 45 F8 51 68 xx xx xx xx 59 81 F1 xx xx xx xx 0B 0D xx xx xx xx 81 E9 xx xx xx xx E9 xx xx xx 00 81 C2 xx xx xx xx E8 xx xx xx 00 87 0C 24 59 51 64 8B 05 30 00 00 00 8B 40 0C 8B 40 0C
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.3.9 DLL (minimum protection)</text>
-      <pattern>
-        51 68 xx xx xx xx 87 2C 24 8B CD 5D 81 E1 xx xx xx xx E9 xx xx xx 00 89 45 F8 51 68 xx xx xx xx 59 81 F1 xx xx xx xx 0B 0D xx xx xx xx 81 E9 xx xx xx xx E9 xx xx xx 00 81 C2 xx xx xx xx E8 xx xx xx 00 87 0C 24 59 51 64 8B 05 30 00 00 00 8B 40 0C 8B 40 0C E9 xx xx xx 00 F7 D6 2B D5 E9 xx xx xx 00 87 3C 24 8B CF 5F 87 14 24 1B CA E9 xx xx xx 00 83 C4 08 68 xx xx xx xx E9 xx xx xx 00 C3 E9 xx xx xx 00 E9 xx xx xx 00 50 8B C5 87 04 24 8B EC 51 0F 88 xx xx xx 00 FF 05 xx xx xx xx E9 xx xx xx 00 87 0C 24 59 99 03 04 24 E9 xx xx xx 00 C3 81 D5 xx xx xx xx 9C E9 xx xx xx 00 81 FA xx xx xx xx E9 xx xx xx 00 C1 C3 15 81 CB xx xx xx xx 81 F3 xx xx xx xx 81 C3 xx xx xx xx 87
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.x -> SoftComplete Developement</text>
-      <pattern>
-        A4 xx xx 00 00 00 00 00 FF FF FF FF 3C xx xx 00 94 xx xx 00 D8 xx xx 00 00 00 00 00 FF FF FF FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.xx (compressed resources) -> www.strongbit.com * Sign.By.haggar</text>
-      <pattern>
-        56 57 53 31 DB 89 C6 89 D7 0F B6 06 89 C2 83 E0 1F C1 EA 05 74 2D 4A 74 15 8D 5C 13 02 46 C1 E0 08 89 FA 0F B6 0E 46 29 CA 4A 29 C2 EB 32 C1 E3 05 8D 5C 03 04 46 89 FA 0F B7 0E 29 CA 4A 83 C6 02 EB 1D C1 E3 04 46 89 C1 83 E1 0F 01 CB C1 E8 05 73 07 43 89 F2 01 DE EB 06 85 DB 74 0E EB A9 56 89 D6 89 D9 F3 A4 31 DB 5E EB 9D 89 F0 5B 5F 5E C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.xx (compressed resources) -> www.strongbit.com</text>
-      <pattern>
-        56 57 53 31 DB 89 C6 89 D7 0F B6 06 89 C2 83 E0 1F C1 EA 05 74 2D 4A 74 15 8D 5C 13 02 46 C1 E0 08 89 FA 0F B6 0E 46 29 CA 4A 29 C2 EB 32 C1 E3 05 8D 5C 03 04 46 89 FA 0F B7 0E 29 CA 4A 83 C6 02 EB 1D C1 E3 04 46 89 C1 83 E1 0F 01 CB C1 E8 05 73 07 43 89
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.xx (max. compressed resources) -> www.strongbit.com * Sign.By.haggar</text>
-      <pattern>
-        55 8B EC 83 C4 EC FC 53 57 56 89 45 FC 89 55 F8 89 C6 89 D7 66 81 3E 4A 43 0F 85 23 01 00 00 83 C6 0A C7 45 F4 08 00 00 00 31 DB BA 00 00 00 80 43 31 C0 E8 11 01 00 00 73 0E 8B 4D F0 E8 1F 01 00 00 02 45 EF AA EB E9 E8 FC 00 00 00 0F 82 97 00 00 00 E8 F1 00 00 00 73 5B B9 04 00 00 00 E8 FD 00 00 00 48 74 DE 0F 89 C7 00 00 00 E8 D7 00 00 00 73 1B 55 BD 00 01 00 00 E8 D7 00 00 00 88 07 47 4D 75 F5 E8 BF 00 00 00 72 E9 5D EB A2 B9 01 00 00 00 E8 C8 00 00 00 83 C0 07 89 45 F0 C6 45 EF 00 83 F8 08 74 89 E8 A9 00 00 00 88 45 EF E9 7C FF FF FF B9 07 00 00 00 E8 A2 00 00 00 50
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor 2.xx (max. compressed resources) -> www.strongbit.com</text>
-      <pattern>
-        55 8B EC 83 C4 EC FC 53 57 56 89 45 FC 89 55 F8 89 C6 89 D7 66 81 3E 4A 43 0F 85 23 01 00 00 83 C6 0A C7 45 F4 08 00 00 00 31 DB BA 00 00 00 80 43 31 C0 E8 11 01 00 00 73 0E 8B 4D F0 E8 1F 01 00 00 02 45 EF AA EB E9 E8 FC 00 00 00 0F 82 97 00 00 00 E8 F1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor v1.3.0.45</text>
-      <pattern>
-        E8 24 00 00 00 8B 4C 24 0C C7 01 17 00 01 00 C7 81 xx xx xx xx xx xx xx 31 C0 89 41 14 89 41 18 80 A1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor v1.3.0.45</text>
-      <pattern>
-        E8 24 xx xx xx 8B 4C 24 0C C7 01 17 xx 01 xx C7 81 xx xx xx xx xx xx xx 31 C0 89 41 14 89 41 18 80 A1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor v1.4.0.1</text>
-      <pattern>
-        E8 24 00 00 00 8B 4C 24 0C C7 01 17 00 01 00 C7 81 B8 00 00 00 00 xx xx 00 31 C0 89 41 14 89 41 18 80
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor v1.5.1.x</text>
-      <pattern>
-        E8 24 xx xx xx 8B 4C 24 0C C7 01 17 xx 01 xx C7 81 B8 xx xx xx xx xx xx xx 31 C0 89 41 14 89 41 18 80 A1 C1 xx xx xx FE C3 31 C0 64 FF 30 64 89 20 CC C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor v1.5.3</text>
-      <pattern>
-        E8 24 00 00 00 8B 4C 24 0C C7 01 17 00 01 00 C7 81 B8 00 00 00 00 xx xx 00 31 C0 89 41 14 89 41 18 80 A1 C1 00 00 00 FE C3 31 C0 64 FF 30 64 89 20 CC C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor V2.1X -> softcomplete.com</text>
-      <pattern>
-        83 C6 14 8B 55 FC E9 xx FF FF FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor V2.1X -> SoftComplete.com</text>
-      <pattern>
-        E9 xx xx xx xx 66 9C 60 50 8D 88 xx xx xx xx 8D 90 04 16 xx xx 8B DC 8B E1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor V2.2X -> softcomplete.com</text>
-      <pattern>
-        FF E0 E8 04 00 00 00 FF FF FF FF 5E C3 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXECryptor vx.x.x.x</text>
-      <pattern>
-        E8 24 xx xx xx 8B 4C 24 0C C7 01 17 xx 01 xx C7 81 B8 xx xx xx xx xx xx xx 31 C0 89 41
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ExeJoiner 1.0 -> Yoda f2f</text>
-      <pattern>
-        68 00 10 40 00 68 04 01 00 00 E8 39 03 00 00 05 00 10 40 00 C6 00 5C 68 04 01 00 00 68 04 11 40 00 6A 00 E8 1A 03 00 00 6A 00 68 80 00 00 00 6A 03 6A 00 6A 01 68 00 00 00 80 68 04 11 40 00 E8 EC 02 00 00 83 F8 FF 0F 84 83 02 00 00 A3 08 12 40 00 6A 00 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ExeJoiner 1.0 -> Yoda f2f</text>
-      <pattern>
-        68 00 10 40 00 68 04 01 00 00 E8 39 03 00 00 05 00 10 40 00 C6 00 5C 68 04 01 00 00 68 04 11 40 00 6A 00 E8 1A 03 00 00 6A 00 68 80 00 00 00 6A 03 6A 00 6A 01 68 00 00 00 80 68 04 11 40 00 E8 EC 02 00 00 83 F8 FF 0F 84 83 02 00 00 A3 08 12 40 00 6A 00 50 E8 E2 02 00 00 83 F8 FF 0F 84 6D 02 00 00 A3 0C 12 40 00 8B D8 83 EB 04 6A 00 6A 00 53 FF 35 08 12 40 00 E8 E3 02 00 00 6A 00 68 3C 12 40 00 6A 04 68 1E 12 40 00 FF 35 08 12 40 00 E8 C4 02 00 00 83 EB 04 6A 00 6A 00 53 FF 35 08 12 40 00 E8 B7 02 00 00 6A 00 68 3C 12 40 00 6A 04 68 1A 12 40 00 FF 35 08 12 40 00 E8 98 02 00 00 83 EB 04 6A 00 6A 00 53 FF 35 08 12 40 00 E8 8B 02 00 00 6A 00 68 3C 12 40 00 6A 04 68 34 12 40 00 FF 35 08 12 40 00 E8 6C 02 00 00 83 EB 04 6A 00 6A 00 53 FF 35 08 12 40 00 E8 5F 02 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ExeJoiner 1.0 -> Yoda</text>
-      <pattern>
-        68 00 10 40 00 68 04 01 00 00 E8 39 03 00 00 05 00 10 40 00 C6 00 5C 68 04 01 00 00 68 04 11 40 00 6A 00 E8 1A 03 00 00 6A 00 68 80 00 00 00 6A 03 6A 00 6A 01 68 00 00 00 80 68 04 11 40 00 E8 EC 02 00 00 83 F8 FF 0F 84 83 02 00 00 A3 08 12 40 00 6A 00 50 E8 E2 02 00 00 83 F8 FF 0F 84 6D 02 00 00 A3 0C 12 40 00 8B D8 83 EB 04 6A 00 6A 00 53 FF 35 08 12 40 00 E8 E3 02 00 00 6A 00 68 3C 12 40 00 6A 04 68 1E 12 40 00 FF 35 08 12 40 00 E8 C4 02 00 00 83 EB 04 6A 00 6A 00 53 FF 35 08 12 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ExeJoiner V1.0 -> Yoda f2f</text>
-      <pattern>
-        68 00 10 40 00 68 04 01 00 00 E8 39 03 00 00 05 00 10 40 00 C6 00 5C 68 04 01 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXEJoiner v1.0</text>
-      <pattern>
-        68 00 10 40 00 68 04 01 00 00 E8 39 03 00 00 05 00 10 40 C6 00 5C 68 xx xx xx xx 68 xx xx xx xx 6A 00 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXELOCK 666 1.5</text>
-      <pattern>
-        BA xx xx BF xx xx EB xx EA xx xx xx xx 79 xx 7F xx 7E xx 1C xx 48 78 xx E3 xx 45 14 xx 5A E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ExeLock v1.00</text>
-      <pattern>
-        06 8C C8 8E C0 BE xx xx 26 xx xx 34 xx 26 xx xx 46 81 xx xx xx 75 xx 40 B3 xx B3 xx F3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXEPACK (LINK) v3.60, v3.64, v3.65 or 5.01.21</text>
-      <pattern>
-        8C C0 05 xx xx 0E 1F A3 xx xx 03 xx xx xx 8E C0 8B xx xx xx 8B xx 4F 8B F7 FD F3 A4 50 B8 xx xx 50 CB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXEPACK v4.05, v4.06</text>
-      <pattern>
-        8C C0 05 xx xx 0E 1F A3 xx xx 03 06 xx xx 8E C0 8B 0E xx xx 8B F9 4F 8B F7 FD F3 A4
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXERefactor V0.1 -> random</text>
-      <pattern>
-        55 8B EC 81 EC 90 0B 00 00 53 56 57 E9 58 8C 01 00 55 53 43 41 54 49 4F 4E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ExeSafeguard 1.0 -> simonzh (h)</text>
-      <pattern>
-        C0 5D EB 4E EB 47 DF 69 4E 58 DF 59 74 F3 EB 01 DF 75 EE 9A 59 9C 81 C1 E2 FF FF FF EB 01 DF 9D FF E1 E8 51 E8 EB FF FF FF DF 22 3F 9A C0 81 ED 19 18 40 00 EB 48 EB 47 DF 69 4E 58 DF 59 79 EE EB 01 DF 78 E9 DF 59 9C 81 C1 E5 FF FF FF 9D FF E1 EB 51 E8 EE
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ExeSafeguard v1.0 -> simonzh (h)</text>
-      <pattern>
-        C0 5D EB 4E EB 47 DF 69 4E 58 DF 59 74 F3 EB 01 DF 75 EE 9A 59 9C 81 C1 E2 FF FF FF EB 01 DF 9D FF E1 E8 51 E8 EB FF FF FF DF 22 3F 9A C0 81 ED 19 18 40 00 EB 48 EB 47 DF 69 4E 58 DF 59 79 EE EB 01 DF 78 E9 DF 59 9C 81 C1 E5 FF FF FF 9D FF E1 EB 51 E8 EE FF FF FF DF BA A3 22 3F 9A C0 60 EB 4D EB 47 DF 69 4E 58 DF 59 79 F3 EB 01 DF 78 EE DF 59 9C 81 C1 E5 FF FF FF 9D FF E1 EB 51 E8 EE FF FF FF E8 BA A3 22 3F 9A C0 8D B5 EE 19 40 00 EB 47 EB 47 DF 69 4E 58 DF 59 7A EE EB 01 DF 7B E9 DF 59 9C 81 C1 E5 FF FF FF 9D FF E1 EB 51 E8 EE FF FF FF DF 22 3F 9A C0 8B FE EB 4C EB 47 DF 69 4E 58 DF 59 74 F2 EB 01 DF 75 ED 0F 59 9C 81 C1 E5 FF FF FF 9D FF E1 EB 51 E8 EE FF FF FF E8 BA A3 22 3F 9A C0 B9 2B CB 00 00 EB 4B EB 47 DF 69 4E 58 DF 59 78 EF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ExeShield 3.6 -> www.exeshield.com</text>
-      <pattern>
-        B8 xx xx xx 00 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00 CE 1E 42 AF F8 D6 CC E9 FB C8 4F 1B 22 7C B4 C8 0D BD 71 A9 C8 1F 5F B1 29 8F 11 73 8F 00 D1 88 87 A9 3F 4D 00 6C 3C BF C0 80 F7 AD 35 23 EB 84 82 6F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ExeShield Cryptor 1.3RC -> Tom Commander</text>
-      <pattern>
-        55 8B EC 53 56 57 60 E8 00 00 00 00 5D 81 ED 8C 21 40 00 B9 51 2D 40 00 81 E9 E6 21 40 00 8B D5 81 C2 E6 21 40 00 8D 3A 8B F7 33 C0 EB 04 90 EB 01 C2 AC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ExeShield Protector V3.6 -> www.exeshield.com</text>
-      <pattern>
-        B8 xx xx xx 00 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00 CE 1E 42 AF F8 D6 CC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ExeShield v3.7 -> ExeShield Team (h)</text>
-      <pattern>
-        B8 xx xx xx 00 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00 CE 1E 42 AF F8 D6 CC E9 FB C8 4F 1B 22 7C B4 C8 0D BD 71 A9 C8 1F 5F B1 29 8F 11 73 8F 00 D1 88 87 A9 3F 4D 00 6C 3C BF C0 80 F7 AD 35 23 EB 84 82 6F 8C B9 0A FC EC E4 82 97 AE 0F 18 D2 47 1B 65 EA 46 A5 FD 3E 9D 75 2A 62 80 60 F9 B0 0D E1 AC 12 0E 9D 24 D5 43 CE 9A D6 18 BF 22 DA 1F 72 76 B0 98 5B C2 64 BC AE D8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ExeSmasher vx.x</text>
-      <pattern>
-        9C FE 03 xx 60 BE xx xx 41 xx 8D BE xx 10 FF FF 57 83 CD FF EB 10
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ExeSplitter 1.2 -> Bill Prisoner / TPOC</text>
-      <pattern>
-        E9 95 02 00 00 64 A1 00 00 00 00 83 38 FF 74 04 8B 00 EB F7 8B 40 04 C3 55 8B EC B8 00 00 00 00 8B 75 08 81 E6 00 00 FF FF B9 06 00 00 00 56 56 E8 B0 00 00 00 5E 83 F8 01 75 06 8B C6 C9 C2 04 00 81 EE 00 00 01 00 E2 E5 C9 C2 04 00 55 8B EC 8B 75 0C 8B DE 03 76 3C 8D 76 18 8D 76 60 8B 36 03 F3 56 8B 76 20 03 F3 33 D2 8B C6 8B 36 03 F3 8B 7D 08 B9 0E 00 00 00 FC F3 A6 0B C9 75 02 EB 08
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ExeSplitter 1.3 (Split Method) -> Bill Prisoner / TPOC</text>
-      <pattern>
-        E8 00 00 00 00 5D 81 ED 08 12 40 00 E8 66 FE FF FF 55 50 8D 9D 81 11 40 00 53 8D 9D 21 11 40 00 53 6A 08 E8 76 FF FF FF 6A 40 68 00 30 00 00 68 00 01 00 00 6A 00 FF 95 89 11 40 00 89 85 61 10 40 00 50 68 00 01 00 00 FF 95 85 11 40 00 8D 85 65 10 40 00 50 FF B5 61 10 40 00 FF 95 8D 11 40 00 6A 00 68 80 00 00 00 6A 02 6A 00 xx xx xx xx 01 1F 00 FF B5 61 10 40 00 FF 95 91 11 40 00 89 85 72 10 40 00 6A 00 8D xx xx xx xx 00 50 FF B5 09 10 40 00 8D 85 F5 12 40 00 50 FF B5 72 10 40 00 FF 95 95 11 40 00 FF B5 72 10 40 00 FF 95 99 11 40 00 8D 85 0D 10 40 00 50 8D 85 1D 10 40 00 50 B9 07 00 00 00 6A 00 E2 FC
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ExeSplitter 1.3 (Split Method) -> Bill Prisoner / TPOC</text>
-      <pattern>
-        E9 FE 01 00 00 xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 76 63 45 72 30 31 31 2E 74 6D 70 00 00 00 00 00 00 00 00 00 64 A1 30 00 00 00 8B 40 0C 8B 40 0C 8B 00 85 C0 0F 84 5F 02 00 00 8B 48 30 80 39 6B 74 07 80 39 4B 74 02 EB E7 80 79 0C 33 74 02 EB DF 8B 40 18 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ExeSplitter 1.3 (Split+Crypt Method) -> Bill Prisoner / TPOC</text>
-      <pattern>
-        15 10 05 23 14 56 57 57 48 12 0B 16 66 66 66 66 66 66 66 66 66 02 C7 56 66 66 66 ED 26 6A ED 26 6A ED 66 E3 A6 69 E2 39 64 66 66 ED 2E 56 E6 5F 0D 12 61 E6 5F 2D 12 64 8D 81 E6 1F 6A 55 12 64 8D B9 ED 26 7E A5 33 ED 8A 8D 69 21 03 12 36 14 09 05 27 02 02 14 03 15 15 27 ED 2B 6A ED 13 6E ED B8 65 10 5A EB 10 7E EB 10 06 ED 50 65 95 30 ED 10 46 65 95 55 B4 ED A0 ED 50 65 95 37 ED 2B 6A EB DF AB 76 26 66 3F DF 68 66 66 66 9A 95 C0 6D AF 13 64
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ExeSplitter 1.3 (Split+Crypt Method) -> Bill Prisoner / TPOC</text>
-      <pattern>
-        E8 00 00 00 00 5D 81 ED 05 10 40 00 B9 xx xx xx xx 8D 85 1D 10 40 00 80 30 66 40 E2 FA 8F 98 67 66 66 xx xx xx xx xx xx xx 66
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ExeStealth -> WebToolMaster</text>
-      <pattern>
-        EB 58 53 68 61 72 65 77 61 72 65 2D 56 65 72 73 69 6F 6E 20 45 78 65 53 74 65 61 6C 74 68 2C 20 63 6F 6E 74 61 63 74 20 73 75 70 70 6F 72 74 40 77 65 62 74 6F 6F 6C 6D 61 73 74 65 72 2E 63 6F
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXEStealth 2.75 -> WebtoolMaster</text>
-      <pattern>
-        90 60 90 E8 00 00 00 00 5D 81 ED D1 27 40 00 B9 15 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EXEStealth 2.76 Unregistered -> WebtoolMaster</text>
-      <pattern>
-        EB xx 45 78 65 53 74 65 61 6C 74 68 20 56 32 20 53 68 61 72 65 77 61 72 65 20
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ExeTools COM2EXE</text>
-      <pattern>
-        E8 xx xx 5D 83 ED xx 8C DA 2E 89 96 xx xx 83 C2 xx 8E DA 8E C2 2E 01 96 xx xx 60
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ExeTools v2.1 Encruptor by DISMEMBER</text>
-      <pattern>
-        E8 xx xx 5D 83 xx xx 1E 8C DA 83 xx xx 8E DA 8E C2 BB xx xx BA xx xx 85 D2 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Liuli</text>
-      <pattern>
-        E8 53 03 00 00 8B F0 56 56 E8 98 03 00 00 8B C8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor 1.0 beta -> CGSoftLabs</text>
-      <pattern>
-        E9 35 14 00 00 E9 31 13 00 00 E9 98 12 00 00 E9 EF 0C 00 00 E9 42 13 00 00 E9 E9 02 00 00 E9 EF 0B 00 00 E9 1B 0D 00 00 CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor 1.0 beta -> CGSoftLabs</text>
-      <pattern>
-        E9 35 14 00 00 E9 31 13 00 00 E9 98 12 00 00 E9 EF 0C 00 00 E9 42 13 00 00 E9 E9 02 00 00 E9 EF 0B 00 00 E9 1B 0D 00 00 CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2A 70 77 20 3D 20 30 78 25 30 34 78 20 20 2A 70 64 77 20 3D 20 30 78 25 30 38 78 00 00 00 00 00 00 00 00 00 42 61 64 20 70 6F 69 6E 74 65 72 3A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2A 70 64 77 20 3D 20 30 78 25 30 38 78 00 00 00 45 72 72 6F 72 3A 00 00 54 68 65 20 25 68 73 20 66 69 6C 65 20 69 73 20 0A 6C 69 6E 6B 65 64 20 74 6F 20 6D 69 73 73 69 6E 67 20 65 78 70
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor 1.1 -> CGSoftLabs</text>
-      <pattern>
-        E9 xx xx 00 00 E9 xx xx 00 00 E9 xx 12 00 00 E9 xx 0C 00 00 E9 xx xx 00 00 E9 xx xx 00 00 E9 xx xx 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor 1.2 -> CGSoftLabs (h)</text>
-      <pattern>
-        55 8B EC 81 EC D4 01 00 00 53 56 57 EB 0C 45 78 50 72 2D 76 2E 31 2E 32 2E 2E B8 xx xx xx xx 2B 05 84 xx xx xx A3 xx xx xx xx 83 3D xx xx xx xx 00 74 16 A1 xx xx xx xx 03 05 80 xx xx xx 89 85 54 FE FF FF E9 xx 07 00 00 C7 05 xx xx xx xx 01 00 00 00 68 04
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor 1.2 -> CGSoftLabs</text>
-      <pattern>
-        55 8B EC 81 EC D4 01 00 00 53 56 57 EB 0C 45 78 50 72 2D 76 2E 31 2E 32 2E 2E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor 1.2.0 Beta PE Packer</text>
-      <pattern>
-        55 8B EC 81 EC xx xx xx xx 53 56 57 EB xx 45 78 50 72 2D 76 2E 31 2E 32 2E 2E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor 1.2.0b</text>
-      <pattern>
-        55 8B EC 81 EC D4 01 00 00 53 56 57 EB 0C 45 78 50 72 2D 76 2E 31 2E 32 2E 2E B8 xx xx xx 00 2B 05 84 xx xx 00 A3 xx xx xx 00 83 3D xx xx xx 00 00 74 16 A1 xx xx xx 00 03 05 80 xx xx 00 89 85 54 FE FF FF E9 xx 07 00 00 C7 05 xx xx xx 00 01 00 00 00 68 04
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor 1.3 -> CGSoftLabs</text>
-      <pattern>
-        55 8B EC 83 EC xx 53 56 57 EB 0C 45 78 50 72 2D 76 2E 31 2E 33 2E 2E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor 1.4.5.1 -> CGSoftLabs (h)</text>
-      <pattern>
-        55 8B EC 83 EC 58 53 56 57 83 65 DC 00 F3 EB 0C 65 58 50 72 2D 76 2E 31 2E 34 2E 00 A1 00 xx xx xx 05 00 xx xx xx A3 08 xx xx xx A1 08 xx xx xx B9 81 xx xx xx 2B 48 18 89 0D 0C xx xx xx 83 3D 10 xx xx xx 00 74 16 A1 08 xx xx xx 8B 0D 0C xx xx xx 03 48 14
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor 1.4.5.1 -> CGSoftLabs</text>
-      <pattern>
-        55 8B EC 83 EC 58 53 56 57 83 65 DC 00 F3 EB 0C 65 58 50 72 2D 76 2E 31 2E 34 2E 00 A1 00 xx xx 00 05 00 xx xx 00 A3 08 xx xx 00 A1 08 xx xx 00 B9 81 xx xx 00 2B 48 18 89 0D 0C xx xx 00 83 3D 10 xx xx 00 00 74 16 A1 08 xx xx 00 8B 0D 0C xx xx 00 03 48 14
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor 1.4.5.1 -> CGSoftLabs</text>
-      <pattern>
-        55 8B EC 83 EC 58 53 56 57 83 65 DC 00 F3 EB 0C 65 58 50 72 2D 76 2E 31 2E 34 2E 00 A1 00 xx xx 00 05 00 xx xx 00 A3 08 xx xx 00 A1 08 xx xx 00 B9 81 xx xx 00 2B 48 18 89 0D 0C xx xx 00 83 3D 10 xx xx 00 00 74 16 A1 08 xx xx 00 8B 0D 0C xx xx 00 03 48 14 89 4D CC E9 97 04 00 00 C7 05 10 xx xx 00 01 00 00 00 xx xx 68 54 xx xx 00 68 18 xx xx 00 6A 00 FF 15 E4 xx xx 00 83 7D 0C 01 74 04 83 65 08 00 6A 04 68 00 10 00 00 68 04 01 00 00 6A 00 FF 15 C4 xx xx 00 89 45 EC 68 04 01 00 00 FF 75 EC FF 75 08 FF 15 DC xx xx 00 8B 4D EC 8D 44 01 FF 89 45 AC 8B 45 AC 0F BE 00 83 F8 5C 74 09 8B 45 AC 48 89 45 AC EB EC 8B 45 AC 40 89 45 AC 8B 45 AC 2B 45 EC 89 45 B0 6A 04 68 00 10 00 00 68 04 01 00 00 6A 00 FF 15 C4 xx xx 00 89 45 FC 8B 4D B0 8B 75 EC 8B 7D FC 8B C1 C1 E9 02
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXpressor v1.0 -> CGSoftLabs</text>
-      <pattern>
-        E9 35 14 00 00 E9 31 13 00 00 E9 98 12 00 00 E9 EF 0C 00 00 E9 42 13
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor V1.0 -> CGSoftLabs</text>
-      <pattern>
-        E9 35 14 00 00 E9 31 13 00 00 E9 98 12 00 00 E9 EF 0C 00 00 E9 42 13 00 00 E9 E9 02 00 00 E9 EF 0B 00 00 E9 1B 0D 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXpressor v1.1 -> CGSoftLabs</text>
-      <pattern>
-        E9 15 13 00 00 E9 F0 12 00 00 E9 58 12 00 00 E9 AF 0C 00 00 E9 AE 02 00 00 E9 B4 0B 00 00 E9 E0 0C 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor v1.2 -> CGSoftLabs (h)</text>
-      <pattern>
-        55 8B EC 81 EC D4 01 00 00 53 56 57 EB 0C 45 78 50 72 2D 76 2E 31 2E 32 2E 2E B8 xx xx xx xx 2B 05 84 xx xx xx A3 xx xx xx xx 83 3D xx xx xx xx 00 74 16 A1 xx xx xx xx 03 05 80 xx xx xx 89 85 54 FE FF FF E9 xx 07 00 00 C7 05 xx xx xx xx 01 00 00 00 68 04 01 00 00 8D 85 F0 FE FF FF 50 6A 00 FF 15
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor v1.2 -> CGSoftLabs</text>
-      <pattern>
-        45 78 50 72 2D 76 2E 31 2E 32 2E
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXpressor v1.2 -> CGSoftLabs</text>
-      <pattern>
-        55 8B EC 81 EC D4 01 00 00 53 56 57 EB 0C 45 78 50 72 2D 76
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor v1.2.0b</text>
-      <pattern>
-        55 8B EC 81 EC D4 01 00 00 53 56 57 EB 0C 45 78 50 72 2D 76 2E 31 2E 32 2E 2E B8 xx xx xx 00 2B 05 84 xx xx 00 A3 xx xx xx 00 83 3D xx xx xx 00 00 74 16 A1 xx xx xx 00 03 05 80 xx xx 00 89 85 54 FE FF FF E9 xx 07 00 00 C7 05 xx xx xx 00 01 00 00 00 68 04 01 00 00 8D 85 F0 FE FF FF 50 6A 00 FF 15 xx xx xx 00 8D 84 05 EF FE FF FF 89 85 38 FE FF FF 8B 85 38 FE FF FF 0F BE 00 83 F8 5C
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor v1.3 -> CGSoftLabs (h)</text>
-      <pattern>
-        55 8B EC 83 EC xx 53 56 57 EB 0C 45 78 50 72 2D 76 2E 31 2E 33 2E 2E B8 xx xx xx xx 2B 05 xx xx xx xx A3 xx xx xx xx 83 3D xx xx xx xx 00 74 13 A1 xx xx xx xx 03 05 xx xx xx xx 89 xx xx E9 xx xx 00 00 C7 05
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor v1.3 -> CGSoftLabs</text>
-      <pattern>
-        45 78 50 72 2D 76 2E 31 2E 33 2E
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor V1.3 -> CGSoftLabs</text>
-      <pattern>
-        55 8B EC 83 EC xx 53 56 57 EB 0C 45
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor v1.4 -> CGSoftLabs (h)</text>
-      <pattern>
-        55 8B EC 83 EC xx 53 56 57 EB 0C 45 78 50 72 2D 76 2E 31 2E 34 2E 2E B8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor v1.4 -> CGSoftLabs</text>
-      <pattern>
-        65 58 50 72 2D 76 2E 31 2E 34 2E
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXpressor v1.4.5 -> CGSoftLabs</text>
-      <pattern>
-        55 8B EC 83 EC 58 53 56 57 83 65 DC 00 F3 EB 0C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXpressor v1.4.5 -> CGSoftLabs</text>
-      <pattern>
-        55 8B EC 83 EC xx 53 56 57 83 65 DC 00 F3 EB 0C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor v1.4.5.1 -> CGSoftLabs (h)</text>
-      <pattern>
-        55 8B EC 83 EC 58 53 56 57 83 65 DC 00 F3 EB 0C 65 58 50 72 2D 76 2E 31 2E 34 2E 00 A1 00 xx xx xx 05 00 xx xx xx A3 08 xx xx xx A1 08 xx xx xx B9 81 xx xx xx 2B 48 18 89 0D 0C xx xx xx 83 3D 10 xx xx xx 00 74 16 A1 08 xx xx xx 8B 0D 0C xx xx xx 03 48 14 89 4D CC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor V1.4.5.1 -> CGSoftLabs</text>
-      <pattern>
-        55 8B EC 83 EC 58 53 56 57 83 65 DC 00 F3 EB 0C 65 58 50 72 2D 76 2E 31 2E 34 2E 00 A1 00 xx xx 00 05 00 xx xx 00 A3 08 xx xx 00 A1 08 xx xx 00 B9 81 xx xx 00 2B 48 18 89 0D 0C xx xx 00 83 3D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor V1.4.5.1 -> CGSoftLabs</text>
-      <pattern>
-        55 8B EC 83 EC xx 53 56 57 83 65 xx 00 F3 EB 0C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor V1.4.5.x -> CGSoftLabs</text>
-      <pattern>
-        55 8B EC 83 EC xx 53 56 57 83 65 xx 00 F3 EB 0C 65 58 50 72 2D 76 2E 31 2E 34 2E 00 A1 00 xx xx 00 05 00 xx xx 00 A3 xx xx xx 00 A1 xx xx xx 00 B9 xx xx xx 00 2B 48 18 89 0D xx xx xx 00 83 3D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor v1.5.0.1 (Options -> Light, Full support) CGSoftLabs</text>
-      <pattern>
-        55 8B EC 81 EC xx 02 00 00 53 56 57 83 A5 xx FD FF FF 00 F3 EB 0C 65 58 50 72 2D 76 2E 31 2E 35
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor v1.5.0.1 (Options -> Protection) CGSoftLabs</text>
-      <pattern>
-        5E 00 00 80 00 00 00 68 91 5D D4 27 35 C5 5A 4C A5 40 48 C4 08 4E C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor v1.5x -> CGSoftLabs (h)</text>
-      <pattern>
-        55 8B EC 81 EC 58 02 00 00 53 56 57 83 A5 CC FD FF FF 00 F3 EB 0C 65 58 50 72 2D 76 2E 31 2E 35 2E 00 83 7D 0C 01 75 23
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor.PacK V1.5.0.X -> CGSoftLabs ! Sign by fly</text>
-      <pattern>
-        55 8B EC 81 EC xx xx xx xx 53 56 57 83 A5 xx xx xx xx xx F3 EB 0C 65 58 50 72 2D 76 2E 31 2E 35 2E 00 83 7D 0C xx 75 23 8B 45 08 A3 xx xx xx xx 6A 04 68 00 10 00 00 68 20 03 00 00 6A 00 FF 15 xx xx xx xx A3 xx xx xx xx EB 04
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor.Protection 1.5.0.X -> CGSoftLabs</text>
-      <pattern>
-        EB 01 68 EB 01 xx xx xx xx 83 EC 0C 53 56 57 EB 01 xx 83 3D xx xx xx xx 00 74 08 EB 01 E9 E9 56 01 00 00 EB 02 E8 E9 C7 05 xx xx xx xx 01 00 00 00 EB 01 C2 E8 E2 05 00 00 EB 02 DA 9F 68 xx xx xx xx 68 xx xx xx xx B8 xx xx xx xx FF D0 59 59 EB 01 C8 EB 02
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>eXPressor.Protection V1.5.0.X -> CGSoftLabs ! Sign by fly</text>
-      <pattern>
-        EB 01 68 EB 01 xx xx xx xx 83 EC 0C 53 56 57 EB 01 xx 83 3D xx xx xx xx 00 74 08 EB 01 E9 E9 56 01 00 00 EB 02 E8 E9 C7 05 xx xx xx xx 01 00 00 00 EB 01 C2 E8 E2 05 00 00 EB 02 DA 9F 68 xx xx xx xx 68 xx xx xx xx B8 xx xx xx xx FF D0 59 59 EB 01 C8 EB 02 66 F0 68 xx xx xx xx E8 0E 05 00 00 59 EB 01 DD 83 65 F4 00 EB 07 8B 45 F4 40 89 45 F4 83 7D F4 61 73 1F EB 02 DA 1A 8B 45 F4 0F xx xx xx xx xx xx 33 45 F4 8B 4D F4 88 xx xx xx xx xx EB 01 EB EB
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>EZIP v1.0</text>
-      <pattern>
-        E9 19 32 00 00 E9 7C 2A 00 00 E9 19 24 00 00 E9 FF 23 00 00 E9 1E 2E 00 00 E9 88 2E 00 00 E9 2C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>?</text>
-      <pattern>
-        55 8B EC B8 xx xx xx xx E8 xx xx xx xx 53 56 57 0F 31 8B D8 0F 31 8B D0 2B D3 C1 EA 10 B8 xx xx xx xx 0F 6E C0 B8 xx xx xx xx 0F 6E C8 0F F5 C1 0F 7E C0 0F 77 03 C2 xx xx xx xx xx FF E0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FACRYPT v1.0</text>
-      <pattern>
-        B9 xx xx B3 xx 33 D2 BE xx xx 8B FE AC 32 C3 AA 49 43 32 E4 03 D0 E3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FakeNinja v2.8 (Anti-Debug) -> Spirit</text>
-      <pattern>
-        64 A1 18 00 00 00 EB 02 C3 11 8B 40 30 EB 01 0F 0F B6 40 02 83 F8 01 74 FE EB 01 E8 90 C0 FF FF EB 03 BD F4 B5 64 A1 30 00 00 00 0F B6 40 02 74 01 BA 74 E0 50 00 64 A1 30 00 00 00 83 C0 68 8B 00 EB 00 83 F8 70 74 CF EB 02 EB FE 90 90 90 0F 31 33 C9 03 C8 0F 31 2B C1 3D FF 0F 00 00 73 EA E8 08 00 00 00 C1 3D FF 0F 00 00 74 AA EB 07 E8 8B 40 30 EB 08 EA 64 A1 18 00 00 00 EB F2 90 90 90 BA xx xx xx xx FF E2 64 11 40 00 FF 35 84 11 40 00 E8 40 11 00 00 6A 00 6A 00 FF 35 70 11 40 00 FF 35 84 11 40 00 E8 25 11 00 00 FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FakeNinja v2.8 -> Spirit</text>
-      <pattern>
-        BA xx xx xx xx FF E2 64 11 40 00 FF 35 84 11 40 00 E8 40
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FASM 1.5x</text>
-      <pattern>
-        6A 00 FF 15 xx xx 40 00 A3 xx xx 40 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>fds0ft c0m pr0tect v0.4b</text>
-      <pattern>
-        8C CA 2E xx xx xx xx B4 30 8B xx xx xx 8B xx xx xx 8E DA A3 xx xx 8C xx xx xx 89 xx xx xx 89 xx xx xx EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>fEaRzCrypter v1.0 -> fEaRz</text>
-      <pattern>
-        55 8B EC B9 09 00 00 00 6A 00 6A 00 49 75 xx 53 56 57 B8 xx xx xx xx E8 xx xx xx xx 33 C0 55 68 xx xx xx xx 64 FF 30 64 89 20 BA xx xx xx xx B8 xx xx xx xx E8 xx xx xx xx 8B D8 85 DB 75 xx 6A 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>File Analyzer Compiled Datafile Version %v3.%v4</text>
-      <pattern>
-        46 69 6C 65 20 41 6E 61 6C 79 7A 65 72 20 43 6F 6D 70 69 6C 65 64 20 44 61 74 61 66 69 6C 65 20 56 65 72 73 69 6F 6E xx V3 xx V4
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>File Analyzer Compiled Datafile Version</text>
-      <pattern>
-        46 69 6C 65 20 41 6E 61 6C 79 7A 65 72 20 43 6F 6D 70 69 6C 65 64 20 44 61 74 61 66 69 6C 65 20 56 65 72 73 69 6F 6E
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>File Analyzer Extended Datafile Version %v3.%v4</text>
-      <pattern>
-        23 03 45 58 54 44 V3 V4 3A 03
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>File Analyzer Extended Datafile Version</text>
-      <pattern>
-        23 03 45 58 54 44 xx xx 3A 03
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>File Analyzer Registration file v1.0</text>
-      <pattern>
-        24 46 41 52 45 47 24 4D 2D xx xx xx xx 31
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>File Analyzer Registration file v1.1</text>
-      <pattern>
-        24 46 41 52 45 47 24 45 4E 43 3D xx 26 26 52 45 47 3D xx 26 26 45 58 50 3D
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FileShield</text>
-      <pattern>
-        50 1E EB xx 90 00 00 8B D8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Fish PE Shield 1.01 -> HellFish</text>
-      <pattern>
-        55 8B EC 83 C4 D0 53 56 57 8B 45 10 83 C0 0C 8B 00 89
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Fish PE Shield 1.01 -> HellFish</text>
-      <pattern>
-        55 8B EC 83 C4 D0 53 56 57 8B 45 10 83 C0 0C 8B 00 89 45 DC 83 7D DC 00 75 08 E8 AD FF FF FF 89 45 DC E8 C1 FE FF FF 8B 10 03 55 DC 89 55 E4 83 C0 04 8B 10 89 55 FC 83 C0 04 8B 10 89 55 F4 83 C0 04 8B 10 89 55 F8 83 C0 04 8B 10 89 55 F0 83 C0 04 8B 10 89 55 EC 83 C0 04 8B 00 89 45 E8 8B 45 E4 8B 58 04 03 5D E4 8B FB 8B 45 E4 8B 30 4E 85 F6 72 2B 46 C7 45 E0 00 00 00 00 83 7B 04 00 74 14
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Fish PE Shield 1.01 -> HellFish</text>
-      <pattern>
-        60 E8 12 FE FF FF C3 90 09 00 00 00 2C 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Fish PE Shield 1.01 -> HellFish</text>
-      <pattern>
-        60 E8 12 FE FF FF C3 90 09 00 00 00 2C 00 00 00 xx xx xx xx C4 03 00 00 BC A0 00 00 00 40 01 00 xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 99 00 00 00 00 8A 00 00 00 10 00 00 28 88 00 00 40 xx 4B 00 00 00 02 00 00 00 A0 00 00 18 01 00 00 40 xx 4C 00 00 00 0C 00 00 00 B0 00 00 38 0A 00 00 40 xx 4E 00 00 00 00 00 00 00 C0 00 00 40 39 00 00 40 xx 4E 00 00 00 08 00 00 00 00 01 00 C8 06 00 00 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Fish PE Shield 1.12/1.16 -> HellFish</text>
-      <pattern>
-        55 8B EC 83 C4 D0 53 56 57 8B 45 10 83 C0 0C 8B 00 89 45 DC
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Fish PE Shield 1.12/1.16 -> HellFish</text>
-      <pattern>
-        55 8B EC 83 C4 D0 53 56 57 8B 45 10 83 C0 0C 8B 00 89 45 DC 83 7D DC 00 75 08 E8 BD FE FF FF 89 45 DC E8 E1 FD FF FF 8B 00 03 45 DC 89 45 E4 E8 DC FE FF FF 8B D8 BA 8E 4E 0E EC 8B C3 E8 2E FF FF FF 89 45 F4 BA 04 49 32 D3 8B C3 E8 1F FF FF FF 89 45 F8 BA 54 CA AF 91 8B C3 E8 10 FF FF FF 89 45 F0 BA AC 33 06 03 8B C3 E8 01 FF FF FF 89 45 EC BA 1B C6 46 79 8B C3 E8 F2 FE FF FF 89 45 E8 BA AA FC 0D 7C 8B C3 E8 E3 FE FF FF 89 45 FC 8B 45 E4 8B 58 04 03 5D E4 8B FB 8B 45 E4 8B 30 4E 85 F6 72 2B
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Fish PE Shield 1.12/1.16 -> HellFish</text>
-      <pattern>
-        60 E8 EA FD FF FF FF D0 C3 8D 40 00 xx 00 00 00 2C 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Fish PE Shield 1.12/1.16 -> HellFish</text>
-      <pattern>
-        60 E8 EA FD FF FF FF D0 C3 8D 40 00 xx 00 00 00 2C 00 00 00 xx xx xx 00 xx xx 00 00 xx xx xx 00 00 xx xx 00 xx xx xx 00 xx xx xx 00 xx 00 00 00 00 xx xx 00 xx xx 00 00 xx 00 00 00 00 xx xx 00 00 10 00 00 xx xx xx 00 40 xx xx xx 00 00 xx xx 00 00 xx xx 00 xx xx xx 00 40 xx xx xx 00 00 xx 00 00 00 xx xx 00 xx xx 00 00 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Fish PE Shield 1.16 -> HellFish</text>
-      <pattern>
-        60 E8 EA FD FF FF FF D0 C3 8D 40 00 xx 00 00 00 2C 00 00 00 xx xx xx 00 xx xx 00 00 xx xx xx 00 00 xx xx 00 xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx 00 00 00 00 xx xx 00 00 10 00 00 xx xx xx 00 40 xx xx xx 00 00 xx xx 00 00 xx xx 00 xx xx xx 00 40 xx xx xx 00 00 xx 00 00 00 xx xx 00 xx xx 00 00 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FishPE V1.0X -> hellfish ! Sign by fly</text>
-      <pattern>
-        60 E8 xx xx xx xx C3 90 09 00 00 00 2C 00 00 00 xx xx xx xx C4 03 00 00 BC A0 00 00 00 40 01 00 xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 99 00 00 00 00 8A 00 00 00 10 00 00 xx xx 00 00 xx xx xx xx 00 00 02 00 00 00 A0 00 00 18 01 00 00 xx xx xx xx 00 00 0C 00 00 00 B0 00 00 38 0A 00 00 xx xx xx xx 00 00 00 00 00 00 C0 00 00 40 39 00 00 xx xx xx xx 00 00 08 00 00 00 00 01 00 C8 06 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FishPE V1.0X -> hellfish</text>
-      <pattern>
-        60 E8 xx xx xx xx C3 90 09 00 00 00 2C 00 00 00 xx xx xx xx C4 03 00 00 BC A0 00 00 00 40 01 00 xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 99 00 00 00 00 8A 00 00 00 10 00 00 xx xx 00 00 xx xx xx xx 00 00 02 00 00 00 A0 00 00 18 01 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FixupPak 1.20</text>
-      <pattern>
-        55 E8 00 00 00 00 5D 81 ED xx xx 00 00 BE 00 xx 00 00 03 F5 BA 00 00 xx xx 2B D5 8B DD 33 C0 AC 3C 00 74 3D 3C 01 74 0E 3C 02 74 0E 3C 03 74 0D 03 D8 29 13 EB E7 66 AD EB F6 AD EB F3 AC 0F B6 C8 3C 00 74 06 3C 01 74 09 EB 0A 66 AD 0F B7 C8 EB 03 AD 8B C8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FixupPak v1.20</text>
-      <pattern>
-        55 E8 00 00 00 00 5D 81 ED xx xx 00 00 BE 00 xx 00 00 03 F5 BA 00 00 xx xx 2B D5 8B DD 33 C0 AC 3C 00 74 3D 3C 01 74 0E 3C 02 74 0E 3C 03 74 0D 03 D8 29 13 EB E7 66 AD EB F6 AD EB F3 AC 0F B6 C8 3C 00 74 06 3C 01 74 09 EB 0A 66 AD 0F B7 C8 EB 03 AD 8B C8 AC 0F B6 C0 03 D8 29 13 E2 FA EB BC 8D 85 xx xx 00 00 5D FF E0 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Fly-Crypter 1.0 -> ut1lz</text>
-      <pattern>
-        53 56 57 55 BB 2C xx xx 44 BE 00 30 44 44 BF 20 xx xx 44 80 7B 28 00 75 16 83 3F 00 74 11 8B 17 89 D0 33 D2 89 17 8B E8 FF D5 83 3F 00 75 EF 83 3D 04 30 44 44 00 74 06 FF 15 58 30 44 44 80 7B 28 02 75 0A 83 3E 00 75 05 33 C0 89 43 0C FF 15 20 30 44 44 80 7B 28 01 76 05 83 3E 00 74 22 8B 43 10 85 C0 74 1B FF 15 18 30 44 44 8B 53 10 8B 42 10 3B 42 04 74 0A 85 C0 74 06 50 E8 2F FA FF FF FF 15 24 30 44 44 80 7B 28 01 75 03 FF 53 24 80 7B 28 00 74 05 E8 35 FF FF FF 83 3B 00 75 17 83 3D 10 xx xx 44 00 74 06 FF 15 10 xx xx 44 8B 06 50 E8 51 FA FF FF 8B 03 56 8B F0 8B FB B9 0B 00 00 00 F3 A5 5E E9 73 FF FF FF 5D 5F 5E 5B C3 A3 00 30 44 44 E8 26 FF FF FF C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Fly-Crypter 1.0 -> ut1lz</text>
-      <pattern>
-        55 8B EC 83 C4 F0 53 B8 18 22 44 44 E8 7F F7 FF FF E8 0A F1 FF FF B8 09 00 00 00 E8 5C F1 FF FF 8B D8 85 DB 75 05 E8 85 FD FF FF 83 FB 01 75 05 E8 7B FD FF FF 83 FB 02 75 05 E8 D1 FD FF FF 83 FB 03 75 05 E8 87 FE FF FF 83 FB 04 75 05 E8 5D FD FF FF 83 FB 05 75 05 E8 B3 FD FF FF 83 FB 06 75 05 E8 69 FE FF FF 83 FB 07 75 05 E8 5F FE FF FF 83 FB 08 75 05 E8 95 FD FF FF 83 FB 09 75 05 E8 4B FE FF FF 5B E8 9D F2 FF FF 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Free Pascal 0.99.10</text>
-      <pattern>
-        E8 00 6E 00 00 55 89 E5 8B 7D 0C 8B 75 08 89 F8 8B 5D 10 29
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Free Pascal 1.06</text>
-      <pattern>
-        C6 05 xx xx 40 00 xx E8 xx xx 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Free Pascal v0.99.10</text>
-      <pattern>
-        xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx E8 00 6E 00 00 55 89 E5 8B 7D 0C 8B 75 08 89 F8 8B 5D 10 29
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Free Pascal v1.0.10 (win32 console)</text>
-      <pattern>
-        C6 05 xx xx xx 00 01 E8 xx xx 00 00 C6 05 xx xx xx 00 00 E8 xx xx 00 00 50 E8 00 00 00 00 FF 25 xx xx xx 00 55 89 E5 xx EC
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Free Pascal v1.0.10 (win32 GUI)</text>
-      <pattern>
-        C6 05 xx xx xx 00 00 E8 xx xx 00 00 50 E8 00 00 00 00 FF 25 xx xx xx 00 55 89 E5
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreeBASIC 0.16b</text>
-      <pattern>
-        55 89 E5 83 EC 08 C7 04 24 01 00 00 00 FF 15 xx xx xx 00 E8 88 FF FF FF 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 C7 04 24 02 00 00 00 FF 15 xx xx xx 00 E8 68 FF FF FF 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 8B 45 08 89 04 24 FF 15 xx xx xx 00 89 EC 5D
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreeBASIC 0.16b</text>
-      <pattern>
-        55 89 E5 83 EC 08 C7 04 24 01 00 00 00 FF 15 xx xx xx 00 E8 88 FF FF FF 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 C7 04 24 02 00 00 00 FF 15 xx xx xx 00 E8 68 FF FF FF 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 8B 45 08 89 04 24 FF 15 xx xx xx 00 89 EC 5D C3 8D 76 00 8D BC 27 00 00 00 00 55 89 E5 83 EC 08 8B 45 08 89 04 24 FF 15 xx xx xx 00 89 EC 5D C3 90 90 90 90 90 90 90 90 90 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreeBASIC v0.11</text>
-      <pattern>
-        E8 xx xx 00 00 E8 01 00 00 00 C3 55 89 E5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreeCryptor 0.1 (build 001)-> GlOFF</text>
-      <pattern>
-        8B 04 24 40 90 83 C0 07 80 38 90 90 74 02 EB FF 68 26 xx xx 00 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 FF E4 90 8B 04 24 64 A3 00 00 00 00 8B 64 24 08 90 83 C4 08
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreeCryptor 0.1 (build 002) -> GlOFF</text>
-      <pattern>
-        8B 04 24 40 90 83 C0 07 80 38 90 90 74 02 EB FF 90 68 27 xx xx 00 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 FF E4 90 8B 04 24 64 A3 00 00 00 00 8B 64 24 08 90 83 C4 08
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreeCryptor 0.2 (build 002) -> GlOFF</text>
-      <pattern>
-        33 D2 90 1E 68 1B xx xx xx 0F A0 1F 8B 02 90 50 54 8F 02 90 90 8E 64 24 08 FF E2 58 50 33 D2 52 83 F8 01 9B 40 8A 10 89 14 24 90 D9 04 24 90 D9 FA D9 5C 24 FC 8B 5C 24 FC 81 F3 C2 FC 1D 1C 75 E3 74 01 62 FF D0 90 5A 33 C0 8B 54 24 08 90 64 8F 00 90 83 C2 08 52 5C 5A
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreeJoiner 1.5.1 -> GlOFF</text>
-      <pattern>
-        90 87 FF 90 90 B9 2B 00 00 00 BA 07 10 40 00 83 C2 03 90 87 FF 90 90 B9 04 00 00 00 90 87 FF 90 33 C9 C7 05 09 30 40 00 00 00 00 00 68 00 01 00 00 68 21 30 40 00 6A 00 E8 B7 02 00 00 6A 00 68 80 00 00 00 6A 03 6A 00 6A 00 68 00 00 00 80 68 21 30 40 00 E8 8F 02 00 00 A3 19 30 40 00 90 87 FF 90 8B 15 09 30 40 00 81 C2 04 01 00 00 F7 DA 6A 02 6A 00 52
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreeJoiner 1.5.2 (Stub engine 1.6) -> GlOFF</text>
-      <pattern>
-        E8 46 FD FF FF 50 E8 0C 00 00 00 FF 25 08 20 40 00 FF 25 0C 20 40 00 FF 25 10 20 40 00 FF 25 14 20 40 00 FF 25 18 20 40 00 FF 25 1C 20 40 00 FF 25 20 20 40 00 FF 25 24 20 40 00 FF 25 28 20 40 00 FF 25 00 20 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreeJoiner 1.5.3 (Stub engine 1.7) -> GlOFF</text>
-      <pattern>
-        E8 33 FD FF FF 50 E8 0D 00 00 00 CC FF 25 08 20 40 00 FF 25 0C 20 40 00 FF 25 10 20 40 00 FF 25 14 20 40 00 FF 25 18 20 40 00 FF 25 1C 20 40 00 FF 25 20 20 40 00 FF 25 24 20 40 00 FF 25 28 20 40 00 FF 25 00 20 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreeJoiner 1.5.3 (Stub engine 1.7.1) -> GlOFF</text>
-      <pattern>
-        86 D6 90 86 F2 B9 93 60 08 FE 90 86 D6 90 86 F2 B9 9D 13 45 01 86 D6 90 86 F2 81 C2 93 60 08 FE 33 C9 B9 30 74 4D FF 86 D6 90 86 F2 33 C9 C7 05 B4 17 40 00 00 00 00 00 90 68 00 01 00 00 68 D1 17 40 00 6A 00 E8 CE 02 00 00 90 33 C9 86 D6 90 86 F2 6A 00 68 80 00 00 00 6A 03 6A 00 6A 00 68 00 00 00 80 68 D1 17 40 00 E8 9E 02 00 00 A3 CD 17 40 00 86 D6
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreeJoiner 1.5.3 (Stub engine 1.7.1) -> GlOFF</text>
-      <pattern>
-        E8 02 FD FF FF 6A 00 E8 0D 00 00 00 CC FF 25 80 10 40 00 FF 25 84 10 40 00 FF 25 88 10 40 00 FF 25 8C 10 40 00 FF 25 90 10 40 00 FF 25 94 10 40 00 FF 25 98 10 40 00 FF 25 9C 10 40 00 FF 25 A0 10 40 00 FF 25 A8 10 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreeJoiner Small (build 014-020) -> GlOFF</text>
-      <pattern>
-        E8 xx xx FF FF 6A 00 E8 0D 00 00 00 CC FF 25 78 10 40 00 FF 25 7C 10 40 00 FF 25 80 10 40 00 FF 25 84 10 40 00 FF 25 88 10 40 00 FF 25 8C 10 40 00 FF 25 90 10 40 00 FF 25 94 10 40 00 FF 25 98 10 40 00 FF 25 9C 10 40 00 FF 25 A0 10 40 00 FF 25 A4 10 40 00 FF 25 AC 10 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreeJoiner Small (build 014/015) -> GlOFF</text>
-      <pattern>
-        55 8B EC 83 C4 F0 86 FF 68 00 01 00 00 68 F8 13 40 00 6A 00 E8 F3 01 00 00 8A C0 6A 00 68 80 00 00 00 6A 03 6A 00 6A 00 68 00 00 00 80 68 F8 13 40 00 E8 C9 01 00 00 A3 E0 13 40 00 40 0F 84 8B 01 00 00 90 90 90 90 90 6A 02 6A 00 6A FB FF 35 E0 13 40 00 E8 D1 01 00 00 86 FF 6A 00 8D 45 FC 50 6A 04 8D 45 F8 50 FF 35 E0 13 40 00 E8 B2 01 00 00 8A C0 6A 00 8D 45 FC 50 6A 01 8D 45 F3 50
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreeJoiner Small (build 014/015) -> GlOFF</text>
-      <pattern>
-        E8 0E FE FF FF 6A 00 E8 0D 00 00 00 CC FF 25 78 10 40 00 FF 25 7C 10 40 00 FF 25 80 10 40 00 FF 25 84 10 40 00 FF 25 88 10 40 00 FF 25 8C 10 40 00 FF 25 90 10 40 00 FF 25 94 10 40 00 FF 25 98 10 40 00 FF 25 9C 10 40 00 FF 25 A0 10 40 00 FF 25 A4 10 40 00 FF 25 AC 10 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreeJoiner Small (build 017) -> GlOFF</text>
-      <pattern>
-        55 8B EC 83 C4 F0 86 FF 86 DB 86 FF 68 00 01 00 00 68 18 20 40 00 6A 00 E8 FF 01 00 00 8A E4 6A 00 68 80 00 00 00 6A 03 6A 00 6A 00 68 00 00 00 80 68 18 20 40 00 E8 D5 01 00 00 A3 00 20 40 00 40 0F 84 97 01 00 00 8A E4 6A 02 6A 00 6A FB FF 35 00 20 40 00 E8 E0 01 00 00 86 FF 86 DB 86 FF 6A 00 8D 45 FC 50 6A 04 8D 45 F8 50 FF 35 00 20 40 00 E8 BD 01 00 00 8A E4 6A 00 8D 45 FC 50 6A 01 8D 45 F3 50
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreeJoiner Small (build 017) -> GlOFF</text>
-      <pattern>
-        E8 FE FD FF FF 6A 00 E8 0D 00 00 00 CC FF 25 78 10 40 00 FF 25 7C 10 40 00 FF 25 80 10 40 00 FF 25 84 10 40 00 FF 25 88 10 40 00 FF 25 8C 10 40 00 FF 25 90 10 40 00 FF 25 94 10 40 00 FF 25 98 10 40 00 FF 25 9C 10 40 00 FF 25 A0 10 40 00 FF 25 A4 10 40 00 FF 25 AC 10 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreeJoiner Small (build 023) -> GlOFF</text>
-      <pattern>
-        E8 E1 FD FF FF 6A 00 E8 0C 00 00 00 FF 25 78 10 40 00 FF 25 7C 10 40 00 FF 25 80 10 40 00 FF 25 84 10 40 00 FF 25 88 10 40 00 FF 25 8C 10 40 00 FF 25 90 10 40 00 FF 25 94 10 40 00 FF 25 98 10 40 00 FF 25 9C 10 40 00 FF 25 A0 10 40 00 FF 25 A4 10 40 00 FF 25 AC 10 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreeJoiner Small (build 029) -> GlOFF</text>
-      <pattern>
-        50 32 C4 8A C3 58 E8 DE FD FF FF 6A 00 E8 0D 00 00 00 CC FF 25 78 10 40 00 FF 25 7C 10 40 00 FF 25 80 10 40 00 FF 25 84 10 40 00 FF 25 88 10 40 00 FF 25 8C 10 40 00 FF 25 90 10 40 00 FF 25 94 10 40 00 FF 25 98 10 40 00 FF 25 9C 10 40 00 FF 25 A0 10 40 00 FF 25 A4 10 40 00 FF 25 AC 10 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreeJoiner Small (build 031/032) -> GlOFF</text>
-      <pattern>
-        50 32 xx 66 8B C3 58 E8 xx FD FF FF 6A 00 E8 0D 00 00 00 CC FF 25 78 10 40 00 FF 25 7C 10 40 00 FF 25 80 10 40 00 FF 25 84 10 40 00 FF 25 88 10 40 00 FF 25 8C 10 40 00 FF 25 90 10 40 00 FF 25 94 10 40 00 FF 25 98 10 40 00 FF 25 9C 10 40 00 FF 25 A0 10 40 00 FF 25 A4 10 40 00 FF 25 AC 10 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreeJoiner Small (build 033) -> GlOFF</text>
-      <pattern>
-        50 66 33 C3 66 8B C1 58 E8 AC FD FF FF 6A 00 E8 0D 00 00 00 CC FF 25 78 10 40 00 FF 25 7C 10 40 00 FF 25 80 10 40 00 FF 25 84 10 40 00 FF 25 88 10 40 00 FF 25 8C 10 40 00 FF 25 90 10 40 00 FF 25 94 10 40 00 FF 25 98 10 40 00 FF 25 9C 10 40 00 FF 25 A0 10 40 00 FF 25 A4 10 40 00 FF 25 AC 10 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreeJoiner Small (build 035) -> GlOFF</text>
-      <pattern>
-        51 33 CB 86 C9 59 E8 9E FD FF FF 66 87 DB 6A 00 E8 0C 00 00 00 FF 25 78 10 40 00 FF 25 7C 10 40 00 FF 25 80 10 40 00 FF 25 84 10 40 00 FF 25 88 10 40 00 FF 25 8C 10 40 00 FF 25 90 10 40 00 FF 25 94 10 40 00 FF 25 98 10 40 00 FF 25 9C 10 40 00 FF 25 A0 10 40 00 FF 25 A4 10 40 00 FF 25 AC 10 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreePascal 1.0.4 Win32 -> (Berczi Gabor, Pierre Muller and Peter Vreman)</text>
-      <pattern>
-        55 89 E5 C6 05 xx xx xx xx 00 E8 xx xx xx xx 55 31 ED 89 E0 A3 xx xx xx xx 66 8C D5 89 2D xx xx xx xx DB E3 D9 2D xx xx xx xx 31 ED E8 xx xx xx xx 5D E8 xx xx xx xx C9 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreePascal 1.0.4 Win32 DLL -> (Berczi Gabor, Pierre Muller and Peter Vreman)</text>
-      <pattern>
-        C6 05 xx xx xx xx 00 55 89 E5 53 56 57 8B 7D 08 89 3D xx xx xx xx 8B 7D 0C 89 3D xx xx xx xx 8B 7D 10 89 3D xx xx xx xx E8 xx xx xx xx 5F 5E 5B 5D C2 0C 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreePascal 2.0.0 Win32 -> (Berczi Gabor, Pierre Muller and Peter Vreman)</text>
-      <pattern>
-        55 89 E5 C6 05 xx xx xx xx 00 E8 xx xx xx xx 6A 00 64 FF 35 00 00 00 00 89 E0 A3 xx xx xx xx 55 31 ED 89 E0 A3 xx xx xx xx 66 8C D5 89 2D xx xx xx xx E8 xx xx xx xx 31 ED E8 xx xx xx xx 5D E8 xx xx xx xx C9 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreePascal 2.0.0 Win32 -> Pierre Muller and Peter Vreman</text>
-      <pattern>
-        C6 05 00 80 40 00 01 E8 74 00 00 00 C6 05 00 80 40 00 00 E8 68 00 00 00 50 E8 00 00 00 00 FF 25 D8 A1 40 00 90 90 90 90 90 90 90 90 90 90 90 90 55 89 E5 83 EC 04 89 5D FC E8 92 00 00 00 E8 ED 00 00 00 89 C3 B9 xx 70 40 00 89 DA B8 00 00 00 00 E8 0A 01 00 00 E8 C5 01 00 00 89 D8 E8 3E 02 00 00 E8 B9 01 00 00 E8 54 02 00 00 8B 5D FC C9 C3 8D 76 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 E5 C6 05 10 80 40 00 00 E8 D1 03 00 00 6A 00 64 FF 35 00 00 00 00 89 E0 A3 xx 70 40 00 55 31 ED 89 E0 A3 20 80 40 00 66 8C D5 89 2D 30 80 40 00 E8 B9 03 00 00 31 ED E8 72 FF FF FF 5D E8 BC 03 00 00 C9 C3 00 00 00 00 00 00 00 00 00 00 55 89 E5 83 EC 08 E8 15 04 00 00 A1 xx 70 40 00 89 45 F8 B8 01 00 00 00 89 45 FC 3B 45 F8 7F 2A FF 4D FC 90 FF 45 FC 8B 45 FC 83 3C C5 xx 70 40 00 00 74 09 8B 04 C5 xx 70 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreePascal 2.0.0 Win32</text>
-      <pattern>
-        C6 05 00 80 40 00 01 E8 74 00 00 00 C6 05 00 80 40 00 00 E8 68 00 00 00 50 E8 00 00 00 00 FF 25 D8 A1 40 00 90 90 90 90 90 90 90 90 90 90 90 90 55 89 E5 83 EC 04 89 5D FC E8 92 00 00 00 E8 ED 00 00 00 89 C3 B9 xx 70 40 00 89 DA B8 00 00 00 00 E8 0A 01 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FreePascal 2.0.0 Win32</text>
-      <pattern>
-        C6 05 xx xx xx xx 01 E8 74 00 00 00 C6 05 00 80 40 00 00 E8 68 00 00 00 50 E8 00 00 00 00 FF 25 D8 A1 40 00 90 90 90 90 90 90 90 90 90 90 90 90 55 89 E5 83 EC 04 89 5D FC E8 92 00 00 00 E8 ED 00 00 00 89 C3 B9 xx 70 40 00 89 DA B8 00 00 00 00 E8 0A 01 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Freshbind v2.0 -> gFresh</text>
-      <pattern>
-        64 A1 00 00 00 00 55 89 E5 6A FF 68 1C A0 41 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>from NORMAN Anti-Virus Utilites</text>
-      <pattern>
-        E8 xx xx 5B 52 45 2F 4E 44 44 53 5D 0D 0A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Frusion -> biff</text>
-      <pattern>
-        83 EC 0C 53 55 56 57 68 04 01 00 00 C7 44 24 14
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG 1.00 (Eng) -> dulek/xt</text>
-      <pattern>
-        BB D0 01 40 00 BF 00 10 40 00 BE xx xx xx 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 FC B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG 1.10 (Eng) -> bart/xt</text>
-      <pattern>
-        BB D0 01 40 00 BF 00 10 40 00 BE xx xx xx 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG 1.10 (Eng) -> dulek/xt -> (Borland C++)</text>
-      <pattern>
-        23 CA EB 02 5A 0D E8 02 00 00 00 6A 35 58 C1 C9 10 BE 80 xx xx 00 0F B6 C9 EB 02 CD 20 BB F4 00 00 00 EB 02 04 FA EB 01 FA EB 01 5F EB 02 CD 20 8A 16 EB 02 11 31 80 E9 31 EB 02 30 11 C1 E9 11 80 EA 04 EB 02 F0 EA 33 CB 81 EA AB AB 19 08 04 D5 03 C2 80 EA
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG 1.10 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)</text>
-      <pattern>
-        2B C2 E8 02 00 00 00 95 4A 59 8D 3D 52 F1 2A E8 C1 C8 1C BE 2E xx xx 18 EB 02 AB A0 03 F7 EB 02 CD 20 68 F4 00 00 00 0B C7 5B 03 CB 8A 06 8A 16 E8 02 00 00 00 8D 46 59 EB 01 A4 02 D3 EB 02 CD 20 02 D3 E8 02 00 00 00 57 AB 58 81 C2 AA 87 AC B9 0F BE C9 80
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG 1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)</text>
-      <pattern>
-        1B DB E8 02 00 00 00 1A 0D 5B 68 80 xx xx 00 E8 01 00 00 00 EA 5A 58 EB 02 CD 20 68 F4 00 00 00 EB 02 CD 20 5E 0F B6 D0 80 CA 5C 8B 38 EB 01 35 EB 02 DC 97 81 EF F7 65 17 43 E8 02 00 00 00 97 CB 5B 81 C7 B2 8B A1 0C 8B D1 83 EF 17 EB 02 0C 65 83 EF 43 13
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG 1.10 (Eng) -> dulek/xt -> (MASM32 / TASM32)</text>
-      <pattern>
-        03 F7 23 FE 33 FB EB 02 CD 20 BB 80 xx 40 00 EB 01 86 EB 01 90 B8 F4 00 00 00 83 EE 05 2B F2 81 F6 EE 00 00 00 EB 02 CD 20 8A 0B E8 02 00 00 00 A9 54 5E C1 EE 07 F7 D7 EB 01 DE 81 E9 B7 96 A0 C4 EB 01 6B EB 02 CD 20 80 E9 4B C1 CF 08 EB 01 71 80 E9 1C EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG 1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)</text>
-      <pattern>
-        03 DE EB 01 F8 B8 80 xx 42 00 EB 02 CD 20 68 17 A0 B3 AB EB 01 E8 59 0F B6 DB 68 0B A1 B3 AB EB 02 CD 20 5E 80 CB AA 2B F1 EB 02 CD 20 43 0F BE 38 13 D6 80 C3 47 2B FE EB 01 F4 03 FE EB 02 4F 4E 81 EF 93 53 7C 3C 80 C3 29 81 F7 8A 8F 67 8B 80 C3 C7 2B FE
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG 1.20 (Eng) -> dulek/xt -> (Borland C++)</text>
-      <pattern>
-        C1 F0 07 EB 02 CD 20 BE 80 xx xx 00 1B C6 8D 1D F4 00 00 00 0F B6 06 EB 02 CD 20 8A 16 0F B6 C3 E8 01 00 00 00 DC 59 80 EA 37 EB 02 CD 20 2A D3 EB 02 CD 20 80 EA 73 1B CF 32 D3 C1 C8 0E 80 EA 23 0F B6 C9 02 D3 EB 01 B5 02 D3 EB 02 DB 5B 81 C2 F6 56 7B F6
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG 1.20 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)</text>
-      <pattern>
-        0F BE C1 EB 01 0E 8D 35 C3 BE B6 22 F7 D1 68 43 xx xx 22 EB 02 B5 15 5F C1 F1 15 33 F7 80 E9 F9 BB F4 00 00 00 EB 02 8F D0 EB 02 08 AD 8A 16 2B C7 1B C7 80 C2 7A 41 80 EA 10 EB 01 3C 81 EA CF AE F1 AA EB 01 EC 81 EA BB C6 AB EE 2C E3 32 D3 0B CB 81 EA AB
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG 1.20 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)</text>
-      <pattern>
-        0F B6 D0 E8 01 00 00 00 0C 5A B8 80 xx xx 00 EB 02 00 DE 8D 35 F4 00 00 00 F7 D2 EB 02 0E EA 8B 38 EB 01 A0 C1 F3 11 81 EF 84 88 F4 4C EB 02 CD 20 83 F7 22 87 D3 33 FE C1 C3 19 83 F7 26 E8 02 00 00 00 BC DE 5A 81 EF F7 EF 6F 18 EB 02 CD 20 83 EF 7F EB 01
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG 1.20 (Eng) -> dulek/xt -> (MASM32 / TASM32)</text>
-      <pattern>
-        33 C2 2C FB 8D 3D 7E 45 B4 80 E8 02 00 00 00 8A 45 58 68 02 xx 8C 7F EB 02 CD 20 5E 80 C9 16 03 F7 EB 02 40 B0 68 F4 00 00 00 80 F1 2C 5B C1 E9 05 0F B6 C9 8A 16 0F B6 C9 0F BF C7 2A D3 E8 02 00 00 00 99 4C 58 80 EA 53 C1 C9 16 2A D3 E8 02 00 00 00 9D CE
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG 1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)</text>
-      <pattern>
-        EB 02 CD 20 EB 01 91 8D 35 80 xx xx 00 33 C2 68 83 93 7E 7D 0C A4 5B 23 C3 68 77 93 7E 7D EB 01 FA 5F E8 02 00 00 00 F7 FB 58 33 DF EB 01 3F E8 02 00 00 00 11 88 58 0F B6 16 EB 02 CD 20 EB 02 86 2F 2A D3 EB 02 CD 20 80 EA 2F EB 01 52 32 D3 80 E9 CD 80 EA
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG 1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)</text>
-      <pattern>
-        C1 E0 06 EB 02 CD 20 EB 01 27 EB 01 24 BE 80 xx 42 00 49 EB 01 99 8D 1D F4 00 00 00 EB 01 5C F7 D8 1B CA EB 01 31 8A 16 80 E9 41 EB 01 C2 C1 E0 0A EB 01 A1 81 EA A8 8C 18 A1 34 46 E8 01 00 00 00 62 59 32 D3 C1 C9 02 EB 01 68 80 F2 1A 0F BE C9 F7 D1 2A D3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG 1.31 (Eng) -> dulek/xt</text>
-      <pattern>
-        BB D0 01 40 00 BF 00 10 40 00 BE xx xx xx 00 53 BB xx xx xx 00 B2 80 A4 B6 80 FF D3 73 F9 33 C9 FF D3 73 16 33 C0 FF D3 73 23 B6 80 41 B0 10 FF D3 12 C0 73 FA 75 42 AA EB E0 E8 46 00 00 00 02 F6 83 D9 01 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 48 13 C9 EB
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG 1.31 -> dulek/xt</text>
-      <pattern>
-        BE xx xx xx 00 BF xx xx xx 00 BB xx xx xx 00 53 BB xx xx xx 00 B2 80
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG 1.33 (Eng) -> dulek/xt</text>
-      <pattern>
-        BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC D1 E8 74 2F 13 C9 EB 1A 91 48 C1 E0 08 AC FF 53 04 3D 00 7D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG 1.3</text>
-      <pattern>
-        BB D0 01 40 00 BF 00 10 40 00 BE xx xx xx xx 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.00 (Eng) -> dulek/xt</text>
-      <pattern>
-        BB D0 01 40 00 BF 00 10 40 00 BE xx xx xx 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 FC B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 51 FF FF FF 5F BB 28 xx xx 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE 0F 75 06 47 FF 37 AF EB 09 FE 0F 0F 84 xx xx xx FF 57 55 FF 53 04 09 06 AD 75 DB 8B EC C3 1C xx xx 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.0</text>
-      <pattern>
-        BB D0 01 40 00 BF 00 10 40 00 BE xx xx xx xx 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 FC B2 80 A4 6A 02 5B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> bart/xt -> (Watcom C/C++ EXE)</text>
-      <pattern>
-        EB 02 CD 20 03 xx 8D xx 80 xx xx 00 xx xx xx xx xx xx xx xx xx EB 02
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> bart/xt -> WinRAR-SFX</text>
-      <pattern>
-        80 E9 A1 C1 C1 13 68 E4 16 75 46 C1 C1 05 5E EB 01 9D 68 64 86 37 46 EB 02 8C E0 5F F7 D0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> bart/xt -> WinRAR-SFX</text>
-      <pattern>
-        EB 01 02 EB 02 CD 20 B8 80 xx 42 00 EB 01 55 BE F4 00 00 00 13 DF 13 D8 0F B6 38 D1 F3 F7
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> bart/xt</text>
-      <pattern>
-        BB D0 01 40 00 BF 00 10 40 00 BE xx xx xx 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 52 FF FF FF 5F BB 27 xx xx 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 07 74 EF FE 07 75 06 47 FF 37 AF EB 09 FE 07 0F 84 1A xx xx FF 57 55 FF 53 04 09 06 AD 75 DB 8B EC C3 1B xx xx 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Borland C++ 1999)</text>
-      <pattern>
-        EB 02 CD 20 2B C8 68 80 xx xx 00 EB 02 1E BB 5E EB 02 CD 20 68 B1 2B 6E 37 40 5B 0F B6 C9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Borland C++)</text>
-      <pattern>
-        23 CA EB 02 5A 0D E8 02 00 00 00 6A 35 58 C1 C9 10 BE 80 xx xx 00 0F B6 C9 EB 02 CD 20 BB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Borland C++)</text>
-      <pattern>
-        23 CA EB 02 5A 0D E8 02 00 00 00 6A 35 58 C1 C9 10 BE 80 xx xx 00 0F B6 C9 EB 02 CD 20 BB F4 00 00 00 EB 02 04 FA EB 01 FA EB 01 5F EB 02 CD 20 8A 16 EB 02 11 31 80 E9 31 EB 02 30 11 C1 E9 11 80 EA 04 EB 02 F0 EA 33 CB 81 EA AB AB 19 08 04 D5 03 C2 80 EA 33 0F B6 C9 0F BE 0E 88 16 EB 01 5F EB 01 6B 46 EB 01 6D 0F BE C0 4B EB 02 CD 20 0F BE C9 2B C9 3B D9 75 B0 EB 01 99 C1 C1 05 91 9D B2 E3 22 E2 A1 E2 F2 22 E2 A0 xx xx xx E2 35 CA EC E2 E2 E2 E4 B4 57 E7 6C F8 28 F4 B4 A5 94 62 15 BD 86 95 E4 E1 F6 06 55 DA 15 AB E1 F6 06 55 FA 15 A2 E1 F6 06 55 03 95 E4 23 92 F2 E1 F6 06 F4 A2 55 DB 57 21 8C CD BE CA 25 E2 E2 E2 0D AD 57 F2 CA 1A E2 E2 E2 CD 0A 8E B3 CA 56 23 F5 AB CD FE 73 2A A3 C2 EA 8E CA 04 E2 E2 E2 1F E2 5F E2 E2 55 EC 62 DE E7 55 E8 65 DA 61 59 E4
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)</text>
-      <pattern>
-        2B C2 E8 02 00 00 00 95 4A 59 8D 3D 52 F1 2A E8 C1 C8 1C BE 2E xx xx 18 EB 02 AB A0 03 F7
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)</text>
-      <pattern>
-        2B C2 E8 02 00 00 00 95 4A 59 8D 3D 52 F1 2A E8 C1 C8 1C BE 2E xx xx 18 EB 02 AB A0 03 F7 EB 02 CD 20 68 F4 00 00 00 0B C7 5B 03 CB 8A 06 8A 16 E8 02 00 00 00 8D 46 59 EB 01 A4 02 D3 EB 02 CD 20 02 D3 E8 02 00 00 00 57 AB 58 81 C2 AA 87 AC B9 0F BE C9 80 EA 0F E8 01 00 00 00 64 59 02 D3 EB 02 D6 5C 88 16 EB 02 CD 20 46 E8 02 00 00 00 6B B5 59 4B 0F B7 C6 0B DB 75 B1 EB 02 50 AA 91 44 5C 90 D2 95 57 9B AE E1 A4 65 xx xx xx B3 09 A1 C6 BF C2 C5 CA 9D 43 D6 5E ED 20 EF B2 A6 98 69 1F CA 96 A8 FA FA 12 25 77 F 3D D6 0F 27 3A 8C 34 52 E2 24 3C 4F A1 52 E7 39 7B ED 50 42 5A 6D 5E 0F C5 4E CD 9A 08 4C 40 4F AD 6D 70 73 A1 44 F1 8F 6A BD 88 8B 8E 7C BC 43 6B 85 14 E4 B9 72 97 CB 43 FD 79 9B C6 6D AC E9 CA CD D0 10 D6 56 DC DF 55 EF 68 E7 F3 64 FA 7A F2 7C 77 05
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)</text>
-      <pattern>
-        2B C2 E8 02 00 00 00 95 4A 59 8D 3D 52 F1 2A E8 C1 C8 1C BE 2E xx xx 18 EB 02 AB A0 03 F7 EB 02 CD 20 68 F4 00 00 00 0B C7 5B 03 CB 8A 06 8A 16 E8 02 00 00 00 8D 46 59 EB 01 A4 02 D3 EB 02 CD 20 02 D3 E8 02 00 00 00 57 AB 58 81 C2 AA 87 AC B9 0F BE C9 80 EA 0F E8 01 00 00 00 64 59 02 D3 EB 02 D6 5C 88 16 EB 02 CD 20 46 E8 02 00 00 00 6B B5 59 4B 0F B7 C6 0B DB 75 B1 EB 02 50 AA 91 44 5C 90 D2 95 57 9B AE E1 A4 65 xx xx xx B3 09 A1 C6 BF C2 C5 CA 9D 43 D6 5E ED 20 EF B2 A6 98 69 1F CA 96 A8 FA FA 12 25 77 FF 3D D6 0F 27 3A 8C 34 52 E2 24 3C 4F A1 52 E7 39 7B ED 50 42 5A 6D 5E 0F C5 4E CD 9A 08 4C 40 4F AD 6D 70 73 A1 44 F1 8F 6A BD 88 8B 8E 7C BC 43 6B 85 14 E4 B9 72 97 CB 43 FD 79 9B C6 6D AC E9 CA CD D0 10 D6 56 DC DF 55 EF 68 E7 F3 64 FA 7A F2 7C 77 05
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)</text>
-      <pattern>
-        EB 01 2E EB 02 A5 55 BB 80 xx xx 00 87 FE 8D 05 AA CE E0 63 EB 01 75 BA 5E CE E0 63 EB 02
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++ / ASM)</text>
-      <pattern>
-        EB 02 CD 20 EB 02 CD 20 EB 02 CD 20 C1 E6 18 BB 80 xx xx 00 EB 02 82 B8 EB 01 10 8D 05 F4
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)</text>
-      <pattern>
-        1B DB E8 02 00 00 00 1A 0D 5B 68 80 xx xx 00 E8 01 00 00 00 EA 5A 58 EB 02 CD 20 68 F4 00 00 00 EB 02 CD 20 5E 0F B6 D0 80 CA 5C 8B 38 EB 01 35 EB 02 DC 97 81 EF F7 65 17 43 E8 02 00 00 00 97 CB 5B 81 C7 B2 8B A1 0C 8B D1 83 EF 17 EB 02 0C 65 83 EF 43 13 D6 83 C7 32 F7 DA 03 FE EB 02 CD 20 87 FA 88 10 EB 02 CD 20 40 E8 02 00 00 00 F1 F8 5B 4E 2B D2 85 F6 75 AF EB 02 DE 09 EB 01 EF 34 4A 7C BC 7D 3D 7F 90 C1 82 41 xx xx xx 87 DB 71 94 8B 8C 8D 90 61 05 96 1C A9 DA A7 68 5A 4A 19 CD 76 40 50 A0 9E B4 C5 15 9B D7 6E A5 BB CC 1C C2 DE 6C AC C2 D3 23 D2 65 B5 F5 65 C6 B6 CC DD CC 7B 2F B6 33 FE 6A AC 9E AB 07 C5 C6 C7 F3 94 3F DB B4 05 CE CF D0 BC FA 7F A5 BD 4A 18 EB A2 C5 F7 6D 25 9F BF E8 8D CA 05 E4 E5 E6 24 E8 66 EA EB 5F F7 6E EB F5 64 F8 76 EC 74 6D F9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)</text>
-      <pattern>
-        C1 C8 10 EB 01 0F BF 03 74 66 77 C1 E9 1D 68 83 xx xx 77 EB 02 CD 20 5E EB 02 CD 20 2B F7
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)x</text>
-      <pattern>
-        1B DB E8 02 00 00 00 1A 0D 5B 68 80 xx xx 00 E8 01 00 00 00 EA 5A 58 EB 02 CD 20 68 F4 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi 2.0)</text>
-      <pattern>
-        EB 01 56 E8 02 00 00 00 B2 D9 59 68 80 xx 41 00 E8 02 00 00 00 65 32 59 5E EB 02 CD 20 BB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (MASM32 / TASM32 / Microsoft Visual Basic)</text>
-      <pattern>
-        F7 D8 0F BE C2 BE 80 xx xx 00 0F BE C9 BF 08 3B 65 07 EB 02 D8 29 BB EC C5 9A F8 EB 01 94
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (MASM32 / TASM32)</text>
-      <pattern>
-        03 F7 23 FE 33 FB EB 02 CD 20 BB 80 xx 40 00 EB 01 86 EB 01 90 B8 F4 00 00 00 83 EE 05 2B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (MASM32 / TASM32)</text>
-      <pattern>
-        03 F7 23 FE 33 FB EB 02 CD 20 BB 80 xx 40 00 EB 01 86 EB 01 90 B8 F4 00 00 00 83 EE 05 2B F2 81 F6 EE 00 00 00 EB 02 CD 20 8A 0B E8 02 00 00 00 A9 54 5E C1 EE 07 F7 D7 EB 01 DE 81 E9 B7 96 A0 C4 EB 01 6B EB 02 CD 20 80 E9 4B C1 CF 08 EB 01 71 80 E9 1C EB 02 F0 49 C1 F6 09 88 0B F7 DE 0F B6 F2 43 EB 02 CD 20 C1 E7 0A 48 EB 01 89 C1 E7 14 2B FF 3B C7 75 A8 E8 01 00 00 00 81 5F F7 D7 D9 EE 1F 5E 1E DD 1E 2E 5E 1E DC xx xx 5E 1E 71 06 28 1E 1E 1E 20 F0 93 23 A8 34 64 30 F0 E1 D0 9E 51 F9 C2 D1 20 1D 32 42 91 16 51 E7 1D 32 42 91 36 51 DE 1D 32 42 91 3F D1 20 5F CE 2E 1D 32 42 30 DE 91 17 93 5D C8 09 FA 06 61 1E 1E 1E 49 E9 93 2E 06 56 1E 1E 1E 09 46 CA EF 06 92 5F 31 E7 09 3A AF 66 DF FE 26 CA 06 40 1E 1E 1E 5B 1E 9B 1E 1E 91 28 9E 1A 23 91 24 A1 16 9D 95 20
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (MASM32)</text>
-      <pattern>
-        EB 01 DB E8 02 00 00 00 86 43 5E 8D 1D D0 75 CF 83 C1 EE 1D 68 50 xx 8F 83 EB 02 3D 0F 5A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual Basic / MASM32)</text>
-      <pattern>
-        EB 02 09 94 0F B7 FF 68 80 xx xx 00 81 F6 8E 00 00 00 5B EB 02 11 C2 8D 05 F4 00 00 00 47
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual Basic 5.0 / 6.0)</text>
-      <pattern>
-        C1 CB 10 EB 01 0F B9 03 74 F6 EE 0F B6 D3 8D 05 83 xx xx EF 80 F3 F6 2B C1 EB 01 DE 68 77
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 4.x / LCC Win32 1.x)</text>
-      <pattern>
-        2C 71 1B CA EB 01 2A EB 01 65 8D 35 80 xx xx 00 80 C9 84 80 C9 68 BB F4 00 00 00 EB 01 EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 5.0 / 6.0)</text>
-      <pattern>
-        33 D2 0F BE D2 EB 01 C7 EB 01 D8 8D 05 80 xx xx xx EB 02 CD 20 EB 01 F8 BE F4 00 00 00 EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0 / ASM)</text>
-      <pattern>
-        E8 01 00 00 00 5A 5E E8 02 00 00 00 BA DD 5E 03 F2 EB 01 64 BB 80 xx xx 00 8B FA EB 01 A8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)</text>
-      <pattern>
-        0B D0 8B DA E8 02 00 00 00 40 A0 5A EB 01 9D B8 80 xx xx 00 EB 02 CD 20 03 D3 8D 35 F4 00 00 00 EB 01 35 EB 01 88 80 CA 7C 80 F3 74 8B 38 EB 02 AC BA 03 DB E8 01 00 00 00 A5 5B C1 C2 0B 81 C7 DA 10 0A 4E EB 01 08 2B D1 83 EF 14 EB 02 CD 20 33 D3 83 EF 27
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)</text>
-      <pattern>
-        0B D0 8B DA E8 02 00 00 00 40 A0 5A EB 01 9D B8 80 xx xx 00 EB 02 CD 20 03 D3 8D 35 F4 00 00 00 EB 01 35 EB 01 88 80 CA 7C 80 F3 74 8B 38 EB 02 AC BA 03 DB E8 01 00 00 00 A5 5B C1 C2 0B 81 C7 DA 10 0A 4E EB 01 08 2B D1 83 EF 14 EB 02 CD 20 33 D3 83 EF 27 EB 02 82 53 EB 02 CD 20 87 FA 88 10 80 F3 CA EB 02 CD 20 40 03 D7 0B D0 4E 1B D2 EB 02 CD 20 2B D2 3B F2 75 AC F7 DA 80 C3 AF 91 1C 31 62 A1 61 20 61 71 A1 61 1F xx xx xx 61 B4 49 6B 61 61 61 63 33 D6 66 EB 77 A7 73 33 24 13 E1 94 3C 05 14 63 60 75 85 D4 59 94 2A 60 75 85 D4 79 94 21 60 75 85 D4 82 14 63 A2 11 71 60 75 85 73 21 D4 5A D6 A0 0B 4C 3D 49 A4 61 61 61 8C 2C D6 71 49 99 61 61 61 4C 89 0D 32 49 D5 A2 74 2A 4C 7D F2 A9 22 41 69 0D 49 83 61 61 61 9E 61 DE 61 61 D4 6B E1 5D 66 D4 67 E4 59 E0 D8 63
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)</text>
-      <pattern>
-        0B D0 8B DA E8 02 00 00 00 40 A0 5A EB 01 9D B8 80 xx xx xx EB 02 CD 20 03 D3 8D 35 F4 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)</text>
-      <pattern>
-        87 FE E8 02 00 00 00 98 CC 5F BB 80 xx xx 00 EB 02 CD 20 68 F4 00 00 00 E8 01 00 00 00 E3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)</text>
-      <pattern>
-        EB 02 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)</text>
-      <pattern>
-        F7 D8 40 49 EB 02 E0 0A 8D 35 80 xx xx xx 0F B6 C2 EB 01 9C 8D 1D F4 00 00 00 EB 01 3C 80
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)</text>
-      <pattern>
-        F7 DB 80 EA BF B9 2F 40 67 BA EB 01 01 68 AF xx A7 BA 80 EA 9D 58 C1 C2 09 2B C1 8B D7 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / ASM)</text>
-      <pattern>
-        F7 D0 EB 02 CD 20 BE BB 74 1C FB EB 02 CD 20 BF 3B xx xx FB C1 C1 03 33 F7 EB 02 CD 20 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)</text>
-      <pattern>
-        03 DE EB 01 F8 B8 80 xx 42 00 EB 02 CD 20 68 17 A0 B3 AB EB 01 E8 59 0F B6 DB 68 0B A1 B3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)</text>
-      <pattern>
-        03 DE EB 01 F8 B8 80 xx 42 00 EB 02 CD 20 68 17 A0 B3 AB EB 01 E8 59 0F B6 DB 68 0B A1 B3 AB EB 02 CD 20 5E 80 CB AA 2B F1 EB 02 CD 20 43 0F BE 38 13 D6 80 C3 47 2B FE EB 01 F4 03 FE EB 02 4F 4E 81 EF 93 53 7C 3C 80 C3 29 81 F7 8A 8F 67 8B 80 C3 C7 2B FE EB 02 CD 20 57 EB 02 CD 20 5A 88 10 EB 02 CD 20 40 E8 02 00 00 00 C5 62 5A 4E E8 01 00 00 00 43 5A 2B DB 3B F3 75 B1 C1 F3 0D 92 B8 DC 0C 4E 0D B7 F7 0A 39 F4 B5 xx xx 36 FF 45 D9 FA FB FE FD FE CD 6B FE 82 0D 28 F3 B6 A6 A0 71 1F BA 92 9C EE DA FE 0D 47 DB 09 AE DF E3 F6 50 E4 12 9E C8 EC FB 4D EA 77 C9 03 75 E0 D2 D6 E5 E2 8B 41 B6 41 FA 70 B0 A0 AB F9 B5 C0 BF ED 78 25 CB 96 E5 A8 A7 AA A0 DC 5F 73 9D 14 F0 B5 6A 87 B7 3B E5 6D 77 B2 45 8C B9 96 95 A0 DC A2 1E 9C 9B 11 93 08 83 9B F8 9E 0A 8E 10 F7 85
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)</text>
-      <pattern>
-        91 EB 02 CD 20 BF 50 BC 04 6F 91 BE D0 xx xx 6F EB 02 CD 20 2B F7 EB 02 F0 46 8D 1D F4 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)</text>
-      <pattern>
-        C1 CE 10 C1 F6 0F 68 00 xx xx 00 2B FA 5B 23 F9 8D 15 80 xx xx 00 E8 01 00 00 00 B6 5E 0B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)</text>
-      <pattern>
-        D1 E9 03 C0 68 80 xx xx 00 EB 02 CD 20 5E 40 BB F4 00 00 00 33 CA 2B C7 0F B6 16 EB 01 3E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)</text>
-      <pattern>
-        E8 01 00 00 00 0E 59 E8 01 00 00 00 58 58 BE 80 xx xx 00 EB 02 61 E9 68 F4 00 00 00 C1 C8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)</text>
-      <pattern>
-        EB 01 4D 83 F6 4C 68 80 xx xx 00 EB 02 CD 20 5B EB 01 23 68 48 1C 2B 3A E8 02 00 00 00 38
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)</text>
-      <pattern>
-        EB 02 AB 35 EB 02 B5 C6 8D 05 80 xx xx 00 C1 C2 11 BE F4 00 00 00 F7 DB F7 DB 0F BE 38 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)</text>
-      <pattern>
-        F7 DB 80 EA BF B9 2F 40 67 BA EB 01 01 68 AF xx xx BA 80 EA 9D 58 C1 C2 09 2B C1 8B D7 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)</text>
-      <pattern>
-        EB 02 CD 20 xx CF xx xx 80 xx xx 00 xx xx xx xx xx xx xx xx 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt</text>
-      <pattern>
-        BB D0 01 40 xx BF xx 10 40 xx BE
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt</text>
-      <pattern>
-        E8 01 00 00 00 xx xx E8 xx 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.10 (Eng) -> dulek/xt</text>
-      <pattern>
-        EB 01 xx EB 02 xx xx xx 80 xx xx 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.1</text>
-      <pattern>
-        BB D0 01 40 xx BF xx 10 40 xx BE xx xx xx xx FC B2 80 8A 06 46 88 07 47 02 D2 75 05 8A 16
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.20 (Eng) -> dulek/xt -> (Borland C++)</text>
-      <pattern>
-        C1 F0 07 EB 02 CD 20 BE 80 xx xx 00 1B C6 8D 1D F4 00 00 00 0F B6 06 EB 02 CD 20 8A 16 0F B6 C3 E8 01 00 00 00 DC 59 80 EA 37 EB 02 CD 20 2A D3 EB 02 CD 20 80 EA 73 1B CF 32 D3 C1 C8 0E 80 EA 23 0F B6 C9 02 D3 EB 01 B5 02 D3 EB 02 DB 5B 81 C2 F6 56 7B F6 EB 02 56 7B 2A D3 E8 01 00 00 00 ED 58 88 16 13 C3 46 EB 02 CD 20 4B EB 02 CD 20 2B C9 3B D9 75 A1 E8 02 00 00 00 D7 6B 58 EB 00 9E 96 6A 28 67 AB 69 54 03 3E 7F xx xx xx 31 0D 63 44 35 38 37 18 87 9F 10 8C 37 C6 41 80 4C 5E 8B DB 60 4C 3A 28 08 30 BF 93 05 D1 58 13 2D B8 86 AE C8 58 16 A6 95 C5 94 03 33 6F FF 92 20 98 87 9C E5 B9 20 B5 68 DE 16 4A 15 C1 7F 72 71 65 3E A9 85 20 AF 5A 59 54 26 66 E9 3F 27 DE 8E 7D 34 53 61 F7 AF 09 29 5C F7 36 83 60 5F 52 92 5C D0 56 55 C9 61 7A FD EF 7E E8 70 F8 6E 7B EF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.20 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)</text>
-      <pattern>
-        0F BE C1 EB 01 0E 8D 35 C3 BE B6 22 F7 D1 68 43 xx xx 22 EB 02 B5 15 5F C1 F1 15 33 F7 80 E9 F9 BB F4 00 00 00 EB 02 8F D0 EB 02 08 AD 8A 16 2B C7 1B C7 80 C2 7A 41 80 EA 10 EB 01 3C 81 EA CF AE F1 AA EB 01 EC 81 EA BB C6 AB EE 2C E3 32 D3 0B CB 81 EA AB EE 90 14 2C 77 2A D3 EB 01 87 2A D3 E8 01 00 00 00 92 59 88 16 EB 02 52 08 46 EB 02 CD 20 4B 80 F1 C2 85 DB 75 AE C1 E0 04 EB 00 DA B2 82 5C 9B C7 89 98 4F 8A F7 xx xx xx B1 4D DF B8 AD AC AB D4 07 27 D4 50 CF 9A D5 1C EC F2 27 77 18 40 4E A4 A8 B4 CB 9F 1D D9 EC 1F AD BC 82 AA C0 4C 0A A2 15 45 18 8F BB 07 93 BE C0 BC A3 B0 9D 51 D4 F1 08 22 62 96 6D 09 73 7E 71 A5 3A E5 7D 94 A3 96 99 98 72 B2 31 57 7B FA AE 9D 28 4F 99 EF A3 25 49 60 03 42 8B 54 53 5E 92 50 D4 52 4D C1 55 76 FD F7 8A FC 78 0C 82 87 0F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.20 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)</text>
-      <pattern>
-        0F B6 D0 E8 01 00 00 00 0C 5A B8 80 xx xx 00 EB 02 00 DE 8D 35 F4 00 00 00 F7 D2 EB 02 0E EA 8B 38 EB 01 A0 C1 F3 11 81 EF 84 88 F4 4C EB 02 CD 20 83 F7 22 87 D3 33 FE C1 C3 19 83 F7 26 E8 02 00 00 00 BC DE 5A 81 EF F7 EF 6F 18 EB 02 CD 20 83 EF 7F EB 01 F7 2B FE EB 01 7F 81 EF DF 30 90 1E EB 02 CD 20 87 FA 88 10 80 EA 03 40 EB 01 20 4E EB 01 3D 83 FE 00 75 A2 EB 02 CD 20 EB 01 C3 78 73 42 F7 35 6C 2D 3F ED 33 97 xx xx xx 5D F0 45 29 55 57 55 71 63 02 72 E9 1F 2D 67 B1 C0 91 FD 10 58 A3 90 71 6C 83 11 E0 5D 20 AE 5C 71 83 D0 7B 10 97 54 17 11 C0 0E 00 33 76 85 33 3C 33 21 31 F5 50 CE 56 6C 89 C8 F7 CD 70 D5 E3 DD 08 E8 4E 25 FF 0D F3 ED EF C8 0B 89 A6 CD 77 42 F0 A6 C8 19 66 3D B2 CD E7 89 CB 13 D7 D5 E3 1E DF 5A E3 D5 50 DF B3 39 32 C0 2D B0 3F B4 B4 43
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.20 (Eng) -> dulek/xt -> (MASM32 / TASM32)</text>
-      <pattern>
-        33 C2 2C FB 8D 3D 7E 45 B4 80 E8 02 00 00 00 8A 45 58 68 02 xx 8C 7F EB 02 CD 20 5E 80 C9 16 03 F7 EB 02 40 B0 68 F4 00 00 00 80 F1 2C 5B C1 E9 05 0F B6 C9 8A 16 0F B6 C9 0F BF C7 2A D3 E8 02 00 00 00 99 4C 58 80 EA 53 C1 C9 16 2A D3 E8 02 00 00 00 9D CE 58 80 EA 33 C1 E1 12 32 D3 48 80 C2 26 EB 02 CD 20 88 16 F7 D8 46 EB 01 C0 4B 40 8D 0D 00 00 00 00 3B D9 75 B7 EB 01 14 EB 01 0A CF C5 93 53 90 DA 96 67 54 8D CC xx xx 51 8E 18 74 53 82 83 80 47 B4 D2 41 FB 64 31 6A AF 7D 89 BC 0A 91 D7 83 37 39 43 50 A2 32 DC 81 32 3A 4B 97 3D D9 63 1F 55 42 F0 45 32 60 9A 28 51 61 4B 38 4B 12 E4 49 C4 99 09 47 F9 42 8C 48 51 4E 70 CF B8 12 2B 78 09 06 07 17 55 D6 EA 10 8D 3F 28 E5 02 0E A2 58 B8 D6 0F A8 E5 10 EB E8 F1 23 EF 61 E5 E2 54 EA A9 2A 22 AF 17 A1 23 97 9A 1C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)</text>
-      <pattern>
-        EB 02 CD 20 EB 01 91 8D 35 80 xx xx 00 33 C2 68 83 93 7E 7D 0C A4 5B 23 C3 68 77 93 7E 7D EB 01 FA 5F E8 02 00 00 00 F7 FB 58 33 DF EB 01 3F E8 02 00 00 00 11 88 58 0F B6 16 EB 02 CD 20 EB 02 86 2F 2A D3 EB 02 CD 20 80 EA 2F EB 01 52 32 D3 80 E9 CD 80 EA 73 8B CF 81 C2 96 44 EB 04 EB 02 CD 20 88 16 E8 02 00 00 00 44 A2 59 46 E8 01 00 00 00 AD 59 4B 80 C1 13 83 FB 00 75 B2 F7 D9 96 8F 80 4D 0C 4C 91 50 1C 0C 50 8A xx xx xx 50 E9 34 16 50 4C 4C 0E 7E 9B 49 C6 32 02 3E 7E 7B 5E 8C C5 6B 50 3F 0E 0F 38 C8 95 18 D1 65 11 2C B8 87 28 C3 4C 0B 3C AC D9 2D 15 4E 8F 1C 40 4F 28 98 3E 10 C1 45 DB 8F 06 3F EC 48 61 4C 50 50 81 DF C3 20 34 84 10 10 0C 1F 68 DC FF 24 8C 4D 29 F5 1D 2C BF 74 CF F0 24 C0 08 2E 0C 0C 10 51 0C 91 10 10 81 16 D0 54 4B D7 42 C3 54 CB C9 4E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)</text>
-      <pattern>
-        C1 E0 06 EB 02 CD 20 EB 01 27 EB 01 24 BE 80 xx 42 00 49 EB 01 99 8D 1D F4 00 00 00 EB 01 5C F7 D8 1B CA EB 01 31 8A 16 80 E9 41 EB 01 C2 C1 E0 0A EB 01 A1 81 EA A8 8C 18 A1 34 46 E8 01 00 00 00 62 59 32 D3 C1 C9 02 EB 01 68 80 F2 1A 0F BE C9 F7 D1 2A D3 EB 02 42 C0 EB 01 08 88 16 80 F1 98 80 C9 28 46 91 EB 02 C0 55 4B EB 01 55 34 44 0B DB 75 AD E8 01 00 00 00 9D 59 0B C6 EB 01 6C E9 D2 C3 82 C2 03 C2 B2 82 C2 00 xx xx 7C C2 6F DA BC C2 C2 C2 CC 1C 3D CF 4C D8 84 D0 0C FD F0 42 77 0D 66 F1 AC C1 DE CE 97 BA D7 EB C3 AE DE 91 AA D5 02 0D 1E EE 3F 23 77 C4 01 72 12 C1 0E 1E 14 82 37 AB 39 01 88 C9 DE CA 07 C2 C2 C2 17 79 49 B2 DA 0A C2 C2 C2 A9 EA 6E 91 AA 2E 03 CF 7B 9F CE 51 FA 6D A2 AA 56 8A E4 C2 C2 C2 07 C2 47 C2 C2 17 B8 42 C6 8D 31 88 45 BA 3D 2B BC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.2</text>
-      <pattern>
-        4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 xx 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.30 (Eng) -> dulek/xt</text>
-      <pattern>
-        BB D0 01 40 00 BF 00 10 40 00 BE xx xx xx 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 52 FF FF FF 5F BB xx xx xx 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE 0F 75 06 47 FF 37 AF EB 09 FE 0F 0F 84 xx xx xx FF 57 55 FF 53 04 09 06 AD 75 DB 8B EC C3 xx xx xx 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.31 (Eng) -> dulek/xt</text>
-      <pattern>
-        BB D0 01 40 00 BF 00 10 40 00 BE xx xx xx 00 53 BB xx xx xx 00 B2 80 A4 B6 80 FF D3 73 F9 33 C9 FF D3 73 16 33 C0 FF D3 73 23 B6 80 41 B0 10 FF D3 12 C0 73 FA 75 42 AA EB E0 E8 46 00 00 00 02 F6 83 D9 01 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 48 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B6 00 56 8B F7 2B F0 F3 A4 5E EB 97 33 C9 41 FF D3 13 C9 FF D3 72 F8 C3 02 D2 75 05 8A 16 46 12 D2 C3 5B 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 58 FF FF FF 5F BB xx xx xx 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE 0F 75 06 47 FF 37 AF EB 09 FE 0F 0F 84 xx xx xx FF 57 55 FF 53 04 89 06 AD 85 C0 75 D9 8B EC C3 xx xx xx 00 00 00 00 00 00 00 00 00 88 01 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.31</text>
-      <pattern>
-        BB D0 01 40 00 BF 00 10 40 00 BE xx xx xx xx 53 BB xx xx xx xx B2 80 A4 B6 80 FF D3 73 F9 33 C9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.33 (Eng) -> dulek/xt</text>
-      <pattern>
-        BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.33 (Eng) -> dulek/xt</text>
-      <pattern>
-        BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC D1 E8 74 2F 13 C9 EB 1A 91 48 C1 E0 08 AC FF 53 04 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B6 00 56 8B F7 2B F0 F3 A4 5E EB 9D 8B D6 5E AD 48 74 0A 79 02 AD 50 56 8B F2 97 EB 87 AD 93 5E 46 AD 97 56 FF 13 95 AC 84 C0 75 FB FE 0E 74 F0 79 05 46 AD 50 EB 09 FE 0E 0F 84 xx xx xx FF 56 55 FF 53 04 AB EB E0 33 C9 41 FF 13 13 C9 FF 13 72 F8 C3 02 D2 75 05 8A 16 46 12 D2 C3 xx xx xx 00 00 00 00 00 00 00 00 00 54 01 00 00 xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 01 00 00 6F 01 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.33</text>
-      <pattern>
-        BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.3</text>
-      <pattern>
-        BB D0 01 40 00 BF 00 10 40 00 BE xx xx xx xx 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 52 FF FF FF 5F BB xx xx xx xx 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v1.3</text>
-      <pattern>
-        BB D0 01 40 00 BF 00 10 40 00 BE xx xx xx xx 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 52 FF FF FF 5F BB xx xx xx xx 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE xx 74 EF FE
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v2.0 -> bart/xt</text>
-      <pattern>
-        87 25 xx xx xx 00 61 94 55 A4 B6 80 FF 13
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>FSG v2.0</text>
-      <pattern>
-        87 25 xx xx xx xx 61 94 55 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Fuck'n'Joy 1.0c -> UsAr</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED D8 05 40 00 FF 74 24 20 E8 8C 02 00 00 0B C0 0F 84 2C 01 00 00 89 85 6C 08 40 00 8D 85 2F 08 40 00 50 FF B5 6C 08 40 00 E8 EF 02 00 00 0B C0 0F 84 0C 01 00 00 89 85 3B 08 40 00 8D 85 3F 08 40 00 50 FF B5 6C 08 40 00 E8 CF 02 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Fuck'n'Joy v1.0c -> UsAr</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED D8 05 40 00 FF 74 24 20 E8 8C 02 00 00 0B C0 0F 84 2C 01 00 00 89 85 6C 08 40 00 8D 85 2F 08 40 00 50 FF B5 6C 08 40 00 E8 EF 02 00 00 0B C0 0F 84 0C 01 00 00 89 85 3B 08 40 00 8D 85 3F 08 40 00 50 FF B5 6C 08 40 00 E8 CF 02 00 00 0B C0 0F 84 EC 00 00 00 89 85 4D 08 40 00 8D 85 51 08 40 00 50 FF B5 6C 08 40 00 E8 AF 02 00 00 0B C0 0F 84 CC 00 00 00 89 85 5C 08 40 00 8D 85 67 07 40 00 E8 7B 02 00 00 8D B5 C4 07 40 00 56 6A 64 FF 95 74 07 40 00 46 80 3E 00 75 FA C7 06 74 6D 70 2E 83 C6 04 C7 06 65 78 65 00 8D 85 36 07 40 00 E8 4C 02 00 00 33 DB 53 53 6A 02 53 53 68 00 00 00 40 8D 85 C4 07 40 00 50 FF 95 74 07 40 00 89 85 78 07 40 00 8D 85 51 07 40 00 E8 21 02 00 00 6A 00 8D 85 7C 07 40 00 50 68 00 xx xx 00 8D 85 F2 09 40 00 50 FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Fusion 1.0 -> jaNooNi</text>
-      <pattern>
-        68 04 30 40 00 68 04 30 40 00 E8 09 03 00 00 68 04 30 40 00 E8 C7 02 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>G!X Protector 1.2 -> Guru.eXe</text>
-      <pattern>
-        60 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>GameGuard - nProtect</text>
-      <pattern>
-        31 FF 74 06 61 E9 4A 4D 50 30 5A BA 7D 00 00 00 80 7C 24 08 01 E9 00 00 00 00 60 BE xx xx xx xx 31 FF 74 06 61 E9 4A 4D 50 30 8D BE xx xx xx xx 31 C9 74 06 61 E9 4A 4D 50 30 B8 7D 00 00 00 39 C2 B8 4C 00 00 00 F7 D0 75 3F 64 A1 30 00 00 00 85 C0 78 23 8B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>GameGuard - nProtect</text>
-      <pattern>
-        31 FF 74 06 61 E9 4A 4D 50 30 5A BA 7D 00 00 00 80 7C 24 08 01 E9 00 00 00 00 60 BE xx xx xx xx 31 FF 74 06 61 E9 4A 4D 50 30 8D BE xx xx xx xx 31 C9 74 06 61 E9 4A 4D 50 30 B8 7D 00 00 00 39 C2 B8 4C 00 00 00 F7 D0 75 3F 64 A1 30 00 00 00 85 C0 78 23 8B 40 0C 8B 40 0C C7 40 20 00 10 00 00 64 A1 18 00 00 00 8B 40 30 0F B6 40 02 85 C0 75 16 E9 12 00 00 00 31 C0 64 A0 20 00 00 00 85 C0 75 05 E9 01 00 00 00 61 57 83 CD FF EB 0B 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>GameGuard v2006.5.x.x (*.dll)</text>
-      <pattern>
-        31 FF 74 06 61 E9 4A 4D 50 30 BA 4C 00 00 00 80 7C 24 08 01 0F 85 xx 01 00 00 60 BE 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>GameGuard v2006.5.x.x (*.exe)</text>
-      <pattern>
-        31 FF 74 06 61 E9 4A 4D 50 30 5A BA 7D 00 00 00 80 7C 24 08 01 E9 00 00 00 00 60 BE 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Gamehouse Media Protector Version Unknown</text>
-      <pattern>
-        68 xx xx xx xx 6A 00 FF 15 xx xx xx xx 50 FF 15 xx xx xx 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Gardian Angel 1.0</text>
-      <pattern>
-        06 8C C8 8E D8 8E C0 FC BF xx xx EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Gentee Installer Custom</text>
-      <pattern>
-        55 8B EC 81 EC 14 04 00 00 53 56 57 6A 00 FF 15 08 41 40 00 68 00 50 40 00 FF 15 04 41 40 00 85 C0 74 29 6A 00 A1 00 20 40 00 xx xx xx xx 41 40 00 8B F0 6A 06 56 FF 15 1C 41 40 00 6A 03 56 FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>GHF Protector (pack only) -> GPcH</text>
-      <pattern>
-        60 68 xx xx xx xx B8 xx xx xx xx FF 10 68 xx xx xx xx 50 B8 xx xx xx xx FF 10 68 00 00 00 00 6A 40 FF D0 89 05 xx xx xx xx 89 C7 BE xx xx xx xx 60 FC B2 80 31 DB A4 B3 02 E8 6D 00 00 00 73 F6 31 C9 E8 64 00 00 00 73 1C 31 C0 E8 5B 00 00 00 73 23 B3 02 41
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>GHF Protector (pack only) -> GPcH</text>
-      <pattern>
-        60 68 xx xx xx xx B8 xx xx xx xx FF 10 68 xx xx xx xx 50 B8 xx xx xx xx FF 10 68 00 00 00 00 6A 40 FF D0 89 05 xx xx xx xx 89 C7 BE xx xx xx xx 60 FC B2 80 31 DB A4 B3 02 E8 6D 00 00 00 73 F6 31 C9 E8 64 00 00 00 73 1C 31 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00 10 C0 73 F7 75 3F AA EB D4 E8 4D 00 00 00 29 D9 75 10 E8 42 00 00 00 EB 28 AC D1 E8 74 4D 11 C9 EB 1C 91 48 C1 E0 08 AC E8 2C 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 89 E8 B3 01 56 89 FE 29 C6 F3 A4 5E EB 8E 00 D2 75 05 8A 16 46 10 D2 C3 31 C9 41 E8 EE FF FF FF 11 C9 E8 E7 FF FF FF 72 F2 C3 61 B9 FC FF FF FF 8B 1C 08 89 99 xx xx xx xx E2 F5 90 90 BA xx xx xx xx BE xx xx xx xx 01 D6 8B 46 0C 85 C0 0F 84 87 00 00 00 01 D0 89 C3 50 B8 xx xx xx xx FF 10 85 C0 75 08 53 B8 xx xx xx xx FF 10 89 05 xx xx xx xx C7 05 xx xx xx xx 00 00 00 00 BA xx xx xx xx 8B 06 85 C0 75 03 8B 46 10 01 D0 03 05 xx xx xx xx 8B 18 8B 7E 10 01 D7 03 3D xx xx xx xx 85 DB 74 2B F7 C3 00 00 0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>GHF Protector (pack only) -> GPcH</text>
-      <pattern>
-        60 68 xx xx xx xx B8 xx xx xx xx FF 10 68 xx xx xx xx 50 B8 xx xx xx xx FF 10 68 00 00 00 00 6A 40 FF D0 89 05 xx xx xx xx 89 C7 BE xx xx xx xx 60 FC B2 80 31 DB A4 B3 02 E8 6D 00 00 00 73 F6 31 C9 E8 64 00 00 00 73 1C 31 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00 10 C0 73 F7 75 3F AA EB D4 E8 4D 00 00 00 29 D9 75 10 E8 42 00 00 00 EB 28 AC D1 E8 74 4D 11 C9 EB 1C 91 48 C1 E0 08 AC E8 2C 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 89 E8 B3 01 56 89 FE 29 C6 F3 A4 5E EB 8E 00 D2 75 05 8A 16 46 10 D2 C3 31 C9 41 E8 EE FF FF FF 11 C9 E8 E7 FF FF FF 72 F2 C3 61 B9 FC FF FF FF 8B 1C 08 89 99 xx xx xx xx E2 F5 90 90 BA xx xx xx xx BE xx xx xx xx 01 D6 8B 46 0C 85 C0 0F 84 87 00 00 00 01 D0 89 C3 50 B8 xx xx xx xx FF 10 85 C0 75 08 53 B8 xx xx xx xx FF 10 89 05 xx xx xx xx C7 05 xx xx xx xx 00 00 00 00 BA xx xx xx xx 8B 06 85 C0 75 03 8B 46 10 01 D0 03 05 xx xx xx xx 8B 18 8B 7E 10 01 D7 03 3D xx xx xx xx 85 DB 74 2B F7 C3 00 00 00 80 75 04 01 D3 43 43 81 E3 FF FF FF 0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>GHF Protector (pack only) -> GPcH</text>
-      <pattern>
-        60 68 xx xx xx xx B8 xx xx xx xx FF 10 68 xx xx xx xx 50 B8 xx xx xx xx FF 10 68 00 00 00 00 6A 40 FF D0 89 05 xx xx xx xx 89 C7 BE xx xx xx xx 60 FC B2 80 31 DB A4 B3 02 E8 6D 00 00 00 73 F6 31 C9 E8 64 00 00 00 73 1C 31 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00 10 C0 73 F7 75 3F AA EB D4 E8 4D 00 00 00 29 D9 75 10 E8 42 00 00 00 EB 28 AC D1 E8 74 4D 11 C9 EB 1C 91 48 C1 E0 08 AC E8 2C 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 89 E8 B3 01 56 89 FE 29 C6 F3 A4 5E EB 8E 00 D2 75 05 8A 16 46 10 D2 C3 31 C9 41 E8 EE FF FF FF 11 C9 E8 E7 FF FF FF 72 F2 C3 61 B9 FC FF FF FF 8B 1C 08 89 99 xx xx xx xx E2 F5 90 90 BA xx xx xx xx BE xx xx xx xx 01 D6 8B 46 0C 85 C0 0F 84 87 00 00 00 01 D0 89 C3 50 B8 xx xx xx xx FF 10 85 C0 75 08 53 B8 xx xx xx xx FF 10 89 05 xx xx xx xx C7 05 xx xx xx xx 00 00 00 00 BA xx xx xx xx 8B 06 85 C0 75 03 8B 46 10 01 D0 03 05 xx xx xx xx 8B 18 8B 7E 10 01 D7 03 3D xx xx xx xx 85 DB 74 2B F7 C3 00 00 00 80 75 04 01 D3 43 43 81 E3 FF FF FF 0E P_ ON LY = T RU E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>GHF Protector (pack only) -> GPcH</text>
-      <pattern>
-        60 68 xx xx xx xx B8 xx xx xx xx FF 10 68 xx xx xx xx 50 B8 xx xx xx xx FF 10 68 00 00 00 00 6A 40 FF D0 89 05 xx xx xx xx 89 C7 BE xx xx xx xx 60 FC B2 80 31 DB A4 B3 02 E8 6D 00 00 00 73 F6 31 C9 E8 64 00 00 00 73 1C 31 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00 10 C0 73 F7 75 3F AA EB D4 E8 4D 00 00 00 29 D9 75 10 E8 42 00 00 00 EB 28 AC D1 E8 74 4D 11 C9 EB 1C 91 48 C1 E0 08 AC E8 2C 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 89 E8 B3 01 56 89 FE 29 C6 F3 A4 5E EB 8E 00 D2 75 05 8A 16 46 10 D2 C3 31 C9 41 E8 EE FF FF FF 11 C9 E8 E7 FF FF FF 72 F2 C3 61 B9 FC FF FF FF 8B 1C 08 89 99 xx xx xx xx E2 F5 90 90 BA xx xx xx xx BE xx xx xx xx 01 D6 8B 46 0C 85 C0 0F 84 87 00 00 00 01 D0 89 C3 50 B8 xx xx xx xx FF 10 85 C0 75 08 53 B8 xx xx xx xx FF 10 89 05 xx xx xx xx C7 05 xx xx xx xx 00 00 00 00 BA xx xx xx xx 8B 06 85 C0 75 03 8B 46 10 01 D0 03 05 xx xx xx xx 8B 18 8B 7E 10 01 D7 03 3D xx xx xx xx 85 DB 74 2B F7 C3 00 00 00 80 75 04 01 D3 43 43 81 E3 FF FF FF 0F 53 FF 35 xx xx xx xx B8 xx xx xx xx FF 10 89 07 83 05 xx xx xx xx 04 EB AE 83 C6 14 BA xx xx xx xx E9 6E FF FF FF 68 xx xx xx xx B8 xx xx xx xx FF 10 68 xx xx xx xx 50 B8 xx xx xx xx FF 10 8B 15 xx xx xx xx 52 FF D0 61 BA xx xx xx xx FF E2 90 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>GHF Protector (pack) / GPcH</text>
-      <pattern>
-        60 68 xx xx xx xx B8 xx xx xx xx FF 10 68 xx xx xx xx 50 B8 xx xx xx xx FF 10 68 00 A0 00 00 6A 40 FF D0 89 05 xx xx xx xx 89 C7 BE xx xx xx xx 60 FC B2 80 31 DB A4 B3 02 E8 6D 00 00 00 73 F6
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Gleam 1.00</text>
-      <pattern>
-        83 EC 0C 53 56 57 E8 24 02 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Go32Stub v.2.00 DOS-Extender</text>
-      <pattern>
-        0E 1F 8C 1E xx xx 8C 06 xx xx FC B4 30 CD 21 80
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Go32Stub v.2.00T DOS-Extender</text>
-      <pattern>
-        0E 1F 8C 1E xx xx 8C 06 xx xx FC B4 30 CD 21 3C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Goat's PE Mutilator 1.6</text>
-      <pattern>
-        E8 EA 0B 00 00 xx xx xx 8B 1C 79 F6 63 D8 8D 22 B0 BF F6 49 08 C3 02 BD 3B 6C 29 46 13 28 5D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Goat's PE Mutilator 1.6</text>
-      <pattern>
-        E8 EA 0B 00 00 xx xx xx 8B 1C 79 F6 63 D8 8D 22 B0 BF F6 49 08 C3 02 BD 3B 6C 29 46 13 28 5D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0F 53 0F DE 0F 55 0F 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Goats Mutilator v1.6 -> Goat/_e0f</text>
-      <pattern>
-        E8 EA 0B 00 00 xx xx xx 8B 1C 79 F6 63 D8 8D 22 B0 BF F6 49 08 C3 02 BD 3B 6C 29 46 13 28 5D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>GP-Install v5.0.3.32</text>
-      <pattern>
-        55 8B EC 33 C9 51 51 51 51 51 51 51 53 56 57 B8 C4 1C 41 00 E8 6B 3E FF FF 33 C0 55 68 76 20 41 00 64 FF 30 64 89 20 BA A0 47 41 00 33 C0 E8 31 0A FF FF 33 D2 A1 A0
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Guardant Stealth aka Novex Dongle</text>
-      <pattern>
-        55 8B EC 83 C4 F0 60 E8 51 FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>HACKSTOP v1.00</text>
-      <pattern>
-        FA BD xx xx FF E5 6A 49 48 0C xx E4 xx 3F 98 3F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>HACKSTOP v1.10, v1.11</text>
-      <pattern>
-        B4 30 CD 21 86 E0 3D xx xx 73 xx B4 2F CD 21 B0 xx B4 4C CD 21 50 B8 xx xx 58 EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>HACKSTOP v1.10p1</text>
-      <pattern>
-        B4 30 CD 21 86 E0 3D 00 03 73 xx B4 2F CD 21 B4 2A CD 21 B4 2C CD 21 B0 FF B4 4C CD 21 50 B8 xx xx 58 EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>HACKSTOP v1.11c</text>
-      <pattern>
-        B4 30 CD 21 86 E0 3D xx xx 73 xx B4 xx CD 21 B0 xx B4 4C CD 21 53 BB xx xx 5B EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>HACKSTOP v1.13</text>
-      <pattern>
-        52 B8 xx xx 1E CD 21 86 E0 3D xx xx 73 xx CD 20 0E 1F B4 09 E8 xx xx 24 xx EA
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>HACKSTOP v1.18</text>
-      <pattern>
-        52 BA xx xx 5A EB xx 9A xx xx xx xx 30 CD 21 xx xx xx FD 02 xx xx CD 20 0E 1F 52 BA xx xx 5A EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>HACKSTOP v1.19</text>
-      <pattern>
-        52 BA xx xx 5A EB xx 9A xx xx xx xx 30 CD 21 xx xx xx D6 02 xx xx CD 20 0E 1F 52 BA xx xx 5A EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Hardlock dongle (Alladin)</text>
-      <pattern>
-        5C 5C 2E 5C 48 41 52 44 4C 4F 43 4B 2E 56 58 44 00 00 00 00 5C 5C 2E 5C 46 45 6E 74 65 44 65 76
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Hasp 4 envelope dongle (Alladin)</text>
-      <pattern>
-        10 02 D0 51 0F 00 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Hasp dongle (Alladin)</text>
-      <pattern>
-        50 53 51 52 57 56 8B 75 1C 8B 3E xx xx xx xx xx 8B 5D 08 8A FB xx xx 03 5D 10 8B 45 0C 8B 4D 14 8B 55 18 80 FF 32
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>HASP HL Protection 1.X -> Aladdin</text>
-      <pattern>
-        55 8B EC 53 56 57 60 8B C4 A3 xx xx xx xx B8 xx xx xx xx 2B 05 xx xx xx xx A3 xx xx xx xx 83 3D xx xx xx xx 00 74 15 8B 0D xx xx xx xx 51 FF 15 xx xx xx xx 83 C4 04 E9 A5 00 00 00 68 xx xx xx xx FF 15 xx xx xx xx A3 xx xx xx xx 68 xx xx xx xx FF 15
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>HASP HL Protection V1.X -> Aladdin ! Sign by fly</text>
-      <pattern>
-        55 8B EC 53 56 57 60 8B C4 A3 xx xx xx xx B8 xx xx xx xx 2B 05 xx xx xx xx A3 xx xx xx xx 83 3D xx xx xx xx 00 74 15 8B 0D xx xx xx xx 51 FF 15 xx xx xx xx 83 C4 04 E9 A5 00 00 00 68 xx xx xx xx FF 15 xx xx xx xx A3 xx xx xx xx 68 xx xx xx xx FF 15 xx xx xx xx A3 xx xx xx xx 8B 15
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>HEALTH v.5.1 by Muslim M.Polyak</text>
-      <pattern>
-        1E E8 xx xx 2E 8C 06 xx xx 2E 89 3E xx xx 8B D7 B8 xx xx CD 21 8B D8 0E 1F E8 xx xx 06 57 A1 xx xx 26
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Hide PE 1.01 -> BGCorp</text>
-      <pattern>
-        xx BA xx xx xx 00 B8 xx xx xx xx 89 02 83 C2 04 B8 xx xx xx xx 89 02 83 C2 04 B8 xx xx xx xx 89 02 83 C2 F8 FF E2 0D 0A 2D 3D 5B 20 48 69 64 65 50 45 20 62 79 20 42 47 43 6F 72 70 20 5D 3D 2D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Hide and Protect 1.016 -> SoftWar Company</text>
-      <pattern>
-        90 90 90 E9 D8 xx 05 00 95 xx 53 00 95 4A 50 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Hide and Protect V1.0X-> SoftWar Company</text>
-      <pattern>
-        90 90 90 E9 D8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Histogram graphics file</text>
-      <pattern>
-        6D 68 77 61 6E 68 00 04 01 02 01 02
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Hitachi Raster Format graphics format</text>
-      <pattern>
-        43 41 44 43 2F 4B 52 20 52 53 54
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>hmimys protect 0.1 -> hmimys</text>
-      <pattern>
-        5E 83 C6 64 AD 50 AD 50 83 EE 6C AD 50 AD 50 AD 50 AD 50 AD 50 E8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>hmimys Protect v1.0</text>
-      <pattern>
-        E8 BA 00 00 00 xx 00 00 00 00 xx xx 00 00 10 40 00 xx xx xx 00 xx xx xx 00 00 xx xx 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 xx 00 00 00 00 00 00 00 xx xx xx 00 00 00 00 00 00 00 00 00 xx xx xx 00 xx xx xx 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>hmimys Protect v1.0</text>
-      <pattern>
-        E8 BA 00 00 00 xx 00 00 00 00 xx xx 00 00 10 40 00 xx xx xx 00 xx xx xx 00 00 xx xx 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 xx 00 00 00 00 00 00 00 xx xx xx 00 00 00 00 00 00 00 00 00 xx xx xx 00 xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 00 00 00 00 4B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 56 69 72 74 75 61 6C 46 72 65 65 00 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 5E 83 C6 64 AD 50 AD 50 83 EE 6C AD 50 AD 50 AD 50 AD 50 AD 50 E8 E7 07 00 00 AD 8B DE 8B F0 83 C3 44 AD 85 C0 74 32 8B F8 56 FF 13 8B E8 AC 84 C0 75 FB AC 84 C0 74 EA 4E AD A9 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>hmimys Protect v1.0</text>
-      <pattern>
-        E8 BA 00 00 00 xx 00 00 00 00 xx xx 00 00 10 40 00 xx xx xx 00 xx xx xx 00 00 xx xx 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 xx 00 00 00 00 00 00 00 xx xx xx 00 00 00 00 00 00 00 00 00 xx xx xx 00 xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 00 00 00 00 4B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 56 69 72 74 75 61 6C 46 72 65 65 00 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 5E 83 C6 64 AD 50 AD 50 83 EE 6C AD 50 AD 50 AD 50 AD 50 AD 50 E8 E7 07 00 00 AD 8B DE 8B F0 83 C3 44 AD 85 C0 74 32 8B F8 56 FF 13 8B E8 AC 84 C0 75 FB AC 84 C0 74 EA 4E AD A9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>hmimys's PE-Pack 0.1 -> hmimys</text>
-      <pattern>
-        E8 00 00 00 00 5D 83 ED 05 6A 00 FF 95 E1 0E 00 00 89 85 85 0E 00 00 8B 58 3C 03 D8 81 C3 F8 00 00 00 80 AD 89 0E 00 00 01 89 9D 63 0F 00 00 8B 4B 0C 03 8D 85 0E 00 00 8B 53 08 80 BD 89 0E 00 00 00 75 0C 03 8D 91 0E 00 00 2B 95 91 0E 00 00 89 8D 57 0F 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>hmimys's PE-Pack 0.1 -> hmimys</text>
-      <pattern>
-        E8 00 00 00 00 5D 83 ED 05 6A 00 FF 95 E1 0E 00 00 89 85 85 0E 00 00 8B 58 3C 03 D8 81 C3 F8 00 00 00 80 AD 89 0E 00 00 01 89 9D 63 0F 00 00 8B 4B 0C 03 8D 85 0E 00 00 8B 53 08 80 BD 89 0E 00 00 00 75 0C 03 8D 91 0E 00 00 2B 95 91 0E 00 00 89 8D 57 0F 00 00 89 95 5B 0F 00 00 8B 5B 10 89 9D 5F 0F 00 00 8B 9D 5F 0F 00 00 8B 85 57 0F 00 00 53 50 E8 B7 0B 00 00 89 85 73 0F 00 00 6A 04 68 00 10 00 00 50 6A 00 FF 95 E9 0E 00 00 89 85 6B 0F 00 00 6A 04 68 00 10 00 00 68 D8 7C 00 00 6A 00 FF 95 E9 0E 00 00 89 85 6F 0F 00 00 8D 85 67 0F 00 00 8B 9D 73 0F 00 00 8B 8D 6B 0F 00 00 8B 95 5B 0F 00 00 83 EA 0E 8B B5 57 0F 00 00 83 C6 0E 8B BD 6F 0F 00 00 50 53 51 52 56 68 D8 7C 00 00 57 E8 01 01 00 00 8B 9D 57 0F 00 00 8B 03 3C 01 75
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>hmimys-Packer 1.0 -> hmimys</text>
-      <pattern>
-        5E 83 C6 64 AD 50 AD 50 83 EE 6C AD 50 AD 50 AD 50 AD 50 AD 50 E8 E7 07 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>hmimys-Packer 1.0 -> hmimys</text>
-      <pattern>
-        5E 83 C6 64 AD 50 AD 50 83 EE 6C AD 50 AD 50 AD 50 AD 50 AD 50 E8 E7 07
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>hmimys-Packer 1.0</text>
-      <pattern>
-        E8 BA 00 00 00 03 00 00 00 00 xx xx 00 00 10 40 00 xx xx xx 00 xx xx xx 00 00 xx xx 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 xx 00 00 00 00 00 00 00 xx xx xx 00 00 00 00 00 00 00 00 00 xx xx xx 00 xx xx xx 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>HPA</text>
-      <pattern>
-        E8 xx xx 5E 8B D6 83 xx xx 83 xx xx 06 0E 1E 0E 1F 33 FF 8C D3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>HQR data file</text>
-      <pattern>
-        48 00 00 00 xx 02 00 00 xx xx 00 00 xx xx 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        hying's PE-Armor -> hying CCG
-      </text>
-      <pattern>
-        E8 AA 00 00 00 2D xx xx xx 00 00 00 00 00 00 00 00 3D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        Hying's PE-Armor 0.75.exe -> Hying CCG
-      </text>
-      <pattern>
-        00 00 00 00 00 00 00 00 xx xx 00 00 00 00 00 00 xx xx 01 00 00 00 00 00 00 00 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 74 xx xx xx 00 00 00 00 00 00 00 00 84 xx xx xx 74 xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 00 00 08 00 00 00 00 00 00 00 60 E8 00 00 00 00 5D 81 ED D7 00 00 00 8D B5 EE 00 00 00 55 56 81 C5 xx xx 00 00 55 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        Hying's PE-Armor 0.75.exe -> Hying CCG
-      </text>
-      <pattern>
-        00 00 00 00 00 00 00 00 xx xx 00 00 00 00 00 00 xx xx 01 00 00 00 00 00 00 00 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 74 xx xx xx 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Hying's PE-Armor 0.75.exe -> Hying</text>
-      <pattern>
-        E8 03 00 00 00 EB 01 xx BB 55 00 00 00 E8 03 00 00 00 EB 01 xx E8 8E 00 00 00 E8 03 00 00 00 EB 01 xx E8 81 00 00 00 E8 03 00 00 00 EB 01 xx E8 B7 00 00 00 E8 03 00 00 00 EB 01 xx E8 AA 00 00 00 E8 03 00 00 00 EB 01 xx 83 FB 55 E8 03 00 00 00 EB 01 xx 75
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        Hying's PE-Armor 0.76 -> Hying CCG
-      </text>
-      <pattern>
-        01 00 xx xx 00 00 00 00 00 00 00 00 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 56 69 72 74 75 61 6C 46 72 65 65 00 xx xx xx xx xx xx xx xx xx xx xx xx 61 xx xx xx 59 xx xx xx xx 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 00 00 8D xx xx xx xx 00 00 00 00 00 00 00 9D xx xx xx 8D xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 00 00 08 00 00 00 00 00 00 00 60 E8 00 00 00 00 5D 81 ED F0 00 00 00 8D B5 07 01 00 00 55 56 81 C5 xx xx xx xx 55 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>hying's PEArmor V0.76 -> hying</text>
-      <pattern>
-        E9 00 00 00 00 60 E8 14 00 00 00 5D 81 ED 00 00 00 00 6A xx E8 A3 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>IBM PictureMaker graphics file</text>
-      <pattern>
-        00 xx C1 xx 00 xx xx xx xx 02 00 01
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ICrypt 1.0 - by BuGGz</text>
-      <pattern>
-        55 8B EC 83 C4 EC 53 56 57 33 C0 89 45 EC B8 70 3B 00 10 E8 3C FA FF FF 33 C0 55 68 6C 3C 00 10 64 FF 30 64 89 20 6A 0A 68 7C 3C 00 10 A1 50 56 00 10 50 E8 D8 FA FF FF 8B D8 53 A1 50 56 00 10 50 E8 0A FB FF FF 8B F8 53 A1 50 56 00 10 50 E8 D4 FA FF FF 8B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ICrypt 1.0 - by BuGGz</text>
-      <pattern>
-        55 8B EC 83 C4 EC 53 56 57 33 C0 89 45 EC B8 70 3B 00 10 E8 3C FA FF FF 33 C0 55 68 6C 3C 00 10 64 FF 30 64 89 20 6A 0A 68 7C 3C 00 10 A1 50 56 00 10 50 E8 D8 FA FF FF 8B D8 53 A1 50 56 00 10 50 E8 0A FB FF FF 8B F8 53 A1 50 56 00 10 50 E8 D4 FA FF FF 8B D8 53 E8 D4 FA FF FF 8B F0 85 F6 74 26 8B D7 4A B8 64 56 00 10 E8 25 F6 FF FF B8 64 56 00 10 E8 13 F6 FF FF 8B CF 8B D6 E8 E6 FA FF FF 53 E8 90 FA FF FF 8D 4D EC BA 8C 3C 00 10 A1 64 56 00 10 E8 16 FB FF FF 8B 55 EC B8 64 56 00 10 E8 C5 F4 FF FF B8 64 56 00 10 E8 DB F5 FF FF E8 56 FC FF FF 33 C0 5A 59 59 64 89 10 68 73 3C 00 10 8D 45 EC E8 4D F4 FF FF C3 E9 E3 EE FF FF EB F0 5F 5E 5B E8 4D F3 FF FF 00 53 45 54 xx xx xx xx 00 FF FF FF FF 08 00 00 00 76 6F 74 72 65 63 6C 65
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ID Application Protector V1.2 -> ID Security Suite ! Sign by fly</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED F2 0B 47 00 B9 19 22 47 00 81 E9 EA 0E 47 00 89 EA 81 C2 EA 0E 47 00 8D 3A 89 FE 31 C0 E9 D3 02 00 00 CC CC CC CC E9 CA 02 00 00 43 3A 5C 57 69 6E 64 6F 77 73 5C 53 6F 66 74 57 61 72 65 50 72 6F 74 65 63 74 6F 72 5C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        ILUCRYPT v4.015 exe
-      </text>
-      <pattern>
-        8B EC FA C7 46 F7 xx xx 42 81 FA xx xx 75 F9 FF 66 F7
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        iLUCRYPT v4.018 exe
-      </text>
-      <pattern>
-        8B EC FA C7 xx xx xx xx 4C 4C C3 FB BF xx xx B8 xx xx 2E xx xx D1 C8 4F 81
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Img Software Set graphics file</text>
-      <pattern>
-        53 43 4D 49 20 20 20 31 41 54
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        IMP-Packer 1.0 -> Mahdi Hezavehi IMPOSTER
-      </text>
-      <pattern>
-        28 xx xx xx 00 00 00 00 00 00 00 00 40 xx xx xx 34 xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4C xx xx xx 5C xx xx xx 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        IMP-Packer 1.0 -> Mahdi Hezavehi IMPOSTER
-      </text>
-      <pattern>
-        28 xx xx xx 00 00 00 00 00 00 00 00 40 xx xx xx 34 xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4C xx xx xx 5C xx xx xx 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 47 65 74 50 72 6F 63
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>IMPostor Pack 1.0 -> Mahdi Hezavehi</text>
-      <pattern>
-        BE xx xx xx 00 83 C6 01 FF E6 00 00 00 00 xx xx 00 00 00 00 00 00 00 00 00 xx xx xx 00 xx 02 xx xx 00 10 00 00 00 02 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        Inbuild v1.0 hard
-      </text>
-      <pattern>
-        B9 xx xx BB xx xx 2E xx xx 2E xx xx 43 E2
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>INCrypter 0.3 (INinY) - by z3e_NiFe</text>
-      <pattern>
-        60 64 A1 30 00 00 00 8B 40 0C 8B 40 0C 8D 58 20 C7 03 00 00 00 00 E8 00 00 00 00 5D 81 ED 4D 16 40 00 8B 9D 0E 17 40 00 64 A1 18 00 00 00 8B 40 30 0F B6 40 02 83 F8 01 75 05 03 DB C1 CB 10 8B 8D 12 17 40 00 8B B5 06 17 40 00 51 81 3E 2E 72 73 72 74 65 8B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>INCrypter 0.3 (INinY) - by z3e_NiFe</text>
-      <pattern>
-        60 64 A1 30 00 00 00 8B 40 0C 8B 40 0C 8D 58 20 C7 03 00 00 00 00 E8 00 00 00 00 5D 81 ED 4D 16 40 00 8B 9D 0E 17 40 00 64 A1 18 00 00 00 8B 40 30 0F B6 40 02 83 F8 01 75 05 03 DB C1 CB 10 8B 8D 12 17 40 00 8B B5 06 17 40 00 51 81 3E 2E 72 73 72 74 65 8B 85 16 17 40 00 E8 23 00 00 00 8B 85 1A 17 40 00 E8 18 00 00 00 8B 85 1E 17 40 00 E8 0D 00 00 00 8B 85 22 17 40 00 E8 02 00 00 00 EB 18 8B D6 3B 46 0C 72 0A 83 F9 01 74 0B 3B 46 34 72 06 BA 00 00 00 00 C3 58 83 FA 00 75 1A 8B 4E 10 8B 7E 0C 03 BD 02 17 40 00 83 F9 00 74 09 F6 17 31 0F 31 1F 47 E2 F7 59 83 C6 28 49 83 F9 00 75 88 8B 85 0A 17 40 00 89 44 24 1C 61 50 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Inno Installer v5.1.2</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 58 BB DC 1E 00 00 2B C3 50 68 xx xx xx xx 68 00 50 00 00 68 D8 00 00 00 E8 C1 FE FF FF E9 97 FF FF FF CC CC
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Inno Setup Module v1.09a</text>
-      <pattern>
-        55 8B EC 83 C4 C0 53 56 57 33 C0 89 45 F0 89 45 C4 89 45 C0 E8 A7 7F FF FF E8 FA 92 FF FF E8 F1 B3 FF FF 33 C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Inno Setup Module v1.2.9</text>
-      <pattern>
-        55 8B EC 83 C4 C0 53 56 57 33 C0 89 45 F0 89 45 EC 89 45 C0 E8 5B 73 FF FF E8 D6 87 FF FF E8 C5 A9 FF FF E8 E0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Inno Setup Module v2.0.18</text>
-      <pattern>
-        55 8B EC 83 C4 B8 53 56 57 33 C0 89 45 F0 89 45 BC 89 45 B8 E8 73 71 FF FF E8 DA 85 FF FF E8 81 A7 FF FF E8 C8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Inno Setup Module v3.0.4-beta/v3.0.6/v3.0.7</text>
-      <pattern>
-        55 8B EC 83 C4 B8 53 56 57 33 C0 89 45 F0 89 45 BC 89 45 B8 E8 B3 70 FF FF E8 1A 85 FF FF E8 25 A7 FF FF E8 6C
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Inno Setup Module</text>
-      <pattern>
-        49 6E 6E 6F 53 65 74 75 70 4C 64 72 57 69 6E 64 6F 77 00 00 53 54 41 54 49 43
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Inno Setup Module</text>
-      <pattern>
-        55 8B EC 83 C4 xx 53 56 57 33 C0 89 45 F0 89 45 xx 89 45 xx E8 xx xx FF FF E8 xx xx FF FF E8 xx xx FF FF E8 xx xx FF FF E8 xx xx FF FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Install Stub 32-bit</text>
-      <pattern>
-        55 8B EC 81 EC 14 xx 00 00 53 56 57 6A 00 FF 15 xx xx xx xx 68 xx xx xx xx FF 15 xx xx xx xx 85 C0 74 29
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>InstallAnywhere 6.1 -> Zero G Software Inc</text>
-      <pattern>
-        60 BE 00 A0 42 00 8D BE 00 70 FD FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>InstallAnywhere 6.1 -> Zero G Software Inc</text>
-      <pattern>
-        60 BE 00 A0 42 00 8D BE 00 70 FD FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>InstallAnywhere 6.1 -> Zero G Software Inc</text>
-      <pattern>
-        60 BE 00 A0 42 00 8D BE 00 70 FD FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0 08 8A 06 46 83 F0 FF 74 74 89 C5 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 75 20 41 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Installer VISE Custom</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx 40 00 68 xx xx 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 xx xx 40 00 33 D2 8A D4 89 15 xx xx 40 00 8B C8 81 E1 FF 00 00 00 89 0D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>InstallShield 2000</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx xx 68 xx xx xx xx 64 A1 xx xx xx xx 50 64 89 25 xx xx xx xx 83 C4 xx 53 56 57
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>InstallShield 3.x Custom</text>
-      <pattern>
-        64 A1 00 00 00 00 55 8B EC 6A FF 68 00 A0 40 00 68 34 76 40 00 50 64 89 25 00 00 00 00 83 EC 60 53 56 57 89 65 E8 FF 15 8C E3 40 00 A3 70 B1 40 00 33 C0 A0 71 B1 40 00 A3 7C B1 40 00 A1 70 B1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>InstallShield Custom</text>
-      <pattern>
-        55 8B EC 83 EC 44 56 FF 15 xx xx 41 00 8B F0 85 F6 75 08 6A FF FF 15 xx xx 41 00 8A 06 57 8B 3D xx xx 41 00 3C 22 75 1B 56 FF D7 8B F0 8A 06 3C 22 74 04 84 C0 75 F1 80 3E 22 75 15 56 FF D7 8B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Interchange Format File (IFF), type WVQA</text>
-      <pattern>
-        46 4F 52 4D xx xx xx xx 57 56 51 41 56 51 48 44
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Interplay's MVE file</text>
-      <pattern>
-        49 6E 74 65 72 70 6C 61 79 20 4D 56 45 20 46 69 6C 65 1A 00 1A
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Ionic Wind Software</text>
-      <pattern>
-        9B DB E3 9B DB E2 D9 2D 00 xx xx 00 55 89 E5 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>iPB Protect 0.1.3 - 0.1.7 -> forgot</text>
-      <pattern>
-        55 8B EC 6A FF 68 4B 43 55 46 68 54 49 48 53 64 A1 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>iPBProtect 0.1.3</text>
-      <pattern>
-        55 8B EC 6A FF 68 4B 43 55 46 68 54 49 48 53 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 68 53 56 57 89 65 FA 33 DB 89 5D F8 6A 02 EB 01 F8 58 5F 5E 5B 64 8B 25 00 00 00 00 64 8F 05 00 00 00 00 58 58 58 5D 68 9F 6F 56 B6 50 E8 5D 00 00 00 EB FF 71 78
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>iPBProtect v0.1.3</text>
-      <pattern>
-        55 8B EC 6A FF 68 4B 43 55 46 68 54 49 48 53 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 68 53 56 57 89 65 FA 33 DB 89 5D F8 6A 02 EB 01 F8 58 5F 5E 5B 64 8B 25 00 00 00 00 64 8F 05 00 00 00 00 58 58 58 5D 68 9F 6F 56 B6 50 E8 5D 00 00 00 EB FF 71 78 C2 50 00 EB D3 5B F3 68 89 5C 24 48 5C 24 58 FF 8D 5C 24 58 5B 83 C3 4C 75 F4 5A 8D 71 78 75 09 81 F3 EB FF 52 BA 01 00 83 EB FC 4A FF 71 0F 75 19 8B 5C 24 00 00 81 33 50 53 8B 1B 0F FF C6 75 1B 81 F3 EB 87 1C 24 8B 8B 04 24 83 EC FC EB 01 E8 83 EC FC E9 E7 00 00 00 58 EB FF F0 EB FF C0 83 E8 FD EB FF 30 E8 C9 00 00 00 89 E0 EB FF D0 EB FF 71 0F 83 C0 01 EB FF 70 F0 71 EE EB FA EB 83 C0 14 EB FF 70 ED 71 EB EB FA FF 83 C0 FC EB FF 70 ED 71 EB EB FA 0F 83 C0 F8 EB FF 70 ED 71 EB EB FA FF 83 C0 18 EB FF 70
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>IProtect 1.0 (Fxlib.dll mode) - by FuXdas</text>
-      <pattern>
-        EB 33 2E 46 55 58 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 46 78 4C 69 62 2E 64 6C 6C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx 00 60 E8 00 00 00 00 5D 81 ED 71 10 40 00 FF 74 24 20 E8 40 00 00 00 0B C0 74 2F 89 85 63 10 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>IProtect 1.0 (Fxlib.dll mode) - by FuXdas</text>
-      <pattern>
-        EB 33 2E 46 55 58 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 46 78 4C 69 62 2E 64 6C 6C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx 00 60 E8 00 00 00 00 5D 81 ED 71 10 40 00 FF 74 24 20 E8 40 00 00 00 0B C0 74 2F 89 85 63 10 40 00 8D 85 3C 10 40 00 50 FF B5 63 10 40 00 E8 92 00 00 00 0B C0 74 13 89 85 5F 10 40 00 8D 85 49 10 40 00 50 FF 95 5F 10 40 00 8B 85 67 10 40 00 89 44 24 1C 61 FF E0 8B 7C 24 04 8D 85 00 10 40 00 50 64 FF 35 00 00 00 00 8D 85 53 10 40 00 89 20 89 68 04 8D 9D 0A 11 40 00 89 58 08 64 89 25 00 00 00 00 81 E7 00 00 FF FF 66 81 3F 4D 5A 75 0F 8B F7 03 76 3C 81 3E 50 45 00 00 75 02 EB 17 81 EF 00 00 01 00 81 FF 00 00 00 70 73 07 BF 00 00 F7 BF EB 02 EB D3 97 64 8F 05 00 00 00 00 83 C4 04 C2 04 00 8D 85 00 10 40 00 50 64 FF 35 00 00 00 00 8D 85 53 10 40 00 89 20 89 68 04 8D 9D 0A 11 40 00 89 58 08 64 89 25 00 00 00 00 8B 74 24 0C 66 81 3E 4D 5A 74 05 E9 8A 00 00 00 03 76 3C 81 3E 50 45 00 00 74 02 EB 7D 8B 7C 24 10 B9 96 00 00 00 32 C0 F2 AE 8B CF 2B 4C 24 10 8B 56 78 03 54 24 0C 8B 5A 20 03 5C 24 0C 33 C0 8B 3B 03 7C 24 0C 8B 74 24 10 51 F3 A6 75 05 83 C4 04 EB 0A 59 83 C3 04 40 3B 42 18 75 E2 3B 42 18 75 02 EB 35 8B 72 24 03 74 24 0C 52 BB 02 00 00 00 33 D2 F7 E3 5A 03 C6 33 C9 66 8B 08 8B 7A 1C 33 D2 BB 04 00 00 00 8B C1 F7 E3 03 44 24 0C 03 C7 8B 00 03 44 24 0C EB 02 33 C0 64 8F 05 00 00 00 00 83 C4 04 C2 08 00 E8 FA FD FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>IProtect 1.0 (FxSub.dll mode) - by FuXdas</text>
-      <pattern>
-        EB 33 2E 46 55 58 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 46 78 53 75 62 2E 64 6C 6C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx 00 60 E8 00 00 00 00 5D 81 ED B6 13 40 00 FF 74 24 20 E8 40 00 00 00 0B C0 74 2F 89 85 A8 13 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>IProtect 1.0 (FxSub.dll mode) - by FuXdas</text>
-      <pattern>
-        EB 33 2E 46 55 58 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 46 78 53 75 62 2E 64 6C 6C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx 00 60 E8 00 00 00 00 5D 81 ED B6 13 40 00 FF 74 24 20 E8 40 00 00 00 0B C0 74 2F 89 85 A8 13 40 00 8D 85 81 13 40 00 50 FF B5 A8 13 40 00 E8 92 00 00 00 0B C0 74 13 89 85 A4 13 40 00 8D 85 8E 13 40 00 50 FF 95 A4 13 40 00 8B 85 AC 13 40 00 89 44 24 1C 61 FF E0 8B 7C 24 04 8D 85 00 10 40 00 50 64 FF 35 00 00 00 00 8D 85 98 13 40 00 89 20 89 68 04 8D 9D 4F 14 40 00 89 58 08 64 89 25 00 00 00 00 81 E7 00 00 FF FF 66 81 3F 4D 5A 75 0F 8B F7 03 76 3C 81 3E 50 45 00 00 75 02 EB 17 81 EF 00 00 01 00 81 FF 00 00 00 70 73 07 BF 00 00 F7 BF EB 02 EB D3 97 64 8F 05 00 00 00 00 83 C4 04 C2 04 00 8D 85 00 10 40 00 50 64 FF 35 00 00 00 00 8D 85 98 13 40 00 89 20 89 68 04 8D 9D 4F 14 40 00 89 58 08 64 89 25 00 00 00 00 8B 74 24 0C 66 81 3E 4D 5A 74 05 E9 8A 00 00 00 03 76 3C 81 3E 50 45 00 00 74 02 EB 7D 8B 7C 24 10 B9 96 00 00 00 32 C0 F2 AE 8B CF 2B 4C 24 10 8B 56 78 03 54 24 0C 8B 5A 20 03 5C 24 0C 33 C0 8B 3B 03 7C 24 0C 8B 74 24 10 51 F3 A6 75 05 83 C4 04 EB 0A 59 83 C3 04 40 3B 42 18 75 E2 3B 42 18 75 02 EB 35 8B 72 24 03 74 24 0C 52 BB 02 00 00 00 33 D2 F7 E3 5A 03 C6 33 C9 66 8B 08 8B 7A 1C 33 D2 BB 04 00 00 00 8B C1 F7 E3 03 44 24 0C 03 C7 8B 00 03 44 24 0C EB 02 33 C0 64 8F 05 00 00 00 00 83 C4 04 C2 08 00 E8 B5 FA FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>JAM v2.11</text>
-      <pattern>
-        50 06 16 07 BE xx xx 8B FE B9 xx xx FD FA F3 2E A5 FB 06 BD xx xx 55 CB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>JAR Archive</text>
-      <pattern>
-        xx xx xx xx xx xx xx xx xx xx xx xx xx xx 1A 4A 61 72 1B
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>JDPack 2.x -> JDPack</text>
-      <pattern>
-        55 8B EC 6A FF 68 68 51 40 00 68 04 25 40 00 64 A1 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>JDPack V2.00 -> JDPack</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx xx 68 xx xx xx xx 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 xx xx xx E8 01 00 00 00 xx xx xx xx xx xx 05 00 00 00 00 83 C4 0C 5D 60 E8 00 00 00 00 5D 8B D5 64 FF 35 00 00 00 00 EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>JDPack</text>
-      <pattern>
-        60 E8 xx xx xx xx 5D 8B D5 81 ED xx xx xx xx 2B 95 xx xx xx xx 81 EA 06 xx xx xx 89 95 xx xx xx xx 83 BD 45
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>JExeCompressor 1.0 - by Arash Veyskarami</text>
-      <pattern>
-        8D 2D D3 4A E5 14 0F BB F7 0F BA E5 73 0F AF D5 8D 0D 0C 9F E6 11 C0 F8 EF F6 DE 80 DC 5B F6 DA 0F A5 C1 0F C1 F1 1C F3 4A 81 E1 8C 1F 66 91 0F BE C6 11 EE 0F C0 E7 33 D9 64 F2 C0 DC 73 0F C0 D5 55 8B EC BA C0 1F 41 00 8B C2 B9 97 00 00 00 80 32 79 50 B8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>JExeCompressor 1.0 - by Arash Veyskarami</text>
-      <pattern>
-        8D 2D D3 4A E5 14 0F BB F7 0F BA E5 73 0F AF D5 8D 0D 0C 9F E6 11 C0 F8 EF F6 DE 80 DC 5B F6 DA 0F A5 C1 0F C1 F1 1C F3 4A 81 E1 8C 1F 66 91 0F BE C6 11 EE 0F C0 E7 33 D9 64 F2 C0 DC 73 0F C0 D5 55 8B EC BA C0 1F 41 00 8B C2 B9 97 00 00 00 80 32 79 50 B8 02 00 00 00 50 03 14 24 58 58 51 2B C9 B9 01 00 00 00 83 EA 01 E2 FB 59 E2 E1 FF E0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>JExeCompressor V1.0 -> UsAr</text>
-      <pattern>
-        0F C8 0F CF C6 C4 8B 0F AC EA 99 0F AD D8 13 F5 0F BD EF 85 EF 85 DA 69 FE xx xx xx xx 21 F9 BE xx xx xx xx 23 CF 0F BC FE D2 DC 85 EF B9 xx xx xx xx C6 C0 F7 8D 35 xx xx xx xx 8D 0D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Joiner (sign from pinch 25.03.2007 20:10)</text>
-      <pattern>
-        81 EC 04 01 00 00 8B F4 68 04 01 00 00 56 6A 00 E8 7C 01 00 00 33 C0 6A 00 68 80 00 00 00 6A 03 6A 00 6A 00 68 00 00 00 80 56 E8 50 01 00 00 8B D8 6A 00 6A 00 6A 00 6A 02 6A 00 53 E8 44 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>KBys Packer 0.28 Beta -> Shoooo</text>
-      <pattern>
-        60 E8 00 00 00 00 5E 83 EE 0A 8B 06 03 C2 8B 08 89 4E F3 83 EE 0F 56 52 8B F0 AD AD 03 C2 8B D8 6A 04 BF 00 10 00 00 57 57 6A 00 FF 53 08 5A 59 BD 00 80 00 00 55 6A 00 50 51 52 50 89 06 AD AD 03 C2 50 AD 03 C2 FF D0 6A 04 57 AD 50 6A 00 FF 53
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Kbys Packer 0.28 Beta-> shoooo314</text>
-      <pattern>
-        68 85 AE 01 01 E8 01 00 00 00 C3 C3 60 8B 74 24 24 8B 7C 24 28 FC B2 80 33 DB A4 B3 02 E8 6D 00 00 00 73 F6 33 C9 E8 64 00 00 00 73 1C 33 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>KByS V0.28 -> shoooo ! Sign by fly</text>
-      <pattern>
-        68 xx xx xx xx E8 01 00 00 00 C3 C3 60 8B 74 24 24 8B 7C 24 28 FC B2 80 33 DB A4
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>KByS V0.28 DLL -> shoooo ! Sign by fly</text>
-      <pattern>
-        B8 xx xx xx xx BA xx xx xx xx 03 C2 FF E0 xx xx xx xx 60 E8 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>KGB SFX</text>
-      <pattern>
-        60 BE 00 A0 46 00 8D BE 00 70 F9 FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>KGCrypt vx.x</text>
-      <pattern>
-        E8 xx xx xx xx 5D 81 ED xx xx xx xx 64 A1 30 xx xx xx 84 C0 74 xx 64 A1 20 xx xx xx 0B C0 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>kkrunchy -> Ryd</text>
-      <pattern>
-        BD 08 xx xx 00 C7 45 00 xx xx xx 00 FF 4D 08 C6 45 0C 05 8D 7D 14 31 C0 B4 04 89 C1 F3 AB BF xx xx xx 00 57 BE xx xx xx 00 31 C9 41 FF 4D 0C 8D 9C 8D A0 00 00 00 FF D6 10 C9 73 F3 FF 45 0C 91 AA 83 C9 FF 8D 5C 8D 18 FF D6 74 DD E3 17 8D 5D 1C FF D6 74 10
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>kkrunchy -> Ryd</text>
-      <pattern>
-        BD 08 xx xx 00 C7 45 00 xx xx xx 00 FF 4D 08 C6 45 0C 05 8D 7D 14 31 C0 B4 04 89 C1 F3 AB BF xx xx xx 00 57 BE xx xx xx 00 31 C9 41 FF 4D 0C 8D 9C 8D A0 00 00 00 FF D6 10 C9 73 F3 FF 45 0C 91 AA 83 C9 FF 8D 5C 8D 18 FF D6 74 DD E3 17 8D 5D 1C FF D6 74 10 8D 9D A0 08 00 00 E8 EB 00 00 00 8B 45 10 EB 42 8D 9D A0 04 00 00 E8 DB 00 00 00 49 49 78 40 8D 5D 20 74 03 83 C3 40 31 D2 42 E8 BD 00 00 00 8D 0C 48 F6 C2 10 74 F3 41 91 8D 9D A0 08 00 00 E8 B2 00 00 00 3D 00 08 00 00 83 D9 FF 83 F8 60 83 D9 FF 89 45 10 56 89 FE 29 C6 F3 A4 5E EB 90 BE xx xx xx 00 BB xx xx xx 00 55 46 AD 85 C0 74 29 97 56 FF 13 85 C0 74 16 95 AC 84 C0 75 FB 38 06 74 E8 78 0D 56 55 FF 53 04 AB 85 C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>kkrunchy 0.23 alpha -> Ryd</text>
-      <pattern>
-        BD 08 xx xx 00 C7 45 00 xx xx xx 00 FF 4D 08 C6 45 0C 05 8D 7D 14 31 C0 B4 04 89 C1 F3 AB BF xx xx xx 00 57 BE xx xx xx 00 31 C9 41 FF 4D 0C 8D 9C 8D A0 00 00 00 FF D6 10 C9 73 F3 FF 45 0C 91 AA 83 C9 FF 8D 5C 8D 18 FF D6 74 DD E3 17 8D 5D 1C FF D6 74 10 8D 9D A0 08 00 00 E8 xx 00 00 00 8B 45 10 EB 42 8D 9D A0 04 00 00 E8 xx 00 00 00 49 49 78 40 8D 5D 20 74 03 83 C3 40 31 D2 42 E8 xx 00 00 00 8D 0C 48 F6 C2 10 74 F3 41 91 8D 9D A0 08 00 00 E8 xx 00 00 00 3D 00 08 00 00 83 D9 FF 83 F8 60 83 D9 FF 89 45 10 56 89 FE 29 C6 F3 A4 5E EB 90 BE xx xx xx 00 BB xx xx xx 00 55 46 AD 85 C0 74 xx 97 56 FF 13 85 C0 74 16 95 AC 84 C0 75 FB 38 06 74 E8 78 xx 56 55 FF 53 04 AB 85 C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>kkrunchy 0.23 alpha 2 -> Ryd</text>
-      <pattern>
-        BD xx xx xx xx C7 45 00 xx xx xx 00 B8 xx xx xx 00 89 45 04 89 45 54 50 C7 45 10 xx xx xx 00 FF 4D 0C FF 45 14 FF 45 58 C6 45 1C 08 B8 00 08 00 00 8D 7D 30 AB AB AB AB BB 00 00 D8 00 BF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>kkrunchy 0.23 alpha 2 -> Ryd</text>
-      <pattern>
-        BD xx xx xx xx C7 45 00 xx xx xx 00 B8 xx xx xx 00 89 45 04 89 45 54 50 C7 45 10 xx xx xx 00 FF 4D 0C FF 45 14 FF 45 58 C6 45 1C 08 B8 00 08 00 00 8D 7D 30 AB AB AB AB BB 00 00 D8 00 BF xx xx xx 01 31 C9 41 8D 74 09 01 B8 CA 8E 2A 2E 99 F7 F6 01 C3 89 D8 C1 E8 15 AB FE C1 75 E8 BE
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>kkrunchy v0.17 -> F. Giesen</text>
-      <pattern>
-        FC FF 4D 08 31 D2 8D 7D 30 BE
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>kkrunchy V0.2X -> Ryd ! Sign by fly</text>
-      <pattern>
-        BD xx xx xx xx C7 45 xx xx xx xx xx FF 4D 08 C6 45 0C 05 8D 7D 14 31 C0 B4 04 89 C1 F3 AB BF xx xx xx xx 57 BE xx xx xx xx 31 C9 41 FF 4D 0C 8D 9C 8D A0 00 00 00 FF D6
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Krypton v0.2</text>
-      <pattern>
-        8B 0C 24 E9 0A 7C 01 xx AD 42 40 BD BE 9D 7A 04
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Krypton v0.3</text>
-      <pattern>
-        8B 0C 24 E9 C0 8D 01 xx C1 3A 6E CA 5D 7E 79 6D B3 64 5A 71 EA
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Krypton v0.4</text>
-      <pattern>
-        54 E8 xx xx xx xx 5D 8B C5 81 ED 61 34 xx xx 2B 85 60 37 xx xx 83 E8 06
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Krypton v0.5</text>
-      <pattern>
-        54 E8 xx xx xx xx 5D 8B C5 81 ED 71 44 xx xx 2B 85 64 60 xx xx EB 43 DF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>kryptor 5</text>
-      <pattern>
-        E8 03 xx xx xx E9 EB 6C 58 40 FF E0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>kryptor 6</text>
-      <pattern>
-        E8 03 xx xx xx E9 EB 68 58 33 D2 74 02 E9 E9 40 42 75 02
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>kryptor 9</text>
-      <pattern>
-        60 E8 xx xx xx xx 5E B9 xx xx xx xx 2B C0 02 04 0E D3 C0 49 79 F8 41 8D 7E 2C 33 46 xx 66 B9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>LamCrypt 1.0 -> LaZaRuS</text>
-      <pattern>
-        60 66 9C BB 00 xx xx 00 80 B3 00 10 40 00 90 4B 83 FB FF 75 F3 66 9D 61 B8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>LameCrypt -> LaZaRus</text>
-      <pattern>
-        60 66 9C BB 00 xx xx 00 80 B3 00 10 40 00 90 4B 83 FB FF 75 F3 66 9D 61 B8 xx xx 40 00 FF E0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>LameCrypt v1.0</text>
-      <pattern>
-        60 66 9C BB xx xx xx xx 80 B3 00 10 40 00 90 4B 83 FB FF 75 F3 66 9D 61
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>LamerStop v1.0c (c) Stefan Esser</text>
-      <pattern>
-        E8 xx xx 05 xx xx CD 21 33 C0 8E C0 26 xx xx xx 2E xx xx xx 26 xx xx xx 2E xx xx xx BA xx xx FA
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Lattice C v1.01</text>
-      <pattern>
-        FA B8 xx xx 05 xx xx B1 xx D3 E8 8C CB 03 C3 8E D8 8E D0 26 xx xx xx xx 2B D8 F7 xx xx xx 75 xx B1 xx D3 E3 EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Lattice C v3.0</text>
-      <pattern>
-        FA B8 xx xx 8E D8 B8 xx xx 8E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>LaunchAnywhere 4.0.0.1</text>
-      <pattern>
-        55 89 E5 53 83 EC 48 55 B8 FF FF FF FF 50 50 68 E0 3E 42 00 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 68 C0 69 44 00 E8 E4 80 FF FF 59 E8 4E 29 00 00 E8 C9 0D 00 00 85 C0 75 08 6A FF E8 6E 2B 00 00 59 E8 A8 2C 00 00 E8 23 2E 00 00 FF 15 4C C2 44 00 89 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>LaunchAnywhere v4.0.0.1</text>
-      <pattern>
-        55 89 E5 53 83 EC 48 55 B8 FF FF FF FF 50 50 68 E0 3E 42 00 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 68 C0 69 44 00 E8 E4 80 FF FF 59 E8 4E 29 00 00 E8 C9 0D 00 00 85 C0 75 08 6A FF E8 6E 2B 00 00 59 E8 A8 2C 00 00 E8 23 2E 00 00 FF 15 4C C2 44 00 89 C3 EB 19 3C 22 75 14 89 C0 8D 40 00 43 8A 03 84 C0 74 04 3C 22 75 F5 3C 22 75 01 43 8A 03 84 C0 74 0B 3C 20 74 07 3C 09 75 D9 EB 01 43 8A 03 84 C0 74 04 3C 20 7E F5 8D 45 B8 50 FF 15 E4 C1 44 00 8B 45 E4 25 01 00 00 00 74 06 0F B7 45 E8 EB 05 B8 0A 00 00 00 50 53 6A 00 6A 00 FF 15 08 C2 44 00 50 E8 63 15 FF FF 50 E8 EE 2A 00 00 59 8D 65 FC 5B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Launcher Generator 1.03</text>
-      <pattern>
-        68 00 20 40 00 68 10 20 40 00 6A 00 6A 00 6A 20 6A 00 6A 00 6A 00 68 F0 22 40 00 6A 00 E8 93 00 00 00 85 C0 0F 84 7E 00 00 00 B8 00 00 00 00 3B 05 68 20 40 00 74 13 6A xx 68 60 23 40 00 68 20 23 40 00 6A 00 E8 83 00 00 00 A1 58 20 40 00 3B 05 6C 20 40 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Launcher Generator v1.03</text>
-      <pattern>
-        68 00 20 40 00 68 10 20 40 00 6A 00 6A 00 6A 20 6A 00 6A 00 6A 00 68 F0 22 40 00 6A 00 E8 93 00 00 00 85 C0 0F 84 7E 00 00 00 B8 00 00 00 00 3B 05 68 20 40 00 74 13 6A xx 68 60 23 40 00 68 20 23 40 00 6A 00 E8 83 00 00 00 A1 58 20 40 00 3B 05 6C 20 40 00 74 51 C1 E0 02 A3 5C 20 40 00 BB 70 21 40 00 03 C3 8B 18 68 60 20 40 00 53 B8 F0 21 40 00 03 05 5C 20 40 00 8B D8 8B 03 05 70 20 40 00 50 B8 70 22 40 00 03 05 5C 20 40 00 FF 30 FF 35 00 20 40 00 E8 26 00 00 00 A1 58 20 40 00 40 A3 58 20 40 00 EB A2 6A FF E8 00 00 00 00 FF 25 5C 30 40 00 FF 25 60 30 40 00 FF 25 64 30 40 00 FF 25 68 30 40 00 FF 25 6C 30 40 00 FF 25 74 30 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>LCC Win32 DLL</text>
-      <pattern>
-        55 89 E5 53 56 57 83 7D 0C 01 75 05 E8 17 xx xx xx FF 75 10 FF 75 0C FF 75 08 A1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>LCC Win32 v1.x</text>
-      <pattern>
-        64 A1 xx xx xx xx 55 89 E5 6A FF 68 xx xx xx xx 68 9A 10 40 xx 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>LCC-Win32</text>
-      <pattern>
-        64 A1 00 00 00 00 55 89 E5 6A FF 68 10 30 40 00 68 9A 10 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        LGLZ v1.04 com
-      </text>
-      <pattern>
-        BF xx xx 3B FC 72 19 B4 09 BA 12 01 CD 21 B4 4C CD 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>LGLZ v1.04b</text>
-      <pattern>
-        FC 1E 06 0E 8C C8 xx xx xx xx BA xx xx 03 C2 8B D8 05 xx xx 8E DB 8E C0 33 F6 33 FF B9 xx xx F3 A5 4B 48 4A 79
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Libraries by John Socha</text>
-      <pattern>
-        BB xx xx 8E DB 2E 89 xx xx xx 8D xx xx xx 25 xx xx FA 8E D3 8B E0 FB 26 A1 A3 xx xx B4 30 CD 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>LOCK98 V1.00.28 -> keenvim</text>
-      <pattern>
-        55 E8 00 00 00 00 5D 81 xx xx xx xx xx EB 05 E9 xx xx xx xx EB 08
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Lockless Intro Pack</text>
-      <pattern>
-        2C E8 xx xx xx xx 5D 8B C5 81 ED F6 73 xx xx 2B 85 xx xx xx xx 83 E8 06 89 85
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Lotus Word Pro document file</text>
-      <pattern>
-        57 6F 72 64 50 72 6F xx xx xx xx xx xx xx xx xx 4C 57 50 37
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>LSI C-86 Run-Time Libray</text>
-      <pattern>
-        B8 xx xx 8E C0 06 17 BC xx xx 26 8C xx xx xx B4 30 CD 21 26 A3 xx xx FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>LTC v1.3</text>
-      <pattern>
-        54 E8 00 00 00 00 5D 8B C5 81 ED F6 73 40 00 2B 85 87 75 40 00 83 E8 06
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>LY_WGKX -> www.szleyu.com</text>
-      <pattern>
-        4D 79 46 75 6E 00 62 73
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>LZEXE v0.91, v1.00a (1)</text>
-      <pattern>
-        06 0E 1F 8B xx xx xx 8B F1 4E 89 F7
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>LZEXE v0.91, v1.00a (2)</text>
-      <pattern>
-        BF xx xx 06 89 F9 0E 41 1F 8C CB 89 FE
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Macromedia Windows Flash Projector/Player 5.0</text>
-      <pattern>
-        83 EC 44 56 FF 15 70 61 44 00 8B F0 8A 06 3C 22 75 1C 8A 46 01 46 3C 22 74 0C 84 C0 74 08 8A 46 01 46 3C 22 75 F4 80 3E 22 75 0F 46 EB 0C 3C 20 7E 08 8A 46 01 46 3C 20 7F F8 8A 06 84 C0 74 0C 3C 20 7F 08 8A 46 01 46 84 C0 75 F4 8D 44 24 04 C7 44 24 30 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Macromedia Windows Flash Projector/Player v3.0</text>
-      <pattern>
-        55 8B EC 83 EC 44 56 FF 15 94 13 42 00 8B F0 B1 22 8A 06 3A C1 75 13 8A 46 01 46 3A C1 74 04 84 C0 75 F4 38 0E 75 0D 46 EB 0A 3C 20 7E 06
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Macromedia Windows Flash Projector/Player v4.0</text>
-      <pattern>
-        83 EC 44 56 FF 15 24 41 43 00 8B F0 8A 06 3C 22 75 1C 8A 46 01 46 3C 22 74 0C 84 C0 74 08 8A 46 01 46 3C 22 75 F4 80 3E 22 75 0F 46 EB 0C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Macromedia Windows Flash Projector/Player v5.0</text>
-      <pattern>
-        83 EC 44 56 FF 15 70 61 44 00 8B F0 8A 06 3C 22 75 1C 8A 46 01 46 3C 22 74 0C 84 C0 74 08 8A 46 01 46 3C 22 75 F4 80 3E 22 75 0F 46 EB 0C 3C 20 7E 08 8A 46 01 46 3C 20 7F F8 8A 06 84 C0 74 0C 3C 20 7F 08 8A 46 01 46 84 C0 75 F4 8D 44 24 04 C7 44 24 30 00 00 00 00 50 FF 15 80 61 44 00 F6 44 24 30 01 74 0B 8B 44 24 34 25 FF FF 00 00 EB 05 B8 0A 00 00 00 50 56 6A 00 6A 00 FF 15 74 61 44 00 50 E8 18 00 00 00 50 FF 15 78 61 44 00 5E 83 C4 44 C3 90 90 90 90 90 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Macromedia Windows Flash Projector/Player v6.0</text>
-      <pattern>
-        83 EC 44 56 FF 15 24 81 49 00 8B F0 8A 06 3C 22 75 1C 8A 46 01 46 3C 22 74 0C 84 C0 74 08 8A 46 01 46 3C 22 75 F4 80 3E 22 75 0F 46 EB 0C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MarjinZ EXE-Scrambler SE - by MarjinZ</text>
-      <pattern>
-        E8 A3 02 00 00 E9 35 FD FF FF FF 25 C8 20 00 10 6A 14 68 C0 21 00 10 E8 E4 01 00 00 FF 35 7C 33 00 10 8B 35 8C 20 00 10 FF D6 59 89 45 E4 83 F8 FF 75 0C FF 75 08 FF 15 88 20 00 10 59 EB 61 6A 08 E8 02 03 00 00 59 83 65 FC 00 FF 35 7C 33 00 10 FF D6 89 45 E4 FF 35 78 33 00 10 FF D6 89 45 E0 8D 45 E0 50 8D 45 E4 50 FF 75 08 E8 D1 02 00 00 89 45 DC FF 75 E4 8B 35 74 20 00 10 FF D6 A3 7C 33 00 10 FF 75 E0 FF D6 83 C4 1C A3 78 33 00 10 C7 45 FC FE FF FF FF E8 09 00 00 00 8B 45 DC E8 A0 01 00 00 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MaskPE 1.6 -> yzkzero</text>
-      <pattern>
-        36 81 2C 24 xx xx xx 00 C3 60
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MaskPE V2.0 -> yzkzero</text>
-      <pattern>
-        B8 18 00 00 00 64 8B 18 83 C3 30 C3 40 3E 0F B6 00 C1 E0 xx 83 C0 xx 36 01 04 24 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MASM / TASM</text>
-      <pattern>
-        6A 00 E8 xx 0? 00 00 A3 xx 32 40 00 E8 xx 0? 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MASM / TASM</text>
-      <pattern>
-        6A 00 E8 xx 0? 00 00 A3 xx xx 40 00 xx xx xx ?0 ?0 xx xx 00 00 00 xx xx 0? xx xx ?0 xx xx ?0 ?0 xx xx xx ?0 xx 0? xx ?0 ?0 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MASM / TASM</text>
-      <pattern>
-        6A 00 E8 xx xx 00 00 A3 xx 32 40 00 E8 xx xx 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MASM/TASM - sig1(h)</text>
-      <pattern>
-        CC FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MASM/TASM - sig2(h)</text>
-      <pattern>
-        C2 xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MASM/TASM - sig4 (h)</text>
-      <pattern>
-        C3 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MASM/TASM - sig4 (h)</text>
-      <pattern>
-        FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00 FF 25 xx xx xx 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MASM32</text>
-      <pattern>
-        6A xx 68 00 30 40 00 68 xx 30 40 00 6A 00 E8 07 00 00 00 6A 00 E8 06 00 00 00 FF 25 08 20
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Matrix Dongle -> TDi GmbH</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 4B 45 52 4E 45 4C 33 32 2E 44 4C 4C 00 E8 B6 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx E8 00 00 00 00 5B 2B D9 8B F8 8B 4C 24 2C 33 C0 2B CF F2 AA 8B 3C 24 8B 0A 2B CF 89 5C 24 20 80 37 A2 47 49 75 F9 8D 64 24 04 FF 64 24 FC 60 C7 42 08 xx xx xx xx E8 C5 FF FF FF C3 C2 F7 29 4E 29 5A 29 E6 86 8A 89 63 5C A2 65 E2 A3 A2
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Matrix Dongle -> TDi GmbH</text>
-      <pattern>
-        E8 00 00 00 00 E8 00 00 00 00 59 5A 2B CA 2B D1 E8 1A FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MEGALITE v1.20a</text>
-      <pattern>
-        B8 xx xx BA xx xx 05 xx xx 3B 2D 73 xx 72 xx B4 09 BA xx xx CD 21 CD 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MESS v1.20</text>
-      <pattern>
-        xx xx xx xx FA B9 xx xx F3 xx xx E3 xx EB xx EB xx B6
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MetaWare High C + Phar Lap DOS Extender 1983-89</text>
-      <pattern>
-        B8 xx xx 8E D8 B8 xx xx CD 21 A3 xx xx 3C 03 7D xx B4 09
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MetaWare High C Run-Time Library + Phar Lap DOS Extender 1983-89</text>
-      <pattern>
-        B8 xx xx 50 B8 xx xx 50 CB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Metrowerks CodeWarrior (DLL) v2.0</text>
-      <pattern>
-        55 89 E5 53 56 57 8B 75 0C 8B 5D 10 83 FE 01 74 05 83 FE 02 75 12 53 56 FF 75 08 E8 6E FF FF FF 09 C0 75 04 31 C0 EB 21 53 56 FF 75 08 E8 xx xx xx xx 89 C7 09 F6 74 05 83 FE 03 75 0A 53 56 FF 75 08 E8 47 FF FF FF 89 F8 8D 65 F4 5F 5E 5B 5D C2 0C 00 C9
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Metrowerks CodeWarrior v2.0 (Console)</text>
-      <pattern>
-        55 89 E5 55 B8 FF FF FF FF 50 50 68 xx xx xx xx 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 68 xx xx xx xx E8 xx xx xx xx xx xx xx xx xx xx xx xx E8 xx xx 00 00 E8 xx xx 00 00 E8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Metrowerks CodeWarrior v2.0 (GUI)</text>
-      <pattern>
-        55 89 E5 53 56 83 EC 44 55 B8 FF FF FF FF 50 50 68 xx xx 40 00 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 68 xx xx xx xx xx xx xx xx xx xx xx xx E8 xx xx 00 00 E8 xx xx 00 00 E8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MEW 10 by Northfox</text>
-      <pattern>
-        33 C0 E9 xx xx FF FF xx 1C xx xx 40
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        Mew 10 exe-coder 1.0 -> Northfox HCC
-      </text>
-      <pattern>
-        33 C0 E9 xx xx FF FF 6A xx xx xx xx xx 70
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MEW 11 SE 1.0 -> Northfox</text>
-      <pattern>
-        E9 xx xx xx xx 00 00 00 02 00 00 00 0C 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MEW 11 SE 1.1 -> Northfox</text>
-      <pattern>
-        E9 xx xx xx xx 0C xx xx xx 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MEW 11 SE 1.2</text>
-      <pattern>
-        E9 xx xx xx FF 0C xx 00 00 00 00 00 00 00 00 00 00 xx xx xx 00 0C xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MEW 11 SE v1.0 -> Northfox</text>
-      <pattern>
-        E9 xx xx xx xx 00 00 00 02 00 00 00 0C ?0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MEW 11 SE v1.1</text>
-      <pattern>
-        E9 xx xx xx FF 0C xx 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Mew 11 SE v1.2 (Eng) -> Northfox</text>
-      <pattern>
-        E9 xx xx xx FF 0C xx xx 00 00 00 00 00 00 00 00 00 xx xx xx 00 0C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        MEW 11 SE v1.2 -> Northfox HCC
-      </text>
-      <pattern>
-        E9 xx xx xx FF 0C xx xx 00 00 00 00 00 00 00 00 00 xx xx xx 00 0C xx xx 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MEW 11 SE v1.2</text>
-      <pattern>
-        E9 xx xx xx FF 0C xx 00 00 00 00 00 00 00 00 00 00 xx xx xx 00 0C xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MEW 5 1.0 -> Northfox</text>
-      <pattern>
-        BE 5B 00 40 00 AD 91 AD 93 53 AD 96 56 5F AC C0 C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Mew 5.0.1 -> NorthFox / HCC</text>
-      <pattern>
-        BE 5B 00 40 00 AD 91 AD 93 53 AD 96 56 5F AC C0 C0 xx 04 xx C0 C8 xx AA E2 F4 C3 00 xx xx 00 xx xx xx 00 00 10 40 00 4D 45 57 20 30 2E 31 20 62 79 20 4E 6F 72 74 68 66 6F 78 00 4D 45 57 20 30 2E 31 20 62 79 20 4E 6F 72 74 68 66 6F 78 00 4D 45 57 20 30 2E 31 20 62 79 20 4E 6F 72 74 68 66 6F 78 00 4D 45 57 20 30 2E 31 20 62 79 20 4E 6F 72 74 68 66 6F 78 00 4D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MicroJoiner 1.1 -> coban2k</text>
-      <pattern>
-        BE 0C 70 40 00 BB F8 11 40 00 33 ED 83 EE 04 39 2E 74 11
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MicroJoiner 1.5 -> coban2k</text>
-      <pattern>
-        BF 05 10 40 00 83 EC 30 8B EC E8 C8 FF FF FF E8 C3 FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MicroJoiner 1.6 -> coban2k</text>
-      <pattern>
-        33 C0 64 8B 38 48 8B C8 F2 AF AF 8B 1F 66 33 DB 66 81 3B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MicroJoiner 1.7 -> coban2k</text>
-      <pattern>
-        BF 00 10 40 00 8D 5F 21 6A 0A 58 6A 04 59 60 57 E8 8E 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft (R) Full-text index file</text>
-      <pattern>
-        6C 6C 2D 74 65 78 74 20 69 6E 64 65 78
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft (R) Incremental Linker Version 5.12.8078 (MASM/TASM)</text>
-      <pattern>
-        6A 00 68 00 30 40 00 68 1E 30 40 00 6A 00 E8 0D 00 00 00 6A 00 E8 00 00 00 00 FF 25 00 20 40 00 FF 25 08 20 40
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Access Database file</text>
-      <pattern>
-        00 01 00 00 53 74 61 6E 64 61 72 64 20 4A 65 74 20 44 42 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Basic Compiler v5.60 1982-97</text>
-      <pattern>
-        9A xx xx xx xx 9A xx xx xx xx 9A xx xx xx xx 33 DB BA xx xx 9A xx xx xx xx C7 06 xx xx xx xx 33 DB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft C (1988/1989)</text>
-      <pattern>
-        B4 30 CD 21 3C 02 73 xx CD 20 BF xx xx 8B xx xx xx 2B F7 81 xx xx xx 72
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft C (1990/1992)</text>
-      <pattern>
-        B4 30 CD 21 3C 02 73 xx 33 C0 06 50 CB BF xx xx 8B 36 xx xx 2B F7 81 FE xx xx 72 xx BE xx xx FA 8E D7
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft C for Windows (1)</text>
-      <pattern>
-        33 ED 55 9A xx xx xx xx 0B C0 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft C for Windows (2)</text>
-      <pattern>
-        8C D8 xx 45 55 8B EC 1E 8E D8 57 56 89
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft C Library 1985</text>
-      <pattern>
-        BF xx xx 8B 36 xx xx 2B F7 81 FE xx xx 72 xx BE xx xx FA 8E D7 81 C4 xx xx FB 73
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft C v1.04</text>
-      <pattern>
-        FA B8 xx xx 8E D8 8E D0 26 8B xx xx xx 2B D8 F7 xx xx xx 75 xx B1 04 D3 E3 EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft C++ (1990/1992)</text>
-      <pattern>
-        B8 00 30 CD 21 3C 03 73 xx 0E 1F BA xx xx B4 09 CD 21 06 33 C0 50 CB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft C</text>
-      <pattern>
-        B4 30 CD 21 3C 02 73 xx B8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft CAB SFX module</text>
-      <pattern>
-        55 8B EC 83 EC 44 56 FF 15 xx 10 00 01 8B F0 8A 06 3C 22 75 14 8A 46 01 46 84 C0 74 04 3C 22 75 F4 80 3E 22 75 0D xx EB 0A 3C 20
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft CAB SFX</text>
-      <pattern>
-        E8 0A 00 00 00 E9 7A FF FF FF CC CC CC CC CC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft FORTRAN</text>
-      <pattern>
-        FC 1E B8 xx xx 8E D8 9A xx xx xx xx 81 xx xx xx 8B EC 8C DB 8E C3 BB xx xx B9 xx xx 9A xx xx xx xx 80 xx xx xx xx 74 xx E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Resource Cursors file</text>
-      <pattern>
-        00 00 02 00 01 00 20 20 00 00 xx 00 xx 00 E8 02 00 00 16
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual Basic 5.0</text>
-      <pattern>
-        FF FF FF 00 00 00 00 00 00 30 00 00 00 40 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual Basic v5.0 - v6.0</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 00 00 xx 00 00 00 30 xx 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual Basic v5.0 - v6.0</text>
-      <pattern>
-        FF 25 xx xx xx xx xx xx 68 xx xx xx xx E8 xx FF FF FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual Basic v5.0/v6.0</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 00 00 00 00 00 00 30 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual Basic v5.0</text>
-      <pattern>
-        xx xx xx xx xx xx xx FF FF FF 00 00 00 00 00 00 30 00 00 00 40 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual Basic v6.0 DLL</text>
-      <pattern>
-        5A 68 xx xx xx xx 68 xx xx xx xx 52 E9 xx xx FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual Basic v6.0</text>
-      <pattern>
-        FF 25 xx xx xx xx 68 xx xx xx xx E8 xx FF FF FF xx xx xx xx xx xx 30
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C 2.0</text>
-      <pattern>
-        64 A1 00 00 00 00 55 8B EC 6A FF 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C 5.0</text>
-      <pattern>
-        64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 C4 A8 53 56 57
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C v2.0</text>
-      <pattern>
-        53 56 57 BB xx xx xx xx 8B xx xx xx 55 3B FB 75
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C# / Basic .NET</text>
-      <pattern>
-        FF 25 00 20 xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C# v7.0 / Basic .NET</text>
-      <pattern>
-        FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ (3.0 old crap)</text>
-      <pattern>
-        64 A1 00 00 00 00 55 xx xx 6A FF 68 xx xx xx xx 68 xx xx xx xx 50 xx xx xx xx xx 00 00 83 EC 10
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 4.2</text>
-      <pattern>
-        64 A1 00 00 00 00 55 8B EC 6A FF 68 xx xx xx xx 68 xx xx xx xx 50 64 xx xx xx xx xx xx 83 xx xx 53 56 57 89
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 5.0 - 7.1</text>
-      <pattern>
-        55 8B EC 81 EC 04 01 00 00 68 04 01 00 00 8D 85 FC FE FF FF 50 6A 00 FF 15 xx xx xx xx E8 xx xx xx xx 8D 8D FC FE FF FF 51 E8 xx xx xx xx 83 C4 04 E8 xx xx xx xx 6A 00 FF 15 xx xx xx xx 8B E5 5D C2 10 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 6.0 - 8.0</text>
-      <pattern>
-        3D 00 10 00 00 73 0E F7 D8 03 C4 83 C0 04 85 00 94 8B 00 50 C3 51 8D 4C 24 08 81 E9 00 10 00 00 2D 00 10 00 00 85 01 3D 00 10 00 00 73 EC 2B C8 8B C4 85 01 8B E1 8B 08 8B 40 04 50 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 6.0 - 8.0</text>
-      <pattern>
-        68 xx xx xx xx 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 8B 44 24 10 89 6C 24 10 8D 6C 24 10 2B E0 53 56 57 8B 45 F8 89 65 E8 50 8B 45 FC C7 45 FC FF FF FF FF 89 45 F8 C3 8B 4D F0 64 89 0D 00 00 00 00 59 5F 5E 5B C9 51 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 6.0 - 8.0</text>
-      <pattern>
-        68 xx xx xx xx 64 A1 00 00 00 00 50 8B 44 24 10 89 6C 24 10 8D 6C 24 10 2B E0 53 56 57 8B 45 F8 89 65 E8 50 8B 45 FC C7 45 FC FF FF FF FF 89 45 F8 8D 45 F0 64 A3 00 00 00 00 C3 8B 4D F0 64 89 0D 00 00 00 00 59 5F 5E 5B C9 51
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 6.0 - 8.0</text>
-      <pattern>
-        68 xx xx xx xx 64 A1 00 00 00 00 50 8B 44 24 10 89 6C 24 10 8D 6C 24 10 2B E0 53 56 57 8B 45 F8 89 65 E8 50 8B 45 FC C7 45 FC FF FF FF FF 89 45 F8 8D 45 F0 64 A3 00 00 00 00 C3 8B 4D F0 64 89 0D 00 00 00 00 59 5F 5E 5B C9 51 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 6.0 - 8.0</text>
-      <pattern>
-        68 xx xx xx xx 64 A1 00 00 00 00 50 8B 44 24 10 89 6C 24 10 8D 6C 24 10 2B E0 53 56 57 8B 45 F8 89 65 E8 50 8B 45 FC C7 45 FC FF FF FF FF 89 45 F8 8D 45 F0 64 A3 00 00 00 00 C3 8B 4D F0 64 89 0D 00 00 00 00 59 5F 5E 5B C9 51 C3 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 6.0 - 8.0</text>
-      <pattern>
-        68 xx xx xx xx 64 A1 00 00 00 00 50 8B 44 24 10 89 6C 24 10 8D 6C 24 10 2B E0 53 56 57 8B 45 F8 89 65 E8 50 8B 45 FC C7 45 FC FF FF FF FF 89 45 F8 8D 45 F0 64 A3 00 00 00 00 C3 8B 4D F0 64 89 0D 00 00 00 00 59 5F 5E 5B C9 51 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 6.0 - 8.0</text>
-      <pattern>
-        8B 44 24 08 85 C0 0F 84 xx xx xx xx 83 F8 01 8B 0D xx xx xx xx 8B 09 89 0D xx xx xx xx 0F 85 xx xx xx xx 68 80 00 00 00 FF 15 xx xx xx xx 85 C0 59 A3 xx xx xx xx 0F 84 xx xx xx xx 83 20 00 A1 xx xx xx xx 68 xx xx xx xx 68 xx xx xx xx A3 xx xx xx xx E8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 6.0 - 8.0</text>
-      <pattern>
-        8B 44 24 08 8B 4C 24 10 0B C8 8B 4C 24 0C 75 09 8B 44 24 04 F7 E1 C2 10 00 53 F7 E1 8B D8 8B 44 24 08 F7 64 24 14 03 D8 8B 44 24 08 F7 E1 03 D3 5B C2 10 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 6.0 DLL (Debug)</text>
-      <pattern>
-        55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 F6 xx xx 83
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 6.0 DLL</text>
-      <pattern>
-        55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 F6 75 09 83 3D xx xx xx xx xx EB 26 83 FE 01 74 05 83 FE 02 75 22 A1 xx xx xx xx 85 C0 74 09 57 56 53 FF D0 85 C0 74 0C 57 56 53 E8 15 FF FF FF 85 C0 75 04 33 C0 EB 4E
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 6.0 SFX Custom</text>
-      <pattern>
-        E8 21 48 00 00 E9 16 FE FF FF 51 C7 01 08 B4 00 30 E8 A4 48 00 00 59 C3 56 8B F1 E8 EA FF FF FF F6 xx xx xx xx 74 07 56 E8 F6 04 00 00 59 8B C6 5E C2 04 00 8B 44 24 04 83 C1 09 51 83 C0 09 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 7.0 Custom</text>
-      <pattern>
-        60 BE 00 B0 44 00 8D BE 00 60 FB FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 7.0 DLL</text>
-      <pattern>
-        55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57 8B 7D 10 xx xx xx xx xx xx xx xx xx xx xx xx xx 01
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 7.0 MFC</text>
-      <pattern>
-        6A 60 68 xx xx xx xx E8 xx xx xx xx BF 94 00 00 00 8B C7 E8 xx xx xx xx 89
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 7.0</text>
-      <pattern>
-        6A 0C 68 xx xx xx xx E8 xx xx xx xx 33 C0 40 89 45 E4 8B 75 0C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 7.0</text>
-      <pattern>
-        6A 18 68 xx xx xx xx E8 xx xx xx xx BF 94 00 00 00 8B C7 E8 xx xx xx xx 89
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 7.1</text>
-      <pattern>
-        55 8B EC 83 EC 08 53 56 57 55 FC 8B 5D 0C 8B 45 08 F7 40 04 06 00 00 00 0F 85 AB 00 00 00 89 45 F8 8B 45 10 89 45 FC 8D 45 F8 89 43 FC 8B 73 0C 8B 7B 08 53 E8 xx xx xx xx 83 C4 04 0B C0 74 7B 83 FE FF 74 7D 8D 0C 76 8B 44 8F 04 0B C0 74 59 56 55
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 7.1</text>
-      <pattern>
-        8B FF 55 8B EC 56 33 F6 39 75 0C 0F 84 xx xx xx xx 83 7D 0C 01 A1 xx xx xx xx 8B 00 A3 xx xx xx xx 0F 84 xx xx xx xx 39 75 0C 0F 84 xx xx xx xx 33 C0 40 5E 5D C2 0C 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 7.1</text>
-      <pattern>
-        8B FF 55 8B EC 56 33 F6 39 75 0C 0F 84 xx xx xx xx 83 7D 0C 01 A1 xx xx xx xx 8B 00 A3 xx xx xx xx 0F 85 xx xx xx xx 68 80 00 00 00 FF 15 xx xx xx xx 3B C6 59 A3 xx xx xx xx 0F 84 xx xx xx xx 89 30 A1 xx xx xx xx 68 xx xx xx xx 68 xx xx xx xx A3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 7.1</text>
-      <pattern>
-        8B FF 55 8B EC 56 33 F6 39 75 0C 0F 84 xx xx xx xx 83 7D 0C 01 A1 xx xx xx xx 8B 00 A3 xx xx xx xx 0F 85 xx xx xx xx 68 80 00 00 00 FF 15 xx xx xx xx 3B C6 59 A3 xx xx xx xx 0F 84 xx xx xx xx 89 30 A1 xx xx xx xx 68 xx xx xx xx 68 xx xx xx xx A3 xx xx xx xx E8 xx xx xx xx FF 05 xx xx xx xx 59 59 33 C0 40 5E 5D C2 0C 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 7.1</text>
-      <pattern>
-        8B FF 55 8B EC 56 33 F6 39 75 0C 0F 84 xx xx xx xx 83 7D 0C 01 A1 xx xx xx xx 8B 00 A3 xx xx xx xx 75 44 68 80 00 00 00 FF 15 xx xx xx xx 3B C6 59 A3 xx xx xx xx 0F 84 xx xx xx xx 89 30 A1 xx xx xx xx 68 xx xx xx xx 68 xx xx xx xx A3 xx xx xx xx E8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 7.1</text>
-      <pattern>
-        8B FF 55 8B EC 56 33 F6 39 75 0C 75 0E 39 35 xx xx xx xx 7E 2D FF 0D xx xx xx xx 83 7D 0C 01 A1 xx xx xx xx 8B 00 A3 xx xx xx xx 75 3D 68 80 00 00 00 FF 15 xx xx xx xx 3B C6 59 A3 xx xx xx xx 75 04 33 C0 EB 67 89 30 A1 xx xx xx xx 68 xx xx xx xx 68
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 8.0 (MFC)</text>
-      <pattern>
-        48 83 EC 28 E8 xx xx 00 00 48 83 C4 28 E9 0E FD FF FF CC CC CC CC CC CC CC CC CC CC CC CC CC CC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 8.0 (MFC)</text>
-      <pattern>
-        C0 xx xx 00 00 00 00 00 00 xx xx 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00 00 xx xx xx xx xx 00 00 00 00 00 xx 00 00 00 00 00 xx xx xx 00 00 00 00 00 xx xx xx 00 00 00 00 00 xx xx xx xx 00 00 00 00 00 00 xx 00 00 00 00 00 xx xx xx 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        Microsoft Visual C++ 8.0 Debug
-      </text>
-      <pattern>
-        E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        Microsoft Visual C++ 8.0 Debug
-      </text>
-      <pattern>
-        E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9 xx xx xx xx E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 8.0</text>
-      <pattern>
-        48 83 EC 28 E8 xx xx 00 00 48 83 C4 28 E9 xx xx FF FF CC CC CC CC CC CC CC CC CC CC CC CC CC CC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 8.0</text>
-      <pattern>
-        83 3D xx xx xx xx 00 74 1A 68 xx xx xx xx E8 xx xx xx xx 85 C0 59 74 0B FF 74 24 04 FF 15 xx xx xx xx 59 E8 xx xx xx xx 68 xx xx xx xx 68 xx xx xx xx E8 xx xx xx xx 85 C0 59 59 75 54 56 57 68 xx xx xx xx E8 xx xx xx xx BE xx xx xx xx 8B C6 BF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 8.0</text>
-      <pattern>
-        xx xx xx 00 00 00 00 00 00 xx xx 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00 00 xx xx xx xx xx 00 00 00 00 xx xx 00 00 00 00 00 xx xx xx 00 00 00 00 00 xx xx xx 00 00 00 00 00 xx xx xx xx 00 00 00 00 00 xx xx 00 00 00 00 00 xx xx xx 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ 8</text>
-      <pattern>
-        E8 xx xx 00 00 E9 xx xx FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ ?.?</text>
-      <pattern>
-        83 xx xx 6A 00 FF 15 F8 10 0B B0 8D xx xx xx 51 6A 08 6A 00 6A 00 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ DLL</text>
-      <pattern>
-        53 55 56 8B 74 24 14 85 F6 57 B8 01 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ DLL</text>
-      <pattern>
-        53 56 57 BB 01 xx xx xx 8B xx 24 14
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ DLL</text>
-      <pattern>
-        53 B8 01 00 00 00 8B 5C 24 0C 56 57 85 DB 55 75 12 83 3D xx xx xx xx xx 75 09 33 C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ DLL</text>
-      <pattern>
-        55 8B EC 56 57 BF 01 00 00 00 8B 75 0C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v4.2 DLL</text>
-      <pattern>
-        53 B8 xx xx xx xx 8B xx xx xx 56 57 85 DB 55 75
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v4.2</text>
-      <pattern>
-        64 A1 00 00 00 00 55 8B EC 6A FF 68 xx xx xx xx 68 xx xx xx xx 50 64 xx xx xx xx xx xx 83 xx xx 53 56 57 89 xx xx C7
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v4.2</text>
-      <pattern>
-        64 A1 00 00 00 00 55 8B EC 6A FF 68 xx xx xx xx 68 xx xx xx xx 50 64 xx xx xx xx xx xx 83 xx xx 53 56 57 89 xx xx FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v4.x</text>
-      <pattern>
-        64 A1 00 00 00 00 55 8B EC 6A FF 68 xx xx xx xx 68 xx xx xx xx 50 64 89 25 00 00 00 00 83 EC xx 53 56 57
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v5.0/v6.0 (MFC)</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx xx 68 xx xx xx xx 64 A1 00 00 00 00 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v5.0</text>
-      <pattern>
-        55 8B EC 6A FF 68 68 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 53 56 57
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v6.0 DLL</text>
-      <pattern>
-        55 8B EC 53 8B 5D 08 56 8B 75 0C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v6.0 DLL</text>
-      <pattern>
-        55 8D 6C xx xx 81 EC xx xx xx xx 8B 45 xx 83 F8 01 56 0F 84 xx xx xx xx 85 C0 0F 84
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v6.0 DLL</text>
-      <pattern>
-        83 7C 24 08 01 75 09 8B 44 24 04 A3 xx xx 00 10 E8 8B FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v6.0 SPx</text>
-      <pattern>
-        55 8B EC 83 EC 44 56 FF 15 xx xx xx xx 6A 01 8B F0 FF 15
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v6.0 SPx</text>
-      <pattern>
-        55 8B EC 83 EC 44 56 FF 15 xx xx xx xx 8B F0 8A xx 3C 22
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v6.0</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx xx 68 xx xx xx xx 64 A1 xx xx xx xx 50 64 89 25 xx xx xx xx 83 EC xx 53 56 57
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v6.0</text>
-      <pattern>
-        55 8B EC 83 EC 50 53 56 57 BE xx xx xx xx 8D 7D F4 A5 A5 66 A5 8B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v6.0</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx 00 68 xx xx xx 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC xx 53 56 57 89 65 E8 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v7.0 (64 Bit)</text>
-      <pattern>
-        xx xx 41 00 00 00 00 00 00 00 63 00 00 00 00 00 xx 00 xx xx xx xx xx 00 xx 00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00 xx 00 xx 00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00 xx xx 20 xx xx 00 xx 00 xx xx xx xx xx xx xx 00 xx xx xx xx xx xx xx xx xx xx xx 00 xx 00 xx xx xx 00 xx xx xx xx xx xx xx 00 xx 00 xx 00 xx 00 xx 00 xx 00 xx 00 xx 00 xx 00 xx 00 xx 00 xx 00 xx xx xx 00 xx 00 xx 00 xx 00 xx 00 xx 00 xx 00 xx xx xx 00 xx 00 xx 00 xx 00 xx 00 xx 00 xx 00 xx xx xx 00 xx 00 xx 00 xx 00 xx 00 xx 00 xx 00 xx xx xx 00 xx 00 xx 00 xx 00 xx 00 xx 00 xx 00 xx xx xx 00 xx 00 xx 00 xx 00 xx 00 xx 00 xx 00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00 xx xx xx xx xx xx xx xx xx xx xx 00 xx 00 xx 00 xx xx xx 00 xx 00 xx 00 xx 00 xx 00 xx 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v7.0 (64 Bit)</text>
-      <pattern>
-        xx xx 41 00 00 00 00 00 00 00 63 00 00 00 00 00 xx 00 xx xx xx xx xx 00 xx 00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00 xx 00 xx 00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00 xx xx 20 xx xx 00 xx 00 xx xx xx xx xx xx xx 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v7.0 DLL</text>
-      <pattern>
-        55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 xx xx 83
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v7.0 DLL</text>
-      <pattern>
-        55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57 8B 7D 10
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v7.0</text>
-      <pattern>
-        6A 0C 68 88 BF 01 10 E8 B8 1C 00 00 33 C0 40 89 45 E4 8B 75 0C 33 FF 3B F7 75 0C 39 3D 6C 1E 12 10 0F 84 B3 00 00 00 89 7D FC 3B F0 74 05 83 FE 02 75 31 A1 98 36 12 10 3B C7 74 0C FF 75 10 56
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v7.0</text>
-      <pattern>
-        6A xx 68 xx xx xx xx E8 xx xx xx xx BF xx xx xx xx 8B C7 E8 xx xx xx xx 89 65 xx 8B F4 89 3E 56 FF 15 xx xx xx xx 8B 4E xx 89 0D xx xx xx xx 8B 46 xx A3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v7.1 DLL</text>
-      <pattern>
-        55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57 8B 7D 10 75 09 83 3D xx xx 40 00 00 EB 26 83 FE 01 74 05 83 FE 02 75 22 A1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v7.1 DLL</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx xx 68 xx xx xx xx 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 C4 E4 53 56 57 89 65 E8 C7 45 E4 01 00 00 00 C7 45 FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v7.1 DLL</text>
-      <pattern>
-        6A 0C 68 xx xx xx xx E8 xx xx xx xx 33 C0 40 89 45 E4
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v7.1 DLL</text>
-      <pattern>
-        83 7C 24 08 01 75 xx xx xx 24 04 50 A3 xx xx xx 50 FF 15 00 10 xx 50 33 C0 40 C2 0C 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ v7.1 EXE</text>
-      <pattern>
-        6A xx 68 xx xx xx 01 E8 xx xx 00 00 66 81 3D 00 00 00 01 4D 5A 75 xx A1 3C 00 00 01 xx xx 00 00 00 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ V8.0</text>
-      <pattern>
-        6A 14 68 xx xx xx xx E8 xx xx xx xx BB 94 00 00 00 53 6A 00 8B xx xx xx xx xx FF D7 50 FF xx xx xx xx xx 8B F0 85 F6 75 0A 6A 12 E8 xx xx xx xx 59 EB 18 89 1E 56 FF xx xx xx xx xx 56 85 C0 75 14 50 FF D7 50 FF xx xx xx xx xx B8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ vx.x DLL</text>
-      <pattern>
-        xx xx xx xx xx xx xx 00 xx xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 xx xx xx xx 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00 00 xx xx xx 00 00 xx xx xx 00 00 xx xx xx 00 00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ vx.x</text>
-      <pattern>
-        53 55 56 8B xx xx xx 85 F6 57 B8 xx xx xx xx 75 xx 8B xx xx xx xx xx 85 C9 75 xx 33 C0 5F 5E 5D 5B C2
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++ vx.x</text>
-      <pattern>
-        55 8B EC 56 57 BF xx xx xx xx 8B xx xx 3B F7 0F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx xx 68 xx xx xx xx 64 A1 00 00 00 00 50 64 89 25 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++</text>
-      <pattern>
-        8B 44 24 08 56 83 E8 xx 74 xx 48 75
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual C++</text>
-      <pattern>
-        8B 44 24 08 83 xx xx 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Visual Studio .NET</text>
-      <pattern>
-        FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft WAV Audio file</text>
-      <pattern>
-        52 49 46 46 xx xx xx xx 57 41 56 45 66 6D 74
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Windows Shortcut file</text>
-      <pattern>
-        4C 00 00 00 01 14 02 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Windows Update CAB SFX module</text>
-      <pattern>
-        E9 C5 FA FF FF 55 8B EC 56 8B 75 08 68 04 08 00 00 FF D6 59 33 C9 3B C1 75 0F 51 6A 05 FF 75 28 E8 2E 11 00 00 33 C0 EB 69 8B 55 0C 83 88 88 00 00 00 FF 83 88 84 00 00 00 FF 89 50 04 8B 55 10 89 50 0C 8B 55 14 89 50 10 8B 55 18 89 50 14 8B 55 1C 89 50 18
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Microsoft Windows Update CAB SFX module</text>
-      <pattern>
-        E9 C5 FA FF FF 55 8B EC 56 8B 75 08 68 04 08 00 00 FF D6 59 33 C9 3B C1 75 0F 51 6A 05 FF 75 28 E8 2E 11 00 00 33 C0 EB 69 8B 55 0C 83 88 88 00 00 00 FF 83 88 84 00 00 00 FF 89 50 04 8B 55 10 89 50 0C 8B 55 14 89 50 10 8B 55 18 89 50 14 8B 55 1C 89 50 18 8B 55 20 89 50 1C 8B 55 24 89 50 20 8B 55 28 89 48 48 89 48 44 89 48 4C B9 FF FF 00 00 89 70 08 89 10 66 C7 80 B2 00 00 00 0F 00 89 88 A0 00 00 00 89 88 A8 00 00 00 89 88 A4 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MIDI Music file</text>
-      <pattern>
-        4D 54 68 64 00 00 00 06 xx xx xx xx xx xx 4D 54
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MinGW 3.2.x (Dll_main)</text>
-      <pattern>
-        55 89 E5 83 EC 18 89 75 FC 8B 75 0C 89 5D F8 83 FE 01 74 5C 89 74 24 04 8B 55 10 89 54 24 08 8B 55 08 89 14 24 E8 96 01 00 00 83 EC 0C 83 FE 01 89 C3 74 2C 85 F6 75 0C 8B 0D 00 30 00 10 85 C9 75 10 31 DB 89 D8 8B 5D F8 8B 75 FC 89 EC 5D C2 0C 00 E8 59 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MinGW 3.2.x (Dll_WinMain)</text>
-      <pattern>
-        55 89 E5 83 EC 18 89 75 FC 8B 75 0C 89 5D F8 83 FE 01 74 5C 89 74 24 04 8B 55 10 89 54 24 08 8B 55 08 89 14 24 E8 76 01 00 00 83 EC 0C 83 FE 01 89 C3 74 2C 85 F6 75 0C 8B 0D 00 30 00 10 85 C9 75 10 31 DB 89 D8 8B 5D F8 8B 75 FC 89 EC 5D C2 0C 00 E8 59 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MinGW 3.2.x (main)</text>
-      <pattern>
-        55 89 E5 83 EC 08 C7 04 24 01 00 00 00 FF 15 E4 40 40 00 E8 68 00 00 00 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 C7 04 24 02 00 00 00 FF 15 E4 40 40 00 E8 48 00 00 00 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 8B 55 08 89 14 24 FF 15 00 41 40 00 89 EC 5D
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MinGW 3.2.x (WinMain)</text>
-      <pattern>
-        55 89 E5 83 EC 08 C7 04 24 01 00 00 00 FF 15 FC 40 40 00 E8 68 00 00 00 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 C7 04 24 02 00 00 00 FF 15 FC 40 40 00 E8 48 00 00 00 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 8B 55 08 89 14 24 FF 15 18 41 40 00 89 EC 5D
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MinGW GCC 2.x</text>
-      <pattern>
-        55 89 E5 xx xx xx xx xx xx FF FF xx xx xx xx xx 00 xx xx 00 xx xx xx 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MinGW GCC 3.x</text>
-      <pattern>
-        55 89 E5 83 EC 08 C7 04 24 xx 00 00 00 FF 15 xx xx xx xx E8 xx xx FF FF xx xx xx xx xx xx xx xx 55
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MinGW GCC DLL v2xx</text>
-      <pattern>
-        55 89 E5 xx xx xx xx xx xx xx xx xx xx xx 00 00 00 xx xx xx xx xx xx xx xx xx xx 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MinGW GCC v2.x</text>
-      <pattern>
-        55 89 E5 E8 xx xx xx xx C9 C3 xx xx 45 58 45
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MinGW v3.2.x (_mainCRTStartup)</text>
-      <pattern>
-        55 89 E5 83 EC 08 6A 00 6A 00 6A 00 6A 00 E8 0D 00 00 00 B8 00 00 00 00 C9 C3 90 90 90 90 90 90 FF 25 38 20 40 00 90 90 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 FF FF FF FF 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MinGW v3.2.x (Dll_main)</text>
-      <pattern>
-        55 89 E5 83 EC 18 89 75 FC 8B 75 0C 89 5D F8 83 FE 01 74 5C 89 74 24 04 8B 55 10 89 54 24 08 8B 55 08 89 14 24 E8 96 01 00 00 83 EC 0C 83 FE 01 89 C3 74 2C 85 F6 75 0C 8B 0D 00 30 00 10 85 C9 75 10 31 DB 89 D8 8B 5D F8 8B 75 FC 89 EC 5D C2 0C 00 E8 59 00 00 00 EB EB 8D B4 26 00 00 00 00 85 C0 75 D0 E8 47 00 00 00 EB C9 90 8D 74 26 00 C7 04 24 80 00 00 00 E8 F4 05 00 00 A3 00 30 00 10 85 C0 74 1A C7 00 00 00 00 00 A3 10 30 00 10 E8 3B 02 00 00 E8 C6 01 00 00 E9 75 FF FF FF E8 BC 05 00 00 C7 00 0C 00 00 00 31 C0 EB 98 89 F6 55 89 E5 83 EC 08 89 5D FC 8B 15 00 30 00 10 85 D2 74 29 8B 1D 10 30 00 10 83 EB 04 39 D3 72 0D 8B 03 85 C0 75 2A 83 EB 04 39 D3 73 F3 89 14 24 E8 6B 05 00 00 31 C0 A3 00 30 00 10 C7 04 24 00 00 00 00 E8 48 05 00 00 8B 5D FC 89 EC 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MinGW v3.2.x (Dll_mainCRTStartup)</text>
-      <pattern>
-        55 89 E5 83 EC 08 6A 00 6A 00 6A 00 6A 00 E8 0D 00 00 00 B8 00 00 00 00 C9 C3 90 90 90 90 90 90 FF 25 38 20 00 10 90 90 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 FF FF FF FF 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MinGW v3.2.x (Dll_WinMain)</text>
-      <pattern>
-        55 89 E5 83 EC 18 89 75 FC 8B 75 0C 89 5D F8 83 FE 01 74 5C 89 74 24 04 8B 55 10 89 54 24 08 8B 55 08 89 14 24 E8 76 01 00 00 83 EC 0C 83 FE 01 89 C3 74 2C 85 F6 75 0C 8B 0D 00 30 00 10 85 C9 75 10 31 DB 89 D8 8B 5D F8 8B 75 FC 89 EC 5D C2 0C 00 E8 59 00 00 00 EB EB 8D B4 26 00 00 00 00 85 C0 75 D0 E8 47 00 00 00 EB C9 90 8D 74 26 00 C7 04 24 80 00 00 00 E8 A4 05 00 00 A3 00 30 00 10 85 C0 74 1A C7 00 00 00 00 00 A3 10 30 00 10 E8 1B 02 00 00 E8 A6 01 00 00 E9 75 FF FF FF E8 6C 05 00 00 C7 00 0C 00 00 00 31 C0 EB 98 89 F6 55 89 E5 83 EC 08 89 5D FC 8B 15 00 30 00 10 85 D2 74 29 8B 1D 10 30 00 10 83 EB 04 39 D3 72 0D 8B 03 85 C0 75 2A 83 EB 04 39 D3 73 F3 89 14 24 E8 1B 05 00 00 31 C0 A3 00 30 00 10 C7 04 24 00 00 00 00 E8 F8 04 00 00 8B 5D FC 89 EC 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MinGW v3.2.x (main)</text>
-      <pattern>
-        55 89 E5 83 EC 08 C7 04 24 01 00 00 00 FF 15 E4 40 40 00 E8 68 00 00 00 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 C7 04 24 02 00 00 00 FF 15 E4 40 40 00 E8 48 00 00 00 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 8B 55 08 89 14 24 FF 15 00 41 40 00 89 EC 5D C3 8D 76 00 8D BC 27 00 00 00 00 55 89 E5 83 EC 08 8B 55 08 89 14 24 FF 15 F4 40 40 00 89 EC 5D C3 8D 76 00 8D BC 27 00 00 00 00 55 89 E5 53 83 EC 24 C7 04 24 A0 11 40 00 E8 8D 07 00 00 83 EC 04 E8 85 02 00 00 C7 04 24 00 20 40 00 8B 15 10 20 40 00 8D 4D F8 C7 45 F8 00 00 00 00 89 4C 24 10 89 54 24 0C 8D 55 F4 89 54 24 08 C7 44 24 04 04 20 40 00 E8 02 07 00 00 A1 20 20 40 00 85 C0 74 76 A3 30 20 40 00 A1 F0 40 40 00 85 C0 74 1F 89 04 24 E8 C3 06 00 00 8B 1D 20 20 40 00 89 04 24 89 5C 24 04 E8 C1 06 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MinGW v3.2.x (WinMain)</text>
-      <pattern>
-        55 89 E5 83 EC 08 C7 04 24 01 00 00 00 FF 15 FC 40 40 00 E8 68 00 00 00 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 C7 04 24 02 00 00 00 FF 15 FC 40 40 00 E8 48 00 00 00 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 8B 55 08 89 14 24 FF 15 18 41 40 00 89 EC 5D C3 8D 76 00 8D BC 27 00 00 00 00 55 89 E5 83 EC 08 8B 55 08 89 14 24 FF 15 0C 41 40 00 89 EC 5D C3 8D 76 00 8D BC 27 00 00 00 00 55 89 E5 53 83 EC 24 C7 04 24 A0 11 40 00 E8 5D 08 00 00 83 EC 04 E8 55 03 00 00 C7 04 24 00 20 40 00 8B 15 10 20 40 00 8D 4D F8 C7 45 F8 00 00 00 00 89 4C 24 10 89 54 24 0C 8D 55 F4 89 54 24 08 C7 44 24 04 04 20 40 00 E8 D2 07 00 00 A1 20 20 40 00 85 C0 74 76 A3 30 20 40 00 A1 08 41 40 00 85 C0 74 1F 89 04 24 E8 93 07 00 00 8B 1D 20 20 40 00 89 04 24 89 5C 24 04 E8 91 07 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MingWin32 - Dev C++ v4.9.9.1 (h)</text>
-      <pattern>
-        55 89 E5 83 EC 08 C7 04 24 01 00 00 00 FF 15 xx xx xx 00 E8 C8 FE FF FF 90 8D B4 26 00 00 00 00 55 89 E5 83 EC 08 C7 04 24 02 00 00 00 FF 15 xx xx xx 00 E8 A8 FE FF FF 90 8D B4 26 00 00 00 00 55 8B 0D xx xx xx 00 89 E5 5D FF E1 8D 74 26 00 55 8B 0D xx xx xx 00 89 E5 5D FF E1 90 90 90 90 55 89 E5 5D E9 xx xx 00 00 90 90 90 90 90 90 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MingWin32 v?.? (h)</text>
-      <pattern>
-        55 89 E5 83 EC 08 C7 04 24 xx 00 00 00 FF 15 xx xx xx 00 E8 xx FE FF FF 90 8D B4 26 00 00 00 00 55
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Minke 1.0.1 - by Codius</text>
-      <pattern>
-        55 8B EC 83 C4 F0 53 xx xx xx xx xx 10 E8 7A F6 FF FF BE 68 66 00 10 33 C0 55 68 DB 40 00 10 64 FF 30 64 89 20 E8 FA F8 FF FF BA EC 40 00 10 8B C6 E8 F2 FA FF FF 8B D8 B8 6C 66 00 10 8B 16 E8 88 F2 FF FF B8 6C 66 00 10 E8 76 F2 FF FF 8B D0 8B C3 8B 0E E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Minke 1.0.1 - by Codius</text>
-      <pattern>
-        55 8B EC 83 C4 F0 53 xx xx xx xx xx 10 E8 7A F6 FF FF BE 68 66 00 10 33 C0 55 68 DB 40 00 10 64 FF 30 64 89 20 E8 FA F8 FF FF BA EC 40 00 10 8B C6 E8 F2 FA FF FF 8B D8 B8 6C 66 00 10 8B 16 E8 88 F2 FF FF B8 6C 66 00 10 E8 76 F2 FF FF 8B D0 8B C3 8B 0E E8 E3 E4 FF FF E8 2A F9 FF FF E8 C1 F8 FF FF B8 6C 66 00 10 8B 16 E8 6D FA FF FF E8 14 F9 FF FF E8 AB F8 FF FF 8B 06 E8 B8 E3 FF FF 8B D8 B8 6C 66 00 10 E8 38 F2 FF FF 8B D3 8B 0E E8 A7 E4 FF xx xx xx xx C4 FB FF FF E8 E7 F8 FF FF 8B C3 E8 B0 E3 FF FF E8 DB F8 FF FF 33 C0 5A 59 59 64 89 10 68 E2 40 00 10 C3 E9 50 EB FF FF EB F8 5E 5B E8 BB EF FF FF 00 00 00 43 41 31 38
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Minke V1.0.1 -> Codius ! Sign by fly</text>
-      <pattern>
-        26 3D 4F 38 C2 82 37 B8 F3 24 42 03 17 9B 3A 83 01 00 00 CC 00 00 00 00 06 00 00 00 01 64 53 74 75 62 00 10 55 54 79 70 65 73 00 00 C7 53 79 73 74 65 6D 00 00 81 53 79 73 49 6E 69 74 00 0C 4B 57 69 6E 64 6F 77 73 00 00 8A 75 46 75 6E 63 74 69 6F 6E 73
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>mkfpack -> llydd</text>
-      <pattern>
-        E8 00 00 00 00 5B 81 EB 05 00 00 00 8B 93 9F 08 00 00 53 6A 40 68 00 10 00 00 52 6A 00 FF 93 32 08 00 00 5B 8B F0 8B BB 9B 08 00 00 03 FB 56 57 E8 86 08 00 00 83 C4 08 8D 93 BB 08 00 00 52 53 FF E6
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>modified HACKSTOP v1.11f</text>
-      <pattern>
-        52 B4 30 CD 21 52 FA xx FB 3D xx xx EB xx CD 20 0E 1F B4 09 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MoleBox v2.3.0 -> Teggo</text>
-      <pattern>
-        42 04 E8 xx xx 00 00 A3 xx xx xx 00 8B 4D F0 8B 11 89 15 xx xx xx 00 xx 45 FC A3 xx xx xx 00 5F 5E 8B E5 5D C3 CC CC CC CC CC CC CC CC CC CC CC E8 EB FB FF FF 58 E8 xx 07 00 00 58 89 44 24 20 61 58 FF D0 E8 xx xx 00 00 CC CC CC CC CC CC CC
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MoleBox v2.5.4 -> Teggo</text>
-      <pattern>
-        xx xx xx 00 8B 4D F0 8B 11 89 15 xx xx xx 00 8B 45 FC A3 xx xx xx 00 5F 5E 8B E5 5D C3 CC CC CC E8 EB FB FF FF 58 E8 xx 07 00 00 58 89 44 24 24 61 58 58 FF D0 E8 xx xx 00 00 6A 00 FF 15 xx xx xx 00 CC CC CC CC CC CC CC CC CC CC CC CC CC CC
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MoleBox V2.X -> MoleStudio.com</text>
-      <pattern>
-        E8 00 00 00 00 60 E8 4F 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Morphine 2.7 -> Holy_Father and Ratter/29A (h)</text>
-      <pattern>
-        xx xx xx xx 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00 47 65 74 50 72 6F 63
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Morphine 2.7 -> Holy_Father and Ratter/29A</text>
-      <pattern>
-        00 00 00 00 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Morphine 3.3 -> Holy_Father and Ratter/29A</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 4B 65 52 6E 45 6C 33 32 2E 64 4C 6C 00 00 47 65 74 50 72 6F 63 41 64 64 72
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Morphine 3.3 -> Silent Software and Silent Shield (c)2005 (h)</text>
-      <pattern>
-        28 xx xx xx 00 00 00 00 00 00 00 00 40 xx xx xx 34 xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4C xx xx xx 5C xx xx xx 00 00 00 00 4C xx xx xx 5C xx xx xx 00 00 00 00 4B 65 52 6E 45 6C 33 32 2E 64 4C 6C 00 00 47 65 74 50 72 6F 63
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Morphine v1.2 - v1.3</text>
-      <pattern>
-        FF 25 34 xx 5A 00 8B C0 FF 25 38 xx 5A 00 8B C0
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Morphine v2.7 -> Holy_Father and Ratter/29A (h)</text>
-      <pattern>
-        xx xx xx xx 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Morphine v2.7 -> Holy_Father and Ratter/29A</text>
-      <pattern>
-        00 00 00 00 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Morphine V3.3 -> Holy_Father and Ratter/29A</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 4B 65 52 6E 45 6C 33 32 2E 64 4C 6C 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Morphine v3.3 -> Silent Software and Silent Shield (c)2005 (h)</text>
-      <pattern>
-        28 xx xx xx 00 00 00 00 00 00 00 00 40 xx xx xx 34 xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4C xx xx xx 5C xx xx xx 00 00 00 00 4C xx xx xx 5C xx xx xx 00 00 00 00 4B 65 52 6E 45 6C 33 32 2E 64 4C 6C 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Morphnah Beta -> Kas</text>
-      <pattern>
-        2E 6E 61 68 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 E0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>mPack 0.0.3 -> DeltaAziz</text>
-      <pattern>
-        55 8B EC 83 C4 F0 33 C0 89 45 F0 B8 A8 76 00 10 E8 67 C4 FF FF 33 C0 55 68 C2 78 00 10 64 FF 30 64 89 20 8D 55 F0 33 C0 E8 93 C8 FF FF 8B 45 F0 E8 87 CB FF FF A3 08 A5 00 10 33 C0 55 68 A5 78 00 10 64 FF 30 64 89 20 A1 08 A5 00 10 E8 FA C9 FF FF 83 F8 FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>mPack 0.0.3 -> DeltaAziz</text>
-      <pattern>
-        55 8B EC 83 C4 F0 33 C0 89 45 F0 B8 A8 76 00 10 E8 67 C4 FF FF 33 C0 55 68 C2 78 00 10 64 FF 30 64 89 20 8D 55 F0 33 C0 E8 93 C8 FF FF 8B 45 F0 E8 87 CB FF FF A3 08 A5 00 10 33 C0 55 68 A5 78 00 10 64 FF 30 64 89 20 A1 08 A5 00 10 E8 FA C9 FF FF 83 F8 FF 75 0A E8 88 B2 FF FF E9 1B 01 00 00 C7 05 14 A5 00 10 32 00 00 00 A1 08 A5 00 10 8B 15 14 A5 00 10 E8 C9 C9 FF FF BA 14 A5 00 10 A1 08 A5 00 10 B9 04 00 00 00 E8 C5 C9 FF FF 83 3D 14 A5 00 10 32 77 0A E8 47 B2 FF FF E9 DA 00 00 00 A1 08 A5 00 10 8B 15 14 A5 00 10 E8 92 C9 FF FF BA 18 A5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>mPACK v0.0.2 -> DeltaAziz (h)</text>
-      <pattern>
-        E9 00 00 00 00 60 E8 14 00 00 00 5D 81 ED 00 00 00 00 6A 45 E8 A3 00 00 00 68 00 00 00 00 E8 58 61 E8 AA 00 00 00 4E xx xx 00 00 00 00 00 00 00 00 00 5E xx xx 00 4E xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 xx xx 00 00 xx xx 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 00 00 00 00 00 xx xx xx 0C xx xx xx CC E4 xx xx xx xx xx xx 00 00 00 00 00 00 00 00 5D 68 00 FE 9F 07 53 E8 5D 00 00 00 EB FF 71 E8 C2 50 00 EB D6 5E F3 68 89 74 24 48 74 24 58 FF 8D 74 24 58 5E 83 C6 4C 75 F4 59 8D 71 E8 75 09 81 F6 EB FF 51 B9 01 00 83 EE FC 49 FF 71 C7 75 19 8B 74 24 00 00 81 36 50 56 8B 36 EB FF 77 C4 36 81 F6 EB 87 34 24 8B 8B 1C 24 83 EC FC EB 01 E8 83 EC FC E9 E7 00 00 00 5B EB FF F3 EB FF C3 83 EB FD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>mPack V0.03 -> DeltaAziz</text>
-      <pattern>
-        55 8B EC 83 xx xx 33 C0 89 45 F0 B8 xx xx xx xx E8 67 C4 FF FF 33 C0 55 68 xx xx xx xx 64 FF 30 64 89 20 8D 55 F0 33 C0 E8 93 C8 FF FF 8B 45 F0 E8 87 CB FF FF A3 xx xx xx xx 33 C0 55 68 xx xx xx xx 64 FF 30 64 89 20 A1 xx xx xx xx E8 FA C9 FF FF 83 F8 FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MPEG movie file</text>
-      <pattern>
-        00 00 01 BA 2F FF FD E6 C1 80 18 61 00 00 01 BB
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MS FORTRAN Library 19xx</text>
-      <pattern>
-        FC 1E B8 xx xx 8E D8 9A xx xx xx xx 81 xx xx xx 8B EC 8C DB 8E C3 BB xx xx 9A xx xx xx xx 9B DB E3 9B D9 2E xx xx 33 C9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MS FORTRAN Library 19xx</text>
-      <pattern>
-        FC 1E B8 xx xx 8E D8 9A xx xx xx xx 81 xx xx xx 8B EC B8 xx xx 8E C0 26 C7 xx xx xx xx xx 26
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MS Run-Time Library (OS/2) and FORTRAN Compiler 1989</text>
-      <pattern>
-        B4 30 CD 21 86 E0 2E A3 xx xx 3D xx xx 73
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MS Run-Time Library 1987</text>
-      <pattern>
-        B4 30 CD 21 3C 02 73 xx 9A xx xx xx xx B8 xx xx 50 9A xx xx xx xx 92
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MS Run-Time Library 1988 (04)</text>
-      <pattern>
-        1E B8 xx xx 8E D8 B4 30 CD 21 3C 02 73 xx BA xx xx E8 xx xx 06 33 C0 50 CB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MS Run-Time Library 1990 (07)</text>
-      <pattern>
-        2E 8C 1E xx xx BB xx xx 8E DB 1E E8 xx xx 1F 8B 1E xx xx 0B DB 74 xx 8C D1 8B D4 FA 8E D3 BC xx xx FB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MS Run-Time Library 1990 (10)</text>
-      <pattern>
-        E8 xx xx 2E FF 2E xx xx BB xx xx E8 xx xx CB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MS Run-Time Library 1990, 1992 (09)</text>
-      <pattern>
-        B4 30 CD 21 3C 02 73 xx C3 8C DF 8B 36 xx xx 2E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MS Run-Time Library 1992 (11)</text>
-      <pattern>
-        B4 51 CD 21 8E DB B8 xx xx 83 E8 xx 8E C0 33 F6 33 FF B9 xx xx FC F3 A5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MS Run-Time Library 1992 (13)</text>
-      <pattern>
-        BF xx xx 8E DF FA 8E D7 81 C4 xx xx FB 33 DB B8 xx xx CD 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MS Run-Time Library 1992 (14)</text>
-      <pattern>
-        1E 06 8C C8 8E D8 8C C0 A3 xx xx 83 C0 xx A3 xx xx B4 30
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MS Visual C++ v.8 (h-good sig, but is it MSVC?)</text>
-      <pattern>
-        E8 xx xx xx xx E9 8D FE FF FF CC CC CC CC CC 66 81 3D 00 00 00 01 4D 5A 74 04 33 C0 EB 51 A1 3C 00 00 01 81 B8 00 00 00 01 50 45 00 00 75 EB 0F B7 88 18 00 00 01 81 F9 0B 01 00 00 74 1B 81 F9 0B 02 00 00 75 D4 83 B8 84 00 00 01 0E 76 CB 33 C9 39 88 F8 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MS Visual C++ v.8 (h-good sig, but is it MSVC?)</text>
-      <pattern>
-        E8 xx xx xx xx E9 8D FE FF FF CC CC CC CC CC 66 81 3D 00 00 00 01 4D 5A 74 04 33 C0 EB 51 A1 3C 00 00 01 81 B8 00 00 00 01 50 45 00 00 75 EB 0F B7 88 18 00 00 01 81 F9 0B 01 00 00 74 1B 81 F9 0B 02 00 00 75 D4 83 B8 84 00 00 01 0E 76 CB 33 C9 39 88 F8 00 00 01 EB 11 83 B8 74 00 00 01 0E 76 B8 33 C9 39 88 E8 00 00 01 0F 95 C1 8B C1 6A 01 A3 xx xx xx 01 E8 xx xx 00 00 50 FF xx xx xx 00 01 83 0D xx xx xx 01 FF 83 0D xx xx xx 01 FF 59 59 FF 15 xx xx 00 01 8B 0D xx xx xx 01 89 08 FF 15 xx xx 00 01 8B 0D xx xx xx 01 89 08 A1 xx xx 00 01 8B 00 A3 xx xx xx 01 E8 xx xx 00 00 83 3D xx xx xx 01 00 75 0C 68 xx xx xx 01 FF 15 xx xx 00 01 59 E8 xx xx 00 00 33 C0 C3 CC CC CC CC CC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MS Visual C++ v.8 DLL (h-small sig1)</text>
-      <pattern>
-        8B FF 55 8B EC 83 7D 0C 01 75 05 E8 xx xx xx FF 5D E9 D6 FE FF FF CC CC CC CC CC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MS Visual C++ v.8 DLL (h-small sig2)</text>
-      <pattern>
-        8B FF 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57 8B 7D 10 0F 84 xx xx 00 00 83 FE 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH 0.32a (fake .BJFNT 1.3) -> emadicius</text>
-      <pattern>
-        EB 03 3A 4D 3A 1E EB 02 CD 20 9C EB 02 CD 20 EB 02 CD 20 60 EB 02 C7 05 EB 02 CD 20 E8 03 00 00 00 E9 EB 04 58 40 50 C3 61 9D 1F EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH 0.32a (fake ASPack 2.11d) -> emadicius</text>
-      <pattern>
-        60 E8 02 00 00 00 EB 09 5D 55 81 ED 39 39 44 00 C3 61 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH 0.32a (fake ASPack 2.12) -> emadicius</text>
-      <pattern>
-        60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB 00 73 00 00 61 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH 0.32a (fake ASPack 2.12) -> emadicius</text>
-      <pattern>
-        60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB 00 A0 02 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH 0.32a (fake EXE32Pack 1.3x) -> emadicius</text>
-      <pattern>
-        3B C0 74 02 81 83 55 3B C0 74 02 81 83 53 3B C9 74 01 BC 56 3B D2 74 02 81 85 57 E8 00 00 00 00 3B DB 74 01 90 83 C4 14 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH 0.32a (fake Microsoft Visual C++) -> emadicius</text>
-      <pattern>
-        55 8B EC 6A FF 68 CA 37 41 00 68 06 38 41 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 64 8F 05 00 00 00 00 83 C4 0C 5D EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH 0.32a (fake MSVC++ 6.0 DLL) -> emadicius</text>
-      <pattern>
-        55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 F6 5F 5E 5B 5D EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH 0.32a (fake MSVC++ 7.0 DLL Method 3) -> emadicius</text>
-      <pattern>
-        55 8B EC 53 8B 5D 08 56 8B 75 0C 5E 5B 5D EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH 0.32a (fake MSVC++ DLL Method 4) -> emadicius</text>
-      <pattern>
-        55 8B EC 56 57 BF 01 00 00 00 8B 75 0C 85 F6 5F 5E 5D EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH 0.32a (fake Neolite 2.0) -> emadicius</text>
-      <pattern>
-        E9 A6 00 00 00 B0 7B 40 00 78 60 40 00 7C 60 40 00 00 00 00 00 B0 3F 00 00 12 62 40 00 4E 65 6F 4C 69 74 65 20 45 78 65 63 75 74 61 62 6C 65 20 46 69 6C 65 20 43 6F 6D 70 72 65 73 73 6F 72 0D 0A 43 6F 70 79 72 69 67 68 74 20 28 63 29 20 31 39 39 38 2C 31
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH 0.32a (fake nSPack 1.3) -> emadicius</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D B8 B3 85 40 00 2D AC 85 40 00 2B E8 8D B5 D3 FE FF FF 8B 06 83 F8 00 74 11 8D B5 DF FE FF FF 8B 06 83 F8 01 0F 84 F1 01 00 00 61 9D EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH 0.32a (fake PC-Guard 4.xx) -> emadicius</text>
-      <pattern>
-        FC 55 50 E8 00 00 00 00 5D EB 01 E3 60 E8 03 00 00 00 D2 EB 0B 58 EB 01 48 40 EB 01 35 FF E0 E7 61 58 5D EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH 0.32a (fake PE Crypt 1.02) -> emadicius</text>
-      <pattern>
-        E8 00 00 00 00 5B 83 EB 05 EB 04 52 4E 44 21 85 C0 73 02 F7 05 50 E8 08 00 00 00 EA FF 58 EB 18 EB 01 0F EB 02 CD 20 EB 03 EA CD 20 58 58 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH 0.32a (fake PE Lock NT 2.04) -> emadicius</text>
-      <pattern>
-        EB 03 CD 20 C7 1E EB 03 CD 20 EA 9C EB 02 EB 01 EB 01 EB 60 EB 03 CD 20 EB EB 01 EB E8 03 00 00 00 E9 EB 04 58 40 50 C3 EB 03 CD 20 EB EB 03 CD 20 03 61 9D 83 C4 04 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH 0.32a (fake PEBundle 0.2 - 3.x) -> emadicius</text>
-      <pattern>
-        9C 60 E8 02 00 00 00 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 07 30 40 00 87 DD 61 9D EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH 0.32a (fake PEBundle 2.0x - 2.4x) -> emadicius</text>
-      <pattern>
-        9C 60 E8 02 00 00 00 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 07 30 40 00 87 DD 83 BD 9C 38 40 00 01 61 9D EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH 0.32a (fake PECompact 1.4x) -> emadicius</text>
-      <pattern>
-        EB 06 68 2E A8 00 00 C3 9C 60 E8 02 00 00 00 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90 40 00 61 9D EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH 0.32a (fake PESHiELD 0.25) -> emadicius</text>
-      <pattern>
-        60 E8 2B 00 00 00 0D 0A 0D 0A 0D 0A 52 65 67 69 73 74 41 72 65 64 20 74 6F 3A 20 4E 4F 4E 2D 43 4F 4D 4D 45 52 43 49 41 4C 21 21 0D 0A 0D 0A 0D 00 58 61 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH 0.32a (fake PEtite 2.1) -> emadicius</text>
-      <pattern>
-        B8 00 50 40 00 6A 00 68 BB 21 40 00 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 66 9C 60 50 83 C4 04 61 66 9D 64 8F 05 00 00 00 00 83 C4 08 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH 0.32a (fake PEX 0.99) -> emadicius</text>
-      <pattern>
-        60 E8 01 00 00 00 E8 83 C4 04 E8 01 00 00 00 E9 5D 81 ED FF 22 40 00 61 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH 0.32a (fake SVKP 1.11) -> emadicius</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 06 00 00 00 64 A0 23 00 00 00 83 C5 06 61 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="1">
-      <text>MSLRH 0.32a (fake UPX 0.89.6 - 1.02 / 1.05 - 1.24) -> emadicius</text>
-      <pattern>
-        60 BE 00 90 8B 00 8D BE 00 80 B4 FF 57 83 CD FF EB 3A 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 0B 75 19 8B 1E 83 EE FC 11 DB 72 10 58 61 90 EB 05 E8 EB 04 40
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="1">
-      <text>MSLRH 0.32a (fake WWPack32 1.x) -> emadicius</text>
-      <pattern>
-        53 55 8B E8 33 DB EB 60 0D 0A 0D 0A 57 57 50 61 63 6B 33 32 20 64 65 63 6F 6D 70 72 65 73 73 69 6F 6E 20 72 6F 75 74 69 6E 65 20 76 65 72 73 69 6F 6E 20 31 2E 31 32 0D 0A 28 63 29 20 31 39 39 38 20 50 69 6F 74 72 20 57 61 72 65 7A 61 6B 20 61 6E 64 20 52
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="1">
-      <text>MSLRH 0.32a (fake yoda's cryptor 1.2) -> emadicius</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED F3 1D 40 00 B9 7B 09 00 00 8D BD 3B 1E 40 00 8B F7 AC 90 2C 8A C0 C0 78 90 04 62 EB 01 00 61 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.1 -> emadicius</text>
-      <pattern>
-        60 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 E8 0A 00 00 00 E8 EB 0C 00 00 E8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH V0.31 -> emadicius</text>
-      <pattern>
-        60 D1 CB 0F CA C1 CA E0 D1 CA 0F C8 EB 01 F1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.31a</text>
-      <pattern>
-        60 D1 CB 0F CA C1 CA E0 D1 CA 0F C8 EB 01 F1 0F C0 C9 D2 D1 0F C1 C0 D3 DA C0 D6 A8 EB 01 DE D0 EC 0F C1 CB D0 CF 0F C1 D1 D2 DB 0F C8 EB 01 BC C0 E9 C6 C1 D0 91 0F CB EB 01 73 0F CA 87 D9 87 D2 D0 CF 87 D9 0F C8 EB 01 C1 EB 01 A2 86 CA D0 E1 0F C0 CB 0F
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.31a</text>
-      <pattern>
-        60 D1 CB 0F CA C1 CA E0 D1 CA 0F C8 EB 01 F1 0F C0 C9 D2 D1 0F C1 C0 D3 DA C0 D6 A8 EB 01 DE D0 EC 0F C1 CB D0 CF 0F C1 D1 D2 DB 0F C8 EB 01 BC C0 E9 C6 C1 D0 91 0F CB EB 01 73 0F CA 87 D9 87 D2 D0 CF 87 D9 0F C8 EB 01 C1 EB 01 A2 86 CA D0 E1 0F C0 CB 0F CA C0 C7 91 0F CB C1 D9 0C 86 F9 86 D7 D1 D9 EB 01 A5 EB 01 11 EB 01 1D 0F C1 C2 0F CB 0F C1 C2 EB 01 A1 C0 E9 FD 0F C1 D1 EB 01 E3 0F CA 87 D9 EB 01 F3 0F CB 87 C2 0F C0 F9 D0 F7 EB 01 2F 0F C9 C0 DC C4 EB 01 35 0F CA D3 D1 86 C8 EB 01 01 0F C0 F5 87 C8 D0 DE EB 01 95 EB 01 E1 EB 01 FD EB 01 EC 87 D3 0F CB C1 DB 35 D3 E2 0F C8 86 E2 86 EC C1 FB 12 D2 EE 0F C9 D2 F6 0F CA 87 C3 C1 D3 B3 EB 01 BF D1 CB 87 C9 0F CA 0F C1 DB EB 01 44 C0 CA F2 0F C1 D1 0F CB EB 01 D3 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="1">
-      <text>MSLRH v0.32a (fake .BJFNT 1.3) -> emadicius (h)</text>
-      <pattern>
-        EB 03 3A 4D 3A 1E EB 02 CD 20 9C EB 02 CD 20 EB 02 CD 20 60 EB 02 C7 05 EB 02 CD 20 E8 03 00 00 00 E9 EB 04 58 40 50 C3 61 9D 1F EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 2B 04 24 74 04 75 02 EB 02 EB 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="1">
-      <text>MSLRH v0.32a (fake ASPack 2.11d) -> emadicius (h)</text>
-      <pattern>
-        60 E8 02 00 00 00 EB 09 5D 55 81 ED 39 39 44 00 C3 61 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="1">
-      <text>MSLRH v0.32a (fake ASPack 2.12) -> emadicius (h)</text>
-      <pattern>
-        60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB 00 73 00 00 61 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 2B 04 24 74 04 75 02 EB 02 EB 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a (fake ASPack 2.12) -> emadicius (h)</text>
-      <pattern>
-        60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB 00 A0 02 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a (fake EXE32Pack 1.3x) -> emadicius (h)</text>
-      <pattern>
-        3B C0 74 02 81 83 55 3B C0 74 02 81 83 53 3B C9 74 01 BC 56 3B D2 74 02 81 85 57 E8 00 00 00 00 3B DB 74 01 90 83 C4 14 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a (fake Microsoft Visual C++) -> emadicius (h)</text>
-      <pattern>
-        55 8B EC 6A FF 68 CA 37 41 00 68 06 38 41 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 64 8F 05 00 00 00 00 83 C4 0C 5D EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 2B 04 24 74 04 75 02 EB 02 EB 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a (fake MSVC++ 6.0 DLL) -> emadicius (h)</text>
-      <pattern>
-        55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 F6 5F 5E 5B 5D EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a (fake MSVC++ 7.0 DLL Method 3) -> emadicius (h)</text>
-      <pattern>
-        55 8B EC 53 8B 5D 08 56 8B 75 0C 5E 5B 5D EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a (fake MSVC++ DLL Method 4) -> emadicius (h)</text>
-      <pattern>
-        55 8B EC 56 57 BF 01 00 00 00 8B 75 0C 85 F6 5F 5E 5D EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a (fake Neolite 2.0) -> emadicius (h)</text>
-      <pattern>
-        E9 A6 00 00 00 B0 7B 40 00 78 60 40 00 7C 60 40 00 00 00 00 00 B0 3F 00 00 12 62 40 00 4E 65 6F 4C 69 74 65 20 45 78 65 63 75 74 61 62 6C 65 20 46 69 6C 65 20 43 6F 6D 70 72 65 73 73 6F 72 0D 0A 43 6F 70 79 72 69 67 68 74 20 28 63 29 20 31 39 39 38 2C 31 39 39 39 20 4E 65 6F 57 6F 72 78 20 49 6E 63 0D 0A 50 6F 72 74 69 6F 6E 73 20 43 6F 70 79 72 69 67 68 74 20 28 63 29 20 31 39 39 37 2D 31 39 39 39 20 4C 65 65 20 48 61 73 69 75 6B 0D 0A 41 6C 6C 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 2E 00 00 00 00 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 2B 04 24 74 04 75 02 EB 02 EB 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a (fake nSPack 1.3) -> emadicius (h)</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D B8 B3 85 40 00 2D AC 85 40 00 2B E8 8D B5 D3 FE FF FF 8B 06 83 F8 00 74 11 8D B5 DF FE FF FF 8B 06 83 F8 01 0F 84 F1 01 00 00 61 9D EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 2B 04 24 74 04 75 02 EB 02 EB 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a (fake PC-Guard 4.xx) -> emadicius (h)</text>
-      <pattern>
-        FC 55 50 E8 00 00 00 00 5D EB 01 E3 60 E8 03 00 00 00 D2 EB 0B 58 EB 01 48 40 EB 01 35 FF E0 E7 61 58 5D EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a (fake PE Crypt 1.02) -> emadicius (h)</text>
-      <pattern>
-        E8 00 00 00 00 5B 83 EB 05 EB 04 52 4E 44 21 85 C0 73 02 F7 05 50 E8 08 00 00 00 EA FF 58 EB 18 EB 01 0F EB 02 CD 20 EB 03 EA CD 20 58 58 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a (fake PE Lock NT 2.04) -> emadicius (h)</text>
-      <pattern>
-        EB 03 CD 20 C7 1E EB 03 CD 20 EA 9C EB 02 EB 01 EB 01 EB 60 EB 03 CD 20 EB EB 01 EB E8 03 00 00 00 E9 EB 04 58 40 50 C3 EB 03 CD 20 EB EB 03 CD 20 03 61 9D 83 C4 04 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a (fake PEBundle 0.2 - 3.x) -> emadicius (h)</text>
-      <pattern>
-        9C 60 E8 02 00 00 00 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 07 30 40 00 87 DD 61 9D EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a (fake PEBundle 2.0x - 2.4x) -> emadicius (h)</text>
-      <pattern>
-        9C 60 E8 02 00 00 00 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 07 30 40 00 87 DD 83 BD 9C 38 40 00 01 61 9D EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a (fake PECompact 1.4x) -> emadicius (h)</text>
-      <pattern>
-        EB 06 68 2E A8 00 00 C3 9C 60 E8 02 00 00 00 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90 40 00 61 9D EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a (fake PESHiELD 0.25) -> emadicius (h)</text>
-      <pattern>
-        60 E8 2B 00 00 00 0D 0A 0D 0A 0D 0A 52 65 67 69 73 74 41 72 65 64 20 74 6F 3A 20 4E 4F 4E 2D 43 4F 4D 4D 45 52 43 49 41 4C 21 21 0D 0A 0D 0A 0D 00 58 61 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a (fake PEtite 2.1) -> emadicius (h)</text>
-      <pattern>
-        B8 00 50 40 00 6A 00 68 BB 21 40 00 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 66 9C 60 50 83 C4 04 61 66 9D 64 8F 05 00 00 00 00 83 C4 08 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a (fake PEX 0.99) -> emadicius (h)</text>
-      <pattern>
-        60 E8 01 00 00 00 E8 83 C4 04 E8 01 00 00 00 E9 5D 81 ED FF 22 40 00 61 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 2B 04 24 74 04 75 02 EB 02 EB 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a (fake SVKP 1.11) -> emadicius (h)</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 06 00 00 00 64 A0 23 00 00 00 83 C5 06 61 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 2B 04 24 74 04 75 02 EB 02 EB 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="1">
-      <text>MSLRH v0.32a (fake UPX 0.89.6 - 1.02 / 1.05 - 1.24) -> emadicius (h)</text>
-      <pattern>
-        60 BE 00 90 8B 00 8D BE 00 80 B4 FF 57 83 CD FF EB 3A 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 0B 75 19 8B 1E 83 EE FC 11 DB 72 10 58 61 90 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a (fake WWPack32 1.x) -> emadicius (h)</text>
-      <pattern>
-        53 55 8B E8 33 DB EB 60 0D 0A 0D 0A 57 57 50 61 63 6B 33 32 20 64 65 63 6F 6D 70 72 65 73 73 69 6F 6E 20 72 6F 75 74 69 6E 65 20 76 65 72 73 69 6F 6E 20 31 2E 31 32 0D 0A 28 63 29 20 31 39 39 38 20 50 69 6F 74 72 20 57 61 72 65 7A 61 6B 20 61 6E 64 20 52 61 66 61 6C 20 57 69 65 72 7A 62 69 63 6B 69 0D 0A 0D 0A 5D 5B 90 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a (fake yoda's cryptor 1.2) -> emadicius (h)</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED F3 1D 40 00 B9 7B 09 00 00 8D BD 3B 1E 40 00 8B F7 AC 90 2C 8A C0 C0 78 90 04 62 EB 01 00 61 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a -> emadicius (h)</text>
-      <pattern>
-        E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 2B 04 24 74 04 75 02 EB 02 EB 01 81 83 C4 04 E8 0A 00 00 00 E8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a -> emadicius (h)</text>
-      <pattern>
-        E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 2B 04 24 74 04 75 02 EB 02 EB 01 81 83 C4 04 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 3D FF FF FF 00 EB 01 68 EB 02 CD 20 EB 01 E8 76 1B EB 01 68 EB 02 CD 20 EB 01 E8 CC 66 B8 FE 00 74 04 75 02 EB 02 EB 01 81 66 E7 64 74 04 75 02 EB 02 EB 01 81 E8 0A 00 00 00 E8 EB 0C
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v0.32a -> emadicius</text>
-      <pattern>
-        EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v32a -> emadicius</text>
-      <pattern>
-        EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 2B 04 24 74 04 75 02 EB 02 EB 01 81 83 C4 04 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 3D FF 0F 00 00 EB 01 68 EB 02 CD 20 EB 01 E8 76 1B EB 01 68 EB 02 CD 20 EB 01 E8 CC 66 B8 FE 00 74 04 75 02 EB 02 EB 01 81 66 E7 64 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 2B 04 24 74 04 75 02 EB 02 EB 01 81 83 C4 04 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 3D FF 0F 00 00 EB 01 68 EB 02 CD 20 EB 01 E8 76 1B EB 01 68 EB 02 CD 20 EB 01 E8 CC 66 B8 FE 00 74 04 75 02 EB 02 EB 01 81 66 E7 64 74 04 75 02 EB 02 EB 01 81 74 04 75 02 EB 02 EB 01 81 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 2B 04 24 74 04 75 02 EB 02 EB 01 81 83 C4 04 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 3D FF 0F 00 00 EB 01 68 EB 02 CD 20 EB 01 E8 76 1B EB 01 68 EB 02 CD 20 EB 01 E8 CC 66 B8 FE 00 74 04 75 02 EB 02 EB 01 81 66 E7 64 74 04 75 02 EB 02 EB 01 81 E8 0A 00 00 00 E8 EB 0C 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH v32a -> emadicius</text>
-      <pattern>
-        EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83 C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 2B 04 24 74 04 75 02 EB 02 EB 01 81 83 C4 04 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 3D FF 0F 00 00 EB 01 68 EB 02 CD 20 EB 01 E8 76 1B EB 01 68 EB 02 CD 20 EB 01 E8 CC 66 B8 FE 00 74 04 75 02 EB 02 EB 01 81 66 E7 64 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 2B 04 24 74 04 75 02 EB 02 EB 01 81 83 C4 04 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 3D FF 0F 00 00 EB 01 68 EB 02 CD 20 EB 01 E8 76 1B EB 01 68 EB 02 CD 20 EB 01 E8 CC 66 B8 FE 00 74 04 75 02 EB 02 EB 01 81 66 E7 64 74 04 75 02 EB 02 EB 01 81 74 04 75 02 EB 02 EB 01 81 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 2B 04 24 74 04 75 02 EB 02 EB 01 81 83 C4 04 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 3D FF 0F 00 00 EB 01 68 EB 02 CD 20 EB 01 E8 76 1B EB 01 68 EB 02 CD 20 EB 01 E8 CC 66 B8 FE 00 74 04 75 02 EB 02 EB 01 81 66 E7 64 74 04 75 02 EB 02 EB 01 81 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 2B 04 24 74 04 75 02 EB 02 EB 01 81 83 C4 04 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 3D FF 0F 00 00 EB 01 68 EB 02 CD 20 EB 01 E8 76 1B EB 01 68 EB 02 CD 20 EB 01 E8 CC 66 B8 FE 00 74 04 75 02 EB 02 EB 01 81 66 E7 64 74 04 75 02 EB 02 EB 01 81 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 2B 04 24 74 04 75 02 EB 02 EB 01 81 83 C4 04 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH</text>
-      <pattern>
-        60 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 2B 04 24 74 04 75 02 EB 02 EB 01 81 83 C4 04 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 3D FF 0F 00 00 EB 01 68 EB 02 CD 20 EB 01 E8 76 1B EB 01 68 EB 02 CD 20 EB 01 E8 CC 66 B8 FE 00 74 04 75 02 EB 02 EB 01 81 66 E7 64 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSLRH</text>
-      <pattern>
-        60 EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 2B 04 24 74 04 75 02 EB 02 EB 01 81 83 C4 04 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 3D FF 0F 00 00 EB 01 68 EB 02 CD 20 EB 01 E8 76 1B EB 01 68 EB 02 CD 20 EB 01 E8 CC 66 B8 FE 00 74 04 75 02 EB 02 EB 01 81 66 E7 64 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 2B 04 24 74 04 75 02 EB 02 EB 01 81
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSVC++ DLL v.8 (typical OEP recognized - h)</text>
-      <pattern>
-        8B FF 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57 8B 7D 10 75 09 83 3D xx xx xx xx 00 EB 26 83 FE 01 74 05 83 FE 02 75 22 A1 xx xx xx xx 85 C0 74 09 57 56 53 FF D0 85 C0 74 0C 57 56 53 E8 xx xx xx FF 85 C0 75 04 33 C0 EB 4E 57 56 53 E8 xx xx xx FF 83 FE 01 89 45 0C 75 0C 85 C0 75 37 57 50 53 E8 xx xx xx FF 85 F6 74 05 83 FE 03 75 26 57 56 53 E8 xx xx xx FF 85 C0 75 03 21 45 0C 83 7D 0C 00 74 11 A1 xx xx xx xx 85 C0 74 08 57 56 53 FF D0 89 45 0C 8B 45 0C 5F 5E 5B 5D C2 0C 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MSVC++ v.8 (procedure 1 recognized - h)</text>
-      <pattern>
-        55 8B EC 83 EC 10 A1 xx xx xx xx 83 65 F8 00 83 65 FC 00 53 57 BF 4E E6 40 BB 3B C7 BB 00 00 FF FF 74 0D 85 C3 74 09 F7 D0 A3 xx xx xx xx EB 60 56 8D 45 F8 50 FF 15 xx xx xx xx 8B 75 FC 33 75 F8 FF 15 xx xx xx xx 33 F0 FF 15 xx xx xx xx 33 F0 FF 15 xx xx xx xx 33 F0 8D 45 F0 50 FF 15 xx xx xx xx 8B 45 F4 33 45 F0 33 F0 3B F7 75 07 BE 4F E6 40 BB EB 0B 85 F3 75 07 8B C6 C1 E0 10 0B F0 89 35 xx xx xx xx F7 D6 89 35 xx xx xx xx 5E 5F 5B C9 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>mucki's protector -> mucki</text>
-      <pattern>BE xx xx xx xx B9 xx xx xx xx 8A 06 F6 D0 88 06 46 E2 F7 E9</pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>mucki's protector II -> mucki</text>
-      <pattern>
-        E8 24 00 00 00 8B 4C 24 0C C7 01 17 00 01 00 C7 81 B8 00 00 00 00 00 00 00 31 C0 89 41 14 89 41 18 80 6A 00 E8 85 C0 74 12 64 8B 3D 18 00 00 00 8B 7F 30 0F B6 47 02 85 C0 74 01 C3 C7 04 24 xx xx xx xx BE xx xx xx xx B9 xx xx xx xx 8A 06 F6 D0 88 06 46 E2
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>mucki's protector II -> mucki</text>
-      <pattern>
-        E8 24 00 00 00 8B 4C 24 0C C7 01 17 00 01 00 C7 81 B8 00 00 00 00 00 00 00 31 C0 89 41 14 89 41 18 80 6A 00 E8 85 C0 74 12 64 8B 3D 18 00 00 00 8B 7F 30 0F B6 47 02 85 C0 74 01 C3 C7 04 24 xx xx xx xx BE xx xx xx xx B9 xx xx xx xx 8A 06 F6 D0 88 06 46 E2 F7 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MZ0oPE 1.0.6b -> TaskFall</text>
-      <pattern>
-        EB CA 89 03 83 C3 04 87 FE 32 C0 AE 75 FD 87 FE 80 3E FF 75 E2 46 5B 83 C3 04 53 8B 1B 80 3F FF 75 C9 8B E5 61 68 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MZ0oPE 1.0.6b -> TaskFall</text>
-      <pattern>
-        EB CA 89 03 83 C3 04 87 FE 32 C0 AE 75 FD 87 FE 80 3E FF 75 E2 46 5B 83 C3 04 53 8B 1B 80 3F FF 75 C9 8B E5 61 68 xx xx xx xx C3 FC B2 80 33 DB A4 B3 02 E8 6D 00 00 00 73 F6 33 C9 E8 64 00 00 00 73 1C 33 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MZ0oPE 1.0.6b -> TaskFall</text>
-      <pattern>
-        EB CA 89 03 83 C3 04 87 FE 32 C0 AE 75 FD 87 FE 80 3E FF 75 E2 46 5B 83 C3 04 53 8B 1B 80 3F FF 75 C9 8B E5 61 68 xx xx xx xx C3 FC B2 80 33 DB A4 B3 02 E8 6D 00 00 00 73 F6 33 C9 E8 64 00 00 00 73 1C 33 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00 12 C0 73 F7 75 3F AA EB D4 E8 4D 00 00 00 2B CB 75 10 E8 42 00 00 00 EB 28 AC D1 E8 74 4C 13 C9 EB 1C 91 48 C1 E0 08 AC E8 2C 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 8E 02 D2 75 05 8A 16 46 12 D2 C3 33 C9 41 E8 EE FF FF FF 13 C9 E8 E7 FF FF FF 72 F2 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>MZ_Crypt 1.0 - by BrainSt0rm</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 25 14 40 00 8B BD 77 14 40 00 8B 8D 7F 14 40 00 EB 28 83 7F 1C 07 75 1E 8B 77 0C 03 B5 7B 14 40 00 33 C0 EB 0C 50 8A A5 83 14 40 00 30 26 58 40 46 3B 47 10 76 EF 83 C7 28 49 0B C9 75 D4 8B 85 73 14 40 00 89 44 24 1C 61 FF E0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>N-Joiner 0.1 (Asm Version) -> NEX</text>
-      <pattern>
-        6A 00 68 00 14 40 00 68 00 10 40 00 6A 00 E8 14 00 00 00 6A 00 E8 13 00 00 00 CC FF 25 AC 12 40 00 FF 25 B0 12 40 00 FF 25 B4 12 40 00 FF 25 B8 12 40 00 FF 25 BC 12 40 00 FF 25 C0 12 40 00 FF 25 C4 12 40 00 FF 25 C8 12 40 00 FF 25 CC 12 40 00 FF 25 D0 12 40 00 FF 25 D4 12 40 00 FF 25 D8 12 40 00 FF 25 DC 12 40 00 FF 25 E4 12 40 00 FF 25 EC 12 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>N-Joy 1.0 -> NEX</text>
-      <pattern>
-        55 8B EC 83 C4 F0 B8 9C 3B 40 00 E8 8C FC FF FF 6A 00 68 E4 39 40 00 6A 0A 6A 00 E8 40 FD FF FF E8 EF F5 FF FF 8D 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>N-Joy 1.1 -> NEX</text>
-      <pattern>
-        55 8B EC 83 C4 F0 B8 0C 3C 40 00 E8 24 FC FF FF 6A 00 68 28 3A 40 00 6A 0A 6A 00 E8 D8 FC FF FF E8 7F F5 FF FF 8D 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>N-Joy 1.2 -> NEX</text>
-      <pattern>
-        55 8B EC 83 C4 F0 B8 A4 32 40 00 E8 E8 F1 FF FF 6A 00 68 54 2A 40 00 6A 0A 6A 00 E8 A8 F2 FF FF E8 C7 EA FF FF 8D 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>N-Joy 1.3 -> NEX</text>
-      <pattern>
-        55 8B EC 83 C4 F0 B8 48 36 40 00 E8 54 EE FF FF 6A 00 68 D8 2B 40 00 6A 0A 6A 00 E8 2C EF FF FF E8 23 E7 FF FF 8D 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Naked Packer V1.0 -> BigBoote</text>
-      <pattern>
-        60 FC 0F B6 05 xx xx xx xx 85 C0 75 31 B8 xx xx xx xx 2B 05 xx xx xx xx A3 xx xx xx xx A1 xx xx xx xx 03 05 xx xx xx xx A3 xx xx xx xx E8 9A 00 00 00 A3 xx xx xx xx C6 05 xx xx xx xx 01 83 3D xx xx xx xx 00 75 07 61 FF 25 xx xx xx xx 61 FF 74 24 04 6A 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Naked Packer V1.X -> BigBoote</text>
-      <pattern>
-        6A xx E8 9A 05 00 00 8B D8 53 68 xx xx xx xx E8 6C FD FF FF B9 05 00 00 00 8B F3 BF xx xx xx xx 53 F3 A5 E8 8D 05 00 00 8B 3D xx xx xx xx A1 xx xx xx xx 66 8B 15 xx xx xx xx B9 xx xx xx xx 2B CF 89 45 E8 89 0D xx xx xx xx 66 89 55 EC 8B 41 3C 33 D2 03 C1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nakedbind 1.0 -> nakedcrew</text>
-      <pattern>
-        64 8B 38 48 8B C8 F2 AF AF 8B 1F 66 33 DB 66 81 3B 4D 5A 74 08 81 EB 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NakedPacker 1.0 - by BigBoote</text>
-      <pattern>
-        60 FC 0F B6 05 34 xx xx xx 85 C0 75 31 B8 50 xx xx xx 2B 05 04 xx xx xx A3 30 xx xx xx A1 00 xx xx xx 03 05 30 xx xx xx A3 38 xx xx xx E8 9A 00 00 00 A3 50 xx xx xx C6 05 34 xx xx xx 01 83 3D 50 xx xx xx 00 75 07 61 FF 25 38 xx xx xx 61 FF 74 24 04 6A 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NakedPacker 1.0 - by BigBoote</text>
-      <pattern>
-        60 FC 0F B6 05 34 xx xx xx 85 C0 75 31 B8 50 xx xx xx 2B 05 04 xx xx xx A3 30 xx xx xx A1 00 xx xx xx 03 05 30 xx xx xx A3 38 xx xx xx E8 9A 00 00 00 A3 50 xx xx xx C6 05 34 xx xx xx 01 83 3D 50 xx xx xx 00 75 07 61 FF 25 38 xx xx xx 61 FF 74 24 04 6A 00 FF 15 44 xx xx xx 50 FF 15 40 xx xx xx C3 FF 74 24 04 6A 00 FF 15 44 xx xx xx 50 FF 15 48 xx xx xx C3 8B 4C 24 04 56 8B 74 24 10 57 85 F6 8B F9 74 0D 8B 54 24 10 8A 02 88 01
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Native UD Packer 1.1 (Modded Poison Ivy Shellcode) -> okkixot</text>
-      <pattern>
-        31 C0 31 DB 31 C9 EB 0E 6A 00 6A 00 6A 00 6A 00 FF 15 28 41 40 00 FF 15 94 40 40 00 89 C7 68 88 13 00 00 FF 15 98 40 40 00 FF 15 94 40 40 00 81 C7 88 13 00 00 39 F8 73 05 E9 84 00 00 00 6A 40 68 00 10 00 00 FF 35 04 30 40 00 6A 00 FF 15 A4 40 40 00 89 C7 FF 35 04 30 40 00 68 CA 10 40 00 50 FF 15 A8 40 40 00 6A 40 68 00 10 00 00 FF 35 08 30 40 00 6A 00 FF 15 A4 40 40 00 89 C6 68 00 30 40 00 FF 35 04 30 40 00 57 FF 35 08 30 40 00 50 6A 02 FF 15 4E 41 40 00 6A 00 6A 00 6A 00 56 6A 00 6A 00 FF 15 9C 40 40 00 50 6A 00 6A 00 6A 11 50 FF 15 4A 41 40 00 58 6A FF 50 FF 15 AC 40 40 00 6A 00 FF 15 A0 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>nBinder v3.6.1</text>
-      <pattern>
-        6E 35 36 34 35 36 35 33 32 33 34 35 34 33 5F 6E 62 33 5C 00 5C 6E 35 36 34 35 36 35 33 32 33 34 35 34 33 5F 6E 62 33 5C
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>nBinder v4.0</text>
-      <pattern>
-        5C 6E 62 34 5F 74 6D 70 5F 30 31 33 32 34 35 34 33 35 30 5C 00 00 00 00 00 00 00 00 00 E9 55 43 4C FF 01 1A 00 00 00 00 96 30 07 77 2C 61 0E EE BA 51 09 99 19 C4 6D 07 8F F4 6A 70 35 A5 63 E9 A3 95 64 9E 32 88 DB 0E A4 B8 DC 79
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        nbuild v1.0 soft
-      </text>
-      <pattern>
-        B9 xx xx BB xx xx C0 xx xx 80 xx xx 43 E2
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NeoLite v1.0</text>
-      <pattern>
-        8B 44 24 04 8D 54 24 FC 23 05 xx xx xx xx E8 xx xx xx xx FF 35 xx xx xx xx 50 FF 25
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NeoLite v1.0</text>
-      <pattern>
-        E9 9B 00 00 00 A0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NeoLite v2.00</text>
-      <pattern>
-        8B 44 24 04 23 05 xx xx xx xx 50 E8 xx xx xx xx 83 C4 04 FE 05 xx xx xx xx 0B C0 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Neolite v2.0</text>
-      <pattern>
-        E9 A6 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Netopsystems FEAD Optimizer</text>
-      <pattern>
-        60 BE 00 50 43 00 8D BE 00 C0 FC FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Netopsystems FEAD Optimizer</text>
-      <pattern>
-        E8 00 00 00 00 58 BB 00 00 40 00 8B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NFO v1.0</text>
-      <pattern>
-        8D 50 12 2B C9 B1 1E 8A 02 34 77 88 02 42 E2 F7 C8 8C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>nMacro recorder 1.0</text>
-      <pattern>
-        5C 6E 6D 72 5F 74 65 6D 70 2E 6E 6D 72 00 00 00 72 62 00 00 58 C7 41 00 10 F8 41 00 11 01 00 00 00 00 00 00 46 E1 00 00 46 E1 00 00 35 00 00 00 F6 88 41 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NME 1.1 Public - by redlime</text>
-      <pattern>
-        55 8B EC 83 C4 F0 53 56 B8 30 35 14 13 E8 9A E6 FF FF 33 C0 55 68 6C 36 14 13 64 FF 30 64 89 20 B8 08 5C 14 13 BA 84 36 14 13 E8 7D E2 FF FF E8 C0 EA FF FF 8B 15 CC 45 14 13 A1 C8 45 14 13 E8 04 F8 FF FF 8B 15 D0 45 14 13 A1 C8 45 14 13 E8 F4 F7 FF FF 8B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NME 1.1 Public - by redlime</text>
-      <pattern>
-        55 8B EC 83 C4 F0 53 56 B8 30 35 14 13 E8 9A E6 FF FF 33 C0 55 68 6C 36 14 13 64 FF 30 64 89 20 B8 08 5C 14 13 BA 84 36 14 13 E8 7D E2 FF FF E8 C0 EA FF FF 8B 15 CC 45 14 13 A1 C8 45 14 13 E8 04 F8 FF FF 8B 15 D0 45 14 13 A1 C8 45 14 13 E8 F4 F7 FF FF 8B 15 CC 45 14 13 A1 C8 45 14 13 E8 2C F9 FF FF A3 F8 5A 14 13 8B 15 D0 45 14 13 A1 C8 45 14 13 E8 17 F9 FF FF A3 FC 5A 14 13 B8 04 5C 14 13 E8 20 FB FF FF 8B D8 85 DB 74 48 B8 00 5B 14 13 8B 15 C4 45 14 13 E8 1E E7 FF FF A1 04 5C 14 13 E8 A8 DA FF FF xx xx xx xx 5C 14 13 50 8B CE 8B D3 B8 00 5B 14 13 xx xx xx xx FF 8B C6 E8 DF FB FF FF 8B C6 E8 9C DA FF FF B8 00 5B 14 13 E8 72 E7 FF FF 33 C0 5A 59 59 64 89 10 68 73 36 14 13 C3 E9 0F DF FF FF EB F8 5E 5B E8 7E E0 FF FF 00 00 FF FF FF FF 0C 00 00 00 4E 4D 45 20 31 2E 31 20 53 74 75 62
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NoName Packer</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 2E 34 46 00 B9 55 4A 46 00 81 E9 26 37 46 00 89 EA 81 C2 26 37 46 00 8D 3A 89 FE 31 C0 E9 D3 02 00 00 CC CC CC CC E9 CA 02 00 00 43 3A 5C 57 69 6E 64 6F 77 73 5C 53 6F 66 74 57 61 72 65 50 72 6F 74 65 63 74 6F 72 5C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NoodleCrypt 2.00 (Eng) -> NoodleSpa</text>
-      <pattern>
-        EB 01 9A E8 76 00 00 00 EB 01 9A E8 65 00 00 00 EB 01 9A E8 7D 00 00 00 EB 01 9A E8 55 00 00 00 EB 01 9A E8 43 04 00 00 EB 01 9A E8 E1 00 00 00 EB 01 9A E8 3D 00 00 00 EB 01 9A E8 EB 01 00 00 EB 01 9A E8 2C 04 00 00 EB 01 9A E8 25 00 00 00 EB 01 9A E8 02
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NoodleCrypt v2.00 (Eng) -> NoodleSpa</text>
-      <pattern>
-        EB 01 9A E8 76 00 00 00 EB 01 9A E8 65 00 00 00 EB 01 9A E8 7D 00 00 00 EB 01 9A E8 55 00 00 00 EB 01 9A E8 43 04 00 00 EB 01 9A E8 E1 00 00 00 EB 01 9A E8 3D 00 00 00 EB 01 9A E8 EB 01 00 00 EB 01 9A E8 2C 04 00 00 EB 01 9A E8 25 00 00 00 EB 01 9A E8 02 04 00 00 EB 01 9A E8 19 07 00 00 EB 01 9A E8 9C 00 00 00 EB 01 9A E8 9C 06 00 00 E8 00 00 00 00 0F 7E F8 EB 01 9A 8B F8 C3 E8 00 00 00 00 58 EB 01 9A 25 00 F0 FF FF 8B F8 EB 01 9A 0F 6E F8 C3 8B D0 EB 01 9A 81 C2 C8 00 00 00 EB 01 9A B9 00 17 00 00 EB 01 9A C0 0A 06 EB 01 9A 80 2A 15 EB 01 9A 42 E2 EE 0F 6E C0 EB 01 9A 0F 7E C0 EB 01 9A 8B D0 00 85 EB A5 F5 65 4B 45 45 00 85 EB B3 65 07 45 45 00 85 EB 75 C7 C6 00 85 EB 65 CF 8A 00 85 EB D5 FD C0 00 85 EB 7F E5 05 05 05 00 85 EB 7F 61 06 45 45 00 85 EB 7F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NoodleCrypt v2.0</text>
-      <pattern>
-        EB 01 9A E8 3D 00 00 00 EB 01 9A E8 EB 01 00 00 EB 01 9A E8 2C 04 00 00 EB 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NoodleCrypt v2.0</text>
-      <pattern>
-        EB 01 9A E8 xx 00 00 00 EB 01 9A E8 xx xx 00 00 EB 01 9A E8 xx xx 00 00 EB 01
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Noodlecrypt2 -> r!sc</text>
-      <pattern>
-        EB 01 9A E8 76 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>North Star PE Shrinker 1.3 -> Liuxingping</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D B8 B3 85 40 00 2D AC 85 40 00 2B E8 8D B5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>North Star PE Shrinker 1.3 by Liuxingping</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D B8 B3 85 40 00 2D AC 85 40 00 2B E8 8D B5 73 xx FF FF 8B 06 83 F8 00 74 11 8D B5 7F xx FF FF 8B 06 83 F8 01 0F 84 F1 01 00 00 C7 06 01 00 00 00 8B D5 8B 85 4F xx FF FF 2B D0 89 95 4F xx FF FF 01 95 67 xx FF FF 8D B5 83 xx FF FF 01
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>North Star PE Shrinker v1.3 by Liuxingping</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D B8 B3 85 40 00 2D AC 85 40 00 2B E8 8D B5 73 xx FF FF 8B 06 83 F8 00 74 11 8D B5 7F xx FF FF 8B 06 83 F8 01 0F 84 F1 01 00 00 C7 06 01 00 00 00 8B D5 8B 85 4F xx FF FF 2B D0 89 95 4F xx FF FF 01 95 67 xx FF FF 8D B5 83 xx FF FF 01 16 8B 36 8B FD 60 6A 40 68 00 10 00 00 68 00 10 00 00 6A 00 FF 95 A3 xx FF FF 85 C0 0F 84 06 03 00 00 89 85 63 xx FF FF E8 00 00 00 00 5B B9 31 89 40 00 81 E9 2E 86 40 00 03 D9 50 53 E8 3D 02 00 00 61 03 BD 47 xx FF FF 8B DF 83 3F 00 75 0A 83 C7 04 B9 00 00 00 00 EB 16 B9 01 00 00 00 03 3B 83 C3 04 83 3B 00 74 2D 01 13 8B 33 03 7B 04 57 51 52 53 FF B5 A7 xx FF FF FF B5 A3 xx FF FF 56 57 FF 95 63 xx FF FF 5B 5A 59 5F 83 F9 00 74 05 83 C3 08 EB CE 68 00 80 00 00 6A 00 FF B5 63 xx FF FF FF 95 A7 xx FF FF 8D
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Norton Speed Disk Configuration file</text>
-      <pattern>
-        4E 6F 72 74 6F 6E 20 53 70 65 65 64
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>nPack 1.1.150.2006.Beta -> NEOx</text>
-      <pattern>
-        83 3D xx xx xx xx xx 75 05 E9 01 00 00 00 C3 E8 41 00 00 00 B8 xx xx xx xx 2B 05 xx xx xx xx A3 xx xx xx xx E8 5E 00 00 00 E8 E0 01 00 00 E8 EC 06 00 00 E8 F7 05 00 00 A1 xx xx xx xx C7 05 xx xx xx xx xx xx xx xx 01 05 xx xx xx xx FF 35 xx xx xx xx C3 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>nPack 1.1.150.2006.Beta -> NEOx</text>
-      <pattern>
-        83 3D xx xx xx xx xx 75 05 E9 01 00 00 00 C3 E8 41 00 00 00 B8 xx xx xx xx 2B 05 xx xx xx xx A3 xx xx xx xx E8 5E 00 00 00 E8 E0 01 00 00 E8 EC 06 00 00 E8 F7 05 00 00 A1 xx xx xx xx C7 05 xx xx xx xx xx xx xx xx 01 05 xx xx xx xx FF 35 xx xx xx xx C3 C3 56 57 68 xx xx xx xx FF 15 xx xx xx xx 8B 35 xx xx xx xx 8B F8 68 xx xx xx xx 57 FF D6 68 xx xx xx xx 57 A3 xx xx xx xx FF D6 5F A3 xx xx xx xx 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        nPack 1.1.250.2006.Beta -> NEOxuinC
-      </text>
-
-      <pattern>
-        83 3D 04 xx xx xx 00 75 05 E9 01 00 00 00 C3 E8 46 00 00 00 E8 73 00 00 00 B8 2E xx xx xx 2B 05 08 xx xx xx A3 00 xx xx xx E8 9C 00 00 00 E8 04 02 00 00 E8 FB 06 00 00 E8 1B 06 00 00 A1 00 xx xx xx C7 05 04 xx xx xx 01 00 00 00 01 05 00 xx xx xx FF 35 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>nPack 1.1.300.2006 Beta -> NEOx</text>
-      <pattern>
-        83 3D xx xx xx xx xx 75 05 E9 01 00 00 00 C3 E8 46 00 00 00 E8 73 00 00 00 B8 xx xx xx xx 2B 05 xx xx xx xx A3 xx xx xx xx E8 9C 00 00 00 E8 2D 02 00 00 E8 DD 06 00 00 E8 2C 06 00 00 A1 xx xx xx xx C7 05 xx xx xx xx xx xx xx xx 01 05 xx xx xx xx FF 35 xx xx xx xx C3 C3 56 57 68 xx xx xx xx FF 15 xx xx xx xx 8B 35 xx xx xx xx 8B F8 68 xx xx xx xx 57 FF D6 68 xx xx xx xx 57 A3 xx xx xx xx FF D6 5F A3 xx xx xx xx 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>nPack v1.1 150-200 Beta -> NEOx</text>
-      <pattern>
-        83 3D 40 xx xx xx 00 75 05 E9 01 00 00 00 C3 E8 41 00 00 00 B8 80 xx xx xx 2B 05 08 xx xx xx A3 3C xx xx 00 E8 5E 00 00 00 E8 E0 01 00 00 E8 EC 06 00 00 E8 F7 05 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>nPack v1.1 250 Beta -> NEOx</text>
-      <pattern>
-        83 3D 04 xx xx xx 00 75 05 E9 01 00 00 00 C3 E8 46 00 00 00 E8 73 00 00 00 B8 2E xx xx xx 2B 05 08 xx xx xx A3 00 xx xx xx E8 9C 00 00 00 E8 04 02 00 00 E8 FB 06 00 00 E8 1B 06 00 00 A1 00 xx xx xx C7 05 04 xx xx xx 01 00 00 00 01 05 00 xx xx xx FF 35 00 xx xx xx C3 C3 56 57 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        nPack V1.1.150.2006.Beta -> NEOx/uinC
-      </text>
-      <pattern>
-        83 3D 40 xx xx xx 00 75 05 E9 01 00 00 00 C3 E8 41 00 00 00 B8 80 xx xx xx 2B 05 08 xx xx xx A3 3C xx xx xx E8 5E 00 00 00 E8 E0 01 00 00 E8 EC 06 00 00 E8 F7 05 00 00 A1 3C xx xx xx C7 05 40 xx xx xx 01 00 00 00 01 05 00 xx xx xx FF 35 00 xx xx xx C3 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        nPack V1.1.150.2006.Beta -> NEOx/uinC
-      </text>
-      <pattern>
-        83 3D 40 xx xx xx 00 75 05 E9 01 00 00 00 C3 E8 41 00 00 00 B8 80 xx xx xx 2B 05 08 xx xx xx A3 3C xx xx xx E8 5E 00 00 00 E8 E0 01 00 00 E8 EC 06 00 00 E8 F7 05 00 00 A1 3C xx xx xx C7 05 40 xx xx xx 01 00 00 00 01 05 00 xx xx xx FF 35 00 xx xx xx C3 C3 56 57 68 54 xx xx xx FF 15 00 xx xx xx 8B 35 08 xx xx xx 8B F8 68 44 xx xx xx 57 FF D6 68 38 xx xx xx 57 A3 38 xx xx xx FF D6 5F A3 34 xx xx xx 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        nPack V1.1.200.2006.Beta -> NEOx/uinC
-      </text>
-      <pattern>
-        83 3D 40 xx xx xx 00 75 05 E9 01 00 00 00 C3 E8 41 00 00 00 B8 80 xx xx xx 2B 05 08 xx xx xx A3 3C xx xx xx E8 5E 00 00 00 E8 EC 01 00 00 E8 F8 06 00 00 E8 03 06 00 00 A1 3C xx xx xx C7 05 40 xx xx xx 01 00 00 00 01 05 00 xx xx xx FF 35 00 xx xx xx C3 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        nPack V1.1.250.2006.Beta -> NEOx/uinC
-      </text>
-      <pattern>
-        83 3D 04 xx xx xx 00 75 05 E9 01 00 00 00 C3 E8 46 00 00 00 E8 73 00 00 00 B8 2E xx xx xx 2B 05 08 xx xx xx A3 00 xx xx xx E8 9C 00 00 00 E8 04 02 00 00 E8 FB 06 00 00 E8 1B 06 00 00 A1 00 xx xx xx C7 05 04 xx xx xx 01 00 00 00 01 05 00 xx xx xx FF 35 00 xx xx xx C3 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>nPack v1.1.xxx -> NEOx</text>
-      <pattern>
-        83 3D xx xx xx 00 00 75 05 E9 01 00 00 00 C3 E8 46 00 00 00 E8 73 00 00 00 B8 xx xx xx xx 2B 05 08 xx xx xx A3 xx xx xx xx E8 9C 00 00 00 E8 xx 02 00 00 E8 xx 06 00 00 E8 xx 06 00 00 A1 xx xx xx xx C7 05 xx xx xx 00 01 00 00 00 01 05 00 xx xx xx FF 35 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NSIS Installer -> NullSoft</text>
-      <pattern>
-        83 EC 20 53 55 56 33 DB 57 89 5C 24 18 C7 44 24 10 xx xx xx xx C6 44 24 14 20 FF 15 30 70 40 00 53 FF 15 80 72 40 00 68 xx xx xx xx 68 xx xx xx xx A3 xx xx xx xx E8 xx xx xx xx BE
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NSPack -> Nort Star Software - http://www.nsdsn.com/</text>
-      <pattern>
-        83 F9 00 74 28 43 8D B5 xx xx FF FF 8B 16 56 51 53 52 56 FF 33 FF 73 04 8B 43 08 03 C2 50 FF 95 xx xx FF FF 5A 5B 59 5E 83 C3 0C E2 E1 61 9D E9 xx xx xx FF 8B B5 xx xx FF FF 0B F6 0F 84 97 00 00 00 8B 95 xx xx FF FF 03 F2 83 3E 00 75 0E 83 7E 04 00 75 08
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NSPack -> Nort Star Software - url:://www.nsdsn.com/</text>
-      <pattern>
-        83 F9 00 74 28 43 8D B5 xx xx FF FF 8B 16 56 51 53 52 56 FF 33 FF 73 04 8B 43 08 03 C2 50 FF 95 xx xx FF FF 5A 5B 59 5E 83 C3 0C E2 E1 61 9D E9 xx xx xx FF 8B B5 xx xx FF FF 0B F6 0F 84 97 00 00 00 8B 95 xx xx FF FF 03 F2 83 3E 00 75 0E 83 7E 04 00 75 08 83 7E 08 00 75 02 EB 7A 8B 5E 08 03 DA 53 52 56 8D BD xx xx FF FF 03 7E 04 83 C6 0C 57
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPacK .Net -> LiuXingPing ! Sign by fly</text>
-      <pattern>
-        56 69 72 74 75 61 6C 50 72 6F 74 65 63 74 00 00 BB 01 47 65 74 53 79 73 74 65 6D 49 6E 66 6F 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 5E 00 5F 43 6F 72 xx xx xx 4D 61 69 6E 00 6D 73 63 6F 72 65 65 2E 64 6C 6C
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPack 1.4 -> Liuxingping</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D B8 xx xx 40 00 2D xx xx 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPack 1.4 by North Star (Liu Xing Ping)</text>
-      <pattern>
-        8B DF 83 3F 00 75 0A 83 C7 04 B9 00 00 00 00 EB 16 B9 01 00 00 00 03 3B 83 C3 04 83 3B 00 74 2D 01 13 8B 33 03 7B 04 57 51 52 53
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPack 2.3 -> Liu Xing Ping</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D B8 07 00 00 00 2B E8 8D B5 xx xx FF FF 8B 06 83 F8 00 74 11 8D B5 xx xx FF FF 8B 06 83 F8 01 0F 84 4B 02 00 00 C7 06 01 00 00 00 8B D5 8B 85 xx xx FF FF 2B D0 89 95 xx xx FF FF 01 95 xx xx FF FF 8D B5 xx xx FF FF 01 16 8B 36 8B FD
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPack 2.9 -> North Star</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D B8 07 00 00 00 2B E8 8D B5 xx xx FF FF 8A 06 3C 00 74 12 8B F5 8D B5 xx xx FF FF 8A 06 3C 01 0F 84 42 02 00 00 C6 06 01 8B D5 2B 95 xx xx FF FF 89 95 xx xx FF FF 01 95 xx xx FF FF 8D B5 xx xx FF FF 01 16 60 6A 40 68 00 10 00 00 68 00 10 00 00 6A 00 FF 95 xx xx FF FF 85 C0 0F 84 6A 03 00 00 89 85 xx xx FF FF E8 00 00 00 00 5B B9 68 03 00 00 03 D9 50 53 E8 B1 02 00 00 61 8B 36 8B FD 03 BD xx xx FF FF 8B DF 83 3F 00 75 0A 83 C7 04 B9 00 00 00 00 EB 16 B9 01 00 00 00 03 3B 83 C3 04 83 3B 00 74 36
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>nSPack 2.x -> North Star/Liu Xing Ping</text>
-      <pattern>
-        FF FF 8B 4E 08 8D 56 10 8B 36 8B FE 83 F9 00 74 3F 8A 07 47 2C E8 3C 01 77 F7 8B 07 80 7A 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>nSPack 2.x/3.x .NET -> North Star/Liu Xing Ping</text>
-      <pattern>
-        FF 25 A4 xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>nSPack 2.x/3.x .NET-> North Star/Liu Xing Ping</text>
-      <pattern>
-        FF 25 A4 xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPack 3.0 -> North Star</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D B8 07 00 00 00 2B E8 8D B5 xx xx FF FF 66 8B 06 66 83 F8 00 74 15 8B F5 8D B5 xx xx FF FF 66 8B 06 66 83 F8 01 0F 84 42 02 00 00 C6 06 01 8B D5 2B 95 xx xx FF FF 89 95 xx xx FF FF 01 95 xx xx FF FF 8D B5 xx xx FF FF 01 16 60 6A 40 68 00 10 00 00 68 00 10 00 00 6A 00 FF 95 xx xx FF FF 85 C0 0F 84 6A 03 00 00 89 85 xx xx FF FF E8 00 00 00 00 5B B9 68 03 00 00 03 D9 50 53 E8 B1 02 00 00 61 8B 36 8B FD 03 BD xx xx FF FF 8B DF 83 3F 00 75 0A 83 C7 04 B9 00 00 00 00 EB 16 B9 01 00 00 00 03 3B 83 C3 04 83 3B 00 74 36
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPack 3.0 by North Star (Liu Xing Ping)</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D B8 07 00 00 00 2B E8 8D B5 55 F9 FF FF 66 8B 06 66 83 F8 00 74 15 8B F5 8D B5 7D F9 FF FF 66 8B 06 66 83 F8 01 0F 84 42 02 00 00 C6 06 01 8B D5 2B 95 11 F9 FF FF 89 95
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPack 3.1 -> Liu Xing Ping</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D 83 ED 07 8D 9D xx xx xx xx 8A 03 3C 00 74 10 8D 9D xx xx FF FF 8A 03 3C 01 0F 84 42 02 00 00 C6 03 01 8B D5 2B 95 xx xx FF FF 89 95 xx xx FF FF 01 95 xx xx FF FF 8D B5 xx xx FF FF 01 16 60 6A 40 68 00 10 00 00 68 00 10 00 00 6A 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPack 3.1 -> North Star (h)</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D 83 ED 07 8D 9D xx xx FF FF 8A 03 3C 00 74 10 8D 9D xx xx FF FF 8A 03 3C 01 0F 84 42 02 00 00 C6 03 01 8B D5 2B 95 xx xx FF FF 89 95 xx xx FF FF 01 95 xx xx FF FF 8D B5 xx xx FF FF 01 16 60 6A 40 68 00 10 00 00 68 00 10 00 00 6A 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPack 3.1 by North Star (Liu Xing Ping)</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D 83 ED 07 8D 9D xx xx FF FF 8A 03 3C 00 74 10 8D 9D xx xx FF FF 8A 03 3C 01 0F 84 42 02 00 00 C6 03 01 8B D5 2B 95 xx xx FF FF 89 95 xx xx FF FF 01 95 xx xx FF FF 8D B5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPack 3.4 -> North Star</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D 83 ED 07 8D 85 xx xx FF FF 80 38 01 0F 84 42 02 00 00 C6 00 01 8B D5 2B 95 xx xx FF FF 89 95 xx xx FF FF 01 95 xx xx FF FF 8D B5 xx xx FF FF 01 16 60 6A 40 68 00 10 00 00 68 00 10 00 00 6A 00 FF 95 xx xx FF FF 85 C0 0F 84 6A 03 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPack 3.4 -> North Star</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D 83 ED 07 8D 85 xx xx FF FF 80 38 01 0F 84 42 02 00 00 C6 00 01 8B D5 2B 95 xx xx FF FF 89 95 xx xx FF FF 01 95 xx xx FF FF 8D B5 xx xx FF FF 01 16 60 6A 40 68 00 10 00 00 68 00 10 00 00 6A 00 FF 95 xx xx FF FF 85 C0 0F 84 6A 03 00 00 89 85 xx xx FF FF E8 00 00 00 00 5B B9 68 03 00 00 03 D9 50 53 E8 B1 02 00 00 61 8B 36 8B FD 03 BD xx xx FF FF 8B DF 83 3F 00 75 0A 83 C7 04 B9 00 00 00 00 EB 16 B9 01 00 00 00 03 3B 83 C3 04 83 3B 00 74 36 01 13 8B 33 03 7B 04 57 51 52 53 FF B5 xx xx FF FF FF B5 xx xx FF FF 8B D6 8B CF 8B 85 xx xx FF FF 05 AA 05 00 00 FF D0 5B 5A 59 5F 83 F9 00 74 05 83 C3 08 EB C5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPack 3.x -> Liu Xing Ping</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D 83 ED 07 8D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NSPack 3.x -> Liu Xing Ping</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D 83 ED 07 8D 85 xx xx FF FF xx 38 01 0F 84 xx 02 00 00 xx 00 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPack V1.1 -> LiuXingPing</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D B8 57 84 40 00 2D 50 84 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>nSpack V1.3 -> LiuXingPing</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D B8 B3 85 40 00 2D AC 85 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPack V1.4 -> LiuXingPing</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D B8 B1 85 40 00 2D AA 85 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>nSpack V2.3 -> LiuXingPing</text>
-      <pattern>
-        9C 60 70 61 63 6B 24 40
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPack v2.3 -> North Star</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D B8 07 00 00 00 2B E8 8D B5 xx xx FF FF 8B 06 83 F8 00 74 11 8D B5 xx xx FF FF 8B 06 83 F8 01 0F 84 4B 02 00 00 C7 06 01 00 00 00 8B D5 8B 85 xx xx FF FF 2B D0 89 95 xx xx FF FF 01 95 xx xx FF FF 8D B5 xx xx FF FF 01 16 8B 36 8B FD 60 6A 40 68 00 10 00 00 68 00 10 00 00 6A 00 FF 95 xx xx FF FF 85 C0 0F 84 56 03 00 00 89 85 xx xx FF FF E8 00 00 00 00 5B B9 54 03 00 00 03 D9 50 53 E8 9D 02 00 00 61
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>nSpack V2.x -> LiuXingPing</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D B8 07 00 00 00 2B E8 8D B5
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPack V2.X -> LiuXingPing</text>
-      <pattern>
-        6E 73 70 61 63 6B 24 40
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPacK V3.0 -> LiuXingPing</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D B8 07 00 00 00 2B E8 8D B5 xx xx xx xx 66 8B 06 66 83 F8 00 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPacK V3.1 -> LiuXingPing</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D 83 ED 07 8D 9D xx xx xx xx 8A 03 3C 00 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPack v3.1 -> North Star</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D 83 ED 07 8D 9D xx xx FF FF 8A 03 3C 00 74 10 8D 9D xx xx FF FF 8A 03 3C 01 0F 84 42 02 00 00 C6 03 01 8B D5 2B 95 xx xx FF FF 89 95 xx xx FF FF 01 95 xx xx FF FF 8D B5 xx xx FF FF 01 16 60 6A 40 68 00 10 00 00 68 00 10 00 00 6A 00 FF 95 xx xx FF FF 85 C0 0F 84 6A 03 00 00 89 85 xx xx FF FF E8 00 00 00 00 5B B9 68 03 00 00 03 D9 50 53 E8 B1 02 00 00 61 8B 36 8B FD 03 BD xx xx FF FF 8B DF 83 3F 00 75 0A 83 C7 04 B9 00 00 00 00 EB 16 B9 01 00 00 00 03 3B 83 C3 04 83 3B 00 74 36 01 13 8B 33 03 7B 04 57 51 52 53 FF B5 xx xx FF FF FF B5 xx xx FF FF 8B D6 8B CF 8B 85 xx xx FF FF 05 AA 05 00 00 FF D0 5B 5A 59 5F 83 F9 00 74 05 83 C3 08 EB C5 68 00 80 00 00 6A 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPacK V3.3 -> LiuXingPing</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D 83 ED 07 8D 85 xx xx xx xx 80 38 00 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPacK V3.4-V3.5 -> LiuXingPing</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D 83 ED 07 8D 85 xx xx xx xx 80 38 01 0F 84
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPacK V3.6 -> LiuXingPing</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D 83 ED 07 8D xx xx xx xx xx 83 38 01 0F 84 47 02 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPacK V3.7 -> LiuXingPing</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D 83 ED 07 8D xx xx xx xx xx 80 39 01 0F xx xx xx 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NsPack v3.7 -> North Star (h)</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D 83 ED 07 8D 8D xx xx xx FF 80 39 01 0F 84 42 02 00 00 C6 01 01 8B C5 2B 85 xx xx xx FF 89 85 xx xx xx FF 01 85 xx xx xx FF 8D B5 xx xx xx FF 01 06 55 56 6A 40 68 00 10 00 00 68 00 10 00 00 6A 00 FF 95 xx xx xx FF 85 C0 0F 84 69 03 00 00 89 85 xx xx xx FF E8 00 00 00 00 5B B9 67 03 00 00 03 D9 50 53 E8 B0 02 00 00 5E 5D 8B 36 8B FD 03 BD xx xx xx FF 8B DF 83 3F 00 75 0A 83 C7 04 B9 00 00 00 00 EB 16 B9 01 00 00 00 03 3B 83 C3 04 83 3B 00 74 34 01 13 8B 33 03 7B 04 57 51 53 FF B5 xx xx xx FF FF B5 xx xx xx FF 8B D6 8B CF 8B 85 xx xx xx FF 05 AA 05 00 00 FF D0 5B 59 5F 83 F9 00 74 05 83 C3 08 EB C7 68 00 80 00 00 6A 00 FF B5 xx xx xx FF FF 95 xx xx xx FF 8D B5 xx xx xx FF 8B 4E 08 8D 56 10 8B 36 8B FE 83 F9 00 74 3F 8A 07 47 2C E8 3C 01 77 F7 8B 07 80 7A 01 00 74 14 8A 1A 38 1F 75 E9 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4 EB 0A 8A 5F 04 86 C4 C1 C0 10 86 C4 2B C7 03 C6 89 07 83 C7 05 80 EB E8 8B C3 E2 C6 E8 3A 01 00 00 8D 8D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NTkrnl Secure Suite -> NTkrnl Team (Blue)</text>
-      <pattern>
-        68 29 19 43 00 E8 01 00 00 00 C3 C3 A2 A9 61 4E A5 0E C7 A6 59 90 6E 4D 4C DB 36 46 FB 6E C4 45 A3 C2 2E 0E 41 59 1A 50 17 39 62 4D B8 61 24 8E CF D1 0E 9E 7A 66 C0 8D 6B 9C 52 7E 96 46 80 AF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NTkrnl Secure Suite -> NTkrnl team (h)</text>
-      <pattern>
-        34 10 00 00 28 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 41 10 00 00 50 10 00 00 00 00 00 00 4B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NTkrnl Secure Suite -> NTkrnl team (h)</text>
-      <pattern>
-        34 10 00 00 28 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 41 10 00 00 50 10 00 00 00 00 00 00 4B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 79
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NTkrnl Secure Suite 0.1-0.15 -> NTkrnl Software</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 00 00 00 00 34 10 00 00 28 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 4B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 47 65 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NTkrnl Secure Suite V0.1 -> NTkrnl Software ! Sign by fly</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 00 00 00 00 34 10 00 00 28 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 4B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 68 xx xx xx xx E8 01 00 00 00 C3 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NTkrnl Secure Suite V0.1 DLL -> NTkrnl Software ! Sign by fly</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 00 00 00 00 34 10 00 00 28 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 4B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 8B 44 24 04 05 xx xx xx xx 50 E8 01 00 00 00 C3 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NTKrnlPacker -> Ashkbiz Danehkar</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 00 00 00 00 34 10 00 00 28 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 41 10 00 00 50 10 00 00 00 00 00 00 4B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 47 65 74
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NTPacker 1.0 -> ErazerZ</text>
-      <pattern>
-        55 8B EC 83 C4 E0 53 33 C0 89 45 E0 89 45 E4 89 45 E8 89 45 EC B8 xx xx 40 00 E8 xx xx FF FF 33 C0 55 68 xx xx 40 00 64 FF 30 64 89 20 8D 4D EC BA xx xx 40 00 A1 xx xx 40 00 E8 xx FC FF FF 8B 55 EC B8 xx xx 40 00 E8 xx xx FF FF 8D 4D E8 BA xx xx 40 00 A1 xx xx 40 00 E8 xx FE FF FF 8B 55 E8 B8 xx xx 40 00 E8 xx xx FF FF B8 xx xx 40 00 E8 xx FB FF FF 8B D8 A1 xx xx 40 00 BA xx xx 40 00 E8 xx xx FF FF 75 26 8B D3 A1 xx xx 40 00 E8 xx xx FF FF 84 C0 75 2A 8D 55 E4 33 C0 E8 xx xx FF FF 8B 45 E4 8B D3 E8 xx xx FF FF EB 14 8D 55 E0 33 C0 E8 xx xx FF FF 8B 45 E0 8B D3 E8 xx xx FF FF 6A 00 E8 xx xx FF FF 33 C0 5A 59 59 64 89 10 68 xx xx 40 00 8D 45 E0 BA 04 00 00 00 E8 xx xx FF FF C3 E9 xx xx FF FF EB EB 5B E8 xx xx FF FF 00 00 00 FF FF FF FF 01 00 00 00 25 00 00 00 FF FF FF FF 01 00 00 00 5C 00 00 00 FF FF FF FF 06 00 00 00 53 45 52 56 45 52 00 00 FF FF FF FF 01 00 00 00 31
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NTPacker V2.X -> ErazerZ ! Sign by fly</text>
-      <pattern>
-        4B 57 69 6E 64 6F 77 73 00 10 55 54 79 70 65 73 00 00 3F 75 6E 74 4D 61 69 6E 46 75 6E 63 74 69 6F 6E 73 00 00 47 75 6E 74 42 79 70 61 73 73 00 00 B7 61 50 4C 69 62 75 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nullsoft Install System 1.xx</text>
-      <pattern>
-        55 8B EC 83 EC 2C 53 56 33 F6 57 56 89 75 DC 89 75 F4 BB A4 9E 40 00 FF 15 60 70 40 00 BF C0 B2 40 00 68 04 01 00 00 57 50 A3 AC B2 40 00 FF 15 4C 70 40 00 56 56 6A 03 56 6A 01 68 00 00 00 80 57 FF 15 9C 70 40 00 8B F8 83 FF FF 89 7D EC 0F 84 C3 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nullsoft Install System 1.xx</text>
-      <pattern>
-        83 EC 0C 53 56 57 FF 15 20 71 40 00 05 E8 03 00 00 BE 60 FD 41 00 89 44 24 10 B3 20 FF 15 28 70 40 00 68 00 04 00 00 FF 15 28 71 40 00 50 56 FF 15 08 71 40 00 80 3D 60 FD 41 00 22 75 08 80 C3 02 BE 61 FD 41 00 8A 06 8B 3D F0 71 40 00 84 C0 74 0F 3A C3 74
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nullsoft Install System 2.0 RC2</text>
-      <pattern>
-        83 EC 10 53 55 56 57 C7 44 24 14 70 92 40 00 33 ED C6 44 24 13 20 FF 15 2C 70 40 00 55 FF 15 84 72 40 00 BE 00 54 43 00 BF 00 04 00 00 56 57 A3 A8 EC 42 00 FF 15 C4 70 40 00 E8 8D FF FF FF 8B 1D 90 70 40 00 85 C0 75 21 68 FB 03 00 00 56 FF 15 5C 71 40 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nullsoft Install System 2.06</text>
-      <pattern>
-        83 EC 20 53 55 56 33 DB 57 89 5C 24 18 C7 44 24 10 xx xx xx xx C6 44 24 14 20 FF 15 xx xx xx xx 53 FF 15 xx xx xx xx 68 xx xx xx xx 68 xx xx xx xx A3 xx xx xx xx E8 02 23 00 00 BE xx xx xx xx 56
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nullsoft Install System 2.0</text>
-      <pattern>
-        83 EC 0C 53 55 56 57 C7 44 24 10 70 92 40 00 33 DB C6 44 24 14 20 FF 15 2C 70 40 00 53 FF 15 84 72 40 00 BE 00 54 43 00 BF 00 04 00 00 56 57 A3 A8 EC 42 00 FF 15 C4 70 40 00 E8 8D FF FF FF 8B 2D 90 70 40 00 85 C0 75 21 68 FB 03 00 00 56 FF 15 5C 71 40 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nullsoft Install System 2.0</text>
-      <pattern>
-        83 EC 0C 53 55 56 57 C7 44 24 10 xx xx xx xx 33 DB C6 44 24 14 20 FF 15 xx xx xx xx 53 FF 15 xx xx xx xx BE xx xx xx xx BF xx xx xx xx 56 57 A3 xx xx xx xx FF 15 xx xx xx xx E8 8D FF FF FF 8B 2D xx xx xx xx 85 C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nullsoft Install System 2.0a0</text>
-      <pattern>
-        83 EC 0C 53 56 57 FF 15 B4 10 40 00 05 E8 03 00 00 BE E0 E3 41 00 89 44 24 10 B3 20 FF 15 28 10 40 00 68 00 04 00 00 FF 15 14 11 40 00 50 56 FF 15 10 11 40 00 80 3D E0 E3 41 00 22 75 08 80 C3 02 BE E1 E3 41 00 8A 06 8B 3D 14 12 40 00 84 C0 74 19 3A C3 74
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nullsoft Install System 2.0b4</text>
-      <pattern>
-        83 EC 10 53 55 56 57 C7 44 24 14 F0 91 40 00 33 ED C6 44 24 13 20 FF 15 2C 70 40 00 55 FF 15 88 72 40 00 BE 00 D4 42 00 BF 00 04 00 00 56 57 A3 60 6F 42 00 FF 15 C4 70 40 00 E8 9F FF FF FF 8B 1D 90 70 40 00 85 C0 75 21 68 FB 03 00 00 56 FF 15 60 71 40 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nullsoft Install System 2.0b4</text>
-      <pattern>
-        83 EC 14 83 64 24 04 00 53 55 56 57 C6 44 24 13 20 FF 15 30 70 40 00 BE 00 20 7A 00 BD 00 04 00 00 56 55 FF 15 C4 70 40 00 56 E8 7D 2B 00 00 8B 1D 8C 70 40 00 6A 00 56 FF D3 BF 80 92 79 00 56 57 E8 15 26 00 00 85 C0 75 38 68 F8 91 40 00 55 56 FF 15 60 71
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nullsoft Install System v1.98</text>
-      <pattern>
-        83 EC 0C 53 56 57 FF 15 2C 81 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nullsoft Install System v1.xx</text>
-      <pattern>
-        55 8B EC 83 EC 2C 53 56 33 F6 57 56 89 75 DC 89 75 F4 BB A4 9E 40 00 FF 15 60 70 40 00 BF C0 B2 40 00 68 04 01 00 00 57 50 A3 AC B2 40 00 FF 15 4C 70 40 00 56 56 6A 03 56 6A 01 68 00 00 00 80 57 FF 15 9C 70 40 00 8B F8 83 FF FF 89 7D EC 0F 84 C3 00 00 00 56 56 56 89 75 E4 E8 C1 C9 FF FF 8B 1D 68 70 40 00 83 C4 0C 89 45 E8 89 75 F0 6A 02 56 6A FC 57 FF D3 89 45 FC 8D 45 F8 56 50 8D 45 E4 6A 04 50 57 FF 15 48 70 40 00 85 C0 75 07 BB 7C 9E 40 00 EB 7A 56 56 56 57 FF D3 39 75 FC 7E 62 BF 74 A2 40 00 B8 00 10 00 00 39 45 FC 7F 03 8B 45 FC 8D 4D F8 56 51 50 57 FF 75 EC FF 15 48 70 40 00 85 C0 74 5A FF 75 F8 57 FF 75 E8 E8 4D C9 FF FF 89 45 E8 8B 45 F8 29 45 FC 83 C4 0C 39 75 F4 75 11 57 E8 D3 F9 FF FF 85 C0 59 74 06 8B 45 F0 89 45 F4 8B 45 F8 01 45 F0 39 75 FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nullsoft Install System v1.xx</text>
-      <pattern>
-        83 EC 0C 53 56 57 FF 15 20 71 40 00 05 E8 03 00 00 BE 60 FD 41 00 89 44 24 10 B3 20 FF 15 28 70 40 00 68 00 04 00 00 FF 15 28 71 40 00 50 56 FF 15 08 71 40 00 80 3D 60 FD 41 00 22 75 08 80 C3 02 BE 61 FD 41 00 8A 06 8B 3D F0 71 40 00 84 C0 74 0F 3A C3 74 0B 56 FF D7 8B F0 8A 06 84 C0 75 F1 80 3E 00 74 05 56 FF D7 8B F0 89 74 24 14 80 3E 20 75 07 56 FF D7 8B F0 EB F4 80 3E 2F 75
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nullsoft Install System v2.0 RC2</text>
-      <pattern>
-        83 EC 10 53 55 56 57 C7 44 24 14 70 92 40 00 33 ED C6 44 24 13 20 FF 15 2C 70 40 00 55 FF 15 84 72 40 00 BE 00 54 43 00 BF 00 04 00 00 56 57 A3 A8 EC 42 00 FF 15 C4 70 40 00 E8 8D FF FF FF 8B 1D 90 70 40 00 85 C0 75 21 68 FB 03 00 00 56 FF 15 5C 71 40 00 68 68 92 40 00 56 FF D3 E8 6A FF FF FF 85 C0 0F 84 59 01 00 00 BE 20 E4 42 00 56 FF 15 68 70 40 00 68 5C 92 40 00 56 E8 B9 28 00 00 57 FF 15 BC 70 40 00 BE 00 40 43 00 50 56 FF 15 B8 70 40 00 6A 00 FF 15 44 71 40 00 80 3D 00 40 43 00 22 A3 20 EC 42 00 8B C6 75 0A C6 44 24 13 22 B8 01 40 43 00 8B 3D 18 72 40 00 EB 09 3A 4C 24 13 74 09 50 FF D7 8A 08 84 C9 75 F1 50 FF D7 8B F0 89 74 24 1C EB 05 56 FF D7 8B F0 80 3E 20 74 F6 80 3E 2F 75 44 46 80 3E 53 75 0C 8A 46 01 0C 20 3C 20 75 03 83 CD 02 81 3E 4E 43 52
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nullsoft Install System v2.0</text>
-      <pattern>
-        83 EC 0C 53 55 56 57 C7 44 24 10 70 92 40 00 33 DB C6 44 24 14 20 FF 15 2C 70 40 00 53 FF 15 84 72 40 00 BE 00 54 43 00 BF 00 04 00 00 56 57 A3 A8 EC 42 00 FF 15 C4 70 40 00 E8 8D FF FF FF 8B 2D 90 70 40 00 85 C0 75 21 68 FB 03 00 00 56 FF 15 5C 71 40 00 68 68 92 40 00 56 FF D5 E8 6A FF FF FF 85 C0 0F 84 57 01 00 00 BE 20 E4 42 00 56 FF 15 68 70 40 00 68 5C 92 40 00 56 E8 9C 28 00 00 57 FF 15 BC 70 40 00 BE 00 40 43 00 50 56 FF 15 B8 70 40 00 6A 00 FF 15 44 71 40 00 80 3D 00 40 43 00 22 A3 20 EC 42 00 75 0A C6 44 24 14 22 BE 01 40 43 00 FF 74 24 14 56 E8 8A 23 00 00 50 FF 15 80 71 40 00 8B F8 89 7C 24 18 EB 61 80 F9 20 75 06 40 80 38 20 74 FA 80 38 22 C6 44 24 14 20 75 06 40 C6 44 24 14 22 80 38 2F 75 31 40 80 38 53 75 0E 8A 48 01 80 C9 20 80 F9 20 75 03
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nullsoft Install System v2.0a0</text>
-      <pattern>
-        83 EC 0C 53 56 57 FF 15 B4 10 40 00 05 E8 03 00 00 BE E0 E3 41 00 89 44 24 10 B3 20 FF 15 28 10 40 00 68 00 04 00 00 FF 15 14 11 40 00 50 56 FF 15 10 11 40 00 80 3D E0 E3 41 00 22 75 08 80 C3 02 BE E1 E3 41 00 8A 06 8B 3D 14 12 40 00 84 C0 74 19 3A C3 74 0B 56 FF D7 8B F0 8A 06 84 C0 75 F1 80 3E 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nullsoft Install System v2.0b2, v2.0b3</text>
-      <pattern>
-        83 EC 0C 53 55 56 57 FF 15 xx 70 40 00 8B 35 xx 92 40 00 05 E8 03 00 00 89 44 24 14 B3 20 FF 15 2C 70 40 00 BF 00 04 00 00 68 xx xx xx 00 57 FF 15 xx xx 40 00 57 FF 15
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nullsoft Install System v2.0b4</text>
-      <pattern>
-        83 EC 10 53 55 56 57 C7 44 24 14 F0 91 40 00 33 ED C6 44 24 13 20 FF 15 2C 70 40 00 55 FF 15 88 72 40 00 BE 00 D4 42 00 BF 00 04 00 00 56 57 A3 60 6F 42 00 FF 15 C4 70 40 00 E8 9F FF FF FF 8B 1D 90 70 40 00 85 C0 75 21 68 FB 03 00 00 56 FF 15 60 71 40 00 68 E4 91 40 00 56 FF D3 E8 7C FF FF FF 85 C0 0F 84 59 01 00 00 BE E0 66 42 00 56 FF 15 68 70 40 00 68 D8 91 40 00 56 E8 FE 27 00 00 57 FF 15 BC 70 40 00 BE 00 C0 42 00 50 56 FF 15 B8 70 40 00 6A 00 FF 15 44 71 40 00 80 3D 00 C0 42 00 22 A3 E0 6E 42 00 8B C6 75 0A C6 44 24 13 22 B8 01 C0 42 00 8B 3D 10 72 40 00 EB 09 3A 4C 24 13 74 09 50 FF D7 8A 08 84 C9 75 F1 50 FF D7 8B F0 89 74 24 1C EB 05 56 FF D7 8B F0 80 3E 20 74 F6 80 3E 2F 75 44 46 80 3E 53 75 0C 8A 46 01 0C 20 3C 20 75 03 83 CD 02 81 3E 4E 43 52
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nullsoft Install System v2.0b4</text>
-      <pattern>
-        83 EC 14 83 64 24 04 00 53 55 56 57 C6 44 24 13 20 FF 15 30 70 40 00 BE 00 20 7A 00 BD 00 04 00 00 56 55 FF 15 C4 70 40 00 56 E8 7D 2B 00 00 8B 1D 8C 70 40 00 6A 00 56 FF D3 BF 80 92 79 00 56 57 E8 15 26 00 00 85 C0 75 38 68 F8 91 40 00 55 56 FF 15 60 71 40 00 03 C6 50 E8 78 29 00 00 56 E8 47 2B 00 00 6A 00 56 FF D3 56 57 E8 EA 25 00 00 85 C0 75 0D C7 44 24 14 58 91 40 00 E9 72 02 00 00 57 FF 15 24 71 40 00 68 EC 91 40 00 57 E8 43
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nullsoft PiMP Install System 1.x</text>
-      <pattern>
-        83 EC 0C 53 56 57 FF 15 xx xx 40 00 05 E8 03 00 00 BE xx xx xx 00 89 44 24 10 B3 20 FF 15 28 xx 40 00 68 00 04 00 00 FF 15 xx xx 40 00 50 56 FF 15 xx xx 40 00 80 3D xx xx xx 00 22 75 08 80 C3 02 BE xx xx xx 00 8A 06 8B 3D xx xx 40 00 84 C0 74 xx 3A C3 74
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nullsoft PIMP Install System v1.3x</text>
-      <pattern>
-        55 8B EC 81 EC xx xx 00 00 56 57 6A xx BE xx xx xx xx 59 8D BD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nullsoft PiMP Install System v1.x</text>
-      <pattern>
-        83 EC 0C 53 56 57 FF 15 xx xx 40 00 05 E8 03 00 00 BE xx xx xx 00 89 44 24 10 B3 20 FF 15 28 xx 40 00 68 00 04 00 00 FF 15 xx xx 40 00 50 56 FF 15 xx xx 40 00 80 3D xx xx xx 00 22 75 08 80 C3 02 BE xx xx xx 00 8A 06 8B 3D xx xx 40 00 84 C0 74 xx 3A C3 74 0B 56 FF D7 8B F0 8A 06 84 C0 75 F1 80 3E 00 74 05 56 FF D7 8B F0 89 74 24 14 xx xx xx xx xx xx xx xx xx xx xx xx 80 3E 2F
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Nullsoft PIMP Install System v1.x</text>
-      <pattern>
-        83 EC 5C 53 55 56 57 FF 15 xx xx xx 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>NX PE Packer v1.0</text>
-      <pattern>
-        FF 60 FF CA FF 00 BA DC 0D E0 40 00 50 00 60 00 70 00 80 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.2.0.0 -> Obsidium Software</text>
-      <pattern>
-        EB 02 xx xx E8 3F 1E 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.2.5.0 -> Obsidium Software</text>
-      <pattern>
-        E8 0E 00 00 00 8B 54 24 0C 83 82 B8 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.2.5.0 -> Obsidium Software</text>
-      <pattern>
-        E8 0E 00 00 00 8B 54 24 0C 83 82 B8 00 00 00 0D 33 C0 C3 64 67 FF 36 00 00 64 67 89 26 00 00 50 33 C0 8B 00 C3 E9 FA 00 00 00 E8 D5 FF FF FF 58 64 67 8F 06 00 00 83 C4 04 E8 2B 13 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.2.5.8 -> Obsidium Software</text>
-      <pattern>
-        EB 01 xx E8 29 00 00 00 EB 02 xx xx EB 01 xx 8B 54 24 0C EB 04 xx xx xx xx 83 82 B8 00 00 00 24 EB 04 xx xx xx xx 33 C0 EB 02 xx xx C3 EB 02 xx xx EB 03 xx xx xx 64 67 FF 36 00 00 EB 01 xx 64 67 89 26 00 00 EB 03 xx xx xx EB 01 xx 50 EB 03 xx xx xx 33 C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.2.5.8 -> Obsidium Software</text>
-      <pattern>
-        EB 01 xx E8 29 00 00 00 EB 02 xx xx EB 01 xx 8B 54 24 0C EB 04 xx xx xx xx 83 82 B8 00 00 00 24 EB 04 xx xx xx xx 33 C0 EB 02 xx xx C3 EB 02 xx xx EB 03 xx xx xx 64 67 FF 36 00 00 EB 01 xx 64 67 89 26 00 00 EB 03 xx xx xx EB 01 xx 50 EB 03 xx xx xx 33 C0 EB 04 xx xx xx xx 8B 00 EB 03 xx xx xx C3 EB 01 xx E9 FA 00 00 00 EB 02 xx xx E8 D5 FF FF FF EB 04 xx xx xx xx EB 03 xx xx xx EB 01 xx 58 EB 01 xx EB 02 xx xx 64 67 8F 06 00 00 EB 04 xx xx xx xx 83 C4 04 EB 01 xx E8 7B 21 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.0.0 -> Obsidium Software (h)</text>
-      <pattern>
-        EB 04 25 80 34 CA E8 29 00 00 00 EB 02 C1 81 EB 01 3A 8B 54 24 0C EB 02 32 92 83 82 B8 00 00 00 22 EB 02 F2 7F 33 C0 EB 04 65 7E 14 79 C3 EB 04 05 AD 7F 45 EB 04 05 65 0B E8 64 67 FF 36 00 00 EB 04 0D F6 A8 7F 64 67 89 26 00 00 EB 04 8D 68 C7 FB EB 01 6B
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.0.0 -> Obsidium Software</text>
-      <pattern>
-        EB 04 xx xx xx xx E8 29 00 00 00 EB 02 xx xx EB 01 xx 8B 54 24 0C EB 02 xx xx 83 82 B8 00 00 00 22 EB 02 xx xx 33 C0 EB 04 xx xx xx xx C3 EB 04 xx xx xx xx EB 04 xx xx xx xx 64 67 FF 36 00 00 EB 04 xx xx xx xx 64 67 89 26 00 00 EB 04 xx xx xx xx EB 01 xx 50 EB 03 xx xx xx 33 C0 EB 02 xx xx 8B 00 EB 01 xx C3 EB 04 xx xx xx xx E9 FA 00 00 00 EB 01 xx E8 D5 FF FF FF EB 02 xx xx EB 03 xx xx xx 58 EB 04 xx xx xx xx EB 01 xx 64 67 8F 06 00 00 EB 02 xx xx 83 C4 04 EB 02 xx xx E8 47 26 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.0.13 -> Obsidium Software</text>
-      <pattern>
-        EB 01 xx E8 26 00 00 00 EB 02 xx xx EB 02 xx xx 8B 54 24 0C EB 01 xx 83 82 B8 00 00 00 21 EB 04 xx xx xx xx 33 C0 EB 02 xx xx C3 EB 01 xx EB 04 xx xx xx xx 64 67 FF 36 00 00 EB 02 xx xx 64 67 89 26 00 00 EB 01 xx EB 03 xx xx xx 50 EB 01 xx 33 C0 EB 03
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.0.13 -> Obsidium Software</text>
-      <pattern>
-        EB 01 xx E8 26 00 00 00 EB 02 xx xx EB 02 xx xx 8B 54 24 0C EB 01 xx 83 82 B8 00 00 00 21 EB 04 xx xx xx xx 33 C0 EB 02 xx xx C3 EB 01 xx EB 04 xx xx xx xx 64 67 FF 36 00 00 EB 02 xx xx 64 67 89 26 00 00 EB 01 xx EB 03 xx xx xx 50 EB 01 xx 33 C0 EB 03 xx xx xx 8B 00 EB 02 xx xx C3 EB 02 xx xx E9 FA 00 00 00 EB 01 xx E8 D5 FF FF FF EB 03 xx xx xx EB 02 xx xx 58 EB 03 xx xx xx EB 04 xx xx xx xx 64 67 8F 06 00 00 EB 03 xx xx xx 83 C4 04 EB 03 xx xx xx E8 13 26 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.0.17 -> Obsidium software</text>
-      <pattern>
-        EB 02 xx xx E8 28 00 00 00 EB 04 xx xx xx xx EB 01 xx 8B 54 24 0C EB 01 xx 83 82 B8 00 00 00 25 EB 02 xx xx 33 C0 EB 03 xx xx xx C3 EB 03 xx xx xx EB 02 xx xx 64 67 FF 36 00 00 EB 01 xx 64 67 89 26 00 00 EB 03 xx xx xx EB 04 xx xx xx xx 50 EB 04
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.0.17 -> Obsidium software</text>
-      <pattern>
-        EB 02 xx xx E8 28 00 00 00 EB 04 xx xx xx xx EB 01 xx 8B 54 24 0C EB 01 xx 83 82 B8 00 00 00 25 EB 02 xx xx 33 C0 EB 03 xx xx xx C3 EB 03 xx xx xx EB 02 xx xx 64 67 FF 36 00 00 EB 01 xx 64 67 89 26 00 00 EB 03 xx xx xx EB 04 xx xx xx xx 50 EB 04 xx xx xx xx 33 C0 EB 02 xx xx 8B 00 EB 04 xx xx xx xx C3 EB 01 xx E9 FA 00 00 00 EB 03 xx xx xx E8 D5 FF FF FF EB 04 xx xx xx xx EB 02 xx xx 58 EB 03 xx xx xx EB 01 xx 64 67 8F 06 00 00 EB 04 xx xx xx xx 83 C4 04 EB 02 xx xx E8 4F 26 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.0.21 -> Obsidium Software</text>
-      <pattern>
-        EB 03 xx xx xx E8 2E 00 00 00 EB 04 xx xx xx xx EB 04 xx xx xx xx 8B 54 24 0C EB 04 xx xx xx xx 83 82 B8 00 00 00 23 EB 01 xx 33 C0 EB 04 xx xx xx xx C3 EB 03 xx xx xx EB 02 xx xx 64 67 FF 36 00 00 EB 01 xx 64 67 89 26 00 00 EB 02 xx xx EB 02 xx xx 50 EB 01 xx 33 C0 EB 03 xx xx xx 8B 00 EB 03 xx xx xx C3 EB 03 xx xx xx E9 FA 00 00 00 EB 04 xx xx xx xx E8 D5 FF FF FF EB 01 xx EB 01 xx 58 EB 04 xx xx xx xx EB 04 xx xx xx xx 64 67 8F 06 00 00 EB 03 xx xx xx 83 C4 04 EB 04 xx xx xx xx E8 2B 26 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.0.37 -> Obsidium Software</text>
-      <pattern>
-        EB 02 xx xx E8 26 00 00 00 EB 03 xx xx xx EB 01 xx 8B 54 24 0C EB 04 xx xx xx xx 83 82 B8 00 00 00 26 EB 01 xx 33 C0 EB 02 xx xx C3 EB 01 xx EB 04 xx xx xx xx 64 67 FF 36 00 00 EB 01 xx 64 67 89 26 00 00 EB 01 xx EB 03 xx xx xx 50 EB 03 xx xx xx 33 C0 EB 03 xx xx xx 8B 00 EB 04 xx xx xx xx C3 EB 03 xx xx xx E9 FA 00 00 00 EB 03 xx xx xx E8 D5 FF FF FF EB 04 xx xx xx xx EB 01 xx 58 EB 02 xx xx EB 03 xx xx xx 64 67 8F 06 00 00 EB 01 xx 83 C4 04 EB 03 xx xx xx E8 23 27 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.0.4 -> Obsidium Software (h)</text>
-      <pattern>
-        EB 02 xx xx E8 25 00 00 00 EB 04 xx xx xx xx EB 01 xx 8B 54 24 0C EB 01 xx 83 82 B8 00 00 00 23 EB 01 xx 33 C0 EB 02 xx xx C3 EB 02 xx xx EB 04 xx xx xx xx 64 67 FF 36 00 00 EB 03 xx xx xx 64 67 89 26 00 00 EB 02 xx xx EB 01 xx 50 EB 01 xx 33 C0 EB 01
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.1.1 -> Obsidium Software</text>
-      <pattern>
-        EB 02 xx xx E8 27 00 00 00 EB 02 xx xx EB 03 xx xx xx 8B 54 24 0C EB 01 xx 83 82 B8 00 00 00 22 EB 04 xx xx xx xx 33 C0 EB 01 xx C3 EB 02 xx xx EB 02 xx xx 64 67 FF 36 00 00 EB 04 xx xx xx xx 64 67 89 26 00 00 EB 01 xx EB 03 xx xx xx 50 EB 03 xx xx xx 33 C0 EB 01 xx 8B 00 EB 03 xx xx xx C3 EB 01 xx E9 FA 00 00 00 EB 03 xx xx xx E8 D5 FF FF FF EB 01 xx EB 03 xx xx xx 58 EB 03 xx xx xx EB 01 xx 64 67 8F 06 00 00 EB 01 xx 83 C4 04 EB 03
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.2.2 -> Obsidium Software</text>
-      <pattern>
-        EB 04 xx xx xx xx E8 2A 00 00 00 EB 03 xx xx xx EB 04 xx xx xx xx 8B 54 24 0C EB 02 xx xx 83 82 B8 00 00 00 26 EB 04 xx xx xx xx 33 C0 EB 02 xx xx C3 EB 01 xx EB 03 xx xx xx 64 67 FF 36 00 00 EB 02 xx xx 64 67 89 26 00 00 EB 02 xx xx EB 01 xx 50 EB 04 xx xx xx xx 33 C0 EB 04 xx xx xx xx 8B 00 EB 02 xx xx C3 EB 03 xx xx xx E9 FA 00 00 00 EB 04 xx xx xx xx E8 D5 FF FF FF EB 02 xx xx EB 04 xx xx xx xx 58 EB 01 xx EB 01 xx 64 67 8F 06 00 00 EB 01 xx 83 C4 04 EB 04
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.3.1 -> Obsidium Software</text>
-      <pattern>
-        EB 01 xx E8 29 00 00 00 EB 02 xx xx EB 03 xx xx xx 8B 54 24 0C EB 02 xx xx 83 82 B8 00 00 00 24 EB 04 xx xx xx xx 33 C0 EB 02 xx xx C3 EB 02 xx xx EB 02 xx xx 64 67 FF 36 00 00 EB 04 xx xx xx xx 64 67 89 26 00 00 EB 01 xx EB 02 xx xx 50 EB 01 xx 33 C0 EB 04 xx xx xx xx 8B 00 EB 03 xx xx xx C3 EB 03 xx xx xx E9 FA 00 00 00 EB 02 xx xx E8 D5 FF FF FF EB 01 xx EB 04 xx xx xx xx 58 EB 02 xx xx EB 04 xx xx xx xx 64 67 8F 06 00 00 EB 01 xx 83 C4 04 EB 02 xx xx E8 5F 27 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.3.2 -> Obsidium Software</text>
-      <pattern>
-        EB 01 xx E8 2B 00 00 00 EB 02 xx xx EB 02 xx xx 8B 54 24 0C EB 03 xx xx xx 83 82 B8 00 00 00 24 EB 04 xx xx xx xx 33 C0 EB 04 xx xx xx xx C3 EB 02 xx xx EB 01 xx 64 67 FF 36 00 00 EB 03 xx xx xx 64 67 89 26 00 00 EB 01 xx EB 02 xx xx 50 EB 02 xx xx 33 C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.3.2 -> Obsidium Software</text>
-      <pattern>
-        EB 01 xx E8 2B 00 00 00 EB 02 xx xx EB 02 xx xx 8B 54 24 0C EB 03 xx xx xx 83 82 B8 00 00 00 24 EB 04 xx xx xx xx 33 C0 EB 04 xx xx xx xx C3 EB 02 xx xx EB 01 xx 64 67 FF 36 00 00 EB 03 xx xx xx 64 67 89 26 00 00 EB 01 xx EB 02 xx xx 50 EB 02 xx xx 33 C0 EB 02 xx xx 8B 00 EB 02 xx xx C3 EB 04 xx xx xx xx E9 FA 00 00 00 EB 03 xx xx xx E8 D5 FF FF FF EB 03 xx xx xx EB 01 xx 58 EB 01 xx EB 02 xx xx 64 67 8F 06 00 00 EB 02 xx xx 83 C4 04 EB 02 xx xx E8 3B 27 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.3.3 -> Obsidium Software * Sign.By.haggar</text>
-      <pattern>
-        EB 02 xx xx E8 29 00 00 00 EB 03 xx xx xx EB 03 xx xx xx 8B 54 24 0C EB 01 xx 83 82 B8 00 00 00 28 EB 03 xx xx xx 33 C0 EB 01 xx C3 EB 04 xx xx xx xx EB 02 xx xx 64 67 FF 36 00 00 EB 04 xx xx xx xx 64 67 89 26 00 00 EB 02 xx xx EB 04 xx xx xx xx 50 EB 04 xx xx xx xx 33 C0 EB 01 xx 8B 00 EB 03 xx xx xx C3 EB 03 xx xx xx E9 FA 00 00 00 EB 03 xx xx xx E8 D5 FF FF FF EB 04 xx xx xx xx EB 04 xx xx xx xx 58 EB 01 xx EB 03 xx xx xx 64 67 8F 06 00 00 EB 04 xx xx xx xx 83 C4 04 EB 04 xx xx xx xx E8 2B 27
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.3.3 -> Obsidium Software</text>
-      <pattern>
-        EB 02 xx xx E8 29 00 00 00 EB 03 xx xx xx EB 03 xx xx xx 8B 54 24 0C EB 01 xx 83 82 B8 00 00 00 28 EB 03 xx xx xx 33 C0 EB 01 xx C3 EB 04 xx xx xx xx EB 02 xx xx 64 67 FF 36 00 00 EB 04 xx xx xx xx 64 67 89 26 00 00 EB 02 xx xx EB 04 xx xx xx xx 50 EB 04
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.3.3 -> Obsidium Software</text>
-      <pattern>
-        EB 02 xx xx E8 29 00 00 00 EB 03 xx xx xx EB 03 xx xx xx 8B xx 24 0C EB 01 xx 83 xx B8 00 00 00 28 EB 03 xx xx xx 33 C0 EB 01 xx C3 EB 04 xx xx xx xx EB 02 xx xx 64 67 FF 36 00 00 EB 04 xx xx xx xx 64 67 89 26 00 00 EB 02 xx xx EB 04 xx xx xx xx 50 EB 04 xx xx xx xx 33 C0 EB 01 xx 8B 00 EB 03 xx xx xx C3 EB 03 xx xx xx E9 FA 00 00 00 EB 03 xx xx xx E8 D5 FF FF FF EB 04 xx xx xx xx EB 04 xx xx xx xx 58 EB 01 xx EB 03 xx xx xx 64 67 8F 06 00 00 EB 04 xx xx xx xx 83 C4 04 EB 04 xx xx xx xx E8 2B 27 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.3.4 -> Obsidium Software</text>
-      <pattern>
-        EB 02 xx xx E8 29 00 00 00 EB 03 xx xx xx EB 02 xx xx 8B 54 24 0C EB 03 xx xx xx 83 82 B8 00 00 00 25 EB 02 xx xx 33 C0 EB 02 xx xx C3 EB 03 xx xx xx EB 01 xx 64 67 FF 36 00 00 EB 02 xx xx 64 67 89 26 00 00 EB 02 xx xx EB 04 xx xx xx xx 50 EB 02 xx xx 33 C0 EB 01 xx 8B 00 EB 04 xx xx xx xx C3 EB 03 xx xx xx E9 FA 00 00 00 EB 02 xx xx E8 D5 FF FF FF EB 02 xx xx EB 03 xx xx xx 58 EB 02 xx xx EB 03 xx xx xx 64 67 8F 06 00 00 EB 03
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.3.6 -> Obsidium Software</text>
-      <pattern>
-        EB 04 xx xx xx xx E8 28 00 00 00 EB 01 xx xx xx xx xx xx xx 8B 54 24 0C EB 01 xx 83 82 B8 00 00 00 26 EB 04 xx xx xx xx 33 C0 EB 01 xx C3 EB 03 xx xx xx EB 04 xx xx xx xx 64 67 FF 36 00 00 EB 04 xx xx xx xx 64 67 89 26 00 00 EB 03 xx xx xx EB 04
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.3.6 -> Obsidium Software</text>
-      <pattern>
-        EB 04 xx xx xx xx E8 28 00 00 00 EB 01 xx xx xx xx xx xx xx 8B 54 24 0C EB 01 xx 83 82 B8 00 00 00 26 EB 04 xx xx xx xx 33 C0 EB 01 xx C3 EB 03 xx xx xx EB 04 xx xx xx xx 64 67 FF 36 00 00 EB 04 xx xx xx xx 64 67 89 26 00 00 EB 03 xx xx xx EB 04 xx xx xx xx 50 EB 01 xx 33 C0 EB 02 xx xx 8B 00 EB 04 xx xx xx xx C3 EB 04 xx xx xx xx E9 FA 00 00 00 EB 03 xx xx xx E8 D5 FF FF FF EB 01 xx EB 03 xx xx xx 58 EB 02 xx xx EB 04 xx xx xx xx 64 67 8F 06 00 00 EB 04
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.3.7 (2007.06.23) -> Obsidium Software</text>
-      <pattern>
-        EB 02 xx xx E8 27 00 00 00 EB 03 xx xx xx EB 01 xx 8B 54 24 0C EB 03 xx xx xx 83 82 B8 00 00 00 23 EB 03 xx xx xx 33 C0 EB 02 xx xx C3 EB 01 xx EB 03 xx xx xx 64 67 FF 36 00 00 EB 04 xx xx xx xx 64 67 89 26 00 00 EB 01 xx EB 01 xx 50 EB 02 xx xx 33 C0 EB 01 xx 8B 00 EB 04 xx xx xx xx C3 EB 02 xx xx E9 FA 00 00 00 EB 04 xx xx xx xx E8 D5 FF FF FF EB 01 xx EB 01 xx 58 EB 04 xx xx xx xx EB 01 xx 64 67 8F 06 00 00 EB 02 xx xx 83 C4 04 EB 01 xx E8 F7 26 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.3.7 -> Obsidium Software</text>
-      <pattern>
-        EB 02 xx xx E8 2C 00 00 00 EB 04 xx xx xx xx EB 04 xx xx xx xx 8B 54 24 0C EB 02 xx xx 83 82 B8 00 00 00 27 EB 04 xx xx xx xx 33 C0 EB 02 xx xx C3 EB 02 xx xx EB 03 xx xx xx 64 67 FF 36 00 00 EB 04 xx xx xx xx 64 67 89 26 00 00 EB 03 xx xx xx EB 01 xx 50 EB 02 xx xx 33 C0 EB 02 xx xx 8B 00 EB 04 xx xx xx xx C3 EB 02 xx xx E9 FA 00 00 00 EB 04 xx xx xx xx E8 D5 FF FF FF EB 02 xx xx EB 04 xx xx xx xx 58 EB 04 xx xx xx xx EB 03 xx xx xx 64 67 8F 06 00 00 EB 01 xx 83 C4 04 EB 03 xx xx xx E8 23 27 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.3.8 -> Obsidium Software</text>
-      <pattern>
-        EB 04 xx xx xx xx E8 28 00 00 00 EB 01 xx EB 01 xx 8B 54 24 0C EB 04 xx xx xx xx 83 82 B8 00 00 00 xx EB 04 xx xx xx xx 33 C0 EB 03 xx xx xx C3 EB 01 xx EB 01 xx 64 67 FF 36 00 00 EB 03 xx xx xx 64 67 89 26 00 00 EB 02 xx xx EB 01 xx 50 EB 04
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.3.8 -> Obsidium Software</text>
-      <pattern>
-        EB 04 xx xx xx xx E8 28 00 00 00 EB 01 xx EB 01 xx 8B 54 24 0C EB 04 xx xx xx xx 83 82 B8 00 00 00 xx EB 04 xx xx xx xx 33 C0 EB 03 xx xx xx C3 EB 01 xx EB 01 xx 64 67 FF 36 00 00 EB 03 xx xx xx 64 67 89 26 00 00 EB 02 xx xx EB 01 xx 50 EB 04 xx xx xx xx 33 C0 EB 02 xx xx 8B 00 EB 03 xx xx xx C3 EB 03 xx xx xx E9 FA 00 00 00 EB 03 xx xx xx E8 D5 FF FF FF EB 02 xx xx EB 04 xx xx xx xx 58 EB 04 xx xx xx xx EB 02 xx xx 64 67 8F 06 00 00 EB 04 xx xx xx xx 83 C4 04 EB 04 xx xx xx xx E8 57 27 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.3.9 -> Obsidium Software</text>
-      <pattern>
-        EB 02 xx xx E8 29 00 00 00 EB 03 xx xx xx EB 01 xx 8B 54 24 0C EB 04 xx xx xx xx 83 82 B8 00 00 00 28 EB 02 xx xx 33 C0 EB 02 xx xx C3 EB 03 xx xx xx EB 04 xx xx xx xx 64 67 FF 36 00 00 EB 03 xx xx xx 64 67 89 26 00 00 EB 01 xx EB 01 xx 50 EB 03
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.3.9 -> Obsidium Software</text>
-      <pattern>
-        EB 02 xx xx E8 29 00 00 00 EB 03 xx xx xx EB 01 xx 8B 54 24 0C EB 04 xx xx xx xx 83 82 B8 00 00 00 28 EB 02 xx xx 33 C0 EB 02 xx xx C3 EB 03 xx xx xx EB 04 xx xx xx xx 64 67 FF 36 00 00 EB 03 xx xx xx 64 67 89 26 00 00 EB 01 xx EB 01 xx 50 EB 03 xx xx xx 33 C0 EB 03 xx xx xx 8B 00 EB 04 xx xx xx xx C3 EB 04 xx xx xx xx E9 FA 00 00 00 EB 03 xx xx xx E8 D5 FF FF FF EB 02 xx xx EB 04 xx xx xx xx 58 EB 03 xx xx xx EB 04 xx xx xx xx 64 67 8F 06 00 00 EB 03 xx xx xx 83 C4 04 EB 04 xx xx xx xx E8 CF 27 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.4.1 -> Obsidium Software</text>
-      <pattern>
-        EB 01 xx E8 2A 00 00 00 EB 04 xx xx xx xx EB 02 xx xx 8B 54 24 0C EB 03 xx xx xx 83 82 B8 00 00 00 21 EB 02 xx xx 33 C0 EB 03 xx xx xx C3 EB 02 xx xx EB 01 xx 64 67 FF 36 00 00 EB 01 xx 64 67 89 26 00 00 EB 02 xx xx EB 03 xx xx xx 50 EB 04 xx xx xx xx 33
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium 1.3.4.1 -> Obsidium Software</text>
-      <pattern>
-        EB 01 xx E8 2A 00 00 00 EB 04 xx xx xx xx EB 02 xx xx 8B 54 24 0C EB 03 xx xx xx 83 82 B8 00 00 00 21 EB 02 xx xx 33 C0 EB 03 xx xx xx C3 EB 02 xx xx EB 01 xx 64 67 FF 36 00 00 EB 01 xx 64 67 89 26 00 00 EB 02 xx xx EB 03 xx xx xx 50 EB 04 xx xx xx xx 33 C0 EB 02 xx xx 8B 00 EB 04 xx xx xx xx C3 EB 02 xx xx E9 FA 00 00 00 EB 02 xx xx E8 D5 FF FF FF EB 01 xx EB 01 xx 58 EB 03 xx xx xx EB 04 xx xx xx xx 64 67 8F 06 00 00 EB 04 xx xx xx xx 83 C4 04 EB 02 xx xx E8 C3 27 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium v1.0.0.61</text>
-      <pattern>
-        E8 AF 1C 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium v1.1.1.1</text>
-      <pattern>
-        EB 02 xx xx E8 E7 1C 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium V1.2 -> Obsidium Software</text>
-      <pattern>
-        EB 02 xx xx E8 77 1E 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium V1.2.5.8 -> Obsidium Software</text>
-      <pattern>
-        EB 01 xx E8 xx 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium V1.2.5.8-V1.3.3.X -> Obsidium Software ! Sign by fly</text>
-      <pattern>
-        EB 01 xx E8 xx 00 00 00 EB 02 xx xx EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium V1.2.X -> Obsidium Software</text>
-      <pattern>
-        E8 0E 00 00 00 33 C0 8B 54 24 0C 83 82 B8 00 00 00 0D C3 64 67 FF 36 00 00 64 67 89 26 00 00 50 33 C0 8B 00 C3 E9 FA 00 00 00 E8 D5 FF FF FF 58 64 67 8F 06 00 00 83 C4 04 E8 2B 13 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium V1.25 -> Obsidium Software</text>
-      <pattern>
-        E8 0E 00 00 00 8B 54 24 0C 83 82 B8 00 00 00 0D 33 C0 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium v1.3.0.0 -> Obsidium Software (h)</text>
-      <pattern>
-        EB 04 25 80 34 CA E8 29 00 00 00 EB 02 C1 81 EB 01 3A 8B 54 24 0C EB 02 32 92 83 82 B8 00 00 00 22 EB 02 F2 7F 33 C0 EB 04 65 7E 14 79 C3 EB 04 05 AD 7F 45 EB 04 05 65 0B E8 64 67 FF 36 00 00 EB 04 0D F6 A8 7F 64 67 89 26 00 00 EB 04 8D 68 C7 FB EB 01 6B 50 EB 03 8A 0B 93 33 C0 EB 02 28 B9 8B 00 EB 01 04 C3 EB 04 65 B3 54 0A E9 FA 00 00 00 EB 01 A2 E8 D5 FF FF FF EB 02 2B 49 EB 03 7C 3E 76 58 EB 04 B8 94 92 56 EB 01 72 64 67 8F 06 00 00 EB 02 23 72 83 C4 04 EB 02 A9 CB E8 47 26 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium V1.3.0.0 -> Obsidium Software</text>
-      <pattern>
-        EB 04 xx xx xx xx E8 29 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium V1.3.0.0 -> Obsidium Software</text>
-      <pattern>
-        EB 04 xx xx xx xx E8 29 00 00 00 EB 02 xx xx EB 01 xx 8B 54 24 0C EB 02 xx xx 83 82 B8 00 00 00 22 EB 02 xx xx 33 C0 EB 04 xx xx xx xx C3 EB 04 xx xx xx xx EB 04 xx xx xx xx 64 67 FF 36 00 00 EB 04 xx xx xx xx 64 67 89 26 00 00 EB 04 xx xx xx xx EB 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium V1.3.0.0 -> Obsidium Software</text>
-      <pattern>
-        EB 04 xx xx xx xx E8 xx 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium v1.3.0.37 -> Obsidium Software (h)</text>
-      <pattern>
-        EB 02 xx xx E8 26 00 00 00 EB 03 xx xx xx EB 01 xx 8B 54 24 0C EB 04 xx xx xx xx 83 82 B8 00 00 00 26 EB 01 xx 33 C0 EB 02 xx xx C3 EB 01 xx EB 04 xx xx xx xx 64 67 FF 36 00 00 EB 01 xx 64 67 89 26 00 00 EB 01 xx EB 03 xx xx xx 50 EB 03 xx xx xx 33 C0 EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium v1.3.0.37 -> Obsidium Software (h)</text>
-      <pattern>
-        EB 02 xx xx E8 26 00 00 00 EB 03 xx xx xx EB 01 xx 8B 54 24 0C EB 04 xx xx xx xx 83 82 B8 00 00 00 26 EB 01 xx 33 C0 EB 02 xx xx C3 EB 01 xx EB 04 xx xx xx xx 64 67 FF 36 00 00 EB 01 xx 64 67 89 26 00 00 EB 01 xx EB 03 xx xx xx 50 EB 03 xx xx xx 33 C0 EB 03 xx xx xx 8B 00 EB 04 xx xx xx xx C3 EB 03 xx xx xx E9 FA 00 00 00 EB 03 xx xx xx E8 D5 FF FF FF EB 04 xx xx xx xx EB 01 xx 58 EB 02 xx xx EB 03 xx xx xx 64 67 8F 06 00 00 EB 01 xx 83 C4 04 EB 03 xx xx xx E8 23 27
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium v1.3.0.4 -> Obsidium Software (h)</text>
-      <pattern>
-        EB 02 xx xx E8 25 00 00 00 EB 04 xx xx xx xx EB 01 xx 8B 54 24 0C EB 01 xx 83 82 B8 00 00 00 23 EB 01 xx 33 C0 EB 02 xx xx C3 EB 02 xx xx EB 04 xx xx xx xx 64 67 FF 36 00 00 EB 03 xx xx xx 64 67 89 26 00 00 EB 02 xx xx EB 01 xx 50 EB 01 xx 33 C0 EB 01 xx 8B 00 EB 01 xx C3 EB 02 xx xx E9 FA 00 00 00 EB 02 xx xx E8 D5 FF FF FF EB 03 xx xx xx EB 04 xx xx xx xx 58 EB 02 xx xx EB 04 xx xx xx xx 64 67 8F 06 00 00 EB 03 xx xx xx 83 C4 04 EB 01 xx E8 3B 26 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium V1.3.0.4 -> Obsidium Software</text>
-      <pattern>
-        EB 02 xx xx E8 xx 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium V1.3.0.X -> Obsidium Software ! Sign by fly</text>
-      <pattern>
-        EB 03 xx xx xx E8 2E 00 00 00 EB 04 xx xx xx xx EB 04 xx xx xx xx 8B xx xx xx EB 04 xx xx xx xx 83 xx xx xx xx xx xx EB 01 xx 33 C0 EB 04 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium V1.3.1.1 -> Obsidium Software</text>
-      <pattern>
-        EB 02 xx xx E8 27 00 00 00 EB 02 xx xx EB 03 xx xx xx 8B 54 24 0C EB 01 xx 83 82 B8 00 00 00 22 EB 04 xx xx xx xx 33 C0 EB 01 xx C3 EB 02 xx xx EB 02 xx xx 64 67 FF 36 00 00 EB 04 xx xx xx xx 64 67 89 26 00 00 EB 01 xx EB 03 xx xx xx 50 EB 03 xx xx xx 33
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium V1.3.2.2 -> Obsidium Software</text>
-      <pattern>
-        EB 04 xx xx xx xx E8 2A 00 00 00 EB 03 xx xx xx EB 04 xx xx xx xx 8B 54 24 0C EB 02 xx xx 83 82 B8 00 00 00 26 EB 04 xx xx xx xx 33 C0 EB 02 xx xx C3 EB 01 xx EB 03 xx xx xx 64 67 FF 36 00 00 EB 02 xx xx 64 67 89 26 00 00 EB 02 xx xx EB 01 xx 50 EB 04
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium v1.3.3.1 -> Obsidium Software (h)</text>
-      <pattern>
-        EB 01 xx E8 29 00 00 00 EB 02 xx xx EB 03 xx xx xx 8B 54 24 0C EB 02 xx xx 83 82 B8 00 00 00 24 EB 04 xx xx xx xx 33 C0 EB 02 xx xx C3 EB 02 xx xx EB 02 xx xx 64 67 FF 36 00 00 EB 04 xx xx xx xx 64 67 89 26 00 00 EB 01 xx EB 02 xx xx 50 EB 01 xx 33 C0 EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium V1.3.3.3 -> Obsidium Software</text>
-      <pattern>
-        EB 02 xx xx E8 29 00 00 00 EB 03 xx xx xx EB 03 xx xx xx 8B xx 24 0C EB 01 xx 83 xx B8 00 00 00 28 EB 03 xx xx xx 33 C0 EB 01 xx C3 EB 04 xx xx xx xx EB 02 xx xx 64 67 FF 36 00 00 EB 04 xx xx xx xx 64 67 89 26 00 00 EB 02 xx xx EB 04 xx xx xx xx 50 EB 04
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium V1.3.3.4 -> Obsidium Software</text>
-      <pattern>
-        EB 02 xx xx E8 29 00 00 00 EB 03 xx xx xx EB 02 xx xx 8B 54 24 0C EB 03 xx xx xx 83 82 B8 00 00 00 25 EB 02 xx xx 33 C0 EB 02 xx xx C3 EB 03 xx xx xx EB 01 xx 64 67 FF 36 00 00 EB 02 xx xx 64 67 89 26 00 00 EB 02 xx xx EB 04 xx xx xx xx 50 EB 02 xx xx 33
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium V1.3.3.7 -> Obsidium Software</text>
-      <pattern>
-        EB 02 xx xx E8 2C 00 00 00 EB 04 xx xx xx xx EB 04 xx xx xx xx 8B 54 24 0C EB 02 xx xx 83 82 B8 00 00 00 27 EB 04 xx xx xx xx 33 C0 EB 02 xx xx C3 EB 02 xx xx EB 03 xx xx xx 64 67 FF 36 00 00 EB 04 xx xx xx xx 64 67 89 26 00 00 EB 03 xx xx xx EB 01 xx 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium V1.3.4.2 -> Obsidium Software Sign.By.fly</text>
-      <pattern>
-        EB 02 xx xx E8 26 00 00 00 EB 03 xx xx xx EB 01 xx 8B 54 24 0C EB 02 xx xx 83 82 B8 00 00 00 24 EB 03 xx xx xx 33 C0 EB 01 xx C3 EB 02 xx xx EB 02 xx xx 64 67 FF 36 00 00 EB 03 xx xx xx 64 67 89 26 00 00 EB 03 xx xx xx EB 03 xx xx xx 50 EB 04 xx xx xx xx 33 C0 EB 03 xx xx xx 8B 00 EB 03 xx xx xx C3 EB 03 xx xx xx E9 FA 00 00 00 EB 03 xx xx xx E8 D5 FF FF FF EB 01 xx EB 03 xx xx xx 58 EB 04 xx xx xx xx EB 04 xx xx xx xx 64 67 8F 06 00 00 EB 04 xx xx xx xx 83 C4 04 EB 01 xx E8 C3 27 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsidium V1.3.5.0 -> Obsidium Software</text>
-      <pattern>
-        EB 03 xx xx xx E8 xx xx xx xx EB 02 xx xx EB 04 xx xx xx xx 8B 54 24 0C EB 04 xx xx xx xx 83 82 B8 00 00 00 20 EB 03 xx xx xx 33 C0 EB 01 xx C3 EB 02 xx xx EB 03 xx xx xx 64 67 FF 36 00 00 EB 03 xx xx xx 64 67 89 26 00 00 EB 01 xx EB 04 xx xx xx xx 50 EB 04 xx xx xx xx 33 C0 EB 04 xx xx xx xx 8B 00 EB 03 xx xx xx C3 EB 02 xx xx E9 FA 00 00 00 EB 01 xx E8 xx xx xx xx EB 01 xx EB 02 xx xx 58 EB 04 xx xx xx xx EB 02 xx xx 64 67 8F 06 00 00 EB 02 xx xx 83 C4 04 EB 01 xx E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Obsiduim 1.3.0.4 -> Obsiduim Software</text>
-      <pattern>
-        EB 02 xx xx E8 25 00 00 00 EB 04 xx xx xx xx EB 01 xx 8B 54 24 0C EB 01 xx 83 82 B8 00 00 00 23 EB 01 xx 33 C0 EB 02 xx xx C3 EB 02 xx xx EB 04 xx xx xx xx 64 67 FF 36 00 00 EB 03 xx xx xx 64
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ocBat2Exe 1.0 -> OC</text>
-      <pattern>
-        55 8B EC B9 08 00 00 00 6A 00 6A 00 49 75 F9 53 56 57 B8 58 3C 40 00 E8 6C FA FF FF 33 C0 55 68 8A 3F 40 00 64 FF 30 64 89 20 6A 00 6A 00 6A 03 6A 00 6A 01 68 00 00 00 80 8D 55 EC 33 C0 E8 81 E9 FF FF 8B 45 EC E8 41 F6 FF FF 50 E8 F3 FA FF FF 8B F8 83 FF FF 0F 84 83 02 00 00 6A 02 6A 00 6A EE 57 E8 FC FA FF FF 6A 00 68 60 99 4F 00 6A 12 68 18 57 40 00 57 E8 E0 FA FF FF 83 3D 60 99 4F 00 12 0F 85 56 02 00 00 8D 45 E4 50 8D 45 E0 BA 18 57 40 00 B9 40 42 0F 00 E8 61 F4 FF FF 8B 45 E0 B9 12 00 00 00 BA 01 00 00 00 E8 3B F6 FF FF 8B 45 E4 8D 55 E8 E8 04 FB xx xx xx xx E8 B8 58 99 4F 00 E8 67 F3 FF FF 33 C0 A3 60 99 4F 00 8D 45 DC 50 B9 05 00 00 00 BA 01 00 00 00 A1 58 99 4F 00 E8 04 F6 FF FF 8B 45 DC BA A4 3F 40 00 E8 E3 F4 FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Open Source Code Crypter -> p0ke</text>
-      <pattern>
-        55 8B EC B9 09 00 00 00 6A 00 6A 00 49 75 F9 53 56 57 B8 34 44 40 00 E8 28 F8 FF FF 33 C0 55 68 9F 47 40 00 64 FF 30 64 89 20 BA B0 47 40 00 B8 1C 67 40 00 E8 07 FD FF FF 8B D8 85 DB 75 07 6A 00 E8 C2 F8 FF FF BA 28 67 40 00 8B C3 8B 0D 1C 67 40 00 E8 F0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Open Source Code Crypter -> p0ke</text>
-      <pattern>
-        55 8B EC B9 09 00 00 00 6A 00 6A 00 49 75 F9 53 56 57 B8 34 44 40 00 E8 28 F8 FF FF 33 C0 55 68 9F 47 40 00 64 FF 30 64 89 20 BA B0 47 40 00 B8 1C 67 40 00 E8 07 FD FF FF 8B D8 85 DB 75 07 6A 00 E8 C2 F8 FF FF BA 28 67 40 00 8B C3 8B 0D 1C 67 40 00 E8 F0 E0 FF FF BE 01 00 00 00 B8 2C 68 40 00 E8 E1 F0 FF FF BF 0A 00 00 00 8D 55 EC 8B C6 E8 92 FC FF FF 8B 4D EC B8 2C 68 40 00 BA BC 47 40 00 E8 54 F2 FF FF A1 2C 68 40 00 E8 52 F3 FF FF 8B D0 B8 20 67 40 00 E8 A2 FC FF FF 8B D8 85 DB 0F 84 52 02 00 00 B8 24 67 40 00 8B 15 20 67 40 00 E8 78 F4 FF FF B8 24 67 40 00 E8 7A F3 FF FF 8B D0 8B C3 8B 0D 20 67 40 00 E8 77 E0 FF FF 8D 55 E8 A1 24 67 40 00 E8 42 FD FF FF 8B 55 E8 B8 24 67 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ORiEN 2.11 (DEMO)</text>
-      <pattern>
-        E9 5D 01 00 00 CE D1 CE CE 0D 0A 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 0D 0A 2D 20 4F 52 69 45 4E 20 65 78 65 63 75 74 61 62 6C 65 20 66 69 6C 65 73 20 70 72 6F
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ORiEN 2.11 - 2.12 -> Fisun Alexander</text>
-      <pattern>
-        E9 5D 01 00 00 CE D1 CE xx 0D 0A 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 0D 0A 2D 20 4F 52 69 45 4E 20 65 78 65 63 75 74 61 62 6C 65 20 66 69 6C 65 73 20 70 72 6F
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ORiEN V1.X-V2.X -> Fisun A.V. ! Sign by fly</text>
-      <pattern>
-        4F 52 69 45 4E 20 65 78 65 63 75 74 61 62 6C 65 20 66 69 6C 65 73 20 70 72 6F 74 65 63 74 69 6F 6E 20 73 79 73 74 65 6D
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ORiEN v2.11 (DEMO)</text>
-      <pattern>
-        E9 5D 01 00 00 CE D1 CE CE 0D 0A 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 0D 0A 2D 20 4F 52 69 45 4E 20 65 78 65 63 75 74 61 62 6C 65 20 66 69 6C 65 73 20 70 72 6F 74 65 63 74 69 6F 6E 20 73 79 73 74 65 6D 20 2D 0D 0A 2D 2D 2D 2D 2D 2D 20 43 72 65 61 74 65 64 20 62 79 20 41 2E 20 46 69 73 75 6E 2C 20 31 39 39 34 2D 32 30 30 33 20 2D 2D 2D 2D 2D 2D 0D 0A 2D 2D 2D 2D 2D 2D 2D 20 57 57 57 3A 20 68 74 74 70 3A 2F 2F 7A 61 6C 65 78 66 2E 6E 61 72 6F 64 2E 72 75 2F 20 2D 2D 2D 2D 2D 2D 2D 0D 0A 2D 2D 2D 2D 2D 2D 2D 2D 20 65 2D 6D 61 69 6C 3A 20 7A 61 6C 65 78 66 40 68 6F 74 6D 61 69 6C 2E 72 75 20 2D 2D 2D 2D 2D 2D 2D 2D 2D 0D 0A 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ORiEN v2.11 - 2.12 -> Fisun Alexander</text>
-      <pattern>
-        E9 5D 01 00 00 CE D1 CE xx 0D 0A 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 0D 0A 2D 20 4F 52 69 45 4E 20 65 78 65 63 75 74 61 62 6C 65 20 66 69 6C 65 73 20 70 72 6F 74 65 63 74 69 6F 6E 20 73 79 73 74 65 6D 20 2D 0D 0A 2D 2D 2D 2D 2D 2D 20 43 72 65 61 74 65 64 20 62 79 20 41 2E 20 46 69 73 75 6E 2C 20 31 39 39 34 2D 32 30 30 33 20 2D 2D 2D 2D 2D 2D 0D 0A 2D 2D 2D 2D 2D 2D 2D 20 57 57 57 3A 20 68 74 74 70 3A 2F 2F 7A 61 6C 65 78 66 2E 6E 61 72 6F 64 2E 72 75 2F 20 2D 2D 2D 2D 2D 2D 2D 0D 0A 2D 2D 2D 2D 2D 2D 2D 2D 20 65 2D 6D 61 69 6C 3A 20 7A 61 6C 65 78 66 40 68 6F 74 6D 61 69 6C 2E 72 75 20 2D 2D 2D 2D 2D 2D 2D 2D 2D 0D 0A 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ORiEN V2.12 -> Fisun A.V.</text>
-      <pattern>
-        E9 5D 01 00 00 CE D1 CE CD 0D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pack Master v1.0</text>
-      <pattern>
-        60 E8 01 00 00 00 E8 83 C4 04 E8 01 00 00 00 E9 5D 81 ED D3 22 40 00 E8 04 02 00 00 E8 EB 08 EB 02 CD 20 FF 24 24 9A 66 BE 47 46
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pack Master v1.0</text>
-      <pattern>
-        60 E8 01 xx xx xx E8 83 C4 04 E8 01 xx xx xx E9 5D 81 ED D3 22 40 xx E8 04 02 xx xx E8 EB 08 EB 02 CD 20 FF 24 24 9A 66 BE 47 46
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Packanoid -> Arkanoid</text>
-      <pattern>
-        BF 00 10 40 00 BE xx xx xx 00 E8 9D 00 00 00 B8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Packanoid 1.0 -> ackanoid</text>
-      <pattern>
-        BF 00 xx 40 00 BE xx xx xx 00 E8 9D 00 00 00 B8 xx xx xx 00 8B 30 8B 78 04 BB xx xx xx 00 8B 43 04 91 E3 1F 51 FF D6 56 96 8B 13 8B 02 91 E3 0D 52 51 56 FF D7 5A 89 02 83 C2 04 EB EE 83 C3 08 5E EB DB B9 xx xx 00 00 BE 00 xx xx 00 EB 01 00 BF xx xx xx 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Packanoid 1.0 -> ackanoid</text>
-      <pattern>
-        BF 00 xx 40 00 BE xx xx xx 00 E8 9D 00 00 00 B8 xx xx xx 00 8B 30 8B 78 04 BB xx xx xx 00 8B 43 04 91 E3 1F 51 FF D6 56 96 8B 13 8B 02 91 E3 0D 52 51 56 FF D7 5A 89 02 83 C2 04 EB EE 83 C3 08 5E EB DB B9 xx xx 00 00 BE 00 xx xx 00 EB 01 00 BF xx xx xx 00 EB 21 00 xx xx 00 00 xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 00 00 C0 00 F3 A4 E9 xx xx xx 00 00 xx xx 00 00 xx xx 00 xx xx xx 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 00 00 C0 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 FC B2 80 31 DB A4 B3 02 E8 6D 00 00 00 73 F6 31 C9 E8 64 00 00 00 73 1C 31 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00 10 C0 73 F7 75 3F AA EB D4 E8 4D 00 00 00 29 D9 75 10 E8 42 00 00 00 EB 28 AC D1 E8 74 4D 11 C9 EB 1C 91 48 C1 E0 08 AC E8 2C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Packanoid v1 -> Arkanoid</text>
-      <pattern>
-        BF xx xx xx xx BE xx xx xx xx E8 9D 00 00 00 B8 xx xx xx xx 8B 30 8B 78 04 BB xx xx xx xx 8B 43 04 91 E3 1F 51 FF D6 56 96 8B 13 8B 02 91 E3 0D 52 51 56 FF D7 5A 89 02 83 C2 04 EB EE 83 C3 08
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Packed with? PKLITE v1.50 with CRC check (1)</text>
-      <pattern>
-        1F B4 09 BA xx xx CD 21 B8 xx xx CD 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PackItBitch 1.0 -> archphase</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 00 00 00 00 28 xx xx xx 35 xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 44 4C 4C 00 41 xx xx xx 50 xx xx xx 00 00 00 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 xx xx xx xx xx xx xx 79 xx xx xx 7D xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PackItBitch V1.0-> archphase ! Sign by fly</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 44 4C 4C 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 xx 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PackItBitch V1.0-> archphase</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 44 4C 4C 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 47 65 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Packman 0.0.0.1 -> bubba</text>
-      <pattern>
-        60 E8 00 00 00 00 58 8D A8 xx FE FF FF 8D 98 xx xx xx FF 8D xx xx 01 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Packman 0.0.0.1 -> Bubbasoft (h)</text>
-      <pattern>
-        0F 85 xx FF FF FF 8D B3 xx xx xx xx EB 3D 8B 46 0C 03 C3 50 FF 55 00 56 8B 36 0B F6 75 02 8B F7 03 F3 03 FB EB 1B D1 C1 D1 E9 73 05 0F B7 C9 EB 05 03 CB 8D 49 02 50 51 50 FF 55 04 AB 58 83 C6 04 8B 0E 85 C9 75 DF 5E 83 C6 14 8B 7E 10 85 FF 75 BC 8D 8B 00 00 xx xx B8 00 xx xx 00 0B C0 74 34 03 C3 EB 2A 8D 70 08 03 40 04 33 ED 33 D2 66 8B 2E 66 0F A4 EA 04 80 FA 03 75 0D 81 E5 FF 0F 00 00 03 EF 03 EB 01 4D 00 46 46 3B F0 75 DC 8B 38 85 FF 75 D0 61 E9 xx FE FF FF 02 D2 75 05 8A 16 46 12 D2 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Packman 0.0.0.1 -> Bubbasoft</text>
-      <pattern>
-        0F 85 xx FF FF FF 8D B3 xx xx xx xx EB 3D 8B 46 0C 03 C3 50 FF 55 00 56 8B 36 0B F6 75 02 8B F7 03 F3 03 FB EB 1B D1 C1 D1 E9 73 05 0F B7 C9 EB 05 03 CB 8D 49 02 50 51 50 FF 55 04 AB 58 83 C6 04 8B 0E 85 C9 75 DF 5E 83 C6 14 8B 7E 10 85 FF 75 BC 8D 8B 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Packman Executable Image Packer 0.0.0.1 -> bubba</text>
-      <pattern>
-        60 E8 00 00 00 00 58 8D A8 xx xx FF FF 8D 98 xx xx xx FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Packman V0.0.0.1 -> Bubbasoft</text>
-      <pattern>
-        60 E8 00 00 00 00 58 8D xx xx xx xx xx 8D xx xx xx xx xx 8D xx xx xx xx xx 8D xx xx 48
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Packman V1.0 -> Brandon LaCombe</text>
-      <pattern>
-        60 E8 00 00 00 00 5B 8D 5B C6 01 1B 8B 13 8D 73 14 6A 08 59 01 16 AD 49 75 FA
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Packman v1.0 -> Brandon LaCombe</text>
-      <pattern>
-        60 E8 00 00 00 00 5B 8D 5B C6 01 1B 8B 13 8D 73 14 6A 08 59 01 16 AD 49 75 FA 8B E8 C6 06 E9 8B 43 0C 89 46 01 6A 04 68 00 10 00 00 FF 73 08 51 FF 55 08 8B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PACKWIN v1.01p</text>
-      <pattern>
-        8C C0 FA 8E D0 BC xx xx FB 06 0E 1F 2E xx xx xx xx 8B F1 4E 8B FE 8C DB 2E xx xx xx xx 8E C3 FD F3 A4 53 B8 xx xx 50 CB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PAK-SFX Archive</text>
-      <pattern>
-        55 8B EC 83 xx xx A1 xx xx 2E xx xx xx 2E xx xx xx xx xx 8C D7 8E C7 8D xx xx BE xx xx FC AC 3C 0D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PassEXE v2.0</text>
-      <pattern>
-        06 1E 0E 0E 07 1F BE xx xx B9 xx xx 87 14 81 xx xx xx EB xx C7 xx xx xx 84 00 87 xx xx xx FB 1F 58 4A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PassLock 2000 1.0 (Eng) -> Moonlight-Software</text>
-      <pattern>
-        55 8B EC 53 56 57 BB 00 50 40 00 66 2E F7 05 34 20 40 00 04 00 0F 85 98 00 00 00 E8 1F 01 00 00 C7 43 60 01 00 00 00 8D 83 E4 01 00 00 50 FF 15 F0 61 40 00 83 EC 44 C7 04 24 44 00 00 00 C7 44 24 2C 00 00 00 00 54 FF 15 E8 61 40 00 B8 0A 00 00 00 F7 44 24
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PassLock 2000 v1.0 (Eng) -> Moonlight-Software</text>
-      <pattern>
-        55 8B EC 53 56 57 BB 00 50 40 00 66 2E F7 05 34 20 40 00 04 00 0F 85 98 00 00 00 E8 1F 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PassLock 2000 v1.0 (Eng) -> Moonlight-Software</text>
-      <pattern>
-        55 8B EC 53 56 57 BB 00 50 40 00 66 2E F7 05 34 20 40 00 04 00 0F 85 98 00 00 00 E8 1F 01 00 00 C7 43 60 01 00 00 00 8D 83 E4 01 00 00 50 FF 15 F0 61 40 00 83 EC 44 C7 04 24 44 00 00 00 C7 44 24 2C 00 00 00 00 54 FF 15 E8 61 40 00 B8 0A 00 00 00 F7 44 24 2C 01 00 00 00 74 05 0F B7 44 24 30 83 C4 44 89 43 56 FF 15 D0 61 40 00 E8 9E 00 00 00 89 43 4C FF 15 D4 61 40 00 89 43 48 6A 00 FF 15 E4 61 40 00 89 43 5C E8 F9 00 00 00 E8 AA 00 00 00 B8 FF 00 00 00 72 0D 53 E8 96 00 00 00 5B FF 4B 10 FF 4B 18 5F 5E 5B 5D 50 FF 15 C8 61 40 00 C3 83 7D 0C 01 75 3F E8 81 00 00 00 8D 83 E4 01 00 00 50 FF 15 F0 61 40 00 FF 15 D0 61 40 00 E8 3A 00 00 00 89 43 4C FF 15 D4 61 40 00 89 43 48 8B 45 08 89 43 5C E8 9A 00 00 00 E8 4B 00 00 00 72 11 66 FF 43 5A 8B 45 0C 89 43 60 53
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Password Protector (c) MiniSoft 1992</text>
-      <pattern>
-        06 0E 0E 07 1F E8 00 00 5B 83 EB 08 BA 27 01 03 D3 E8 3C 02 BA EA
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Password Protector for the UPX 0.30 -> g0d</text>
-      <pattern>
-        C8 50 01 00 60 E8 EC 00 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 55 53 45 52 33 32 2E 64 6C 6C 00 44 69 61 6C 6F 67 42 6F 78 49 6E 64 69 72 65 63 74 50 61 72 61 6D 41 00 53 65 6E 64 4D 65 73 73 61 67 65 41 00 45 6E 64 44 69 61 6C 6F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Password protector my SMT</text>
-      <pattern>
-        E8 xx xx xx xx 5D 8B FD 81 xx xx xx xx xx 81 xx xx xx xx xx 83 xx xx 89 xx xx xx xx xx 8D xx xx xx xx xx 8D xx xx xx xx xx 46 80 xx xx 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Patch Creation Wizard 1.2 Byte Patch</text>
-      <pattern>
-        E8 7F 03 00 00 6A 00 E8 24 03 00 00 A3 B8 33 40 00 6A 00 68 29 10 40 00 6A 00 6A 01 50 E8 2C 03 00 00 6A 00 E8 EF 02 00 00 55 8B EC 56 51 57 8B 45 0C 98 3D 10 01 00 00 0F 85 C1 00 00 00 6A 01 FF 35 B8 33 40 00 E8 1B 03 00 00 50 6A 01 68 80 00 00 00 FF 75
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Patch Creation Wizard 1.2 Memory Patch</text>
-      <pattern>
-        6A 00 E8 9B 02 00 00 A3 7A 33 40 00 6A 00 68 8E 10 40 00 6A 00 6A 01 50 E8 B5 02 00 00 68 5A 31 40 00 68 12 31 40 00 6A 00 6A 00 6A 04 6A 01 6A 00 6A 00 68 A2 30 40 00 6A 00 E8 51 02 00 00 85 C0 74 31 FF 35 62 31 40 00 6A 00 6A 30 E8 62 02 00 00 E8 0B 01
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Patch Creation Wizard 1.2 Seek and Destroy Patch</text>
-      <pattern>
-        E8 C5 05 00 00 6A 00 E8 5E 05 00 00 A3 CE 39 40 00 6A 00 68 29 10 40 00 6A 00 6A 01 50 E8 72 05 00 00 6A 00 E8 2F 05 00 00 55 8B EC 56 51 57 8B 45 0C 98 3D 10 01 00 00 0F 85 C1 00 00 00 6A 01 FF 35 CE 39 40 00 E8 61 05 00 00 50 6A 01 68 80 00 00 00 FF 75
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Patch Creation Wizard v1.2 Byte Patch</text>
-      <pattern>
-        E8 7F 03 00 00 6A 00 E8 24 03 00 00 A3 B8 33 40 00 6A 00 68 29 10 40 00 6A 00 6A 01 50 E8 2C 03 00 00 6A 00 E8 EF 02 00 00 55 8B EC 56 51 57 8B 45 0C 98 3D 10 01 00 00 0F 85 C1 00 00 00 6A 01 FF 35 B8 33 40 00 E8 1B 03 00 00 50 6A 01 68 80 00 00 00 FF 75 08 E8 1D 03 00 00 68 5F 30 40 00 6A 65 FF 75 08 E8 14 03 00 00 68 B0 30 40 00 6A 67 FF 75 08 E8 05 03 00 00 68 01 31 40 00 6A 66 FF 75 08 E8 F6 02 00 00 6A 00 FF 75 08 E8 C8 02 00 00 A3 B4 33 40 00 C7 05 BC 33 40 00 2C 00 00 00 C7 05 C0 33 40 00 10 00 00 00 C7 05 C4 33 40 00 00 08 00 00 68 BC 33 40 00 6A 01 6A FF FF 35 B4 33 40 00 E8 97 02 00 00 C7 05 C4 33 40 00 00 00 00 00 C7 05 E0 33 40 00 00 30 40 00 C7 05 E4 33 40 00 01 00 00 00 68 BC 33 40 00 6A 01 6A FF FF 35 B4 33 40 00 E8 65 02 00 00 EB 5F EB 54
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Patch Creation Wizard v1.2 Memory Patch</text>
-      <pattern>
-        6A 00 E8 9B 02 00 00 A3 7A 33 40 00 6A 00 68 8E 10 40 00 6A 00 6A 01 50 E8 B5 02 00 00 68 5A 31 40 00 68 12 31 40 00 6A 00 6A 00 6A 04 6A 01 6A 00 6A 00 68 A2 30 40 00 6A 00 E8 51 02 00 00 85 C0 74 31 FF 35 62 31 40 00 6A 00 6A 30 E8 62 02 00 00 E8 0B 01 00 00 FF 35 5A 31 40 00 E8 22 02 00 00 FF 35 5E 31 40 00 E8 53 02 00 00 6A 00 E8 22 02 00 00 6A 10 68 F7 30 40 00 68 FE 30 40 00 6A 00 E8 63 02 00 00 6A 00 E8 08 02 00 00 55 8B EC 56 51 57 8B 45 0C 98 3D 10 01 00 00 75 6B 6A 01 FF 35 7A 33 40 00 E8 38 02 00 00 50 6A 01 68 80 00 00 00 FF 75 08 E8 34 02 00 00 68 00 30 40 00 6A 65 FF 75 08 E8 2B 02 00 00 68 51 30 40 00 6A 67 FF 75 08 E8 1C 02 00 00 68 A2 30 40 00 6A 66 FF 75 08 E8 0D 02 00 00 8B 45 08 A3 7E 33 40 00 68 3B 11 40 00 68 E8 03 00 00 68 9A 02 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Patch Creation Wizard v1.2 Seek and Destroy Patch</text>
-      <pattern>
-        E8 C5 05 00 00 6A 00 E8 5E 05 00 00 A3 CE 39 40 00 6A 00 68 29 10 40 00 6A 00 6A 01 50 E8 72 05 00 00 6A 00 E8 2F 05 00 00 55 8B EC 56 51 57 8B 45 0C 98 3D 10 01 00 00 0F 85 C1 00 00 00 6A 01 FF 35 CE 39 40 00 E8 61 05 00 00 50 6A 01 68 80 00 00 00 FF 75 08 E8 63 05 00 00 68 5F 30 40 00 6A 65 FF 75 08 E8 5A 05 00 00 68 B0 30 40 00 6A 67 FF 75 08 E8 4B 05 00 00 68 01 31 40 00 6A 66 FF 75 08 E8 3C 05 00 00 6A 00 FF 75 08 E8 0E 05 00 00 A3 CA 39 40 00 C7 05 D2 39 40 00 2C 00 00 00 C7 05 D6 39 40 00 10 00 00 00 C7 05 DA 39 40 00 00 08 00 00 68 D2 39 40 00 6A 01 6A FF FF 35 CA 39 40 00 E8 DD 04 00 00 C7 05 DA 39 40 00 00 00 00 00 C7 05 F6 39 40 00 00 30 40 00 C7 05 FA 39 40 00 01 00 00 00 68 D2 39 40 00 6A 01 6A FF FF 35 CA 39 40 00 E8 AB 04 00 00 EB 5F EB 54
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PAV.Cryptor (Pawning AntiVirus Cryptor) -> masha_dev</text>
-      <pattern>
-        53 56 57 55 BB 2C xx xx 70 BE 00 30 00 70 BF 20 xx xx 70 80 7B 28 00 75 16 83 3F 00 74 11 8B 17 89 D0 33 D2 89 17 8B E8 FF D5 83 3F 00 75 EF 83 3D 04 30 00 70 00 74 06 FF 15 54 30 00 70 80 7B 28 02 75 0A 83 3E 00 75 05 33 C0 89 43 0C FF 15 1C 30 00 70 80 7B 28 01 76 05 83 3E 00 74 22 8B 43 10 85 C0 74 1B FF 15 14 30 00 70 8B 53 10 8B 42 10 3B 42 04 74 0A 85 C0 74 06 50 E8 8F FA FF FF FF 15 20 30 00 70 80 7B 28 01 75 03 FF 53 24 80 7B 28 00 74 05 E8 35 FF FF FF 83 3B 00 75 17 83 3D 10 xx xx 70 00 74 06 FF 15 10 xx xx 70 8B 06 50 E8 A9 FA FF FF 8B 03 56 8B F0 8B FB B9 0B 00 00 00 F3 A5 5E E9 73 FF FF FF 5D 5F 5E 5B C3 A3 00 30 00 70 E8 26 FF FF FF C3 90 8F 05 04 30 00 70 E9 E9 FF FF FF C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PC Guard for Win32 5.00 -> SofPro/Blagoje Ceklic (h)</text>
-      <pattern>
-        FC 55 50 E8 00 00 00 00 5D 60 E8 03 00 00 00 83 EB 0E EB 01 0C 58 EB 01 35 40 EB 01 36 FF E0 0B 61 B8 xx xx xx 00 EB 01 E3 60 E8 03 00 00 00 D2 EB 0B 58 EB 01 48 40 EB 01 35 FF E0 E7 61 2B E8 9C EB 01 D5 9D EB 01 0B 58 60 E8 03 00 00 00 83 EB 0E EB 01 0C
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PC Guard for Win32 v5.00 -> SofPro/Blagoje Ceklic (h)</text>
-      <pattern>
-        FC 55 50 E8 00 00 00 00 5D 60 E8 03 00 00 00 83 EB 0E EB 01 0C 58 EB 01 35 40 EB 01 36 FF E0 0B 61 B8 xx xx xx 00 EB 01 E3 60 E8 03 00 00 00 D2 EB 0B 58 EB 01 48 40 EB 01 35 FF E0 E7 61 2B E8 9C EB 01 D5 9D EB 01 0B 58 60 E8 03 00 00 00 83 EB 0E EB 01 0C 58 EB 01 35 40 EB 01 36 FF E0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PC PE Encryptor Alpha preview</text>
-      <pattern>
-        53 51 52 56 57 55 E8 00 00 00 00 5D 8B CD 81 ED 33 30 40 xx 2B 8D EE 32 40 00 83 E9 0B 89 8D F2 32 40 xx 80 BD D1 32 40 xx 01 0F 84
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PC Shrinker v0.20</text>
-      <pattern>
-        E8 E8 01 xx xx 60 01 AD B3 27 40 xx 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PC Shrinker v0.29</text>
-      <pattern>
-        xx BD xx xx xx xx 01 AD 55 39 40 xx 8D B5 35 39 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PC Shrinker v0.45</text>
-      <pattern>
-        xx BD xx xx xx xx 01 AD E3 38 40 xx FF B5 DF 38 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PC Shrinker v0.71</text>
-      <pattern>
-        9C 60 BD xx xx xx xx 01 AD 54 3A 40 xx FF B5 50 3A 40 xx 6A 40 FF 95 88 3A 40 xx 50 50 2D xx xx xx xx 89 85
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PC-Guard 5.00d</text>
-      <pattern>
-        FC 55 50 E8 00 00 00 00 5D 60 E8 03 00 00 00 83 EB 0E EB 01 0C 58 EB 01 35 40 EB 01 36 FF E0 0B 61 B8 30 D2 40 00 EB 01 E3 60 E8 03 00 00 00 D2 EB 0B 58 EB 01 48 40 EB 01 35 FF E0 E7 61 2B E8 9C EB 01 D5 9D EB 01 0B 58 60 E8 03 00 00 00 83 EB 0E EB 01 0C
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PC-Guard v3.03d, v3.05d</text>
-      <pattern>
-        55 50 E8 xx xx xx xx 5D EB 01 E3 60 E8 03 xx xx xx D2 EB 0B 58 EB 01 48 40 EB 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PC-Guard v4.05d, v4.10d, v4.15d</text>
-      <pattern>
-        FC 55 50 E8 00 00 00 00 5D EB 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PC-Guard v5.00d</text>
-      <pattern>
-        FC 55 50 E8 00 00 00 00 5D 60 E8 03 00 00 00 83 EB 0E EB 01 0C 58 EB 01 35 40 EB 01 36 FF E0 0B 61 B8 30 D2 40 00 EB 01 E3 60 E8 03 00 00 00 D2 EB 0B 58 EB 01 48 40 EB 01 35 FF E0 E7 61 2B E8 9C EB 01 D5 9D EB 01 0B 58 60 E8 03 00 00 00 83 EB 0E EB 01 0C 58 EB 01 35 40 EB 01 36 FF E0 0B 61 89 85 E1 EA 41 00 9C EB 01 D5 9D EB 01 0B 58 EB 01 E3 60 E8 03 00 00 00 D2 EB 0B 58 EB 01 48 40 EB 01 35 FF E0 E7 61 89 85 F9 EA 41 00 9C EB 01 D5 9D EB 01 0B 89 9D E5 EA 41 00 60 E8 03 00 00 00 83 EB 0E EB 01 0C 58 EB 01 35 40 EB 01 36 FF E0 0B 61 89 8D E9 EA 41 00 EB 01 E3 60 E8 03 00 00 00 D2 EB 0B 58 EB 01 48 40 EB 01 35 FF E0 E7 61 89 95 ED EA 41 00 60 E8 03 00 00 00 83 EB 0E EB 01 0C 58 EB 01 35 40 EB 01 36 FF E0 0B 61 89 B5 F1 EA 41 00 9C EB 01 D5 9D EB 01 0B 89
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PCIENC Cryptor</text>
-      <pattern>
-        06 50 43 49 45 4E
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PCPEC "alpha - preview"</text>
-      <pattern>
-        53 51 52 56 57 55 E8 00 00 00 00 5D 8B CD 81 ED 33 30 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PCPEC alpha
-      </text>
-      <pattern>
-        53 51 52 56 57 55 E8 xx xx xx xx 5D 8B CD 81 xx xx xx xx xx 2B xx xx xx xx xx 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PCrypt v3.51</text>
-      <pattern>
-        50 43 52 59 50 54 FF 76 33 2E 35 31 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PcShare v4.0</text>
-      <pattern>
-        55 8B EC 6A FF 68 90 34 40 00 68 B6 28 40 00 64 A1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PCShrink 0.71 beta</text>
-      <pattern>
-        01 AD 54 3A 40 00 FF B5 50 3A 40 00 6A 40 FF 95 88 3A 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PCShrink v0.40b</text>
-      <pattern>
-        9C 60 BD xx xx xx xx 01 xx xx xx xx xx FF xx xx xx xx xx 6A xx FF xx xx xx xx xx 50 50 2D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PDS graphics file format</text>
-      <pattern>
-        49 4D 41 47 45 49 44 45 4E 54 49 46 49 45 52 20
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE Crypt v1.00/v1.01</text>
-      <pattern>
-        E8 xx xx xx xx 5B 83 EB 05 EB 04 52 4E 44 21 EB 02 CD 20 EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE Crypt v1.02</text>
-      <pattern>
-        E8 xx xx xx xx 5B 83 EB 05 EB 04 52 4E 44
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE Crypt32 (Console v1.0, v1.01, v1.02)</text>
-      <pattern>
-        E8 00 00 00 00 5B 83 EB 05 EB 04 52 4E 44 21 EB 02 CD 20 EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE Crypt32 v1.02</text>
-      <pattern>
-        E8 00 00 00 00 5B 83 xx xx EB xx 52 4E 44 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="1">
-      <text>PE Diminisher V0.1 -> Teraphy</text>
-      <pattern>
-        53 51 52 56 57 55 E8 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="1">
-      <text>PE Diminisher v0.1 -> Teraphy</text>
-      <pattern>
-        53 51 52 56 57 55 E8 00 00 00 00 5D 8B D5 81 ED A2 30 40 00 2B 95 91 33 40 00 81 EA 0B 00 00 00 89 95 9A 33 40 00 80 BD 99 33 40 00 00 74 50 E8 02 01 00 00 8B FD 8D 9D 9A 33 40 00 8B 1B 8D 87
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="1">
-      <text>PE Diminisher v0.1</text>
-      <pattern>
-        53 51 52 56 57 55 E8 00 00 00 00 5D 8B D5 81 ED A2 30 40 00 2B 95 91 33 40 00 81 EA 0B 00 00 00 89 95 9A 33 40 00 80 BD 99 33 40 00 00 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="1">
-      <text>PE Diminisher v0.1</text>
-      <pattern>
-        5D 8B D5 81 ED A2 30 40 xx 2B 95 91 33 40 xx 81 EA 0B xx xx xx 89 95 9A 33 40 xx 80 BD 99
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE Encrypt 1.0 -> Liwuyue</text>
-      <pattern>
-        55 8B EC 83 C4 D0 53 56 57 8D 75 FC 8B 44 24 30 25 00 00 FF FF 81 38 4D 5A 90 00 74 07 2D 00 10 00 00 EB F1 89 45 FC E8 C8 FF FF FF 2D 0F 05 00 00 89 45 F4 8B 06 8B 40 3C 03 06 8B 40 78 03 06 8B C8 8B 51 20 03 16 8B 59 24 03 1E 89 5D F0 8B 59 1C 03 1E 89 5D EC 8B 41 18 8B C8 49 85 C9 72 5A 41 33 C0 8B D8 C1 E3 02 03 DA 8B 3B 03 3E 81 3F 47 65 74 50 75 40 8B DF 83 C3 04 81 3B 72 6F 63 41 75 33 8B DF 83 C3 08 81 3B 64 64 72 65 75 26 83 C7 0C 66 81 3F 73 73
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE Intro v1.0</text>
-      <pattern>
-        8B 04 24 9C 60 E8 xx xx xx xx 5D 81 ED 0A 45 40 xx 80 BD 67 44 40 xx xx 0F 85 48
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE Lock NT v2.01</text>
-      <pattern>
-        EB 03 CD 20 EB EB 01 EB 1E EB 01 EB EB 02 CD 20 9C EB 03 CD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE Lock NT v2.02c</text>
-      <pattern>
-        EB 02 C7 85 1E EB 03 CD 20 EB EB 01 EB 9C EB 01 EB EB 02 CD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE Lock NT v2.03</text>
-      <pattern>
-        EB 02 C7 85 1E EB 03 CD 20 C7 9C EB 02 69 B1 60 EB 02 EB 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE Lock NT v2.04</text>
-      <pattern>
-        EB xx CD xx xx xx xx xx CD xx xx xx xx xx EB xx EB xx EB xx EB xx CD xx xx xx xx xx E8 xx xx xx xx E9 xx xx xx xx 50 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE Lock v1.06</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 4B 45
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        Pe Ninja -> +DzA kRAker TNT
-      </text>
-      <pattern>
-        BE 5B 2A 40 00 BF 35 12 00 00 E8 40 12 00 00 3D 22 83 A3 C6 0F 85 67 0F 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        Pe Ninja -> +DzA kRAker TNT
-      </text>
-      <pattern>
-        BE 5B 2A 40 00 BF 35 12 00 00 E8 40 12 00 00 3D 22 83 A3 C6 0F 85 67 0F 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE Ninja v1.0 -> +DzA kRAker TNT</text>
-      <pattern>
-        BE 5B 2A 40 00 BF 35 12 00 00 E8 40 12 00 00 3D 22 83 A3 C6 0F 85 67 0F 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE Pack v0.99</text>
-      <pattern>
-        60 E8 xx xx xx xx 5D 83 ED 06 80 BD E0 04 xx xx 01 0F 84 F2
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE Packer</text>
-      <pattern>
-        FC 8B 35 70 01 40 xx 83 EE 40 6A 40 68 xx 30 10
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE Password v0.2 SMT/SMF</text>
-      <pattern>
-        E8 04 xx xx xx 8B EC 5D C3 33 C0 5D 8B FD 81 ED 33 26 40 xx 81 EF xx xx xx xx 83 EF 05 89 AD 88 27 40 xx 8D 9D 07 29 40 xx 8D B5 62 28 40 xx 46 80
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE Protect 0.9</text>
-      <pattern>
-        E9 xx 00 00 00 0D 0A 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 0D 0A 50 45 2D 50 52 4F 54 45 43 54 20 30 2E 39 20 28 43 29 6F
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE Protect v0.9</text>
-      <pattern>
-        52 51 55 57 64 67 A1 30 00 85 C0 78 0D E8 xx xx xx xx 58 83 C0 07 C6 xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE Protector 0.9.3 -> CRYPToCRACk</text>
-      <pattern>
-        5B 81 E3 00 FF FF FF 66 81 3B 4D 5A 75 33 8B F3 03 73 3C 81 3E 50 45 00 00 75 26 0F B7 46 18 8B C8 69 C0 AD 0B 00 00 F7 E0 2D AB 5D 41 4B 69 C9 DE C0 00 00 03 C1 75 09 83 EC 04 0F 85 DD 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE Spin 0.b</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 72 C8 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 26 E8 01 00 00 00 EA 5A 33 C9
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE Spin v0.4x</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE Spin v0.b</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 72 C8 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 26 E8 01 00 00 00 EA 5A 33 C9 8B 95 68 20 40 00 8B 42 3C 03 C2 89 85 76 20 40 00 41 C1 E1 07 8B 0C 01 03 CA 8B 59 10 03 DA 8B 1B 89 9D 8A 20 40 00 8B 59 24 03 DA 8B 1B 89 9D 8E 20 40 00 53 8F 85 E2 1F 40 00 8D 85 92 20 40 00 6A 0C 5B 6A 17 59 30 0C 03 02 CB 4B 75 F8 40 8D 9D 41 8F 4E 00 50 53 81 2C 24 01 78 0E 00 FF B5 8A 20 40 00 C3 92 EB 15 68 BB xx 00 00 00 B9 90 08 00 00 8D BD FF 20 40 00 4F 30 1C 39 FE CB E2 F9 68 1D 01 00 00 59 8D BD 2F 28 40 00 C0 0C 39 02 E2 FA 68 A0 20 40 00 50 01 6C 24 04 E8 BD 09 00 00 33 C0 0F 84 C0 08 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE-Armor 0.46 -> China Cracking Group</text>
-      <pattern>
-        E8 AA 00 00 00 2D xx xx 00 00 00 00 00 00 00 00 00 3D xx xx 00 2D xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4B xx xx 00 5C xx xx 00 6F xx xx 00 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 00 00 47 65 74 50 72 6F 63 41
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE-Armor 0.46 -> China Cracking Group</text>
-      <pattern>
-        E8 AA 00 00 00 2D xx xx 00 00 00 00 00 00 00 00 00 3D xx xx 00 2D xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4B xx xx 00 5C xx xx 00 6F xx xx 00 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 A2 01 00 00 xx xx 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 00 00 00 00 00 xx xx 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 00 00 00 00 00 00 00 00 5D 81 ED 05 00 00 00 8D 75 3D 56 FF 55 31 8D B5 86 00 00 00 56 50 FF 55 2D 89 85 93 00 00 00 6A 04 68 00 10 00 00 FF B5 82 00 00 00 6A 00 FF 95 93 00 00 00 50 8B 9D 7E 00 00 00 03 DD 50 53 E8 04 00 00 00 5A 55 FF E2 60 8B 74 24 24 8B 7C 24 28 FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE-Armor 0.46 -> Hying</text>
-      <pattern>
-        E8 AA 00 00 00 2D xx xx 00 00 00 00 00 00 00 00 00 3D xx xx 00 2D xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4B xx xx 00 5C xx xx 00 6F xx xx 00 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE-Armor 0.460-0.759 -> hying</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE-Armor 0.460-0.759 -> hying</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE-Armor 0.49 -> Hying</text>
-      <pattern>
-        56 52 51 53 55 E8 15 01 00 00 32 xx xx 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE-Armor 0.760-0.765 -> hying</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 xx xx xx xx 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 00 00 08 00 00 00 00 00 00 00 60 E8 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE-Armor V0.760-V0.765 -> hying</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 xx xx xx xx 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 00 00 47 65 74 50 72
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE-Crypt 1.02</text>
-      <pattern>
-        E8 00 00 00 00 5B 83 EB 05 EB 04 52 4E 44 21 85 C0 73 02 F7
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE-Crypter</text>
-      <pattern>
-        60 E8 00 00 00 00 5D EB 26
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE-PACK 0.99</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 83 ED 06 80 BD E0 04 00 00 01 0F 84 F2
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE-PaCK 1.0 -> (C) Copyright 1998 by ANAKiN (h)</text>
-      <pattern>
-        C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 0D 0A 20 2D 3D FE 20 50 45 2D 50 41 43 4B 20 76 31 2E 30 20 2D FE 2D 20 28 43 29 20 43 6F 70
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE-PaCK v1.0 -> (C) Copyright 1998 by ANAKiN (h)</text>
-      <pattern>
-        C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 0D 0A 20 2D 3D FE 20 50 45 2D 50 41 43 4B 20 76 31 2E 30 20 2D FE 2D 20 28 43 29 20 43 6F 70 79 72 69 67 68 74 20 31 39 39 38 20 62 79 20 41 4E 41 4B 69 4E 20 FE 3D 2D 20 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE-PACK v1.0 by ANAKiN 1998 (xx?)</text>
-      <pattern>
-        74 xx E9 xx xx xx xx 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE-Protect 0.9 by Cristoph Gabler 1998</text>
-      <pattern>
-        50 45 2D 50 52 4F 54 45 43 54 20 30 2E 39
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE-PROTECT 0.9</text>
-      <pattern>
-        E9 CF 00 00 00 0D 0A 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE-SHiELD 0.2</text>
-      <pattern>
-        60 E8 00 00 00 00 41 4E 41 4B 49 4E 5D 83 ED 06 EB 02 EA 04
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pe123 2006.4.12</text>
-      <pattern>
-        8B C0 60 9C E8 01 00 00 00 C3 53 E8 72 00 00 00 50 E8 1C 03 00 00 8B D8 FF D3 5B C3 8B C0 E8 00 00 00 00 58 83 C0 05 C3 8B C0 55 8B EC 60 8B 4D 10 8B 7D 0C 8B 75 08 F3 A4 61 5D C2 0C 00 E8 00 00 00 00 58 83 E8 05 C3 8B C0 E8 00 00 00 00 58 83 C0 05 C3 8B
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pe123 2006.4.4</text>
-      <pattern>
-        8B C0 EB 01 34 60 EB 01 2A 9C EB 02 EA C8 E8 0F 00 00 00 EB 03 3D 23 23 EB 01 4A EB 01 5B C3 8D 40 00 53 EB 01 6C EB 01 7E EB 01 8F E8 15 01 00 00 50 E8 67 04 00 00 EB 01 9A 8B D8 FF D3 5B C3 8B C0 E8 00 00 00 00 58 83 C0 05 C3 8B C0 55 8B EC 60 8B 4D 10
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pe123 v2006.4.12</text>
-      <pattern>
-        8B C0 60 9C E8 01 00 00 00 C3 53 E8 72 00 00 00 50 E8 1C 03 00 00 8B D8 FF D3 5B C3 8B C0 E8 00 00 00 00 58 83 C0 05 C3 8B C0 55 8B EC 60 8B 4D 10 8B 7D 0C 8B 75 08 F3 A4 61 5D C2 0C 00 E8 00 00 00 00 58 83 E8 05 C3 8B C0 E8 00 00 00 00 58 83 C0 05 C3 8B C0 E8 00 00 00 00 58 C1 E8 0C C1 E0 0C 66 81 38 4D 5A 74 0C 2D 00 10 00 00 66 81 38 4D 5A 75 F4 C3 E8 00 00 00 00 58 83 E8 05 C3 8B C0 55 8B EC 81 C4 4C FE FF FF 53 6A 40 8D 85 44 FF FF FF 50 E8 BC FF FF FF 50 E8 8A FF FF FF 68 F8 00 00 00 8D 85 4C FE FF FF 50 E8 A5 FF FF FF 03 45 80 50 E8 70 FF FF FF E8 97 FF FF FF 03 85 CC FE FF FF 83 C0 34 89 45 FC E8 86 FF FF FF 03 85 CC FE FF FF 83 C0 38 89 45 8C 60 8B 45 FC 8B 00 89 45 F8 89 45 9C 8B 45 8C 8B 00 89 45 88 89 45 98 E8 0D 00 00 00 6B 65 72 6E 65 6C 33
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pe123 v2006.4.4</text>
-      <pattern>
-        8B C0 EB 01 34 60 EB 01 2A 9C EB 02 EA C8 E8 0F 00 00 00 EB 03 3D 23 23 EB 01 4A EB 01 5B C3 8D 40 00 53 EB 01 6C EB 01 7E EB 01 8F E8 15 01 00 00 50 E8 67 04 00 00 EB 01 9A 8B D8 FF D3 5B C3 8B C0 E8 00 00 00 00 58 83 C0 05 C3 8B C0 55 8B EC 60 8B 4D 10 8B 7D 0C 8B 75 08 F3 A4 61 5D C2 0C 00 E8 00 00 00 00 58 83 E8 05 C3 8B C0 E8 00 00 00 00 58 83 C0 05 C3 8B C0 E8 00 00 00 00 58 C1 E8 0C C1 E0 0C 66 81 38 4D 5A 74 0C 2D 00 10 00 00 66 81 38 4D 5A 75 F4 C3 E8 00 00 00 00 58 83 E8 05 C3 8B C0 55 8B EC 81 C4 B8 FE FF FF 6A 40 8D 45 B0 50 E8 C0 FF FF FF 50 E8 8E FF FF FF 68 F8 00 00 00 8D 85 B8 FE FF FF 50 E8 A9 FF FF FF 03 45 EC 50 E8 74 FF FF FF E8 9B FF FF FF 03 85 38 FF FF FF 83 C0 34 89 45 FC E8 8A FF FF FF 03 85 38 FF FF FF 83 C0 38 89 45 F4 8B 45 FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PE_Admin V1.0 (EncryptPE V1.2003.5.18 Sold) -> Flying Cat</text>
-      <pattern>
-        60 9C 64 FF 35 00 00 00 00 E8 79 01 00 00 90 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEArmor V0.7X -> Hying</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED xx xx xx xx 8D B5 xx xx xx xx 55 56 81 C5 xx xx xx xx 55 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEBundle v0.2 - v2.0x</text>
-      <pattern>
-        9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB xx xx 40 xx 87 DD 6A 04 68 xx 10 xx xx 68 xx 02 xx xx 6A xx FF 95
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEBundle v2.0b5 - v2.3</text>
-      <pattern>
-        9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB xx xx 40 xx 87 DD 01 AD xx xx xx xx 01 AD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEBundle v2.44</text>
-      <pattern>
-        9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB xx xx 40 xx 87 DD 83 BD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEBundle v3.10</text>
-      <pattern>
-        9C 60 E8 02 00 00 00 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 07 20 40 00 87 DD xx xx xx xx 40 00 01
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact 2.00 alpha 38</text>
-      <pattern>
-        B8 xx xx xx xx 80 B8 BF 10 00 10 01 74 7A C6 80 BF 10 00 10 01 9C 55 53 51 57 52 56 8D 98 0F 10 00 10 8B 53 14 8B E8 6A 40 68 00 10 00 00 FF 73 04 6A 00 8B 4B 10 03 CA 8B 01 FF D0 8B F8 50 8B 33 8B 53 14 03 F2 8B 4B 0C 03 CA 8D 85 B7 10 00 10 FF 73 04 8F
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact 2.0beta/student version -> Jeremy Collake</text>
-      <pattern>
-        B8 xx xx xx EE 05 12 13 13 12 50 64 FF 35 00 00 00 00 64 89 25 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PeCompact 2.53 DLL (Slim Loader) -> BitSum Technologies</text>
-      <pattern>
-        B8 xx xx xx xx 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 32 00 00 08 0C 00 48 E1 01 56 57 53 55 8B 5C 24 1C 85 DB 0F 84 AB 21 E8 BD 0E E6 60 0D 0B 6B 65 72 6E 6C 33 32
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PeCompact 2.53 DLL -> BitSum Technologies</text>
-      <pattern>
-        B8 xx xx xx xx 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00 00 00 00 08 0C 00 48 E1 01 56 57 53 55 8B 5C 24 1C 85 DB 0F 84 AB 21 E8 BD 0E E6 60 0D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact 2.x -> Bitsum Technologies</text>
-      <pattern>
-        B8 xx xx xx 02 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PeCompact 2.xx (Slim Loader) -> BitSum Technologies</text>
-      <pattern>
-        B8 xx xx xx xx 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 32 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v0.90</text>
-      <pattern>
-        EB 06 68 xx xx 40 00 C3 9C 60 BD xx xx 00 00 B9 02 00 00 00 B0 90 8D BD 7A 42 40 00 F3 AA 01 AD D9 43 40 00 FF B5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v0.92</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 BD xx xx xx xx B9 02 xx xx xx B0 90 8D BD A5 4F 40 xx F3 AA 01 AD 04 51 40 xx FF B5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v0.94</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 xx xx xx xx 5D 55 58 81 ED xx xx xx xx 2B 85 xx xx xx xx 01 85 xx xx xx xx 50 B9 02
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v0.971 - v0.976</text>
-      <pattern>
-        EB 06 68 C3 9C 60 E8 5D 55 5B 81 ED 8B 85 01 85 66 C7 85
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v0.977</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB A0 86 40 xx 87 DD 8B 85 2A 87
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v0.978.1</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 49 87 40 xx 87 DD 8B 85 CE 87
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v0.978.2</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB D1 84 40 xx 87 DD 8B 85 56 85
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v0.978</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 24 88 40 xx 87 DD 8B 85 A9 88
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v0.98</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB D7 84 40 xx 87 DD 8B 85 5C 85
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v0.99</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 2F 85 40 xx 87 DD 8B 85 B4 85
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.00</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB C4 84 40 xx 87 DD 8B 85 49 85
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.10b1</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 28 63 40 xx 87 DD 8B 85 AD 63
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.10b2</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 40 xx 87 DD 8B 85 94 60
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.10b3</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 40 xx 87 DD 8B 85 95 60 40 xx 01 85 03 60 40 xx 66 C7 85 xx 60 40 xx 90 90 BB 95
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.10b4</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 40 xx 87 DD 8B 85 95 60 40 xx 01 85 03 60 40 xx 66 C7 85 xx 60 40 xx 90 90 BB 44
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.10b5</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 40 xx 87 DD 8B 85 95 60 40 xx 01 85 03 60 40 xx 66 C7 85 xx 60 40 xx 90 90 BB 49
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.10b6</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 xx 00 87 DD 8B 85 9A 60 40 xx 01 85 03 60 40 xx 66 C7 85 xx 60 40 xx 90 90 01 85 92 60 40 xx BB B7
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.10b7</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 40 xx 87 DD 8B 85 9A 60 40 xx 01 85 03 60 40 xx 66 C7 85 xx 60 40 xx 90 90 01 85 92 60 40 xx BB 14
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.20 - v1.20.1</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 xx 87 DD 8B 85 9A 70 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.22</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 xx 87 DD 8B 85 A6 70 40 xx 01 85 03 70 40 xx 66 C7 85 xx 70 40 xx 90 90 01 85 9E 70 40 xx BB F3 08
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.23b3 - v1.24.1</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 xx 87 DD 8B 85 A6 70 40 xx 01 85 03 70 40 xx 66 C7 85 70 40 90 xx 90 01 85 9E 70 40 BB xx D2 08
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.24.2 - v1.24.3</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 xx 87 DD 8B 85 A6 70 40 xx 01 85 03 70 40 xx 66 C7 85 70 40 90 xx 90 01 85 9E 70 40 BB xx D2 09
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.25</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 xx 87 DD 8B 85 A6 70 40 xx 01 85 03 70 40 xx 66 C7 85 70 40 90 xx 90 01 85 9E 70 40 BB xx F3 0D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.26b1 - v1.26b2</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 xx 87 DD 8B 85 A6 70 40 xx 01 85 03 70 40 xx 66 C7 85 70 40 90 xx 90 01 85 9E 70 40 BB xx 05 0E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.33</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 80 40 xx 87 DD 8B 85 A6 80 40 xx 01 85 03 80 40 xx 66 C7 85 00 80 40 xx 90 90 01 85 9E 80 40 xx BB E8 0E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.34 - v1.40b1</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 80 40 xx 87 DD 8B 85 A6 80 40 xx 01 85 03 80 40 xx 66 C7 85 xx 00 80 xx 40 90 90 01 85 9E 80 xx 40 BB F8 10
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.40 - v1.45</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F A0 40 xx 87 DD 8B 85 A6 A0 40 xx 01 85 03 A0 40 xx 66 C7 85 xx A0 40 xx 90 90 01 85 9E A0 40 xx BB C3 11
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.40b2 - v1.40b4</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F A0 40 xx 87 DD 8B 85 A6 A0 40 xx 01 85 03 A0 40 xx 66 C7 85 xx A0 40 xx 90 90 01 85 9E A0 40 xx BB 86 11
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.40b5 - v1.40b6</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F A0 40 xx 87 DD 8B 85 A6 A0 40 xx 01 85 03 A0 40 xx 66 C7 85 xx A0 40 xx 90 90 01 85 9E A0 40 xx BB 8A 11
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.46</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F A0 40 xx 87 DD 8B 85 A6 A0 40 xx 01 85 03 A0 40 xx 66 C7 85 xx A0 40 xx 90 90 01 85 9E A0 40 xx BB 60 12
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.47 - v1.50</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F A0 40 xx 87 DD 8B 85 A6 A0 40 xx 01 85 03 A0 40 xx 66 C7 85 xx A0 40 xx 90 90 01 85 9E A0 40 xx BB 5B 12
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.4x+</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.55</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 80 40 xx 87 DD 8B 85 A2 80 40 xx 01 85 03 80 40 xx 66 C7 85 xx 80 40 xx 90 90 01 85 9E 80 40 xx BB 2D 12
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.56</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 90 40 xx 87 DD 8B 85 A2 90 40 xx 01 85 03 90 40 xx 66 C7 85 xx 90 40 xx 90 90 01 85 9E 90 40 xx BB 2D 12
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.60 - v1.65</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 80 40 xx 87 DD 8B 85 D2 80 40 xx 01 85 33 80 40 xx 66 C7 85 xx 80 40 xx 90 90 01 85 CE 80 40 xx BB BB 12
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.66</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90 40 xx 87 DD 8B 85 E6 90 40 xx 01 85 33 90 40 xx 66 C7 85 xx 90 40 xx 90 90 01 85 DA 90 40 xx 01 85 DE 90 40 xx 01 85 E2 90 40 xx BB 5B 11
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.67</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90 40 87 DD 8B 85 E6 90 40 01 85 33 90 40 66 C7 85 90 40 90 90 01 85 DA 90 40 01 85 DE 90 40 01 85 E2 90 40 BB 8B 11
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.68 - v1.84</text>
-      <pattern>
-        EB 06 68 xx xx xx xx C3 9C 60 E8 02 xx xx xx 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90 40 87 DD 8B 85 E6 90 40 01 85 33 90 40 66 C7 85 90 40 90 90 01 85 DA 90 40 01 85 DE 90 40 01 85 E2 90 40 BB 7B 11
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v1.84</text>
-      <pattern>
-        33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v2.0 beta -> Jeremy Collake</text>
-      <pattern>
-        B8 xx xx xx xx 05 xx xx xx xx 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 CC 90 90 90 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v2.00 alpha 38</text>
-      <pattern>
-        B8 xx xx xx xx 80 B8 BF 10 00 10 01 74 7A C6 80 BF 10 00 10 01 9C 55 53 51 57 52 56 8D 98 0F 10 00 10 8B 53 14 8B E8 6A 40 68 00 10 00 00 FF 73 04 6A 00 8B 4B 10 03 CA 8B 01 FF D0 8B F8 50 8B 33 8B 53 14 03 F2 8B 4B 0C 03 CA 8D 85 B7 10 00 10 FF 73 04 8F 00 50 57 56 FF D1 58 03 43 08 8B F8 8B 53 14 8B F0 8B 46 FC 83 C0 04 2B F0 89 56 08 8B 4B 10 89 4E 18 FF D7 89 85 BB 10 00 10 5E 5A 5F 59 5B 5D 9D FF E0 8B 80 BB 10 00 10 FF E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PeCompact v2.08 -> Bitsum Technologies(signature by loveboom)</text>
-      <pattern>
-        B8 xx xx xx xx 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v2.0</text>
-      <pattern>
-        B8 xx xx xx xx 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v2.5 Retail (Slim Loader) -> Bitsum Technologies</text>
-      <pattern>
-        B8 xx xx xx 01 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 32 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v2.5 Retail -> Bitsum Technologies</text>
-      <pattern>
-        B8 xx xx xx 01 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact V2.X -> Bitsum Technologies</text>
-      <pattern>
-        B8 xx xx xx xx 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECompact v2.xx</text>
-      <pattern>
-        B8 xx xx xx 00 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PeCompact2 2.53-2.76 -> BitSum Technologies</text>
-      <pattern>
-        B8 xx xx xx xx 55 53 51 57 56 52 8D 98 C9 11 00 10 8B 53 18 52 8B E8 6A 40 68 00 10 00 00 FF 73 04 6A 00 8B 4B 10 03 CA 8B 01 FF D0 5A 8B F8 50 52 8B 33 8B 43 20 03 C2 8B 08 89 4B 20 8B 43 1C 03 C2 8B 08 89 4B 1C 03 F2 8B 4B 0C 03 CA 8D 43 1C 50 57 56 FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PECrc32 0.88 -> ZhouJinYu</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED B6 A4 45 00 8D BD B0 A4 45 00 81 EF 82 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEcrypt - by archphase</text>
-      <pattern>
-        55 8B EC 83 C4 E0 53 56 33 C0 89 45 E4 89 45 E0 89 45 EC xx xx xx xx 64 82 40 00 E8 7C C7 FF FF 33 C0 55 68 BE 84 40 00 64 FF 30 64 89 20 68 CC 84 40 00 xx xx xx xx 00 A1 10 A7 40 00 50 E8 1D C8 FF FF 8B D8 85 DB 75 39 E8 3A C8 FF FF 6A 00 6A 00 68 A0 A9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEcrypt - by archphase</text>
-      <pattern>
-        55 8B EC 83 C4 E0 53 56 33 C0 89 45 E4 89 45 E0 89 45 EC xx xx xx xx 64 82 40 00 E8 7C C7 FF FF 33 C0 55 68 BE 84 40 00 64 FF 30 64 89 20 68 CC 84 40 00 xx xx xx xx 00 A1 10 A7 40 00 50 E8 1D C8 FF FF 8B D8 85 DB 75 39 E8 3A C8 FF FF 6A 00 6A 00 68 A0 A9 40 00 68 00 04 00 00 50 6A 00 68 00 13 00 00 E8 FF C7 FF FF 6A 00 68 E0 84 40 00 A1 A0 A9 40 00 50 6A 00 E8 xx xx xx xx E9 7D 01 00 00 53 A1 10 A7 40 00 50 E8 42 C8 FF FF 8B F0 85 F6 75 18 6A 00 68 E0 84 40 00 68 E4 84 40 00 6A 00 E8 71 C8 FF FF E9 53 01 00 00 53 6A 00 E8 2C C8 FF FF A3 xx xx xx xx 83 3D 48 A8 40 00 00 75 18 6A 00 68 E0 84 40 00 68 F8 84 40 00 6A 00 E8 43 C8 FF FF E9 25 01 00 00 56 E8 F8 C7 FF FF A3 4C A8 40 00 A1 48 A8 40 00 E8 91 A1 FF FF 8B D8 8B 15 48 A8 40 00 85 D2 7C 16 42 33 C0 8B 0D 4C A8 40 00 03 C8 8A 09 8D 34 18 88 0E 40 4A 75 ED 8B 15 48 A8 40 00 85 D2 7C 32 42 33 C0 8D 34 18 8A 0E 80 F9 01 75 05 C6 06 FF EB 1C 8D 0C 18 8A 09 84 xx xx xx xx xx 00 EB 0E 8B 0D 4C A8 40 00 03 C8 0F B6 09 49 88 0E 40 4A 75 D1 8D xx xx xx xx E8 A5 A3 FF FF 8B 45 E8 8D 55 EC E8 56 D5 FF FF 8D 45 EC BA 18 85 40 00 E8 79 BA FF FF 8B 45 EC E8 39 BB FF FF 8B D0 B8 54 A8 40 00 E8 31 A6 FF FF BA 01 00 00 00 B8 54 A8 40 00 E8 12 A9 FF FF E8 DD A1 FF FF 68 50 A8 40 00 8B D3 8B 0D 48 A8 40 00 B8 54 A8 40 00 E8 56 A7 FF FF E8 C1 A1 FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEEncrypt v4.0b (JunkCode)</text>
-      <pattern>
-        66 xx xx 00 66 83 xx 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEiD-Bundle v1.00 - v1.01 -> BoB / BobSoft</text>
-      <pattern>
-        60 E8 xx 02 00 00 8B 44 24 04 52 48 66 31 C0 66 81 38 4D 5A 75 F5 8B 50 3C 81 3C 02 50 45 00 00 75 E9 5A C2 04 00 60 89 DD 89 C3 8B 45 3C 8B 54 28 78 01 EA 52 8B 52 20 01 EA 31 C9 41 8B 34 8A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEiD-Bundle V1.00 -> BoB / BobSoft</text>
-      <pattern>
-        60 E8 21 02 00 00 8B 44 24 04 52 48 66 31 C0 66 81 38 4D 5A 75 F5 8B 50 3C 81 3C 02 50 45 00 00 75 E9 5A C2 04 00 60 89 DD 89 C3 8B 45 3C 8B 54 28 78 01 EA 52 8B 52 20 01 EA 31 C9 41 8B 34 8A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEiD-Bundle V1.01 -> BoB / BobSoft</text>
-      <pattern>
-        60 E8 23 02 00 00 8B 44 24 04 52 48 66 31 C0 66 81 38 4D 5A 75 F5 8B 50 3C 81 3C 02 50 45 00 00 75 E9 5A C2 04 00 60 89 DD 89 C3 8B 45 3C 8B 54 28 78 01 EA 52 8B 52 20 01 EA 31 C9 41 8B 34 8A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEiD-Bundle v1.02 - v1.04 -> BoB / BobSoft</text>
-      <pattern>
-        60 E8 xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 xx xx xx 2E xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 80 00 00 00 00 4B 65 72 6E 65 6C 33 32 2E 44
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEiD-Bundle V1.02 -> BoB / BobSoft</text>
-      <pattern>
-        60 E8 9C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 xx xx xx 2E xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 80 00 00 00 00 4B 65 72 6E 65 6C 33 32 2E 44
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEiD-Bundle V1.02 DLL -> BoB / BobSoft</text>
-      <pattern>
-        83 7C 24 08 01 0F 85 xx xx xx xx 60 E8 9C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 41 00 08 00 39 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 80 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEiD-Bundle v1.04 -> BoB / BobSoft</text>
-      <pattern>
-        60 E8 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 xx xx xx 2E xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 80 00 00 00 00 4B 65 72 6E 65 6C 33 32 2E 44
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pelles C 2.8.x-4.5.x -> Pelle Orinius</text>
-      <pattern>
-        55 89 E5 6A FF 68 xx xx xx xx 68 xx xx xx xx 64 FF 35 xx xx xx xx 64 89 25 xx xx xx xx 83 EC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pelles C 2.80 -2.90 EXE (X86 CRT-LIB)</text>
-      <pattern>
-        55 89 E5 6A FF 68 xx xx xx xx 68 xx xx xx xx 64 FF 35 xx xx xx xx 64 89 25 xx xx xx xx 83 EC xx 83 EC xx 53 56 57 89 65 E8 68 00 00 00 xx E8 xx xx xx xx 59 A3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pelles C 2.90 EXE (X86 CRT-LIB)</text>
-      <pattern>
-        55 89 E5 6A FF 68 xx xx xx xx 68 xx xx xx xx 64 FF 35 xx xx xx xx 64 89 25 xx xx xx xx 83 EC xx 83 EC xx 53 56 57 89 65 E8 68 00 00 00 02 E8 xx xx xx xx 59 A3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pelles C 2.90, 3.00, 4.00 DLL (X86 CRT-LIB)</text>
-      <pattern>
-        55 89 E5 53 56 57 8B 5D 0C 8B 75 10 BF 01 00 00 00 85 DB 75 10 83 3D xx xx xx xx 00 75 07 31 C0 E9 xx xx xx xx 83 FB 01 74 05 83 FB 02 75 xx 85 FF 74
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pelles C 2.x-4.x DLL -> Pelle Orinius</text>
-      <pattern>
-        55 89 E5 53 56 57 8B 5D 0C 8B 75 10
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pelles C 3.00, 4.00, 4.50 EXE (X86 CRT-DLL)</text>
-      <pattern>
-        55 89 E5 6A FF 68 xx xx xx xx 68 xx xx xx xx 64 FF 35 xx xx xx xx 64 89 25 xx xx xx xx 83 EC xx 53 56 57 89 65 E8 C7 45 FC xx xx xx xx 68 xx xx xx xx E8 xx xx xx xx 59 BE xx xx xx xx EB
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pelles C 3.00, 4.00, 4.50 EXE (X86 CRT-LIB)</text>
-      <pattern>
-        55 89 E5 6A FF 68 xx xx xx xx 68 xx xx xx xx 64 FF 35 xx xx xx xx 64 89 25 xx xx xx xx 83 EC xx 53 56 57 89 65 E8 68 00 00 00 02 E8 xx xx xx xx 59 A3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pelles C 4.50 DLL (X86 CRT-LIB)</text>
-      <pattern>
-        55 89 E5 53 56 57 8B 5D 0C 8B 75 10 85 DB 75 0D 83 3D xx xx xx xx 00 75 04 31 C0 EB 57 83 FB 01 74 05 83 FB 02 75
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PELOCKnt 2.04</text>
-      <pattern>
-        EB 03 CD 20 C7 1E EB 03 CD 20 EA 9C EB 02 EB 01 EB 01 EB 60
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEMangle</text>
-      <pattern>
-        60 9C BE xx xx xx xx 8B FE B9 xx xx xx xx BB 44 52 4F 4C AD 33 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEncrypt 1.0 -> JunkCode</text>
-      <pattern>
-        60 9C BE 00 10 40 00 8B FE B9 xx xx xx xx BB 78 56 34 12 AD 33 C3 AB E2 FA 9D 61 E9 xx xx xx FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEncrypt 2.0 -> junkcode</text>
-      <pattern>
-        EB 25 00 00 F7 BF 00 00 00 00 00 00 00 00 00 00 12 00 E8 00 56 69 72 74 75 61 6C 50 72 6F 74 65 63 74 00 00 00 00 00 E8 00 00 00 00 5D 81 ED 2C 10 40 00 8D B5 14 10 40 00 E8 33 00 00 00 89 85 10 10 40 00 BF 00 00 40 00 8B F7 03 7F 3C 8B 4F 54 51 56 8D 85
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEncrypt 2.0 -> junkcode</text>
-      <pattern>
-        EB 25 00 00 F7 BF 00 00 00 00 00 00 00 00 00 00 12 00 E8 00 56 69 72 74 75 61 6C 50 72 6F 74 65 63 74 00 00 00 00 00 E8 00 00 00 00 5D 81 ED 2C 10 40 00 8D B5 14 10 40 00 E8 33 00 00 00 89 85 10 10 40 00 BF 00 00 40 00 8B F7 03 7F 3C 8B 4F 54 51 56 8D 85 23 10 40 00 50 6A 04 51 56 FF 95 10 10 40 00 5E 59 C6 06 00 46 E2 FA E9 AE 00 00 00 55 E8 00 00 00 00 5D 81 ED 77 10 40 00 8B D6 80 3E 00 74 03 46 EB F8 46 2B F2 8B CE 33 C0 66 89 85 06 10 40 00 8B B5 02 10 40 00 83 C6 3C 66 AD 03 85 02 10 40 00 8B 70 78 03 B5 02 10 40 00 83 C6 1C AD 03 85 02 10 40 00 89 85 08 10 40 00 AD 03 85 02 10 40 00 50 AD 03 85 02 10 40 00 89 85 0C 10 40 00 5E 56 AD 03 85 02 10 40 00 8B F0 8B FA 51 FC F3 A6 59 74 0D 5E 83 C6 04 66 FF 85 06 10 40 00 EB E0 5E 0F B7 85 06 10 40 00 D1 E0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEncrypt v1.0</text>
-      <pattern>
-        60 9C BE 00 10 40 00 8B FE B9 28 03 00 00 BB 78 56 34 12 AD 33 C3 AB E2 FA 9D 61
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEncrypt v3.0</text>
-      <pattern>
-        E8 00 00 00 00 5D 81 ED 05 10 40 00 8D B5 24 10 40 00 8B FE B9 0F 00 00 00 BB xx xx xx xx AD 33 C3 E2 FA
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEncrypt v3.1</text>
-      <pattern>
-        E9 xx xx xx 00 F0 0F C6
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEnguinCrypt v1.0</text>
-      <pattern>
-        B8 93 xx xx 00 55 50 67 64 FF 36 00 00 67 64 89 26 00 00 BD 4B 48 43 42 B8 04 00 00 00 CC 3C 04 75 04 90 90 C3 90 67 64 8F 06 00 00 58 5D BB 00 00 40 00 33 C9 33 C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PENightMare 2 Beta</text>
-      <pattern>
-        60 E9 xx xx xx xx EF 40 03 A7 07 8F 07 1C 37 5D 43 A7 04 B9 2C 3A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PENightMare v1.3</text>
-      <pattern>
-        60 E8 00 00 00 00 5D B9 xx xx xx xx 80 31 15 41 81 F9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PENinja modified</text>
-      <pattern>
-        5D 8B C5 81 ED B2 2C 40 00 2B 85 94 3E 40 00 2D 71 02 00 00 89 85 98 3E 40 00 0F B6 B5 9C 3E 40 00 8B FD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PENinja</text>
-      <pattern>
-        90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEQuake 0.06 by fORGAT</text>
-      <pattern>
-        E8 A5 00 00 00 2D xx 00 00 00 00 00 00 00 00 00 00 3D xx 00 00 2D xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4A xx 00 00 5B xx 00 00 6E xx 00 00 00 00 00 00 6B 45 72 4E 65 4C 33 32 2E 64 4C 6C 00 00 00 47 65 74 50 72 6F 63 41 64
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEQuake 0.06-> forgat</text>
-      <pattern>
-        E8 A5 00 00 00 2D xx xx 00 00 00 00 00 00 00 00 00 3D xx xx 00 2D xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4A xx xx 00 5B xx xx 00 6E xx xx 00 00 00 00 00 6B 45 72 4E 65 4C 33 32 2E 64 4C 6C 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 xx xx 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEQuake V0.06 -> forgat</text>
-      <pattern>
-        E8 A5 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEQuake v0.06 -> forgot/us (h)</text>
-      <pattern>
-        E8 A5 00 00 00 2D xx xx xx 00 00 00 00 00 00 00 00 3D xx xx xx 2D xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 6B 45 72 4E 65 4C 33 32 2E 64 4C 6C 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 xx xx 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 5D 81 ED 05 00 00 00 8D 75 3D 56 FF 55 31 8D B5 81 00 00 00 56 50 FF 55 2D 89 85 8E 00 00 00 6A 04 68 00 10 00 00 68 xx xx 00 00 6A 00 FF 95 8E 00 00 00 50 8B 9D 7D 00 00 00 03 DD 50 53 E8 04 00 00 00 5A 55 FF E2 60 8B 74 24 24 8B 7C 24 28 FC B2 80 33 DB A4 B3 02 E8 6D 00 00 00 73 F6 33 C9 E8 64 00 00 00 73 1C 33 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00 12 C0 73 F7 75 3F AA EB D4 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEQuake v0.06 by fORGAT</text>
-      <pattern>
-        E8 A5 00 00 00 2D xx 00 00 00 00 00 00 00 00 00 00 3D xx 00 00 2D xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4A xx 00 00 5B xx 00 00 6E xx 00 00 00 00 00 00 6B 45 72 4E 65 4C 33 32 2E 64 4C 6C 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 xx xx 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 00 00 00 00 00 xx xx 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 00 00 00 00 00 00 00 00 5D 81 ED 05 00 00 00 8D 75 3D 56 FF 55 31 8D B5 81 00 00 00 56 50 FF 55 2D 89 85 8E 00 00 00 6A 04 68 00 10 00 00 68 xx xx 00 00 6A 00 FF 95 8E 00 00 00 50 8B 9D 7D 00 00 00 03 DD 50 53 E8 04 00 00 00 5A 55 FF E2 60 8B 74 24 24 8B 7C 24 28 FC B2 80 33 DB
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PerlApp 6.0.2 -> ActiveState</text>
-      <pattern>
-        68 2C EA 40 00 FF D3 83 C4 0C 85 C0 0F 85 CD 00 00 00 6A 09 57 68 20 EA 40 00 FF D3 83 C4 0C 85 C0 75 12 8D 47 09 50 FF 15 1C D1 40 00 59 A3 B8 07 41 00 EB 55 6A 08 57 68 14 EA 40 00 FF D3 83 C4 0C 85 C0 75 11 8D 47 08 50 FF 15 1C D1 40 00 59 89 44 24 10 EB 33 6A 09 57 68 08 EA 40 00 FF D3 83 C4 0C 85 C0 74 22 6A 08 57 68 FC E9 40 00 FF D3 83 C4 0C 85 C0 74 11 6A 0B 57 68 F0 E9 40 00 FF D3 83 C4 0C 85 C0 75 55
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PerlApp 6.0.2 -> ActiveState</text>
-      <pattern>
-        68 9C E1 40 00 FF 15 A4 D0 40 00 85 C0 59 74 0F 50 FF 15 1C D1 40 00 85 C0 59 89 45 FC 75 62 6A 00 8D 45 F8 FF 75 0C F6 45 14 01 50 8D 45 14 50 E8 9B 01 00 00 83 C4 10 85 C0 0F 84 E9 00 00 00 8B 45 F8 83 C0 14 50 FF D6 85 C0 59 89 45 FC 75 0E FF 75 14 FF 15 78 D0 40 00 E9 C9 00 00 00 68 8C E1 40 00 FF 75 14 50
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESHiELD v0.2 / v0.2b / v0.2b2</text>
-      <pattern>
-        60 E8 xx xx xx xx 41 4E 41 4B 49 4E 5D 83 ED 06 EB 02 EA 04
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESHiELD v0.251</text>
-      <pattern>
-        5D 83 ED 06 EB 02 EA 04 8D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESHiELD v0.25</text>
-      <pattern>
-        60 E8 2B 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEShit</text>
-      <pattern>
-        B8 xx xx xx xx B9 xx xx xx xx 83 F9 00 7E 06 80 30 xx 40 E2 F5 E9 xx xx xx FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin 0.1 -> Cyberbob (h)</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 5C CB 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin 0.3 -> Cyberbob (h)</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 B7 CD 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin 0.7 -> Cyberbob (h)</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 83 D5 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin 1.0 -> Cyberbob (h)</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 C8 DC 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin 1.1 -> Cyberbob (h)</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 7D DE 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESPin 1.3 -> Cyberbob (h)</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 AC DF 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin 1.304 -> Cyberbob (h)</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 88 DF 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin 1.3beta -> Cyberbob (h)</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 71 DF 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin 1.3x -> Cyberbob</text>
-      <pattern>
-        EB 01 xx 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 88 DF 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin v0.1 -> Cyberbob (h)</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 5C CB 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF E8 01 00 00 00 EA 5A 83 EA 0B FF E2 8B 95 B3 28 40 00 8B 42 3C 03 C2 89 85 BD 28 40 00 41 C1 E1 07 8B 0C 01 03 CA 8B 59 10 03 DA 8B 1B 89 9D D1 28 40 00 53 8F 85 C4 27 40 00 BB xx 00 00 00 B9 A5 08 00 00 8D BD 75 29 40 00 4F 30 1C 39 FE CB E2 F9 68 2D 01 00 00 59 8D BD AA 30 40 00 C0 0C 39 02 E2 FA E8 02 00 00 00 FF 15 5A 8D 85 07 4F 56 00 BB 54 13 0B 00 D1 E3 2B C3 FF E0 E8 01 00 00 00 68 E8 1A 00 00 00 8D 34 28 B8 xx xx xx xx 2B C9 83 C9 15 0F A3 C8 0F 83 81 00 00 00 8D B4 0D C4 28 40 00 8B D6 B9 10 00 00 00 AC 84 C0 74 06 C0 4E FF 03 E2 F5 E8 00 00 00 00 59 81 C1 1D 00 00 00 52 51 C1 E9 05 23 D1 FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin v0.3 (Eng) -> cyberbob</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 B7 CD 46
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin v0.3 (Eng) -> cyberbob</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 B7 CD 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF E8 01 00 00 00 EA 5A 83 EA 0B FF E2 8B 95 CB 2C 40 00 8B 42 3C 03 C2 89 85 D5 2C 40 00 41 C1 E1 07 8B 0C 01 03 CA 8B 59 10 03 DA 8B 1B 89 9D E9 2C 40 00 53 8F 85 B6 2B 40 00 BB xx 00 00 00 B9 75 0A 00 00 8D BD 7E 2D 40 00 4F 30 1C 39 FE CB E2 F9 68 3C 01 00 00 59 8D BD B6 36 40 00 C0 0C 39 02 E2 FA E8 02 00 00 00 FF 15 5A 8D 85 1F 53 56 00 BB 54 13 0B 00 D1 E3 2B C3 FF E0 E8 01 00 00 00 68 E8 1A 00 00 00 8D 34 28 B9 08 00 00 00 B8 xx xx xx xx 2B C9 83 C9 15 0F A3 C8 0F 83 81 00 00 00 8D B4 0D DC 2C 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin v0.3 -> Cyberbob (h)</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 B7 CD 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF E8 01 00 00 00 EA 5A 83 EA 0B FF E2 8B 95 CB 2C 40 00 8B 42 3C 03 C2 89 85 D5 2C 40 00 41 C1 E1 07 8B 0C 01 03 CA 8B 59 10 03 DA 8B 1B 89 9D E9 2C 40 00 53 8F 85 B6 2B 40 00 BB xx 00 00 00 B9 75 0A 00 00 8D BD 7E 2D 40 00 4F 30 1C 39 FE CB E2 F9 68 3C 01 00 00 59 8D BD B6 36 40 00 C0 0C 39 02 E2 FA E8 02 00 00 00 FF 15 5A 8D 85 1F 53 56 00 BB 54 13 0B 00 D1 E3 2B C3 FF E0 E8 01 00 00 00 68 E8 1A 00 00 00 8D 34 28 B9 08 00 00 00 B8 xx xx xx xx 2B C9 83 C9 15 0F A3 C8 0F 83 81 00 00 00 8D B4 0D DC 2C 40 00 8B D6 B9 10 00 00 00 AC 84 C0 74 06 C0 4E FF 03 E2 F5 E8 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin v0.7 -> Cyberbob (h)</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 83 D5 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF E8 01 00 00 00 EA 5A 83 EA 0B FF E2 EB 04 9A EB 04 00 EB FB FF 8B 95 88 39 40 00 8B 42 3C 03 C2 89 85 92 39 40 00 EB 01 DB 41 C1 E1 07 8B 0C 01 03 CA E8 03 00 00 00 EB 04 9A EB FB 00 83 04 24 0C C3 3B 8B 59 10 03 DA 8B 1B 89 9D A6 39 40 00 53 8F 85 4A 38 40 00 BB xx 00 00 00 B9 EC 0A 00 00 8D BD 36 3A 40 00 4F EB 01 AB 30 1C 39 FE CB E2 F9 EB 01 C8 68 CB 00 00 00 59 8D BD 56 44 40 00 E8 03 00 00 00 EB 04 FA EB FB 68 83 04 24 0C C3 8D C0 0C 39 02 E2 FA E8 02 00 00 00 FF 15 5A 8D 85 B3 5F 56 00 BB 54 13 0B 00 D1 E3 2B C3 FF E0 E8 01 00 00 00 68 E8 1A 00 00 00 8D 34 28 B9 08 00 00 00 B8 xx xx xx xx 2B C9 83 C9 15 0F A3 C8 0F 83 81 00 00 00 8D B4 0D 99 39 40 00 8B D6 B9 10 00 00 00 AC 84 C0 74 06 C0 4E FF 03 E2 F5 E8 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin v0.7 -> Cyberbob</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 83 D5 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF E8 01 00 00 00 EA 5A 83 EA 0B FF E2 EB 04 9A EB 04 00 EB FB FF 8B 95 88 39 40 00 8B 42 3C 03 C2 89 85 92 39 40 00 EB 01 DB 41 C1 E1 07 8B 0C 01 03 CA E8 03 00 00 00 EB 04 9A EB FB 00 83 04 24 0C C3 3B 8B 59 10 03 DA 8B 1B 89 9D A6 39 40 00 53 8F 85 4A 38 40 00 BB xx 00 00 00 B9 EC 0A 00 00 8D BD 36 3A 40 00 4F EB 01 AB 30 1C 39 FE CB E2 F9 EB 01 C8 68 CB 00 00 00 59 8D BD 56 44 40 00 E8 03 00 00 00 EB 04 FA EB FB 68 83 04 24 0C C3 8D C0 0C 39 02 E2 FA E8 02 00 00 00 FF 15 5A 8D 85 B3 5F 56 00 BB 54 13 0B 00 D1 E3 2B C3 FF E0 E8 01 00 00 00 68 E8 1A 00 00 00 8D 34 28 B9 08 00 00 00 B8 xx xx xx xx 2B C9 83 C9 15 0F A3 C8 0F 83 81 00 00 00 8D B4 0D 99 39 40 00 8B D6 B9 10 00 00 00 AC 84 C0 74 06 C0 4E FF 03 E2 F5 E8 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin V0.71 -> cyberbob</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 83 D5 46 00 0B E4 74 9E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin v1.0 -> Cyberbob (h)</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 C8 DC 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF E8 01 00 00 00 EA 5A 83 EA 0B FF E2 EB 04 9A EB 04 00 EB FB FF 8B 95 D2 42 40 00 8B 42 3C 03 C2 89 85 DC 42 40 00 EB 02 12 77 F9 72 08 73 0E F9 83 04 24 17 C3 E8 04 00 00 00 0F F5 73 11 EB 06 9A 72 ED 1F EB 07 F5 72 0E F5 72 F8 68 EB EC 83 04 24 07 F5 FF 34 24 C3 41 C1 E1 07 8B 0C 01 03 CA E8 03 00 00 00 EB 04 9A EB FB 00 83 04 24 0C C3 3B 8B 59 10 03 DA 8B 1B 89 9D F0 42 40 00 53 8F 85 94 41 40 00 BB xx 00 00 00 B9 8C 0B 00 00 8D BD 80 43 40 00 4F EB 01 AB 30 1C 39 FE CB E2 F9 EB 01 C8 68 CB 00 00 00 59 8D BD 40 4E 40 00 E8 03 00 00 00 EB 04 FA EB FB 68 83 04 24 0C C3 8D C0 0C 39 02 E2 FA E8 02 00 00 00 FF 15 5A 8D 85 FD 68 56 00 BB 54 13 0B 00 D1 E3 2B C3 FF E0 E8 01 00 00 00 68 E8 1A 00 00 00 8D 34 28 B9 08 00 00 00 B8 xx xx xx xx 2B C9 83 C9 15 0F A3 C8 0F 83 81 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin v1.1 -> Cyberbob (h)</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 7D DE 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF E8 01 00 00 00 EA 5A 83 EA 0B FF E2 EB 04 9A EB 04 00 EB FB FF 8B 95 C3 4B 40 00 8B 42 3C 03 C2 89 85 CD 4B 40 00 EB 02 12 77 F9 72 08 73 0E F9 83 04 24 17 C3 E8 04 00 00 00 0F F5 73 11 EB 06 9A 72 ED 1F EB 07 F5 72 0E F5 72 F8 68 EB EC 83 04 24 07 F5 FF 34 24 C3 41 C1 E1 07 8B 0C 01 03 CA E8 03 00 00 00 EB 04 9A EB FB 00 83 04 24 0C C3 3B 8B 59 10 03 DA 8B 1B 89 9D E1 4B 40 00 53 8F 85 D7 49 40 00 BB xx 00 00 00 B9 FE 11 00 00 8D BD 71 4C 40 00 4F EB 07 FA EB 01 FF EB 04 E3 EB F8 69 30 1C 39 FE CB 49 9C C1 2C 24 06 F7 14 24 83 24 24 01 50 52 B8 83 B2 DC 12 05 44 4D 23 ED F7 64 24 08 8D 84 28 BD 2D 40 00 89 44 24 08 5A 58 8D 64 24 04 FF 64 24 FC FF EA EB 01 C8 E8 01 00 00 00 68 58 FE 48 1F 0F 84 94 02 00 00 75 01 9A 81 70 03 E8 98 68 EA 83 C0 21 8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin v1.1 -> Cyberbob (h)</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 7D DE 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF E8 01 00 00 00 EA 5A 83 EA 0B FF E2 EB 04 9A EB 04 00 EB FB FF 8B 95 C3 4B 40 00 8B 42 3C 03 C2 89 85 CD 4B 40 00 EB 02 12 77 F9 72 08 73 0E F9 83 04 24 17 C3 E8 04 00 00 00 0F F5 73 11 EB 06 9A 72 ED 1F EB 07 F5 72 0E F5 72 F8 68 EB EC 83 04 24 07 F5 FF 34 24 C3 41 C1 E1 07 8B 0C 01 03 CA E8 03 00 00 00 EB 04 9A EB FB 00 83 04 24 0C C3 3B 8B 59 10 03 DA 8B 1B 89 9D E1 4B 40 00 53 8F 85 D7 49 40 00 BB xx 00 00 00 B9 FE 11 00 00 8D BD 71 4C 40 00 4F EB 07 FA EB 01 FF EB 04 E3 EB F8 69 30 1C 39 FE CB 49 9C C1 2C 24 06 F7 14 24 83 24 24 01 50 52 B8 83 B2 DC 12 05 44 4D 23 ED F7 64 24 08 8D 84 28 BD 2D 40 00 89 44 24 08 5A 58 8D 64 24 04 FF 64 24 FC FF EA EB 01 C8 E8 01 00 00 00 68 58 FE 48 1F 0F 84 94 02 00 00 75 01 9A 81 70 03 E8 98 68 EA 83 C0 21 80 40 FB EB A2 40 02 00 E0 91 32 68 CB 00 00 00 59 8D BD A3 5D 40 00 E8 03 00 00 00 EB 04 FA EB FB 68 83 04 24 0C C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin V1.1 -> cyberbob</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 7D DE 46 00 0B E4 74 9E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin v1.1 by cyberbob</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 7D DE 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF E8 01 00 00 00 EA 5A 83 EA 0B FF E2 EB 04 9A EB 04 00 EB FB FF 8B 95 C3 4B 40 00 8B 42 3C 03 C2 89 85 CD 4B 40 00 EB 02 12 77 F9 72 08 73 0E F9 83 04 24 17 C3 E8 04 00 00 00 0F F5 73 11 EB 06 9A 72 ED 1F EB 07 F5 72 0E F5 72 F8 68 EB EC 83 04 24 07 F5 FF 34 24 C3 41 C1 E1 07 8B 0C 01 03 CA E8 03 00 00 00 EB 04 9A EB FB 00 83 04 24 0C C3 3B 8B 59 10 03 DA 8B 1B 89 9D E1 4B 40 00 53 8F 85 D7 49 40 00 BB xx 00 00 00 B9 FE 11 00 00 8D BD 71 4C 40 00 4F EB 07 FA EB 01 FF EB 04 E3 EB F8 69 30 1C 39 FE CB 49 9C
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESPin v1.3 -> Cyberbob (h)</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 AC DF 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF E8 01 00 00 00 EA 5A 83 EA 0B FF E2 EB 04 9A EB 04 00 EB FB FF 8B 95 0D 4F 40 00 8B 42 3C 03 C2 89 85 17 4F 40 00 EB 02 12 77 F9 72 08 73 0E F9 83 04 24 17 C3 E8 04 00 00 00 0F F5 73 11 EB 06 9A 72 ED 1F EB 07 F5 72 0E F5 72 F8 68 EB EC 83 04 24 07 F5 FF 34 24 C3 41 C1 E1 07 8B 0C 01 03 CA E8 03 00 00 00 EB 04 9A EB FB 00 83 04 24 0C C3 3B 8B 59 10 03 DA 8B 1B 89 9D 2B 4F 40 00 53 8F 85 21 4D 40 00 EB 07 FA EB 01 FF EB 04 E3 EB F8 69 8B 59 38 03 DA 8B 3B 89 BD D0 4F 40 00 8D 5B 04 8B 1B 89 9D D5 4F 40 00 E8 00 00 00 00 58 01 68 05 68 F7 65 0F E2 B8 77 CE 2F B1 35 73 CE 2F B1 03 E0 F7 D8 81 2C 04 13 37 CF E1 FF 64 24 FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin v1.304 -> Cyberbob (h)</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 88 DF 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF E8 01 00 00 00 EA 5A 83 EA 0B FF E2 EB 04 9A EB 04 00 EB FB FF 8B 95 CD 4E 40 00 8B 42 3C 03 C2 89 85 D7 4E 40 00 EB 02 12 77 F9 72 08 73 0E F9 83 04 24 17 C3 E8 04 00 00 00 0F F5 73 11 EB 06 9A 72 ED 1F EB 07 F5 72 0E F5 72 F8 68 EB EC 83 04 24 07 F5 FF 34 24 C3 41 C1 E1 07 8B 0C 01 03 CA E8 03 00 00 00 EB 04 9A EB FB 00 83 04 24 0C C3 3B 8B 59 10 03 DA 8B 1B 89 9D EB 4E 40 00 53 8F 85 E1 4C 40 00 EB 07 FA EB 01 FF EB 04 E3 EB F8 69 8B 59 38 03 DA 8B 3B 89 BD 90 4F 40 00 8D 5B 04 8B 1B 89 9D 95 4F 40 00 E8 00 00 00 00 58 01 68 05 68 D3 65 0F E2 B8 77 CE 2F B1 35 73 CE 2F B1 03 E0 F7 D8 81 2C 04 13 37 CF E1 FF 64 24 FC FF 25 10 BB xx 00 00 00 B9 84 12 00 00 8D BD C6 4F 40 00 4F EB 07 FA EB 01 FF EB 04 E3 EB F8 69 30 1C 39 FE CB 49 9C EB 04 01 EB 0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin v1.304 -> Cyberbob (h)</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 88 DF 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF E8 01 00 00 00 EA 5A 83 EA 0B FF E2 EB 04 9A EB 04 00 EB FB FF 8B 95 CD 4E 40 00 8B 42 3C 03 C2 89 85 D7 4E 40 00 EB 02 12 77 F9 72 08 73 0E F9 83 04 24 17 C3 E8 04 00 00 00 0F F5 73 11 EB 06 9A 72 ED 1F EB 07 F5 72 0E F5 72 F8 68 EB EC 83 04 24 07 F5 FF 34 24 C3 41 C1 E1 07 8B 0C 01 03 CA E8 03 00 00 00 EB 04 9A EB FB 00 83 04 24 0C C3 3B 8B 59 10 03 DA 8B 1B 89 9D EB 4E 40 00 53 8F 85 E1 4C 40 00 EB 07 FA EB 01 FF EB 04 E3 EB F8 69 8B 59 38 03 DA 8B 3B 89 BD 90 4F 40 00 8D 5B 04 8B 1B 89 9D 95 4F 40 00 E8 00 00 00 00 58 01 68 05 68 D3 65 0F E2 B8 77 CE 2F B1 35 73 CE 2F B1 03 E0 F7 D8 81 2C 04 13 37 CF E1 FF 64 24 FC FF 25 10 BB xx 00 00 00 B9 84 12 00 00 8D BD C6 4F 40 00 4F EB 07 FA EB 01 FF EB 04 E3 EB F8 69 30 1C 39 FE CB 49 9C EB 04 01 EB 04 CD EB FB 2B C1 2C 24 06 F7 14 24 83 24 24 01 50 52 B8 79 B2 DC 12 05 44 4D 23 ED F7 64 24 08 8D 84 28 20 2F 40 00 89 44 24 08 5A 58 8D 64 24 04 FF 64 24 FC FF EA EB EB 01 C8 E8 01 00 00 00 68 58 FE 48 1F 0F 84 94 02 00 00 75 01 9A 81 70 03 E8 98 68 EA 83 C0 21 80 40 FB EB A2 40 02 00 E0 91 32 68 CB 00 00 00 59 8D BD 7E 61 40 00 E8 03 00 00 00 EB 04 FA EB FB 68 83 04 24 0C C3 8D C0 0C 39 02 49 9C E8 03 00 00 00 EB 04 8D EB FB FF 83 04 24 0C C3 A3 C1 2C 24 06 F7 14 24 83 24 24 01 50 52 B8 61 B2 DC 12 05 44 4D 23 ED F7 64 24 08 8D 84 28 B2 2F 40 00 89 44 24 08 5A 58 8D 64 24 04 FF 64 24 FC 9A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin v1.304 -> Cyberbob (h)</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 88 DF 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF E8 01 00 00 00 EA 5A 83 EA 0B FF E2 EB 04 9A EB 04 00 EB FB FF 8B 95 CD 4E 40 00 8B 42 3C 03 C2 89 85 D7 4E 40 00 EB 02 12 77 F9 72 08 73 0E F9 83 04 24 17 C3 E8 04 00 00 00 0F F5 73 11 EB 06 9A 72 ED 1F EB 07 F5 72 0E F5 72 F8 68 EB EC 83 04 24 07 F5 FF 34 24 C3 41 C1 E1 07 8B 0C 01 03 CA E8 03 00 00 00 EB 04 9A EB FB 00 83 04 24 0C C3 3B 8B 59 10 03 DA 8B 1B 89 9D EB 4E 40 00 53 8F 85 E1 4C 40 00 EB 07 FA EB 01 FF EB 04 E3 EB F8 69 8B 59 38 03 DA 8B 3B 89 BD 90 4F 40 00 8D 5B 04 8B 1B 89 9D 95 4F 40 00 E8 00 00 00 00 58 01 68 05 68 D3 65 0F E2 B8 77 CE 2F B1 35 73 CE 2F B1 03 E0 F7 D8 81 2C 04 13 37 CF E1 FF 64 24 FC FF 25 10 BB xx 00 00 00 B9 84 12 00 00 8D BD C6 4F 40 00 4F EB 07 FA EB 01 FF EB 04 E3 EB F8 69 30 1C 39 FE CB 49 9C EB 04 01 EB 0E P_ ON LY = T RU E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin v1.304 -> Cyberbob</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 88 DF 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PESpin v1.3beta -> Cyberbob (h)</text>
-      <pattern>
-        EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 71 DF 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF E8 01 00 00 00 EA 5A 83 EA 0B FF E2 EB 04 9A EB 04 00 EB FB FF 8B 95 xx 4E 40 00 8B 42 3C 03 C2 89 85 xx 4E 40 00 EB 02 12 77 F9 72 08 73 0E F9 83 04 24 17 C3 E8 04 00 00 00 0F F5 73 11 EB 06 9A 72 ED 1F EB 07 F5 72 0E F5 72 F8 68 EB EC 83 04 24 07 F5 FF 34 24 C3 41 C1 E1 07 8B 0C 01 03 CA E8 03 00 00 00 EB 04 9A EB FB 00 83 04 24 0C C3 3B 8B 59 10 03 DA 8B 1B 89 9D xx 4E 40 00 53 8F 85 xx 4C 40 00 EB 07 FA EB 01 FF EB 04 E3 EB F8 69 8B 59 38 03 DA 8B 3B 89 BD xx 4F 40 00 8D 5B 04 8B 1B 89 9D xx 4F 40 00 E8 00 00 00 00 58 01 68 05 68 BC 65 0F E2 B8 77 CE 2F B1 35 73 CE 2F B1 03 E0 F7 D8 81 2C 04 13 37 CF E1 FF 64 24 FC FF 25 10 BB xx 00 00 00 B9 84 12 00 00 8D BD xx 4F 40 00 4F EB 07 FA EB 01 FF EB 04 E3 EB F8 69 30 1C 39 FE CB 49 9C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEStubOEP v1.x</text>
-      <pattern>
-        40 48 BE 00 xx xx 00 40 48 60 33 C0 B8 xx xx xx 00 FF E0 C3 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PeStubOEP v1.x</text>
-      <pattern>
-        90 33 C9 33 D2 B8 xx xx xx 00 B9 FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PeStubOEP v1.x</text>
-      <pattern>
-        E8 05 00 00 00 33 C0 40 48 C3 E8 05
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Petite 1.2 -> (c)1998 Ian Luck (h)</text>
-      <pattern>
-        66 9C 60 E8 CA 00 00 00 03 00 04 00 05 00 06 00 07 00 08 00 09 00 0A 00 0B 00 0D 00 0F 00 11 00 13 00 17 00 1B 00 1F 00 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 83 00 A3 00 C3 00 E3 00 02 01 00 00 00 00 00 00 00 00 00 00 00 00 01 01 01 01 02 02 02 02 03 03 03 03 04 04 04 04 05 05 05 05 00 70 70 01 00 02 00 03 00 04 00 05 00 07 00 09 00 0D 00 11 00 19 00 21 00 31 00 41 00 61 00 81 00 C1 00 01 01 81 01 01 02 01 03 01 04 01 06 01 08 01 0C 01 10 01 18 01 20 01 30 01 40 01 60 00 00 00 00 01 01 02 02 03 03 04 04 05 05 06 06 07 07 08 08 09 09 0A 0A 0B 0B 0C 0C 0D 0D 10 11 12 00 08 07 09 06 0A 05 0B 04 0C 03 0D 02 0E 01 0F 58 2C 08 50 8B C8 8B D0 81 C1 xx D2 00 00 81 C2 xx xx 00 00 89 20 8B E1 50 81 2C 24 00 xx xx xx FF 30 50 80 04 24
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Petite 1.2 -> (c)1998 Ian Luck</text>
-      <pattern>
-        66 9C 60 E8 CA 00 00 00 03 00 04 00 05 00 06 00 07 00 08 00 09 00 0A 00 0B 00 0D 00 0F 00 11 00 13 00 17 00 1B 00 1F 00 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 83 00 A3 00 C3 00 E3 00 02 01 00 00 00 00 00 00 00 00 00 00 00 00 01 01 01 01 02 02 02
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Petite 1.2</text>
-      <pattern>
-        66 9C 60 E8 CA 00 00 00 03 00 04 00 05 00 06 00 07 00 08 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Petite 1.3 -> (c)1998 Ian Luck (h)</text>
-      <pattern>
-        xx xx xx xx xx xx 9C 60 50 8D 88 00 xx xx xx 8D 90 xx xx 00 00 8B DC 8B E1 68 00 00 xx xx 53 50 80 04 24 08 50 80 04 24 42 50 80 04 24 61 50 80 04 24 9D 50 80 04 24 BB 83 3A 00 0F 84 DA 14 00 00 8B 44 24 18 F6 42 03 80 74 19 FD 80 72 03 80 8B F0 8B F8 03 72 04 03 7A 08 8B 0A F3 A5 83 C2 0C FC EB D4 8B 7A 08 03 F8 8B 5A 04 85 DB 74 13 52 53 57 03 02 50 E8 7B 00 00 00 85 C0 74 2E 5F 5F 58 5A 8B 4A 0C C1 F9 02 F3 AB 8B 4A 0C 83 E1 03 F3 AA 83 C2 10 EB A0 45 52 52 4F 52 21 00 43 6F 72 72 75 70 74 20 44 61 74 61 21 00 8B 64 24 24 8B 04 24 83 C4 26 8B D0 66 81 C2 6D 01 6A 10 8B D8 66 05 66 01 50 52 6A 00 8B 13 FF 14 1A 6A FF FF 93 xx xx 00 00 56 57 8B 7C 24 0C 8B 74 24 10 8B 4C 24 14 C1 F9 02 F3 A5 8B 4C 24 14 83 E1 03 F3 A4 5F 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Petite 1.3 -> (c)1998 Ian Luck</text>
-      <pattern>
-        xx xx xx xx xx xx 9C 60 50 8D 88 00 xx xx xx 8D 90 xx xx 00 00 8B DC 8B E1 68 00 00 xx xx 53 50 80 04 24 08 50 80 04 24 42 50 80 04 24 61 50 80 04 24 9D 50 80 04 24 BB 83 3A 00 0F 84 DA 14 00 00 8B 44 24 18 F6 42 03 80 74 19 FD 80 72 03 80 8B F0 8B F8 03
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Petite 1.3</text>
-      <pattern>
-        66 9C 60 50 8D 88 00 F0 00 00 8D 90 04 16 00 00 8B DC 8B E1
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Petite 1.4 -> (c)1998-99 Ian Luck (h)</text>
-      <pattern>
-        xx xx xx xx xx 66 9C 60 50 8B D8 03 00 68 54 BC 00 00 6A 00 FF 50 14 8B CC 8D A0 54 BC 00 00 50 8B C3 8D 90 xx 16 00 00 68 00 00 xx xx 51 50 80 04 24 08 50 80 04 24 42 50 80 04 24 61 50 80 04 24 9D 50 80 04 24 BB 83 3A 00 0F 84 D8 14 00 00 8B 44 24 18 F6 42 03 80 74 19 FD 80 72 03 80 8B F0 8B F8 03 72 04 03 7A 08 8B 0A F3 A5 83 C2 0C FC EB D4 8B 7A 08 03 F8 8B 5A 04 85 DB 74 13 52 53 57 03 02 50 E8 79 00 00 00 85 C0 74 30 5F 5F 58 5A 8B 4A 0C C1 F9 02 33 C0 F3 AB 8B 4A 0C 83 E1 03 F3 AA 83 C2 10 EB 9E 45 52 52 4F 52 21 00 43 6F 72 72 75 70 74 20 44 61 74 61 21 00 8B 64 24 24 8B 04 24 83 C4 26 8B D0 66 81 C2 7E 01 6A 10 8B D8 66 05 77 01 50 52 6A 00 03 1B FF 13 6A FF FF 53 08 56 57 8B 7C 24 0C 8B 74 24 10 8B 4C 24 14 C1 F9 02 F3 A5 8B 4C 24 14 83 E1 03 F3 A4 5F 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Petite 1.4 -> (c)1998-99 Ian Luck</text>
-      <pattern>
-        xx xx xx xx xx 66 9C 60 50 8B D8 03 00 68 54 BC 00 00 6A 00 FF 50 14 8B CC 8D A0 54 BC 00 00 50 8B C3 8D 90 xx 16 00 00 68 00 00 xx xx 51 50 80 04 24 08 50 80 04 24 42 50 80 04 24 61 50 80 04 24 9D 50 80 04 24 BB 83 3A 00 0F 84 D8 14 00 00 8B 44 24 18 F6
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Petite 1.4</text>
-      <pattern>
-        66 9C 60 50 8B D8 03 00 68 54 BC 00 00 6A 00 FF 50 14 8B CC
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Petite 2.1</text>
-      <pattern>
-        64 FF 35 00 00 00 00 64 89 25 00 00 00 00 66 9C 60 50 8B D8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Petite 2.2 -> (c)1998-99 Ian Luck (h)</text>
-      <pattern>
-        xx xx xx xx xx 68 xx xx xx xx 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 66 9C 60 50 68 00 00 xx xx 8B 3C 24 8B 30 66 81 C7 80 07 8D 74 06 08 89 38 8B 5E 10 50 56 6A 02 68 80 08 00 00 57 6A xx 6A 06 56 6A 04 68 80 08 00 00 57 FF D3 83 EE 08 59 F3 A5 59 66 83 C7 68 81 C6 xx xx 00 00 F3 A5 FF D3 58 8D 90 B8 01 00 00 8B 0A 0F BA F1 1F 73 16 8B 04 24 FD 8B F0 8B F8 03 72 04 03 7A 08 F3 A5 83 C2 0C FC EB E2 83 C2 10 8B 5A F4 85 DB 74 D8 8B 04 24 8B 7A F8 03 F8 52 8D 34 01 EB 17 58 58 58 5A 74 C4 E9 1C FF FF FF 02 D2 75 07 8A 16 83 EE FF 12 D2 C3 81 FB 00 00 01 00 73 0E 68 60 C0 FF FF 68 60 FC FF FF B6 05 EB 22 81 FB 00 00 04 00 73 0E 68 80 81 FF FF 68 80 F9 FF FF B6 07 EB 0C 68 00 83 FF FF 68 00 FB FF FF B6 08 6A 00 32 D2 4B A4 33 C9 83 FB 00 7E A4 E8 AA FF FF FF 72 17 A4 30 5F FF 4B EB ED 41 E8 9B FF FF FF 13 C9 E8 94 FF FF FF 72 F2 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Petite 2.2 -> (c)1998-99 Ian Luck</text>
-      <pattern>
-        xx xx xx xx xx 68 xx xx xx xx 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 66 9C 60 50 68 00 00 xx xx 8B 3C 24 8B 30 66 81 C7 80 07 8D 74 06 08 89 38 8B 5E 10 50 56 6A 02 68 80 08 00 00 57 6A xx 6A 06 56 6A 04 68 80 08 00 00 57 FF D3 83 EE 08 59 F3 A5 59 66
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEtite v1.2</text>
-      <pattern>
-        9C 60 E8 CA xx xx xx 03 xx 04 xx 05 xx 06 xx 07 xx 08
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEtite v1.3</text>
-      <pattern>
-        xx xx xx xx xx 66 9C 60 50 8D 88 xx F0 xx xx 8D 90 04 16 xx xx 8B DC 8B E1 68 xx xx xx xx 53 50 80 04 24 08 50 80 04 24 42
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEtite v1.4</text>
-      <pattern>
-        66 9C 60 50 8B D8 03 xx 68 54 BC xx xx 6A xx FF 50 14 8B CC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEtite v1.4</text>
-      <pattern>
-        xx xx xx xx xx 66 9C 60 50 8B D8 03 00 68 54 BC 00 00 6A 00 FF 50 14 8B CC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Petite v1.4</text>
-      <pattern>
-        B8 xx xx xx xx 66 9C 60 50 8B D8 03 00 68 xx xx xx xx 6A 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEtite v2.0</text>
-      <pattern>
-        B8 xx xx xx xx 66 9C 60 50 8B D8 03 xx 68 54 BC xx xx 6A xx FF 50 18 8B CC 8D A0 54 BC xx xx 8B C3 8D 90 E0 15 xx xx 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Petite v2.1 (1)</text>
-      <pattern>
-        B8 xx xx xx xx 68 xx xx xx xx 64 xx xx xx xx xx xx 64 xx xx xx xx xx xx 66 9C 60 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Petite v2.1 (2)</text>
-      <pattern>
-        B8 xx xx xx xx 6A 00 68 xx xx xx xx 64 xx xx xx xx xx xx 64 xx xx xx xx xx xx 66 9C 60 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEtite v2.1</text>
-      <pattern>
-        B8 xx xx xx xx 6A xx 68 xx xx xx xx 64 FF 35 xx xx xx xx 64 89 25 xx xx xx xx 66 9C 60 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Petite v2.2 -> www.un4seen.com/petite</text>
-      <pattern>
-        B8 00 ?0 4? 00 6? 00 xx xx 0? xx xx xx xx xx 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Petite v2.2 -> www.un4seen.com/petite</text>
-      <pattern>
-        B8 00 xx xx 00 xx 00 xx xx xx xx xx xx xx xx 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEtite v2.2 -> www.un4seen.com/petite</text>
-      <pattern>
-        B8 xx xx xx xx 68 xx xx xx xx 64 FF 35 xx xx xx xx 64 89 25 xx xx xx xx 66 9C 60 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Petite v?.? (after v1.4)</text>
-      <pattern>
-        B8 xx xx xx xx 66 9C 60 50 8D xx xx xx xx xx 68 xx xx xx xx 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEtite vx.x</text>
-      <pattern>
-        B8 xx xx xx xx 66 9C 60 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PeX 0.99 (Eng) -> bart/CrackPl</text>
-      <pattern>
-        E9 F5 00 00 00 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PeX 0.99 -> bart^CrackPl</text>
-      <pattern>
-        E9 F5 xx xx xx 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PeX v0.99 (Eng) -> bart/CrackPl</text>
-      <pattern>
-        E9 F5 00 00 00 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 0D 0A 20 50 65 58 20 28 63 29 20 62 79 20 62 61 72 74 5E 43 72 61 63 6B 50 6C 20 62 65 74 61 20 72 65 6C 65 61 73 65 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 0D 0A 60 E8 01 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>pex V0.99 -> params</text>
-      <pattern>
-        E9 F5 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEX v0.99</text>
-      <pattern>
-        60 E8 01 xx xx xx xx 83 C4 04 E8 01 xx xx xx xx 5D 81
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEZip 1.0 by BaGIE</text>
-      <pattern>
-        D9 D0 F8 74 02 23 DB F5 F5 50 51 52 53 8D 44 24 10 50 55 56 57 D9 D0 22 C9 C1 F7 A0 55 66 C1 C8 B0 5D 81 E6 FF FF FF FF F8 77 07 52 76 03 72 01 90 5A C1 E0 60 90 BD 1F 01 00 00 87 E8 E2 07 E3 05 17 5D 47 E4 42 41 7F 06 50 66 83 EE 00 58 25 FF FF FF FF 51
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PEZip v1.0 by BaGIE</text>
-      <pattern>
-        D9 D0 F8 74 02 23 DB F5 F5 50 51 52 53 8D 44 24 10 50 55 56 57 D9 D0 22 C9 C1 F7 A0 55 66 C1 C8 B0 5D 81 E6 FF FF FF FF F8 77 07 52 76 03 72 01 90 5A C1 E0 60 90 BD 1F 01 00 00 87 E8 E2 07 E3 05 17 5D 47 E4 42 41 7F 06 50 66 83 EE 00 58 25 FF FF FF FF 51 0F B6 C9 66 83 F6 00 3D CB 60 47 92 50 40 58 FC E2 EE 59 F8 7C 08 53 74 04 78 02 84 C9 5B 66 0B ED F8 F5 BA 9F FA FF FF 52 57 77 04 78 02 84 E4 5F 5A 50 80 EF 00 58 50 81 E0 FF FF FF FF 58 3C EF FC 7A 05 3D DF DA AC D1 05 00 00 00 00 73 05 71 03 7E 01 90 EB 02 EB 05 E8 F9 FF FF FF 83 C0 00 7B 06 53 66 BB 74 EF 5B F8 8B 3C 24 83 C4 04 51 0F B6 C9 66 C1 C7 30 0B D2 53 66 83 FD F6 5B 55 6A 97 83 C4 04 5D E2 E8 59 53 55 51 66 83 E9 00 59 5D 5B F8 01 FA 22 C9 7A 02 8D 3F 79 08 71 06 52 66 A9 6E E3 5A 51 0F B6
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PGMPACK v0.13</text>
-      <pattern>
-        FA 1E 17 50 B4 30 CD 21 3C 02 73 xx B4 4C CD 21 FC BE xx xx BF xx xx E8 xx xx E8 xx xx BB xx xx BA xx xx 8A C3 8B F3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PGMPACK v0.14</text>
-      <pattern>
-        1E 17 50 B4 30 CD 21 3C 02 73 xx B4 4C CD 21 FC BE xx xx BF xx xx E8 xx xx E8 xx xx BB xx xx BA xx xx 8A C3 8B F3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Phoenix Protector v1.0/v1.1 -> NTCore.com</text>
-      <pattern>
-        02 6F xx xx xx 0A 0A 06 8D xx xx xx 01 0B 16 0C 38 36 00 00 00 02 08 6F xx xx xx 0A 0D 09 06 08 59 61 D2 13 04 09 1E 63 08 61 D2 13 05 07 08 11 05 1E 62 11 04 60 D1 9D 08 17 58 0C 08 07 8E 69 38 0B 00 00 00 28 xx xx xx 0A 2A 38 EC FF FF FF 3F C0 FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Phonebook configuration file Version %v3.%v4</text>
-      <pattern>
-        50 68 6F 6E 65 62 6F 6F 6B xx xx xx xx xx xx xx xx xx xx xx xx xx 63 6F
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Phonebook configuration file Version %v3.%v4</text>
-      <pattern>
-        50 68 6F 6E 65 62 6F 6F 6B xx xx xx xx xx xx xx xx xx V3 xx V4 xx 63 6F
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pi Cryptor 1.0 - by Scofield</text>
-      <pattern>
-        55 8B EC 83 C4 EC 53 56 57 31 C0 89 45 EC B8 40 1E 06 00 E8 48 FA FF FF 33 C0 55 68 36 1F 06 00 64 FF 30 64 89 20 6A 00 68 80 00 00 00 6A 03 6A 00 6A 01 68 00 00 00 80 8D 55 EC 31 C0 E8 4E F4 FF FF 8B 45 EC E8 F6 F7 FF FF 50 E8 CC FA FF FF 8B D8 83 FB FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pi Cryptor 1.0 - by Scofield</text>
-      <pattern>
-        55 8B EC 83 C4 EC 53 56 57 31 C0 89 45 EC B8 40 1E 06 00 E8 48 FA FF FF 33 C0 55 68 36 1F 06 00 64 FF 30 64 89 20 6A 00 68 80 00 00 00 6A 03 6A 00 6A 01 68 00 00 00 80 8D 55 EC 31 C0 E8 4E F4 FF FF 8B 45 EC E8 F6 F7 FF FF 50 E8 CC FA FF FF 8B D8 83 FB FF 74 4E 6A 00 53 E8 CD FA FF FF 8B F8 81 EF AC 26 00 00 6A 00 6A 00 68 AC 26 00 00 53 E8 DE FA FF FF 89 F8 E8 E3 F1 FF FF 89 C6 6A 00 68 28 31 06 00 57 56 53 E8 AE FA FF FF 53 E8 80 FA FF FF 89 FA 81 EA 72 01 00 00 8B C6 E8 55 FE FF FF 89 C6 89 F0 09 C0 74 05 E8 A8 FB FF FF 31 C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pi Cryptor 1.0 - by Scofield</text>
-      <pattern>
-        55 8B EC 83 C4 EC 53 56 57 31 C0 89 45 EC B8 40 1E 06 00 E8 48 FA FF FF 33 C0 55 68 36 1F 06 00 64 FF 30 64 89 20 6A 00 68 80 00 00 00 6A 03 6A 00 6A 01 68 00 00 00 80 8D 55 EC 31 C0 E8 4E F4 FF FF 8B 45 EC E8 F6 F7 FF FF 50 E8 CC FA FF FF 8B D8 83 FB FF 74 4E 6A 00 53 E8 CD FA FF FF 8B F8 81 EF AC 26 00 00 6A 00 6A 00 68 AC 26 00 00 53 E8 DE FA FF FF 89 F8 E8 E3 F1 FF FF 89 C6 6A 00 68 28 31 06 00 57 56 53 E8 AE FA FF FF 53 E8 80 FA FF FF 89 FA 81 EA 72 01 00 00 8B C6 E8 55 FE FF FF 89 C6 89 F0 09 C0 74 05 E8 A8 FB FF FF 31 C0 5A 59 59 64 89 10 68 3D 1F 06 00 8D 45 EC E8 C3 F6 FF FF C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pi Cryptor 1.0 - by Scofield</text>
-      <pattern>
-        89 55 F8 BB 01 00 00 00 8A 04 1F 24 0F 8B 55 FC 8A 14 32 80 E2 0F 32 C2 8A 14 1F 80 E2 F0 02 D0 88 14 1F 46 8D 45 F4 8B 55 FC E8 xx xx xx xx 8B 45 F4 E8 xx xx xx xx 3B F0 7E 05 BE 01 00 00 00 43 FF 4D F8 75 C2 xx xx xx xx 5A 59 59 64 89 10 68 xx xx xx xx 8D 45 F4 E8 xx xx xx xx C3 E9
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PIRIT v1.5</text>
-      <pattern>
-        B4 4D CD 21 E8 xx xx FD E8 xx xx B4 51 CD 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PKLITE v1.00, v1.03</text>
-      <pattern>
-        B8 xx xx BA xx xx 8C DB 03 D8 3B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PKLITE v1.00c (1)</text>
-      <pattern>
-        2E 8C 1E xx xx 8B 1E xx xx 8C DA 81 C2 xx xx 3B DA 72 xx 81 EB xx xx 83 EB xx FA 8E D3 BC xx xx FB FD BE xx xx 8B FE
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PKLITE v1.00c (2)</text>
-      <pattern>
-        BA xx xx A1 xx xx 2D xx xx 8C CB 81 C3 xx xx 3B C3 77 xx 05 xx xx 3B C3 77 xx B4 09 BA xx xx CD 21 CD 20 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PKLITE v1.12, v1.15, v1.20 (1)</text>
-      <pattern>
-        B8 xx xx BA xx xx 05 xx xx 3B 06 xx xx 73 xx 2D xx xx FA 8E D0 FB 2D xx xx 8E C0 50 B9 xx xx 33 FF 57 BE xx xx FC F3 A5 CB B4 09 BA xx xx CD 21 CD 20
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PKLITE v1.12, v1.15, v1.20 (2)</text>
-      <pattern>
-        B8 xx xx BA xx xx 3B C4 73
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PKLITE v1.14, v1.15, v1.20 (3)</text>
-      <pattern>
-        B8 xx xx BA xx xx 05 xx xx 3B xx xx xx 72 xx B4 09 BA xx 01 CD 21 CD 20 4E 6F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PKLITE v1.14, v1.20</text>
-      <pattern>
-        B8 xx xx BA xx xx 05 xx xx 3B 06 xx xx 72 xx B4 09 BA xx xx CD 21 CD 20
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PKLITE v1.20</text>
-      <pattern>
-        B8 xx xx BA xx xx 05 xx xx 3B 06 xx xx 72 xx B4 09 BA xx xx CD 21 B4 4C CD 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PKLITE v1.50 (1)</text>
-      <pattern>
-        50 B8 xx xx BA xx xx 05 xx xx 3B 06 xx xx 72 xx B4 xx BA xx xx CD 21 B8 xx xx CD 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PKLITE v1.50 (Device driver compression)</text>
-      <pattern>
-        B4 09 BA 14 01 CD 21 B8 00 4C CD 21 F8 9C 50 53 51 52 56 57 55 1E 06 BB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PKLITE v2.00c</text>
-      <pattern>
-        50 B8 xx xx BA xx xx 3B C4 73 xx 8B C4 2D xx xx 25 xx xx 8B F8 B9 xx xx BE xx xx FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PKLITE32 1.1 -> PKWARE Inc.</text>
-      <pattern>
-        68 xx xx xx 00 68 xx xx xx 00 68 00 00 00 00 E8 xx xx xx xx E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PKLITE32 1.1</text>
-      <pattern>
-        50 4B 4C 49 54 45 33 32 20 43 6F 70 79 72 69 67 68 74 20 31
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PKLITE32 v1.1</text>
-      <pattern>
-        55 8B EC A1 xx xx xx xx 85 C0 74 09 B8 01 00 00 00 5D C2 0C 00 8B 45 0C 57 56 53 8B 5D 10
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PKLITE32 v1.1</text>
-      <pattern>
-        55 8B EC A1 xx xx xx xx 85 C0 74 09 B8 01 xx xx xx 5D C2 0C xx 8B 45 0C 57 56 53 8B 5D 10
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PKLITE32 v1.1</text>
-      <pattern>
-        68 xx xx xx xx 68 xx xx xx xx 68 00 00 00 00 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PKLITE32 v1.1</text>
-      <pattern>
-        68 xx xx xx xx 68 xx xx xx xx B8 xx xx xx xx 2B 44 24 0C 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pksmart 1.0b</text>
-      <pattern>
-        BA xx xx 8C C8 8B C8 03 C2 81 xx xx xx 51 B9 xx xx 51 1E 8C D3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PKTINY v1.0 with TINYPROG v3.8</text>
-      <pattern>
-        2E C6 06 xx xx xx 2E C6 06 xx xx xx 2E C6 06 xx xx xx E9 xx xx E8 xx xx 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PKZIP-SFX v1.1 1989-90</text>
-      <pattern>
-        FC 2E 8C 0E xx xx A1 xx xx 8C CB 81 C3 xx xx 3B C3 72 xx 2D xx xx 2D xx xx FA BC xx xx 8E D0 FB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PLINK86 1984, 1985</text>
-      <pattern>
-        FA 8C C7 8C D6 8B CC BA xx xx 8E C2 26
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PluginToExe v1.00 -> BoB / BobSoft</text>
-      <pattern>
-        E8 00 00 00 00 29 C0 5D 81 ED D1 40 40 00 50 FF 95 B8 40 40 00 89 85 09 40 40 00 FF 95 B4 40 40 00 89 85 11 40 40 00 50 FF 95 C0 40 40 00 8A 08 80 F9 22 75 07 50 FF 95 C4 40 40 00 89 85 0D 40 40 00 8B 9D 09 40 40 00 60 6A 00 6A 01 53 81 C3 xx xx xx 00 FF D3 61 6A 00 68 44 69 45 50 FF B5 0D 40 40 00 6A 00 81 C3 xx xx xx 00 FF D3 83 C4 10 FF 95 B0 40 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PluginToExe v1.01 -> BoB / BobSoft</text>
-      <pattern>
-        E8 00 00 00 00 29 C0 5D 81 ED C6 41 40 00 50 8F 85 71 40 40 00 50 FF 95 A5 41 40 00 89 85 6D 40 40 00 FF 95 A1 41 40 00 50 FF 95 B5 41 40 00 80 38 00 74 16 8A 08 80 F9 22 75 07 50 FF 95 B9 41 40 00 89 85 75 40 40 00 EB 6C 6A 01 8F 85 71 40 40 00 6A 58 6A 40 FF 95 A9 41 40 00 89 85 69 40 40 00 89 C7 68 00 08 00 00 6A 40 FF 95 A9 41 40 00 89 47 1C C7 07 58 00 00 00 C7 47 20 00 08 00 00 C7 47 18 01 00 00 00 C7 47 34 04 10 88 00 8D 8D B9 40 40 00 89 4F 0C 8D 8D DB 40 40 00 89 4F 30 FF B5 69 40 40 00 FF 95 95 41 40 00 FF 77 1C 8F 85 75 40 40 00 8B 9D 6D 40 40 00 60 6A 00 6A 01 53 81 C3 xx xx xx 00 FF D3 61 6A 00 68 44 69 45 50 FF B5 75 40 40 00 6A 00 81 C3 xx xx 00 00 FF D3 83 C4 10 83 BD 71 40 40 00 00 74 10 FF 77 1C FF 95 AD 41 40 00 57 FF 95 AD 41 40 00 6A 00 FF 95 9D 41 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PluginToExe v1.02 -> BoB / BobSoft</text>
-      <pattern>
-        E8 00 00 00 00 29 C0 5D 81 ED 32 42 40 00 50 8F 85 DD 40 40 00 50 FF 95 11 42 40 00 89 85 D9 40 40 00 FF 95 0D 42 40 00 50 FF 95 21 42 40 00 80 38 00 74 16 8A 08 80 F9 22 75 07 50 FF 95 25 42 40 00 89 85 E1 40 40 00 EB 6C 6A 01 8F 85 DD 40 40 00 6A 58 6A 40 FF 95 15 42 40 00 89 85 D5 40 40 00 89 C7 68 00 08 00 00 6A 40 FF 95 15 42 40 00 89 47 1C C7 07 58 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PMODE/W v.1.12, 1.16, 1.21, 1.33 DOS extender</text>
-      <pattern>
-        FC 16 07 BF xx xx 8B F7 57 B9 xx xx F3 A5 06 1E 07 1F 5F BE xx xx 06 0E A4
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PocketPC ARM (h)</text>
-      <pattern>
-        F0 41 2D E9 xx xx xx xx xx xx xx xx xx xx xx xx xx xx A0 E1 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 50 E3 xx 00 00 0A xx xx xx xx xx xx A0 xx xx xx xx xx xx xx A0 xx xx xx A0 E1 00 80 xx xx xx xx xx xx xx xx xx xx xx xx A0 E1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PocketPC ARM</text>
-      <pattern>
-        F0 40 2D E9 00 40 A0 E1 01 50 A0 E1 02 60 A0 E1 03 70 A0 E1 xx 00 00 EB 07 30 A0 E1 06 20 A0 E1 05 10 A0 E1 04 00 A0 E1 xx xx xx EB F0 40 BD E8 xx 00 00 EA xx 40 2D E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PocketPC ARM</text>
-      <pattern>
-        F0 40 2D E9 00 40 A0 E1 01 50 A0 E1 02 60 A0 E1 03 70 A0 E1 xx 00 00 EB 07 30 A0 E1 06 20 A0 E1 05 10 A0 E1 04 00 A0 E1 xx xx xx EB F0 40 BD E8 xx 00 00 EA xx 40 2D E9 xx xx 9F E5 xx xx xx xx xx 00 xx xx xx xx xx xx xx xx 9F E5 00 xx xx xx xx 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PocketPC MIB</text>
-      <pattern>
-        E8 FF BD 27 14 00 BF AF 18 00 A4 AF 1C 00 A5 AF 20 00 A6 AF 24 00 A7 AF xx xx xx 0C 00 00 00 00 18 00 A4 8F 1C 00 A5 8F 20 00 A6 8F xx xx xx 0C 24 00 A7 8F xx xx xx 0C 25 20 40 00 14 00 BF 8F 08 00 E0 03 18 00 BD 27 xx FF BD 27 18 00 xx AF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PocketPC MIB</text>
-      <pattern>
-        E8 FF BD 27 14 00 BF AF 18 00 A4 AF 1C 00 A5 AF 20 00 A6 AF 24 00 A7 AF xx xx xx 0C 00 00 00 00 18 00 A4 8F 1C 00 A5 8F 20 00 A6 8F xx xx xx 0C 24 00 A7 8F xx xx xx 0C 25 20 40 00 14 00 BF 8F 08 00 E0 03 18 00 BD 27 xx FF BD 27 18 00 xx AF xx 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PocketPC SHA</text>
-      <pattern>
-        86 2F 96 2F A6 2F B6 2F 22 4F 43 68 53 6B 63 6A 73 69 F0 7F 0B D0 0B 40 09 00 09 D0 B3 65 A3 66 93 67 0B 40 83 64 03 64 04 D0 0B 40 09 00 10 7F 26 4F F6 6B F6 6A F6 69 0B 00 F6 68 xx xx xx 00 xx xx xx 00 xx xx xx 00 22 4F F0 7F 0A D0 06 D4 06 D5 0B 40 09
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pohernah 1.0.0 - by Kas</text>
-      <pattern>
-        58 60 E8 00 00 00 00 5D 81 ED 20 25 40 00 8B BD 86 25 40 00 8B 8D 8E 25 40 00 6B C0 05 83 F0 04 89 85 92 25 40 00 83 F9 00 74 2D 81 7F 1C AB 00 00 00 75 1E 8B 77 0C 03 B5 8A 25 40 00 31 C0 3B 47 10 74 0E 50 8B 85 92 25 40 00 30 06 58 40 46 EB ED 83 C7 28
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pohernah 1.0.0 - by Kas</text>
-      <pattern>
-        58 60 E8 00 00 00 00 5D 81 ED 20 25 40 00 8B BD 86 25 40 00 8B 8D 8E 25 40 00 6B C0 05 83 F0 04 89 85 92 25 40 00 83 F9 00 74 2D 81 7F 1C AB 00 00 00 75 1E 8B 77 0C 03 B5 8A 25 40 00 31 C0 3B 47 10 74 0E 50 8B 85 92 25 40 00 30 06 58 40 46 EB ED 83 C7 28 49 EB CE 8B 85 82 25 40 00 89 44 24 1C 61 FF E0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pohernah 1.0.1 - by Kas</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED F1 26 40 00 8B BD 18 28 40 00 8B 8D 20 28 40 00 B8 38 28 40 00 01 E8 80 30 05 83 F9 00 74 71 81 7F 1C AB 00 00 00 75 62 8B 57 0C 03 95 1C 28 40 00 31 C0 51 31 C9 66 B9 FA 00 66 83 F9 00 74 49 8B 57 0C 03 95 1C 28 40 00 8B 85 24 28 40 00 83 F8 02 75 06 81 C2 00 02 00 00 51 8B 4F 10 83 F8 02 75 06 81 E9 00 02 00 00 57 BF C8 00 00 00 89 CE E8 27 00 00 00 89 C1 5F B8 38 28 40 00 01 E8 E8 24 00 00 00 59 49 EB B1 59 83 C7 28 49 EB 8A 8B 85 14 28 40 00 89 44 24 1C 61 FF E0 56 57 4F F7 D7 21 FE 89 F0 5F 5E C3 60 83 F0 05 40 90 48 83 F0 05 89 C6 89 D7 60 E8 0B 00 00 00 61 83 C7 08 83 E9 07 E2 F1 61 C3 57 8B 1F 8B 4F 04 68 B9 79 37 9E 5A 42 89 D0 48 C1 E0 05 BF 20 00 00 00 4A 89 DD C1 E5 04 29 E9 8B 6E 08 31 DD 29 E9 89 DD C1 ED 05 31 C5 29 E9 2B 4E 0C 89 CD C1 E5 04 29 EB 8B 2E 31 CD 29 EB 89 CD C1 ED 05 31 C5 29 EB 2B 5E 04 29 D0 4F 75 C8 5F 89 1F 89 4F 04 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pohernah 1.0.2 - by Kas</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED DE 26 40 00 8B BD 05 28 40 00 8B 8D 0D 28 40 00 B8 25 28 40 00 01 E8 80 30 05 83 F9 00 74 71 81 7F 1C AB 00 00 00 75 62 8B 57 0C 03 95 09 28 40 00 31 C0 51 31 C9 66 B9 F7 00 66 83 F9 00 74 49 8B 57 0C 03 95 09 28 40 00 8B 85 11 28 40 00 83 F8 02 75 06 81 C2 00 02 00 00 51 8B 4F 10 83 F8 02 75 06 81 E9 00 02 00 00 57 BF C8 00 00 00 89 CE E8 27 00 00 00 89 C1 5F B8 25 28 40 00 01 E8 E8 24 00 00 00 59 49 EB B1 59 83 C7 28 49 EB 8A 8B 85 01 28 40 00 89 44 24 1C 61 FF E0 56 57 4F F7 D7 21 FE 89 F0 5F 5E C3 60 83 F0 05 40 90 48 83 F0 05 89 C6 89 D7 60 E8 0B 00 00 00 61 83 C7 08 83 E9 07 E2 F1 61 C3 57 8B 1F 8B 4F 04 68 B9 79 37 9E 5A 42 89 D0 48 C1 E0 05 BF 20 00 00 00 4A 89 DD C1 E5 04 29 E9 8B 6E 08 31 DD 29 E9 89 DD C1 ED 05 31 C5 29 E9 2B 4E 0C 89 CD C1 E5 04 29 EB 8B 2E 31 CD 29 EB 89 CD C1 ED 05 31 C5 29 EB 2B 5E 04 29 D0 4F 75 C8 5F 89 1F 89 4F 04 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pohernah 1.0.3 - by Kas</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 2A 27 40 00 31 C0 40 83 F0 06 40 3D 40 1F 00 00 75 07 BE 6A 27 40 00 EB 02 EB EB 8B 85 9E 28 40 00 83 F8 01 75 17 31 C0 01 EE 3D 99 00 00 00 74 0C 8B 8D 86 28 40 00 30 0E 40 46 EB ED
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pohernah Crypter V1.0.1 -> Kas</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED F1 26 40 00 8B BD 18 28 40 00 8B 8D 20 28 40 00 B8 38 28 40 00 01 E8 80 30 05 83 F9 00 74 71 81 7F 1C AB 00 00 00 75 62 8B 57 0C 03 95 1C 28 40 00 31 C0 51 31 C9 66 B9 FA 00 66 83 F9 00 74 49 8B 57 0C 03 95 1C 28 40 00 8B 85 24
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Pohernah Crypter V1.0.2 -> Kas</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED DE 26 40 00 8B BD 05 28 40 00 8B 8D 0D 28 40 00 B8 25 28 40 00 01 E8 80 30 05 83 F9 00 74 71 81 7F 1C AB 00 00 00 75 62 8B 57 0C 03 95 09 28 40 00 31 C0 51 31 C9 66 B9 F7 00 66 83 F9 00 74 49 8B 57 0C 03 95 09 28 40 00 8B 85 11
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PolyBox C -> Anskya</text>
-      <pattern>
-        55 8B EC 83 C4 F0 53 56 B8 E4 41 00 10 E8 3A E1 FF FF 33 C0 55 68 11 44 00 10 64 FF 30 64 89 20 EB 08 FC FC FC FC FC FC 27 54 6A 0A 68 20 44 00 10 A1 1C 71 00 10 50 E8 CC E1 xx xx xx xx 85 DB 0F 84 77 01 00 00 53 A1 1C 71 00 10 50 E8 1E E2 FF FF 8B F0 85 F6 0F 84 61 01 00 00 53 A1 1C 71 00 10 50 E8 E0 E1 FF FF 85 C0 0F 84 4D 01 00 00 50 E8 DA E1 FF FF 8B D8 85 DB 0F 84 3D 01 00 00 56 B8 70 80 00 10 B9 01 00 00 00 8B 15 98 41 00 10 E8 9E DE FF FF 83 C4 04 A1 70 80 00 10 8B CE 8B D3 E8 E1 E1 FF FF 6A 00 6A 00 A1 70 80 00 10 B9 30 44 00 10 8B D6 E8 F8 FD FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PolyBox D -> Anskya</text>
-      <pattern>
-        55 8B EC 33 C9 51 51 51 51 51 53 33 C0 55 68 84 2C 40 00 64 FF 30 64 89 20 C6 45 FF 00 B8 B8 46 40 00 BA 24 00 00 00 E8 8C F3 FF FF 6A 24 BA B8 46 40 00 8B 0D B0 46 40 00 A1 94 46 40 00 E8 71 FB FF FF 84 C0 0F 84 6E 01 00 00 8B 1D D0 46 40 00 8B C3 83 C0 24 03 05 D8 46 40 00 3B 05 B4 46 40 00 0F 85 51 01 00 00 8D 45 F4 BA B8 46 40 00 B9 10 00 00 00 E8 A2 EC FF FF 8B 45 F4 BA 9C 2C 40 00 E8 F1 ED FF FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PolyCrypt PE - 2.1.4b/2.1.5 -> JLab Software Creations (h-oep)</text>
-      <pattern>
-        91 8B F4 AD FE C9 80 34 08 xx E2 FA C3 60 E8 ED FF FF FF EB
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PolyCrypt PE - 2.1.4b/2.1.5 -> JLab Software Creations (h-signed)</text>
-      <pattern>
-        50 6F 6C 79 43 72 79 70 74 20 50 45 20 28 63 29 20 32 30 30 34 2D 32 30 30 35 2C 20 4A 4C 61 62 53 6F 66 74 77 61 72 65 2E 00 50 00 43 00 50 00 45
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PolyCryptor by SMT Version %v3.%v4</text>
-      <pattern>
-        EB xx 28 50 6F 6C 79 53 63 72 79 70 74 20 xx xx xx 20 62 79 20 53 4D 54 29
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PolyCryptor by SMT Version %v3.%v4</text>
-      <pattern>
-        EB xx 28 50 6F 6C 79 53 63 72 79 70 74 20 V3 xx V4 20 62 79 20 53 4D 54 29
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PolyEnE V0.01+ -> Lennart Hedlund</text>
-      <pattern>
-        50 6F 6C 79 45 6E 45 00 4D 65 73 73 61 67 65 42 6F 78 41 00 55 53 45 52 33 32 2E 64 6C 6C
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PoPa 0.01 (Packer on Pascal) -> bagie</text>
-      <pattern>
-        55 8B EC 83 C4 EC 53 56 57 33 C0 89 45 EC B8 A4 3E 00 10 E8 30 F6 FF FF 33 C0 55 68 BE 40 00 10 xx xx xx xx 89 20 6A 00 68 80 00 00 00 6A 03 6A 00 6A 01 68 00 00 00 80 8D 55 EC 33 C0 E8 62 E7 FF FF 8B 45 EC E8 32 F2 FF FF 50 E8 B4 F6 FF FF A3 64 66 00 10 33 D2 55 68 93 40 00 10 64 FF 32 64 89 22 83 3D 64 66 00 10 FF 0F 84 3A 01 00 00 6A 00 6A 00 6A 00 A1 64 66 00 10 50 E8 9B F6 FF FF 83 E8 10 50 A1 64 66 00 10 50 E8 BC F6 FF FF 6A 00 68 80 66 00 10 6A 10 68 68 66 00 10 A1 64 66 00 10 50 E8 8B F6 FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PowerBASIC/CC 3.0x</text>
-      <pattern>
-        55 8B EC 53 56 57 BB 00 xx xx 00 66 2E F7 05 xx xx xx 00 04 00 0F 85
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PowerBASIC/CC 4.0</text>
-      <pattern>
-        55 8B EC 53 56 57 BB 00 xx 40 00 66 2E F7 05 xx xx 40 00 04 00 75 05 E9 68 05 00 00 E9 6E 03
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PowerBASIC/Win 7.0x</text>
-      <pattern>
-        55 8B EC 53 56 57 BB 00 xx 40 00 66 2E F7 05 xx xx 40 00 04 00 0F 85 DB 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PowerBASIC/Win 8.00</text>
-      <pattern>
-        55 8B EC 53 56 57 BB 00 xx xx 00 66 2E F7 05 xx xx 40 00 04 00 75 05 E9 14 04 00 00 E9 19 02
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PPC-PROTECT 1.1X -> Alexey Gorchakov</text>
-      <pattern>
-        FF 5F 2D E9 20 00 9F E5 00 00 90 E5 18 00 8F E5 18 00 9F E5 00 00 90 E5 10 00 8F E5 01 00 A0 E3 00 00 00 EB 02 00 00 EA 04 F0 1F E5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Prepared by SLR (OPTLINK)</text>
-      <pattern>
-        87 C0 55 56 57 52 51 53 50 9C FC 8C DA 83 xx xx 16 07 0E 1F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PrincessSandy 1.0 eMiNENCE Process Patcher Patch</text>
-      <pattern>
-        68 27 11 40 00 E8 3C 01 00 00 6A 00 E8 41 01 00 00 A3 00 20 40 00 8B 58 3C 03 D8 0F B7 43 14 0F B7 4B 06 8D 7C 18 18 81 3F 2E 4C 4F 41 74 0B 83 C7 28 49 75 F2 E9 A7 00 00 00 8B 5F 0C 03 1D 00 20 40 00 89 1D 04 20 40 00 8B FB 83 C7 04 68 4C 20 40 00 68 08
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PrincessSandy v1.0 eMiNENCE Process Patcher Patch</text>
-      <pattern>
-        68 27 11 40 00 E8 3C 01 00 00 6A 00 E8 41 01 00 00 A3 00 20 40 00 8B 58 3C 03 D8 0F B7 43 14 0F B7 4B 06 8D 7C 18 18 81 3F 2E 4C 4F 41 74 0B 83 C7 28 49 75 F2 E9 A7 00 00 00 8B 5F 0C 03 1D 00 20 40 00 89 1D 04 20 40 00 8B FB 83 C7 04 68 4C 20 40 00 68 08 20 40 00 6A 00 6A 00 6A 20 6A 00 6A 00 6A 00 57 6A 00 E8 CE 00 00 00 85 C0 74 78 BD 50 C3 00 00 8B 3D 04 20 40 00 8B 07 8D 3C 07 83 C7 04 89 3D 04 20 40 00 8B 0F 83 C7 04 8B 1F 83 C7 04 4D 85 ED 74 57 60 6A 00 51 68 5C 20 40 00 53 FF 35 4C 20 40 00 E8 93 00 00 00 85 C0 61 74 E1 8B C1 60 BE 5C 20 40 00 F3 A6 74 03 61 EB D2 60 6A 00 50 57 53 FF 35 4C 20 40 00 E8 7A 00 00 00 85 C0 74 20 61 83 3C 07 00 74 2D 03 F8 EB A8 B8 5E 21 40 00 EB 13 B8 7C 21 40 00 EB 0C B8 9E 21 40 00 EB 05 B8 CF 21 40 00 6A 00 68 56
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Private EXE Protector 1.8 -> SetiSoft (h)</text>
-      <pattern>
-        A4 B3 02 E8 6D 00 00 00 73 F6 31 C9 E8 64 00 00 00 73 1C 31 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00 10 C0 73 F7 75 3F AA EB D4 E8 4D 00 00 00 29 D9 75 10 E8 42 00 00 00 EB 28 AC D1 E8 74 4D 11 C9 EB 1C 91 48 C1 E0 08 AC E8 2C 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 89 E8 B3 01 56 89 FE 29 C6 F3 A4 5E EB 8E 00 D2 75 05 8A 16 46 10 D2 C3 31 C9 41 E8 EE FF FF FF 11 C9 E8 E7 FF FF FF 72 F2 C3 31 FF 31 F6 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Private EXE Protector 1.8</text>
-      <pattern>
-        BB DC EE 0D 76 D9 D0 8D 16 85 D8 90 D9 D0
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Private EXE Protector 1.9.7 -> SetiSoft (h)</text>
-      <pattern>
-        55 8B EC 83 C4 F4 FC 53 57 56 8B 74 24 20 8B 7C 24 24 66 81 3E 4A 43 0F 85 A5 02 00 00 83 C6 0A 33 DB BA 00 00 00 80 C7 44 24 14 08 00 00 00 43 8D A4 24 00 00 00 00 8B FF 03 D2 75 08 8B 16 83 C6 04 F9 13 D2 73 2C 8B 4C 24 10 33 C0 8D A4 24 00 00 00 00 05
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Private EXE Protector 1.9.7 -> SetiSoft (h)</text>
-      <pattern>
-        55 8B EC 83 C4 F4 FC 53 57 56 8B 74 24 20 8B 7C 24 24 66 81 3E 4A 43 0F 85 A5 02 00 00 83 C6 0A 33 DB BA 00 00 00 80 C7 44 24 14 08 00 00 00 43 8D A4 24 00 00 00 00 8B FF 03 D2 75 08 8B 16 83 C6 04 F9 13 D2 73 2C 8B 4C 24 10 33 C0 8D A4 24 00 00 00 00 05 00 00 00 00 03 D2 75 08 8B 16 83 C6 04 F9 13 D2 13 C0 49 75 EF 02 44 24 0C 88 07 47 EB C6 03 D2 75 08 8B 16 83 C6 04 F9 13 D2 0F 82 6E 01 00 00 03 D2 75 08 8B 16 83 C6 04 F9 13 D2 0F 83 DC 00 00 00 B9 04 00 00 00 33 C0 8D A4 24 00 00 00 00 8D 64 24 00 03 D2 75 08 8B 16 83 C6 04 F9 13 D2 13 C0 49 75 EF 48 74 B1 0F 89 EF 01 00 00 03 D2 75 08 8B 16 83 C6 04 F9 13 D2 73 42 BD 00 01 00 00 B9 08 00 00 00 33 C0 8D A4 24 00 00 00 00 05 00 00 00 00 03 D2 75 08 8B 16 83 C6 04 F9 13 D2 13 C0 49 75 EF 88 07 47 4D 75 D6
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Private Exe Protector 1.x -> setisoft</text>
-      <pattern>
-        B8 xx xx xx xx B9 xx 90 01 xx BE xx 10 40 xx 68 50 91 41 xx 68 01 xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Private EXE Protector 2.0 -> SetiSoft</text>
-      <pattern>
-        89 xx xx 38 00 00 00 8B xx 00 00 00 00 81 xx xx xx xx xx 89 xx 00 00 00 00 81 xx 04 00 00 00 81 xx 04 00 00 00 81 xx 00 00 00 00 0F 85 D6 FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Private exe Protector 2.15 -> SetiSoft Team</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 44 4C 4C 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Private exe Protector V1.8X-V1.9X -> SetiSoft Team</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 44 4C 4C 00 xx xx xx xx 00 00 00 00 00 00 45 78 69 74 50 72 6F 63 65 73 73
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Private exe Protector V2.0 -> SetiSoft Team ! Sign by fly</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 44 4C 4C 00 xx xx xx xx 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Private EXE v2.0a</text>
-      <pattern>
-        53 E8 00 00 00 00 5B 8B C3 2D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Private EXE v2.0a</text>
-      <pattern>
-        53 E8 xx xx xx xx 5B 8B C3 2D
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Private Personal Packer (PPP) 1.0.2 -> ConquestOfTroy.com</text>
-      <pattern>
-        E8 17 00 00 00 E8 68 00 00 00 FF 35 2C 37 00 10 E8 ED 01 00 00 6A 00 E8 2E 04 00 00 E8 41 04 00 00 A3 74 37 00 10 6A 64 E8 5F 04 00 00 E8 30 04 00 00 A3 78 37 00 10 6A 64 E8 4E 04 00 00 E8 1F 04 00 00 A3 7C 37 00 10 A1 74 37 00 10 8B 1D 78 37 00 10 2B D8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Private Personal Packer (PPP) 1.0.2 -> ConquestOfTroy.com</text>
-      <pattern>
-        E8 17 00 00 00 E8 68 00 00 00 FF 35 2C 37 00 10 E8 ED 01 00 00 6A 00 E8 2E 04 00 00 E8 41 04 00 00 A3 74 37 00 10 6A 64 E8 5F 04 00 00 E8 30 04 00 00 A3 78 37 00 10 6A 64 E8 4E 04 00 00 E8 1F 04 00 00 A3 7C 37 00 10 A1 74 37 00 10 8B 1D 78 37 00 10 2B D8 8B 0D 7C 37 00 10 2B C8 83 FB 64 73 0F 81 F9 C8 00 00 00 73 07 6A 00 E8 D9 03 00 00 C3 6A 0A 6A 07 6A 00 E8 D3 03 00 00 A3 20 37 00 10 50 6A 00 E8 DE 03 00 00 A3 24 37 00 10 FF 35 20 37 00 10 6A 00 E8 EA 03 00 00 A3 30 37 00 10 FF 35 24 37 00 10 E8 C2 03 00 00 A3 28 37 00 10 8B 0D 30 37 00 10 8B 3D 28 37 00 10 EB 09 49 C0 04 39 55 80 34 39 24 0B C9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Private Personal Packer (PPP) 1.0.3 -> ConquestOfTroy.com</text>
-      <pattern>
-        E8 19 00 00 00 90 90 E8 68 00 00 00 FF 35 2C 37 00 10 E8 ED 01 00 00 6A 00 E8 2E 04 00 00 E8 41 04 00 00 A3 74 37 00 10 6A 64 E8 5F 04 00 00 E8 30 04 00 00 A3 78 37 00 10 6A 64 E8 4E 04 00 00 E8 1F 04 00 00 A3 7C 37 00 10 A1 74 37 00 10 8B 1D 78 37 00 10 2B D8 8B 0D 7C 37 00 10 2B C8 83 FB 64 73 0F 81 F9 C8 00 00 00 73 07 6A 00 E8 D9 03 00 00 C3 6A 0A 6A 07 6A 00 E8 D3 03 00 00 A3 20 37 00 10 50 6A 00 E8 DE 03 00 00 A3 24 37 00 10 FF 35 20 37 00 10 6A 00 E8 EA 03 00 00 A3 30 37 00 10 FF 35 24 37 00 10 E8 C2 03 00 00 A3 28 37 00 10 8B 0D 30 37 00 10 8B 3D 28 37 00 10 EB 09 49 C0 04 39 55 80 34 39 24 0B C9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Private Personal Packer (PPP) v1.0.2 --> ConquestOfTroy.com</text>
-      <pattern>
-        E8 17 00 00 00 E8 68 00 00 00 FF 35 2C 37 00 10 E8 ED 01 00 00 6A 00 E8 2E 04 00 00 E8 41 04 00 00 A3 74 37 00 10 6A 64 E8 5F 04 00 00 E8 30 04 00 00 A3 78 37 00 10 6A 64 E8 4E 04 00 00 E8 1F 04 00 00 A3 7C 37 00 10 A1 74 37 00 10 8B 1D 78 37 00 10 2B D8 8B 0D 7C 37 00 10 2B C8 83 FB 64 73 0F 81 F9 C8 00 00 00 73 07 6A 00 E8 D9 03 00 00 C3 6A 0A 6A 07 6A 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PrivateEXE v2.0a</text>
-      <pattern>
-        06 60 C8 xx xx xx 0E 68 xx xx 9A xx xx xx xx 3D xx xx 0F xx xx xx 50 50 0E 68 xx xx 9A xx xx xx xx 0E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PrivateEXE v2.0a</text>
-      <pattern>
-        53 E8 xx xx xx xx 5B 8B C3 2D xx xx xx xx 50 81 xx xx xx xx xx 8B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PRO-MIDI Music file</text>
-      <pattern>
-        52 49 46 46 xx xx xx xx 52 4D 49 44
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PRO-PACK v2.08, emphasis on packed size, locked</text>
-      <pattern>
-        83 EC xx 8B EC BE xx xx FC E8 xx xx 05 xx xx 8B C8 E8 xx xx 8B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PRO-PACK v2.08</text>
-      <pattern>
-        8C D3 8E C3 8C CA 8E DA 8B 0E xx xx 8B F1 83 xx xx 8B FE D1 xx FD F3 A5 53
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ProActivate V1.0X -> TurboPower Software Company ! Sign by fly</text>
-      <pattern>
-        55 8B EC B9 0E 00 00 00 6A 00 6A 00 49 75 F9 51 53 56 57 B8 xx xx xx xx 90 90 90 90 90 33 C0 55 68 xx xx xx xx 64 FF 30 64 89 20 A1 xx xx xx xx 83 C0 05 A3 xx xx xx xx C7 05 xx xx xx xx 0D 00 00 00 E8 85 E2 FF FF 81 3D xx xx xx xx 21 7E 7E 40 75 7A 81 3D xx xx xx xx 43 52 43 33 75 6E 81 3D xx xx xx xx 32 40 7E 7E 75 62 81 3D xx xx xx xx 21 7E 7E 40 75 56 81 3D xx xx xx xx 43 52 43 33 75 4A 81 3D xx xx xx xx 32 40 7E 7E 75 3E 81 3D xx xx xx xx 21 7E 7E 40 75 32 81 3D xx xx xx xx 43 52 43 33
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ProActivate V1.0X -> TurboPower Software Company</text>
-      <pattern>
-        55 8B EC B9 0E 00 00 00 6A 00 6A 00 49 75 F9 51 53 56 57 B8 xx xx xx xx 90 90 90 90 90 33 C0 55 68 xx xx xx xx 64 FF 30 64 89 20 A1 xx xx xx xx 83 C0 05 A3 xx xx xx xx C7 05 xx xx xx xx 0D 00 00 00 E8 85 E2 FF FF 81 3D xx xx xx xx 21 7E 7E 40 75 7A 81 3D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Program Protector XP v1.0</text>
-      <pattern>
-        E8 xx xx xx xx 58 83 D8 05 89 C3 81 C3 xx xx xx xx 8B 43 64 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Protect Shareware 1.1 -> eCompserv CMS</text>
-      <pattern>
-        53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 xx 01 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 42 00 30 00 00 00 34 00 xx 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Protect Shareware V1.1 -> eCompserv CMS</text>
-      <pattern>
-        53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 xx 01 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 42 00 30 00 00 00 34 00 xx 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 4A 00 76 00 77 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PROTECT! EXE/COM v5.0</text>
-      <pattern>
-        1E 0E 0E 1F 07
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PROTECT! EXE/COM v6.0</text>
-      <pattern>
-        1E B4 30 CD 21 3C 02 73 xx CD 20 BE xx xx E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Protection Plus vx.x</text>
-      <pattern>
-        50 60 29 C0 64 FF 30 E8 xx xx xx xx 5D 83 ED 3C 89 E8 89 A5 14 xx xx xx 2B 85 1C xx xx xx 89 85 1C xx xx xx 8D 85 27 03 xx xx 50 8B xx 85 C0 0F 85 C0 xx xx xx 8D BD 5B 03 xx xx 8D B5 43 03 xx xx E8 DD xx xx xx 89 85 1F 03 xx xx 6A 40 68 xx 10 xx xx 8B 85
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Protection Plus vx.x</text>
-      <pattern>
-        50 60 29 C0 64 FF 30 E8 xx xx xx xx 5D 83 ED 3C 89 E8 89 A5 14 xx xx xx 2B 85 1C xx xx xx 89 85 1C xx xx xx 8D 85 27 03 xx xx 50 8B xx 85 C0 0F 85 C0 xx xx xx 8D BD 5B 03 xx xx 8D B5 43 03 xx xx E8 DD xx xx xx 89 85 1F 03 xx xx 6A 40 68 xx 10 xx xx 8B 85 28 xx xx xx 50 6A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Protector v1.1.11 (DDeM -> PE Engine v0.9, DDeM -> CI v0.9.2)</text>
-      <pattern>
-        53 51 56 E8 00 00 00 00 5B 81 EB 08 10 00 00 8D B3 34 10 00 00 B9 F3 03 00 00 BA 63 17 2A EE 31 16 83 C6 04
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PS-AdobeFont v.1.0</text>
-      <pattern>
-        80 01 xx xx 00 00 25 21 50 53 2D 41 64 6F 62 65 46 6F 6E 74 2D 31 2E 30 3A
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>pscrambler 1.2 -> by p0ke</text>
-      <pattern>
-        55 8B EC B9 04 00 00 00 6A 00 6A 00 49 75 F9 51 53 xx xx xx xx 10 E8 2D F3 FF FF 33 C0 55 68 E8 31 00 10 64 FF 30 64 89 20 8D 45 E0 E8 53 F5 FF FF 8B 45 E0 8D 55 E4 E8 30 F6 FF FF 8B 45 E4 8D 55 E8 E8 A9 F4 FF FF 8B 45 E8 8D 55 EC E8 EE F7 FF FF 8B 55 EC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>pscrambler 1.2 -> by p0ke</text>
-      <pattern>
-        55 8B EC B9 04 00 00 00 6A 00 6A 00 49 75 F9 51 53 xx xx xx xx 10 E8 2D F3 FF FF 33 C0 55 68 E8 31 00 10 64 FF 30 64 89 20 8D 45 E0 E8 53 F5 FF FF 8B 45 E0 8D 55 E4 E8 30 F6 FF FF 8B 45 E4 8D 55 E8 E8 A9 F4 FF FF 8B 45 E8 8D 55 EC E8 EE F7 FF FF 8B 55 EC B8 C4 54 00 10 E8 D9 EC FF FF 83 3D C4 54 00 10 00 0F 84 05 01 00 00 80 3D A0 40 00 10 00 74 41 A1 C4 54 00 10 E8 D9 ED FF FF E8 48 E0 FF FF 8B D8 A1 C4 54 00 10 E8 C8 ED FF FF 50 B8 C4 54 00 10 E8 65 EF FF FF 8B D3 59 E8 69 E1 FF FF 8B C3 E8 12 FA FF FF 8B C3 E8 33 E0 FF FF E9 AD 00 00 00 B8 05 01 00 00 E8 0C E0 FF FF 8B D8 53 68 05 01 00 00 E8 57 F3 FF FF 8D 45 DC 8B D3 E8 39 ED FF FF 8B 55 DC B8 14 56 00 10 B9 00 32 00 10 E8 BB ED FF FF 8B 15 14 56 00 10 B8 C8 54 00 10 E8 53 E5 FF FF BA 01 00 00 00 B8 C8 54 00 10 E8 8C E8 FF FF E8 DF E0 FF FF 85 C0 75 52 6A 00 A1 C4 54 00 10 E8 3B ED FF FF 50 B8 C4 54 00 10 E8 D8 EE FF FF 8B D0 B8 C8 54 00 10 59 E8 3B E6 FF FF E8 76 E0 FF FF B8 C8 54 00 10 E8 4C E6 FF FF E8 67 E0 FF FF 6A 00 6A 00 6A 00 A1 14 56 00 10 E8 53 EE FF FF 50 6A 00 6A 00 E8 41 F3 FF FF 80 3D 9C 40 00 10 00 74 05 E8 EF FB FF FF 33 C0 5A 59 59 64 89 10 68 EF 31 00 10 8D 45 DC BA 05 00 00 00 E8 7D EB FF FF C3 E9 23 E9 FF FF EB EB 5B E8 63 EA FF FF 00 00 00 FF FF FF FF 08 00 00 00 74 65 6D 70 2E 65 78 65
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PseudoSigner 0.1 -> Anorganix</text>
-      <pattern>
-        90 90 90 90 68 xx xx xx xx 67 64 FF 36 00 00 67 64 89 26 00 00 F1 90 90 90 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 32Lite 0.03 -> Anorganix
-      </text>
-      <pattern>
-        60 06 FC 1E 07 BE 90 90 90 90 6A 04 68 90 10 90 90 68 xx xx xx xx E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 ACProtect 1.09 --> Anorganix
-      </text>
-      <pattern>
-        60 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 EB 02 00 00 90 90 90 04 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 EB 06 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 EB 06 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 EB 02 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 EB 08 00 90 90 90 EB 06 00 00 90 90 90 90 90 90 EB 06 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 04 90 90 90 90 90 90 90 90 90 90 90 90 90 90 00 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 ACProtect 1.09
-      </text>
-      <pattern>
-        60 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 EB 02 00 00 90 90 90 04 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Armadillo 3.00 -> Anorganix
-      </text>
-      <pattern>
-        60 E8 2A 00 00 00 5D 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 50 51 EB 85 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 ASPack 2.xx Heuristic
-      </text>
-      <pattern>
-        90 90 90 90 68 xx xx xx xx 67 64 FF 36 00 00 67 64 89 26 00 00 F1 90 90 90 90 A8 03 00 00 61 75 08 B8 01 00 00 00 C2 0C 00 68 00 00 00 00 C3 8B 85 26 04 00 00 8D 8D 3B 04 00 00 51 50 FF 95
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 ASProtect -> Anorganix
-      </text>
-      <pattern>
-        60 90 90 90 90 90 90 5D 90 90 90 90 90 90 90 90 90 90 90 03 DD E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Borland Delphi 3.0 -->  Anorganix
-      </text>
-      <pattern>
-        55 8B EC 83 C4 90 90 90 90 68 xx xx xx xx 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 00 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Borland Delphi 3.0
-      </text>
-      <pattern>
-        55 8B EC 83 C4 90 90 90 90 68 xx xx xx xx 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Borland Delphi 5.0 KOL/MCK -> Anorganix
-      </text>
-      <pattern>
-        55 8B EC 90 90 90 90 68 xx xx xx xx 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 00 FF 90 90 90 90 90 90 90 90 00 01 90 90 90 90 90 90 90 90 90 EB 04 00 00 00 01 90 90 90 90 90 90 90 00 01 90 90 90 90 90 90 90 90 90 90 90 EB 08 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 EB 08 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 EB 08 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 EB 0E 00 90 90 90 90 90 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 EB 0A 00 00 00 90 90 90 90 90 00 00 00 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Borland Delphi 5.0 KOL/MCK
-      </text>
-      <pattern>
-        55 8B EC 90 90 90 90 68 xx xx xx xx 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 00 FF 90 90 90 90 90 90 90 90 00 01 90 90 90 90 90 90 90 90 90 EB 04 00 00 00 01 90 90 90 90 90 90 90 00 01 90 90 90 90 90 90 90 90 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Borland Delphi 6.0 - 7.0
-      </text>
-      <pattern>
-        90 90 90 90 68 xx xx xx xx 67 64 FF 36 00 00 67 64 89 26 00 00 F1 90 90 90 90 53 8B D8 33 C0 A3 09 09 09 00 6A 00 E8 09 09 00 FF A3 09 09 09 00 A1 09 09 09 00 A3 09 09 09 00 33 C0 A3 09 09 09 00 33 C0 A3 09 09 09 00 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 CD-Cops II -> Anorganix
-      </text>
-      <pattern>
-        53 60 BD 90 90 90 90 8D 45 90 8D 5D 90 E8 00 00 00 00 8D 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Code-Lock -> Anorganix
-      </text>
-      <pattern>
-        43 4F 44 45 2D 4C 4F 43 4B 2E 4F 43 58 00 01 28 01 50 4B 47 05 4C 3F B4 04 4D 4C 47 4B E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 CodeSafe 2.0 -> Anorganix
-      </text>
-      <pattern>
-        90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 EB 0B 83 EC 10 53 56 57 E8 C4 01 00 85 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Crunch/PE Heuristic -> Anorganix
-      </text>
-      <pattern>
-        55 E8 0E 00 00 00 5D 83 ED 06 8B C5 55 60 89 AD xx xx xx xx 2B 85 00 00 00 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 DEF 1.0 -> Anorganix
-      </text>
-      <pattern>
-        BE 00 01 40 00 6A 05 59 80 7E 07 00 74 11 8B 46 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 83 C1 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 DxPack 1.0 -> Anorganix
-      </text>
-      <pattern>
-        60 E8 00 00 00 00 5D 8B FD 81 ED 90 90 90 90 2B B9 00 00 00 00 81 EF 90 90 90 90 83 BD 90 90 90 90 90 0F 84 00 00 00 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 ExeSmasher -> Anorganix
-      </text>
-      <pattern>
-        9C FE 03 90 60 BE 90 90 41 90 8D BE 90 10 FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 FE 0B E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 FSG 1.0 -> Anorganix
-      </text>
-      <pattern>
-        90 90 90 90 68 xx xx xx xx 67 64 FF 36 00 00 67 64 89 26 00 00 F1 90 90 90 90 BB D0 01 40 00 BF 00 10 40 00 BE 90 90 90 90 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 FC B2 80 A4 6A 02 5B E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 FSG 1.31 -> Anorganix
-      </text>
-      <pattern>
-        BE 90 90 90 00 BF 90 90 90 00 BB 90 90 90 00 53 BB 90 90 90 00 B2 80 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Gleam 1.00 -> Anorganix
-      </text>
-      <pattern>
-        90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 EB 0B 83 EC 0C 53 56 57 E8 24 02 00 FF E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 JDPack 1.x / JDProtect 0.9 -> Anorganix
-      </text>
-      <pattern>
-        60 E8 22 00 00 00 5D 8B D5 81 ED 90 90 90 90 2B 95 90 90 90 90 81 EA 06 90 90 90 89 95 90 90 90 90 83 BD 45 00 01 00 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 LCC Win32 1.x -> Anorganix
-      </text>
-      <pattern>
-        64 A1 01 00 00 00 55 89 E5 6A FF 68 xx xx xx xx 68 9A 10 40 90 50 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 LCC Win32 DLL -> Anorganix
-      </text>
-      <pattern>
-        55 89 E5 53 56 57 83 7D 0C 01 75 05 E8 17 90 90 90 FF 75 10 FF 75 0C FF 75 08 A1 xx xx xx xx E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Lockless Intro Pack -> Anorganix
-      </text>
-      <pattern>
-        2C E8 EB 1A 90 90 5D 8B C5 81 ED F6 73 90 90 2B 85 90 90 90 90 83 E8 06 89 85 FF 01 EC AD E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 LTC 1.3 -> Anorganix
-      </text>
-      <pattern>
-        54 E8 00 00 00 00 5D 8B C5 81 ED F6 73 40 00 2B 85 87 75 40 00 83 E8 06 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Macromedia Flash Projector 6.0 -> Anorganix
-      </text>
-      <pattern>
-        90 90 90 90 68 xx xx xx xx 67 64 FF 36 00 00 67 64 89 26 00 00 F1 90 90 90 90 83 EC 44 56 FF 15 24 81 49 00 8B F0 8A 06 3C 22 75 1C 8A 46 01 46 3C 22 74 0C 84 C0 74 08 8A 46 01 46 3C 22 75 F4 80 3E 22 75 0F 46 EB 0C E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 MEW 11 SE 1.0 -> Anorganix
-      </text>
-      <pattern>
-        E9 09 00 00 00 00 00 00 02 00 00 00 0C 90 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Microsoft Visual Basic 5.0 - 6.0 -> Anorganix
-      </text>
-      <pattern>
-        68 xx xx xx xx E8 0A 00 00 00 00 00 00 00 00 00 30 00 00 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Microsoft Visual Basic 6.0 DLL
-      </text>
-      <pattern>
-        90 90 90 90 68 xx xx xx xx 67 64 FF 36 00 00 67 64 89 26 00 00 F1 90 90 90 90 5A 68 90 90 90 90 68 90 90 90 90 52 E9 90 90 FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Microsoft Visual C++ 5.0+ (MFC) -> Anorganix
-      </text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx xx 68 xx xx xx xx 64 A1 00 00 00 00 50 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Microsoft Visual C++ 6.0 (Debug) --> Anorganix
-      </text>
-      <pattern>
-        55 8B EC 51 90 90 90 01 01 90 90 90 90 68 xx xx xx xx 90 90 90 90 90 90 90 90 90 90 90 90 00 01 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 00 01 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 10 01 90 90 90 90 90 90 90 90 E8 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 EB 02 00 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Microsoft Visual C++ 6.0 (Debug)
-      </text>
-      <pattern>
-        55 8B EC 51 90 90 90 01 01 90 90 90 90 68 xx xx xx xx 90 90 90 90 90 90 90 90 90 90 90 90 00 01 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 00 01 90 90 90 90 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Microsoft Visual C++ 6.20
-      </text>
-      <pattern>
-        90 90 90 90 68 xx xx xx xx 67 64 FF 36 00 00 67 64 89 26 00 00 F1 90 90 90 90 55 8B EC 83 EC 50 53 56 57 BE 90 90 90 90 8D 7D F4 A5 A5 66 A5 8B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Microsoft Visual C++ 7.0 DLL -> Anorganix
-      </text>
-      <pattern>
-        55 8D 6C 01 00 81 EC 00 00 00 00 8B 45 90 83 F8 01 56 0F 84 00 00 00 00 85 C0 0F 84 xx xx xx xx E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 MinGW GCC 2.x -> Anorganix
-      </text>
-      <pattern>
-        55 89 E5 E8 02 00 00 00 C9 C3 90 90 45 58 45 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Morphine 1.2 --> Anorganix
-      </text>
-      <pattern>
-        90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 EB 06 00 90 90 90 90 90 90 90 90 EB 08 E8 90 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 51 66 90 90 90 59 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 EB 02 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 EB 02 E2 90 90 90 EB 08 82 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 EB 02 00 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Morphine 1.2
-      </text>
-      <pattern>
-        90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 EB 06 00 90 90 90 90 90 90 90 90 EB 08 E8 90 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 51 66 90 90 90 59 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Neolite 2.0 --> Anorganix
-      </text>
-      <pattern>
-        E9 A6 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 00 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Neolite 2.0
-      </text>
-      <pattern>
-        E9 A6 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 NorthStar PE Shrinker 1.3 -> Anorganix
-      </text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D B8 B3 85 40 00 2D AC 85 40 00 2B E8 8D B5 00 00 00 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Pack Master 1.0 (PEX Clone) --> Anorganix
-      </text>
-      <pattern>
-        60 E8 01 01 00 00 E8 83 C4 04 E8 01 90 90 90 E9 5D 81 ED D3 22 40 90 E8 04 02 90 90 E8 EB 08 EB 02 CD 20 FF 24 24 9A 66 BE 47 46 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 FF FF E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Pack Master 1.0 (PEX Clone)
-      </text>
-      <pattern>
-        60 E8 01 01 00 00 E8 83 C4 04 E8 01 90 90 90 E9 5D 81 ED D3 22 40 90 E8 04 02 90 90 E8 EB 08 EB 02 CD 20 FF 24 24 9A 66 BE 47 46 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 PE Intro 1.0 -> Anorganix
-      </text>
-      <pattern>
-        8B 04 24 9C 60 E8 14 00 00 00 5D 81 ED 0A 45 40 90 80 BD 67 44 40 90 90 0F 85 48 FF ED 0A E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 PE Pack 0.99 -> Anorganix
-      </text>
-      <pattern>
-        60 E8 11 00 00 00 5D 83 ED 06 80 BD E0 04 90 90 01 0F 84 F2 FF CC 0A E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 E Protect 0.9 -> Anorganix
-      </text>
-      <pattern>
-        52 51 55 57 64 67 A1 30 00 85 C0 78 0D E8 07 00 00 00 58 83 C0 07 C6 90 C3 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 ECompact 1.4+
-      </text>
-      <pattern>
-        90 90 90 90 68 xx xx xx xx 67 64 FF 36 00 00 67 64 89 26 00 00 F1 90 90 90 90 EB 06 68 90 90 90 90 C3 9C 60 E8 02 90 90 90 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 PENightMare 2 Beta -> Anorganix
-      </text>
-      <pattern>
-        60 E9 10 00 00 00 EF 40 03 A7 07 8F 07 1C 37 5D 43 A7 04 B9 2C 3A E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 PENinja 1.31 -> Anorganix
-      </text>
-      <pattern>
-        90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 PESHiELD 0.25 -> Anorganix
-      </text>
-      <pattern>
-        60 E8 2B 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 CC CC E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 PEtite 2.x (level 0)
-      </text>
-      <pattern>
-        90 90 90 90 68 xx xx xx xx 67 64 FF 36 00 00 67 64 89 26 00 00 F1 90 90 90 90 B8 00 90 90 00 6A 00 68 90 90 90 00 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 66 9C 60 50 8B D8 03 00 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 PEX 0.99 -> Anorganix
-      </text>
-      <pattern>
-        60 E8 01 00 00 00 55 83 C4 04 E8 01 00 00 00 90 5D 81 FF FF FF 00 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 REALBasic -> Anorganix
-      </text>
-      <pattern>
-        55 89 E5 90 90 90 90 90 90 90 90 90 90 50 90 90 90 90 90 00 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Ste@lth PE 1.01
-      </text>
-      <pattern>
-        0B C0 0B C0 0B C0 0B C0 0B C0 0B C0 0B C0 0B C0 BA xx xx xx xx FF E2 BA E0 10 40 00 B8 68 24 1A 40 89 02 83 C2 03 B8 40 00 E8 EE 89 02 83 C2 FD FF E2 2D 3D 5B 20 48 69 64 65 50 45 20 5D 3D 2D 90 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 UPX 0.6 -> Anorganix
-      </text>
-      <pattern>
-        60 E8 00 00 00 00 58 83 E8 3D 50 8D B8 00 00 00 FF 57 8D B0 E8 00 00 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 VBOX 4.3 MTE -> Anorganix
-      </text>
-      <pattern>
-        0B C0 0B C0 0B C0 0B C0 0B C0 0B C0 0B C0 0B C0 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Video-Lan-Client -> Anorganix
-      </text>
-      <pattern>
-        55 89 E5 83 EC 08 90 90 90 90 90 90 90 90 90 90 90 90 90 90 01 FF FF 01 01 01 00 01 90 90 90 90 90 90 90 90 90 90 90 90 90 90 00 01 00 01 00 01 90 90 00 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 VOB ProtectCD 5 -> Anorganix
-      </text>
-      <pattern>
-        36 3E 26 8A C0 60 E8 00 00 00 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 WATCOM C/C++ EXE -> Anorganix
-      </text>
-      <pattern>
-        E9 00 00 00 00 90 90 90 90 57 41 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 XCR 0.11 -> Anorganix
-      </text>
-      <pattern>
-        60 8B F0 33 DB 83 C3 01 83 C0 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.1 Yoda's Protector 1.02 -> Anorganix
-      </text>
-      <pattern>
-        E8 03 00 00 00 EB 01 90 90 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 .BJFNT 1.1b
-      </text>
-      <pattern>
-        EB 01 EA 9C EB 01 EA 53 EB 01 EA 51 EB 01 EA 52 EB 01 EA 56 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 .BJFNT 1.2
-      </text>
-      <pattern>
-        EB 02 69 B1 83 EC 04 EB 03 CD 20 EB EB 01 EB 9C EB 01 EB EB 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 32Lite 0.03 -> Anorganix
-      </text>
-      <pattern>
-        60 06 FC 1E 07 BE 90 90 90 90 6A 04 68 90 10 90 90 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 Armadillo 3.00
-      </text>
-      <pattern>
-        60 E8 2A 00 00 00 5D 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 50 51 EB 85
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 ASProtect
-      </text>
-      <pattern>
-        60 90 90 90 90 90 90 5D 90 90 90 90 90 90 90 90 90 90 90 03 DD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 Borland C++ 1999 -> Anorganix
-      </text>
-      <pattern>
-        EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90 E9 90 90 90 90 A1 xx xx xx xx A3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 Borland C++ DLL (Method 2)
-      </text>
-      <pattern>
-        EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90 E9 90 90 90 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 Borland Delphi DLL
-      </text>
-      <pattern>
-        55 8B EC 83 C4 B4 B8 90 90 90 90 E8 00 00 00 00 E8 00 00 00 00 8D 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 Borland Delphi Setup Module
-      </text>
-      <pattern>
-        55 8B EC 83 C4 90 53 56 57 33 C0 89 45 F0 89 45 D4 89 45 D0 E8 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 CD-Cops II
-      </text>
-      <pattern>
-        53 60 BD 90 90 90 90 8D 45 90 8D 5D 90 E8 00 00 00 00 8D 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 Code-Lock
-      </text>
-      <pattern>
-        43 4F 44 45 2D 4C 4F 43 4B 2E 4F 43 58 00 01 28 01 50 4B 47 05 4C 3F B4 04 4D 4C 47 4B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 CodeSafe 2.0
-      </text>
-      <pattern>
-        90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 EB 0B 83 EC 10 53 56 57 E8 C4 01 00 85
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 Crunch/PE Heuristic
-      </text>
-      <pattern>
-        55 E8 0E 00 00 00 5D 83 ED 06 8B C5 55 60 89 AD xx xx xx xx 2B 85 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 DEF 1.0
-      </text>
-      <pattern>
-        BE 00 01 40 00 6A 05 59 80 7E 07 00 74 11 8B 46 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 83 C1 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 DxPack 1.0
-      </text>
-      <pattern>
-        60 E8 00 00 00 00 5D 8B FD 81 ED 90 90 90 90 2B B9 00 00 00 00 81 EF 90 90 90 90 83 BD 90 90 90 90 90 0F 84 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 ExeSmasher
-      </text>
-      <pattern>
-        9C FE 03 90 60 BE 90 90 41 90 8D BE 90 10 FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 FE 0B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 FSG 1.0
-      </text>
-      <pattern>
-        90 90 90 90 68 xx xx xx xx 67 64 FF 36 00 00 67 64 89 26 00 00 F1 90 90 90 90 BB D0 01 40 00 BF 00 10 40 00 BE 90 90 90 90 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 FC B2 80 A4 6A 02 5B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 FSG 1.31
-      </text>
-      <pattern>
-        BE 90 90 90 00 BF 90 90 90 00 BB 90 90 90 00 53 BB 90 90 90 00 B2 80
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 Gleam 1.00
-      </text>
-      <pattern>
-        90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 EB 0B 83 EC 0C 53 56 57 E8 24 02 00 FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 JDPack 1.x / JDProtect 0.9
-      </text>
-      <pattern>
-        60 E8 22 00 00 00 5D 8B D5 81 ED 90 90 90 90 2B 95 90 90 90 90 81 EA 06 90 90 90 89 95 90 90 90 90 83 BD 45 00 01 00 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 LCC Win32 1.x
-      </text>
-      <pattern>
-        64 A1 01 00 00 00 55 89 E5 6A FF 68 xx xx xx xx 68 9A 10 40 90 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 LCC Win32 DLL -> Anorganix
-      </text>
-      <pattern>
-        55 89 E5 53 56 57 83 7D 0C 01 75 05 E8 17 90 90 90 FF 75 10 FF 75 0C FF 75 08 A1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 Lockless Intro Pack
-      </text>
-      <pattern>
-        2C E8 EB 1A 90 90 5D 8B C5 81 ED F6 73 90 90 2B 85 90 90 90 90 83 E8 06 89 85 FF 01 EC AD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 Macromedia Flash Projector 6.0
-      </text>
-      <pattern>
-        90 90 90 90 68 xx xx xx xx 67 64 FF 36 00 00 67 64 89 26 00 00 F1 90 90 90 90 83 EC 44 56 FF 15 24 81 49 00 8B F0 8A 06 3C 22 75 1C 8A 46 01 46 3C 22 74 0C 84 C0 74 08 8A 46 01 46 3C 22 75 F4 80 3E 22 75 0F 46 EB 0C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 MEW 11 SE 1.0
-      </text>
-      <pattern>
-        E9 09 00 00 00 00 00 00 02 00 00 00 0C 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 Microsoft Visual Basic 5.0 - 6.0
-      </text>
-      <pattern>
-        68 xx xx xx xx E8 0A 00 00 00 00 00 00 00 00 00 30 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 Microsoft Visual C++ 7.0 DLL -> Anorganix
-      </text>
-      <pattern>
-        55 8D 6C 01 00 81 EC 00 00 00 00 8B 45 90 83 F8 01 56 0F 84 00 00 00 00 85 C0 0F 84
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 MinGW GCC 2.x
-      </text>
-      <pattern>
-        55 89 E5 E8 02 00 00 00 C9 C3 90 90 45 58 45
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 NorthStar PE Shrinker 1.3
-      </text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D B8 B3 85 40 00 2D AC 85 40 00 2B E8 8D B5 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 PE Intro 1.0
-      </text>
-      <pattern>
-        8B 04 24 9C 60 E8 14 00 00 00 5D 81 ED 0A 45 40 90 80 BD 67 44 40 90 90 0F 85 48 FF ED 0A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 PE Pack 0.99
-      </text>
-      <pattern>
-        60 E8 11 00 00 00 5D 83 ED 06 80 BD E0 04 90 90 01 0F 84 F2 FF CC 0A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 PE Protect 0.9
-      </text>
-      <pattern>
-        52 51 55 57 64 67 A1 30 00 85 C0 78 0D E8 07 00 00 00 58 83 C0 07 C6 90 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 PENightMare 2 Beta
-      </text>
-      <pattern>
-        60 E9 10 00 00 00 EF 40 03 A7 07 8F 07 1C 37 5D 43 A7 04 B9 2C 3A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 PESHiELD 0.25
-      </text>
-      <pattern>
-        60 E8 2B 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 CC CC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 PEX 0.99
-      </text>
-      <pattern>
-        60 E8 01 00 00 00 55 83 C4 04 E8 01 00 00 00 90 5D 81 FF FF FF 00 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 REALBasic
-      </text>
-      <pattern>
-        55 89 E5 90 90 90 90 90 90 90 90 90 90 50 90 90 90 90 90 00 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 UPX 0.6
-      </text>
-      <pattern>
-        60 E8 00 00 00 00 58 83 E8 3D 50 8D B8 00 00 00 FF 57 8D B0 E8 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 Video-Lan-Client
-      </text>
-      <pattern>
-        55 89 E5 83 EC 08 90 90 90 90 90 90 90 90 90 90 90 90 90 90 01 FF FF 01 01 01 00 01 90 90 90 90 90 90 90 90 90 90 90 90 90 90 00 01 00 01 00 01 90 90 00 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 VOB ProtectCD 5
-      </text>
-      <pattern>
-        36 3E 26 8A C0 60 E8 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 Watcom C/C++ DLL
-      </text>
-      <pattern>
-        53 56 57 55 8B 74 24 14 8B 7C 24 18 8B 6C 24 1C 83 FF 03 0F 87 01 00 00 00 F1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 WATCOM C/C++ EXE
-      </text>
-      <pattern>
-        E9 00 00 00 00 90 90 90 90 57 41
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        PseudoSigner 0.2 ZCode 1.01
-      </text>
-      <pattern>
-        E9 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E9 FB FF FF FF C3 68 00 00 00 00 64 FF 35 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PUNiSHER 1.5 (DEMO) -> FEUERRADER/AHTeam</text>
-      <pattern>
-        EB 04 83 A4 BC CE 60 EB 04 80 BC 04 11 E8 00 00 00 00 81 2C 24 CA C2 41 00 EB 04 64 6B 88 18 5D E8 00 00 00 00 EB 04 64 6B 88 18 81 2C 24 86 00 00 00 EB 04 64 6B 88 18 8B 85 9C C2 41 00 EB 04 64 6B 88 18 29 04 24 EB 04 64 6B 88 18 EB 04 64 6B 88 18 8B 04
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PUNiSHER v1.5 (DEMO) -> FEUERRADER/AHTeam</text>
-      <pattern>
-        EB 04 83 A4 BC CE 60 EB 04 80 BC 04 11 E8 00 00 00 00 81 2C 24 CA C2 41 00 EB 04 64 6B 88 18 5D E8 00 00 00 00 EB 04 64 6B 88 18 81 2C 24 86 00 00 00 EB 04 64 6B 88 18 8B 85 9C C2 41 00 EB 04 64 6B 88 18 29 04 24 EB 04 64 6B 88 18 EB 04 64 6B 88 18 8B 04 24 EB 04 64 6B 88 18 89 85 9C C2 41 00 EB 04 64 6B 88 18 58 68 9F 6F 56 B6 50 E8 5D 00 00 00 EB FF 71 78 C2 50 00 EB D3 5B F3 68 89 5C 24 48 5C 24 58 FF 8D 5C 24 58 5B 83 C3 4C 75 F4 5A 8D 71 78 75 09 81 F3 EB FF 52 BA 01 00 83 EB FC 4A FF 71 0F 75 19 8B 5C 24 00 00 81 33 50 53 8B 1B 0F FF C6 75 1B 81 F3 EB 87 1C 24 8B 8B 04 24 83 EC FC EB 01 E8 83 EC FC E9 E7 00 00 00 58 EB FF F0 EB FF C0 83 E8 FD EB FF 30 E8 C9 00 00 00 89 E0 EB FF D0 EB FF 71 0F 83 C0 01 EB FF 70 F0 71 EE EB FA EB 83 C0 14 EB FF 70 ED
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PUNiSHER V1.5 -> FEUERRADER</text>
-      <pattern>
-        3F 00 00 80 66 20 xx 00 7E 20 xx 00 92 20 xx 00 A4 20 xx 00 00 00 00 00 4B 45 52 4E 45 4C 33 32
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PUNiSHER V1.5 Demo -> FEUERRADER</text>
-      <pattern>
-        EB 04 83 A4 BC CE 60 EB 04 80 BC 04 11 E8 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PuNkMoD 1.x -> PuNkDuDe</text>
-      <pattern>
-        94 B9 xx xx 00 00 BC xx xx xx xx 80 34 0C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PureBasic 4.x -> Neil Hodgson</text>
-      <pattern>
-        68 xx xx 00 00 68 00 00 00 00 68 xx xx xx 00 E8 xx xx xx 00 83 C4 0C 68 00 00 00 00 E8 xx xx xx 00 A3 xx xx xx 00 68 00 00 00 00 68 00 10 00 00 68 00 00 00 00 E8 xx xx xx 00 A3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PureBasic 4.x DLL -> Neil Hodgson</text>
-      <pattern>
-        83 7C 24 08 01 75 0E 8B 44 24 04 A3 xx xx xx 10 E8 22 00 00 00 83 7C 24 08 02 75 00 83 7C 24 08 00 75 05 E8 xx 00 00 00 83 7C 24 08 03 75 00 B8 01 00 00 00 C2 0C 00 68 00 00 00 00 68 00 10 00 00 68 00 00 00 00 E8 xx 0F 00 00 A3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>PureBasic DLL -> Neil Hodgson</text>
-      <pattern>
-        83 7C 24 08 01 75 xx 8B 44 24 04 A3 xx xx xx 10 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>R!SC's Process Patcher 1.4</text>
-      <pattern>
-        E8 E1 01 00 00 80 38 22 75 13 80 38 00 74 2E 80 38 20 75 06 80 78 FF 22 74 18 40 EB ED 80 38 00 74 1B EB 19 40 80 78 FF 20 75 F9 80 38 00 74 0D EB 0B 40 80 38 00 74 05 80 38 22 74 00 8B F8 B8 04 60 40 00 68 00 20 40 00 C7 05 A2 20 40 00 44 00 00 00 68 92
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>R!SC's Process Patcher 1.5.1</text>
-      <pattern>
-        68 00 20 40 00 E8 C3 01 00 00 80 38 00 74 0D 66 81 78 FE 22 20 75 02 EB 03 40 EB EE 8B F8 B8 04 60 40 00 68 C4 20 40 00 68 D4 20 40 00 6A 00 6A 00 6A 04 6A 00 6A 00 6A 00 57 50 E8 9F 01 00 00 85 C0 0F 84 39 01 00 00 BE 00 60 40 00 8B 06 A3 28 21 40 00 83
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>R!SC's Process Patcher v1.4</text>
-      <pattern>
-        E8 E1 01 00 00 80 38 22 75 13 80 38 00 74 2E 80 38 20 75 06 80 78 FF 22 74 18 40 EB ED 80 38 00 74 1B EB 19 40 80 78 FF 20 75 F9 80 38 00 74 0D EB 0B 40 80 38 00 74 05 80 38 22 74 00 8B F8 B8 04 60 40 00 68 00 20 40 00 C7 05 A2 20 40 00 44 00 00 00 68 92 20 40 00 68 A2 20 40 00 6A 00 6A 00 6A 04 6A 00 6A 00 6A 00 57 50 E8 7C 01 00 00 85 C0 0F 84 2A 01 00 00 B8 00 60 40 00 8B 00 A3 1C 22 40 00 BE 40 60 40 00 83 7E FC 00 0F 84 F6 00 00 00 8B 3E 83 C6 04 85 FF 0F 84 83 00 00 00 81 FF 72 21 73 63 0F 84 DD 00 00 00 33 DB 66 8B 1E 8B CF 8D 7E 02 C7 05 EA 21 40 00 00 00 00 00 83 05 EA 21 40 00 01 50 A1 1C 22 40 00 39 05 EA 21 40 00 58 0F 84 C1 00 00 00 60 6A 00 53 68 EA 20 40 00 51 FF 35 92 20 40 00 E8 EB 00 00 00 61 60 FC BE EA 20 40 00 8B CB F3 A6 61 75 C2 03
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>R!SC's Process Patcher v1.5.1</text>
-      <pattern>
-        68 00 20 40 00 E8 C3 01 00 00 80 38 00 74 0D 66 81 78 FE 22 20 75 02 EB 03 40 EB EE 8B F8 B8 04 60 40 00 68 C4 20 40 00 68 D4 20 40 00 6A 00 6A 00 6A 04 6A 00 6A 00 6A 00 57 50 E8 9F 01 00 00 85 C0 0F 84 39 01 00 00 BE 00 60 40 00 8B 06 A3 28 21 40 00 83 C6 40 83 7E FC 00 0F 84 8F 00 00 00 8B 3E 83 C6 04 85 FF 0F 84 E5 00 00 00 81 FF 72 21 73 63 74 7A 0F B7 1E 8B CF 8D 7E 02 C7 05 24 21 40 00 00 00 00 00 83 05 24 21 40 00 01 50 A1 28 21 40 00 39 05 24 21 40 00 58 0F 84 D8 00 00 00 60 6A 00 53 68 2C 21 40 00 51 FF 35 C4 20 40 00 E8 0A 01 00 00 61 60 FC BE 2C 21 40 00 8B CB F3 A6 61 75 C2 03 FB 60 E8 3E 00 00 00 6A 00 53 57 51 FF 35 C4 20 40 00 E8 FB 00 00 00 85 C0 0F 84 A2 00 00 00 61 03 FB 8B F7 E9 71 FF FF FF 60 FF 35 C8 20 40 00 E8 CB 00 00 00 61 C7 05
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RAR Configuration file</text>
-      <pattern>
-        52 41 52 20 43 4F 4E 46 49 47
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RAR SFX</text>
-      <pattern>
-        E8 xx xx xx xx 50 E8 xx xx xx xx 00 00 00 00 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RatPacker (Glue) stub</text>
-      <pattern>
-        40 20 FF 00 00 00 00 00 00 00 xx BE 00 60 40 00 8D BE 00 B0 FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RatPacker (Glue) stub</text>
-      <pattern>
-        40 20 FF xx xx xx xx xx xx xx xx BE xx 60 40 xx 8D BE xx B0 FF FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RAZOR 1911 encruptor</text>
-      <pattern>
-        E8 xx xx BF xx xx 3B FC 72 xx B4 4C CD 21 BE xx xx B9 xx xx FD F3 A5 FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor 1.5 by Vaska (UsAr sign (individual version) 21.03.2007 22:15)</text>
-      <pattern>
-        83 2C 24 4F 68 40 A1 14 13 FF 54 24 04 83 44 24 04 4F B8 00 10 14 13 3D 24 C0 14 13 74 06 80 30 2B 40 EB F3 B8 8C 20 18 13 3D B9 27 18 13 74 06 80 30 19 40 EB F3 E8 00 00 00 00 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor 1.6 by Vaska (Damrai sign 20.03.2007 20:41)</text>
-      <pattern>
-        33 D0 68 40 A1 14 13 FF D2 B8 00 10 14 13 3D 24 C0 14 13 74 06 80 30 BB 40 EB F3 33 C0 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor 1.6c by Vaska (UsAr sign 21.03.2007 22:25)</text>
-      <pattern>
-        8B C7 03 04 24 2B C7 80 38 50 0F 85 1B 8B 1F FF 68 40 A1 14 13 B8 00 10 14 13 3D 24 C0 14 13 74 06 80 30 F2 40 EB F3 B8 8C 20 18 13 3D B9 27 18 13 74 06 80 30 E8 40 EB F3 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor 1.6d by Vaska (UsAr sign 21.03.2007 22:22)</text>
-      <pattern>
-        60 90 61 61 80 7F F0 45 90 60 0F 85 1B 8B 1F FF 68 40 A1 14 13 B8 00 10 14 13 90 3D 24 C0 14 13 74 06 80 30 F6 40 EB F3 B8 8C 20 18 13 90 3D B9 27 18 13 74 06 80 30 89 40 EB F3 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor 2.0 -> Vaska</text>
-      <pattern>
-        F7 D1 83 F1 FF 6A 00 F7 D1 83 F1 FF 81 04 24 xx xx xx xx F7 D1 83 F1 FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor by Vaska unknown ver (sign from pinch 21.03.2006 23:05)</text>
-      <pattern>
-        90 58 90 50 90 8B 00 90 3C 50 90 58 0F 85 67 D6 EF 11 50 68 00 10 14 13 B8 00 10 14 13 3D 00 64 14 13 74 06 80 30 BC 40 EB F3 E8 00 00 00 00 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor v1.1 --> Vaska</text>
-      <pattern>
-        8B 04 24 83 E8 4F 68 xx xx xx xx FF D0
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor v1.1 -> Vaska</text>
-      <pattern>
-        8B 04 24 83 E8 4F 68 xx xx xx xx FF D0 B8 xx xx xx xx 3D xx xx xx xx 74 06 80 30 xx 40 EB F3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor v1.3 / v1.4 --> Vaska</text>
-      <pattern>
-        55 8B EC 8B 44 24 04 83 E8 4F 68 xx xx xx xx FF D0 58 59 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor v1.3 / v1.4 -> Vaska</text>
-      <pattern>
-        55 8B EC 8B 44 24 04 83 E8 4F 68 xx xx xx xx FF D0 58 59 50 B8 xx xx xx xx 3D xx xx xx xx 74 06 80 30 xx 40 EB F3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor v1.3b --> Vaska</text>
-      <pattern>
-        61 83 EF 4F 60 68 xx xx xx xx FF D7
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor v1.3b -> Vaska</text>
-      <pattern>
-        61 83 EF 4F 60 68 xx xx xx xx FF D7 B8 xx xx xx xx 3D xx xx xx xx 74 06 80 30 xx 40 EB F3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor v1.5 (Private) -> Vaska</text>
-      <pattern>
-        83 2C 24 4F 68 xx xx xx xx FF 54 24 04 83 44 24 04 4F B8 xx xx xx xx 3D xx xx xx xx 74 06 80 30 xx 40 EB F3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor v1.5 --> Vaska</text>
-      <pattern>
-        83 2C 24 4F 68 xx xx xx xx FF 54 24 04 83 44 24 04 4F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor V1.5 -> Vaska ! Sign by fly</text>
-      <pattern>
-        83 2C 24 4F 68 xx xx xx xx FF 54 24 04 83 44 24 04 4F B8 xx xx xx xx 3D xx xx xx xx 74 06 80 30 xx xx EB F3 B8 xx xx xx xx 3D xx xx xx xx 74 06 80 30 xx 40 EB F3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor v1.6 -> Vaska</text>
-      <pattern>
-        33 D0 68 xx xx xx xx FF D2 B8 xx xx xx xx 3D xx xx xx xx 74 06 80 30 xx 40 EB F3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor v1.6 -> Vaska</text>
-      <pattern>
-        33 D0 68 xx xx xx xx FF D2
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor v1.6b / v1.6c --> Vaska</text>
-      <pattern>
-        8B C7 03 04 24 2B C7 80 38 50 0F 85 1B 8B 1F FF 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor v1.6b / v1.6c -> Vaska</text>
-      <pattern>
-        8B C7 03 04 24 2B C7 80 38 50 0F 85 1B 8B 1F FF 68 xx xx xx xx B8 xx xx xx xx 3D xx xx xx xx 74 06 80 30 xx 40 EB F3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor V1.6c -> Vaska ! Sign by fly</text>
-      <pattern>
-        8B C7 03 04 24 2B C7 80 38 50 0F 85 1B 8B 1F FF 68 xx xx xx xx B8 xx xx xx xx 3D xx xx xx xx 74 06 80 30 xx 40 EB F3 B8 xx xx xx xx 3D xx xx xx xx 74 06 80 30 xx 40 EB F3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor v1.6d --> Vaska</text>
-      <pattern>
-        60 90 61 61 80 7F F0 45 90 60 0F 85 1B 8B 1F FF 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor V1.6d -> Vaska ! Sign by fly</text>
-      <pattern>
-        60 90 61 61 80 7F F0 45 90 60 0F 85 1B 8B 1F FF 68 xx xx xx xx B8 xx xx xx xx 90 3D xx xx xx xx 74 06 80 30 xx 40 EB F3 B8 xx xx xx xx 90 3D xx xx xx xx 74 06 80 30 xx 40 EB F3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor v1.6d -> Vaska</text>
-      <pattern>
-        60 90 61 61 80 7F F0 45 90 60 0F 85 1B 8B 1F FF 68 xx xx xx xx B8 xx xx xx xx 90 3D xx xx xx xx 74 06 80 30 xx 40 EB F3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor v1.6x -> Vaska</text>
-      <pattern>
-        60 90 61 61 80 7F F0 45 90 60 0F 85 1B 8B 1F FF 68 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor v1.xx -> Vaska</text>
-      <pattern>
-        90 58 90 50 90 8B 00 90 3C 50 90 58 0F 85 67 D6 EF 11 50 68 xx xx xx xx B8 xx xx xx xx 3D xx xx xx xx 74 06 80 30 xx 40 EB F3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor v1.xx -> Vaska</text>
-      <pattern>
-        90 58 90 50 90 8B 00 90 3C 50 90 58 0F 85 67 D6 EF 11 50 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor v2.0 (Hide EP) --> Vaska</text>
-      <pattern>
-        F7 D1 83 F1 FF 6A 00 F7 D1 83 F1 FF 81 04 24 DC 20 xx 00 F7 D1 83 F1 FF E8 00 00 00 00 F7 D1 83 F1 FF C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RCryptor v2.0 --> Vaska</text>
-      <pattern>
-        F7 D1 83 F1 FF 6A 00 F7 D1 83 F1 FF 81 04 24 xx 02 00 00 F7 D1 83 F1 FF 59 BA 32 21 xx 00 F7 D1 83 F1 FF F7 D1 83 F1 FF 80 02 E3 F7 D1 83 F1 FF C0 0A 05 F7 D1 83 F1 FF 80 02 6F F7 D1 83 F1 FF 80 32 A4 F7 D1 83 F1 FF 80 02 2D F7 D1 83 F1 FF 42 49 85 C9 75 CD 1C 4F 8D 5B FD 62 1E 1C 4F 8D 5B FD 4D 9D B9 xx xx xx 1E 1C 4F 8D 5B FD 22 1C 4F 8D 5B FD 8E A2 B9 B9 E2 83 DB E2 E5 4D CD 1E BF 60 AB 1F 4D DB 1E 1E 3D 1E 92 1B 8E DC 7D EC A4 E2 4D E5 20 C6 CC B2 8E EC 2D 7D DC 1C 4F 8D 5B FD 83 56 8E E0 3A 7D D0 8E 9D 6E 7D D6 4D 25 06 C2 AB 20 CC 3A 4D 2D 9D 6B 0B 81 45 CC 18 4D 2D 1F A1 A1 6B C2 CC F7 E2 4D 2D 9E 8B 8B CC DE 2E 2D F7 1E AB 7D 45 92 30 8E E6 B9 7D D6 8E 9D 27 DA FD FD 1E 1E 8E DF B8 7D CF 8E A3 4D 7D DC 1C 4F 8D 5B FD 33 D7 1E 1E 1E A6 0B 41 A1 A6 42 61 6B 41 6B 4C 45 1E 21 F6 26 BC E2 62 1E 62 1E 62 1E 23 63 59 xx 1E 62 1E 62 1E 33 D7 1E 1E 1E 85 6B C2 41 AB C2 9F 23 6B C2 41 A1 1E C0 FD F0 FD 30 20 33 9E 1E 1E 1E 85 A2 0B 8B C2 27 41 EB A1 A2 C2 1E C0 FD F0 FD 30 62 1E 33 7E 1E 1E 1E C6 2D 42 AB 9F 23 6B C2 41 A1 1E C0 FD F0 FD 30 C0 FD F0 8E 1D 1C 4F 8D 5B FD E0 00 33 5E 1E 1E 1E BF 0B EC C2 E6 42 A2 C2 45 1E C0 FD F0 FD 30 CE 36 CC F2 1C 4F 8D 5B FD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        RE-Crypt 0.7x -> Crudd RET
-      </text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED F3 1D 40 00 B9 7B 09 00 00 8D BD 3B 1E 40 00 8B F7 61 60 E8 00 00 00 00 5D 55 81 04 24 0A 00 00 00 C3 8B F5 81 C5 xx xx 00 00 89 6D 34 89 75 38 8B 7D 38 81 E7 00 FF FF FF 81 C7 48 00 00 00 47 03 7D 60 8B 4D 5C 83 F9 00 7E 0F 8B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        RE-Crypt v0.7x -> Crudd RET
-      </text>
-      <pattern>
-        60 E8 00 00 00 00 5D 55 81 04 24 0A 00 00 00 C3 8B F5 81 C5 xx xx 00 00 89 6D 34 89 75 38 8B 7D 38 81 E7 00 FF FF FF 81 C7 48 00 00 00 47 03 7D 60 8B 4D 5C 83 F9 00 7E 0F 8B 17 33 55 58 89 17 83 C7 04 83 C1 FC EB EC 8B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        RE-Crypt v0.7x -> Crudd RET
-      </text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED F3 1D 40 00 B9 7B 09 00 00 8D BD 3B 1E 40 00 8B F7 61 60 E8 00 00 00 00 5D 55 81 04 24 0A 00 00 00 C3 8B F5 81 C5 xx xx 00 00 89 6D 34 89 75 38 8B 7D 38 81 E7 00 FF FF FF 81 C7 48 00 00 00 47 03 7D 60 8B 4D 5C 83 F9 00 7E 0F 8B 17 33 55 58 89 17 83 C7 04 83 C1 FC EB EC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>REALbasic</text>
-      <pattern>
-        55 89 E5 xx xx xx xx xx xx xx xx xx xx 50 xx xx xx xx xx 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>REC v0.32</text>
-      <pattern>
-        06 1E 52 B8 xx xx 1E CD 21 86 E0 3D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        REC v0.34 3
-      </text>
-      <pattern>
-        06 1E B4 30 CD 21 3C 02 73 xx 33 C0 06 50 CB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>REC, C0ded by ROSE</text>
-      <pattern>
-        06 1E 0E 0E 07 1F B4 30 CD 21 86 E0 3D 00 03 73 xx CD 20 EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>REC.Small v1.02</text>
-      <pattern>
-        8C D8 1E E8 xx xx 83 xx xx 5D B9 xx xx 81 xx xx xx 40 8E D8 2B DB B2 xx xx xx FE C2 43 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Reflexive Arcade Wrapper</text>
-      <pattern>
-        55 8B EC 6A FF 68 98 68 42 00 68 14 FA 41 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 F8 50 42 00 33 D2 8A D4 89 15 3C E8 42 00 8B C8 81 E1 FF 00 00 00 89 0D 38 E8 42 00 C1 E1 08 03 CA 89 0D 34 E8 42 00 C1 E8 10 A3 30 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Reflexive Arcade Wrapper</text>
-      <pattern>
-        55 8B EC 6A FF 68 98 68 42 00 68 14 FA 41 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 F8 50 42 00 33 D2 8A D4 89 15 3C E8 42 00 8B C8 81 E1 FF 00 00 00 89 0D 38 E8 42 00 C1 E1 08 03 CA 89 0D 34 E8 42 00 C1 E8 10 A3 30 E8 42 00 33 F6 56 E8 58 43 00 00 59 85 C0 75 08 6A 1C E8 B0 00 00 00 59 89 75 FC E8 23 40 00 00 FF 15 18 51 42 00 A3 44 FE 42 00 E8 E1 3E 00 00 A3 78 E8 42 00 E8 8A 3C 00 00 E8 CC 3B 00 00 E8 3E F5 FF FF 89 75 D0 8D 45 A4 50 FF 15 14 51 42 00 E8 5D 3B 00 00 89 45 9C F6 45 D0 01 74 06 0F B7 45 D4 EB 03 6A 0A 58 50 FF 75 9C 56 56 FF 15 10 51 42 00 50 E8 0D 6E FE FF 89 45 A0 50 E8 2C F5 FF FF 8B 45 EC 8B 08 8B 09 89 4D 98 50 51 E8 9B 39 00 00 59 59 C3 8B 65 E8 FF 75 98 E8 1E F5 FF FF 83 3D 80 E8 42 00 01 75 05 E8 F3 43 00 00 FF 74 24 04 E8 23 44 00 00 68 FF 00 00 00 FF 15 B0 B8 42 00 59 59 C3 83 3D 80 E8 42 00 01 75 05 E8 CE 43 00 00 FF 74 24 04 E8 FE 43 00 00 59 68 FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Reg2Exe 2.20/2.21 - by Jan Vorel</text>
-      <pattern>
-        6A 00 E8 7D 12 00 00 A3 A0 44 40 00 E8 79 12 00 00 6A 0A 50 6A 00 FF 35 A0 44 40 00 E8 0F 00 00 00 50 E8 69 12 00 00 CC CC CC CC CC CC CC CC CC 68 2C 02 00 00 68 00 00 00 00 68 B0 44 40 00 E8 3A 12 00 00 83 C4 0C 8B 44 24 04 A3 B8 44 40 00 68 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Reg2Exe 2.20/2.21 - by Jan Vorel</text>
-      <pattern>
-        6A 00 E8 7D 12 00 00 A3 A0 44 40 00 E8 79 12 00 00 6A 0A 50 6A 00 FF 35 A0 44 40 00 E8 0F 00 00 00 50 E8 69 12 00 00 CC CC CC CC CC CC CC CC CC 68 2C 02 00 00 68 00 00 00 00 68 B0 44 40 00 E8 3A 12 00 00 83 C4 0C 8B 44 24 04 A3 B8 44 40 00 68 00 00 00 00 68 A0 0F 00 00 68 00 00 00 00 E8 32 12 00 00 A3 B0 44 40 00 68 F4 01 00 00 68 BC 44 40 00 FF 35 B8 44 40 00 E8 1E 12 00 00 B8 BC 44 40 00 89 C1 8A 30 40 80 FE 5C 75 02 89 C1 80 FE 00 75 F1 C6 01 00 E8 EC 18 00 00 E8 28 16 00 00 E8 4A 12 00 00 68 00 FA 00 00 68 08 00 00 00 FF 35 B0 44 40 00 E8 E7 11 00 00 A3 B4 44 40 00 8B 15 D4 46 40 00 E8 65 0A 00 00 BB 00 00 10 00 B8 01 00 00 00 E8 72 0A 00 00 74 09 C7 00 01 00 00 00 83 C0 04 A3 D4 46 40 00 FF 35 B4 44 40 00 E8 26 05 00 00 8D 0D B8 46 40 00 5A E8 CF 0F 00 00 FF 35 B4 44 40 00 FF 35 B8 46 40 00 E8 EE 06 00 00 8D 0D B4 46 40 00 5A E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Reg2Exe 2.22/2.23 - by Jan Vorel</text>
-      <pattern>
-        6A 00 E8 2F 1E 00 00 A3 C4 35 40 00 E8 2B 1E 00 00 6A 0A 50 6A 00 FF 35 C4 35 40 00 E8 07 00 00 00 50 E8 1B 1E 00 00 CC 68 48 00 00 00 68 00 00 00 00 68 C8 35 40 00 E8 76 16 00 00 83 C4 0C 8B 44 24 04 A3 CC 35 40 00 68 00 00 00 00 68 A0 0F 00 00 68 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Reg2Exe 2.22/2.23 - by Jan Vorel</text>
-      <pattern>
-        6A 00 E8 2F 1E 00 00 A3 C4 35 40 00 E8 2B 1E 00 00 6A 0A 50 6A 00 FF 35 C4 35 40 00 E8 07 00 00 00 50 E8 1B 1E 00 00 CC 68 48 00 00 00 68 00 00 00 00 68 C8 35 40 00 E8 76 16 00 00 83 C4 0C 8B 44 24 04 A3 CC 35 40 00 68 00 00 00 00 68 A0 0F 00 00 68 00 00 00 00 E8 EC 1D 00 00 A3 C8 35 40 00 E8 62 1D 00 00 E8 92 1A 00 00 E8 80 16 00 00 E8 13 14 00 00 68 01 00 00 00 68 08 36 40 00 68 00 00 00 00 8B 15 08 36 40 00 E8 71 3F 00 00 B8 00 00 10 00 BB 01 00 00 00 E8 82 3F 00 00 FF 35 48 31 40 00 B8 00 01 00 00 E8 0D 13 00 00 8D 0D EC 35 40 00 5A E8 F2 13 00 00 68 00 01 00 00 FF 35 EC 35 40 00 E8 84 1D 00 00 A3 F4 35 40 00 FF 35 48 31 40 00 FF 35 F4 35 40 00 FF 35 EC 35 40 00 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Reg2Exe 2.24 - by Jan Vorel</text>
-      <pattern>
-        6A 00 E8 CF 20 00 00 A3 F4 45 40 00 E8 CB 20 00 00 6A 0A 50 6A 00 FF 35 F4 45 40 00 E8 07 00 00 00 50 E8 BB 20 00 00 CC 68 48 00 00 00 68 00 00 00 00 68 F8 45 40 00 E8 06 19 00 00 83 C4 0C 8B 44 24 04 A3 FC 45 40 00 68 00 00 00 00 68 A0 0F 00 00 68 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Reg2Exe 2.24 - by Jan Vorel</text>
-      <pattern>
-        6A 00 E8 CF 20 00 00 A3 F4 45 40 00 E8 CB 20 00 00 6A 0A 50 6A 00 FF 35 F4 45 40 00 E8 07 00 00 00 50 E8 BB 20 00 00 CC 68 48 00 00 00 68 00 00 00 00 68 F8 45 40 00 E8 06 19 00 00 83 C4 0C 8B 44 24 04 A3 FC 45 40 00 68 00 00 00 00 68 A0 0F 00 00 68 00 00 00 00 E8 8C 20 00 00 A3 F8 45 40 00 E8 02 20 00 00 E8 32 1D 00 00 E8 20 19 00 00 E8 A3 16 00 00 68 01 00 00 00 68 38 46 40 00 68 00 00 00 00 8B 15 38 46 40 00 E8 71 4F 00 00 B8 00 00 10 00 BB 01 00 00 00 E8 82 4F 00 00 FF 35 48 41 40 00 B8 00 01 00 00 E8 9D 15 00 00 8D 0D 1C 46 40 00 5A E8 82 16 00 00 68 00 01 00 00 FF 35 1C 46 40 00 E8 24 20 00 00 A3 24 46 40 00 FF 35 48 41 40 00 FF 35 24 46 40 00 FF 35 1C 46 40 00 E8 DC 10 00 00 8D 0D 14 46 40 00 5A E8 4A 16
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Reg2Exe 2.25 - by Jan Vorel</text>
-      <pattern>
-        68 68 00 00 00 68 00 00 00 00 68 70 7D 40 00 E8 AE 20 00 00 83 C4 0C 68 00 00 00 00 E8 AF 52 00 00 A3 74 7D 40 00 68 00 00 00 00 68 00 10 00 00 68 00 00 00 00 E8 9C 52 00 00 A3 70 7D 40 00 E8 24 50 00 00 E8 E2 48 00 00 E8 44 34 00 00 E8 54 28 00 00 E8 98
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Reg2Exe 2.25 - by Jan Vorel</text>
-      <pattern>
-        68 68 00 00 00 68 00 00 00 00 68 70 7D 40 00 E8 AE 20 00 00 83 C4 0C 68 00 00 00 00 E8 AF 52 00 00 A3 74 7D 40 00 68 00 00 00 00 68 00 10 00 00 68 00 00 00 00 E8 9C 52 00 00 A3 70 7D 40 00 E8 24 50 00 00 E8 E2 48 00 00 E8 44 34 00 00 E8 54 28 00 00 E8 98 27 00 00 E8 93 20 00 00 68 01 00 00 00 68 D0 7D 40 00 68 00 00 00 00 8B 15 D0 7D 40 00 E8 89 8F 00 00 B8 00 00 10 00 68 01 00 00 00 E8 9A 8F 00 00 FF 35 A4 7F 40 00 68 00 01 00 00 E8 3A 23 00 00 8D 0D A8 7D 40 00 5A E8 5E 1F 00 00 FF 35 A8 7D 40 00 68 00 01 00 00 E8 2A 52 00 00 A3 B4 7D 40 00 FF 35 A4 7F 40 00 FF 35 B4 7D 40 00 FF 35 A8 7D 40 00 E8 5C 0C 00 00 8D 0D A0 7D 40 00 5A E8 26 1F 00 00 FF 35
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ResCrypt v1.02</text>
-      <pattern>
-        55 E8 xx xx xx xx 5D 81 ED 06 xx xx xx BE xx xx xx xx :3 F5 8B DE BA 01 xx xx xx 33 C9 66 8B 4E 0C 66 03 4E 0E 85 C9 74 54 83 C6 10 8B 06 83 FA 01 75 1B 25 xx xx xx 7F 83 F8 03 74 0C 83 F8 0E 74 07 83 F8 10 74 02 EB 05 83 C6 08 EB 2D 8B 46 04 83 C6 08 A9
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ResCrypt v1.02</text>
-      <pattern>
-        55 E8 xx xx xx xx 5D 81 ED 06 xx xx xx BE xx xx xx xx ?3 F5 8B DE BA 01 xx xx xx 33 C9 66 8B 4E 0C 66 03 4E 0E 85 C9 74 54 83 C6 10 8B 06 83 FA 01 75 1B 25 xx xx xx 7F 83 F8 03 74 0C 83 F8 0E 74 07 83 F8 10 74 02 EB 05 83 C6 08 EB 2D 8B 46 04 83 C6 08 A9 xx xx xx 80 74 0E 51 56 25 xx xx xx 7F 03 C3 8B F0 42 EB B2 51 03 C3 8B 38 03 FD 8B 48 04 D2 0F 30 0F 47 E2 F9 59 E2 AF 4A 74 04 5E 59 EB F7 8D 85 xx xx xx xx 5D FF E
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ResCrypt v1.02</text> // Hint = $0
-      <pattern>
-        55 E8 xx xx xx xx 5D 81 ED 06 xx xx xx BE xx xx xx xx :3 F5 8B DE BA 01 xx xx xx 33 C9 66 8B 4E 0C 66 03 4E 0E 85 C9 74 54 83 C6 10 8B 06 83 FA 01 75 1B 25 xx xx xx 7F 83 F8 03 74 0C 83 F8 0E 74 07 83 F8 10 74 02 EB 05 83 C6 08 EB 2D 8B 46 04 83 C6 08 A9 xx xx xx 80 74 0E 51 56 25 xx xx xx 7F 03 C3 8B F0 42 EB B2 51 03 C3 8B 38 03 FD 8B 48 04 D2 0F 30 0F 47 E2 F9 59 E2 AF 4A 74 04 5E 59 EB F7 8D 85 xx xx xx xx 5D FF E
-      </pattern><ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ReversingLabsProtector 0.7.4 beta -> Ap0x</text>
-      <pattern>
-        68 00 00 41 00 E8 01 00 00 00 C3 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RJcrush v1.00</text>
-      <pattern>
-        06 FC 8C C8 BA xx xx 03 D0 52 BA xx xx 52 BA xx xx 03 C2 8B D8 05 xx xx 8E DB 8E C0 33 F6 33 FF B9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RJoiner 1.2 by Vaska (25.03.2007 16:58)</text>
-      <pattern>
-        55 8B EC 81 EC 0C 02 00 00 8D 85 F4 FD FF FF 56 50 68 04 01 00 00 FF 15 14 10 40 00 90 8D 85 F4 FD FF FF 50 FF 15 10 10 40 00 90 BE 00 20 40 00 90 83 3E FF 0F 84 84 00 00 00 53 57 33 FF 8D 46
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RJoiner 1.2a -> Vaska</text>
-      <pattern>
-        55 8B EC 81 EC 0C 01 00 00 8D 85 F4 FE FF FF 56 50 68 04 01 00 00 FF 15 0C 10 40 00 94 90 94 8D 85 F4 FE FF FF 50 FF 15 08 10 40 00 94 90 94 BE 00 20 40 00 94 90 94 83 3E FF 74 7D 53 57 33 DB 8D 7E 04 94 90 94 53 68 80 00 00 00 6A 02 53 6A 01 68 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RJoiner 1.2a -> Vaska</text>
-      <pattern>
-        55 8B EC 81 EC 0C 01 00 00 8D 85 F4 FE FF FF 56 50 68 04 01 00 00 FF 15 0C 10 40 00 94 90 94 8D 85 F4 FE FF FF 50 FF 15 08 10 40 00 94 90 94 BE 00 20 40 00 94 90 94 83 3E FF 74 7D 53 57 33 DB 8D 7E 04 94 90 94 53 68 80 00 00 00 6A 02 53 6A 01 68 00 00 00 C0 57 FF 15 04 10 40 00 89 45 F8 94 90 94 8B 06 8D 74 06 04 94 90 94 8D 45 FC 53 50 8D 46 04 FF 36 50 FF 75 F8 FF 15 00 10 40 00 94 90 94 FF 75 F8 FF 15 10 10 40 00 94 90 94 8D 85 F4 FE FF FF 6A 0A 50 53 57 68 20 10 40 00 53 FF 15 18 10 40 00 94 90 94 8B 06 8D 74 06 04 94 90 94 83 3E FF 75 89 5F 5B 33 C0 5E C9 C2 10 00 CC CC 24 11
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RJoiner by Vaska (Sign from pinch 25.03.2007 17:00)</text>
-      <pattern>
-        E8 03 FD FF FF 6A 00 E8 0C 00 00 00 FF 25 6C 10 40 00 FF 25 70 10 40 00 FF 25 74 10 40 00 FF 25 78 10 40 00 FF 25 7C 10 40 00 FF 25 80 10 40 00 FF 25 84 10 40 00 FF 25 88 10 40 00 FF 25 8C 10
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLP 0.7.3beta -> ap0x (h)</text>
-      <pattern>
-        60 8B DD E8 00 00 00 00 5D 95 32 C0 95 89 9D 80 00 00 00 B8 42 31 40 00 BB 41 30 40 00 2B C3 03 C5 33 D2 8A 10 40 B9 xx xx 00 00 8B F9 30 10 8A 10 40 49 75 F8 64 EF 86 3D 30 00 00 0F B9 FF 4B 89 52 5C 4C BD 77 C2 0C CE 88 4E 2D E8 00 00 00 5D 0D DB 5E 56
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLP V0.7.3.beta -> ap0x ! Sign by fly</text>
-      <pattern>
-        2E 72 6C 70 00 00 00 00 00 50 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 E0
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLP v0.7.3beta -> ap0x (h)</text>
-      <pattern>
-        60 8B DD E8 00 00 00 00 5D 95 32 C0 95 89 9D 80 00 00 00 B8 42 31 40 00 BB 41 30 40 00 2B C3 03 C5 33 D2 8A 10 40 B9 xx xx 00 00 8B F9 30 10 8A 10 40 49 75 F8 64 EF 86 3D 30 00 00 0F B9 FF 4B 89 52 5C 4C BD 77 C2 0C CE 88 4E 2D E8 00 00 00 5D 0D DB 5E 56 41 87 FC 0F F3 05 40 81 68 4B 93 71 40 BB 87 3C 40 40 8B 88 06 75 70 40 40 8B BB B3 43 C4 8F 93 2B F3 4A 88 06 07 30 F5 EA 2A 35 F0 4B 8A C3 07 C1 C6 02 C4 34 C0 74 74 32 02 C4 45 0B 3C 96 BE 0A 82 C3 DE 36 A9 7E 5A 51 A6 BC 63 A8 66 CB 30 58 20 8C CC 85 53 9F C1 E4 10 80 11 20 1E 48 D2 E8 F7 28 5C 26 89 5C 94 89 5A F8 1C 0B 74 7E 33 4E 9B 29 56 F2 2B 84 42 8A 95 16 76 64 08 7B 70 8F A0 0B A8 3A C1 C7 B5 3E D9 70
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack --> Ap0x</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 2C 0A 00 00 8D 9D 22 02 00 00 33 FF E8 83 01 00 00 6A 40 68 00 10 00 00 68 00 20 0C 00 6A 00 FF 95 CD 09 00 00 89 85 14 0A 00 00 EB 14 60 FF B5 14 0A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack --> Ap0x</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 5A 0A 00 00 8D 9D 40 02 00 00 33 FF E8 83 01 00 00 6A 40 68 00 10 00 00 68 00 20 0C 00 6A 00 FF 95 EB 09 00 00 89 85 3A 0A 00 00 EB 14 60 FF B5 3A 0A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack --> Ap0x</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 EB 03 0C 00 00 EB 03 0C 00 00 8D B5 CB 22 00 00 8D 9D F0 02 00 00 33 FF E8 47 02 00 00 EB 03 15 00 00 6A 40 68 00 10 00 00 68 00 20 0C 00 6A 00 FF 95 9B 0A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack -> Ap0x</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 2C 0A 00 00 8D 9D 22 02 00 00 33 FF E8 xx xx xx xx 6A 40 68 xx xx xx xx 68 xx xx xx xx 6A 00 FF 95 CD 09 00 00 89 85 xx xx xx xx EB 14 60 FF B5 14 0A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack -> Ap0x</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 5A 0A 00 00 8D 9D 40 02 00 00 33 FF E8 xx xx xx xx 6A 40 68 xx xx xx xx 68 xx xx xx xx 6A 00 FF 95 EB 09 00 00 89 85 xx xx xx xx EB 14 60 FF B5 3A 0A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack -> Ap0x</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 EB 03 xx xx xx EB 03 xx xx xx 8D B5 CB 22 00 00 8D 9D F0 02 00 00 33 FF E8 xx xx xx xx EB 03 xx xx xx 6A 40 68 xx xx xx xx 68 xx xx xx xx 6A 00 FF 95 9B 0A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack 1.0 beta -> ap0x (h)</text>
-      <pattern>
-        60 E8 00 00 00 00 8D 64 24 04 8B 6C 24 FC 8D B5 4C 02 00 00 8D 9D 13 01 00 00 33 FF EB 0F FF 74 37 04 FF 34 37 FF D3 83 C4 08 83 C7 08 83 3C 37 00 75 EB 8D 74 37 04 53 6A 40 68 00 10 00 00 68 xx xx xx xx 6A 00 FF 95 F9 01 00 00 89 85 48 02 00 00 5B FF B5 48 02 00 00 56 FF D3 83 C4 08 8B B5 48 02 00 00 8B C6 EB 01 40 80 38 01 75 FA 40 8B 38 83 C0 04 89 85 44 02 00 00 EB 7A 56 FF 95 F1 01 00 00 89 85 40 02 00 00 8B C6 EB 4F 8B 85 44 02 00 00 8B 00 A9 00 00 00 80 74 14 35 00 00 00 80 50 8B 85 44 02 00 00 C7 00 20 20 20 00 EB 06 FF B5 44 02 00 00 FF B5 40 02 00 00 FF 95 F5 01 00 00 89 07 83 C7 04 8B 85 44 02 00 00 EB 01 40 80 38 00 75 FA 40 89 85 44 02 00 00 80 38 00 75 AC EB 01 46 80 3E 00 75 FA 46 40 8B 38 83 C0 04 89 85 44 02 00 00 80 3E 01 75 81 68 00 40 00 00 68 xx xx xx xx FF B5 48 02 00 00 FF 95 FD 01 00 00 61 68 xx xx xx xx C3 60 8B 74 24 24 8B 7C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack 1.0 beta -> ap0x</text>
-      <pattern>
-        60 E8 00 00 00 00 8D 64 24 04 8B 6C 24 FC 8D B5 4C 02 00 00 8D 9D 13 01 00 00 33 FF EB 0F FF 74 37 04 FF 34 37 FF D3 83 C4 08 83 C7 08 83 3C 37 00 75 EB 8D 74 37 04 53 6A 40 68 00 10 00 00 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack 1.0 beta -> ap0x</text>
-      <pattern>
-        60 E8 00 00 00 00 8D 64 24 04 8B 6C 24 FC 8D B5 4C 02 00 00 8D 9D 13 01 00 00 33 FF EB 0F FF 74 37 04 FF 34 37 FF D3 83 C4 08 83 C7 08 83 3C 37 00 75 EB 8D 74 37 04 53 6A 40 68 00 10 00 00 68 xx xx xx xx 6A 00 FF 95 F9 01 00 00 89 85 48 02 00 00 5B FF B5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack 1.1 BasicEdition -> ap0x</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 4A 02 00 00 8D 9D 11 01 00 00 33 FF EB 0F FF 74 37 04 FF 34 37 FF D3 83 C4 08 83 C7 08 83 3C 37 00 75 EB 8D 74 37 04 53 6A 40 68 00 10 00 00 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack 1.16 (aPLib compression) -> ap0x (h)</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 53 03 00 00 8D 9D 02 02 00 00 33 FF E8 45 01 00 00 EB 0F FF 74 37 04 FF 34 37 FF D3 83 C4 08 83 C7 08 83 3C 37 00 75 EB 8D 74 37 04 53 6A 40 68 00 10 00 00 68 xx xx xx xx 6A 00 FF 95 E8 02 00 00 89 85 4F 03 00 00 5B FF B5 4F 03 00 00 56 FF D3 83 C4 08 8B B5 4F 03 00 00 8B C6 EB 01 40 80 38 01 75 FA 40 8B 38 E8 CD 00 00 00 83 C0 04 89 85 4B 03 00 00 E9 93 00 00 00 56 FF 95 E0 02 00 00 85 C0 0F 84 AE 00 00 00 89 85 47 03 00 00 8B C6 EB 5B 8B 85 4B 03 00 00 8B 00 A9 00 00 00 80 74 14 35 00 00 00 80 50 8B 85 4B 03 00 00 C7 00 20 20 20 00 EB 06 FF B5 4B 03 00 00 FF B5 47 03 00 00 FF 95 E4 02 00 00 85 C0 74 6B 89 07 83 C7 04 8B
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack 1.16 (LZMA compression) -> ap0x (h)</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 5A 0A 00 00 8D 9D 40 02 00 00 33 FF E8 83 01 00 00 6A 40 68 00 10 00 00 68 00 20 0C 00 6A 00 FF 95 EB 09 00 00 89 85 3A 0A 00 00 EB 14 60 FF B5 3A 0A 00 00 FF 34 37 FF 74 37 04 FF D3 61 83 C7 08 83 3C 37 00 75 E6 8D 74 37 04 53 6A 40 68 00 10 00 00 68 xx xx xx xx 6A 00 FF 95 EB 09 00 00 89 85 56 0A 00 00 5B 60 FF B5 3A 0A 00 00 56 FF B5 56 0A 00 00 FF D3 61 8B B5 56 0A 00 00 8B C6 EB 01 40 80 38 01 75 FA 40 8B 38 E8 E7 00 00 00 83 C0 04 89 85 52 0A 00 00 E9 97 00 00 00 56 FF 95 E3 09 00 00 89 85 4E 0A 00 00 85 C0 0F 84 C2
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack 1.17+</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 xx xx 00 00 8D 9D xx xx 00 00 33 FF E8 xx xx xx xx EB 0F FF 74 37 04 FF 34 37 FF D3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack 1.18 (aPlib 0.43) -> ap0x</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 xx 8D B5 1A 04 00 00 8D 9D C1 02 00 00 33 FF E8 61 01 00 00 EB 0F FF 74 37 04 FF 34 37 FF D3 83 C4 xx 83 C7 xx 83 3C 37 00 75 EB 83 BD 06 04 00 00 00 74 0E 83 BD 0A 04 00 00 00 74 05 E8 D7 01 00 00 8D 74 37 04 53 6A xx 68 xx xx xx xx 68 xx xx xx xx 6A 00 FF 95 A7 03 00 00 89 85 16 04 00 00 5B FF B5 16 04 00 00 56 FF D3 83 C4 xx 8B B5 16 04 00 00 8B C6 EB 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack 1.18 (LZMA 4.30) -> ap0x</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 xx 8D B5 21 0B 00 00 8D 9D FF 02 00 00 33 FF E8 9F 01 00 00 6A xx 68 xx xx xx xx 68 xx xx xx xx 6A 00 FF 95 AA 0A 00 00 89 85 F9 0A 00 00 EB 14 60 FF B5 F9 0A 00 00 FF 34 37 FF 74 37 04 FF D3 61 83 C7 xx 83 3C 37 00 75 E6 83 BD 0D 0B 00 00 00 74 0E 83 BD 11 0B 00 00 00 74 05 E8 F6 01 00 00 8D 74 37 04 53 6A xx 68 xx xx xx xx 68 xx xx xx xx 6A 00 FF 95 AA 0A 00 00 89 85 1D 0B 00 00 5B 60 FF B5 F9 0A 00 00 56 FF B5 1D 0B 00 00 FF D3 61 8B B5 1D 0B 00 00 8B C6 EB 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack 1.18 Dll (aPlib 0.43) -> ap0x</text>
-      <pattern>
-        80 7C 24 08 01 0F 85 5C 01 00 00 60 E8 00 00 00 00 8B 2C 24 83 C4 xx 8D B5 1A 04 00 00 8D 9D C1 02 00 00 33 FF E8 61 01 00 00 EB 0F FF 74 37 04 FF 34 37 FF D3 83 C4 xx 83 C7 xx 83 3C 37 00 75 EB 83 BD 06 04 00 00 00 74 0E 83 BD 0A 04 00 00 00 74 05 E8 D7 01 00 00 8D 74 37 04 53 6A xx 68 xx xx xx xx 68 xx xx xx xx 6A xx FF 95 A7 03 00 00 89 85 16 04 00 00 5B FF B5 16 04 00 00 56 FF D3 83 C4 xx 8B B5 16 04 00 00 8B C6 EB 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack 1.18 Dll (LZMA 4.30) -> ap0x</text>
-      <pattern>
-        80 7C 24 08 01 0F 85 xx 01 00 00 60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 xx xx xx xx 8D 9D xx xx xx xx 33 FF E8 9F 01 00 00 6A xx 68 xx xx xx xx 68 xx xx xx xx 6A xx FF 95 AA 0A 00 00 89 85 F9 0A 00 00 EB 14 60 FF B5 F9 0A 00 00 FF 34 37 FF 74 37 04 FF D3 61 83 C7 08 83 3C 37 00 75 E6 83 BD 0D 0B 00 00 00 74 0E 83 BD 11 0B 00 00 00 74 05 E8 F6 01 00 00 8D 74 37 04 53 6A xx 68 xx xx xx xx 68 xx xx xx xx 6A xx FF 95 AA 0A 00 00 89 85 1D 0B 00 00 5B 60 FF B5 F9 0A 00 00 56 FF B5 1D 0B 00 00 FF D3 61 8B B5 1D 0B 00 00 8B C6 EB 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        RLPack 1.20 Basic Edition aPLib -> Ap0x
-      </text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 83 7C 24 28 01 75 0C 8B 44 24 24 89 85 92 05 00 00 EB 0C 8B 85 8E 05 00 00 89 85 92 05 00 00 8D B5 BA 05 00 00 8D 9D 41 04 00 00 33 FF E8 38 01 00 00 EB 1B 8B 85 92 05 00 00 FF 74 37 04 01 04 24 FF 34 37 01 04 24 FF D3 83 C4 08 83 C7 08 83 3C 37 00 75 DF 83 BD 9E 05 00 00 00 74 0E 83 BD A2 05 00 00 00 74 05 E8 D6 01 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        RLPack 1.20 Basic Edition LZMA -> Ap0x
-      </text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 83 7C 24 28 01 75 0C 8B 44 24 24 89 85 9C 0C 00 00 EB 0C 8B 85 98 0C 00 00 89 85 9C 0C 00 00 8D B5 C4 0C 00 00 8D 9D 82 04 00 00 33 FF 6A 40 68 00 10 00 00 68 00 20 0C 00 6A 00 FF 95 2D 0C 00 00 89 85 94 0C 00 00 E8 59 01 00 00 EB 20 60 8B 85 9C 0C 00 00 FF B5 94 0C 00 00 FF 34 37 01 04 24 FF 74 37 04 01 04 24 FF D3 61 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack Full Edition 1.17 (LZMA)</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 8D B5 73 26 00 00 8D 9D 58 03 00 00 33 FF xx xx xx xx xx xx xx xx xx xx 6A 40 68 xx xx xx xx 68 xx xx xx xx 6A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack Full Edition 1.17 -> Ap0x</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 8D B5 xx xx xx xx 8D 9D xx xx xx xx 33 FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        RLPack Full Edition 1.17 aPLib
-      </text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 8D B5 74 1F 00 00 8D 9D 1E 03 00 00 33 FF xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx EB 0F FF 74 37 04 FF 34
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack Full Edition 1.17 DLL (LZMA)</text>
-      <pattern>
-        80 7C 24 08 01 0F 85 xx xx xx xx 60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 5A 0A 00 00 8D 9D 40 02 00 00 33 FF E8 xx xx xx xx 6A 40 68 xx xx xx xx 68 xx xx xx xx 6A 00 FF 95 EB 09 00 00 89 85
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack Full Edition 1.17 DLL -> Ap0x</text>
-      <pattern>
-        80 7C 24 08 01 0F 85 xx xx xx xx 60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 xx xx xx xx 8D 9D xx xx xx xx 33 FF E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        RLPack Full Edition 1.17 DLL aPLib
-      </text>
-      <pattern>
-        80 7C 24 08 01 0F 85 xx xx xx xx 60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 53 03 00 00 8D 9D 02 02 00 00 33 FF E8 xx xx xx xx EB 0F FF 74 37 04 FF 34 37 FF D3 83 C4 08 83 C7 08 83 3C 37 00 75
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack Full Edition 1.17 iBox (LZMA)</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 8D B5 67 30 00 00 8D 9D 66 03 00 00 33 FF xx xx xx xx xx xx xx xx xx xx 6A 40 68 xx xx xx xx 68 xx xx xx xx 6A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        RLPack Full Edition 1.17 iBox aPLib
-      </text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 8D B5 79 29 00 00 8D 9D 2C 03 00 00 33 FF xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx EB 0F FF 74 37 04 FF 34
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack V1.0.beta -> ap0x ! Sign by fly</text>
-      <pattern>
-        60 E8 00 00 00 00 8D 64 24 04 8B 6C 24 FC 8D B5 4C 02 00 00 8D 9D 13 01 00 00 33 FF EB 0F FF 74 37 04 FF 34 37 FF D3 83 C4 08 83 C7 08 83 3C 37 00 75 EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack V1.11 -> ap0x ! Sign by fly</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 4A 02 00 00 8D 9D 11 01 00 00 33 FF EB 0F FF 74 37 04 FF 34 37 FF D3 83 C4 08 83 C7 08 83 3C 37 00 75 EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack V1.12-V1.14 (aPlib 0.43) -> ap0x ! Sign by fly</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 xx xx xx xx 8D 9D xx xx xx xx 33 FF EB 0F FF xx xx xx FF xx xx xx D3 83 C4 xx 83 C7 xx 83 3C 37 00 75 EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack V1.12-V1.14 (LZMA 4.30) -> ap0x ! Sign by fly</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 xx xx xx xx 8D 9D xx xx xx xx 33 FF 6A xx 68 xx xx xx xx 68 xx xx xx xx 6A xx FF 95 xx xx xx xx 89 85 xx xx xx xx EB xx 60
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack V1.15-V1.17 (aPlib 0.43) -> ap0x ! Sign by fly</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 xx xx xx xx 8D 9D xx xx xx xx 33 FF E8 45 01 00 00 EB 0F FF 74 37 04 FF 34 37 FF D3 83 C4 08 83 C7 08 83 3C 37 00 75 EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack V1.15-V1.17 (LZMA 4.30) -> ap0x ! Sign by fly</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 xx xx xx xx 8D 9D xx xx xx xx 33 FF E8 83 01 00 00 6A xx 68 xx xx xx xx 68 xx xx xx xx 6A xx FF 95 xx xx xx xx 89 85 xx xx xx xx EB 14
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack V1.15-V1.17 Dll -> ap0x ! Sign by fly</text>
-      <pattern>
-        80 7C 24 08 01 0F 85 xx 01 00 00 60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 xx xx xx xx 8D 9D xx xx xx xx 33 FF E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack V1.18 (aPlib 0.43) -> ap0x</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 xx 8D B5 1A 04 00 00 8D 9D C1 02 00 00 33 FF E8 61 01 00 00 EB 0F FF 74 37 04 FF 34 37 FF D3 83 C4 xx 83 C7 xx 83 3C 37 00 75 EB 83 BD 06 04 00 00 00 74 0E 83 BD 0A 04 00 00 00 74 05 E8 D7 01 00 00 8D 74 37 04 53 6A xx 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack V1.18 (LZMA 4.30) -> ap0x</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 xx 8D B5 21 0B 00 00 8D 9D FF 02 00 00 33 FF E8 9F 01 00 00 6A xx 68 xx xx xx xx 68 xx xx xx xx 6A 00 FF 95 AA 0A 00 00 89 85 F9 0A 00 00 EB 14 60 FF B5 F9 0A 00 00 FF 34 37 FF 74 37 04 FF D3 61 83 C7 xx 83 3C 37 00 75 E6
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        RLPack v1.18 Basic aPLib -> Ap0x
-      </text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 1A 04 00 00 8D 9D C1 02 00 00 33 FF E8 61 01 00 00 EB 0F FF 74 37 04 FF 34 37 FF D3 83 C4 08 83 C7 08 83 3C 37 00 75 EB 83 BD 06 04 00 00 00 74 0E 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        RLPack v1.18 Basic LZMA -> Ap0x
-      </text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 21 0B 00 00 8D 9D FF 02 00 00 33 FF E8 9F 01 00 00 6A 40 68 00 10 00 00 68 00 20 0C 00 6A 00 FF 95 AA 0A 00 00 89 85 F9 0A 00 00 EB 14 60 FF B5 F9 0A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        RLPack v1.18 Basic DLL aPLib -> Ap0x
-      </text>
-      <pattern>
-        80 7C 24 08 01 0F 85 xx xx xx xx 60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 1A 04 00 00 8D 9D C1 02 00 00 33 FF E8 61 01 00 00 EB 0F FF 74 37 04 FF 34 37 FF D3 83 C4 08 83 C7 08 83 3C 37 00 75 EB 83 BD 06 04 00 00 00 74 0E 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        RLPack v1.18 Basic DLL LZMA -> Ap0x
-      </text>
-      <pattern>
-        80 7C 24 08 01 0F 85 xx xx xx xx 60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 21 0B 00 00 8D 9D FF 02 00 00 33 FF E8 9F 01 00 00 6A 40 68 00 10 00 00 68 00 20 0C 00 6A 00 FF 95 AA 0A 00 00 89 85 F9 0A 00 00 EB 14 60 FF B5 F9 0A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack V1.18 Basic Edition (aPlib 0.43) -> ap0x</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 1A 04 00 00 8D 9D C1 02 00 00 33 FF E8 61 01 00 00 EB 0F FF 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack V1.18 Basic Edition (aPLib or LZMA) -> ap0x</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 xx xx 00 00 8D 9D xx 02 00 00 33 FF E8 xx 01 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack V1.18 Basic Edition (LZMA 4.30) -> ap0x</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 21 0B 00 00 8D 9D FF 02 00 00 33 FF E8 9F 01 00 00 6A 40 68 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack V1.18 Dll (aPlib 0.43) -> ap0x</text>
-      <pattern>
-        80 7C 24 08 01 0F 85 5C 01 00 00 60 E8 00 00 00 00 8B 2C 24 83 C4 xx 8D B5 1A 04 00 00 8D 9D C1 02 00 00 33 FF E8 61 01 00 00 EB 0F FF 74 37 04 FF 34 37 FF D3 83 C4 xx 83 C7 xx 83 3C 37 00 75 EB 83 BD 06 04 00 00 00 74 0E 83 BD 0A 04 00 00 00 74 05 E8 D7
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack V1.18 Dll (LZMA 4.30) -> ap0x</text>
-      <pattern>
-        80 7C 24 08 01 0F 85 xx 01 00 00 60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 xx xx xx xx 8D 9D xx xx xx xx 33 FF E8 9F 01 00 00 6A xx 68 xx xx xx xx 68 xx xx xx xx 6A xx FF 95 AA 0A 00 00 89 85 F9 0A 00 00 EB 14 60 FF B5 F9 0A 00 00 FF 34 37 FF 74 37 04 FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack V1.19 (aPlib 0.43) -> ap0x ! Sign by fly</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 83 7C 24 28 01 75 0C 8B 44 24 24 89 85 3C 04 00 00 EB 0C 8B 85 38 04 00 00 89 85 3C 04 00 00 8D B5 60 04 00 00 8D 9D EB 02 00 00 33 FF E8 52 01 00 00 EB 1B 8B 85 3C 04 00 00 FF 74 37 04 01 04 24 FF 34 37 01 04 24 FF D3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack V1.19 (aPlib 0.43) -> ap0x Sign by fly</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 83 7C 24 28 01 75 0C 8B 44 24 24 89 85 3C 04 00 00 EB 0C 8B 85 38 04 00 00 89 85 3C 04 00 00 8D B5 60 04 00 00 8D 9D EB 02 00 00 33 FF E8 52 01 00 00 EB 1B 8B 85 3C 04 00 00 FF 74 37 04 01 04 24 FF 34 37 01 04 24 FF D3 83 C4 08 83 C7 08 83 3C 37 00 75 DF 83 BD 48 04 00 00 00 74 0E 83 BD 4C 04 00 00 00 74 05 E8 B8 01 00 00 8D 74 37 04 53 6A 40 68 00 10 00 00 68 xx xx xx xx 6A 00 FF 95 D1 03 00 00 89 85 5C 04 00 00 5B FF B5 5C 04 00 00 56 FF D3 83 C4 08 8B B5 5C 04 00 00 8B C6 EB 01 40 80 38 01 75 FA 40 8B 38 03 BD 3C 04 00 00 83 C0 04 89 85 58 04 00 00 E9 94 00 00 00 56 FF 95 C9 03 00 00 85 C0 0F 84 B4 00 00 00 89 85 54 04 00 00 8B C6 EB 5B 8B 85 58 04 00 00 8B 00 A9 00 00 00 80 74 14 35 00 00 00 80 50 8B 85 58 04 00 00 C7 00 20 20 20 00 EB 06 FF B5 58 04 00 00 FF B5 54 04 00 00 FF 95 CD 03 00 00 85 C0 74 71 89 07 83 C7 04 8B 85 58 04 00 00 EB 01 40 80 38 00 75 FA 40 89 85 58 04 00 00 66 81 78 02 00 80 74 A5 80 38 00 75 A0 EB 01 46 80 3E 00 75 FA 46 40 8B 38 03 BD 3C 04 00 00 83 C0 04 89 85 58 04 00 00 80 3E 01 0F 85 63 FF FF FF 68 00 40 00 00 68 xx xx xx xx FF B5 5C 04 00 00 FF 95 D5 03 00 00 E8 3D 00 00 00 E8 24 01 00 00 61 E9 xx xx xx xx 61 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack V1.19 (LZMA 4.30) -> ap0x ! Sign by fly</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 83 7C 24 28 01 75 0C 8B 44 24 24 89 85 49 0B 00 00 EB 0C 8B 85 45 0B 00 00 89 85 49 0B 00 00 8D B5 6D 0B 00 00 8D 9D 2F 03 00 00 33 FF 6A 40 68 00 10 00 00 68 00 20 0C 00 6A 00 FF 95 DA 0A 00 00 89 85 41 0B 00 00 E8 76
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack V1.19 (LZMA 4.30) -> ap0x Sign by fly</text>
-      <pattern>
-        60 E8 00 00 00 00 8B 2C 24 83 C4 04 83 7C 24 28 01 75 0C 8B 44 24 24 89 85 49 0B 00 00 EB 0C 8B 85 45 0B 00 00 89 85 49 0B 00 00 8D B5 6D 0B 00 00 8D 9D 2F 03 00 00 33 FF 6A 40 68 00 10 00 00 68 00 20 0C 00 6A 00 FF 95 DA 0A 00 00 89 85 41 0B 00 00 E8 76 01 00 00 EB 20 60 8B 85 49 0B 00 00 FF B5 41 0B 00 00 FF 34 37 01 04 24 FF 74 37 04 01 04 24 FF D3 61 83 C7 08 83 3C 37 00 75 DA 83 BD 55 0B 00 00 00 74 0E 83 BD 59 0B 00 00 00 74 05 E8 D7 01 00 00 8D 74 37 04 53 6A 40 68 00 10 00 00 68 xx xx xx xx 6A 00 FF 95 DA 0A 00 00 89 85 69 0B 00 00 5B 60 FF B5 41 0B 00 00 56 FF B5 69 0B 00 00 FF D3 61 8B B5 69 0B 00 00 8B C6 EB 01 40 80 38 01 75 FA 40 8B 38 03 BD 49 0B 00 00 83 C0 04 89 85 65 0B 00 00 E9 98 00 00 00 56 FF 95 D2 0A 00 00 89 85 61 0B 00 00 85 C0 0F 84 C8 00 00 00 8B C6 EB 5F 8B 85 65 0B 00 00 8B 00 A9 00 00 00 80 74 14 35 00 00 00 80 50 8B 85 65 0B 00 00 C7 00 20 20 20 00 EB 06 FF B5 65 0B 00 00 FF B5 61 0B 00 00 FF 95 D6 0A 00 00 85 C0 0F 84 87 00 00 00 89 07 83 C7 04 8B 85 65 0B 00 00 EB 01 40 80 38 00 75 FA 40 89 85 65 0B 00 00 66 81 78 02 00 80 74 A1 80 38 00 75 9C EB 01 46 80 3E 00 75 FA 46 40 8B 38 03 BD 49 0B 00 00 83 C0 04 89 85 65 0B 00 00 80 3E 01 0F 85 5F FF FF FF 68 00 40 00 00 68 xx xx xx xx FF B5 69 0B 00 00 FF 95 DE 0A 00 00 68 00 40 00 00 68 00 20 0C 00 FF B5 41 0B 00 00 FF 95 DE 0A 00 00 E8 3D 00 00 00 E8 24 01 00 00 61 E9 xx xx xx xx 61 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack V1.19 Dll (aPlib 0.43) -> ap0x ! Sign by fly</text>
-      <pattern>
-        80 7C 24 08 01 0F 85 89 01 00 00 60 E8 00 00 00 00 8B 2C 24 83 C4 04 83 7C 24 28 01 75 0C 8B 44 24 24 89 85 3C 04 00 00 EB 0C 8B 85 38 04 00 00 89 85 3C 04 00 00 8D B5 60 04 00 00 8D 9D EB 02 00 00 33 FF E8 52 01 00 00 EB 1B 8B 85 3C 04 00 00 FF 74 37 04
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack V1.19 Dll (aPlib 0.43) -> ap0x Sign by fly</text>
-      <pattern>
-        80 7C 24 08 01 0F 85 89 01 00 00 60 E8 00 00 00 00 8B 2C 24 83 C4 04 83 7C 24 28 01 75 0C 8B 44 24 24 89 85 3C 04 00 00 EB 0C 8B 85 38 04 00 00 89 85 3C 04 00 00 8D B5 60 04 00 00 8D 9D EB 02 00 00 33 FF E8 52 01 00 00 EB 1B 8B 85 3C 04 00 00 FF 74 37 04 01 04 24 FF 34 37 01 04 24 FF D3 83 C4 08 83 C7 08 83 3C 37 00 75 DF 83 BD 48 04 00 00 00 74 0E 83 BD 4C 04 00 00 00 74 05 E8 B8 01 00 00 8D 74 37 04 53 6A 40 68 00 10 00 00 68 xx xx xx xx 6A 00 FF 95 D1 03 00 00 89 85 5C 04 00 00 5B FF B5 5C 04 00 00 56 FF D3 83 C4 08 8B B5 5C 04 00 00 8B C6 EB 01 40 80 38 01 75 FA 40 8B 38 03 BD 3C 04 00 00 83 C0 04 89 85 58 04 00 00 E9 94 00 00 00 56 FF 95 C9 03 00 00 85 C0 0F 84 B4 00 00 00 89 85 54 04 00 00 8B C6 EB 5B 8B 85 58 04 00 00 8B 00 A9 00 00 00 80 74 14 35 00 00 00 80 50 8B 85 58 04 00 00 C7 00 20 20 20 00 EB 06 FF B5 58 04 00 00 FF B5 54 04 00 00 FF 95 CD 03 00 00 85 C0 74 71 89 07 83 C7 04 8B 85 58 04 00 00 EB 01 40 80 38 00 75 FA 40 89 85 58 04 00 00 66 81 78 02 00 80 74 A5 80 38 00 75 A0 EB 01 46 80 3E 00 75 FA 46 40 8B 38 03 BD 3C 04 00 00 83 C0 04 89 85 58 04 00 00 80 3E 01 0F 85 63 FF FF FF 68 00 40 00 00 68 xx xx xx xx FF B5 5C 04 00 00 FF 95 D5 03 00 00 E8 3D 00 00 00 E8 24 01 00 00 61 E9 xx xx xx xx 61 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack V1.19 Dll (LZMA 4.30) -> ap0x ! Sign by fly</text>
-      <pattern>
-        80 7C 24 08 01 0F 85 C7 01 00 00 60 E8 00 00 00 00 8B 2C 24 83 C4 04 83 7C 24 28 01 75 0C 8B 44 24 24 89 85 49 0B 00 00 EB 0C 8B 85 45 0B 00 00 89 85 49 0B 00 00 8D B5 6D 0B 00 00 8D 9D 2F 03 00 00 33 FF 6A 40 68 00 10 00 00 68 00 20 0C 00 6A 00 FF 95 DA
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RLPack V1.19 Dll (LZMA 4.30) -> ap0x Sign by fly</text>
-      <pattern>
-        80 7C 24 08 01 0F 85 C7 01 00 00 60 E8 00 00 00 00 8B 2C 24 83 C4 04 83 7C 24 28 01 75 0C 8B 44 24 24 89 85 49 0B 00 00 EB 0C 8B 85 45 0B 00 00 89 85 49 0B 00 00 8D B5 6D 0B 00 00 8D 9D 2F 03 00 00 33 FF 6A 40 68 00 10 00 00 68 00 20 0C 00 6A 00 FF 95 DA 0A 00 00 89 85 41 0B 00 00 E8 76 01 00 00 EB 20 60 8B 85 49 0B 00 00 FF B5 41 0B 00 00 FF 34 37 01 04 24 FF 74 37 04 01 04 24 FF D3 61 83 C7 08 83 3C 37 00 75 DA 83 BD 55 0B 00 00 00 74 0E 83 BD 59 0B 00 00 00 74 05 E8 D7 01 00 00 8D 74 37 04 53 6A 40 68 00 10 00 00 68 xx xx xx xx 6A 00 FF 95 DA 0A 00 00 89 85 69 0B 00 00 5B 60 FF B5 41 0B 00 00 56 FF B5 69 0B 00 00 FF D3 61 8B B5 69 0B 00 00 8B C6 EB 01 40 80 38 01 75 FA 40 8B 38 03 BD 49 0B 00 00 83 C0 04 89 85 65 0B 00 00 E9 98 00 00 00 56 FF 95 D2 0A 00 00 89 85 61 0B 00 00 85 C0 0F 84 C8 00 00 00 8B C6 EB 5F 8B 85 65 0B 00 00 8B 00 A9 00 00 00 80 74 14 35 00 00 00 80 50 8B 85 65 0B 00 00 C7 00 20 20 20 00 EB 06 FF B5 65 0B 00 00 FF B5 61 0B 00 00 FF 95 D6 0A 00 00 85 C0 0F 84 87 00 00 00 89 07 83 C7 04 8B 85 65 0B 00 00 EB 01 40 80 38 00 75 FA 40 89 85 65 0B 00 00 66 81 78 02 00 80 74 A1 80 38 00 75 9C EB 01 46 80 3E 00 75 FA 46 40 8B 38 03 BD 49 0B 00 00 83 C0 04 89 85 65 0B 00 00 80 3E 01 0F 85 5F FF FF FF 68 00 40 00 00 68 xx xx xx xx FF B5 69 0B 00 00 FF 95 DE 0A 00 00 68 00 40 00 00 68 00 20 0C 00 FF B5 41 0B 00 00 FF 95 DE 0A 00 00 E8 3D 00 00 00 E8 24 01 00 00 61 E9 xx xx xx xx 61 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ROD High TECH -> Ayman</text>
-      <pattern>
-        60 8B 15 1D 13 40 00 F7 E0 8D 82 83 19 00 00 E8 58 0C 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RosAsm 2050a -> Betov</text>
-      <pattern>
-        55 8B EC 60 8B 5D 08 B9 08 00 00 00 BF xx xx xx xx 83 C7 07 FD 8A C3 24 0F 04 30 3C 39 76 02 04 07 AA C1 EB 04 E2 EE FC 68 00 10 00 00 68 xx xx xx xx 68 xx xx xx xx 6A 00 FF 15 xx xx xx xx 61 8B E5 5D C2 04 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>RPolyCrypt v 1.0 (personal polycryptor) sign from pinch</text>
-      <pattern>
-        50 58 97 97 60 61 8B 04 24 80 78 F3 6A E8 00 00 00 00 58 E8 00 00 00 00 58 91 91 EB 00 0F 85 6B F4 76 6F E8 00 00 00 00 83 C4 04 E8 00 00 00 00 58 90 E8 00 00 00 00 83 C4 04 8B 04 24 80 78 F1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Safe 2.0</text>
-      <pattern>
-        83 EC 10 53 56 57 E8 C4 01 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SafeDisc 4</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 00 00 00 00 42 6F 47 5F
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SafeDisc/SafeCast 2.xx - 3.xx -> Macrovision</text>
-      <pattern>
-        55 8B EC 60 BB xx xx xx xx 33 C9 8A 0D 3D xx xx xx 85 C9 74 0C B8 xx xx xx xx 2B C3 83 E8 05 EB 0E 51 B9 xx xx xx xx 8B C1 2B C3 03 41 01 59 C6 03 E9 89 43 01 51 68 09 xx xx xx 33 C0 85 C9 74 05 8B 45 08 EB 00 50 E8 76 00 00 00 83 C4 08 59 83 F8 00 74 1C
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SafeDisc/SafeCast 2.xx - 3.xx -> Macrovision</text>
-      <pattern>
-        55 8B EC 60 BB xx xx xx xx 33 C9 8A 0D 3D xx xx xx 85 C9 74 0C B8 xx xx xx xx 2B C3 83 E8 05 EB 0E 51 B9 xx xx xx xx 8B C1 2B C3 03 41 01 59 C6 03 E9 89 43 01 51 68 09 xx xx xx 33 C0 85 C9 74 05 8B 45 08 EB 00 50 E8 76 00 00 00 83 C4 08 59 83 F8 00 74 1C C6 03 C2 C6 43 01 0C 85 C9 74 09 61 5D B8 00 00 00 00 EB 97 50 A1 29 xx xx xx xx D0 61 5D EB 46 80 7C 24 08 00 75 3F 51 8B 4C 24 04 89 0D xx xx xx xx B9 xx xx xx xx 89 4C 24 04 59 EB 28 50 B8 2D xx xx xx xx 70 08 8B 40 0C FF D0 B8 2D xx xx xx xx 30 8B 40 04 FF D0 58 FF 35 xx xx xx xx C3 72 16 61 13 60 0D E9 xx xx xx xx CC CC 81 EC E8 02 00 00 53 55 56 57
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Safeguard 1.0 -> Simonzh</text>
-      <pattern>
-        E8 00 00 00 00 EB 29
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Sc Obfuscator -> SuperCRacker ! Sign by fly</text>
-      <pattern>
-        60 33 C9 8B 1D xx xx xx xx 03 1D xx xx xx xx 8A 04 19 84 C0 74 09 3C xx 74 05 34 xx 88 04 19 41 3B 0D xx xx xx xx 75 E7 A1 xx xx xx xx 01 05 xx xx xx xx 61 FF 25 xx xx xx xx 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SC Obfuscator -> SuperCRacker</text>
-      <pattern>
-        60 33 C9 8B 1D 00 xx xx xx 03 1D 08 xx xx xx 8A 04 19 84 C0 74 09 3C xx 74 05 34 xx 88 04 19 41 3B 0D 04 xx xx xx 75 E7 A1 08 xx xx xx 01 05 0C xx xx xx 61 FF 25 0C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SCAN /AV</text>
-      <pattern>
-        1E 0E 1F B8 xx xx 8E C0 26 8A 1E xx xx 80 xx xx 72
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SCRAM! v0.8a1</text>
-      <pattern>
-        B4 30 CD 21 3C 02 77 xx CD 20 BC xx xx B9 xx xx 8B FC B2 xx 58 4C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SCRAM! vC5</text>
-      <pattern>
-        B8 xx xx 50 9D 9C 58 25 xx xx 75 xx BA xx xx B4 09 CD 21 CD 20
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SDC 1.2 (Self Decrypting Binary Generator) - by Claes M Nyberg</text>
-      <pattern>
-        55 89 E5 83 EC 08 C7 04 24 01 00 00 00 FF 15 A0 91 40 00 E8 DB FE FF FF 55 89 E5 53 83 EC 14 8B 45 08 8B 00 8B 00 3D 91 00 00 C0 77 3B 3D 8D 00 00 C0 72 4B BB 01 00 00 00 C7 44 24 04 00 00 00 00 C7 04 24 08 00 00 00 E8 CE 24 00 00 83 F8 01 0F 84 C4 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SDC 1.2 (Self Decrypting Binary Generator) - by Claes M Nyberg</text>
-      <pattern>
-        55 89 E5 83 EC 08 C7 04 24 01 00 00 00 FF 15 A0 91 40 00 E8 DB FE FF FF 55 89 E5 53 83 EC 14 8B 45 08 8B 00 8B 00 3D 91 00 00 C0 77 3B 3D 8D 00 00 C0 72 4B BB 01 00 00 00 C7 44 24 04 00 00 00 00 C7 04 24 08 00 00 00 E8 CE 24 00 00 83 F8 01 0F 84 C4 00 00 00 85 C0 0F 85 A9 00 00 00 31 C0 83 C4 14 5B 5D C2 04 00 3D 94 00 00 C0 74 56 3D 96 00 00 C0 74 1E 3D 93 00 00 C0 75 E1 EB B5 3D 05 00 00 C0 8D B4 26 00 00 00 00 74 43 3D 1D 00 00 C0 75 CA C7 44 24 04 00 00 00 00 C7 04 24 04 00 00 00 E8 73 24 00 00 83 F8 01 0F 84 99 00 00 00 85 C0 74 A9 C7 04 24 04 00 00 00 FF D0 B8 FF FF FF FF EB 9B 31 DB 8D 74 26 00 E9 69 FF FF FF C7 44 24 04 00 00 00 00 C7 04 24 0B 00 00 00 E8 37 24 00 00 83 F8 01 74 7F 85 C0 0F 84 6D FF FF FF C7 04 24 0B 00 00 00 8D 76 00 FF D0 B8 FF FF FF FF E9 59 FF FF FF C7 04 24 08 00 00 00 FF D0 B8 FF FF FF FF E9 46 FF FF FF C7 44 24 04 01 00 00 00 C7 04 24 08 00 00 00 E8 ED 23 00 00 B8 FF FF FF FF 85 DB 0F 84 25 FF FF FF E8 DB 15 00 00 B8 FF FF FF FF E9 16 FF FF FF C7 44 24 04 01 00 00 00 C7 04 24 04 00 00 00 E8 BD 23 00 00 B8 FF FF FF FF E9 F8 FE FF FF C7 44 24 04 01 00 00 00 C7 04 24 0B 00 00 00 E8 9F 23 00 00 B8 FF FF FF FF E9 DA FE FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SDProtect -> Randy Li</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx xx 68 88 88 88 08 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 58 64 A3 00 00 00 00 58 58 58 58 8B E8 E8 3B 00 00 00 E8 01 00 00 00 FF 58 05
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SDProtect -> Randy Li</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx xx 68 88 88 88 08 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 58 64 A3 00 00 00 00 58 58 58 58 8B E8 xx xx xx xx xx xx xx 00 00 00 xx xx xx xx 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SDProtector 1.1x -> Randy Li</text>
-      <pattern>
-        55 8B EC 6A FF 68 1D 32 13 05 68 88 88 88 08 64 A1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SDProtector 1.x -> Randy Li</text>
-      <pattern>
-        55 8B EC 6A FF 68 1D 32 13 05 68 88 88 88 08 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 58 64 A3 00 00 00 00 58 58 58 58 8B E8 E8 3B 00 00 00 E8 01 00 00 00 FF 58 05 53 00 00 00 51 8B 4C 24 10 89 81 B8 00 00 00 B8 55 01 00 00 89 41 20 33 C0 89 41 04 89 41
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SDProtector 1.x -> Randy Li</text>
-      <pattern>
-        55 8B EC 6A FF 68 1D 32 13 05 68 88 88 88 08 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 58 64 A3 00 00 00 00 58 58 58 58 8B E8 E8 3B 00 00 00 E8 01 00 00 00 FF 58 05 53 00 00 00 51 8B 4C 24 10 89 81 B8 00 00 00 B8 55 01 00 00 89 41 20 33 C0 89 41 04 89 41 08 89 41 0C 89 41 10 59 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 33 C0 64 FF 30 64 89 20 9C 80 4C 24 01 01 9D 90 90 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 64 8F 00 58 74 07 75 05 19 32 67 E8 E8 74 27 75 25 EB 00 EB FC 68 39 44 CD 00 59 9C 50 74 0F 75 0D E8 59 C2 04 00 55 8B EC E9 FA FF FF 0E E8 EF FF FF FF 56 57 53 78 03 79 01 E8 68 A2 AF 47 01 59 E8 01 00 00 00 FF 58 05 7B 03 00 00 03 C8 74 C4 75 C2 E8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SDProtector Basic/Pro Edition 1.10 -> Randy Li (h)</text>
-      <pattern>
-        55 8B EC 6A FF 68 1D 32 13 05 68 88 88 88 08 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 58 64 A3 00 00 00 00 58 58 58 58 8B E8 50 83 EC 08 64 A1 00 00 00 00 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 83 C4 08 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 64 8F 05 00 00 00 00 64 A3 00 00 00 00 83 C4 08 58 74 07 75 05 19 32 67 E8 E8 74 27 75 25 EB 00 EB FC 68 39 44 CD 00 59 9C 50 74 0F 75 0D E8 59 C2 04 00 55 8B EC E9 FA FF FF 0E E8 EF FF FF FF 56 57 53 78 0F 79 0D E8 34 99 47 49 34 33 EF 31 34 52 47 23 68 A2 AF 47 01 59 E8 01 00 00 00 FF 58 05 59 03 00 00 03 C8 74 B8 75 B6 E8 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SDProtector Basic/Pro Edition 1.10 -> Randy Li</text>
-      <pattern>
-        55 8B EC 6A FF 68 1D 32 13 05 68 88 88 88 08 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 58 64 A3 00 00 00 00 58 58 58 58 8B E8 50 83 EC 08 64 A1 00 00 00 00 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 83 C4 08 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 64
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SDProtector Basic/Pro Edition 1.12 -> Randy Li (h)</text>
-      <pattern>
-        55 8B EC 6A FF 68 1D 32 13 05 68 88 88 88 08 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 58 64 A3 00 00 00 00 58 58 58 58 8B E8 E8 3B 00 00 00 E8 01 00 00 00 FF 58 05 53 00 00 00 51 8B 4C 24 10 89 81 B8 00 00 00 B8 55 01 00 00 89 41 20 33 C0 89 41 04 89 41 08 89 41 0C 89 41 10 59 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 33 C0 64 FF 30 64 89 20 9C 80 4C 24 01 01 9D 90 90 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 64 8F 00 58 74 07 75 05 19 32 67 E8 E8 74 27 75 25 EB 00 EB FC 68 39 44 CD 00 59 9C 50 74 0F 75 0D E8 59 C2 04 00 55 8B EC E9 FA FF FF 0E E8 EF FF FF FF 56 57 53 78 03 79 01 E8 68 A2 AF 47 01 59 E8 01 00 00 00 FF 58 05 7B 03 00 00 03 C8 74 C4 75 C2 E8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E2
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SDProtector Pro 1.12</text>
-      <pattern>
-        55 8B EC 6A FF 68 1D 32 13 05 68 88 88 88 08 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 58 64 A3 00 00 00 00 58 58 58 58 8B E8 E8 3B 00 00 00 E8 01 00 00 00 FF 58 05 53 00 00 00 51 8B 4C 24 10 89 81 B8 00 00 00 B8 55 01 00 00 89 41 20 33 C0 89 41 04 89 41 08 89 41 0C 89 41 10 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SDProtector Pro Edition 1.16 -> Randy Li (h)</text>
-      <pattern>
-        55 8B EC 6A FF 68 1D 32 13 05 68 88 88 88 08 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 58 64 A3 00 00 00 00 58 58 58 58 8B E8 E8 3B 00 00 00 E8 01 00 00 00 FF 58 05 53 00 00 00 51 8B 4C 24 10 89 81 B8 00 00 00 B8 55 01 00 00 89 41 18 33 C0 89 41 04 89 41 08 89 41 0C 89 41 10 59 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 33 C0 64 FF 30 64 89 20 9C 80 4C 24 01 01 9D 90 90 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 64 8F 00 58 74 07 75 05 19 32 67 E8 E8 74 27 75 25 EB 00 EB FC 68 39 44 CD 00 59 9C 50 74 0F 75 0D E8 59 C2 04 00 55 8B EC E9 FA FF FF 0E E8 EF FF FF FF 56 57 53 78 03 79 01 E8 68 A2 AF 47 01 59 E8 01 00 00 00 FF 58 05 93 03 00 00 03 C8 74 C4 75 C2 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SDProtector Pro Edition 1.16 -> Randy Li</text>
-      <pattern>
-        55 8B EC 6A FF 68 1D 32 13 05 68 88 88 88 08 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 58 64 A3 00 00 00 00 58 58 58 58 8B E8 E8 3B 00 00 00 E8 01 00 00 00 FF 58 05 53 00 00 00 51 8B 4C 24 10 89 81 B8 00 00 00 B8 55 01 00 00 89 41 18 33 C0 89 41 04 89 41
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SDProtector V1.1X -> Randy Li ! Sign by fly</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx xx 68 88 88 88 08 64 A1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SEA-AXE v2.2</text>
-      <pattern>
-        FC BC xx xx 0E 1F A3 xx xx E8 xx xx A1 xx xx 8B xx xx xx 2B C3 8E C0 B1 03 D3 E3 8B CB BF xx xx 8B F7 F3 A5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SEA-AXE</text>
-      <pattern>
-        FC BC xx xx 0E 1F E8 xx xx 26 A1 xx xx 8B 1E xx xx 2B C3 8E C0 B1 xx D3 E3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SecuPack v1.5</text>
-      <pattern>
-        55 8B EC 83 C4 F0 53 56 57 33 C0 89 45 F0 B8 CC 3A 40 xx E8 E0 FC FF FF 33 C0 55 68 EA 3C 40 xx 64 FF 30 64 89 20 6A xx 68 80 xx xx xx 6A 03 6A xx 6A 01 xx xx xx 80
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SecureEXE 3.0 -> ZipWorx</text>
-      <pattern>
-        E9 B8 00 00 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SecurePE 1.X -> www.deepzone.org</text>
-      <pattern>
-        8B 04 24 E8 00 00 00 00 5D 81 ED 4C 2F 40 00 89 85 61 2F 40 00 8D 9D 65 2F 40 00 53 C3 00 00 00 00 8D B5 BA 2F 40 00 8B FE BB 65 2F 40 00 B9 C6 01 00 00 AD 2B C3 C1 C0 03 33 C3 AB 43 81 FB 8E 2F 40 00 75 05 BB 65 2F 40 00 E2 E7 89 AD 1A 31 40 00 89 AD 55 34 40 00 89 AD 68 34 40 00 8D 85 BA 2F 40 00 50 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SecurePE 1.X</text>
-      <pattern>
-        8B 04 24 E8 00 00 00 00 5D 81 ED 4C 2F 40 00 89 85 61 2F 40 00 8D 9D 65 2F 40 00 53 C3 00 00 00 00 8D B5 BA 2F 40 00 8B FE BB 65 2F 40 00 B9 C6 01 00 00 AD 2B C3 C1 C0 03 33 C3 AB 43 81 FB 8E 2F 40 00 75 05 BB 65 2F 40 00 E2 E7 89 AD 1A 31 40 00 89 AD 55
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SEN Debug Protectorxx?</text>
-      <pattern>
-        BB xx xx xx xx 00 xx xx xx xx xx 29 xx xx 4E E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Sentinel SuperPro (Automatic Protection) 6.4.0 -> Safenet</text>
-      <pattern>
-        68 xx xx xx xx 6A 01 6A 00 FF 15 xx xx xx xx A3 xx xx xx xx FF 15 xx xx xx xx 33 C9 3D B7 00 00 00 A1 xx xx xx xx 0F 94 C1 85 C0 89 0D xx xx xx xx 0F 85 xx xx xx xx 55 56 C7 05 xx xx xx xx 01 00 00 00 FF 15 xx xx xx xx 01 05 xx xx xx xx FF 15
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Sentinel SuperPro (Automatic Protection) 6.4.1 -> Safenet</text>
-      <pattern>
-        A1 xx xx xx xx 55 8B xx xx xx 85 C0 74 xx 85 ED 75 xx A1 xx xx xx xx 50 55 FF 15 xx xx xx xx 8B 0D xx xx xx xx 55 51 FF 15 xx xx xx xx 85 C0 74 xx 8B 15 xx xx xx xx 52 FF 15 xx xx xx xx 6A 00 6A 00 68 xx xx xx xx E8 xx xx xx xx B8 01 00 00 00 5D C2 0C 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Sentinel SuperPro (Automatic Protection) v6.4.0 -> Safenet</text>
-      <pattern>
-        68 xx xx xx xx 6A 01 6A 00 FF 15 xx xx xx xx A3 xx xx xx xx FF 15 xx xx xx xx 33 C9 3D B7 00 00 00 A1 xx xx xx xx 0F 94 C1 85 C0 89 0D xx xx xx xx 0F 85 xx xx xx xx 55 56 C7 05 xx xx xx xx 01 00 00 00 FF 15 xx xx xx xx 01 05 xx xx xx xx FF 15 xx xx xx xx 33 05 xx xx xx xx 25 FE FF DF 3F 0D 01 00 20 00 A3 xx xx xx xx 33 C0 50 C7 04 85 xx xx xx xx 00 00 00 00 E8 xx xx xx xx 83 C4 04 83 F8 64 7C xx 68 xx xx xx xx FF 15 xx xx xx xx 8B 35 xx xx xx xx 68 xx xx xx xx FF D6 68 xx xx xx xx FF D6 68 xx xx xx xx FF D6 68 xx xx xx xx FF D6 68 xx xx xx xx FF D6 A1 xx xx xx xx 8B 2D xx xx xx xx 66 8B 55 00 83 C5 08
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Sentinel SuperPro (Automatic Protection) v6.4.1 -> Safenet</text>
-      <pattern>
-        A1 xx xx xx xx 55 8B xx xx xx 85 C0 74 xx 85 ED 75 xx A1 xx xx xx xx 50 55 FF 15 xx xx xx xx 8B 0D xx xx xx xx 55 51 FF 15 xx xx xx xx 85 C0 74 xx 8B 15 xx xx xx xx 52 FF 15 xx xx xx xx 6A 00 6A 00 68 xx xx xx xx E8 xx xx xx xx B8 01 00 00 00 5D C2 0C 00 68 xx xx xx xx 6A 01 6A 00 FF 15 xx xx xx xx A3 xx xx xx xx FF 15 xx xx xx xx 33 C9 3D B7 00 00 00 A1 xx xx xx xx 0F 94 C1 85 C0 89 0D xx xx xx xx 0F 85 xx xx xx xx 56 C7 05 xx xx xx xx 01 00 00 00 FF 15 xx xx xx xx 01 xx xx xx xx xx FF 15 xx xx xx xx 33 05 xx xx xx xx 25 FE FF DF 3F 0D 01 00 20 00 A3 xx xx xx xx 33 C0 50 C7 04 xx xx xx xx xx 00 00 00 00 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Setup Factory 6.0.0.3 Setup Launcher</text>
-      <pattern>
-        55 8B EC 6A FF 68 90 61 40 00 68 70 3B 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 14 61 40 00 33 D2 8A D4 89 15 5C 89 40 00 8B C8 81 E1 FF 00 00 00 89 0D 58 89 40 00 C1 E1 08 03 CA 89 0D 54 89 40 00 C1 E8 10 A3 50 89
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Setup Factory 6.x Custom</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx 61 40 00 68 xx 43 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 xx 61 40 00 33 D2 8A D4 89 15 A0 A9 40 00 8B C8 81 E1 FF 00 00 00 89 0D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Setup Factory v6.0.0.3 Setup Launcher</text>
-      <pattern>
-        55 8B EC 6A FF 68 90 61 40 00 68 70 3B 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 14 61 40 00 33 D2 8A D4 89 15 5C 89 40 00 8B C8 81 E1 FF 00 00 00 89 0D 58 89 40 00 C1 E1 08 03 CA 89 0D 54 89 40 00 C1 E8 10 A3 50 89 40 00 33 F6 56 E8 E0 00 00 00 59 85 C0 75 08 6A 1C E8 B0 00 00 00 59 89 75 FC E8 E6 0F 00 00 FF 15 10 61 40 00 A3 40 8E 40 00 E8 A4 0E 00 00 A3 90 89 40 00 E8 4D 0C 00 00 E8 8F 0B 00 00 E8 22 FE FF FF 89 75 D0 8D 45 A4 50 FF 15 0C 61 40 00 E8 20 0B 00 00 89 45 9C F6 45 D0 01 74 06 0F B7 45 D4 EB 03 6A 0A 58 50 FF 75 9C 56 56 FF 15 08 61 40 00 50 E8 5A E9 FF FF 89 45 A0 50 E8 10 FE FF FF 8B 45
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Setup2Go Installer Stub</text>
-      <pattern>
-        5B 53 45 54 55 50 5F 49 4E 46 4F 5D 0D 0A 56 65 72
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Sexe Crypter 1.1 - by santasdad</text>
-      <pattern>
-        55 8B EC 83 C4 EC 53 56 57 33 C0 89 45 EC B8 D8 39 00 10 E8 30 FA FF FF 33 C0 55 68 D4 3A 00 10 64 FF 30 64 89 xx xx xx xx E4 3A 00 10 A1 00 57 00 10 50 E8 CC FA FF FF 8B D8 53 A1 00 57 00 10 50 E8 FE FA FF FF 8B F8 53 A1 00 57 00 10 50 E8 C8 FA FF FF 8B D8 53 E8 C8 FA FF FF 8B F0 85 F6 74 26 8B D7 4A B8 14 57 00 10 E8 AD F6 FF FF B8 14 57 00 10 E8 9B F6 FF FF 8B CF 8B D6 E8 DA FA FF FF 53 E8 84 FA FF FF 8D 4D EC BA F8 3A 00 10 A1 14 57 00 10 E8 0A FB FF FF 8B 55 EC B8 14 57 00 10 E8 65 F5 FF FF B8 14 57 00 10 E8 63 F6 FF FF E8 52 FC FF FF 33 C0 5A 59 59 64 89 10 68 DB 3A 00 10 8D 45 EC E8 ED F4 FF FF C3 E9 83 EF FF FF EB F0 5F 5E 5B E8 ED F3 FF FF 00 53 45 54 54 49 4E 47 53 00 00 00 00 FF FF FF FF 12 00 00 00 6B 75 74 68 37 36 67 62 62 67 36 37 34 76 38 38 67 79
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Sharp GPB Graphics format</text>
-      <pattern>
-        4D 00 00 00 00 xx xx xx xx 08 00 00 00 03 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Shegerd Dongle V4.78 -> MS.Co.</text>
-      <pattern>
-        E8 32 00 00 00 B8 xx xx xx xx 8B 18 C1 CB 05 89 DA 36 8B 4C 24 0C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ShellModify 0.1 -> pll621</text>
-      <pattern>
-        55 8B EC 6A FF 68 98 66 41 00 68 3C 3D 41 00 64 A1 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>shoooo's Pack -> shoooo</text>
-      <pattern>
-        68 xx xx xx xx E8 01 00 00 00 C3 C3 11 55 07 8B EC B8 xx xx xx xx E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Shrink v1.0</text>
-      <pattern>
-        50 9C FC BE xx xx BF xx xx 57 B9 xx xx F3 A4 8B xx xx xx BE xx xx BF xx xx F3 A4 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Shrink v2.0</text>
-      <pattern>
-        E9 xx xx 50 9C FC BE xx xx 8B FE 8C C8 05 xx xx 8E C0 06 57 B9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Shrink Wrap v1.4</text>
-      <pattern>
-        58 60 8B E8 55 33 F6 68 48 01 xx xx E8 49 01 xx xx EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Shrinker 3.2</text>
-      <pattern>
-        55 8B EC 56 57 75 65 68 00 01 00 00 E8 F1 E6 FF FF 83 C4 04
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Shrinker 3.3</text>
-      <pattern>
-        00 00 55 8B EC 56 57 75 65 68 00 01 00 00 E8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Shrinker 3.4</text>
-      <pattern>
-        55 8B EC 56 57 75 6B 68 00 01 00 00 E8 11 0B 00 00 83 C4 04
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Shrinker v3.2</text>
-      <pattern>
-        83 3D xx xx xx xx xx 55 8B EC 56 57 75 65 68 00 01 xx xx E8 xx E6 FF FF 83 C4 04 8B 75 08 A3 xx xx xx xx 85 F6 74 1D 68 FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Shrinker v3.3</text>
-      <pattern>
-        83 3D xx xx xx 00 00 55 8B EC 56 57 75 65 68 00 01 00 00 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Shrinker v3.4</text>
-      <pattern>
-        83 3D B4 xx xx xx xx 55 8B EC 56 57 75 6B 68 00 01 00 00 E8 xx 0B 00 00 83 C4 04 8B 75 08 A3 B4 xx xx xx 85 F6 74 23 83 7D 0C 03 77 1D 68 FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Shrinker v3.4</text>
-      <pattern>
-        BB xx xx BA xx xx 81 C3 07 00 B8 40 B4 B1 04 D3 E8 03 C3 8C D9 49 8E C1 26 03 0E 03 00 2B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Silicon Realms Install Stub</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx 92 40 00 68 xx xx 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 xx xx 40 00 33 D2 8A D4 89 15 xx xx 40 00 8B C8 81 E1 FF 00 00 00 89 0D xx xx 40 00 C1 E1 08 03 CA 89 0D xx xx 40 00 C1 E8 10 A3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Silicon Realms Install Stub</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx 92 40 00 68 xx xx 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 xx xx 40 00 33 D2 8A D4 89 15 xx xx 40 00 8B C8 81 E1 FF 00 00 00 89 0D xx xx 40 00 C1 E1 08 03 CA 89 0D xx xx 40 00 C1 E8 10 A3 xx xx 40 00 33 F6 56 E8 xx xx 00 00 59 85 C0 75 08 6A 1C E8 B0 00 00 00 59 89 75 FC E8 xx xx 00 00 FF 15 xx 91 40 00 A3 xx xx 40 00 E8 xx xx 00 00 A3 xx xx 40 00 E8 xx xx 00 00 E8 xx xx 00 00 E8 xx xx FF FF 89 75 D0 8D 45 A4 50 FF 15 xx 91 40 00 E8 xx xx 00 00 89 45 9C F6 45 D0 01 74 06 0F B7 45 D4 EB 03 6A 0A 58 50 FF 75 9C 56 56 FF 15 xx 91 40 00 50 E8 xx xx FF FF 89 45 A0 50 E8 xx xx FF FF 8B 45 EC 8B 08 8B 09 89 4D 98 50 51 E8 xx xx 00 00 59 59 C3 8B 65 E8 FF 75 98 E8 xx xx FF FF 83 3D xx xx 40 00 01 75 05
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SimbiOZ -> Extranger</text>
-      <pattern>
-        50 60 E8 00 00 00 00 5D 81 ED 07 10 40 00 68 80 0B 00 00 8D 85 1F 10 40 00 50 E8 84 0B 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SimbiOZ 1.3 -> Extranger</text>
-      <pattern>
-        57 57 8D 7C 24 04 50 B8 00 xx xx xx AB 58 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SimbiOZ Poly 2.1 -> Extranger</text>
-      <pattern>
-        55 50 8B C4 83 C0 04 C7 00 xx xx xx xx 58 C3 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SimbiOZ PolyCryptor v.xx-> Extranger</text>
-      <pattern>
-        55 60 E8 00 00 00 00 5D 81 ED xx xx xx xx 8D 85 xx xx xx xx 68 xx xx xx xx 50 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Simple UPX Cryptor V30.4.2005 -> MANtiCORE</text>
-      <pattern>
-        60 B8 xx xx xx xx B9 xx xx xx xx xx xx xx xx E2 FA 61 68 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        Simple UPX Cryptor v30.4.2005 multi layer encryption
-      </text>
-      <pattern>
-        60 B8 xx xx xx 00 B9 18 00 00 00 80 34 08 xx E2 FA 61 68 xx xx xx 00 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        Simple UPX Cryptor v30.4.2005 multi layer encryption
-      </text>
-      <pattern>
-        60 B8 xx xx xx xx B9 18 00 00 00 80 34 08 xx E2 FA 61 68 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        Simple UPX Cryptor v30.4.2005 One layer encryption
-      </text>
-      <pattern>
-        60 B8 xx xx xx 00 B9 xx 01 00 00 80 34 08 xx E2 FA 61 68 xx xx xx 00 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        SimplePack 1.11 Method 1 -> bagie TMX
-      </text>
-      <pattern>
-        60 E8 00 00 00 00 5B 8D 5B FA BD 00 00 xx xx 8B 7D 3C 8D 74 3D 00 8D BE F8 00 00 00 0F B7 76 06 4E 8B 47 10 09 C0 74 55 0F B7 47 22 09 C0 74 4D 6A 04 68 00 10 00 00 FF 77 10 6A 00 FF 93 38 03 00 00 50 56 57 89 EE 03 77 0C 8B 4F 10 89 C7 89 C8 C1 E9 02 FC F3 A5 89 C1 83 E1 03 F3 A4 5F 5E 8B 04 24 89 EA 03 57 0C E8 3F 01 00 00 58 68 00 40 00 00 FF 77 10 50 FF 93 3C 03 00 00 83 C7 28 4E 75 9E BE xx xx xx xx 09 F6 0F 84 0C 01 00 00 01 EE 8B 4E 0C 09 C9 0F 84 FF 00 00 00 01 E9 89 CF 57 FF 93 30 03 00 00 09 C0 75 3D 6A 04 68 00 10 00 00 68 00 10 00 00 6A 00 FF 93 38 03 00 00 89 C6 8D 83 6F 02 00 00 57 50 56 FF 93 44 03 00 00 6A 10 6A 00 56 6A 00 FF 93 48 03 00 00 89 E5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        SimplePack 1.11 Method 1 -> bagie TMX
-      </text>
-      <pattern>
-        60 E8 00 00 00 00 5B 8D 5B FA BD 00 00 xx xx 8B 7D 3C 8D 74 3D 00 8D BE F8 00 00 00 0F B7 76 06 4E 8B 47 10 09 C0 74 55 0F B7 47 22 09 C0 74 4D 6A 04 68 00 10 00 00 FF 77 10 6A 00 FF 93 38 03 00 00 50 56 57 89 EE 03 77 0C 8B 4F 10 89 C7 89 C8 C1 E9 02 FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        SimplePack 1.11 Method 2(NT) -> bagie TMX
-      </text>
-      <pattern>
-        4D 5A 90 EB 01 00 52 E9 89 01 00 00 50 45 00 00 4C 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 00 0F 03 0B 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SimplePack 1.2.build.30.09 (Method2) -> bagie</text>
-      <pattern>
-        4D 5A 90 EB 01 00 52 E9 86 01 00 00 50 45 00 00 4C 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 00 0F 03 0B 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 xx xx xx 00 10 00 00 00 02 00 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SimplePack 1.21.build.09.09 (Method2) -> bagie</text>
-      <pattern>
-        4D 5A 90 EB 01 00 52 E9 8A 01 00 00 50 45 00 00 4C 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 00 0F 03 0B 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 xx xx xx 00 10 00 00 00 02 00 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SimplePack 1.X (Method2) -> bagie</text>
-      <pattern>
-        4D 5A 90 EB 01 00 52 E9 xx 01 00 00 50 45 00 00 4C 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 00 0F 03 0B 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 xx xx xx 00 10 00 00 00 02 00 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SimplePack V1.0X -> bagie ! Sign by fly</text>
-      <pattern>
-        60 E8 00 00 00 00 5B 8D 5B FA 6A 00 FF 93 xx xx 00 00 89 C5 8B 7D 3C 8D 74 3D 00 8D BE F8 00 00 00 8B 86 88 00 00 00 09 C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SimplePack V1.1X (Method1) -> bagie ! Sign by fly</text>
-      <pattern>
-        60 E8 00 00 00 00 5B 8D 5B FA BD xx xx xx xx 8B 7D 3C 8D 74 3D 00 8D BE F8 00 00 00 0F B7 76 06 4E 8B 47 10 09 C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SimplePack V1.1X (Method2) -> bagie ! Sign by fly</text>
-      <pattern>
-        4D 5A 90 EB 01 00 52 E9 89 01 00 00 50 45 00 00 4C 01 02 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SimplePack V1.1X (Method2) -> bagie</text>
-      <pattern>
-        4D 5A 90 EB 01 00 52 E9 89 01 00 00 50 45 00 00 4C 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 00 0F 03 0B 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 xx xx xx 00 10 00 00 00 02 00 00 01 00 00 00 00 00 00 00 04
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SimplePack V1.1X (Method2) -> bagie</text>
-      <pattern>
-        4D 5A 90 EB 01 00 52 E9 89 01 00 00 50 45 00 00 4C 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 00 0F 03 0B 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 xx xx xx 00 10 00 00 00 02 00 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SimplePack V1.1X-V1.2X (Method2) -> bagie</text>
-      <pattern>
-        4D 5A 90 EB 01 00 52 E9 xx 01 00 00 50 45 00 00 4C 01 02 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SimplePack V1.2.build.30.09 (Method2) -> bagie</text>
-      <pattern>
-        4D 5A 90 EB 01 00 52 E9 86 01 00 00 50 45 00 00 4C 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 00 0F 03 0B 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 xx xx xx 00 10 00 00 00 02 00 00 01 00 00 00 00 00 00 00 04
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SimplePack V1.21.build.09.09 (Method2) -> bagie</text>
-      <pattern>
-        4D 5A 90 EB 01 00 52 E9 8A 01 00 00 50 45 00 00 4C 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 00 0F 03 0B 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 xx xx xx 00 10 00 00 00 02 00 00 01 00 00 00 00 00 00 00 04
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SimplePack V1.X (Method2) -> bagie</text>
-      <pattern>
-        4D 5A 90 EB 01 00 52 E9 xx 01 00 00 50 45 00 00 4C 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 00 0F 03 0B 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 xx xx xx 00 10 00 00 00 02 00 00 01 00 00 00 00 00 00 00 04
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SkD Undetectabler 3 (No FSG 2 Method) -> SkD</text>
-      <pattern>
-        55 8B EC 81 EC 10 02 00 00 68 00 02 00 00 8D 85 F8 FD FF FF 50 6A 00 FF 15 38 10 00 01 50 FF 15 3C 10 00 01 8D 8D F8 FD FF FF 51 E8 4F FB FF FF 83 C4 04 8B 15 xx 16 00 01 52 A1 xx 16 00 01 50 E8 50 FF FF FF 83 C4 08 A3 xx 16 00 01 C7 85 F4 FD FF FF 00 00 00 00 EB 0F 8B 8D F4 FD FF FF 83 C1 01 89 8D F4 FD FF FF 8B 95 F4 FD FF FF 3B 15 xx 16 00 01 73 1C 8B 85 F4 FD FF FF 8B 0D xx 16 00 01 8D 54 01 07 81 FA 74 10 00 01 75 02 EB 02 EB C7 8B 85 F4 FD FF FF 50 E8 xx 00 00 00 83 C4 04 89 85 F0 FD FF FF 8B 8D F0 FD FF FF 89 4D FC C7 45 F8 00 00 00 00 EB 09 8B 55 F8 83 C2 01 89 55 F8 8B 45 F8 3B 85 F4 FD FF FF 73 15 8B 4D FC 03 4D F8 8B 15 xx 16 00 01 03 55 F8 8A 02 88 01 EB D7 83 3D xx 16 00 01 00 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SkD Undetectabler Pro 2.0 (No UPX Method) -> SkD</text>
-      <pattern>
-        55 8B EC 83 C4 F0 B8 FC 26 00 10 E8 EC F3 FF FF 6A 0F E8 15 F5 FF FF E8 64 FD FF FF E8 BB ED FF FF 8D 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SLR (OPTLINK) (1)</text>
-      <pattern>
-        87 C0 EB xx 71 xx 02 D8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SLR (OPTLINK)</text>
-      <pattern>
-        BF xx xx 8E DF FA 8E D7 81 C4 xx xx FB B4 30 CD 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SLVc0deProtector 0.60 -> SLV / ICU</text>
-      <pattern>
-        EB 02 FA 04 E8 49 00 00 00 69 E8 49 00 00 00 95 E8 4F 00 00 00 68 E8 1F 00 00 00 49 E8 E9 FF FF FF 67 E8 1F 00 00 00 93 E8 31 00 00 00 78 E8 DD
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SLVc0deProtector 1.1 -> SLV (h)</text>
-      <pattern>
-        E8 01 00 00 00 A0 5D EB 01 69 81 ED 5F 1A 40 00 8D 85 92 1A 40 00 F3 8D 95 83 1A 40 00 8B C0 8B D2 2B C2 83 E8 05 89 42 01 E8 FB FF FF FF 69 83 C4 08 E8 06 00 00 00 69 E8 F2 FF FF FF F3 B9 05 00 00 00 51 8D B5 BF 1A 40 00 8B FE B9 58 15 00 00 AC 32 C1 F6
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SLVc0deProtector 1.1x -> SLV / ICU</text>
-      <pattern>
-        E8 00 00 00 00 58 C6 00 EB C6 40 01 08 FF E0 E9 4C xx xx 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SLVc0deProtector v1.1 -> SLV (h)</text>
-      <pattern>
-        E8 00 00 00 00 58 C6 00 EB C6 40 01 08 FF E0 E9 4C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SLVc0deProtector v1.1 -> SLV (h)</text>
-      <pattern>
-        E8 01 00 00 00 A0 5D EB 01 69 81 ED 5F 1A 40 00 8D 85 92 1A 40 00 F3 8D 95 83 1A 40 00 8B C0 8B D2 2B C2 83 E8 05 89 42 01 E8 FB FF FF FF 69 83 C4 08 E8 06 00 00 00 69 E8 F2 FF FF FF F3 B9 05 00 00 00 51 8D B5 BF 1A 40 00 8B FE B9 58 15 00 00 AC 32 C1 F6 D0 EB 01 00 D0 C0 FE C8 02 C1 AA E2 EF 59 E2 DE B7 FE AB E1 24 C8 0C 88 7A E1 B1 6A F7 95 83 1B A8 7F F8 A8 B0 1A 8B 08 91 47 6C 5A 88 6C 65 39 85 DB CB 54 3D B9 24 CF 4C AE C6 63 74 2C 63 F0 C8 18 0B 97 6B 79 63 A8 AB B8 78 A9 30 2F 2B DA 18 AC 35 45 36 BC 0D 7D 24 D1 51 3C E6 34 11 5A 43 06 24 89 FA 74 30
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SmartE -> Microsoft</text>
-      <pattern>
-        EB 15 03 00 00 00 xx 00 00 00 00 00 00 00 00 00 00 00 68 00 00 00 00 55 E8 00 00 00 00 5D 81 ED 1D 00 00 00 8B C5 55 60 9C 2B 85 8F 07 00 00 89 85 83 07 00 00 FF 74 24 2C E8 BB 01 00 00 0F 82 2F 06 00 00 E8 8E 04 00 00 49 0F 88 23 06
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SmokesCrypt v1.2</text>
-      <pattern>
-        60 B8 xx xx xx xx B8 xx xx xx xx 8A 14 08 80 F2 xx 88 14 08 41 83 F9 xx 75 F1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Soft Defender 1.1x -> Randy Li</text>
-      <pattern>
-        74 07 75 05 19 32 67 E8 E8 74 1F 75 1D E8 68 39 44
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Soft Defender v1.0 - v1.1</text>
-      <pattern>
-        74 07 75 05 19 32 67 E8 E8 74 1F 75 1D E8 68 39 44 CD xx 59 9C 50 74 0A 75 08 E8 59 C2 04 xx 55 8B EC E8 F4 FF FF FF 56 57 53 78 0F 79 0D E8 34 99 47 49 34 33 EF 31 34 52 47 23 68 A2 AF 47 01 59 E8 xx xx xx xx 58 05 BA 01 xx xx 03 C8 74 BE 75 BC E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Soft Defender v1.12</text>
-      <pattern>
-        74 07 75 05 19 32 67 E8 E8 74 1F 75 1D E8 68 39 44 CD 00 59 9C 50 74 0A 75 08 E8 59 C2 04 00 55 8B EC E8 F4 FF FF FF 56 57 53 78 0F 79 0D E8 34 99 47 49 34 33 EF 31 34 52 47 23 68 A2 AF 47 01 59 E8 01 00 00 00 FF 58 05 BE 01 00 00 03 C8 74 BD 75 BB E8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Soft Defender v1.1x -> Randy Li</text>
-      <pattern>
-        74 07 75 05 xx xx xx xx xx 74 1F 75 1D xx 68 xx xx xx 00 59 9C 50 74 0A 75 08 xx 59 C2 04 00 xx xx xx E8 F4 FF FF FF xx xx xx 78 0F 79 0D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SoftComp 1.x -> BG Soft PT</text>
-      <pattern>
-        E8 00 00 00 00 81 2C 24 3A 10 41 00 5D E8 00 00 00 00 81 2C 24 31 01 00 00 8B 85 2A 0F 41 00 29 04 24 8B 04 24 89 85 2A 0F 41 00 58 8B 85 2A 0F 41 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SoftDefender 1.x -> Randy Li</text>
-      <pattern>
-        74 07 75 05 19 32 67 E8 E8 74 1F 75 1D E8 68 39 44 CD 00 59 9C 50 74 0A 75 08 E8 59 C2 04 00 55 8B EC E8 F4 FF FF FF 56 57 53 78 0F 79 0D E8 34 99 47 49 34 33 EF 31 34 52 47 23 68 A2 AF 47 01 59 E8 01 00 00 00 FF 58 05 E6 01 00 00 03 C8 74 BD 75 BB E8 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SoftDefender 1.x -> Randy Li</text>
-      <pattern>
-        74 07 75 05 19 32 67 E8 E8 74 1F 75 1D E8 68 39 44 CD 00 59 9C 50 74 0A 75 08 E8 59 C2 04 00 55 8B EC E8 F4 FF FF FF 56 57 53 78 0F 79 0D E8 34 99 47 49 34 33 EF 31 34 52 47 23 68 A2 AF 47 01 59 E8 01 00 00 00 FF 58 05 E6 01 00 00 03 C8 74 BD 75 BB E8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SoftProtect -> SoftProtect.by.ru</text>
-      <pattern>
-        E8 0C 15 00 00 8D 85 2F 14 00 00 C7 00 00 00 00 00 E8 29 0F 00 00 E8 F6 14 00 00 8D 85 20 01 00 00 50 E8 AA 16 00 00 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SoftProtect -> SoftProtect.by.ru</text>
-      <pattern>
-        EB 01 E3 60 E8 03 xx xx xx D2 EB 0B 58 EB 01 48 40 EB 01 35 FF E0 E7 61 60 E8 03 xx xx xx 83 EB 0E EB 01 0C 58 EB 01 35 40 EB 01 36 FF E0 0B 61 EB 01 83 9C EB 01 D5 EB 08 35 9D EB 01 89 EB 03 0B EB F7 E8 xx xx xx xx 58 E8 xx xx xx xx 59 83 01 01 80 39 5C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SoftProtect -> SoftProtect.by.ru</text>
-      <pattern>
-        EB 01 E3 60 E8 03 xx xx xx D2 EB 0B 58 EB 01 48 40 EB 01 35 FF E0 E7 61 60 E8 03 xx xx xx 83 EB 0E EB 01 0C 58 EB 01 35 40 EB 01 36 FF E0 0B 61 EB 01 83 9C EB 01 D5 EB 08 35 9D EB 01 89 EB 03 0B EB F7 E8 xx xx xx xx 58 E8 xx xx xx xx 59 83 01 01 80 39 5C 75 F2 33 C4 74 0C 23 C4 0B C4 C6 01 59 C6 01 59 EB E2 90 E8 44 14 xx xx 8D 85 CF 13 xx xx C7 xx xx xx xx xx E8 61 0E xx xx E8 2E 14 xx xx 8D 85 E4 01 xx xx 50 E8 E2 15 xx xx 83 BD 23 01 xx xx 01 75 07 E8 21 0D xx xx EB 09 8D 85 CF 13 xx xx 83 08 01 83 BD 1F 01 xx xx 01 75 07 E8 3E 0C xx xx EB 05 E8 A8 0C xx xx E8 B3 02 xx xx 8D 85 63 02 xx xx 50 E8 A3 15 xx xx 8D 85 F5 02 xx xx 50 E8 97 15 xx xx E8 E2 01 xx xx 8D 85 09 05 xx xx 50 E8 86 15 xx xx 8D 85 F8 0F xx xx 50 E8 7A 15 xx xx 8D 85 88 0F xx xx 50 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SoftProtect -> www.softprotect.by.ru</text>
-      <pattern>
-        E8 xx xx xx xx 8D xx xx xx xx xx C7 00 00 00 00 00 E8 xx xx xx xx E8 xx xx xx xx 8D xx xx xx xx xx 50 E8 xx xx xx xx 83 xx xx xx xx xx 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SoftSentry v2.11</text>
-      <pattern>
-        55 8B EC 83 EC xx 53 56 57 E9 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SoftSentry v3.0</text>
-      <pattern>
-        55 8B EC 83 EC xx 53 56 57 E9 B0 06
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Software Compress -> BG Software</text>
-      <pattern>
-        E9 BE 00 00 00 60 8B 74 24 24 8B 7C 24 28 FC B2 80 33 DB A4 B3 02 E8 6D 00 00 00 73 F6 33 C9 E8 64 00 00 00 73 1C 33 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00 12 C0 73 F7 75 3F AA EB D4 E8 4D 00 00 00 2B CB 75 10 E8 42 00 00 00 EB 28 AC D1 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Software Compress -> BG Software</text>
-      <pattern>
-        E9 BE 00 00 00 60 8B 74 24 24 8B 7C 24 28 FC B2 80 33 DB A4 B3 02 E8 6D 00 00 00 73 F6 33 C9 E8 64 00 00 00 73 1C 33 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00 12 C0 73 F7 75 3F AA EB D4 E8 4D 00 00 00 2B CB 75 10 E8 42 00 00 00 EB 28 AC D1 E8 74 4D 13 C9 EB 1C 91 48 C1 E0 08 AC E8 2C 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 8E 02 D2 75 05 8A 16 46 12 D2 C3 33 C9 41 E8 EE FF FF FF 13 C9 E8 E7 FF FF FF 72 F2 C3 2B 7C 24 28 89 7C 24 1C 61 C3 60 FF 74 24 24 6A 40 FF 95 1A 0F 41 00 89 44 24 1C 61 C2 04 00 E8 00 00 00 00 81 2C 24 3A 10 41 00 5D E8 00 00 00 00 81 2C 24 31 01 00 00 8B 85 2A 0F 41 00 29 04 24 8B 04 24 89 85 2A 0F 41 00 58 8B 85 2A 0F 41 00 8B 50 3C 03 D0 8B 92 80 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Software Compress v1.2 -> BG Software Protect Technologies (h)</text>
-      <pattern>
-        E9 BE 00 00 00 60 8B 74 24 24 8B 7C 24 28 FC B2 80 33 DB A4 B3 02 E8 6D 00 00 00 73 F6 33 C9 E8 64 00 00 00 73 1C 33 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00 12 C0 73 F7 75 3F AA EB D4 E8 4D 00 00 00 2B CB 75 10 E8 42 00 00 00 EB 28 AC D1 E8 74 4D 13 C9 EB 1C 91 48 C1 E0 08 AC E8 2C 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 8E 02 D2 75 05 8A 16 46 12 D2 C3 33 C9 41 E8 EE FF FF FF 13 C9 E8 E7 FF FF FF 72 F2 C3 2B 7C 24 28 89 7C 24 1C 61 C3 60 FF 74 24 24 6A 40 FF 95 1A 0F 41 00 89 44 24 1C 61 C2 04 00 E8 00 00 00 00 81 2C 24 3A 10 41 00 5D E8 00 00 00 00 81 2C 24 31 01 00 00 8B 85 2A 0F 41 00 29 04 24
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Software Compress V1.2 -> BG Software Protect Technologies</text>
-      <pattern>
-        E9 BE 00 00 00 60 8B 74 24 24 8B 7C 24 28 FC B2 80 33 DB A4 B3 02 E8 6D 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Software Compress v1.4 LITE -> BG Software Protect Technologies (h)</text>
-      <pattern>
-        E8 00 00 00 00 81 2C 24 AA 1A 41 00 5D E8 00 00 00 00 83 2C 24 6E 8B 85 5D 1A 41 00 29 04 24 8B 04 24 89 85 5D 1A 41 00 58 8B 85 5D 1A 41 00 8B 50 3C 03 D0 8B 92 80 00 00 00 03 D0 8B 4A 58 89 8D 49 1A 41 00 8B 4A 5C 89 8D 4D 1A 41 00 8B 4A 60 89 8D 55 1A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Software Compress v1.4 LITE -> BG Software Protect Technologies (h)</text>
-      <pattern>
-        E8 00 00 00 00 81 2C 24 AA 1A 41 00 5D E8 00 00 00 00 83 2C 24 6E 8B 85 5D 1A 41 00 29 04 24 8B 04 24 89 85 5D 1A 41 00 58 8B 85 5D 1A 41 00 8B 50 3C 03 D0 8B 92 80 00 00 00 03 D0 8B 4A 58 89 8D 49 1A 41 00 8B 4A 5C 89 8D 4D 1A 41 00 8B 4A 60 89 8D 55 1A 41 00 8B 4A 64 89 8D 51 1A 41 00 8B 4A 74 89 8D 59 1A 41 00 68 00 20 00 00 E8 D2 00 00 00 50 8D 8D 00 1C 41 00 50 51 E8 1B 00 00 00 83 C4 08 58 8D 78 74 8D B5 49 1A 41 00 B9 18 00 00 00 F3 A4 05 A4 00 00 00 50 C3 60 8B 74 24 24 8B 7C 24 28 FC B2 80 33 DB A4 B3 02 E8 6D 00 00 00 73 F6 33 C9 E8 64 00 00 00 73 1C 33 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00 12 C0 73 F7 75 3F AA EB D4 E8 4D 00 00 00 2B CB 75 10 E8 42 00 00 00 EB 28 AC D1 E8 74 4D 13 C9 EB 1C 91 48 C1 E0 08 AC E8 2C 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 8E 02 D2 75 05 8A 16 46 12 D2 C3 33 C9 41 E8 EE FF FF FF 13 C9 E8 E7 FF FF FF 72 F2 C3 2B 7C 24 28 89 7C 24 1C 61 C3 60 FF 74 24 24 6A 40 FF 95 4D 1A 41 00 89 44 24 1C 61 C2 04
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SoftWrap</text>
-      <pattern>
-        52 53 51 56 57 55 E8 xx xx xx xx 5D 81 ED 36 xx xx xx E8 xx 01 xx xx 60 BA xx xx xx xx E8 xx xx xx xx 5F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SOFTWrapper for Win9x/NT (Evaluation Version)</text>
-      <pattern>
-        E8 00 00 00 00 5D 8B C5 2D xx xx xx 00 50 81 ED 05 00 00 00 8B C5 2B 85 03 0F 00 00 89 85 03 0F 00 00 8B F0 03 B5 0B 0F 00 00 8B F8 03 BD 07 0F 00 00 83 7F 0C 00 74 2B 56 57 8B 7F 10 03 F8 8B 76 10 03 F0 83 3F 00 74 0C 8B 1E 89 1F 83 C6 04 83 C7 04 EB EF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SOFTWrapper for Win9x/NT (Evaluation Version)</text>
-      <pattern>
-        E8 00 00 00 00 5D 8B C5 2D xx xx xx 00 50 81 ED 05 00 00 00 8B C5 2B 85 03 0F 00 00 89 85 03 0F 00 00 8B F0 03 B5 0B 0F 00 00 8B F8 03 BD 07 0F 00 00 83 7F 0C 00 74 2B 56 57 8B 7F 10 03 F8 8B 76 10 03 F0 83 3F 00 74 0C 8B 1E 89 1F 83 C6 04 83 C7 04 EB EF 5F 5E 83 C6 14 83 C7 14 EB D3 00 00 00 00 8B F5 81 C6 0D 0A 00 00 B9 0C 00 00 00 8B 85 03 0F 00 00 01 46 02 83 C6 06 E2 F8 E8 06 08 00 00 68 00 01 00 00 8D 85 DD 0D 00 00 50 6A 00 E8 95 09 00 00 8B B5 03 0F 00 00 66 81 3E 4D 5A 75 33 03 76 3C 81 3E 50 45 00 00 75 28 8B 46 28 03 85 03 0F 00 00 3B C5 74 1B 6A 30 E8 99 09 00 00 6A 30 8D 85 DD 0D 00 00 50 8D 85 2B 0F 00 00 E9 55 03 00 00 66 8B 85 9D 0A 00 00 F6 C4 80 74 31 E8 6A 07 00 00 0B C0 75 23 6A 40 E8 69 09 00 00 6A 40 8D 85 DD 0D 00 00 50 8B 9D 17 0F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Spalsher 1.0 - 3.0 -> Amok</text>
-      <pattern>
-        9C 60 8B 44 24 24 E8 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Spalsher v1.0 - v3.0</text>
-      <pattern>
-        9C 60 8B 44 24 24 E8 xx xx xx xx 5D 81 ED xx xx xx xx 50 E8 ED 02 xx xx 8C C0 0F 84
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SPEC b2</text>
-      <pattern>
-        55 57 51 53 E8 xx xx xx xx 5D 8B C5 81 ED xx xx xx xx 2B 85 xx xx xx xx 83 E8 09 89 85 xx xx xx xx 0F B6
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SPEC b3</text>
-      <pattern>
-        5B 53 50 45 43 5D E8 xx xx xx xx 5D 8B C5 81 ED 41 24 40 xx 2B 85 89 26 40 xx 83 E8 0B 89 85 8D 26 40 xx 0F B6 B5 91 26 40 xx 8B FD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Special EXE Password Protector v1.0</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 06 00 00 00 89 AD 8C 01 00 00 8B C5 2B 85 FE 75 00 00 89 85 3E 77
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Special EXE Pasword Protector 1.01 (Eng) -> Pavol Cerven</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 06 00 00 00 89 AD 8C 01 00 00 8B C5 2B 85 FE 75 00 00 89 85 3E 77 00 00 8D 95 C6 77 00 00 8D 8D FF 77 00 00 55 68 00 20 00 00 51 52 6A 00 FF 95 04 7A 00 00 5D 6A 00 FF 95 FC 79 00 00 8D 8D 60 78 00 00 8D 95 85 01 00 00 55 68 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Special EXE Pasword Protector v1.01 (Eng) -> Pavol Cerven</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 06 00 00 00 89 AD 8C 01 00 00 8B C5 2B 85 FE 75 00 00 89 85 3E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Special EXE Pasword Protector v1.01 (Eng) -> Pavol Cerven</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 06 00 00 00 89 AD 8C 01 00 00 8B C5 2B 85 FE 75 00 00 89 85 3E 77 00 00 8D 95 C6 77 00 00 8D 8D FF 77 00 00 55 68 00 20 00 00 51 52 6A 00 FF 95 04 7A 00 00 5D 6A 00 FF 95 FC 79 00 00 8D 8D 60 78 00 00 8D 95 85 01 00 00 55 68 00 04 00 00 52 6A 00 51 50 FF 95 08 7A 00 00 5D 8D B5 3F 78 00 00 6A 00 6A 00 6A 00 56 FF 95 0C 7A 00 00 0B C0 0F 84 FE 00 00 00 56 FF 95 10 7A 00 00 56 FF 95 14 7A 00 00 80 BD 3E 78 00 00 00 74 D4 33 D2 8B BD 3E 77 00 00 8D 85 1D 02 00 00 89 85 42 77 00 00 8D 85 49 02 00 00 89 85 46 77 00 00 8D 85 EB 75 00 00 89 85 4A 77 00 00 8B 84 D5 24 76 00 00 03 F8 8B 8C D5 28 76 00 00 3B 85 36 77 00 00 60 74 1F 8D B5 BD 02 00 00 FF D6 85 D2 75 11 60 87 FE 8D BD 15 78 00 00 B9 08 00 00 00 F3 A5 61 EB 15 8D 85 9F 02 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Splash Bitmap v1.00 (With Unpack Code) -> BoB / Bobsoft</text>
-      <pattern>
-        E8 00 00 00 00 60 8B 6C 24 20 55 81 ED xx xx xx xx 8D BD xx xx xx xx 8D 8D xx xx xx xx 29 F9 31 C0 FC F3 AA 8B 04 24 48 66 25 00 F0 66 81 38 4D 5A 75 F4 8B 48 3C 81 3C 01 50 45 00 00 75 E8 89 85 xx xx xx xx 6A 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Splash Bitmap v1.00 -> BoB / Bobsoft</text>
-      <pattern>
-        E8 00 00 00 00 60 8B 6C 24 20 55 81 ED xx xx xx xx 8D BD xx xx xx xx 8D 8D xx xx xx xx 29 F9 31 C0 FC F3 AA 8B 04 24 48 66 25 00 F0 66 81 38 4D 5A 75 F4 8B 48 3C 81 3C 01 50 45 00 00 75 E8 89 85 xx xx xx xx 8D BD xx xx xx xx 6A 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SPLayer v0.08</text>
-      <pattern>
-        8D 40 00 B9 xx xx xx xx 6A xx 58 C0 0C xx xx 48 xx xx 66 13 F0 91 3B D9 xx xx xx xx xx xx xx xx 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Splice 1.1 - by Tw1sted L0gic</text>
-      <pattern>
-        68 00 1A 40 00 E8 EE FF FF FF 00 00 00 00 00 00 30 00 00 00 40 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 00 00 01 00 00 00 xx xx xx xx xx xx 50 72 6F 6A 65 63 74 31 00 xx xx xx xx xx xx xx 00 00 00 00 06 00 00 00 AC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Splice 1.1 - by Tw1sted L0gic</text>
-      <pattern>
-        68 00 1A 40 00 E8 EE FF FF FF 00 00 00 00 00 00 30 00 00 00 40 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 00 00 01 00 00 00 xx xx xx xx xx xx 50 72 6F 6A 65 63 74 31 00 xx xx xx xx xx xx xx 00 00 00 00 06 00 00 00 AC 29 40 00 07 00 00 00 BC 28 40 00 07 00 00 00 74 28 40 00 07 00 00 00 2C 28 40 00 07 00 00 00 08 23 40 00 01 00 00 00 38 21 40 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 8C 21 40 00 08 xx 40 00 01 00 00 00 AC 19 40 00 00 00 00 00 00 00 00 00 00 00 00 00 AC 19 40 00 4F 00 43 00 50 00 00 00 E7 AF 58 2F 9A 4C 17 4D B7 A9 CA 3E 57 6F F7 76
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ST Protector V1.5 -> Silent Software</text>
-      <pattern>
-        00 00 00 00 4B 65 52 6E 45 6C 33 32 2E 64 4C 6C 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>StarForce Protection Driver -> Protection Technology (h)</text>
-      <pattern>
-        57 68 xx 0D 01 00 68 00 xx xx 00 E8 50 xx FF FF 68 xx xx xx 00 68 xx xx xx 00 68 xx xx xx 00 68 xx xx xx 00 68 xx xx xx 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>StarForce V3.X -> StarForce Copy Protection System</text>
-      <pattern>
-        68 xx xx xx xx FF 25 xx xx xx xx 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>StarForce V3.X DLL -> StarForce Copy Protection System</text>
-      <pattern>
-        E8 xx xx xx xx 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Stealth PE v1.1</text>
-      <pattern>
-        BA xx xx xx 00 FF E2 BA xx xx xx 00 B8 xx xx xx xx 89 02 83 C2 03 B8 xx xx xx xx 89 02 83 C2 FD FF E2
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>STNPEE 1.13</text>
-      <pattern>
-        55 57 56 52 51 53 E8 00 00 00 00 5D 8B D5 81 ED 97 3B 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Stone's PE Encryptor v1.0</text>
-      <pattern>
-        55 57 56 52 51 53 E8 xx xx xx xx 5D 8B D5 81 ED 63 3A 40 xx 2B 95 C2 3A 40 xx 83 EA 0B 89 95 CB 3A 40 xx 8D B5 CA 3A 40 xx 0F B6 36
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Stone's PE Encryptor v1.13</text>
-      <pattern>
-        55 57 56 52 51 53 E8 xx xx xx xx 5D 8B D5 81 ED 97 3B 40 xx 2B 95 2D 3C 40 xx 83 EA 0B 89 95 36 3C 40 xx 01 95 24 3C 40 xx 01 95 28
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Stone's PE Encryptor v2.0</text>
-      <pattern>
-        53 51 52 56 57 55 E8 xx xx xx xx 5D 81 ED 42 30 40 xx FF 95 32 35 40 xx B8 37 30 40 xx 03 C5 2B 85 1B 34 40 xx 89 85 27 34 40 xx 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Stone`s PE Encruptor v1.13</text>
-      <pattern>
-        55 57 56 52 51 53 E8 xx xx xx xx 5D 8B D5 81
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Stony Brook Pascal v6.14</text>
-      <pattern>
-        31 ED 9A xx xx xx xx 55 89 E5 xx EC xx xx 9A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Stony Brook Pascal+ v7.0</text>
-      <pattern>
-        31 ED 9A xx xx xx xx 55 89 E5 81 EC xx xx B8 xx xx 0E 50 9A xx xx xx xx BE xx xx 1E 0E BF xx xx 1E 07 1F FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="1">
-      <text>Stranik 1.3 Modula/C/Pascal</text>
-      <pattern>
-        E8 xx xx FF FF E8 xx xx FF FF xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>STUD RC4 1.0 Jamie Edition (ScanTime UnDetectable) - by MarjinZ</text>
-      <pattern>
-        68 2C 11 40 00 E8 F0 FF FF FF 00 00 00 00 00 00 30 00 00 00 38 00 00 00 00 00 00 00 37 BB 71 EC A4 E1 98 4C 9B FE 8F 0F FA 6A 07 F6 00 00 00 00 00 00 01 00 00 00 20 20 46 6F 72 20 73 74 75 64 00 20 54 6F 00 00 00 00 06 00 00 00 CC 1A 40 00 07 00 00 00 D4
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>STUD RC4 1.0 Jamie Edition (ScanTime UnDetectable) - by MarjinZ</text>
-      <pattern>
-        68 2C 11 40 00 E8 F0 FF FF FF 00 00 00 00 00 00 30 00 00 00 38 00 00 00 00 00 00 00 37 BB 71 EC A4 E1 98 4C 9B FE 8F 0F FA 6A 07 F6 00 00 00 00 00 00 01 00 00 00 20 20 46 6F 72 20 73 74 75 64 00 20 54 6F 00 00 00 00 06 00 00 00 CC 1A 40 00 07 00 00 00 D4 18 40 00 07 00 00 00 7C 18 40 00 07 00 00 00 2C 18 40 00 07 00 00 00 E0 17 40 00 56 42 35 21 F0 1F 2A 00 00 00 00 00 00 00 00 00 00 00 00 00 7E 00 00 00 00 00 00 00 00 00 00 00 00 00 0A 00 09 04 00 00 00 00 00 00 E8 13 40 00 F4 13 40 00 00 F0 30 00 00 FF FF FF 08 00 00 00 01 00 00 00 00 00 00 00 E9 00 00 00 04 11 40 00 04 11 40 00 C8 10 40 00 78 00 00 00 7C 00 00 00 81 00 00 00 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 61 61 00 53 74 75 64 00 00 73 74 75 64 00 00 01 00 01 00 30 16 40 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 B4 16 40 00 10 30 40 00 07 00 00 00 24 12 40 00 0E 00 20 00 00 00 00 00 1C 9E 21 00 EC 11 40 00 5C 10 40 00 E4 1A 40 00 2C 34 40 00 68 17 40 00 58 17 40 00 78 17 40 00 8C 17 40 00 8C 10 40 00 62 10 40 00 92 10 40 00 F8 1A 40 00 24 19 40 00 98 10 40 00 9E 10 40 00 77 04 18 FF 04 1C FF 05 00 00 24 01 00 0D 14 00 78 1C 40 00 48 21 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SuckStop v1.11</text>
-      <pattern>
-        EB xx xx xx BE xx xx B4 30 CD 21 EB xx 9B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Sun Icon Graphics format</text>
-      <pattern>
-        2F 2A 20 46 6F 72 6D 61 74 5F 76 65 72 73 69 6F 6E 3D 31 2C
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SuperDAT</text>
-      <pattern>
-        55 8B EC 6A FF 68 40 F3 42 00 68 A4 BF 42 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 08 F2 42 00 33 D2 8A D4 89 15 60 42 43 00 8B C8 81 E1 FF 00 00 00 89 0D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SVK Protector 1.32 (Eng) -> Pavol Cerven</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 06 36 42 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E 55 51 6A 00 56 FF 95 0C 61 00 00 59 5D 40 85 C0 75 3C 80 3E
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SVK Protector 1.3x (Eng) -> Pavol Cerven</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 xx xx 42 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E 55 51 6A 00 56 FF 95 0C 61 00 00 59 5D 40 85 C0 75 3C 80 3E
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SVK Protector v1.32 (Eng) -> Pavol Cerven</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 06 36 42 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E 55 51 6A 00 56 FF 95 0C 61 00 00 59 5D 40 85 C0 75 3C 80 3E 00 74 03 46 EB F8 46 E2 E3 8B C5 8B 4C 24 20 2B 85 BD 02 00 00 89 85 B9 02 00 00 80 BD B4 02 00 00 01 75 06 8B 8D 0C 61 00 00 89 8D B5 02 00 00 8D 85 0E 03 00 00 8B DD FF E0 55 68 10 10 00 00 8D 85 B4 00 00 00 50 8D 85 B4 01 00 00 50 6A 00 FF 95 18 61 00 00 5D 6A FF FF 95 10 61 00 00 44 65 62 75 67 67 65 72 20 6F 72 20 74 6F 6F 6C 20 66 6F 72 20 6D 6F 6E 69 74 6F 72 69 6E 67 20 64 65 74 65 63 74 65 64 21 21 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SVK Protector v1.3x (Eng) -> Pavol Cerven</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 xx xx 42 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E 55 51 6A 00 56 FF 95 0C 61 00 00 59 5D 40 85 C0 75 3C 80 3E 00 74 03 46 EB F8 46 E2 E3 8B C5 8B 4C 24 20 2B 85 BD 02 00 00 89 85 B9 02 00 00 80 BD B4 02 00 00 01 75 06 8B 8D 0C 61 00 00 89 8D B5 02 00 00 8D 85 0E 03 00 00 8B DD FF E0 55 68 10 10 00 00 8D 85 B4 00 00 00 50 8D 85 B4 01 00 00 50 6A 00 FF 95 18 61 00 00 5D 6A FF FF 95 10 61 00 00 44 65 62 75 67 67 65 72 20 6F 72 20 74 6F 6F 6C 20 66 6F 72 20 6D 6F 6E 69 74 6F 72 69 6E 67 20 64 65 74 65 63 74 65 64 21 21 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SVK-Protector v1.051</text>
-      <pattern>
-        60 EB 03 C7 84 E8 EB 03 C7 84 9A E8 00 00 00 00 5D 81 ED 10 00 00 00 EB 03 C7 84 E9 64 A0 23 00 00 00 EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SVK-Protector v1.11</text>
-      <pattern>
-        60 E8 xx xx xx xx 5D 81 ED 06 xx xx xx 64 A0 23
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SVK-Protector v1.32</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 06 36 42 00 64 A0 23
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SVK-Protector v1.43 -> www.anticracking.sk</text>
-      <pattern>
-        78 4E 88 4C 0E B0 3C 78 4E 97 56 7B 94 90 00 00 08 DB 5C 50 20 00 05 6
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SVKP v1.32 -> Pavol Cerven (h)</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 06 36 42 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E 55 51 6A 00 56 FF 95 0C 61 00 00 59 5D 40 85 C0 75 3C 80 3E 00 74 03 46 EB F8 46 E2 E3 8B C5 8B 4C 24 20 2B 85 BD 02 00 00 89 85 B9 02 00 00 80 BD B4 02 00 00 01 75 06 8B 8D 0C 61 00 00 89 8D B5 02 00 00 8D 85 0E 03 00 00 8B DD FF E0 55 68 10 10 00 00 8D 85 B4 00 00 00 50 8D 85 B4 01 00 00 50 6A 00 FF 95 18 61 00 00 5D 6A FF FF 95 10 61
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SVKP v1.42 -> Pavol Cerven (h)</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 49 DC EC 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E 55 51 6A 00 56 FF 95 2D 67 00 00 59 5D 40 85 C0 75 3C 80 3E 00 74 03 46 EB F8 46 E2 E3 8B C5 8B 4C 24 20 2B 85 BD 02 00 00 89 85 B9 02 00 00 80 BD B4 02 00 00 01 75 06 8B 8D 2D 67 00 00 89 8D B5 02 00 00 8D 85 0E 03 00 00 8B DD FF E0 55 68 10 10 00 00 8D 85 B4 00 00 00 50 8D 85 B4 01 00 00 50 6A 00 FF 95 39 67 00 00 5D 6A FF FF 95 31 67
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>SVKP v1.43 -> Pavol Cerven (h)</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 49 DC CE 05 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E 55 51 6A 00 56 FF 95 2D 67 00 00 59 5D 40 85 C0 75 3C 80 3E 00 74 03 46 EB F8 46 E2 E3 8B C5 8B 4C 24 20 2B 85 BD 02 00 00 89 85 B9 02 00 00 80 BD B4 02 00 00 01 75 06 8B 8D 2D 67 00 00 89 8D B5 02 00 00 8D 85 0E 03 00 00 8B DD FF E0 55 68 10 10 00 00 8D 85 B4 00 00 00 50 8D 85 B4 01 00 00 50 6A 00 FF 95 39 67 00 00 5D 6A FF FF 95 31 67
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Symantec C v2.10, v4.00 or Zortech C v3.0r1</text>
-      <pattern>
-        FA FC B8 xx xx 8E D8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Symantec C v4.00 + Libraries</text>
-      <pattern>
-        FA B8 xx xx DB E3 8E D8 8C 06 xx xx 8B D8 2B 1E xx xx 89 1E xx xx 26
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Symantec Visual Cafe v3.0</text>
-      <pattern>
-        64 8B 05 xx xx xx xx 55 8B EC 6A FF 68 xx xx 40 xx 68 xx xx 40 xx 50 64 89 25 xx xx xx xx 83 EC 08 50 53 56 57 89 65 E8 C7 45 FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Symantec WinFax PRO 7.5 Coverpage</text>
-      <pattern>
-        0C BD 03 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx C0 06 80
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Symantec WinFax PRO 8.3 Coverpage Quick CoverPage</text>
-      <pattern>
-        FF FF xx xx xx xx xx 43 6F 76 65 72 44 61 74 61 62 61 73 65
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Symantec WinFax PRO 8.3 Coverpage</text>
-      <pattern>
-        0C BD 03 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx C0 06 6C
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>T-PACK v0.5c -m1</text>
-      <pattern>
-        68 xx xx FD 60 BE xx xx BF xx xx B9 xx xx F3 A4 8B F7 BF xx xx FC 46 E9 8E FE
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>T-PACK v0.5c -m2</text>
-      <pattern>
-        68 xx xx FD 60 BE xx xx BF xx xx B9 xx xx F3 A4 8B F7 BF xx xx FC 46 E9 CE FD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>TASM / MASM</text>
-      <pattern>
-        6A 00 E8 xx xx 00 00 A3 xx xx 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock 0.51 -> tE!</text>
-      <pattern>
-        C1 EE 00 66 8B C9 EB 01 EB 60 EB 01 EB 9C E8 00 00 00 00 5E 83 C6 5E 8B FE 68 79 01 00 00 59 EB 01 EB AC 54 E8 03 00 00 00 5C EB 08 8D 64 24 04 FF 64 24 FC 6A 05 D0 2C 24 72 01 E8 01 24 24 5C F7 DC EB 02 CD 20 8D 64 24 FE F7 DC EB 02 CD 20 FE C8 E8 00 00 00 00 32 C1 EB 02 82 0D AA EB 03 82 0D 58 EB 02 1D 7A 49 EB 05 E8 01 00 00 00 7F AE 14 7E A0 77 76 75 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock 0.96 -> tE!</text>
-      <pattern>
-        E9 59 E4 FF FF 00 00 00 00 00 00 00 xx xx xx xx EE xx xx 00 00 00 00 00 00 00 00 00 0E xx xx 00 FE xx xx 00 F6 xx xx 00 00 00 00 00 00 00 00 00 1B xx xx 00 06 xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 26 xx xx 00 00 00 00 00 39 xx xx 00 00 00 00 00 26 xx xx 00 00 00 00 00 39 xx xx 00 00 00 00 00 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock 0.98 -> tE!</text>
-      <pattern>
-        E9 25 E4 FF FF 00 00 00 xx xx xx xx 1E xx xx 00 00 00 00 00 00 00 00 00 3E xx xx 00 2E xx xx 00 26 xx xx 00 00 00 00 00 00 00 00 00 4B xx xx 00 36 xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 xx xx 00 00 00 00 00 69 xx xx 00 00 00 00 00 56 xx xx 00 00 00 00 00 69 xx xx 00 00 00 00 00 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 75 73 65
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock 0.98 -> tHE EGOiSTE (h)</text>
-      <pattern>
-        E9 25 E4 FF FF 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx 00 00 00 00 xx xx xx xx 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock 0.98 Special Build -> forgot heXer</text>
-      <pattern>
-        E9 99 D7 FF FF 00 00 00 xx xx xx xx AA xx xx 00 00 00 00 00 00 00 00 00 CA
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock 0.99 - 1.0 private -> tE!</text>
-      <pattern>
-        E9 xx xx FF FF 00 00 00 xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock 0.99 -> tE!</text>
-      <pattern>
-        E9 5E DF FF FF 00 00 00 xx xx xx xx E5 xx xx 00 00 00 00 00 00 00 00 00 05
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock 0.99 Special Build -> heXer and forgot</text>
-      <pattern>
-        E9 5E DF FF FF 00 00 00 xx xx xx xx E5 xx xx 00 00 00 00 00 00 00 00 00 05 xx xx 00 F5 xx xx 00 ED xx xx 00 00 00 00 00 00 00 00 00 12 xx xx 00 FD xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1D xx xx 00 00 00 00 00 30 xx xx 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock 0.99</text>
-      <pattern>
-        E9 xx xx FF FF 00 00 00 xx xx xx xx xx xx xx 00 xx xx xx xx xx xx xx 00 xx xx xx 00 xx xx xx 00 xx xx 02 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx 00 00 00 00 00 xx xx 02 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock 0.99c (Private ECLIPSE) -> tE!</text>
-      <pattern>
-        E9 3F DF FF FF 00 00 00 xx xx xx xx 04 xx xx 00 00 00 00 00 00 00 00 00 24 xx xx 00 14 xx xx 00 0C xx xx 00 00 00 00 00 00 00 00 00 31 xx xx 00 1C xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3C xx xx 00 00 00 00 00 4F xx xx 00 00 00 00 00 3C xx xx 00 00 00 00 00 4F xx xx 00 00 00 00 00 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 75 73 65
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock v0.41x</text>
-      <pattern>
-        66 8B C0 8D 24 24 EB 01 EB 60 EB 01 EB 9C E8 00 00 00 00 5E 83 C6 50 8B FE 68 78 01 xx xx 59 EB 01 EB AC 54 E8 03 xx xx xx 5C EB 08
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock v0.42</text>
-      <pattern>
-        C1 EE 00 66 8B C9 EB 01 EB 60 EB 01 EB 9C E8 00 00 00 00 5E 83 C6 52 8B FE 68 79 01 59 EB 01 EB AC 54 E8 03 5C EB 08
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock v0.4x - v0.5x</text>
-      <pattern>
-        C1 EE 00 66 8B C9 EB 01 EB 60 EB 01 EB 9C E8 00 00 00 00 5E 83 C6 xx 8B FE 68 79 01 xx xx 59 EB 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock v0.51</text>
-      <pattern>
-        C1 EE 00 66 8B C9 EB 01 EB 60 EB 01 EB 9C E8 00 00 00 00 5E 83 C6 5E 8B FE 68 79 01 59 EB 01 EB AC 54 E8 03 5C EB 08
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock v0.60</text>
-      <pattern>
-        E9 00 00 00 00 60 E8 00 00 00 00 58 83 C0 08
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock v0.70</text>
-      <pattern>
-        60 E8 BD 10 00 00 C3 83 E2 00 F9 75 FA 70
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock v0.71</text>
-      <pattern>
-        60 E8 ED 10 00 00 C3 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock v0.71b2</text>
-      <pattern>
-        60 E8 44 11 00 00 C3 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock v0.71b7</text>
-      <pattern>
-        60 E8 48 11 00 00 C3 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock v0.7x - v0.84</text>
-      <pattern>
-        60 E8 00 00 C3 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock v0.80</text>
-      <pattern>
-        60 E8 F9 11 00 00 C3 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock v0.85f</text>
-      <pattern>
-        60 E8 02 00 00 00 CD 20 E8 00 00 00 00 5E 2B C9 58 74 02
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock v0.90</text>
-      <pattern>
-        xx xx E8 02 00 00 00 E8 00 E8 00 00 00 00 5E 2B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock v0.92a</text>
-      <pattern>
-        E9 7E E9 FF FF 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock v0.95</text>
-      <pattern>
-        E9 D5 E4 FF FF 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock v0.96</text>
-      <pattern>
-        E9 59 E4 FF FF 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock v0.98 -> tHE EGOiSTE (h)</text>
-      <pattern>
-        E9 25 E4 FF FF 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx 00 00 00 00 xx xx xx xx 00 00 00 00 xx xx xx xx 00 00 00 00 xx xx xx xx 00 00 00 00 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 75 73 65 72 33 32 2E 64 6C 6C 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 4D 65 73 73 61 67 65 42 6F 78 41 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock v0.98</text>
-      <pattern>
-        E9 25 E4 FF FF 00 00 00 xx xx xx xx 1E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock v0.98b1</text>
-      <pattern>
-        E9 25 E4 FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock v0.98b2</text>
-      <pattern>
-        E9 1B E4 FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock v0.99 Special Build -> heXer and forgot</text>
-      <pattern>
-        E9 5E DF FF FF 00 00 00 xx xx xx xx E5 xx xx 00 00 00 00 00 00 00 00 00 05 xx xx 00 F5 xx xx 00 ED xx xx 00 00 00 00 00 00 00 00 00 12 xx xx 00 FD xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1D xx xx 00 00 00 00 00 30 xx xx 00 00 00 00 00 1D xx xx 00 00 00 00 00 30 xx xx 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>tElock v1.00</text>
-      <pattern>
-        E9 E5 E2 FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>The aPE Inline Patch Basic, Advanced, Stealth)</text>
-      <pattern>
-        B9 xx xx xx 00 E8 xx xx 00 00 89 01 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>The aPE Inline Patch ExtraStealth, SuperStealth)</text>
-      <pattern>
-        E8 02 xx xx xx EB 01 C3 3E 8B 44 24 FC 50 B9 xx xx xx xx E8 xx xx xx xx 89
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>The Guard Library</text>
-      <pattern>
-        50 E8 xx xx xx xx 58 25 xx F0 FF FF 8B C8 83 C1 60 51 83 C0 40 83 EA 06 52 FF 20 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>The Norton Antivirus Information file</text>
-      <pattern>
-        54 68 65 20 4E 6F 72 74 6F 6E 20 41 6E 74 69 56 69 72 75 73 20 49 6E 66 6F 72 6D 61 74 69 6F 6E 20 46 69 6C 65
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>TheHyper's protector -> TheHyper (h)</text>
-      <pattern>
-        55 8B EC 83 EC 14 8B FC E8 14 00 00 00 xx xx 01 01 xx xx 01 01 xx xx xx 00 xx xx 01 01 xx xx 02 01 5E E8 0D 00 00 00 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 8B 46 04 FF 10 8B D8 E8 0D 00 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 53 8B 06 FF 10 89 07 E8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>TheHyper's protector -> TheHyper (h)</text>
-      <pattern>
-        55 8B EC 83 EC 14 8B FC E8 14 00 00 00 xx xx 01 01 xx xx 01 01 xx xx xx 00 xx xx 01 01 xx xx 02 01 5E E8 0D 00 00 00 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 8B 46 04 FF 10 8B D8 E8 0D 00 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 53 8B 06 FF 10 89 07 E8 0C 00 00 00 56 69 72 74 75 61 6C 46 72 65 65 00 53 8B 06 FF 10 89 47 04 E8 0F 00 00 00 47 65 74 50 72 6F 63 65 73 73 48 65 61 70 00 53 8B 06 FF 10 89 47 08 E8 0A 00 00 00 48 65 61 70 41 6C 6C 6F 63 00 53 8B 06 FF 10 89 47 0C E8 09 00 00 00 48 65 61 70 46 72 65 65 00 53 8B 06 FF 10 89 47 10 57 FF 76 08 FF 76 0C FF 56 10 8B E5 5D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>TheHyper's protector -> TheHyper (h)</text>
-      <pattern>
-        55 8B EC 83 EC 14 8B FC E8 14 00 00 00 xx xx 01 01 xx xx 01 01 xx xx xx 00 xx xx 01 01 xx xx xx 01 5E E8 0D 00 00 00 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 8B 46 04 FF 10 8B D8 E8 0D 00 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 53 8B 06 FF 10 89 07 E8 0C 00 00 00 56 69 72 74 75 61 6C 46 72 65 65 00 53 8B 06 FF 10 89 47 04 E8 0F 00 00 00 47 65 74 50 72 6F 63 65 73 73 48 65 61 70 00 53 8B 06 FF 10 89 47 08 E8 0A 00 00 00 48 65 61 70 41 6C 6C 6F 63 00 53 8B 06 FF 10 89 47 0C E8 09 00 00 00 48 65 61 70 46 72 65 65 00 53 8B 06 FF 10 89 47 10 57 FF 76 08 FF 76 0C FF 56 10 8B E5 5D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Themida -> Oreans Technologies 2004</text>
-      <pattern>
-        B8 00 00 00 00 60 0B C0 74 58 E8 00 00 00 00 58 05 43 00 00 00 80 38 E9 75 03 61 EB 35 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>themida 1.0.0.5 -> http?//www.oreans.com</text>
-      <pattern>
-        B8 00 00 00 00 60 0B C0 74 58 E8 00 00 00 00 58 05 43 00 00 00 80 38 E9 75 03 61 EB 35 E8 00 00 00 00 58 25 00 F0 FF FF 33 FF 66 BB 19 5A 66 83 C3 34 66 39 18 75 12 0F B7 50 3C 03 D0 BB E9 44
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Themida 1.0.x.x - 1.8.0.0 (compressed engine) -> Oreans Technologies</text>
-      <pattern>
-        B8 xx xx xx xx 60 0B C0 74 58 E8 00 00 00 00 58 05 43 00 00 00 80 38 E9 75 03 61 EB 35 E8 00 00 00 00 58 25 00 F0 FF FF 33 FF 66 BB 19 5A 66 83 C3 34 66 39 18 75 12 0F B7 50 3C 03 D0 BB E9 44 00 00 83 C3 67 39 1A 74 07 2D 00 10 00 00 EB DA 8B F8 B8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Themida 1.0.x.x - 1.8.0.0 (compressed engine) -> Oreans Technologies</text>
-      <pattern>
-        B8 xx xx xx xx 60 0B C0 74 58 E8 00 00 00 00 58 05 43 00 00 00 80 38 E9 75 03 61 EB 35 E8 00 00 00 00 58 25 00 F0 FF FF 33 FF 66 BB 19 5A 66 83 C3 34 66 39 18 75 12 0F B7 50 3C 03 D0 BB E9 44 00 00 83 C3 67 39 1A 74 07 2D 00 10 00 00 EB DA 8B F8 B8 xx xx xx xx 03 C7 B9 5A xx xx xx 03 CF EB 0A B8 xx xx xx xx B9 5A xx xx xx 50 51 E8 84 00 00 00 E8 00 00 00 00 58 2D 26 00 00 00 B9 EF 01 00 00 C6 00 E9 83 E9 05 89 48 01 61 E9 AF 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Themida 1.0.x.x - 1.8.x.x (no compression) -> Oreans Technologies (h)</text>
-      <pattern>
-        55 8B EC 83 C4 D8 60 E8 00 00 00 00 5A 81 EA xx xx xx xx 8B DA C7 45 D8 00 00 00 00 8B 45 D8 40 89 45 D8 81 7D D8 80 00 00 00 74 0F 8B 45 08 89 83 xx xx xx xx FF 45 08 43 EB E1 89 45 DC 61 8B 45 DC C9 C2 04 00 55 8B EC 81 C4 7C FF FF FF 60 E8 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Themida 1.0.x.x - 1.8.x.x (no compression) -> Oreans Technologies (h)</text>
-      <pattern>
-        55 8B EC 83 C4 D8 60 E8 00 00 00 00 5A 81 EA xx xx xx xx 8B DA C7 45 D8 00 00 00 00 8B 45 D8 40 89 45 D8 81 7D D8 80 00 00 00 74 0F 8B 45 08 89 83 xx xx xx xx FF 45 08 43 EB E1 89 45 DC 61 8B 45 DC C9 C2 04 00 55 8B EC 81 C4 7C FF FF FF 60 E8 00 00 00 00 5A 81 EA xx xx xx xx 8D 45 80 8B 5D 08 C7 85 7C FF FF FF 00 00 00 00 8B 8D 7C FF FF FF D1 C3 88 18 41 89 8D 7C FF FF FF 81 BD 7C FF FF FF 80 00 00 00 75 E3 C7 85 7C FF FF FF 00 00 00 00 8D BA xx xx xx xx 8D 75 80 8A 0E BB F4 01 00 00 B8 AB 37 54 78 D3 D0 8A 0F D3 D0 4B 75 F7 0F AF C3 47 46 8B 8D 7C FF FF FF 41 89 8D 7C FF FF FF 81 F9 80 00 00 00 75 D1 61 C9 C2 04 00 55 8B EC 83 C4 F0 8B 75 08 C7 45 FC 00 00 00 00 EB 04 FF 45 FC 46 80 3E 00 75 F7 BA 00 00 00 00 8B 75 08 8B 7D 0C EB 7F C7 45 F8 00 00 00 00 EB
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Themida 1.2.0.1 (compressed) -> Oreans Technologies (h)</text>
-      <pattern>
-        B8 00 00 xx xx 60 0B C0 74 58 E8 00 00 00 00 58 05 43 00 00 00 80 38 E9 75 03 61 EB 35 E8 00 00 00 00 58 25 00 F0 FF FF 33 FF 66 BB 19 5A 66 83 C3 34 66 39 18 75 12 0F B7 50 3C 03 D0 BB E9 44 00 00 83 C3 67 39 1A 74 07 2D 00 10 00 00 EB DA 8B F8 B8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Themida 1.2.0.1 (compressed) -> Oreans Technologies (h)</text>
-      <pattern>
-        B8 00 00 xx xx 60 0B C0 74 58 E8 00 00 00 00 58 05 43 00 00 00 80 38 E9 75 03 61 EB 35 E8 00 00 00 00 58 25 00 F0 FF FF 33 FF 66 BB 19 5A 66 83 C3 34 66 39 18 75 12 0F B7 50 3C 03 D0 BB E9 44 00 00 83 C3 67 39 1A 74 07 2D 00 10 00 00 EB DA 8B F8 B8 xx xx xx 00 03 C7 B9 xx xx xx 00 03 CF EB 0A B8 xx xx xx xx B9 5A xx xx xx 50 51 E8 84 00 00 00 E8 00 00 00 00 58 2D 26 00 00 00 B9 EF 01 00 00 C6 00 E9 83 E9 05 89 48 01 61 E9 AF 01 00 00 02 00 00 00 91 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Themida 1.2.0.1 -> Oreans Technologies (h)</text>
-      <pattern>
-        8B C5 8B D4 60 E8 00 00 00 00 5D 81 ED xx xx 35 09 89 95 xx xx 35 09 89 B5 xx xx 35 09 89 85 xx xx 35 09 83 BD xx xx 35 09 00 74 0C 8B E8 8B E2 B8 01 00 00 00 C2 0C 00 8B 44 24 24 89 85 xx xx 35 09 6A 45 E8 A3 00 00 00 68 9A 74 83 07 E8 DF 00 00 00 68 25
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Themida 1.2.0.1 -> Oreans Technologies (h)</text>
-      <pattern>
-        8B C5 8B D4 60 E8 00 00 00 00 5D 81 ED xx xx 35 09 89 95 xx xx 35 09 89 B5 xx xx 35 09 89 85 xx xx 35 09 83 BD xx xx 35 09 00 74 0C 8B E8 8B E2 B8 01 00 00 00 C2 0C 00 8B 44 24 24 89 85 xx xx 35 09 6A 45 E8 A3 00 00 00 68 9A 74 83 07 E8 DF 00 00 00 68 25 4B 89 0A E8 D5 00 00 00 E9 11 02 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Themida 1.8.x.x -> Oreans Technologies</text>
-      <pattern>
-        B8 xx xx xx xx 60 0B C0 74 68 E8 00 00 00 00 58 05 53 00 00 00 80 38 E9 75 13 61 EB 45 DB 2D 37 xx xx xx FF FF FF FF FF FF FF FF 3D 40 E8 00 00 00 00 58 25 00 F0 FF FF 33 FF 66 BB 19 5A 66 83 C3 34 66 39 18 75 12 0F B7 50 3C 03 D0 BB E9 44 00 00 83 C3 67
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Themida 1.8.x.x -> Oreans Technologies</text>
-      <pattern>
-        B8 xx xx xx xx 60 0B C0 74 68 E8 00 00 00 00 58 05 53 00 00 00 80 38 E9 75 13 61 EB 45 DB 2D 37 xx xx xx FF FF FF FF FF FF FF FF 3D 40 E8 00 00 00 00 58 25 00 F0 FF FF 33 FF 66 BB 19 5A 66 83 C3 34 66 39 18 75 12 0F B7 50 3C 03 D0 BB E9 44 00 00 83 C3 67 39 1A 74 07 2D 00 10 00 00 EB DA 8B F8 B8 xx xx xx xx 03 C7 B9 xx xx xx xx 03 CF EB 0A B8 xx xx xx xx B9 xx xx xx xx 50 51 E8 84 00 00 00 E8 00 00 00 00 58 2D 26 00 00 00 B9 EF 01 00 00 C6 00 E9 83 E9 05 89 48 01 61 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Themida/WinLicense V1.0.0.0-V1.8.0.0 -> Oreans Technologies ! Sign by fly</text>
-      <pattern>
-        B8 00 00 00 00 60 0B C0 74 58 E8 00 00 00 00 58 05 xx 00 00 00 80 38 E9 75 xx 61 EB xx E8 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Themida/WinLicense V1.0.X-V1.7.X DLL -> Oreans Technologies</text>
-      <pattern>
-        B8 xx xx xx xx 60 0B C0 74 58 E8 00 00 00 00 58 05 xx xx xx xx 80 38 E9 75 03 61 EB 35 E8 00 00 00 00 58 25 00 F0 FF FF 33 FF 66 BB xx xx 66 83 xx xx 66 39 18 75 12 0F B7 50 3C 03 D0 BB xx xx xx xx 83 C3 xx 39 1A 74 07 2D 00 10 00 00 EB DA 8B F8 B8 xx xx xx xx 03 C7 B9 xx xx xx xx 03 CF EB 0A B8 xx xx xx xx B9 xx xx xx xx 50 51 E8 84 00 00 00 E8 00 00 00 00 58 2D xx xx xx xx B9 xx xx xx xx C6 00 E9 83 E9 xx 89 48 01 61 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Themida/WinLicense V1.8.2.0 + -> Oreans Technologies ! Sign by fly</text>
-      <pattern>
-        B8 00 00 00 00 60 0B C0 74 68 E8 00 00 00 00 58 05 xx 00 00 00 80 38 E9 75 xx 61 EB xx DB 2D xx xx xx xx FF FF FF FF FF FF FF FF 3D 40 E8 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Themida/WinLicense V1.8.X-V1.9.X -> Oreans Technologies Sign.By.fly</text>
-      <pattern>
-        B8 xx xx xx xx 60 0B C0 74 68 E8 00 00 00 00 58 05 53 00 00 00 80 38 E9 75 13 61 EB 45 DB 2D xx xx xx xx FF FF FF FF FF FF FF FF 3D xx xx xx xx 00 00 58 25 00 F0 FF FF 33 FF 66 BB xx xx 66 83 xx xx 66 39 18 75 12 0F B7 50 3C 03 D0 BB xx xx xx xx 83 C3 xx 39 1A 74 07 2D xx xx xx xx EB DA 8B F8 B8 xx xx xx xx 03 C7 B9 xx xx xx xx 03 CF EB 0A B8 xx xx xx xx B9 xx xx xx xx 50 51 E8 xx xx xx xx E8 xx xx xx xx 58 2D xx xx xx xx B9 xx xx xx xx C6 00 E9 83 E9 05 89 48 01 61 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Themida/WinLicense V1.X NoCompression SecureEngine -> Oreans Technologies</text>
-      <pattern>
-        8B C5 8B D4 60 E8 00 00 00 00 5D 81 ED xx xx xx xx 89 95 xx xx xx xx 89 B5 xx xx xx xx 89 85 xx xx xx xx 83 BD xx xx xx xx xx 74 0C 8B E8 8B E2 B8 01 00 00 00 C2 0C 00 8B 44 24 24 89 85 xx xx xx xx 6A 45 E8 A3 00 00 00 68 9A 74 83 07 E8 DF 00 00 00 68 25 4B 89 0A E8 D5 00 00 00 E9 xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>theWRAP - by TronDoc</text>
-      <pattern>
-        55 8B EC 83 C4 F0 53 56 57 33 C0 89 45 F0 B8 48 D2 4B 00 E8 BC 87 F4 FF BB 04 0B 4D 00 33 C0 55 68 E8 D5 4B 00 64 FF 30 64 89 20 E8 9C F4 FF FF E8 F7 FB FF FF 6A 40 8D 55 F0 A1 F0 ED 4B 00 8B 00 E8 42 2E F7 FF 8B 4D F0 B2 01 A1 F4 C2 40 00 E8 F7 20 F5 FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>theWRAP - by TronDoc</text>
-      <pattern>
-        55 8B EC 83 C4 F0 53 56 57 33 C0 89 45 F0 B8 48 D2 4B 00 E8 BC 87 F4 FF BB 04 0B 4D 00 33 C0 55 68 E8 D5 4B 00 64 FF 30 64 89 20 E8 9C F4 FF FF E8 F7 FB FF FF 6A 40 8D 55 F0 A1 F0 ED 4B 00 8B 00 E8 42 2E F7 FF 8B 4D F0 B2 01 A1 F4 C2 40 00 E8 F7 20 F5 FF 8B F0 B2 01 A1 B4 C3 40 00 E8 F1 5B F4 FF 89 03 33 D2 8B 03 E8 42 1E F5 FF 66 B9 02 00 BA FC FF FF FF 8B C6 8B 38 FF 57 0C BA B8 A7 4D 00 B9 04 00 00 00 8B C6 8B 38 FF 57 04 83 3D B8 A7 4D 00 00 0F 84 5E 01 00 00 8B 15 B8 A7 4D 00 83 C2 04 F7 DA 66 B9 02 00 8B C6 8B 38 FF 57 0C 8B 0D B8 A7 4D 00 8B D6 8B 03 E8 2B 1F F5 FF 8B C6 E8 B4 5B F4 FF 33 D2 8B 03 E8 DF 1D F5 FF BA F0 44 4E 00 B9 01 00 00 00 8B 03 8B 30 FF 56 04 80 3D F0 44 4E 00 0A 75 3F BA B8 A7 4D 00 B9 04 00 00 00 8B 03 8B 30 FF 56 04 8B 15 B8 A7
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall 2.403 -> Jitit</text>
-      <pattern>
-        6A 00 FF 15 20 50 40 00 E8 D4 F8 FF FF E9 E9 AD FF FF FF 8B C1 8B 4C 24 04 89 88 29 04 00 00 C7 40 0C 01 00 00 00 0F B6 49 01 D1 E9 89 48 10 C7 40 14 80 00 00 00 C2 04 00 8B 44 24 04 C7 41 0C 01 00 00 00 89 81 29 04 00 00 0F B6 40 01 D1 E8 89 41 10 C7 41
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall 2.4x - 2.5x -> Jitit Software</text>
-      <pattern>
-        55 8B EC B8 xx xx xx xx BB xx xx xx xx 50 E8 00 00 00 00 58 2D xx xx xx xx B9 xx xx xx xx BA xx xx xx xx BE xx xx xx xx BF xx xx xx xx BD xx xx xx xx 03 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall 2.5 -> xx? (h)</text>
-      <pattern>
-        55 8B EC B8 xx xx xx xx BB xx xx xx xx 50 E8 00 00 00 00 58 2D A7 1A 00 00 B9 6C 1A 00 00 BA 20 1B 00 00 BE 00 10 00 00 BF B0 53 00 00 BD EC 1A 00 00 03 E8 81 75 00 xx xx xx xx 81 75 04 xx xx xx xx 81 75 08 xx xx xx xx 81 75 0C xx xx xx xx 81 75 10
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall 2.5xx -> Jtit</text>
-      <pattern>
-        55 8B EC B8 xx xx xx xx BB xx xx xx xx 50 E8 00 00 00 00 58 2D xx 1A 00 00 B9 xx 1A 00 00 BA xx 1B 00 00 BE 00 10 00 00 BF xx 53 00 00 BD xx 1A 00 00 03 E8 81 75 00 xx xx xx xx xx 75 04 xx xx xx xx 81 75 08 xx xx xx xx 81 75 0C xx xx xx xx 81 75 10
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall 2.628 -> Jtit (h)</text>
-      <pattern>
-        E8 00 00 00 00 58 BB 34 1D 00 00 2B C3 50 68 00 00 40 00 68 00 40 00 00 68 BC 00 00 00 E8 C3 FE FF FF E9 99 FF FF FF CC CC CC CC CC CC CC CC CC CC 55 8B EC 83 C4 F4 FC 53 57 56 8B 75 08 8B 7D 0C C7 45 FC 08 00 00 00 33 DB BA 00 00 00 80 43 33 C0 E8 19 01 00 00 73 0E 8B 4D F8 E8 27 01 00 00 02 45 F7 AA EB E9 E8 04 01 00 00 0F 82 96 00 00 00 E8 F9 00 00 00 73 5B B9 04 00 00 00 E8 05 01 00 00 48 74 DE 0F 89 C6 00 00 00 E8 DF 00 00 00 73 1B 55 BD 00 01 00 00 E8 DF 00 00 00 88 07 47 4D 75 F5 E8 C7 00 00 00 72 E9 5D EB A2 B9 01 00 00 00 E8 D0 00 00 00 83 C0 07 89 45 F8 C6 45 F7 00 83 F8 08 74 89 E8 B1 00 00 00 88 45 F7 E9 7C FF FF FF B9 07 00 00 00 E8 AA 00 00 00 50 33 C9 B1 02 E8 A0 00 00 00 8B C8 41 41 58 0B C0 74 04 8B D8 EB 5E 83 F9 02 74 6A 41 E8 88 00 00 00 89 45 FC E9 48 FF FF FF E8 87 00 00 00 49 E2 09 8B C3 E8 7D 00 00 00 EB 3A 49 8B C1 55 8B 4D FC 8B E8 33 C0 D3 E5 E8 5D 00 00 00 0B C5 5D 8B D8 E8 5F 00 00 00 3D 00 00 01 00 73 14 3D FF 37 00 00 73 0E 3D 7F 02 00 00 73 08 83 F8 7F 77 04 41 41 41 41 56 8B F7 2B F0 F3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall 2.628 -> Jtit</text>
-      <pattern>
-        E8 00 00 00 00 58 BB 34 1D 00 00 2B C3 50 68 00 00 40 00 68 00 40 00 00 68 BC 00 00 00 E8 C3 FE FF FF E9 99 FF FF FF CC CC CC CC CC CC CC CC CC CC 55 8B EC 83 C4 F4 FC 53 57 56 8B 75 08 8B 7D 0C C7 45 FC 08 00 00 00 33 DB BA 00 00 00 80 43 33 C0 E8 19 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall 3.035 -> Jtit</text>
-      <pattern>
-        9C 60 68 53 74 41 6C 68 54 68 49 6E E8 00 00 00 00 58 BB 37 1F 00 00 2B C3 50 68 xx xx xx xx 68 00 28 00 00 68 04 01 00 00 E8 BA FE FF FF E9 90 FF FF FF CC CC CC CC CC CC CC 55 8B EC 83 C4 F4 FC 53 57 56 8B 75 08 8B 7D 0C C7 45 FC 08 00 00 00 33 DB BA 00 00 00 80 43 33 C0 E8 19 01 00 00 73 0E 8B 4D F8 E8 27 01 00 00 02 45 F7 AA EB E9 E8 04 01 00 00 0F 82 96 00 00 00 E8 F9 00 00 00 73 5B B9 04 00 00 00 E8 05 01 00 00 48 74 DE 0F 89 C6 00 00 00 E8 DF 00 00 00 73 1B 55 BD 00 01 00 00 E8 DF 00 00 00 88 07 47 4D 75 F5 E8 C7 00 00 00 72 E9 5D EB A2 B9 01 00 00 00 E8 D0 00 00 00 83 C0 07 89 45 F8 C6 45 F7 00 83 F8 08 74 89 E8 B1 00 00 00 88 45 F7 E9 7C FF FF FF B9 07 00 00 00 E8 AA 00 00 00 50 33 C9 B1 02 E8 A0 00 00 00 8B C8 41 41 58 0B C0 74 04 8B D8 EB 5E 83 F9 02 74 6A 41 E8 88 00 00 00 89 45 FC E9 48 FF FF FF E8 87 00 00 00 49 E2 09 8B C3 E8 7D 00 00 00 EB 3A 49 8B C1 55 8B 4D FC 8B E8 33 C0 D3 E5 E8 5D 00 00 00 0B C5 5D 8B D8 E8 5F 00 00 00 3D 00 00 01 00 73 14 3D FF 37 00 00 73 0E 3D 7F 02 00 00 73 08 83 F8 7F 77 04 41 41 41 41 56 8B F7 2B F0 F3 A4 5E E9 F0 FE FF FF 33 C0 EB 05 8B C7 2B 45 0C 5E 5F 5B C9 C2 08 00 03 D2 75 08 8B 16 83 C6 04 F9 13 D2 C3 B9 08 00 00 00 E8 01 00 00 00 C3 33 C0 E8 E1 FF FF FF 13 C0 E2 F7 C3 33 C9 41 E8 D4 FF FF FF 13 C9 E8 CD FF FF FF 72 F2 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Embedded V1.9X -> Jitit ! Sign by fly</text>
-      <pattern>
-        55 8B EC 51 53 56 57 6A 00 6A 00 FF 15 xx xx xx xx 50 E8 87 FC FF FF 59 59 A1 xx xx xx xx 8B 40 10 03 05 xx xx xx xx 89 45 FC 8B 45 FC FF E0 5F 5E 5B C9 C3 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Embedded V2.0X -> Jitit ! Sign by fly</text>
-      <pattern>
-        B8 EF BE AD DE 50 6A 00 FF 15 xx xx xx xx E9 AD FF FF FF 8B C1 8B 4C 24 04 89 88 29 04 00 00 C7 40 0C 01 00 00 00 0F B6 49 01 D1 E9 89 48 10 C7 40 14 80 00 00 00 C2 04 00 8B 44 24 04 C7 41 0C 01 00 00 00 89 81 29 04 00 00 0F B6 40 01 D1 E8 89 41 10 C7 41 14 80 00 00 00 C2 04 00 55 8B EC 53 56 57 33 C0 33 FF 39 45 0C 8B F1 76 0C 8B 4D 08 03 3C 81 40 3B 45 0C 72 F4 8B CE E8 43 00 00 00 8B 46 14 33 D2 F7 F7 8B 5E 10 33 D2 8B F8 8B C3 F7 F7 89 7E 18 89 45 0C 33 C0 33 C9 8B 55 08 03 0C 82 40 39 4D 0C 73 F4 48 8B 14 82 2B CA 0F AF CF 2B D9 0F AF FA 89 7E 14 89 5E 10 5F 5E 5B 5D C2 08 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Embedded V2.0X -> Jitit</text>
-      <pattern>
-        B8 EF BE AD DE 50 6A 00 FF 15 xx xx xx xx E9 AD FF FF FF 8B C1 8B 4C 24 04 89 88 29 04 00 00 C7 40 0C 01 00 00 00 0F B6 49 01 D1 E9 89 48 10 C7 40 14 80 00 00 00 C2 04 00 8B 44 24 04 C7 41 0C 01 00 00 00 89 81 29 04 00 00 0F B6 40 01 D1 E8 89 41 10 C7 41
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Embedded V2.2X-V2.308 -> Jitit ! Sign by fly</text>
-      <pattern>
-        B8 EF BE AD DE 50 6A 00 FF 15 xx xx xx xx E9 B9 FF FF FF 8B C1 8B 4C 24 04 89 88 29 04 00 00 C7 40 0C 01 00 00 00 0F B6 49 01 D1 E9 89 48 10 C7 40 14 80 00 00 00 C2 04 00 8B 44 24 04 C7 41 0C 01 00 00 00 89 81 29 04 00 00 0F B6 40 01 D1 E8 89 41 10 C7 41 14 80 00 00 00 C2 04 00 55 8B EC 53 56 57 33 C0 33 FF 39 45 0C 8B F1 76 0C 8B 4D 08 03 3C 81 40 3B 45 0C 72 F4 8B CE E8 43 00 00 00 8B 46 14 33 D2 F7 F7 8B 5E 10 33 D2 8B F8 8B C3 F7 F7 89 7E 18 89 45 0C 33 C0 33 C9 8B 55 08 03 0C 82 40 39 4D 0C 73 F4 48 8B 14 82 2B CA 0F AF CF 2B D9 0F AF FA 89 7E 14 89 5E 10 5F 5E 5B 5D C2 08 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Embedded V2.2X-V2.308 -> Jitit</text>
-      <pattern>
-        B8 EF BE AD DE 50 6A 00 FF 15 xx xx xx xx E9 B9 FF FF FF 8B C1 8B 4C 24 04 89 88 29 04 00 00 C7 40 0C 01 00 00 00 0F B6 49 01 D1 E9 89 48 10 C7 40 14 80 00 00 00 C2 04 00 8B 44 24 04 C7 41 0C 01 00 00 00 89 81 29 04 00 00 0F B6 40 01 D1 E8 89 41 10 C7 41
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Embedded V2.312 -> Jitit ! Sign by fly</text>
-      <pattern>
-        6A 00 FF 15 xx xx xx xx E8 D4 F8 FF FF E9 E9 AD FF FF FF 8B C1 8B 4C 24 04 89 88 29 04 00 00 C7 40 0C 01 00 00 00 0F B6 49 01 D1 E9 89 48 10 C7 40 14 80 00 00 00 C2 04 00 8B 44 24 04 C7 41 0C 01 00 00 00 89 81 29 04 00 00 0F B6 40 01 D1 E8 89 41 10 C7 41 14 80 00 00 00 C2 04 00 55 8B EC 53 56 57 33 C0 33 FF 39 45 0C 8B F1 76 0C 8B 4D 08 03 3C 81 40 3B 45 0C 72 F4 8B CE E8 43 00 00 00 8B 46 14 33 D2 F7 F7 8B 5E 10 33 D2 8B F8 8B C3 F7 F7 89 7E 18 89 45 0C 33 C0 33 C9 8B 55 08 03 0C 82 40 39 4D 0C 73 F4 48 8B 14 82 2B CA 0F AF CF 2B D9 0F AF FA 89 7E 14 89 5E 10 5F 5E 5B 5D C2 08 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Embedded V2.312 -> Jitit</text>
-      <pattern>
-        6A 00 FF 15 xx xx xx xx E8 D4 F8 FF FF E9 E9 AD FF FF FF 8B C1 8B 4C 24 04 89 88 29 04 00 00 C7 40 0C 01 00 00 00 0F B6 49 01 D1 E9 89 48 10 C7 40 14 80 00 00 00 C2 04 00 8B 44 24 04 C7 41 0C 01 00 00 00 89 81 29 04 00 00 0F B6 40 01 D1 E8 89 41 10 C7 41
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Embedded V2.422-V2.428 -> Jitit ! Sign by fly</text>
-      <pattern>
-        55 8B EC B8 xx xx xx xx BB xx xx xx xx 50 E8 00 00 00 00 58 2D 9B 1A 00 00 B9 84 1A 00 00 BA 14 1B 00 00 BE 00 10 00 00 BF B0 53 00 00 BD E0 1A 00 00 03 E8 81 75 00 xx xx xx xx 81 75 04 xx xx xx xx 81 75 08 xx xx xx xx 81 75 0C xx xx xx xx 81 75 10
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Embedded V2.501 -> Jitit ! Sign by fly</text>
-      <pattern>
-        55 8B EC B8 xx xx xx xx BB xx xx xx xx 50 E8 00 00 00 00 58 2D A8 1A 00 00 B9 6D 1A 00 00 BA 21 1B 00 00 BE 00 10 00 00 BF C0 53 00 00 BD F0 1A 00 00 03 E8 81 75 00 xx xx xx xx 81 75 04 xx xx xx xx 81 75 08 xx xx xx xx 81 75 0C xx xx xx xx 81 75 10
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Embedded V2.545 -> Jitit ! Sign by fly</text>
-      <pattern>
-        E8 F2 FF FF FF 50 68 xx xx xx xx 68 40 1B 00 00 E8 42 FF FF FF E9 9D FF FF FF 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Embedded V2.547-V2.600 -> Jitit ! Sign by fly</text>
-      <pattern>
-        E8 00 00 00 00 58 BB BC 18 00 00 2B C3 50 68 xx xx xx xx 68 60 1B 00 00 68 60 00 00 00 E8 35 FF FF FF E9 99 FF FF FF 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Embedded V2.609 -> Jitit ! Sign by fly</text>
-      <pattern>
-        E8 00 00 00 00 58 BB AD 19 00 00 2B C3 50 68 xx xx xx xx 68 B0 1C 00 00 68 80 00 00 00 E8 35 FF FF FF E9 99 FF FF FF 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Embedded V2.620-V2.623 -> Jitit ! Sign by fly</text>
-      <pattern>
-        E8 00 00 00 00 58 BB AC 1E 00 00 2B C3 50 68 xx xx xx xx 68 B0 21 00 00 68 C4 00 00 00 E8 C3 FE FF FF E9 99 FF FF FF 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Embedded V2.717-V2.719 -> Jitit ! Sign by fly</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 58 BB xx xx xx xx 2B C3 50 68 xx xx xx xx 68 xx xx xx xx 68 xx xx xx xx E8 C1 FE FF FF E9 97 FF FF FF CC CC 55 8B EC 83 C4 F4 FC 53 57 56 8B 75 08 8B 7D 0C C7 45 FC 08 00 00 00 33 DB BA 00 00 00 80 43 33 C0 E8 19 01 00 00 73 0E 8B 4D F8 E8 27 01 00 00 02 45 F7 AA EB E9 E8 04 01 00 00 0F 82 96 00 00 00 E8 F9 00 00 00 73 5B B9 04 00 00 00 E8 05 01 00 00 48 74 DE 0F 89 C6 00 00 00 E8 DF 00 00 00 73 1B 55 BD 00 01 00 00 E8 DF 00 00 00 88 07 47 4D 75 F5 E8 C7 00 00 00 72 E9 5D EB A2 B9 01 00 00 00 E8 D0 00 00 00 83 C0 07 89 45 F8 C6 45 F7 00 83 F8 08 74 89 E8 B1 00 00 00 88 45 F7 E9 7C FF FF FF B9 07 00 00 00 E8 AA 00 00 00 50 33 C9 B1 02 E8 A0 00 00 00 8B C8 41 41 58 0B C0 74 04 8B D8 EB 5E 83 F9 02 74 6A 41 E8 88 00 00 00 89 45 FC E9 48 FF FF FF E8 87 00 00 00 49 E2 09 8B C3 E8 7D 00 00 00 EB 3A 49 8B C1 55 8B 4D FC 8B E8 33 C0 D3 E5 E8 5D 00 00 00 0B C5 5D 8B D8 E8 5F 00 00 00 3D 00 00 01 00 73 14 3D FF 37 00 00 73 0E 3D 7F 02 00 00 73 08 83 F8 7F 77 04 41 41 41 41 56 8B F7 2B F0 F3 A4 5E E9 F0 FE FF FF 33 C0 EB 05 8B C7 2B 45 0C 5E 5F 5B C9 C2 08 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Embedded V2.717-V2.719 -> Jitit</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 58 BB xx xx xx xx 2B C3 50 68 xx xx xx xx 68 xx xx xx xx 68 xx xx xx xx E8 C1 FE FF FF E9 97 FF FF FF CC CC 55 8B EC 83 C4 F4 FC 53 57 56 8B 75 08 8B 7D 0C C7 45 FC 08 00 00 00 33 DB BA 00 00 00 80 43 33 C0 E8 19 01 00 00 73 0E 8B 4D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall V2.403 -> Jitit</text>
-      <pattern>
-        6A 00 FF 15 20 50 40 00 E8 D4 F8 FF FF E9 E9 AD FF FF FF 8B C1 8B 4C 24 04 89 88 29 04 00 00 C7 40 0C 01 00 00 00 0F B6 49 01 D1 E9 89 48 10 C7 40 14 80 00 00 00 C2 04 00 8B 44 24 04 C7 41 0C 01 00 00 00 89 81 29 04 00 00 0F B6 40 01 D1 E8 89 41 10 C7 41 14 80 00 00 00 C2 04 00 55 8B EC 53 56 57 33 C0 33 FF 39 45 0C 8B F1 76 0C 8B 4D 08 03 3C 81 40 3B 45 0C 72 F4 8B CE E8 43 00 00 00 8B 46 14 33 D2 F7 F7 8B 5E 10 33 D2 8B F8 8B C3 F7 F7 89 7E 18 89 45 0C 33 C0 33 C9 8B 55 08 03 0C 82 40 39 4D 0C 73 F4 48 8B 14 82 2B CA 0F AF CF 2B D9 0F AF FA 89 7E 14 89 5E 10 5F 5E 5B 5D C2 08 00 57 BF 00 00 80 00 39 79 14 77 36 53 56 8B B1 29 04 00 00 8B 41 0C 8B 59 10 03 DB 8A 14 30 83 E2 01 0B D3 C1 E2 07 40 89 51 10 89 41 0C 0F B6 04 30 C1 61 14 08 D1 E8 09 41 10 39
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall v2.460 -> Jitit</text>
-      <pattern>
-        55 8B EC 51 53 56 57 6A 00 6A 00 FF 15 F4 18 40 00 50 E8 87 FC FF FF 59 59 A1 94 1A 40 00 8B 40 10 03 05 90 1A 40 00 89 45 FC 8B 45 FC FF E0 5F 5E 5B C9 C3 00 00 00 76 0C 00 00 D4 0C 00 00 1E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall V2.736 -> Jitit ! Sign by fly</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 58 BB F3 1C 00 00 2B C3 50 68 00 00 40 00 68 00 26 00 00 68 CC 00 00 00 E8 C1 FE FF FF E9 97 FF FF FF CC CC CC CC CC CC CC CC CC CC CC 55 8B EC 83 C4 F4 FC 53 57 56 8B 75 08 8B 7D 0C C7 45 FC 08 00 00 00 33 DB BA 00 00 00 80 43 33 C0 E8 19 01 00 00 73 0E 8B 4D F8 E8 27 01 00 00 02 45 F7 AA EB E9 E8 04 01 00 00 0F 82 96 00 00 00 E8 F9 00 00 00 73 5B B9 04 00 00 00 E8 05 01 00 00 48 74 DE 0F 89 C6 00 00 00 E8 DF 00 00 00 73 1B 55 BD 00 01 00 00 E8 DF 00 00 00 88 07 47 4D 75 F5 E8 C7 00 00 00 72 E9 5D EB A2 B9 01 00 00 00 E8 D0 00 00 00 83 C0 07 89 45 F8 C6 45 F7 00 83 F8 08 74 89 E8 B1 00 00 00 88 45 F7 E9 7C FF FF FF B9 07 00 00 00 E8 AA 00 00 00 50 33 C9 B1 02 E8 A0 00 00 00 8B C8 41 41 58 0B C0 74 04 8B D8 EB 5E 83 F9 02 74 6A 41 E8 88 00 00 00 89 45 FC E9 48 FF FF FF E8 87 00 00 00 49 E2 09 8B C3 E8 7D 00 00 00 EB 3A 49 8B C1 55 8B 4D FC 8B E8 33 C0 D3 E5 E8 5D 00 00 00 0B C5 5D 8B D8 E8 5F 00 00 00 3D 00 00 01 00 73 14 3D FF 37 00 00 73 0E 3D 7F 02 00 00 73 08 83 F8 7F 77 04 41 41 41 41 56 8B F7 2B F0 F3 A4 5E E9 F0 FE FF FF 33 C0 EB 05 8B C7 2B 45 0C 5E 5F 5B C9 C2 08 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall V2.736 -> Jitit</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 58 BB F3 1C 00 00 2B C3 50 68 00 00 40 00 68 00 26 00 00 68 CC 00 00 00 E8 C1 FE FF FF E9 97 FF FF FF CC CC CC CC CC CC CC CC CC CC CC 55 8B EC 83 C4 F4 FC 53 57 56 8B 75 08 8B 7D 0C C7 45 FC 08 00 00 00 33 DB BA 00 00 00 80 43 33 C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall V2.7X -> Jitit</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 58 BB xx xx xx xx 2B C3 50 68 xx xx xx xx 68 xx xx xx xx 68 xx xx xx xx E8 xx xx xx xx E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Virtualization Suite 3.035-3.043 -> Thinstall Company</text>
-      <pattern>
-        9C 60 68 53 74 41 6C 68 54 68 49 6E E8 00 00 00 00 58 BB 37 1F 00 00 2B C3 50 68 xx xx xx xx 68 00 28 00 00 68 04 01 00 00 E8 BA FE FF FF E9 90 FF FF FF CC CC CC CC CC CC CC 55 8B EC 83 C4 F4 FC 53 57 56 8B 75 08 8B 7D 0C C7 45 FC 08 00 00 00 33 DB BA 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Virtualization Suite 3.0xx -> Jitit Software</text>
-      <pattern>
-        9C 60 68 53 74 41 6C 68 54 68 49 6E E8 00 00 00 00 58 BB 37 1F 00 00 2B C3 50 68 00 00 00 01 68 00 xx 00 00 68 04 01 00 00 E8 BA FE FF FF E9 90 FF FF FF CC CC CC CC CC CC CC 55 8B EC 83 C4 F4
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Virtualization Suite V3.035-V3.043 -> Thinstall Company ! Sign by fly</text>
-      <pattern>
-        9C 60 68 53 74 41 6C 68 54 68 49 6E E8 00 00 00 00 58 BB 37 1F 00 00 2B C3 50 68 xx xx xx xx 68 00 28 00 00 68 04 01 00 00 E8 BA FE FF FF E9 90 FF FF FF CC CC CC CC CC CC CC 55 8B EC 83 C4 F4 FC 53 57 56 8B 75 08 8B 7D 0C C7 45 FC 08 00 00 00 33 DB BA 00 00 00 80 43 33 C0 E8 19 01 00 00 73 0E 8B 4D F8 E8 27 01 00 00 02 45 F7 AA EB E9 E8 04 01 00 00 0F 82 96 00 00 00 E8 F9 00 00 00 73 5B B9 04 00 00 00 E8 05 01 00 00 48 74 DE 0F 89 C6 00 00 00 E8 DF 00 00 00 73 1B 55 BD 00 01 00 00 E8 DF 00 00 00 88 07 47 4D 75 F5 E8 C7 00 00 00 72 E9 5D EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Virtualization Suite V3.049-V3.080 -> Thinstall Company ! Sign by fly</text>
-      <pattern>
-        9C 60 68 53 74 41 6C 68 54 68 49 6E E8 00 00 00 00 58 BB 37 1F 00 00 2B C3 50 68 xx xx xx xx 68 00 2C 00 00 68 04 01 00 00 E8 BA FE FF FF E9 90 FF FF FF CC CC CC CC CC CC CC 55 8B EC 83 C4 F4 FC 53 57 56 8B 75 08 8B 7D 0C C7 45 FC 08 00 00 00 33 DB BA 00 00 00 80 43 33 C0 E8 19 01 00 00 73 0E 8B 4D F8 E8 27 01 00 00 02 45 F7 AA EB E9 E8 04 01 00 00 0F 82 96 00 00 00 E8 F9 00 00 00 73 5B B9 04 00 00 00 E8 05 01 00 00 48 74 DE 0F 89 C6 00 00 00 E8 DF 00 00 00 73 1B 55 BD 00 01 00 00 E8 DF 00 00 00 88 07 47 4D 75 F5 E8 C7 00 00 00 72 E9 5D EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Virtualization Suite V3.049-V3.080 -> Thinstall Company</text>
-      <pattern>
-        9C 60 68 53 74 41 6C 68 54 68 49 6E E8 00 00 00 00 58 BB 37 1F 00 00 2B C3 50 68 xx xx xx xx 68 00 2C 00 00 68 04 01 00 00 E8 BA FE FF FF E9 90 FF FF FF CC CC CC CC CC CC CC 55 8B EC 83 C4 F4 FC 53 57 56 8B 75 08 8B 7D 0C C7 45 FC 08 00 00 00 33 DB BA 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Virtualization Suite V3.0X -> Thinstall Company ! Sign by fly</text>
-      <pattern>
-        9C 60 68 xx xx xx xx 68 xx xx xx xx E8 00 00 00 00 58 BB xx xx xx xx 2B C3 50 68 xx xx xx xx 68 xx xx xx xx 68 xx xx xx xx E8 BA FE FF FF E9 xx xx xx xx CC CC CC CC CC CC CC 55 8B EC 83 C4 F4 FC 53 57 56 8B 75 08 8B 7D 0C C7 45 FC 08 00 00 00 33 DB BA xx xx xx xx 43 33 C0 E8 19 01 00 00 73 0E 8B 4D F8 E8 27 01 00 00 02 45 F7 AA EB E9 E8 04 01 00 00 0F 82 96 00 00 00 E8 F9 00 00 00 73 5B B9 04 00 00 00 E8 05 01 00 00 48 74 DE 0F 89 xx xx xx xx E8 DF 00 00 00 73 1B 55 BD xx xx xx xx E8 DF 00 00 00 88 07 47 4D 75 F5 E8 C7 00 00 00 72 E9 5D EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Virtualization Suite V3.0X -> Thinstall Company</text>
-      <pattern>
-        9C 60 68 xx xx xx xx 68 xx xx xx xx E8 00 00 00 00 58 BB xx xx xx xx 2B C3 50 68 xx xx xx xx 68 xx xx xx xx 68 xx xx xx xx E8 BA FE FF FF E9 xx xx xx xx CC CC CC CC CC CC CC 55 8B EC 83 C4 F4 FC 53 57 56 8B 75 08 8B 7D 0C C7 45 FC 08 00 00 00 33 DB BA
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall Virtualization Suite V3.10X -> Thinstall Company</text>
-      <pattern>
-        9C 60 68 53 74 41 6C 68 54 68 49 6E E8 00 00 00 00 58 BB xx xx xx xx 2B C3 50 68 xx xx xx xx 68 xx xx xx xx 68 xx xx xx xx E8 2C FF FF FF E9 90 FF FF FF CC CC 55 8B EC 83 C4 F4 FC 53 57 56 8B 75 08 8B 7D 0C C7 45 FC 08 00 00 00 33 DB BA 00 00 00 80 43 33
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Thinstall vx.x</text>
-      <pattern>
-        B8 EF BE AD DE 50 6A xx FF 15 10 19 40 xx E9 AD FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>TMT-Pascal v0.40</text>
-      <pattern>
-        0E 1F 06 8C 06 xx xx 26 A1 xx xx A3 xx xx 8E C0 66 33 FF 66 33 C9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>TopSpeed v3.01 1989</text>
-      <pattern>
-        1E BA xx xx 8E DA 8B xx xx xx 8B xx xx xx FF xx xx xx 50 53
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>TPPpack-> clane</text>
-      <pattern>
-        E8 00 00 00 00 5D 81 ED F5 8F 40 00 60 33 xx E8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Trainer Creation Kit 5 Trainer</text>
-      <pattern>
-        6A 00 68 80 00 00 00 6A 02 6A 00 6A 00 68 00 00 00 40 68 25 45 40 00 E8 3C 02 00 00 50 6A 00 68 40 45 40 00 68 00 10 00 00 68 00 30 40 00 50 E8 54 02 00 00 58 50 E8 17 02 00 00 6A 00 E8 2E 02 00 00 A3 70 45 40 00 68 25 45 40 00 E8 2B 02 00 00 A3 30 45 40
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Trainer Creation Kit v5 Trainer</text>
-      <pattern>
-        6A 00 68 80 00 00 00 6A 02 6A 00 6A 00 68 00 00 00 40 68 25 45 40 00 E8 3C 02 00 00 50 6A 00 68 40 45 40 00 68 00 10 00 00 68 00 30 40 00 50 E8 54 02 00 00 58 50 E8 17 02 00 00 6A 00 E8 2E 02 00 00 A3 70 45 40 00 68 25 45 40 00 E8 2B 02 00 00 A3 30 45 40 00 68 34 45 40 00 50 E8 15 02 00 00 6A 00 FF 35 30 45 40 00 50 6A 02 E8 4D 02 00 00 A3 74 45 40 00 6A 00 68 D4 10 40 00 6A 00 6A 01 FF 35 70 45 40 00 E8 02 02 00 00 B3 0A FE CB 74 10 FF 35 74 45 40 00 E8 27 02 00 00 83 F8 00 74 EC B3 0A FE CB 74 10 FF 35 30 45 40 00 E8 B7 01 00 00 83 F8 00 74 EC B3 0A FE CB 74 16 68 25 45 40 00 E8 96 01 00 00 83 F8 00 74 ED 6A 00 E8 90 01 00 00 55 8B EC 56 51 57 8B 45 0C 98 3D 10 01 00 00 0F 85 C7 00 00 00 6A 01 FF 35 70 45 40 00 E8 B0 01 00 00 50 6A 01 68 80 00 00 00 FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Trilobyte's JPEG graphics Library</text>
-      <pattern>
-        84 10 FF FF FF FF 1E 00 01 10 08 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Trivial173 by SMT/SMF</text>
-      <pattern>
-        EB xx xx 28 54 72 69 76 69 61 6C 31 37 33 20 62 79 20 53 4D 54 2F 53 4D 46 29
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>TrueType Font file</text>
-      <pattern>
-        00 01 00 00 xx xx xx xx xx xx xx xx 4C 54 53 48
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>TrueType Font file</text>
-      <pattern>
-        00 01 00 00 xx xx xx xx xx xx xx xx 4F 53 2F 32
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>TTPpack</text>
-      <pattern>
-        E8 00 00 00 00 5D 81 ED F5 8F 40 00 60 33 F6 E8 11 00 00 00 8B 64 24 08 64 8F 05
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Turbo C 1987 or Borland C++ 1991</text>
-      <pattern>
-        FB BA xx xx 2E 89 xx xx xx B4 30 CD 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Turbo C 1987</text>
-      <pattern>
-        FB 8C CA 2E 89 16 xx xx B4 30 CD 21 8B 2E xx xx 8B 1E xx xx 8E DA
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Turbo C 1988</text>
-      <pattern>
-        8C D8 BB xx xx 8E DB 8C D3 8B CC FA 8E xx xx xx BC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Turbo C 1990 or Turbo C 1988</text>
-      <pattern>
-        BA xx xx 2E 89 xx xx xx B4 30 CD 21 8B xx xx xx 8B xx xx xx 8E DA
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Turbo C or Borland C++</text>
-      <pattern>
-        BA xx xx 2E 89 16 xx xx B4 30 CD 21 8B 2E xx xx 8B 1E xx xx 8E DA
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Turbo C++ 3.0 1990</text>
-      <pattern>
-        8C CA 2E 89 16 xx xx B4 30 CD 21 8B 2E xx xx 8B xx xx xx 8E DA A3 xx xx 8C 06
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Turbo C</text>
-      <pattern>
-        BC xx xx E8 xx xx 2E 8E xx xx xx E8 xx xx 2E 80 xx xx xx xx 75 xx E8 xx xx 8B C3 2E F7 xx xx xx E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Turbo or Borland Pascal v7.0</text>
-      <pattern>
-        9A xx xx xx xx C8 xx xx xx 9A xx xx xx xx 09 C0 75 xx EB xx 8D xx xx xx 16 57 6A xx 9A xx xx xx xx BF xx xx 1E 57 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Turbo Pascal Configuration File</text>
-      <pattern>
-        54 75 72 62 6F 20 50 61 73 63 61 6C 20 43 6F 6E 66 69 67 75 72 61 74 69 6F 6E
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Turbo Pascal Desktop File</text>
-      <pattern>
-        54 75 72 62 6F 20 50 61 73 63 61 6C 20 44 65 73 6B 74 6F 70
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Turbo Pascal Help File</text>
-      <pattern>
-        54 55 52 xx xx xx 50 41 53 xx xx xx xx 48 45 4C 50
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Turbo Pascal v2.0 1984</text>
-      <pattern>
-        xx xx xx 90 90 CD AB xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 38 34
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Turbo Pascal v3.0 1985</text>
-      <pattern>
-        xx xx xx 90 90 CD AB xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 38 35
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Turbo Profiler Areas file</text>
-      <pattern>
-        54 75 72 62 6F xx 50 72 6F 66 69 6C 65 72 xx 61 72 65 61 73 xx 66 69 6C 65
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>TurboBAT v3.10 .. 5.0 (Patched)</text>
-      <pattern>
-        90 90 90 90 90 90 90 06 B8 xx xx 8E C0 B9 xx xx 26 xx xx xx xx 80 xx xx 26 xx xx xx 24 xx 3A C4 90 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>TurboBAT v3.10 .. 5.0</text>
-      <pattern>
-        BA xx xx B4 09 xx xx 06 B8 xx xx 8E C0 B9 xx xx 26 xx xx xx xx 80 xx xx 26 xx xx xx 24 0F 3A C4 xx xx 26 xx xx xx 24 0F 3A C4
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>TXT2COM (Read-A-Matic v1.0)</text>
-      <pattern>
-        B8 xx xx 8E D8 8C 06 xx xx FA 8E D0 BC xx xx FB B4 xx CD 21 A3 xx xx 06 50 B4 34 CD 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>TXT2COM v2.06</text>
-      <pattern>
-        8D 26 xx xx E8 xx xx B8 xx xx CD 21 CD 20 54 58 54 32 43 4F 4D 20
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UCEXE v2.3, v2.4</text>
-      <pattern>
-        50 1E 0E 1F FC 33 F6 E8 xx xx 16 07 33 F6 33 FF B9 xx xx F3 A5 06 B8 xx xx 50 CB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UG2002 Cruncher v0.3b3</text>
-      <pattern>
-        60 E8 xx xx xx xx 5D 81 ED xx xx xx xx E8 0D xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UltraPro V1.0 -> SafeNet</text>
-      <pattern>
-        A1 xx xx xx xx 85 C0 0F 85 3B 06 00 00 55 56 C7 05 xx xx xx xx 01 00 00 00 FF 15
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UnderGround Crypter - by Booster2000</text>
-      <pattern>
-        55 8B EC 83 C4 F0 B8 74 3C 00 11 E8 94 F9 FF FF E8 BF FE FF FF E8 0A F3 FF FF 8B C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>unknown -> jac</text>
-      <pattern>
-        55 89 E5 B9 00 80 00 00 BA xx xx xx xx B8 xx xx xx xx 05 xx xx xx xx 31 C2 66 01 C2 C1 C2 07 E2 F1 50 E8 91 FF FF FF C9 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unknown by SMT</text>
-      <pattern>
-        60 BE xx xx xx xx 8D BE xx xx xx xx 83 xx xx 57 EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unknown encryptor (1)</text>
-      <pattern>
-        EB xx 2E 90 xx xx 8C DB 8C CA 8E DA FA 8B EC BE xx xx BC xx xx BF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unknown encryptor (2) - "PK7Tjrvx"</text>
-      <pattern>
-        06 B4 52 CD 21 07 E8 xx xx B4 62 CD 21 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unknown Joiner (sign from pinch 26.03.2007 02:12)</text>
-      <pattern>
-        44 90 4C 90 B9 DE 00 00 00 BA 00 10 40 00 83 C2 03 44 90 4C B9 07 00 00 00 44 90 4C 33 C9 C7 05 08 30 40 00 00 00 00 00 90 68 00 01 00 00 68 21 30 40 00 6A 00 E8 C5 02 00 00 90 6A 00 68 80
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unknown packer (02)</text>
-      <pattern>
-        FA 8C DE 8C CF 8E DF 8E C7 83 C7 xx BB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unknown packer (03)</text>
-      <pattern>
-        06 1E 57 56 50 53 51 52 BD xx xx 0E 1F 8C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unknown packer (04)</text>
-      <pattern>
-        BC xx xx C3 2E FF 2E xx xx CF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unknown packer (05)</text>
-      <pattern>
-        FA BB xx xx B9 xx xx 87 E5 87 27 03 E3 91 8A CB 80 E1 xx D3 C4 91 33 E3 87 27
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unknown packer (06)</text>
-      <pattern>
-        FA B8 xx xx BE xx xx 33 F0 0E 17 2E xx xx xx BA xx xx 87 E6 5B 33 DC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unknown packer (07)</text>
-      <pattern>
-        8C C8 05 xx xx 50 B8 xx xx 50 B0 xx 06 8C D2 06 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unknown packer (08)</text>
-      <pattern>
-        8B C4 2D xx xx 24 00 8B F8 57 B9 xx xx BE xx xx F3 A5 FD C3 97 4F 4F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unknown Packer -> Northfox</text>
-      <pattern>
-        54 59 68 61 7A 79
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unknown Protected Mode compiler (1)</text>
-      <pattern>
-        FA BC xx xx 8C C8 8E D8 E8 xx xx E8 xx xx E8 xx xx 66 B8 xx xx xx xx 66 C1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unknown Protected Mode compiler (2)</text>
-      <pattern>
-        FA FC 0E 1F E8 xx xx 8C C0 66 0F B7 C0 66 C1 E0 xx 66 67 A3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unknown UPX modifyer</text>
-      <pattern>
-        E8 02 00 00 00 CD 03 5A 81 C2 xx xx xx xx 81 C2 xx xx xx xx 89 D1 81 C1 3C 05 00 00 52 81 2A 33 53 45 12 83 C2 04 39 CA 7E F3 89 CA 8B 42 04 8D 18 29 02 BB 78 56 00 00 83 EA 04 3B 14 24 7D EC C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unnamed Scrambler 1.0 -> p0ke</text>
-      <pattern>
-        55 8B EC 83 C4 EC 53 56 33 C0 89 45 xx xx xx xx 40 00 E8 11 F4 FF FF BE 30 6B 40 00 33 C0 55 68 C9 42 40 00 64 FF 30 64 89 20 E8 C9 FA FF FF BA D8 42 40 00 8B xx xx xx xx FF FF 8B D8 B8 28 6B 40 00 8B 16 E8 37 F0 FF FF B8 2C 6B 40 00 8B 16 E8 2B F0 FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unnamed Scrambler 1.0 -> p0ke</text>
-      <pattern>
-        55 8B EC 83 C4 EC 53 56 33 C0 89 45 xx xx xx xx 40 00 E8 11 F4 FF FF BE 30 6B 40 00 33 C0 55 68 C9 42 40 00 64 FF 30 64 89 20 E8 C9 FA FF FF BA D8 42 40 00 8B xx xx xx xx FF FF 8B D8 B8 28 6B 40 00 8B 16 E8 37 F0 FF FF B8 2C 6B 40 00 8B 16 E8 2B F0 FF FF B8 28 6B 40 00 E8 19 F0 FF FF 8B D0 8B C3 8B 0E E8 42 E3 FF FF BA DC 42 40 00 8B C6 E8 2A FA FF FF 8B D8 B8 20 6B 40 00 8B 16 E8 FC EF FF FF B8 24 6B 40 00 8B 16 E8 F0 EF FF FF B8 20 6B 40 00 E8 DE EF FF FF 8B D0 8B C3 8B 0E E8 07 E3 FF FF 6A 00 6A 19 6A 00 6A 32 A1 28 6B 40 00 E8 59 EF FF FF 83 E8 05 03 C0 8D 55 EC E8 94 FE FF FF 8B 55 EC B9 24 6B 40 00 A1 20 6B 40 00 E8 E2 F6 FF FF 6A 00 6A 19 6A 00 6A 32
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unnamed Scrambler 1.1C -> p0ke</text>
-      <pattern>
-        55 8B EC 83 C4 E4 53 56 33 C0 89 45 E4 89 45 E8 89 45 EC B8 C0 47 00 10 E8 4F F3 FF FF BE 5C 67 00 10 33 C0 55 68 D2 4A 00 10 64 FF 30 64 89 20 E8 EB DE FF FF E8 C6 F8 FF FF BA E0 4A 00 10 B8 CC 67 00 10 E8 5F F8 FF FF 8B D8 8B D6 8B C3 8B 0D CC 67 00 10
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unnamed Scrambler 1.1C -> p0ke</text>
-      <pattern>
-        55 8B EC 83 C4 E4 53 56 33 C0 89 45 E4 89 45 E8 89 45 EC B8 C0 47 00 10 E8 4F F3 FF FF BE 5C 67 00 10 33 C0 55 68 D2 4A 00 10 64 FF 30 64 89 20 E8 EB DE FF FF E8 C6 F8 FF FF BA E0 4A 00 10 B8 CC 67 00 10 E8 5F F8 FF FF 8B D8 8B D6 8B C3 8B 0D CC 67 00 10 E8 3A DD FF FF 8B 46 50 8B D0 B8 D4 67 00 10 E8 5B EF FF FF B8 D4 67 00 10 E8 09 EF FF FF 8B D0 8D 46 14 8B 4E 50 E8 14 DD FF FF 8B 46 48 8B D0 B8 D8 67 00 xx xx xx xx xx FF B8 D8 67 00 10 E8 E3 EE FF FF 8B D0 8B C6 8B 4E 48 E8 EF DC FF FF FF 76 5C FF 76 58 FF 76 64 FF 76 60 B9 D4 67 00 10 8B 15 D8 67 00 10 A1 D4 67 00 10 E8 76 F6 FF FF A1 D4 67 00 10 E8 5C EE FF FF 8B D0 B8 CC 67 00 10 E8 CC F7 FF FF 8B D8 B8 DC 67 00 10
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unnamed Scrambler 1.2B -> p0ke</text>
-      <pattern>
-        55 8B EC 83 C4 D8 53 56 57 33 C0 89 45 D8 89 45 DC 89 45 E0 89 45 E4 89 45 E8 B8 70 3A 40 00 E8 C4 EC FF FF 33 C0 55 68 5C 3F 40 00 64 FF 30 64 89 20 E8 C5 D7 FF FF E8 5C F5 FF FF B8 20 65 40 00 33 C9 BA 04 01 00 00 E8 D3 DB FF FF 68 04 01 00 00 68 20 65
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unnamed Scrambler 1.2B -> p0ke</text>
-      <pattern>
-        55 8B EC 83 C4 D8 53 56 57 33 C0 89 45 D8 89 45 DC 89 45 E0 89 45 E4 89 45 E8 B8 70 3A 40 00 E8 C4 EC FF FF 33 C0 55 68 5C 3F 40 00 64 FF 30 64 89 20 E8 C5 D7 FF FF E8 5C F5 FF FF B8 20 65 40 00 33 C9 BA 04 01 00 00 E8 D3 DB FF FF 68 04 01 00 00 68 20 65 40 00 6A 00 FF 15 10 55 40 00 BA 6C 3F 40 00 B8 14 55 40 00 E8 5A F4 FF FF 85 C0 0F 84 1B 04 00 00 BA 18 55 40 00 8B 0D 14 55 40 00 E8 16 D7 FF FF 8B 05 88 61 40 00 8B D0 B8 54 62 40 00 E8 D4 E3 FF FF B8 54 62 40 00 E8 F2 E2 FF FF 8B D0 B8 18 55 40 00 8B 0D 88 61 40 00 E8 E8 D6 FF FF FF 35 34 62 40 00 FF 35 30 62 40 00 FF 35 3C 62 40 00 FF 35 38 62 40 00 8D 55 E8 A1 88 61 40 00 E8 E3 F0 FF FF 8B 55 E8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unnamed Scrambler 1.2C / 1.2D -> p0ke</text>
-      <pattern>
-        55 8B EC B9 05 00 00 00 6A 00 6A 00 49 75 F9 51 53 56 57 B8 xx 3A xx xx E8 xx EC FF FF 33 C0 55 68 xx xx xx xx 64 FF 30 64 89 20 E8 xx D7 FF FF E8 xx xx FF FF B8 20 xx xx xx 33 C9 BA 04 01 00 00 E8 xx DB FF FF 68 04 01 00 00 68 20 xx xx xx 6A 00 FF 15 10
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unnamed Scrambler 1.2C / 1.2D -> p0ke</text>
-      <pattern>
-        55 8B EC B9 05 00 00 00 6A 00 6A 00 49 75 F9 51 53 56 57 B8 xx 3A xx xx E8 xx EC FF FF 33 C0 55 68 xx xx xx xx 64 FF 30 64 89 20 E8 xx D7 FF FF E8 xx xx FF FF B8 20 xx xx xx 33 C9 BA 04 01 00 00 E8 xx DB FF FF 68 04 01 00 00 68 20 xx xx xx 6A 00 FF 15 10 xx xx xx BA xx xx xx xx B8 14 xx xx xx E8 xx xx FF FF 85 C0 0F 84 xx 04 00 00 BA 18 xx xx xx 8B 0D 14 xx xx xx E8 xx xx FF FF 8B 05 88 xx xx xx 8B D0 B8 54 xx xx xx E8 xx E3 FF FF B8 54 xx xx xx E8 xx E2 FF FF 8B D0 B8 18 xx xx xx 8B 0D 88 xx xx xx E8 xx D6 FF FF FF 35 34 xx xx xx FF 35 30 xx xx xx FF 35 3C xx xx xx FF 35 38 xx xx xx 8D 55 E8 A1 88 xx xx xx E8 xx F0 FF FF 8B 55 E8 B9 54
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unnamed Scrambler 1.3B -> p0ke</text>
-      <pattern>
-        55 8B EC B9 08 00 00 00 6A 00 6A 00 49 75 F9 53 56 57 B8 98 56 00 10 E8 48 EB FF FF 33 C0 55 68 AC 5D 00 10 64 FF 30 64 89 20 6A 00 68 BC 5D 00 10 68 C4 5D 00 10 6A 00 E8 23 EC FF FF E8 C6 CE FF FF 6A 00 68 BC 5D 00 10 68 xx xx xx xx 6A 00 E8 0B EC FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unnamed Scrambler 1.3B -> p0ke</text>
-      <pattern>
-        55 8B EC B9 08 00 00 00 6A 00 6A 00 49 75 F9 53 56 57 B8 98 56 00 10 E8 48 EB FF FF 33 C0 55 68 AC 5D 00 10 64 FF 30 64 89 20 6A 00 68 BC 5D 00 10 68 C4 5D 00 10 6A 00 E8 23 EC FF FF E8 C6 CE FF FF 6A 00 68 BC 5D 00 10 68 xx xx xx xx 6A 00 E8 0B EC FF FF E8 F2 F4 FF FF B8 08 BC 00 10 33 C9 BA 04 01 00 00 E8 C1 D2 FF FF 6A 00 68 BC 5D 00 10 68 E4 5D 00 10 6A 00 E8 E2 EB FF FF 68 04 01 00 00 68 08 BC 00 10 6A 00 FF 15 68 77 00 10 6A 00 68 BC 5D 00 10 68 FC 5D 00 10 6A 00 E8 BD EB FF FF BA 10 5E 00 10 B8 70 77 00 10 E8 CA F3 FF FF 85 C0 0F 84 F7 05 00 00 BA 74 77 00 10 8B 0D 70 77 00 10 E8 FE CD FF FF 6A 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unnamed Scrambler 2.0 -> p0ke</text>
-      <pattern>
-        55 8B EC B9 0A 00 00 00 6A 00 6A 00 49 75 F9 53 56 57 B8 1C 2F 40 00 E8 C8 F1 FF FF 33 C0 55 68 FB 33 40 00 64 FF 30 64 89 20 BA 0C 34 40 00 B8 E4 54 40 00 E8 EF FE FF FF 8B D8 85 DB 75 07 6A 00 E8 5A F2 FF FF BA E8 54 40 00 8B C3 8B 0D E4 54 40 00 E8 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unnamed Scrambler 2.0 -> p0ke</text>
-      <pattern>
-        55 8B EC B9 0A 00 00 00 6A 00 6A 00 49 75 F9 53 56 57 B8 1C 2F 40 00 E8 C8 F1 FF FF 33 C0 55 68 FB 33 40 00 64 FF 30 64 89 20 BA 0C 34 40 00 B8 E4 54 40 00 E8 EF FE FF FF 8B D8 85 DB 75 07 6A 00 E8 5A F2 FF FF BA E8 54 40 00 8B C3 8B 0D E4 54 40 00 E8 74 E2 FF FF C7 05 20 6B 40 00 09 00 00 00 BB 98 69 40 00 C7 45 EC E8 54 40 00 C7 45 E8 31 57 40 00 C7 45 E4 43 60 40 00 BE D3 6A 40 00 BF E0 6A 40 00 83 7B 04 00 75 0B 83 3B 00 0F 86 AA 03 00 00 EB 06 0F 8E A2 03 00 00 8B 03 8B D0 B8 0C 6B 40 00 E8 C1 EE FF FF B8 0C 6B 40 00 E8 6F EE FF FF 8B D0 8B 45 EC 8B 0B E8 0B E2 FF FF 6A 00 6A 1E 6A 00 6A 2C A1 0C 6B 40 00 E8 25 ED FF FF 8D 55 E0 E8 15 FE FF FF 8B 55 E0 B9 10 6B 40 00 A1 0C 6B 40 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unnamed Scrambler 2.1(Beta) / 2.1.1 -> p0ke</text>
-      <pattern>
-        55 8B EC B9 15 00 00 00 6A 00 6A 00 49 75 F9 53 56 57 B8 xx 3A xx xx E8 xx EE FF FF 33 C0 55 68 xx 43 xx xx 64 FF 30 64 89 20 BA xx 43 xx xx B8 E4 64 xx xx E8 0F FD FF FF 8B D8 85 DB 75 07 6A 00 E8 xx EE FF FF BA E8 64 xx xx 8B C3 8B 0D E4 64 xx xx E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unnamed Scrambler 2.1(Beta) / 2.1.1 -> p0ke</text>
-      <pattern>
-        55 8B EC B9 15 00 00 00 6A 00 6A 00 49 75 F9 53 56 57 B8 xx 3A xx xx E8 xx EE FF FF 33 C0 55 68 xx 43 xx xx 64 FF 30 64 89 20 BA xx 43 xx xx B8 E4 64 xx xx E8 0F FD FF FF 8B D8 85 DB 75 07 6A 00 E8 xx EE FF FF BA E8 64 xx xx 8B C3 8B 0D E4 64 xx xx E8 xx D7 FF FF B8 F8 xx xx xx BA 04 00 00 00 E8 xx EF FF FF 33 C0 A3 F8 xx xx xx BB xx xx xx xx C7 45 EC E8 64 xx xx C7 45 E8 xx xx xx xx C7 45 E4 xx xx xx xx BE xx xx xx xx BF xx xx xx xx B8 E0 xx xx xx BA 04 00 00 00 E8 xx EF FF FF 68 F4 01 00 00 E8 xx EE FF FF 83 7B 04 00 75 0B 83 3B 00 0F 86 xx 07 00 00 EB 06 0F 8E xx 07 00 00 8B 03 8B D0 B8 E4 xx xx xx E8 xx E5 FF FF B8 E4 xx xx xx E8 xx E3 FF FF 8B D0 8B 45 EC 8B 0B E8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unnamed Scrambler 2.5.1(Beta 2) / 2.5.2 -> p0ke</text>
-      <pattern>
-        55 8B EC B9 xx 00 00 00 6A 00 6A 00 49 75 F9 53 56 57 B8 xx xx 40 00 E8 xx EA FF FF 33 C0 55 68 xx xx 40 00 64 FF 30 64 89 20 BA xx xx 40 00 B8 xx xx 40 00 E8 63 F3 FF FF 8B D8 85 DB 75 07 6A 00 E8 xx xx FF FF BA xx xx 40 00 8B C3 8B 0D xx xx 40 00 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unnamed Scrambler 2.5.1(Beta 2) / 2.5.2 -> p0ke</text>
-      <pattern>
-        55 8B EC B9 xx 00 00 00 6A 00 6A 00 49 75 F9 53 56 57 B8 xx xx 40 00 E8 xx EA FF FF 33 C0 55 68 xx xx 40 00 64 FF 30 64 89 20 BA xx xx 40 00 B8 xx xx 40 00 E8 63 F3 FF FF 8B D8 85 DB 75 07 6A 00 E8 xx xx FF FF BA xx xx 40 00 8B C3 8B 0D xx xx 40 00 E8 xx xx FF FF C7 05 xx xx 40 00 0A 00 00 00 BB xx xx 40 00 BE xx xx 40 00 BF xx xx 40 00 B8 xx xx 40 00 BA 04 00 00 00 E8 xx EB FF FF 83 3B 00 74 04 33 C0 89 03 8B D7 8B C6 E8 0A F3 FF FF 89 03 83 3B 00 0F 84 F7 04 00 00 B8 xx xx 40 00 8B 16 E8 xx E1 FF FF B8 xx xx 40 00 E8 xx E0 FF FF 8B D0 8B 03 8B 0E E8 xx xx FF FF 8B C7 A3 xx xx 40 00 8D 55 EC 33 C0 E8 xx D3 FF FF 8B 45 EC B9 xx xx 40 00 BA xx xx 40 00 E8 8B ED FF FF 3C 01 75 2B A1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unnamed Scrambler 2.5A -> p0ke</text>
-      <pattern>
-        55 8B EC B9 0B 00 00 00 6A 00 6A 00 49 75 F9 51 53 56 57 B8 6C 3E 40 00 E8 F7 EA FF FF 33 C0 55 68 60 44 40 00 64 FF 30 64 89 20 BA 70 44 40 00 B8 B8 6C 40 00 E8 62 F3 FF FF 8B D8 85 DB 75 07 6A 00 E8 A1 EB FF FF BA E8 64 40 00 8B C3 8B 0D B8 6C 40 00 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unnamed Scrambler 2.5A -> p0ke</text>
-      <pattern>
-        55 8B EC B9 0B 00 00 00 6A 00 6A 00 49 75 F9 51 53 56 57 B8 6C 3E 40 00 E8 F7 EA FF FF 33 C0 55 68 60 44 40 00 64 FF 30 64 89 20 BA 70 44 40 00 B8 B8 6C 40 00 E8 62 F3 FF FF 8B D8 85 DB 75 07 6A 00 E8 A1 EB FF FF BA E8 64 40 00 8B C3 8B 0D B8 6C 40 00 E8 37 D3 FF FF C7 05 BC 6C 40 00 0A 00 00 00 BB 68 6C 40 00 BE 90 6C 40 00 BF E8 64 40 00 B8 C0 6C 40 00 BA 04 00 00 00 E8 07 EC FF FF 83 3B 00 74 04 33 C0 89 03 8B D7 8B C6 E8 09 F3 FF FF 89 03 83 3B 00 0F 84 BB 04 00 00 B8 C0 6C 40 00 8B 16 E8 06 E2 FF FF B8 C0 6C 40 00 E8 24 E1 FF FF 8B D0 8B 03 8B 0E E8 D1 D2 FF FF 8B C7 A3 20 6E 40 00 8D 55 EC 33 C0 E8 0C D4 FF FF 8B 45 EC B9 1C 6E 40 00 BA 18 6E 40 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UnoPiX 0.75 -> BaGiE</text>
-      <pattern>
-        60 E8 07 00 00 00 61 68 xx xx 40 00 C3 83 04 24 18 C3 20 83 B8 ED 20 37 EF C6 B9 79 37 9E 61
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UnoPiX 1.03-1.10 -> BaGiE</text>
-      <pattern>
-        83 EC 04 C7 04 24 00 xx xx xx C3 00 xx xx 00 00 00 00 00 00 00 00 00 00 00 00 xx xx 00 10 00 00 00 02 00 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 xx xx 00 00 10 00 00 00 00 00 00 02 00 00 xx 00 00 xx 00 00 xx xx 00 00 00 10 00 00 10 00 00 00 00 00 00 10
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Unpacked BS-SFX Archive v1.9</text>
-      <pattern>
-        1E 33 C0 50 B8 xx xx 8E D8 FA 8E D0 BC xx xx FB B8 xx xx CD 21 3C 03 73
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPack 0.11</text>
-      <pattern>
-        BE 48 01 40 00 AD 8B F8 95 A5 33 C0 33 C9 AB 48 AB F7 D8 B1 04 F3 AB C1 E0 0A B5 1C F3 AB AD 50 97 51 AD 87 F5 58 8D 54 86 5C FF D5 72 5A 2C 03 73 02 B0 00 3C 07 72 02 2C 03 50 0F B6 5F FF C1 E3 03 B3 00 8D 1C 5B 8D 9C 9E 0C 10 00 00 B0 01 67 E3 29 8B D7
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack 0.12 beta -> Dwing</text>
-      <pattern>
-        BE 48 01 40 00 AD xx xx xx A5 xx C0 33 C9 xx xx xx xx xx xx xx F3 AB xx xx 0A xx xx xx xx AD 50 97 51 xx 87 F5 58 8D 54 86 5C xx D5 72 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx B6 5F FF C1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack 0.1x beta -> Dwing</text>
-      <pattern>
-        BE 48 01 40 00 AD 8B F8 95 A5 33 C0 33 C9 AB 48 AB F7 D8 B1 04 F3 AB C1 E0 0A B5 xx F3 AB AD 50 97 51 AD 87 F5 58 8D 54 86 5C FF D5 72 5A 2C 03 73 02 B0 00 3C 07 72 02 2C 03 50 0F B6 5F FF C1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack 0.20 beta -> Dwing</text>
-      <pattern>
-        BE 88 01 40 00 AD 8B F8 95 A5 33 C0 33 C9 AB 48 AB F7 D8 B1 04 F3 AB C1 E0 0A B5 xx F3 AB AD 50 97 51 58 8D 54 85 5C FF 16 72 5A 2C 03 73 02 B0 00 3C 07 72 02 2C 03 50 0F B6 5F FF C1 E3 xx B3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack 0.21 beta -> Dwing</text>
-      <pattern>
-        BE 88 01 40 00 AD 8B F8 6A 04 95 A5 33 C0 AB 48 AB F7 D8 59 F3 AB C1 E0 0A B5 xx F3 AB AD 50 97 51 58 8D 54 85 5C FF 16 72 5A 2C 03 73 02 B0 00 3C 07 72 02 2C 03 50 0F B6 5F FF C1 E3 xx B3 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack 0.22 - 0.23 beta -> Dwing</text>
-      <pattern>
-        6A 07 BE 88 01 40 00 AD 8B F8 59 95 F3 A5 AD B5 xx F3 AB AD 50 97 51 58 8D 54 85 5C FF 16 72 59 2C 03 73 02 B0 00 3C 07 72 02 2C 03 50 0F B6 5F FF C1 E3 xx B3 00 8D 1C 5B 8D 9C 9D 0C 10 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack 0.22 - 0.23 beta -> Dwing</text>
-      <pattern>
-        xx xx xx xx xx xx xx AD 8B F8 59 95 F3 A5 AD B5 xx F3 AB AD 50 97 51 58 8D 54 85 5C FF 16 72 xx 2C 03 73 02 B0 00 3C 07 72 02 2C 03 50 0F B6 5F FF C1 E3 xx B3 00 8D 1C 5B 8D 9C 9D 0C 10 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack 0.22 - 0.23 beta -> Dwing</text>
-      <pattern>
-        6A 07 BE 88 01 40 00 AD 8B F8 59 95 F3 A5 AD B5 xx F3 AB AD 50 97 51 58 8D 54
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack 0.24 beta -> Dwing</text>
-      <pattern>
-        BE 88 01 40 00 AD 8B F8 95 AD 91 F3 A5 AD B5 xx F3 AB AD 50 97 51 58 8D 54 85 5C FF 16 72 57 2C 03 73 02 B0 00 3C 07 72 02 2C 03 50 0F B6 5F FF C1 E3 xx B3 00 8D 1C 5B 8D 9C 9D 0C 10 00 00 B0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack 0.28 - 0.399 (relocated image base - Delphi, .NET, DLL or something else -> Dwing (h)</text>
-      <pattern>
-        60 E8 09 00 00 00 xx xx xx 00 E9 06 02 00 00 33 C9 5E 87 0E E3 F4 2B F1 8B DE AD 2B D8 AD 03 C3 50 97 AD 91 F3 A5 5E AD 56 91 01 1E AD E2 FB AD 8D 6E 10 01 5D 00 8D 7D 1C B5 xx F3 AB 5E AD 53 50 51 97 58 8D 54 85 5C FF 16 72 57 2C 03 73 02 B0 00 3C 07 72
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack 0.36 beta -> Dwing</text>
-      <pattern>
-        BE E0 11 xx xx FF 36 E9 C3 00 00 00 48 01 xx xx 0B 01 4B 45 52 4E 45 4C 33 32 2E 44 4C 4C
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack 0.37 beta -> Dwing</text>
-      <pattern>
-        BE B0 11 xx xx AD 50 FF 76 34 EB 7C 48 01 xx xx 0B 01 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 18 10 00 00 10 00 00 00 00 xx xx xx 00 00 xx xx 00 10 00 00 00 02 00 00 04 00 00 00 00 00 37 00 04 00 00 00 00 00 00 00 00 xx xx xx 00 02 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack 0.38 beta -> Dwing</text>
-      <pattern>
-        BE B0 11 xx xx AD 50 FF 76 34 EB 7C 48 01 xx xx 0B 01 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 18 10 00 00 10 00 00 00 00 xx xx xx 00 00 xx xx 00 10 00 00 00 02 00 00 04 00 00 00 00 00 38 00 04 00 00 00 00 00 00 00 00 xx xx xx 00 02 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack 0.399 -> Dwing</text>
-      <pattern>
-        BE B0 11 xx xx AD 50 FF 76 34 EB 7C 48 01 xx xx 0B 01 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 18 10 00 00 10 00 00 00 00 xx xx xx 00 00 xx xx 00 10 00 00 00 02 00 00 04 00 00 00 00 00 3A 00 04 00 00 00 00 00 00 00 00 xx xx xx 00 02 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPack Alt Stub -> Dwing</text>
-      <pattern>
-        60 E8 09 00 00 00 C3 F6 00 00 E9 06 02 00 00 33 C9 5E 87 0E E3 F4 2B F1 8B DE AD 2B D8 AD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.10 - v0.12Beta -> Sign by hot_UNP</text>
-      <pattern>
-        BE 48 01 xx xx xx xx xx 95 A5 33 C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack V0.10-V0.11 -> Dwing ! Sign by fly</text>
-      <pattern>
-        BE xx xx xx xx AD 8B F8 95 A5 33 C0 33 C9 AB 48 AB F7 D8 B1 xx F3 AB C1 E0 xx B5 xx F3 AB AD 50 97 51 AD 87 F5 58 8D 54 86 5C FF D5 72 5A 2C xx 73 xx B0 xx 3C xx 72 02 2C xx 50 0F B6 5F FF C1 E3 xx B3 xx 8D 1C 5B 8D xx xx xx xx xx xx B0 xx 67 E3 29 8B D7 2B 56 0C 8A 2A 33 D2 84 E9 0F 95 C6 52 FE C6 8A D0 8D 14 93 FF D5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack V0.10-V0.11 -> Dwing</text>
-      <pattern>
-        BE xx xx xx xx AD 8B F8 95 A5 33 C0 33 C9 AB 48 AB F7 D8 B1 xx F3 AB C1 E0 xx B5 xx F3 AB AD 50 97 51 AD 87 F5 58 8D 54 86 5C FF D5 72 5A 2C xx 73 xx B0 xx 3C xx 72 02 2C xx 50 0F B6 5F FF C1 E3 xx B3 xx 8D 1C 5B 8D xx xx xx xx xx xx B0 xx 67 E3 29 8B D7
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPack v0.11</text>
-      <pattern>
-        BE 48 01 40 00 AD 8B F8 95 A5 33 C0 33 C9 AB 48 AB F7 D8 B1 04 F3 AB C1 E0 0A B5 1C F3 AB AD 50 97 51 AD 87 F5 58 8D 54 86 5C FF D5 72 5A 2C 03 73 02 B0 00 3C 07 72 02 2C 03 50 0F B6 5F FF C1 E3 03 B3 00 8D 1C 5B 8D 9C 9E 0C 10 00 00 B0 01 67 E3 29 8B D7 2B 56 0C 8A 2A 33 D2 84 E9 0F 95 C6 52 FE C6 8A D0 8D 14 93 FF D5 5A 9F 12 C0 D0 E9 74 0E 9E 1A F2 74 E4 B4 00 33 C9 B5 01 FF 55 CC 33 C9 E9 DF 00 00 00 8B 5E 0C 83 C2 30 FF D5 73 50 83 C2 30 FF D5 72 1B 83 C2 30 FF D5 72 2B 3C 07 B0 09 72 02 B0 0B 50 8B C7 2B 46 0C B1 80 8A 00 EB CF 83 C2 60 FF D5 87 5E 10 73 0D 83 C2 30 FF D5 87 5E 14 73 03 87 5E 18 3C 07 B0 08 72 02 B0 0B 50 53 8D 96 7C 07 00 00 FF 55 D0 5B 91 EB 77 3C 07 B0 07 72 02 B0 0A 50 87 5E 10 87 5E 14 89 5E 18 8D 96 C4 0B 00 00 FF 55 D0 50 48
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.1x - v0.2x -> Dwing</text>
-      <pattern>
-        BE 88 01 xx xx AD 8B F8 95
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.21Beta -> Sign by hot_UNP</text>
-      <pattern>
-        BE 88 01 xx xx AD 8B F8 xx xx xx xx 33
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.22 ~ v0.23Beta -> Sign by hot_UNP</text>
-      <pattern>
-        6A 07 BE 88 01 40 00 AD 8B F8 59 95 F3 A5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.24 ~ v0.28alpha -> Sign by hot_UNP</text>
-      <pattern>
-        BE 88 01 40 00 AD xx xx 95 AD 91 F3 A5 AD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.29 beta -> Dwing</text>
-      <pattern>
-        E9 xx xx xx xx 42 79 44 77 69 6E 67 40 00 00 00 50 45 00 00 4C 01 02 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 29
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.29 Beta ~ v0.31 Beta -> Sign by hot_UNP</text>
-      <pattern>
-        BE 88 01 xx xx AD 8B F8 95 AD 91 F3 A5 AD B5 xx F3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.2Beta</text>
-      <pattern>
-        BE 88 01 xx xx AD 8B F8 95 A5 33 C0 33
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.30 beta -> Dwing</text>
-      <pattern>
-        E9 xx xx xx xx 42 79 44 77 69 6E 67 40 00 00 00 50 45 00 00 4C 01 02 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 30
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.31 beta -> Dwing</text>
-      <pattern>
-        E9 xx xx xx xx 42 79 44 77 69 6E 67 40 00 00 00 50 45 00 00 4C 01 02 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 31
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.32 Beta (Patch) -> Sign by hot_UNP</text>
-      <pattern>
-        BE 88 01 xx xx AD 50 xx AD 91 F3 A5
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.32 beta -> Dwing</text>
-      <pattern>
-        E9 xx xx xx xx 42 79 44 77 69 6E 67 40 00 00 00 50 45 00 00 4C 01 02 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 32
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.32 Beta -> Sign by hot_UNP</text>
-      <pattern>
-        BE 88 01 xx xx AD 50 xx xx AD 91 F3 A5
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.32 Beta -> Sign by hot_UNP</text>
-      <pattern>
-        BE 88 01 xx xx AD 50 xx AD 91 xx F3 A5
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.33 ~ v0.34 Beta -> Sign by hot_UNP</text>
-      <pattern>
-        xx xx xx xx 59 F3 A5 83 C8 FF 8B DF AB 40 AB 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.35 alpha -> Sign by hot_UNP</text>
-      <pattern>
-        8B F2 8B CA 03 4C 19 1C 03 54 1A 20
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack V0.36 -> Dwing</text>
-      <pattern>
-        0B 01 xx xx xx xx xx xx xx xx xx xx xx xx xx xx 18 10 00 00 10 00 00 00 xx xx xx xx xx xx xx xx 00 10 00 00 00 02 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack V0.36 -> Dwing</text>
-      <pattern>
-        BE xx xx xx xx FF 36 E9 C3 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.36 alpha -> Sign by hot_UNP</text>
-      <pattern>
-        AB E2 E5 5D 59 8B 76 68 51 59 46 AD 85 C0
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.37 beta -> Dwing</text>
-      <pattern>
-        BE B0 11 xx xx AD 50 FF 76 34 EB 7C 48 01 xx xx 0B 01 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 18 10 00 00 10 00 00 00 00 xx xx xx 00 00 xx xx 00 10 00 00 00 02 00 00 04 00 00 00 00 00 37 00 04 00 00 00 00 00 00 00 00 xx xx xx 00 02 00 00 00 00 00 00 xx 00 00 xx 00 00 xx 00 00 xx xx 00 00 00 10 00 00 10 00 00 00 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 EE xx xx xx 14 00 00 00 00 xx xx xx xx xx xx 00 FF 76 38 AD 50 8B 3E BE F0 xx xx xx 6A 27 59 F3 A5 FF 76 04 83 C8 FF 8B DF AB EB 1C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 xx xx xx xx xx 00 00 00 40 AB 40 B1 04 F3 AB C1 E0 0A B5 xx F3 AB 8B 7E 0C 57 51 E9 xx xx xx xx E3 B1 04 D3 E0 03 E8 8D 53 18 33 C0 55 40 51 D3 E0 8B EA 91 FF 56 4C 33 D2 59 D1 E8 13 D2 E2 FA 5D 03 EA 45 59 89 6B 08 56 8B F7 2B F5 F3 A4 AC 5E B1 80 AA 3B 7E 34 0F 82 8E FE FF FF 58 5F 59 E3 1B 8A 07 47 04 18 3C 02 73 F7 8B 07 3C xx 75 F1 B0 00 0F C8 03 46 38 2B C7 AB E2 E5 5E 5D 59 51 59 46 AD 85 C0 74 1F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.37 ~ v0.38 Beta (Strip base relocation table Option) -> Sign by hot_UNP</text>
-      <pattern>
-        53 18 33 C0 55 40 51 D3 E0 8B EA 91 FF 56 4C 33
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack V0.37-V0.39 -> Dwing</text>
-      <pattern>
-        BE xx xx xx xx AD 50 FF xx xx EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.38 beta -> Dwing</text>
-      <pattern>
-        BE B0 11 xx xx AD 50 FF 76 34 EB 7C 48 01 xx xx 0B 01 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 18 10 00 00 10 00 00 00 00 xx xx xx 00 00 xx xx 00 10 00 00 00 02 00 00 04 00 00 00 00 00 38 00 04 00 00 00 00 00 00 00 00 xx xx xx 00 02 00 00 00 00 00 00 xx 00 00 xx 00 00 xx 00 00 xx xx 00 00 00 10 00 00 10 00 00 00 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 EE xx xx xx 14 00 00 00 00 xx xx xx xx xx xx 00 FF 76 38 AD 50 8B 3E BE F0 xx xx xx 6A 27 59 F3 A5 FF 76 04 83 C8 FF 8B DF AB EB 1C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 xx xx xx xx xx 00 00 00 40 AB 40 B1 04 F3 AB C1 E0 0A B5 xx F3 AB 8B 7E 0C 57 51 E9 xx xx xx xx E3 B1 04 D3 E0 03 E8 8D 53 18 33 C0 55 40 51 D3 E0 8B EA 91 FF 56 4C 33 D2 59 D1 E8 13 D2 E2 FA 5D 03 EA 45 59 89 6B 08 56 8B F7 2B F5 F3 A4 AC 5E B1 80 AA 3B 7E 34 0F 82 97 FE FF FF 58 5F 59 E3 1B 8A 07 47 04 18 3C 02 73 F7 8B 07 3C xx 75 F1 B0 00 0F C8 03 46 38 2B C7 AB E2 E5 5E 5D 59 51 59 46 AD 85 C0 74 1F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.39 final -> Dwing (h)</text>
-      <pattern>
-        BE B0 11 xx xx AD 50 FF 76 34 EB 7C 48 01 xx xx 0B 01 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 18 10 00 00 10 00 00 00 00 xx xx xx 00 00 xx xx 00 10 00 00 00 02 00 00 04 00 00 00 00 00 39 00 04 00 00 00 00 00 00 00 00 xx xx xx 00 02 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.39 final -> Sign by hot_UNP</text>
-      <pattern>
-        56 10 E2 E3 B1 04 D3 E0 03 E8 8D 53 18 33 C0 55 40 51 D3 E0 8B EA 91
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.39 final -> Sign by hot_UNP</text>
-      <pattern>
-        FF 76 38 AD 50 8B 3E BE F0 xx xx xx 6A 27 59 F3 A5 FF 76 04 83 C8 FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.399 -> Dwing</text>
-      <pattern>
-        0B 01 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 18 10 00 00 10 00 00 00 00 xx xx 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 3A 00 04 00 00 00 00 00 00 00 00 xx xx 00 00 02 00 00 00 00 00 00 xx 00 00 00 00 00 10 00 00 xx 00 00 00 00 10 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.399 -> Dwing</text>
-      <pattern>
-        0B 01 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 18 10 00 00 10 00 00 00 00 xx xx 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 3A 00 04 00 00 00 00 00 00 00 00 xx xx 00 00 02 00 00 00 00 00 00 xx 00 00 00 00 00 10 00 00 xx 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 EE xx xx 00 14 00 00 00 00 xx xx 00 xx xx 00 00 FF 76 38 AD 50 8B 3E BE F0 xx xx 00 6A 27 59 F3 A5 FF 76 04 83 C8 FF 8B DF AB EB 1C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 xx xx xx 00 xx 00 00 00 40 AB 40 B1 04 F3 AB C1 E0 0A B5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack v0.399 -> Dwing</text>
-      <pattern>
-        BE B0 11 xx xx AD 50 FF 76 34 EB 7C 48 01 xx xx 0B 01 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 18 10 00 00 10 00 00 00 00 xx xx xx 00 00 xx xx 00 10 00 00 00 02 00 00 04 00 00 00 00 00 3A 00 04 00 00 00 00 00 00 00 00 xx xx xx 00 02 00 00 00 00 00 00 xx 00 00 xx 00 00 10 00 00 xx xx 00 00 00 10 00 00 10 00 00 00 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 EE xx xx xx 14 00 00 00 00 xx xx xx xx xx 00 00 FF 76 38 AD 50 8B 3E BE F0 xx xx xx 6A 27 59 F3 A5 FF 76 04 83 C8 FF 8B DF AB EB 1C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 xx xx xx xx xx 00 00 00 40 AB 40 B1 04 F3 AB C1 E0 0A B5 xx F3 AB 8B 7E 0C 57 51 E9 xx xx xx xx 56 10 E2 E3 B1 04 D3 E0 03 E8 8D 53 18 33 C0 55 40 51 D3 E0 8B EA 91 FF 56 4C 99 59 D1 E8 13 D2 E2 FA 5D 03 EA 45 59 89 6B 08 56 8B F7 2B F5 F3 A4 AC 5E B1 80 AA 3B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack V0.3X -> Dwing</text>
-      <pattern>
-        60 E8 09 00 00 00 xx xx xx xx xx xx xx xx xx 33 C9 5E 87 0E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack_Patch -> Sign by hot_UNP</text>
-      <pattern>
-        81 3A 00 00 00 02 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack_Patch -> Sign by hot_UNP</text>
-      <pattern>
-        2A A3 F2 54 CE
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack_Patch or any Version -> Sign by hot_UNP</text>
-      <pattern>
-        60 E8 09 00 00 00 xx xx xx 00 E9 06 02
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upack_Unknown (DLL xx?) -> Sign by hot_UNP</text>
-      <pattern>
-        60 E8 09 00 00 00 17 CD 00 00 E9 06 02
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPolyX 0.x -> Delikon</text>
-      <pattern>
-        81 FD 00 FB FF FF 83 D1 xx 8D 14 2F 83 FD FC 76 xx 8A 02 42 88 07 47 49 75
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPolyX V0.1 -> Delikon</text>
-      <pattern>
-        E2 xx FF xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPolyX v0.5</text>
-      <pattern>
-        83 EC 04 89 xx 24 59 xx xx 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPolyX v0.5</text>
-      <pattern>
-        BB 00 BD 46 00 83 EC 04 89 1C 24 xx B9 xx 00 00 00 80 33 xx xx xx xx xx xx 00 xx xx xx xx xx xx xx xx xx xx xx xx xx 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPolyX v0.5</text>
-      <pattern>
-        BB 00 BD 46 00 83 EC 04 89 1C 24 xx B9 xx 00 00 00 80 33 xx xx xx xx xx xx 00 xx xx xx xx xx xx xx xx xx xx xx xx xx 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX + ECLiPSE layer</text>
-      <pattern>
-        B8 xx xx xx xx B9 xx xx xx xx 33 D2 EB 01 0F 56 EB 01 0F E8 03 00 00 00 EB 01 0F EB 01 0F 5E EB 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX -> www.upx.sourceforge.net</text>
-      <pattern>
-        60 BE xx ?0 4? 00 8D BE xx xx F? FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX -> www.upx.sourceforge.net</text>
-      <pattern>
-        60 BE xx xx xx 00 8D BE xx xx xx FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX 0.50 - 0.70</text>
-      <pattern>
-        60 E8 00 00 00 00 58 83 E8 3D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX 0.72</text>
-      <pattern>
-        60 E8 00 00 00 00 83 CD FF 31 DB 5E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX 2.00-3.0X -> Markus Oberhumer, Laszlo Molnar, John Reiser</text>
-      <pattern>
-        5E 89 F7 B9 xx xx xx xx 8A 07 47 2C E8 3C 01 77 F7 80 3F xx 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4 29 F8 80 EB E8 01 F0 89 07 83 C7 05 88 D8 E2 D9 8D xx xx xx xx xx 8B 07 09 C0 74 3C 8B 5F 04 8D xx xx xx xx xx xx 01 F3 50 83 C7 08 FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX 2.00-3.0X -> Markus Oberhumer, Laszlo Molnar, John Reiser</text>
-      <pattern>
-        5E 89 F7 B9 xx xx xx xx 8A 07 47 2C E8 3C 01 77 F7 80 3F xx 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4 29 F8 80 EB E8 01 F0 89 07 83 C7 05 88 D8 E2 D9 8D xx xx xx xx xx 8B 07 09 C0 74 3C 8B 5F 04 8D xx xx xx xx xx xx 01 F3 50 83 C7 08 FF xx xx xx xx xx 95 8A 07 47 08 C0 74 DC 89 F9 57 48 F2 AE 55 FF xx xx xx xx xx 09 C0 74 07 89 03 83 C3 04 EB E1 FF xx xx xx xx xx 8B AE xx xx xx xx 8D BE 00 F0 FF FF BB 00 10 00 00 50 54 6A 04 53 57 FF D5 8D 87 xx xx xx xx 80 20 7F 80 60 28 7F 58 50 54 50 53 57 FF D5 58 61 8D 44 24 80 6A 00 39 C4 75 FA 83 EC 80 E9
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX 2.90 (LZMA)</text>
-      <pattern>
-        60 BE xx xx xx xx 8D BE xx xx xx xx 57 83 CD FF 89 E5 8D 9C 24 xx xx xx xx 31 C0 50 39 DC 75 FB 46 46 53 68 xx xx xx xx 57 83 C3 04 53 68 xx xx xx xx 56 83 C3 04 53 50 C7 03 xx xx xx xx 90 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX 2.90 (LZMA)</text>
-      <pattern>
-        60 BE xx xx xx xx 8D BE xx xx xx xx 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX 2.90 (LZMA)</text>
-      <pattern>
-        60 BE xx xx xx xx 8D BE xx xx xx xx C7 87 xx xx xx xx xx xx xx xx 57 83 CD FF 89 E5 8D 9C 24 xx xx xx xx 31 C0 50 39 DC 75 FB 46 46 53 68 xx xx xx xx 57 83 C3 04 53 68 xx xx xx xx 56 83 C3 04
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX 2.93 (LZMA)</text>
-      <pattern>
-        60 BE xx xx xx xx 8D BE xx xx xx xx 57 89 E5 8D 9C 24 xx xx xx xx 31 C0 50 39 DC 75 FB 46 46 53 68 xx xx xx xx 57 83 C3 04 53 68 xx xx xx xx 56 83 C3 04 53 50 C7 03 03 00 02 00 90 90 90 90 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX 3.02</text>
-      <pattern>
-        60 BE xx xx xx xx 8D BE xx xx xx xx 57 89 E5 8D 9C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        UPX com
-      </text>
-      <pattern>
-        B9 xx xx BE xx xx BF C0 FF FD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX Alternative stub</text>
-      <pattern>
-        01 DB 07 8B 1E 83 EE FC 11 DB ED B8 01 00 00 00 01 DB 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 0B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX Inliner 1.0 by GPcH</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D B8 B3 85 40 00 2D AC 85 40 00 2B E8 8D B5 D5 FE FF FF 8B 06 83 F8 00 74 11 8D B5 E1 FE FF FF 8B 06 83 F8 01 0F 84 F1 01 00 00 C7 06 01 00 00 00 8B D5 8B 85 B1 FE FF FF 2B D0 89 95 B1 FE FF FF 01 95 C9 FE FF FF 8D B5 E5 FE FF FF 01
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX Inliner v1.0 by GPcH</text>
-      <pattern>
-        9C 60 E8 00 00 00 00 5D B8 B3 85 40 00 2D AC 85 40 00 2B E8 8D B5 D5 FE FF FF 8B 06 83 F8 00 74 11 8D B5 E1 FE FF FF 8B 06 83 F8 01 0F 84 F1 01 00 00 C7 06 01 00 00 00 8B D5 8B 85 B1 FE FF FF 2B D0 89 95 B1 FE FF FF 01 95 C9 FE FF FF 8D B5 E5 FE FF FF 01 16 8B 36 8B FD 60 6A 40 68 00 10 00 00 68 00 10 00 00 6A 00 FF 95 05 FF FF FF 85 C0 0F 84 06 03 00 00 89 85 C5 FE FF FF E8 00 00 00 00 5B B9 31 89 40 00 81 E9 2E 86 40 00 03 D9 50 53 E8 3D 02 00 00 61 03 BD A9 FE FF FF 8B DF 83 3F 00 75 0A 83 C7 04 B9 00 00 00 00 EB 16 B9 01 00 00 00 03 3B 83 C3 04 83 3B 00 74 2D 01 13 8B 33 03 7B 04 57 51 52 53 FF B5 09 FF FF FF FF B5 05 FF FF FF 56 57 FF 95 C5 FE FF FF 5B 5A 59 5F 83 F9 00 74 05 83 C3 08 EB CE 68 00 80 00 00 6A 00 FF B5 C5 FE FF FF FF 95 09 FF FF FF 8D
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX Modified Stub b -> Farb-rausch Consumer Consulting</text>
-      <pattern>
-        60 BE xx xx xx xx 8D BE xx xx xx xx 57 83 CD FF FC B2 80 31 DB A4 B3 02 E8 6D 00 00 00 73 F6 31 C9 E8 64 00 00 00 73 1C 31 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00 10 C0 73 F7 75 3F AA EB D4 E8 4D 00 00 00 29 D9 75 10 E8 42 00 00 00 EB 28 AC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX Modified Stub b -> Farb-rausch Consumer Consulting</text>
-      <pattern>
-        60 BE xx xx xx xx 8D BE xx xx xx xx 57 83 CD FF FC B2 80 31 DB A4 B3 02 E8 6D 00 00 00 73 F6 31 C9 E8 64 00 00 00 73 1C 31 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00 10 C0 73 F7 75 3F AA EB D4 E8 4D 00 00 00 29 D9 75 10 E8 42 00 00 00 EB 28 AC D1 E8 74 4D 11 C9 EB 1C 91 48 C1 E0 08 AC E8 2C 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 89 E8 B3 01 56 89 FE 29 C6 F3 A4 5E EB 8E 00 D2 75 05 8A 16 46 10 D2 C3 31 C9 41 E8 EE FF FF FF 11 C9 E8 E7 FF FF FF 72 F2 C3 31 C0 31 DB 31 C9 5E 89 F7 B9 xx xx xx xx 8A 07 47 2C E8 3C 01 77 F7 80 3F xx 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4 29 F8 80 EB E8 01 F0 89 07 83 C7 05 89 D8 E2 D9 8D BE xx xx xx xx 8B 07 09 C0 74 45 8B 5F 04 8D 84 30 xx xx xx xx 01 F3 50 83 C7 08 FF 96 xx xx xx xx 95 8A 07 47 08 C0 74 DC 89 F9 79 07 0F B7 07 47 50 47 B9 57 48 F2 AE 55 FF 96 xx xx xx xx 09 C0 74 07 89 03 83 C3 04 EB D8 FF 96 xx xx xx xx 61 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX Modified Stub c -> Farb-rausch Consumer Consulting</text>
-      <pattern>
-        60 BE xx xx xx xx 8D BE xx xx xx xx 57 83 CD FF FC B2 80 E8 00 00 00 00 5B 83 C3 66 A4 FF D3 73 FB 31 C9 FF D3 73 14 31 C0 FF D3 73 1D 41 B0 10 FF D3 10 C0 73 FA 75 3C AA EB E2 E8 4A 00 00 00 49 E2 10 E8 40 00 00 00 EB 28 AC D1 E8 74 45 11 C9 EB 1C 91 48
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX Modified Stub c -> Farb-rausch Consumer Consulting</text>
-      <pattern>
-        60 BE xx xx xx xx 8D BE xx xx xx xx 57 83 CD FF FC B2 80 E8 00 00 00 00 5B 83 C3 66 A4 FF D3 73 FB 31 C9 FF D3 73 14 31 C0 FF D3 73 1D 41 B0 10 FF D3 10 C0 73 FA 75 3C AA EB E2 E8 4A 00 00 00 49 E2 10 E8 40 00 00 00 EB 28 AC D1 E8 74 45 11 C9 EB 1C 91 48 C1 E0 08 AC E8 2A 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 89 E8 56 89 FE 29 C6 F3 A4 5E EB 9F 00 D2 75 05 8A 16 46 10 D2 C3 31 C9 41 FF D3 11 C9 FF D3 72 F8 C3 31 C0 31 DB 31 C9 5E 89 F7 B9 xx xx xx xx 8A 07 47 2C E8 3C 01 77 F7 80 3F 0E 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4 29 F8 80 EB E8 01 F0 89 07 83 C7 05 89 D8 E2 D9 8D BE xx xx xx xx 8B 07 09 C0 74 45 8B 5F 04 8D 84 30 xx xx xx xx 01 F3 50 83 C7 08 FF 96 xx xx xx xx 95 8A 07 47 08 C0 74 DC 89 F9 79 07 0F B7 07 47 50 47 B9 57 48 F2 AE 55 FF 96 xx xx xx xx 09 C0 74 07 89 03 83 C3 04 EB D8 FF 96 xx xx xx xx 61 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX Modified stub</text>
-      <pattern>
-        79 07 0F B7 07 47 50 47 B9 57 48 F2 AE 55 FF 96 84 xx 00 00 09 C0 74 07 89 03 83 C3 04 EB D8 FF 96 88 xx 00 00 61 E9 xx xx xx FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX Modifier v0.1x</text>
-      <pattern>
-        50 BE xx xx xx xx 8D BE xx xx xx xx 57 83 CD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX Protector v1.0x (2)</text>
-      <pattern>
-        EB xx xx xx xx xx 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX Protector v1.0x</text>
-      <pattern>
-        EB EC xx xx xx xx 8A 06 46 88 07 47 01 DB 75 07
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX v0.51</text>
-      <pattern>
-        60 E8 00 00 00 00 58 83 E8 3D 50 8D B8 xx xx xx FF 57 8D B0 D8 01 xx xx 83 CD FF 31 DB xx xx xx xx 01 DB 75 07 8B 1E 83 EE FC 11 DB 73 0B 8A 06 46 88 07 47 EB EB 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX v0.60 - v0.61</text>
-      <pattern>
-        60 E8 00 00 00 00 58 83 E8 3D 50 8D B8 xx xx xx FF 57 8D B0 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        UPX v0.62 DLL
-      </text>
-      <pattern>
-        80 7C 24 08 01 0F 85 95 01 00 00 60 E8 00 00 00 00 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX v0.62</text>
-      <pattern>
-        60 E8 00 00 00 00 58 83 E8 3D 50 8D B8 xx xx xx FF 57 66 81 87 xx xx xx xx xx xx 8D B0 F0 01 xx xx 83 CD FF 31 DB 90 90 90 EB 08 90 90 8A 06 46 88 07 47 01 DB 75 07
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX v0.62</text>
-      <pattern>
-        60 E8 xx xx xx xx 58 83 xx xx 50 8D xx xx xx xx xx 57 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 83 xx xx 31 DB xx xx xx EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX v0.70</text>
-      <pattern>
-        60 E8 00 00 00 00 58 83 E8 3D 50 8D B8 xx xx xx FF 57 66 81 87 xx xx xx xx xx xx 8D B0 EC 01 xx xx 83 CD FF 31 DB EB 07 90 8A 06 46 88 07 47 01 DB 75 07
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX v0.70</text>
-      <pattern>
-        60 E8 xx xx xx xx 58 83 xx xx 50 8D xx xx xx xx xx 57 66 xx xx xx xx xx xx xx xx 8D xx xx xx xx xx 83 xx xx 31 DB EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX v0.70</text>
-      <pattern>
-        8C CB B9 xx xx BE xx xx 89 F7 1E A9 xx xx 8D xx xx xx 8E D8 05 xx xx 8E C0 FD F3 A5 FC 2E xx xx xx xx 73
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX v0.71 - v0.72</text>
-      <pattern>
-        60 E8 00 00 00 00 83 CD FF 31 DB 5E 8D BE FA xx xx FF 57 66 81 87 xx xx xx xx xx xx 81 C6 B3 01 xx xx EB 0A xx xx xx xx 8A 06 46 88 07 47 01 DB 75 07
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        UPX v0.71 DLL
-      </text>
-      <pattern>
-        80 7C 24 08 01 0F 85 95 01 00 00 60 E8 00 00 00 00 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX v0.72</text>
-      <pattern>
-        60 E8 xx xx xx xx 83 xx xx 31 DB 5E 8D xx xx xx xx xx 57 66 xx xx xx xx xx xx xx xx 81 xx xx xx xx xx EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        UPX v0.76.1 dos exe
-      </text>
-      <pattern>
-        B9 xx xx BE xx xx 89 F7 1E A9 xx xx 8C C8 05 xx xx 8E D8 05 xx xx 8E C0 FD F3 A5 FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        UPX v0.76.1 pe exe
-      </text>
-      <pattern>
-        60 BE xx xx xx xx 8D xx xx xx xx xx 66 xx xx xx xx xx xx 57 83 xx xx 31 DB EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX v0.81 - v0.84 Modified</text>
-      <pattern>
-        01 DB xx 07 8B 1E 83 EE FC 11 DB xx ED B8 01 00 00 00 01 DB xx 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 77 EF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX v0.89.6 - v1.02 / v1.05 - v1.22 DLL</text>
-      <pattern>
-        80 7C 24 08 01 0F 85 xx xx xx 00 60 BE xx xx xx xx 8D BE xx xx xx xx 57 83 CD FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX v0.89.6 - v1.02 / v1.05 - v1.22 Modified</text>
-      <pattern>
-        01 DB xx 07 8B 1E 83 EE FC 11 DB xx ED B8 01 00 00 00 01 DB xx 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 xx 75
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX v0.89.6 - v1.02 / v1.05 - v1.22</text>
-      <pattern>
-        80 7C 24 08 01 0F 85 xx xx xx 00 60 BE xx xx xx xx 8D BE xx xx xx xx 57 83 CD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub</text>
-      <pattern>
-        60 BE xx xx xx xx 8D BE xx xx xx xx C7 87 xx xx xx xx xx xx xx xx 57 83 CD FF EB 0E xx xx xx xx 8A 06 46 88 07 47 01 DB 75 07 8B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX v0.89.6 - v1.02 / v1.05 -v1.24 -> Markus + Laszlo</text>
-      <pattern>
-        60 BE xx xx xx xx 8D BE xx xx xx xx 57 EB 0B 90 8A 06 46 88 07 47 01 DB 75 xx 8B 1E 83 xx xx 11 DB 72 xx B8 01 00 00 00 01 DB 75
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX v1.03 - v1.04 Modified</text>
-      <pattern>
-        01 DB xx 07 8B 1E 83 EE FC 11 DB 8A 07 xx EB B8 01 00 00 00 01 DB xx 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upx v1.2 -> Marcus + Lazlo</text>
-      <pattern>
-        60 BE xx xx xx xx 8D BE xx xx xx xx 57 83 CD FF EB 05 A4 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 F2 31 C0 40 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 75 07 8B 1E 83 EE FC 11 DB 73 E6 31 C9 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX V1.94 -> Markus Oberhumer + Laszlo Molnar + John Reiser</text>
-      <pattern>
-        FF D5 80 A7 xx xx xx xx xx 58 50 54 50 53 57 FF D5 58 61 8D 44 24 xx 6A 00 39 C4 75 FA 83 EC 80 E9
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX v2.0 -> Markus, Laszlo + Reiser (h)</text>
-      <pattern>
-        55 FF 96 xx xx xx xx 09 C0 74 07 89 03 83 C3 04 EB xx FF 96 xx xx xx xx 8B AE xx xx xx xx 8D BE 00 F0 FF FF BB 00 10 00 00 50 54 6A 04 53 57 FF D5 8D 87 xx xx 00 00 80 20 7F 80 60 28 7F 58 50 54 50 53 57 FF D5 58 61 8D 44 24 80 6A 00 39 C4 75 FA 83 EC 80
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX v2.0 -> Markus, Laszlo + Reiser (h)</text>
-      <pattern>
-        55 FF 96 xx xx xx xx 09 C0 74 07 89 03 83 C3 04 EB xx FF 96 xx xx xx xx 8B AE xx xx xx xx 8D BE 00 F0 FF FF BB 00 10 00 00 50 54 6A 04 53 57 FF D5 8D 87 xx xx 00 00 80 20 7F 80 60 28 7F 58 50 54 50 53 57 FF D5 58 61 8D 44 24 80 6A 00 39 C4 75 FA 83 EC 80 E9
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX V2.00-V2.90 -> Markus Oberhumer + Laszlo Molnar + John Reiser</text>
-      <pattern>
-        FF D5 8D 87 xx xx xx xx 80 20 xx 80 60 xx xx 58 50 54 50 53 57 FF D5 58 61 8D 44 24 xx 6A 00 39 C4 75 FA 83 EC 80 E9
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX v3.0 (DLL_LZMA) -> Markus Oberhumer + Laszlo Molnar + John Reiser</text>
-      <pattern>
-        80 7C 24 08 01 0F 85 C7 0B 00 00 60 BE 00 xx xx xx 8D BE 00 xx xx FF 57 89 E5 8D 9C 24 80 C1 FF FF 31 C0 50 39 DC 75 FB 46 46 53 68 xx xx xx 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX v3.0 (EXE_LZMA) -> Markus Oberhumer + Laszlo Molnar + John Reiser</text>
-      <pattern>
-        60 BE xx xx xx xx 8D BE xx xx xx FF 57 89 E5 8D 9C 24 80 C1 FF FF 31 C0 50 39 DC 75 FB 46 46 53 68 xx xx xx 00 57 83 C3 04 53 68 xx xx xx 00 56
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX$HiT 0.0.1 -> sibaway7@yahoo.com</text>
-      <pattern>
-        E2 FA 94 FF E0 61 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX$HiT v0.0.1</text>
-      <pattern>
-        94 BC xx xx xx 00 B9 xx 00 00 00 80 34 0C xx E2 FA 94 FF E0 61
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Upx-Lock 1.0 - 1.2 -> CyberDoom / Team-X + BoB / BobSoft</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 48 12 40 00 60 E8 2B 03 00 00 61
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX-SCRAMBLER 3.06</text>
-      <pattern>
-        E8 00 00 00 00 59 83 C1 07 51 C3 C3 BE xx xx xx xx 83 EC 04 89 34 24 B9 80 00 00 00 81 36 xx xx xx xx 50 B8 04 00 00 00 50 03 34 24 58 58 83 E9 03 E2 E9 EB D6
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX-Scrambler by Guru.eXe</text>
-      <pattern>
-        66 C7 05 xx xx xx xx 75 07 E9 xx FE FF FF 00 xx xx 00 00 00 xx xx 00 xx xx 00 00 00 xx xx 00 xx xx 00 00 00 xx xx 00 xx xx 00 00 00 xx xx 00 xx xx 00 00 00 xx xx 00 xx xx 00 00 00 xx xx 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX-Scrambler RC v1.x</text>
-      <pattern>
-        90 61 BE xx xx xx xx 8D BE xx xx xx xx 57 83 CD FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX-Shit 0.1 -> 500mhz</text>
-      <pattern>
-        E8 00 00 00 00 5E 83 C6 14 AD 89 C7 AD 89 C1 AD 30 07 47 E2 FB AD FF E0 C3 00 xx xx 00 xx xx xx 00 xx xx xx 01 xx xx xx 00 55 50 58 2D 53 68 69 74 20 76 30 2E 31 20 2D 20 77 77 77 2E 62 6C 61 63 6B 6C 6F 67 69 63 2E 6E 65 74 20 2D 20 63 6F 64 65 20 62 79
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX-Shit 0.1 -> 500mhz</text>
-      <pattern>
-        E8 00 00 00 00 5E 83 C6 14 AD 89 C7 AD 89 C1 AD 30 07 47 E2 FB AD FF E0 C3 00 xx xx 00 xx xx xx 00 xx xx xx xx xx xx xx 00 55 50 58 2D 53 68 69 74 20 76 30 2E 31 20 2D 20 77 77 77 2E 62 6C 61 63 6B 6C 6F 67 69 63 2E 6E 65 74 20 2D 20 63 6F 64 65 20 62 79
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX-Shit v0.1 -> 500mhz</text>
-      <pattern>
-        E8 00 00 00 00 5E 83 C6 14 AD 89 C7 AD 89 C1 AD 30 07 47 E2 FB AD FF E0 C3 00 xx xx 00 xx xx xx 00 xx xx xx 01 xx xx xx 00 55 50 58 2D 53 68 69 74 20 76 30 2E 31 20 2D 20 77 77 77 2E 62 6C 61 63 6B 6C 6F 67 69 63 2E 6E 65 74 20 2D 20 63 6F 64 65 20 62 79 20 5B 35 30 30 6D 68 7A 5D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX-Shit v0.1 -> 500mhz</text>
-      <pattern>
-        E8 00 00 00 00 5E 83 C6 14 AD 89 C7 AD 89 C1 AD 30 07 47 E2 FB AD FF E0 C3 00 xx xx 00 xx xx xx 00 xx xx xx <SPAN STYLE="FONT-WEIGHT: BOLD" bl="0">01</SPAN> xx xx xx 00 55 50 58 2D 53 68 69 74 20 76 30 2E 31 20 2D 20 77 77 77 2E 62 6C 61 63 6B 6C 6F 67 69 63 2E 6E 65 74 20 2D 20 63 6F 64 65 20 62 79 20 5B 35 30 30 6D 68 7A 5D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX-Shit v0.1 -> 500mhz</text>
-      <pattern>
-        E8 00 00 00 00 5E 83 C6 14 AD 89 C7 AD 89 C1 AD 30 07 47 E2 FB AD FF E0 C3 00 xx xx 00 xx xx xx 00 xx xx xx xx xx xx xx 00 55 50 58 2D 53 68 69 74 20 76 30 2E 31 20 2D 20 77 77 77 2E 62 6C 61 63 6B 6C 6F 67 69 63 2E 6E 65 74 20 2D 20 63 6F 64 65 20 62 79 20 5B 35 30 30 6D 68 7A 5D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPX-Shit v0.1 -> 500mhz</text>
-      <pattern>
-        E8 xx xx xx xx 5E 83 C6 xx AD 89 C7 AD 89 C1 AD 30 07 47 E2 xx AD FF E0 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPXcrypter -> archphase/NWC</text>
-      <pattern>
-        BF xx xx xx 00 81 FF xx xx xx 00 74 10 81 2F xx 00 00 00 83 C7 04 BB 05 xx xx 00 FF E3 BE xx xx xx 00 FF E6 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPXFreak 0.1 (Borland Delphi) -> HMX0101</text>
-      <pattern>
-        BE xx xx xx xx 83 C6 01 FF E6 00 00 00 xx xx xx 00 03 00 00 00 xx xx xx xx 00 10 00 00 00 00 xx xx xx xx 00 00 xx F6 xx 00 B2 4F 45 00 xx F9 xx 00 EF 4F 45 00 xx F6 xx 00 8C D1 42 00 xx 56 xx 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 xx 24 xx 00 xx xx xx 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPXFreak v0.1 (Borland Delphi) -> HMX0101</text>
-      <pattern>
-        BE xx xx xx xx 83 C6 01 FF E6 00 00 00 xx xx xx 00 03 00 00 00 xx xx xx xx 00 10 00 00 00 00 xx xx xx xx 00 00 xx F6 xx 00 B2 4F 45 00 xx F9 xx 00 EF 4F 45 00 xx F6 xx 00 8C D1 42 00 xx 56 xx 00 xx xx xx 00 xx xx xx 00 xx xx xx 00 xx 24 xx 00 xx xx xx 00 34 50 45 00 xx xx xx 00 FF FF 00 00 xx 24 xx 00 xx 24 xx 00 xx xx xx 00 40 00 00 C0 00 00 xx xx xx xx 00 00 xx 00 00 00 xx 1E xx 00 xx F7 xx 00 A6 4E 43 00 xx 56 xx 00 AD D1 42 00 xx F7 xx 00 A1 D2 42 00 xx 56 xx 00 0B 4D 43 00 xx F7 xx 00 xx F7 xx 00 xx 56 xx 00 xx xx xx xx xx 00 00 00 xx xx xx xx xx xx xx 77 xx xx xx 00 xx xx xx 00 xx xx xx 77 xx xx 00 00 xx xx xx 00 xx xx xx xx xx xx 00 00 xx xx xx 00 xx xx xx xx xx xx xx xx xx xx xx 00 xx xx xx xx 00 00 00 00 xx xx xx 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPXFreak V0.1 -> HMX0101</text>
-      <pattern>
-        BE xx xx xx xx 83 C6 01 FF E6 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPXLock v1.0 -> CyberDoom</text>
-      <pattern>
-        60 E8 xx xx xx xx 5D 81 ED xx xx xx xx 60 E8 2B 03 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPXLock v1.1 -> CyberDoom + Bob</text>
-      <pattern>
-        60 E8 xx xx xx xx 5D 81 ED xx xx xx 00 60
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>UPXShit 0.06</text>
-      <pattern>
-        B8 xx xx 43 00 B9 15 00 00 00 80 34 08 xx E2 FA E9 D6 FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>USERNAME v3.00</text>
-      <pattern>
-        FB 2E xx xx xx xx 2E xx xx xx xx 2E xx xx xx xx 2E xx xx xx xx 8C C8 2B C1 8B C8 2E xx xx xx xx 2E xx xx xx xx 33 C0 8E D8 06 0E 07 FC 33 F6
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>USSR 0.31 - by Spirit</text>
-      <pattern>
-        E8 00 00 00 00 5D 83 C5 12 55 C3 20 83 B8 ED 20 37 EF C6 B9 79 37 9E 8C C9 30 C9 E3 01 C3 BE 32 xx xx xx B0 xx 30 06 8A 06 46 81 FE 00 xx xx xx 7C F3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>USSR V0.31 -> SpiritST ! Sign by fly</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 55 53 53 52 00 00 00 00 10 00 00 xx xx xx xx 00 10 00 00 xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>USSR V0.31 -> SpiritST</text>
-      <pattern>
-        00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 2E 55 53 53 52 00 00 00 00 10 00 00 xx xx xx xx 00 10 00 00 xx xx xx xx 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Utah RLE Graphics format</text>
-      <pattern>
-        52 CC 00 00 00 00 xx xx xx xx 09 xx 08 xx 08
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>v.02Packer -> tt.t</text>
-      <pattern>
-        60 E8 36 FE FF FF C3 90 xx 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VBOX v4.2 MTE</text>
-      <pattern>
-        8C E0 0B C5 8C E0 0B C4 03 C5 74 00 74 00 8B C5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VBOX v4.3 - v4.6</text>
-      <pattern>
-        8B C4 8B C4 8B C4 8B C4 8B C4 8B C4 8B C4 8B C4 8B C4 8B C4 8B C4 8B C4 8B C4 8B C4 8B C4 8B C4
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VBOX v4.3 - v4.6</text>
-      <pattern>
-        8B C5 8B C5 8B C5 8B C5 8B C5 8B C5 8B C5 8B C5 8B C5 8B C5 8B C5 8B C5 8B C5 8B C5 8B C5 8B C5
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VBOX v4.3 - v4.6</text>
-      <pattern>
-        xx xx xx xx 90 03 C4 33 C4 33 C5 2B C5 33 C5 8B C5 xx xx 2B C5 48 xx xx 0B C0 86 E0 8C E0 xx xx 8C E0 86 E0 03 C4 40
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VBOX v4.3 MTE</text>
-      <pattern>
-        0B C0 0B C0 0B C0 0B C0 0B C0 0B C0 0B C0 0B C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VcAsm Protector -> VcAsm</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx xx 68 xx xx xx xx 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VcAsm Protector V1.0X -> VcAsm</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx xx 68 xx xx xx xx 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 E8 03 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vcasm Protector V1.X -> vcasm</text>
-      <pattern>
-        EB xx 5B 56 50 72 6F 74 65 63 74 5D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vcasm-Protector 1.0</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx 00 68 xx xx xx 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50 C3 FF 35 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50 C3 FF 35 E8 07 00 00 00 C7 83 83 C0 13 EB 0B 58 EB 02 CD 20 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vcasm-Protector 1.0</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx 00 68 xx xx xx 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50 C3 FF 35 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50 C3 FF 35 E8 07 00 00 00 C7 83 83 C0 13 EB 0B 58 EB 02 CD 20 83 C0 02 EB 01 E9 50 C3 E8 B9 04 00 00 00 E8 1F 00 00 00 EB FA E8 16 00 00 00 E9 EB F8 00 00 58 EB 09 0F 25 E8 F2 FF FF FF 0F B9 49 75 F1 EB 05 EB F9 EB F0 D6 EB 01 0F 31 F0 EB 0C 33 C8 EB 03 EB 09 0F 59 74 05 75 F8 51 EB F1 E8 16 00 00 00 8B 5C 24 0C 8B A3 C4 00 00 00 64 8F 05 00 00 00 00 83 C4 04 EB 14 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C9 99 F7 F1 E9 E8 05 00 00 00 0F 01 EB 05 E8 EB FB 00 00 83 C4 04 B9 04 00 00 00 E8 1F 00 00 00 EB FA E8 16 00 00 00 E9 EB F8 00 00 58 EB 09 0F 25 E8 F2 FF FF FF 0F B9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vcasm-Protector 1.0a - 1.0d -> vcasm</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx 00 68 xx xx xx 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 E8 03 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vcasm-Protector 1.0e -> vcasm</text>
-      <pattern>
-        EB 0A 5B 56 50 72 6F 74 65 63 74 5D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vcasm-Protector 1.1 - 1.2 -> vcasm</text>
-      <pattern>
-        EB 0B 5B 56 50 72 6F 74 65 63 74 5D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>vfp V5.00 -> Wang JianGuo</text>
-      <pattern>
-        60 E8 00 00 00 00 5D xx xx xx xx xx xx xx xx xx xx xx xx 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 CC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>vfp v6.00 -> Wang JianGuo</text>
-      <pattern>
-        60 E8 01 00 00 00 63 58 E8 01 00 00 00 7A 58 2D 0D 10 40 00 8D 90 C1 10 40 00 52 50 8D 80 49 10 40 00 5D 50 8D 85 65 10 40 00 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 CC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Video-CD file</text>
-      <pattern>
-        52 49 46 46 xx xx xx xx 43 44 58 41 66 6D 74
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Video-Lan-Client -> (UnknownCompiler)</text>
-      <pattern>
-        55 89 E5 83 EC 08 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx FF FF xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 00 xx xx xx xx xx xx xx 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Video-Lan-Client</text>
-      <pattern>
-        55 89 E5 83 EC 08 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Virogen Crypt v0.75</text>
-      <pattern>
-        9C 55 E8 EC 00 00 00 87 D5 5D 60 87 D5 80 BD 15 27 40 00 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Virogen`s PE Shrinker v0.14</text>
-      <pattern>
-        9C 55 E8 xx xx xx xx 87 D5 5D 60 87 D5 8D xx xx xx xx xx 8D xx xx xx xx xx 57 56 AD 0B C0 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VIRUS - I-Worm.Bagle</text>
-      <pattern>
-        6A 00 E8 95 01 00 00 E8 9F E6 FF FF 83 3D 03 50 40 00 00 75 14 68 C8 AF 00 00 E8 01 E1 FF FF 05 88 13 00 00 A3 03 50 40 00 68 5C 57 40 00 68 F6 30 40 00 FF 35 03 50 40 00 E8 B0 EA FF FF E8 3A FC FF FF 83 3D 54 57 40 00 00 74 05 E8 F3 FA FF FF 68 E8 03 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VIRUS - I-Worm.Bagle</text>
-      <pattern>
-        6A 00 E8 95 01 00 00 E8 9F E6 FF FF 83 3D 03 50 40 00 00 75 14 68 C8 AF 00 00 E8 01 E1 FF FF 05 88 13 00 00 A3 03 50 40 00 68 5C 57 40 00 68 F6 30 40 00 FF 35 03 50 40 00 E8 B0 EA FF FF E8 3A FC FF FF 83 3D 54 57 40 00 00 74 05 E8 F3 FA FF FF 68 E8 03 00 00 E8 B1 00 00 00 EB F4 CC FF 25 A4 40 40 00 FF 25 B8 40 40 00 FF 25 B4 40 40 00 FF 25 B0 40 40 00 FF 25 AC 40 40 00 FF 25 9C 40 40 00 FF 25 A0 40 40 00 FF 25 A8 40 40 00 FF 25 24 40 40 00 FF 25 28 40 40 00 FF 25 2C 40 40 00 FF 25 30 40 40 00 FF 25 34 40 40 00 FF 25 38 40 40 00 FF 25 3C 40 40 00 FF 25 40 40 40 00 FF 25 44 40 40 00 FF 25 48 40 40 00 FF 25 4C 40 40 00 FF 25 50 40 40 00 FF 25 54 40 40 00 FF 25 58 40 40 00 FF 25 5C 40 40 00 FF 25 60 40 40 00 FF 25 BC 40 40 00 FF 25 64 40 40 00 FF 25 68 40 40
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VIRUS - I-Worm.Hybris</text>
-      <pattern>
-        EB 16 A8 54 xx xx 47 41 42 4C 4B 43 47 43 xx xx xx xx xx xx 52 49 53 xx FC 68 4C 70 40 xx FF 15
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VIRUS - I-Worm.KLEZ</text>
-      <pattern>
-        55 8B EC 6A FF 68 40 D2 40 xx 68 04 AC 40 xx 64 A1 xx xx xx xx 50 64 89 25 xx xx xx xx 83 EC 58 53 56 57 89 65 E8 FF 15 BC D0
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VisualUPX 0.2 -> emadicius</text>
-      <pattern>
-        66 C7 05 xx xx xx 00 75 07 E9 xx FE FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect 0.7x - 0.8 -> PolyTech</text>
-      <pattern>
-        5B 20 56 4D 50 72 6F 74 65 63 74 20 76 20 30 2E 38 20 28 43 29 20 50 6F 6C 79 54 65 63 68 20 5D
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect 0.x -> PolyTech</text>
-      <pattern>
-        5B 20 56 4D 50 72 6F 74 65 63 74 20
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 --> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 --> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 0F B7 06
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 --> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 06
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 --> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 --> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 --> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 --> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 46 66 8B 04 07 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 46 66 8B 55 00 83 C5 02 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 46 66 8B 55 00 83 C5 02 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 46 66 98 98 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 46 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 46 8A 04 07 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 04 07 46 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 04 07 83 C6 01 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 04 07 83 ED 02 46 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 04 07 83 ED 02 66 89 45 00 46 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 04 07 83 ED 02 66 89 45 00 83 C6 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 04 07 83 ED 02 66 89 45 00 83 EE FF E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 04 07 83 ED 02 66 89 45 00 8D 76 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 04 07 83 ED 02 83 C6 01 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 04 07 83 ED 02 83 EE FF 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 04 07 83 ED 02 8D 76 01 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 04 07 83 EE FF 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 04 07 8D 76 01 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 46 83 C5 02 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 46 83 C5 02 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 83 C5 02 46 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 83 C5 02 46 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 83 C5 02 66 89 14 07 46 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 83 C5 02 66 89 14 07 83 C6 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 83 C5 02 66 89 14 07 83 EE FF E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 83 C5 02 66 89 14 07 8D 76 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 83 C5 02 83 C6 01 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 83 C5 02 83 C6 01 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 83 C5 02 83 EE FF 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 83 C5 02 83 EE FF 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 83 C5 02 88 14 07 46 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 83 C5 02 88 14 07 83 C6 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 83 C5 02 88 14 07 83 EE FF E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 83 C5 02 88 14 07 8D 76 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 83 C5 02 8D 76 01 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 83 C5 02 8D 76 01 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 83 C6 01 83 C5 02 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 83 C6 01 83 C5 02 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 83 EE FF 83 C5 02 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 83 EE FF 83 C5 02 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 8D 76 01 83 C5 02 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 8B 55 00 8D 76 01 83 C5 02 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 98 46 98 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 98 83 C6 01 98 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 98 83 EE FF 98 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 98 8D 76 01 98 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 98 98 46 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 98 98 83 C6 01 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 98 98 83 ED 04 46 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 98 98 83 ED 04 83 C6 01 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 98 98 83 ED 04 83 EE FF 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 98 98 83 ED 04 89 45 00 46 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 98 98 83 ED 04 89 45 00 83 C6 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 98 98 83 ED 04 89 45 00 83 EE FF E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 98 98 83 ED 04 89 45 00 8D 76 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 98 98 83 ED 04 8D 76 01 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 98 98 83 EE FF 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 66 98 98 8D 76 01 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 83 C6 01 66 8B 04 07 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 83 C6 01 66 8B 55 00 83 C5 02 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 83 C6 01 66 8B 55 00 83 C5 02 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 83 C6 01 66 98 98 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 83 C6 01 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 83 C6 01 8A 04 07 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 83 ED 02 46 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 83 ED 02 66 89 45 00 46 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 83 ED 02 66 89 45 00 83 C6 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 83 ED 02 66 89 45 00 83 EE FF E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 83 ED 02 66 89 45 00 8D 76 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 83 ED 02 83 C6 01 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 83 ED 02 83 EE FF 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 83 ED 02 8D 76 01 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 83 EE FF 66 8B 04 07 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 83 EE FF 66 8B 55 00 83 C5 02 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 83 EE FF 66 8B 55 00 83 C5 02 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 83 EE FF 66 98 98 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 83 EE FF 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 83 EE FF 8A 04 07 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 8A 04 07 46 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 8A 04 07 83 C6 01 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 8A 04 07 83 ED 02 46 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 8A 04 07 83 ED 02 66 89 45 00 46 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 8A 04 07 83 ED 02 66 89 45 00 83 C6 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 8A 04 07 83 ED 02 66 89 45 00 83 EE FF E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 8A 04 07 83 ED 02 66 89 45 00 8D 76 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 8A 04 07 83 ED 02 83 C6 01 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 8A 04 07 83 ED 02 83 EE FF 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 8A 04 07 83 ED 02 8D 76 01 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 8A 04 07 83 EE FF 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 8A 04 07 8D 76 01 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 8D 76 01 66 8B 04 07 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 8D 76 01 66 8B 55 00 83 C5 02 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 8D 76 01 66 8B 55 00 83 C5 02 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 8D 76 01 66 98 98 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 8D 76 01 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 0F B6 06 8D 76 01 8A 04 07 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 50 57 9C 55 52 56 51 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 C6 01 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 50 9C 53 55 57 52 51 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 66 8B 06 98 83 ED 04 89 45 00 83 C6 02 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 51 52 53 9C 56 57 56 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 75 00 83 C5 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 51 52 54 53 56 57 55 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 51 52 57 56 55 53 9C 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 51 52 9C 50 53 57 55 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 8B 75 00 83 C5 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 51 53 52 55 9C 52 57 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 51 53 54 57 56 52 55 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 51 53 9C 52 56 55 57 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 FF 24 85 xx xx xx xx 8B 06 83 ED 04 89 45 00 83 EE FC E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 51 55 53 56 51 57 52 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 51 55 9C 57 57 56 52 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 51 56 53 53 9C 52 55 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 51 56 53 55 57 52 9C 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 8D 76 01 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 EC 59 5D 9D 5A 5F 5D 5B 5E 59 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 51 56 55 52 9C 57 53 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF FF 24 85 xx xx xx xx 66 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 51 56 9C 53 57 55 52 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 8B 55 04 83 C5 08 89 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 52 51 53 9C 55 56 53 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF FF 24 85 xx xx xx xx 8B 45 00 8B 55 04 83 C5 08 89 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 52 51 57 56 55 56 53 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 8B 75 00 83 C5 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 52 51 9C 56 53 57 51 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 52 53 53 55 9C 57 51 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 52 53 56 51 55 9C 51 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 52 56 53 57 51 9C 52 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 52 56 9C 53 54 57 55 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 52 57 56 57 9C 51 55 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 52 57 9C 54 53 55 56 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 8D 76 01 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 75 00 83 C5 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 52 9C 50 55 53 51 56 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 8B 45 00 8A 55 04 83 C5 06 88 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 52 9C 55 53 57 51 53 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 53 50 9C 51 57 52 55 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 06 83 EE FC 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 53 51 57 53 9C 52 55 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 C6 01 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 36 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 53 52 51 55 55 56 57 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 53 54 52 57 51 55 56 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 FF 24 85 xx xx xx xx 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 53 56 52 56 51 9C 55 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 A7 72 45 00 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 53 56 57 52 55 51 53 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 53 57 51 56 57 52 55 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 FF 24 85 xx xx xx xx 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 53 57 52 52 9C 56 55 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 53 57 52 9C 51 56 53 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 55 52 57 51 9C 53 54 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 66 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 55 53 51 57 9C 56 52 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 55 53 56 52 57 56 51 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 75 00 83 C5 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 55 9C 52 53 51 52 56 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 8A 55 04 83 C5 06 88 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 55 9C 53 57 51 52 56 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 55 9C 56 57 57 51 52 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 24 85 xx xx xx xx 66 8B 06 98 83 ED 04 8D 76 02 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 56 51 51 9C 52 55 57 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 FF 24 85 xx xx xx xx 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 56 52 53 55 57 9C 51 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 56 53 50 55 9C 51 52 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 56 53 51 55 57 52 53 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 57 52 53 51 55 9C 52 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 24 85 xx xx xx xx 8B 55 00 83 C5 02 8A 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 57 53 57 52 56 51 55 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 66 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 57 55 51 55 9C 56 53 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 9C 52 52 53 57 51 55 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 8D 0C 85 xx xx xx xx FF 21 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 9C 52 53 51 55 51 56 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 24 85 xx xx xx xx 8B 45 00 01 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 9C 52 53 55 51 56 56 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF FF 24 85 xx xx xx xx 8B 06 83 ED 04 89 45 00 83 C6 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 9C 52 56 56 53 57 51 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF 8D 0C 85 xx xx xx xx FF 21 8B 75 00 83 C5 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 9C 53 56 53 52 55 51 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 9C 53 57 52 57 56 51 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 FF 24 85 xx xx xx xx 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 9C 54 55 56 52 53 51 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 C6 01 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 9C 55 52 51 56 57 51 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 9C 55 54 56 52 57 51 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF 8D 0C 85 xx xx xx xx FF 21 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 50 9C 56 53 53 55 57 52 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 8B 45 00 01 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 50 52 9C 53 57 50 55 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 8D 76 01 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 75 00 83 C5 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 50 55 56 50 53 9C 57 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 24 85 xx xx xx xx 0F B6 06 46 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 50 57 9C 53 53 55 52 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 50 9C 56 53 57 52 55 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 C6 01 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 50 9C 56 53 57 55 52 54 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 51 9C 56 53 55 52 50 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 52 50 53 56 55 57 9C 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 52 53 55 9C 55 56 57 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 FF 24 85 xx xx xx xx 89 E8 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 52 55 9C 56 53 52 57 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 89 EC 5A 58 5F 5A 5B 5E 9D 5D 59 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 52 57 53 55 56 50 9C 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 53 55 50 9C 55 56 57 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 53 56 52 51 50 9C 57 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 8B 45 00 66 8B 55 04 83 C5 06 66 89 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 55 52 52 56 57 9C 53 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 55 52 57 9C 56 50 55 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 55 52 9C 53 56 57 50 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF FF 24 85 xx xx xx xx 89 EC 5A 5B 58 5F 5E 5A 9D 5A 5D 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 55 53 57 50 52 50 9C 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 66 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 55 57 50 9C 56 52 50 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 55 9C 52 50 57 56 53 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 36 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 56 52 9C 57 54 55 53 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 56 53 53 50 9C 52 57 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 8D 76 01 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 66 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 56 56 53 55 57 9C 52 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 8D 76 01 0F B6 C0 FF 24 85 xx xx xx xx 8B 45 00 8A 55 04 83 C5 06 88 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 56 57 52 55 50 9C 53 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 66 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 56 57 55 50 52 9C 56 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 8B 45 00 8B 55 04 83 C5 08 89 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 56 9C 50 55 53 54 52 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 57 50 55 56 53 9C 56 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 01 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 57 52 56 53 50 55 9C 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 FF 24 85 xx xx xx xx 8B 06 83 ED 04 83 EE FC 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 57 56 52 53 55 53 50 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 57 56 52 9C 50 53 55 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 8D 0C 85 xx xx xx xx FF 21 89 EC 59 5F 5D 5B 58 9D 5A 5E 59 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 57 9C 50 53 56 51 52 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 8D 76 01 0F B6 C0 FF 24 85 xx xx xx xx 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 9C 52 53 50 56 57 55 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 8D 76 01 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 9C 52 57 50 53 55 56 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF FF 24 85 xx xx xx xx 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 9C 55 50 57 53 56 52 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 36 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 9C 55 53 50 52 53 56 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 9C 55 53 53 56 50 52 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF FF 24 85 xx xx xx xx 8B 45 00 36 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 9C 56 50 52 57 57 55 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 24 85 xx xx xx xx 8B 45 00 66 8B 55 04 83 C5 06 66 89 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 9C 57 50 50 56 53 52 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 C6 01 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 66 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 9C 57 50 55 52 56 53 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 51 9C 57 53 50 55 51 52 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 8D 76 01 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 50 53 51 9C 55 54 57 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 50 53 9C 55 51 54 56 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 75 00 83 C5 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 50 55 56 9C 57 53 51 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 50 55 9C 51 56 51 53 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 50 55 9C 54 56 53 57 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 50 56 57 53 9C 57 55 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 50 9C 55 53 51 56 57 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 8B 45 00 01 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 51 50 55 57 56 57 53 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 51 50 56 55 53 57 50 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 8D 76 01 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 51 53 50 57 9C 55 54 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 FF 24 85 xx xx xx xx 89 EC 5B 5E 5D 5D 9D 5F 58 5B 59 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 51 55 57 53 9C 50 52 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 51 56 53 55 57 9C 50 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 8B 06 83 ED 04 83 EE FC 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 51 56 9C 56 53 57 50 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF 8D 0C 85 xx xx xx xx FF 21 8B 75 00 83 C5 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 52 50 56 57 51 9C 53 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 C6 01 0F B6 C0 FF 24 85 xx xx xx xx 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 53 50 55 51 56 9C 55 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 C6 01 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 53 50 56 53 57 9C 55 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 EC 58 59 5D 9D 5F 5A 5E 58 5B 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 53 53 9C 57 55 51 50 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 8B 55 04 83 C5 08 89 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 53 55 50 9C 56 54 57 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 53 56 55 56 9C 57 51 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 FF 24 85 xx xx xx xx 8B 75 00 83 C5 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 53 57 55 56 51 50 9C 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 53 9C 50 56 51 55 54 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 53 9C 50 56 51 55 57 54 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 24 85 xx xx xx xx 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 54 51 50 55 53 56 9C 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 8A 55 04 83 C5 06 88 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 54 53 57 51 55 56 9C 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 54 56 50 9C 55 53 57 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 66 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 55 50 53 56 51 9C 50 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 8B 45 00 8B 55 04 83 C5 08 89 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 55 50 57 53 56 9C 57 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 55 53 50 56 53 51 57 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 36 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 55 56 51 53 50 9C 53 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 C6 01 0F B6 C0 FF 24 85 xx xx xx xx 8B 45 00 8B 55 04 83 C5 08 89 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 55 56 51 9C 53 57 51 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 FF 24 85 xx xx xx xx 8B 06 83 C6 04 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 55 56 9C 57 51 50 53 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 55 9C 50 51 57 53 51 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 C6 01 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 55 9C 55 56 57 51 53 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 56 53 50 55 9C 57 51 54 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 56 53 51 50 9C 57 50 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 56 55 9C 56 57 50 51 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 56 56 57 55 53 9C 50 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 8D 76 01 0F B6 C0 FF 24 85 xx xx xx xx 8B 75 00 83 C5 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 56 9C 57 50 53 55 57 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 C6 01 0F B6 C0 FF 24 85 xx xx xx xx 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 57 50 53 51 56 55 9C 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 57 53 9C 50 50 56 55 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 57 53 9C 54 55 51 56 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 FF 24 85 xx xx xx xx 8B 45 00 01 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 57 56 51 50 9C 55 57 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 52 9C 56 53 55 57 54 50 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 50 51 51 9C 52 57 55 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 24 85 xx xx xx xx 8B 06 83 ED 04 83 EE FC 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 50 51 53 52 57 55 9C 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 50 54 9C 51 56 55 57 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 50 55 50 51 9C 52 56 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 50 55 52 51 9C 52 57 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 66 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 50 55 57 53 52 9C 56 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 66 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 50 57 53 9C 52 51 55 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 50 57 56 55 51 9C 51 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 50 57 56 9C 55 52 51 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 50 57 9C 56 51 52 55 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 8D 0C 85 xx xx xx xx FF 21 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 50 9C 50 56 57 51 52 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 FF 24 85 xx xx xx xx 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 50 9C 54 51 57 52 56 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 50 9C 55 56 54 57 52 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 51 50 52 52 57 55 56 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 51 50 9C 55 52 50 57 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 8B 06 8D 76 04 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 51 52 55 56 55 57 50 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 51 52 55 56 56 9C 57 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 51 55 56 52 9C 57 50 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 24 85 xx xx xx xx 8B 45 00 36 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 51 56 50 57 55 52 9C 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 51 9C 52 57 55 50 56 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 52 50 56 51 57 56 55 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 8A 06 8A 04 07 83 ED 02 66 89 45 00 46 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 52 55 9C 57 56 51 50 54 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 8D 76 01 0F B6 C0 FF 24 85 xx xx xx xx 89 EC 5A 5E 58 59 5E 5F 9D 5D 5A 5B C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 52 56 9C 57 50 51 55 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 8B 55 04 83 C5 08 89 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 52 57 50 55 51 9C 56 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 FF 24 85 xx xx xx xx 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 52 57 55 51 9C 56 50 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 52 57 55 56 51 55 9C 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 52 9C 55 57 50 51 55 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF FF 24 85 xx xx xx xx 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 52 9C 56 50 53 57 51 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 8D 76 01 0F B6 C0 FF 24 85 xx xx xx xx 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 55 50 52 57 56 51 9C 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 55 51 9C 56 50 57 51 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 55 52 57 57 50 9C 56 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 55 55 57 51 56 50 9C 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 8B 06 83 ED 04 83 C6 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 55 9C 50 57 57 51 56 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 24 85 xx xx xx xx 8B 45 00 8A 55 04 83 C5 06 88 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 55 9C 56 57 51 50 52 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 24 85 xx xx xx xx 8B 45 00 83 C5 02 66 8B 00 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 56 50 56 52 57 9C 51 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 56 51 55 50 57 9C 52 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 56 51 9C 57 55 52 50 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 56 57 51 50 52 55 9C 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 56 9C 52 52 51 55 50 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 66 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 57 51 52 50 51 9C 56 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 24 85 xx xx xx xx 8B 45 00 8A 55 04 83 C5 06 36 88 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 57 52 55 50 51 57 56 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 57 52 55 56 55 50 51 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 57 55 56 52 56 51 50 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 57 56 51 50 9C 52 55 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 8D 76 01 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 57 9C 56 50 51 55 52 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 C6 01 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 9C 51 56 52 56 55 50 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 8D 0C 85 xx xx xx xx FF 21 8B 45 00 36 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 9C 52 50 51 57 56 55 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 FF 24 85 xx xx xx xx 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 9C 53 56 51 57 55 52 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 36 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 9C 56 51 52 50 55 57 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 75 00 83 C5 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 53 9C 57 55 53 51 52 50 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 50 51 9C 50 57 53 56 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 24 85 xx xx xx xx 8B 45 00 8B 55 04 83 C5 08 36 89 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 50 52
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 50 52 51 9C 57 53 52 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 50 57 52 51 9C 53 56 54 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 FF 24 85 xx xx xx xx 8B 06 83 ED 04 89 45 00 83 C6 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 50 9C 56 52 51 53 51 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 51 50 52 57 53 9C 50 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 8D 76 01 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 51 50 53 53 52 57 9C 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 51 52 50 56 53 57 9C 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 51 52 53 50 9C 57 56 54 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 8D 76 01 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 51 53 51 56 52 9C 57 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 51 53 57 52 57 56 50 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 51 9C 53 51 52 50 56 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 51 9C 53 56 50 56 57 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 51 9C 57 56 52 50 56 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 8B 45 00 36 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 52 56 53 57 51 52 9C 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 52 57 50 9C 53 56 52 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 FF 24 85 xx xx xx xx 8B 45 00 8B 55 04 83 C5 08 89 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 52 57 51 56 53 57 50 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 53 51 51 56 50 52 57 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 FF 24 85 xx xx xx xx 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 53 52 50 56 56 9C 51 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 53 52 9C 57 56 50 53 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 8D 0C 85 xx xx xx xx FF 21 8B 75 00 83 C5 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 56 52 57 50 55 53 9C 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 FF 24 85 xx xx xx xx 8A 06 46 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 56 57 51 52 53 53 9C 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 8B 45 00 8A 55 04 83 C5 06 88 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 56 57 53 52 50 51 55 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 57 50 52 53 52 51 9C 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 8D 76 01 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 57 50 56 51 52 53 50 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 8B 45 00 8A 55 04 83 C5 06 88 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 57 51 9C 56 53 51 50 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 57 52 51 9C 53 53 50 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 57 9C 51 56 53 52 50 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 57 9C 53 51 50 52 51 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 24 85 xx xx xx xx 8B 75 00 83 C5 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 9C 51 55 56 53 52 50 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 9C 52 51 50 53 53 56 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 FF 24 85 xx xx xx xx 8B 45 00 01 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 9C 52 51 57 53 56 54 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 06 83 ED 04 8D 76 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 9C 52 53 50 51 51 57 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 9C 53 50 54 57 51 56 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 36 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 9C 56 50 51 53 52 57 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 9C 57 51 50 52 53 56 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 55 9C 57 56 50 52 53 51 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 50 51 53 57 52 9C 51 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 8D 0C 85 xx xx xx xx FF 21 66 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 50 52 9C 52 51 57 53 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 24 85 xx xx xx xx 8B 45 00 8B 55 04 83 C5 08 36 89 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 50 53 9C 51 57 52 57 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 FF 24 85 xx xx xx xx 66 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 50 55 50 52 51 57 53 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 50 55 51 53 50 52 9C 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 50 57 9C 51 53 52 50 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 51 51 52 55 57 9C 53 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 51 53 54 57 55 50 9C 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 51 57 56 52 55 50 53 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 51 9C 57 52 50 50 53 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 8B 45 00 83 C5 02 66 8B 00 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 52 50 53 51 57 9C 57 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 8B 45 00 36 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 52 55 50 57 51 53 9C 54 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 C6 01 0F B6 C0 FF 24 85 xx xx xx xx 89 E8 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 52 55 50 9C 51 57 53 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF 8D 0C 85 xx xx xx xx FF 21 8B 75 00 83 C5 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 52 57 53 57 55 9C 51 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF FF 24 85 xx xx xx xx 66 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 52 9C 55 53 51 50 51 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 52 9C 57 51 55 55 53 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 8B 45 00 83 C5 02 66 8B 00 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 53 51 50 53 9C 57 52 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 53 51 52 9C 55 57 51 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 53 51 55 52 9C 57 50 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 8A 06 8A 04 07 46 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 53 51 55 53 9C 57 52 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 0F B6 06 66 98 98 46 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 53 51 55 9C 51 50 57 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 53 52 50 9C 51 55 54 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 53 52 51 55 9C 50 57 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 0F B6 06 83 ED 02 46 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 53 55 51 9C 52 55 50 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 FF 24 85 xx xx xx xx 8B 06 8D 76 04 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 53 55 52 51 55 57 9C 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 8B 55 04 83 C5 08 89 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 53 57 52 50 51 51 9C 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 53 9C 55 50 54 51 52 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 55 50 51 57 50 52 53 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 8D 76 01 0F B6 C0 FF 24 85 xx xx xx xx 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 55 51 57 54 53 9C 50 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 55 51 9C 52 50 53 57 54 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 8B 75 00 83 C5 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 55 52 57 50 57 51 9C 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 FF 24 85 xx xx xx xx 8B 45 00 36 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 55 53 50 57 53 9C 51 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 8B 45 00 36 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 55 53 9C 57 52 51 55 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 66 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 55 57 51 9C 50 52 55 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF FF 24 85 xx xx xx xx 8B 45 00 8B 55 04 83 C5 08 89 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 57 52 53 57 51 55 50 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 75 00 83 C5 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 57 55 52 9C 50 51 53 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 01 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 57 55 53 52 51 9C 50 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 57 9C 50 55 51 51 53 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 8B 45 00 36 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 9C 50 57 55 51 52 51 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 9C 51 55 52 51 57 50 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 8D 0C 85 xx xx xx xx FF 21 66 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 9C 52 53 55 52 57 51 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 56 9C 53 52 50 51 55 57 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 50 52 53 56 57 9C 55 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 89 E8 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 50 53 54 51 55 56 9C 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 50 55 52 55 51 53 9C 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 FF 24 85 xx xx xx xx 8B 75 00 83 C5 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 50 55 55 9C 56 52 51 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 24 85 xx xx xx xx 8A 45 00 83 ED 02 00 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 50 55 9C 56 53 51 50 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 24 85 xx xx xx xx 66 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 50 56 53 51 55 9C 55 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 8B 45 00 8B 55 04 83 C5 08 36 89 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 50 9C 55 53 56 52 53 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 89 EC 58 59 5B 5A 5E 58 5D 9D 58 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 51 50 52 54 9C 53 55 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 51 52 53 56 9C 55 50 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 FF 24 85 xx xx xx xx 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 51 53 55 50 55 56 52 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 8D 76 01 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 51 53 56 55 50 9C 52 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 8B 55 04 83 C5 08 89 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 51 56 57 55 52 9C 53 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8A 06 83 ED 02 66 89 45 00 46 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 51 56 9C 56 53 55 52 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 66 8B 06 8D 76 02 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 52 50 53 51 56 55 51 9C 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 8D 0C 85 xx xx xx xx FF 21 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 52 53 50 9C 56 53 55 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 52 53 54 55 51 50 9C 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 75 00 83 C5 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 52 53 56 50 55 51 9C 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 C6 01 0F B6 C0 FF 24 85 xx xx xx xx 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 52 56 50 9C 53 50 51 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 8B 45 00 01 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 52 56 57 55 53 9C 51 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 C6 01 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 66 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 53 51 56 52 50 9C 50 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 53 52 51 57 55 9C 56 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 8B 06 83 EE FC 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 53 56 55 55 9C 50 52 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF 8D 0C 85 xx xx xx xx FF 21 8B 45 00 36 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 54 53 9C 55 52 50 56 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 8D 76 01 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 55 51 9C 55 52 53 56 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 8D 76 01 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 55 52 50 56 9C 51 53 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 EC 59 5A 5B 59 9D 5E 58 5F 5D 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 55 9C 52 56 53 56 50 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 21 71 45 00 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 56 52 50 51 56 55 53 9C 68 00 00 00 00 8B
-        74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 8D
-        0C 85 xx xx xx xx FF 21 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 56 52 53 55 55 9C 51 50 68 00 00 00 00 8B
-        74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 8D
-        0C 85 xx xx xx xx FF 21 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 57 56 55 54 52 51 9C 50 53 68 00 00 00 00 8B
-        74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 8D
-        0C 85 xx xx xx xx FF 21 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 0F B7 06 83 C6 02 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 0F B7 06 83 C6 02 98 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 0F B7 06 83 ED 02 66 89 45 00 83 C6 02 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 0F B7 06 83 ED 02 66 89 45 00 83 EE FE E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 0F B7 06 83 ED 02 66 89 45 00 8D 76 02 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 0F B7 06 83 ED 02 83 C6 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 0F B7 06 83 ED 02 83 EE FE 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 0F B7 06 83 ED 02 8D 76 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 0F B7 06 83 EE FE 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 0F B7 06 83 EE FE 98 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 0F B7 06 8D 76 02 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 0F B7 06 8D 76 02 98 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 0F B7 06 98 83 C6 02 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 0F B7 06 98 83 ED 04 83 C6 02 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 0F B7 06 98 83 ED 04 83 EE FE 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 0F B7 06 98 83 ED 04 89 45 00 83 C6 02 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 0F B7 06 98 83 ED 04 89 45 00 83 EE FE E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 0F B7 06 98 83 ED 04 89 45 00 8D 76 02 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 0F B7 06 98 83 ED 04 8D 76 02 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 0F B7 06 98 83 EE FE 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 0F B7 06 98 8D 76 02 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 06 83 C6 02 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 06 83 C6 02 98 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 06 83 ED 02 66 89 45 00 83 C6 02 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 06 83 ED 02 66 89 45 00 83 EE FE E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 06 83 ED 02 66 89 45 00 8D 76 02 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 06 83 ED 02 83 C6 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 06 83 ED 02 83 EE FE 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 06 83 ED 02 8D 76 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 06 83 EE FE 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 06 83 EE FE 98 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 06 8D 76 02 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 06 8D 76 02 98 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 06 98 83 C6 02 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 06 98 83 ED 04 83 C6 02 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 06 98 83 ED 04 83 EE FE 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 06 98 83 ED 04 89 45 00 83 C6 02 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 06 98 83 ED 04 89 45 00 83 EE FE E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 06 98 83 ED 04 89 45 00 8D 76 02 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 06 98 83 ED 04 8D 76 02 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 06 98 83 EE FE 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 06 98 8D 76 02 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 45 00 66 8B 55 02 F6 D0 F6 D2 83 ED 02
-        20 D0 66 89 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 45 00 83 ED 02 66 01 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 45 00 8A 4D 02 83 ED 02 66 D3 E0 66 89
-        45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 45 00 8A 4D 02 83 ED 02 66 D3 E8 66 89 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 66 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 80 E0 3C 8B 14 07 83 ED 04 89 55 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 80 E0 3C 8B 55 00 83 C5 04 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 E8 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 58 59 5E 5D 5B 9D 5F 5A 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 58 5A 5D 5B 5E 59 5A 9D 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 58 5A 5D 5B 9D 59 5F 5F 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 58 5B 5E 5D 58 5F 9D 59 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 58 5B 5E 5D 9D 5B 59 5A 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 58 5E 5A 59 5D 59 9D 5F 5B C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 58 5F 5B 5F 5D 59 5E 9D 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 58 9D 5B 5D 5E 5F 5A 59 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 59 5A 5B 5E 58 5D 5F 9D 5B C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 59 5A 5E 58 9D 5D 58 5B 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 59 5B 58 5D 5F 9D 5A 5E 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 59 5B 5E 5A 5F 58 5D 9D 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 59 5B 5F 5E 58 9D 5D 5A 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 59 5B 9D 5E 5F 5A 58 5D 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 59 5D 5F 5E 5A 5B 9D 5B 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 59 5E 58 5D 5B 9D 5F 5A 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 59 5E 5B 5F 5B 9D 58 5D 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 59 5F 58 5A 9D 5D 5E 5E 5B C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5A 58 5B 5E 59 5D 9D 5F 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5A 58 5E 5D 5B 5B 9D 59 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5A 59 5B 5D 5A 5E 9D 5F 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5A 59 5F 59 58 9D 5E 5D 5B C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5A 5B 58 9D 5E 5F 5D 59 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5A 5B 59 5D 5E 58 5F 9D 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5A 5E 5D 9D 5B 58 5F 59 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5A 5F 58 59 5B 5D 5E 9D 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5A 9D 5B 59 5D 5F 58 5E 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5A 9D 5E 59 5D 5D 58 5B 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5A 9D 5E 5B 5F 5B 58 5D 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5A 9D 5E 5D 58 5F 5B 59 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5B 5D 58 9D 59 5F 5E 59 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5B 5D 59 5F 5E 58 9D 5A 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5B 5D 5E 59 5F 58 9D 58 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5B 5E 5A 58 5F 58 59 9D 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5B 5F 5A 59 58 5D 9D 5E 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5B 9D 58 5F 5E 59 5D 5D 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5B 9D 59 5E 5D 5D 5F 5A 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5B 9D 5E 5A 5E 59 5F 5D 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5D 58 5A 5B 5D 9D 5F 5E 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5D 59 9D 5D 58 5B 5E 5A 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5D 5E 5B 5F 58 5E 59 5A 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5D 5E 5F 58 5B 5A 5A 59 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5D 5E 9D 5F 5B 5A 5B 58 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5D 5F 5E 58 9D 59 5A 5B 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5E 59 5D 9D 58 5B 5A 5F 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5E 5A 59 5D 5B 58 5F 9D 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5E 5A 5F 58 58 5D 59 5B 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5E 5B 59 5D 5F 9D 5A 58 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5E 5B 5A 59 5D 58 5F 9D 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5E 5B 5D 5A 5F 58 59 58 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5E 5F 5B 59 5D 58 9D 5A 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5E 5F 5F 9D 59 5D 5A 5B 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5F 5A 5B 5E 5D 5B 9D 59 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5F 5A 5E 5E 59 9D 5D 5B 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5F 5B 5E 5B 5D 59 5A 9D 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5F 5E 58 5D 5B 59 9D 5A 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5F 5E 5D 59 9D 5B 58 5A 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5F 5E 9D 5D 58 5B 5A 5A 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 5F 9D 5B 59 5E 5B 5D 58 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 9D 58 5F 5F 5B 5A 59 5D 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 9D 5D 59 5F 5E 58 58 5A 5B C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 9D 5D 5E 58 59 5B 5F 5A 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 58 9D 5F 5D 5E 5B 58 59 5A 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 58 5A 9D 5D 59 5B 59 5E 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 58 5B 59 59 5E 5D 5F 5A 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 58 5B 59 5F 5A 5E 5D 9D 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 58 5B 5A 5F 59 5D 5D 5E 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 58 5B 9D 5A 5F 5D 5A 5E 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 58 5F 59 5A 59 5E 5D 5B 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 58 5F 5B 5D 5E 5B 5A 59 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 58 5F 5E 59 5E 5D 5B 5A 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 58 9D 5F 5D 5E 5B 59 5A 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 59 58 5A 5F 5B 5E 5D 5D 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 59 58 5B 5D 5F 5E 5A 5F 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 59 5A 9D 5E 58 5F 5D 59 5B C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 59 5A 9D 5F 5B 5B 5D 58 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 59 5B 58 5A 5B 5F 5E 9D 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 59 5D 58 59 9D 5E 5A 5B 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5A 5F 5B 58 59 5D 9D 5D 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5A 5F 5F 58 5E 5D 9D 59 5B C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5A 9D 5E 5D 58 5F 5A 59 5B C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5B 5E 58 5D 5F 9D 5A 59 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5B 5E 59 5A 58 9D 5D 5B 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5B 5E 9D 58 5D 5F 5A 5D 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5B 5F 58 5A 5E 9D 5D 59 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5B 5F 5B 9D 59 5A 5D 58 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5B 9D 5A 5F 59 58 5D 5E 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5D 5D 58 5F 59 5B 9D 5E 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5D 5E 9D 58 5B 5F 59 58 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5D 5F 59 59 5A 5E 5B 9D 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5D 5F 5A 5E 5D 5B 58 9D 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5D 5F 5E 5B 9D 58 5B 59 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5E 58 5A 5D 5F 5B 5A 59 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5E 58 5F 5D 5B 5A 59 9D 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5E 59 58 5F 5D 58 5B 9D 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5E 59 5F 5B 5D 58 5A 9D 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5E 5D 59 5B 5A 58 5F 9D 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5E 5D 5A 58 59 5B 5A 5F 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5E 5D 5A 5F 59 58 9D 5B 5B C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5E 5F 9D 5D 5B 58 5E 5A 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5F 58 5B 59 5E 5F 5D 5A 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5F 58 5B 5F 5A 59 5D 9D 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5F 58 5B 9D 5A 5D 5F 5E 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5F 5A 5B 59 5D 9D 59 5E 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5F 5D 58 59 9D 5E 5B 5A 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5F 5D 5E 58 5B 9D 59 5A 5B C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5F 5E 9D 59 5A 5A 5B 58 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 5F 5F 5B 5A 9D 5E 5D 59 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 9D 59 5A 5F 5E 5D 5D 58 5B C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 9D 59 5D 5B 5F 58 5E 5A 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 9D 5A 58 5B 5F 59 5D 5E 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 9D 5A 5F 58 5B 59 5B 5D 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 9D 5A 5F 5D 58 5B 58 59 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 9D 5B 5D 5A 5F 59 5E 58 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 9D 5D 5A 5B 58 5F 5E 5E 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 59 9D 5F 58 5A 5E 5D 5E 5B 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 58 59 5E 5D 5F 5B 9D 5A 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 58 59 5E 5F 5D 5B 5A 5A 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 58 59 5E 9D 5F 59 5A 5B 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 58 5B 5D 5E 5A 5E 59 9D 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 58 5E 5F 5D 5A 58 5B 9D 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 58 5F 5E 5E 5A 5D 5B 59 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 58 9D 5B 5E 5A 5D 5F 5F 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 59 5A 5B 9D 58 5E 5F 58 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 59 5D 5D 5A 5F 5E 58 9D 5B C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 59 5D 5F 5B 5E 9D 58 5A 5B C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 59 5F 5D 9D 5E 5B 5A 5A 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 59 5F 5F 5E 5D 5A 5B 9D 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5A 59 58 5D 5E 5D 5F 5B 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5A 59 5F 58 5E 9D 5D 5F 5B C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5A 5B 5D 5E 58 5F 59 5D 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5A 5B 5F 58 5D 5E 5D 59 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5A 5F 5E 58 5D 59 5D 5B 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5B 58 5A 59 5E 9D 5E 5D 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5B 58 5D 58 9D 59 5A 5F 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5B 58 5D 5E 5F 9D 5A 59 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5B 59 9D 5D 5A 5E 58 5F 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5B 5A 5F 5E 5D 58 58 59 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5B 5A 9D 58 5F 5E 5E 59 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5B 5D 5F 5E 9D 58 5A 59 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5B 5E 59 5F 5D 5D 9D 58 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5B 9D 5F 5D 58 5A 5E 59 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5D 59 5E 5A 58 5B 5F 59 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5D 5E 58 5A 9D 5F 59 5B 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5D 5E 58 5F 5A 59 5B 5B 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5D 5F 5A 5B 5E 58 9D 59 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5D 5F 5B 5D 58 5E 5A 59 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5D 9D 5A 5B 59 58 5E 58 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5E 5A 5F 59 5B 5D 58 5B 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5E 5A 5F 5B 9D 58 5E 59 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5E 5B 5A 58 5D 59 5F 9D 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5E 5D 5B 5F 5E 59 58 9D 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5E 5E 5A 58 5D 9D 59 5F 5B C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5E 5E 5B 58 9D 59 5D 5F 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5E 5F 58 5B 5A 59 5D 9D 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5E 9D 5A 5D 5F 58 5B 59 5B C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5F 59 59 5A 5B 9D 5E 58 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5F 5A 59 5D 9D 5E 58 5B 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5F 5B 9D 5D 5A 5E 58 5A 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 5F 5E 9D 5F 59 5A 5D 58 5B C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 9D 5A 59 5E 5D 5F 5B 5A 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 9D 5E 5A 58 5F 5D 5B 59 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5A 9D 5E 5F 5B 5D 58 5A 59 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 58 5A 5B 5E 5F 9D 5D 5F 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 58 5A 5E 5F 5B 5B 5D 59 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 58 5F 5E 59 9D 5D 5B 59 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 58 5F 5E 5B 59 5D 5A 9D 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 59 59 58 5B 5E 5F 5A 9D 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 59 5D 5A 58 9D 5B 5E 5F 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 59 5E 5A 5F 5B 9D 5B 58 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 59 5E 5F 5D 5A 5B 58 5A 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 59 5F 5B 58 5A 9D 58 5E 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5A 58 5B 59 5E 5D 5F 5F 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5A 59 5E 5D 5F 9D 5E 5B 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5A 5B 5F 5E 9D 58 5D 59 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5A 5D 59 5D 5F 58 5E 5B 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5A 5E 5D 5B 9D 59 58 58 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5A 5F 5D 9D 58 59 59 5B 5E C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5A 9D 5B 5F 5E 5D 58 59 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5B 59 5D 9D 5E 5F 5A 5D 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5B 59 5E 5F 5D 5A 9D 58 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5B 5D 5E 5F 58 9D 5A 58 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5B 9D 58 59 58 5E 5D 5A 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5D 59 9D 5A 5E 58 5B 5F 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5D 5A 5F 58 9D 5E 5B 59 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5D 5B 58 5A 59 5F 9D 5E 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5D 5B 59 5F 5E 9D 5D 5A 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5D 9D 59 5F 5D 58 5E 5A 5B C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5E 58 59 5B 59 5A 5D 9D 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5E 58 5D 5A 5A 5F 5B 9D 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5E 58 5F 5D 5A 59 9D 5A 5B C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5E 59 58 5F 5B 5D 5D 5A 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5E 59 5A 5B 9D 5F 58 58 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5E 5A 59 9D 5F 5D 5B 58 5B C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5E 5D 58 59 58 9D 5A 5B 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5E 5D 5B 5A 9D 58 5A 59 5F C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5E 5F 58 59 9D 5F 5B 5D 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5E 9D 5D 5B 59 5A 58 5F 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5E 9D 5F 5D 5B 58 5D 59 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5F 5A 58 5E 5D 5B 9D 59 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5F 5F 5B 58 59 5D 5A 5E 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 5F 9D 58 5B 5D 5A 5A 5E 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 9D 59 5A 5B 58 5B 5F 5E 5D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 9D 5D 59 58 5F 5A 5E 5B 5B C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 9D 5D 5E 59 5B 58 5B 5F 5A C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 9D 5F 58 5E 5A 5B 59 5D 59 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 89 EC 5B 9D 5F 59 5D 5A 5B 5B 5E 58 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 46 66 8B 04 07 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 46 66 8B 55 00 83 C5 02 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 46 66 8B 55 00 83 C5 02 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 46 66 98 98 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 46 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 46 8A 04 07 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 04 07 46 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 04 07 83 C6 01 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 04 07 83 ED 02 46 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 04 07 83 ED 02 66 89 45 00 46 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 04 07 83 ED 02 66 89 45 00 83 C6 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 04 07 83 ED 02 66 89 45 00 83 EE FF E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 04 07 83 ED 02 66 89 45 00 8D 76 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 04 07 83 ED 02 83 C6 01 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 04 07 83 ED 02 83 EE FF 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 04 07 83 ED 02 8D 76 01 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 04 07 83 EE FF 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 04 07 8D 76 01 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 46 83 C5 02 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 46 83 C5 02 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 83 C5 02 46 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 83 C5 02 46 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 83 C5 02 66 89 14 07 46 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 83 C5 02 66 89 14 07 83 C6 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 83 C5 02 66 89 14 07 83 EE FF E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 83 C5 02 66 89 14 07 8D 76 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 83 C5 02 83 C6 01 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 83 C5 02 83 C6 01 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 83 C5 02 83 EE FF 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 83 C5 02 83 EE FF 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 83 C5 02 88 14 07 46 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 83 C5 02 88 14 07 83 C6 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 83 C5 02 88 14 07 83 EE FF E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 83 C5 02 88 14 07 8D 76 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 83 C5 02 8D 76 01 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 83 C5 02 8D 76 01 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 83 C6 01 83 C5 02 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 83 C6 01 83 C5 02 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 83 EE FF 83 C5 02 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 83 EE FF 83 C5 02 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 8D 76 01 83 C5 02 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 8B 55 00 8D 76 01 83 C5 02 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 98 46 98 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 98 83 C6 01 98 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 98 83 EE FF 98 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 98 8D 76 01 98 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 98 98 46 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 98 98 83 C6 01 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 98 98 83 ED 04 46 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 98 98 83 ED 04 83 C6 01 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 98 98 83 ED 04 83 EE FF 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 98 98 83 ED 04 89 45 00 46 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 98 98 83 ED 04 89 45 00 83 C6 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 98 98 83 ED 04 89 45 00 83 EE FF E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 98 98 83 ED 04 89 45 00 8D 76 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 98 98 83 ED 04 8D 76 01 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 98 98 83 EE FF 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 66 98 98 8D 76 01 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 83 C6 01 66 8B 04 07 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 83 C6 01 66 8B 55 00 83 C5 02 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 83 C6 01 66 8B 55 00 83 C5 02 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 83 C6 01 66 98 98 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 83 C6 01 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 83 C6 01 8A 04 07 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 83 ED 02 46 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 83 ED 02 66 89 45 00 46 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 83 ED 02 66 89 45 00 83 C6 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 83 ED 02 66 89 45 00 83 EE FF E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 83 ED 02 66 89 45 00 8D 76 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 83 ED 02 83 C6 01 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 83 ED 02 83 EE FF 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 83 ED 02 8D 76 01 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 83 EE FF 66 8B 04 07 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 83 EE FF 66 8B 55 00 83 C5 02 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 83 EE FF 66 8B 55 00 83 C5 02 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 83 EE FF 66 98 98 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 83 EE FF 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 83 EE FF 8A 04 07 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 8A 04 07 46 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 8A 04 07 83 C6 01 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 8A 04 07 83 ED 02 46 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 8A 04 07 83 ED 02 66 89 45 00 46 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 8A 04 07 83 ED 02 66 89 45 00 83 C6 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 8A 04 07 83 ED 02 66 89 45 00 83 EE FF E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 8A 04 07 83 ED 02 66 89 45 00 8D 76 01 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 8A 04 07 83 ED 02 83 C6 01 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 8A 04 07 83 ED 02 83 EE FF 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 8A 04 07 83 ED 02 8D 76 01 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 8A 04 07 83 EE FF 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 8A 04 07 8D 76 01 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 8D 76 01 66 8B 04 07 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 8D 76 01 66 8B 55 00 83 C5 02 66 89 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 8D 76 01 66 8B 55 00 83 C5 02 88 14 07 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 8D 76 01 66 98 98 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 8D 76 01 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 06 8D 76 01 8A 04 07 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 45 00 83 ED 02 00 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 45 00 8A 4D 02 83 ED 02 D2 E0 66 89 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8A 45 00 8A 4D 02 83 ED 02 D2 E8 66 89 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 06 83 C6 04 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 06 83 ED 04 83 C6 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 06 83 ED 04 83 EE FC 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 06 83 ED 04 89 45 00 83 C6 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 06 83 ED 04 89 45 00 83 EE FC E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 06 83 ED 04 89 45 00 8D 76 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 06 83 ED 04 8D 76 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 06 83 EE FC 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 06 8D 76 04 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 45 00 01 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 45 00 36 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 45 00 66 8B 55 04 83 C5 06 66 36 89 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 45 00 66 8B 55 04 83 C5 06 66 89 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 45 00 83 C5 02 66 36 8B 00 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 45 00 83 C5 02 66 8B 00 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 45 00 8A 4D 04 83 ED 02 D3 E0 89 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 45 00 8A 4D 04 83 ED 02 D3 E8 89 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 45 00 8A 4D 04 83 ED 02 D3 E8 89 45 04 9C 8F 45 00 E9 01 7D 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 45 00 8A 55 04 83 C5 06 36 88 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 45 00 8A 55 04 83 C5 06 88 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 45 00 8B 55 04 83 C5 08 36 89 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 45 00 8B 55 04 83 C5 08 89 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 45 00 8B 55 04 8A 4D 08 83 C5 02 0F A5 D0 89 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 45 00 8B 55 04 8A 4D 08 83 C5 02 0F AD D0 89 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 45 00 8B 55 04 F7 D0 F7 D2 21 D0 89 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 55 00 83 C5 02 36 8A 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 55 00 83 C5 02 8A 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8B 75 00 83 C5 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 8D 47 50 39 C5 0F 87 xx xx xx xx 8D 4F 40 29 E1 8D 45 80 29 C8 89 C4 9C 56 89 FE 8D BD 40 FF FF FF 57 FC F3 A4 5F 5E 9D E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 50 51 53 57 56 52 55 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 66 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 50 52 53 52 56 57 55 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 50 56 57 51 52 53 55 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 24 85 xx xx xx xx 8B 55 00 83 C5 02 8A 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 50 56 57 53 55 51 52 54 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 50 57 53 51 52 55 54 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF 8D 0C 85 xx xx xx xx FF 21 89 EC 58 5E 59 5D 5A 59 5B 5F 58 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 51 52 56 50 53 56 55 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 8B 06 83 ED 04 8D 76 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 51 53 50 52 56 55 57 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 51 55 57 53 56 50 52 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 51 56 53 52 50 55 52 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 24 85 xx xx xx xx 8B 55 00 83 C5 02 36 8A 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 51 56 55 52 50 55 53 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 C6 01 0F B6 C0 FF 24 85 xx xx xx xx 8B 75 00 83 C5 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 52 51 56 57 50 50 53 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 FF 24 85 xx xx xx xx 8B 45 00 8A 55 04 83 C5 06 88 10 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 52 53 51 55 57 56 50 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 8D 76 01 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 52 55 51 53 53 57 50 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 52 56 51 57 53 50 55 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 24 85 xx xx xx xx 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 52 56 53 55 53 51 50 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 8B 75 00 83 C5 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 53 50 52 51 55 56 52 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 C6 01 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 53 50 55 56 51 57 50 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 53 51 52 55 52 50 56 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 53 55 56 56 57 51 50 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 8D 76 01 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 53 56 56 50 55 51 57 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 8B 45 00 83 C5 02 66 8B 00 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 53 57 50 55 56 57 51 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 55 50 52 56 51 50 53 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 C6 01 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 EC 59 5F 5B 5A 59 5E 5A 58 5D 9D C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 55 52 56 53 57 51 54 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 45 00 01 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 55 56 53 57 52 51 57 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 8A 06 46 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 55 57 53 52 55 51 56 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 56 50 52 51 57 53 55 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 8B 06 83 ED 04 83 C6 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 56 51 52 55 51 50 57 53 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 EE FF FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 56 51 53 55 51 50 52 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 EE FF 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 56 52 53 56 50 57 51 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 56 53 51 55 52 50 52 57 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 02 66 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 56 53 55 51 57 52 52 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 83 C6 01 0F B6 C0 FF 24 85 xx xx xx xx 8B 45 00 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 56 53 57 52 51 50 53 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 8D 0C 85 xx xx xx xx FF 21 8B 45 00 36 8B 00 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 56 57 51 50 55 51 53 52 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 8D 0C 85 xx xx xx xx FF 21 8B 6D 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 56 57 55 52 50 53 51 55 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 FF 24 85 xx xx xx xx 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 57 51 53 55 56 50 52 51 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 83 C6 01 FF 24 85 xx xx xx xx 8B 06 83 ED 04 89 45 00 8D 76 04 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 57 52 53 51 55 50 55 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 46 FF 24 85 xx xx xx xx 80 E0 3C 8B 14 07 83 ED 04 89 55 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 57 52 55 56 51 50 53 50 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 0F B6 C0 8D 76 01 FF 34 85 xx xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx 9C 57 55 52 54 50 51 53 56 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06 46 0F B6 C0 8D 0C 85 xx xx xx xx FF 21 89 E8 83 ED 04 89 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx xx xx xx xx xx xx xx xx xx 68 00 00 00 00 8B 74 24 2C 89 E5 81 EC C0 00 00 00 89 E7 03 75 00 8A 06
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        68 xx xx xx xx E8 xx xx xx xx F7 55 00 66 8B 45 00 83 ED 02 66 21 45 04 9C 8F 45 00 E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect v1.25 -> PolyTech</text>
-      <pattern>
-        8B 45 00 83 C5 02 66 8B 00 66 89 45 00 E9 A5 06 00 00 8B 45 00 66 8B 55 04 83 C5 06 66 89 10 E9
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VMProtect V1.X -> PolyTech</text>
-      <pattern>
-        9C 60 68 00 00 00 00 8B 74 24 28 BF xx xx xx xx FC 89 F3 03 34 24 AC 00 D8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VOB ProtectCD 5</text>
-      <pattern>
-        36 3E 26 8A C0 60 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VOB ProtectCD</text>
-      <pattern>
-        5F 81 EF xx xx xx xx BE xx xx 40 xx 8B 87 xx xx xx xx 03 C6 57 56 8C A7 xx xx xx xx FF 10 89 87 xx xx xx xx 5E 5F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VPacker -> ttui ! Sign by fly</text>
-      <pattern>
-        89 C6 C7 45 E0 01 00 00 00 F7 03 00 00 FF FF 75 18 0F B7 03 50 8B 45 D8 50 FF 55 F8 89 07 8B C3 E8 xx FE FF FF 8B D8 EB 13 53 8B 45 D8 50 FF 55 F8 89 07 8B C3 E8 xx FE FF FF 8B D8 83 C7 04 FF 45 E0 4E 75 C4 8B F3 83 3E 00 75 88 8B 45 E4 8B 40 10 03 45 DC 8B 55 14 83 C2 20 89 02 68 00 80 00 00 6A 00 8B 45 D4 50 FF 55 EC 8B 55 DC 8B 42 3C 03 45 DC 83 C0 04 8B D8 83 C3 14 8D 45 E0 50 6A 40 68 00 10 00 00 52 FF 55 E8 8D 43 60
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VPacker -> ttui</text>
-      <pattern>
-        89 C6 C7 45 E0 01 00 00 00 F7 03 00 00 FF FF 75 18 0F B7 03 50 8B 45 D8 50 FF 55 F8 89 07 8B C3 E8 xx FE FF FF 8B D8 EB 13 53 8B 45 D8 50 FF 55 F8 89 07 8B C3 E8 xx FE FF FF 8B D8 83 C7 04 FF 45 E0 4E 75 C4 8B F3 83 3E 00 75 88 8B 45 E4 8B 40 10 03 45 DC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VProtector -> vcasm</text>
-      <pattern>
-        00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 55 53 45 52 33 32 2E 64 6C 6C 00 00 47 44 49 33 32 2E 64 6C 6C 00 00 00 00 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 4C 6F
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VProtector -> vcasm</text>
-      <pattern>
-        00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 00 00 00 00 76 63 61 73 6D 5F 70 72 6F 74 65 63 74 5F xx xx xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 F6 E8 10 00 00 00 8B 64 24 08 64 8F 05 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VProtector -> vcasm</text>
-      <pattern>
-        00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 55 53 45 52 33 32 2E 64 6C 6C 00 00 47 44 49 33 32 2E 64 6C 6C 00 00 00 00 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 53 6C 65 65 70 00 00 00 47 65 74 56 65 72 73 69 6F 6E 00 00 00 47 65 74 43 6F 6D 6D 61 6E 64 4C 69 6E 65 41 00 00 00 47 65 74 53 74 61 72 74 75 70 49 6E 66 6F 41 00 00 00 47 65 74 41 43 50 00 00 00 43 72 65 61 74 65 54 68 72 65 61 64 00 00 00 44 65 66 57 69 6E 64 6F 77 50 72 6F 63 41 00 00 00 52 65 67 69 73 74 65 72 43 6C 61 73 73 45 78 41 00 00 00 43 72 65 61 74 65 57 69 6E 64 6F 77 45 78 41 00 00 00 47 65 74 53 79 73 74 65 6D 4D 65 74 72 69 63 73 00 00 00 53 68 6F 77 57 69 6E 64 6F 77 00 00 00 47 65 74 44 43 00 00 00 52 65 6C 65 61 73 65 44 43 00 00 00 46 69 6E 64 57 69 6E 64 6F 77 41 00 00 00 47 65 74 4D 65 73 73 61 67 65 41 00 00 00 44 65 73 74 72 6F 79 57 69 6E 64 6F 77 00 00 00 53 65 74 50 69 78 65 6C
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VProtector -> vcasm</text>
-      <pattern>
-        00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 55 53 45 52 33 32 2E 64 6C 6C 00 00 47 44 49 33 32 2E 64 6C 6C 00 00 00 00 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 00 53 6C 65 65 70 00 00 00 47 65 74 56 65 72 73 69 6F 6E 00 00 00 47 65 74 43 6F 6D 6D 61 6E 64 4C 69 6E 65 41 00 00 00 47 65 74 53 74 61 72 74 75 70 49 6E 66 6F 41 00 00 00 47 65 74 41 43 50 00 00 00 43 72 65 61 74 65 54 68 72 65 61 64 00 00 00 44 65 66 57 69 6E 64 6F 77 50 72 6F 63 41 00 00 00 52 65 67 69 73 74 65 72 43 6C 61 73 73 45 78 41 00 00 00 43 72 65 61 74 65 57 69 6E 64 6F 77 45 78 41 00 00 00 47 65 74 53 79 73 74 65 6D 4D 65 74 72 69 63 73 00 00 00 53 68 6F 77 57 69 6E 64 6F 77 00 00 00 47 65 74 44 43 00 00 00 52 65 6C 65 61 73 65 44 43 00 00 00 46 69 6E 64 57 69 6E 64 6F 77 41 00 00 00 47 65 74 4D 65 73 73 61 67 65 41 00 00 00 44 65 73 74 72 6F 79 57 69 6E 64 6F 77 00 00 00 53 65 74 50 69 78 65 6C 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VProtector -> vcasm</text>
-      <pattern>
-        00 00 00 00 55 73 65 72 33 32 2E 64 6C 6C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 47 64 69 33 32 2E 64 6C 6C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 44 65 66 57 69 6E 64 6F 77 50 72 6F 63 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 52 65 67 69 73 74 65 72 43 6C 61 73 73 45 78 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 43 72 65 61 74 65 57 69 6E 64 6F 77 45 78 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 47 65 74 53 79 73 74 65 6D 4D 65 74 72 69 63 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 53 68 6F 77 57 69 6E 64 6F 77 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 47 65 74 44 43 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 52 65 6C 65 61 73 65 44 43 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 46 69 6E 64 57 69 6E 64 6F 77 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 47 65 74 4D 65 73 73 61 67 65 41 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VProtector 0.X-1.2X -> vcasm</text>
-      <pattern>
-        00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 00 00 00 00 76 63 61 73 6D 5F 70 72 6F 74 65 63 74 5F xx xx xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 F6 E8 10 00 00 00 8B 64 24 08 64 8F 05 00 00 00 00 58 EB 13 C7 83 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 AD CD 20 EB 01 0F 31 F0 EB 0C 33 C8 EB 03 EB 09 0F 59 74 05 75 F8 51 EB F1 B9 04 00 00 00 E8 1F 00 00 00 EB FA E8 16 00 00 00 E9 EB F8 00 00 58 EB 09 0F 25 E8 F2 FF FF FF 0F B9 49 75 F1 EB 05 EB F9 EB F0 D6 E8 07 00 00 00 C7 83 83 C0 13 EB 0B 58 EB 02 CD 20 83 C0 02 EB 01 E9 50 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VProtector 1.0X -> vcasm</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx xx 68 xx xx xx xx 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50 C3 FF 35 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50 C3 FF 35 E8 07 00 00 00 C7 83 83 C0 13 EB 0B 58 EB 02 CD 20 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VProtector 1.0X -> vcasm</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx xx xx 68 xx xx xx xx 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50 C3 FF 35 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50 C3 FF 35 E8 07 00 00 00 C7 83 83 C0 13 EB 0B 58 EB 02 CD 20 83 C0 02 EB 01 E9 50 C3 E8 B9 04 00 00 00 E8 1F 00 00 00 EB FA E8 16 00 00 00 E9 EB F8 00 00 58 EB 09 0F 25 E8 F2 FF FF FF 0F B9 49 75 F1 EB 05 EB F9 EB F0 D6 EB 01 0F 31 F0 EB 0C 33 C8 EB 03 EB 09 0F 59 74 05 75 F8 51 EB F1 E8 16 00 00 00 8B 5C 24 0C 8B A3 C4 00 00 00 64 8F 05 00 00 00 00 83 C4 04 EB 14 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C9 99 F7 F1 E9 E8 05 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VProtector 1.1A-1.2 -> vcasm</text>
-      <pattern>
-        00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 00 00 00 00 76 63 61 73 6D 5F 70 72 6F 74 65 63 74 5F 32 30 30 35 5F 33 5F 31 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 F6 E8 10 00 00 00 8B 64 24 08 64 8F 05 00 00 00 00 58 EB 13 C7 83 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 AD CD 20 EB 01 0F 31 F0 EB 0C 33 C8 EB 03 EB 09 0F 59 74 05 75 F8 51 EB F1 B9 04 00 00 00 E8 1F 00 00 00 EB FA E8 16 00 00 00 E9 EB F8 00 00 58 EB 09 0F 25 E8 F2 FF FF FF 0F B9 49 75 F1 EB 05 EB F9 EB F0 D6 E8 07 00 00 00 C7 83 83 C0 13 EB 0B 58 EB 02 CD 20 83 C0 02 EB 01 E9 50 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VProtector 1.1X -> vcasm</text>
-      <pattern>
-        EB 0B 5B 56 50 72 6F 74 65 63 74 5D 00 E8 24 00 00 00 8B 44 24 04 8B 00 3D 04 00 00 80 75 08 8B 64 24 08 EB 04 58 EB 0C E9 64 8F 05 00 00 00 00 74 F3 75 F1 EB 24 64 FF 35 00 00 00 00 EB 12 FF 9C 74 03 75 01 E9 81 0C 24 00 01 00 00 9D 90 EB F4 64 89 25 00 00 00 00 EB E6 E8 16 00 00 00 8B 5C 24 0C 8B A3 C4 00 00 00 64 8F 05 00 00 00 00 83 C4 04 EB 14 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C9 99 F7 F1 E9 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50 C3 FF 35 E8 16 00 00 00 8B 5C 24 0C 8B A3 C4 00 00 00 64 8F 05 00 00 00 00 83 C4 04 EB 14 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C9 99 F7 F1 E9 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>vprotector 1.2 -> vcasm (h)</text>
-      <pattern>
-        EB 0B 5B 56 50 72 6F 74 65 63 74 5D 00 E8 24 00 00 00 8B 44 24 04 8B 00 3D 04 00 00 80 75 08 8B 64 24 08 EB 04 58 EB 0C E9 64 8F 05 00 00 00 00 74 F3 75 F1 EB 24 64 FF 35 00 00 00 00 EB 12 FF 9C 74 03 75 01 E9 81 0C 24 00 01 00 00 9D 90 EB F4 64 89 25 00 00 00 00 EB E6 E8 16 00 00 00 8B 5C 24 0C 8B A3 C4 00 00 00 64 8F 05 00 00 00 00 83 C4 04 EB 14 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C9 99 F7 F1 E9 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50 C3 FF 35 E8 16 00 00 00 8B 5C 24 0C 8B A3 C4 00 00 00 64 8F 05 00 00 00 00 83 C4 04 EB 14 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C9 99 F7 F1 E9 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50 C3 FF 35 33 F6 E8 10 00 00 00 8B 64 24 08 64 8F 05 00 00 00 00 58 EB 13 C7 83 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 AD CD 20 E8 05 00 00 00 0F 01 EB 05 E8 EB FB 00 00 83 C4 04 E8 08 00 00 00 0F 01 83 C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>vprotector 1.2 -> vcasm</text>
-      <pattern>
-        EB 0B 5B 56 50 72 6F 74 65 63 74 5D 00 E8 24 00 00 00 8B 44 24 04 8B 00 3D 04 00 00 80 75 08 8B 64 24 08 EB 04 58 EB 0C E9 64 8F 05 00 00 00 00 74 F3 75 F1 EB 24 64 FF 35 00 00 00 00 EB 12 FF 9C 74 03 75 01 E9 81 0C 24 00 01 00 00 9D 90 EB F4 64 89 25 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>vprotector 1.3 -> vcasm</text>
-      <pattern>
-        E9 B9 16 00 00 55 8B EC 81 EC 74 04 00 00 57 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VProtector 1.3X -> vcasm</text>
-      <pattern>
-        00 00 00 00 00 xx xx xx xx 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 60 8B B4 24 24 00 00 00 8B BC 24 28 00 00 00 FC C6 C2 80 33 DB A4 C6 C3 02 E8 A9 00 00 00 0F 83 F1 FF FF FF 33 C9 E8 9C 00 00 00 0F 83 2D 00 00 00 33 C0 E8 8F 00 00 00 0F 83 37 00 00 00 C6 C3 02 41 C6 C0 10 E8 7D 00 00 00 10 C0 0F 83 F3 FF FF FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VProtector 1.3X -> vcasm</text>
-      <pattern>
-        E9 B9 16 00 00 55 8B EC 81 EC 74 04 00 00 57 68 00 00 00 00 68 00 00 C2 14 68 FF FF 00 00 68 xx xx xx xx 9C 81 xx xx xx xx xx xx xx xx xx xx 9D 54 FF 14 24 68 00 00 00 00 68 00 00 C2 10 68 xx xx xx xx 9C 81 xx xx xx xx xx xx xx xx xx xx 9D 54 FF 14 24 68 00 00 00 00 68 xx xx xx xx 9C 81 xx xx xx xx xx xx xx xx xx xx 9D 54 FF 14 24 68 00 00 00 00 68 FF FF C2 10 68 xx xx xx xx 9C 81 xx xx xx xx xx xx xx xx xx xx 9D 54 FF 14 24 68 00 00 00 00 68 xx xx xx xx 9C 81 xx xx xx xx xx xx xx xx xx xx 9D 54 FF 14 24 68 00 00 00 00 68 00 00 C2 14 68 FF FF 00 00 68 xx xx xx xx 9C 81 xx xx xx xx xx xx xx xx xx xx 9D 54 FF 14 24 68 00 00 00 00 68 xx xx xx xx 9C 81 xx xx xx xx xx xx xx xx xx xx 9D 54 FF 14 24 68 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        VProtector V1.0 Build 2004.12.13
-      </text>
-      <pattern>
-        55 8B EC 6A FF 68 1A 89 40 00 68 56 89 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VProtector V1.0A -> vcasm</text>
-      <pattern>
-        55 8B EC 6A FF 68 8A 8E 40 00 68 C6 8E 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VProtector V1.0B -> vcasm</text>
-      <pattern>
-        55 8B EC 6A FF 68 CA 37 41 00 68 06 38 41 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VProtector V1.0D -> vcasm</text>
-      <pattern>
-        55 8B EC 6A FF 68 CA 31 41 00 68 06 32 41 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VProtector V1.0E -> vcasm</text>
-      <pattern>
-        EB 0A 5B 56 50 72 6F 74 65 63 74 5D E8 24 00 00 00 8B 44 24 04 8B 00 3D 04 00 00 80 75 08 8B 64 24 08 EB 04 58 EB 0C E9 64 8F 05 00 00 00 00 74 F3 75 F1 EB 24 64 FF 35 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VProtector V1.1 -> vcasm</text>
-      <pattern>
-        B8 1A ED 41 00 B9 EC EB 41 00 50 51 E8 74 00 00 00 E8 51 6A 00 00 58 83 E8 10 B9 B3 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VProtector V1.1A -> vcasm</text>
-      <pattern>
-        EB 0B 5B 56 50 72 6F 74 65 63 74 5D 00 E8 24 00 00 00 8B 44 24 04 8B 00 3D 04 00 00 80 75 08 8B 64 24 08 EB 04 58 EB 0C E9 64 8F 05 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VProtector V1.1A-V1.2 -> vcasm</text>
-      <pattern>
-        00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 00 00 00 00 76 63 61 73 6D 5F 70 72 6F 74 65 63 74 5F 32 30 30 35 5F 33 5F 31 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 F6 E8 10 00 00 00 8B 64 24 08 64 8F 05 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VProtector V1.3X -> vcasm</text>
-      <pattern>
-        00 00 00 00 55 73 65 72 33 32 2E 64 6C 6C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 47 64 69 33 32 2E 64 6C 6C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VProtector V1.3X -> vcasm</text>
-      <pattern>
-        E9 B9 16 00 00 55 8B EC 81 EC 74 04 00 00 57 68 00 00 00 00 68 00 00 C2 14 68 FF FF 00 00 68 xx xx xx xx 9C 81 xx xx xx xx xx xx xx xx xx xx 9D 54 FF 14 24 68 00 00 00 00 68 00 00 C2 10 68 xx xx xx xx 9C 81 xx xx xx xx xx xx xx xx xx xx 9D 54 FF 14 24 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vterminal V1.0X -> Lei Peng</text>
-      <pattern>
-        E8 00 00 00 00 58 05 xx xx xx xx 9C 50 C2 04 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: ACME (Clonewar Mutant)</text>
-      <pattern>
-        FC AD 3D FF FF 74 20 E6 42 8A C4 E6 42 E4 61 0C 03 E6 61 AD B9 40 1F E2 FE
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: ARCV.4</text>
-      <pattern>
-        E8 00 00 5D 81 ED 06 01 81 FC 4F 50 74 0B 8D B6 86 01 BF 00 01 57 A4 EB 11 1E 06
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: August 16th (Iron Maiden)</text>
-      <pattern>
-        BA 79 02 03 D7 B4 1A CD 21 B8 24 35 CD 21 5F 57 89 9D 4E 02 8C 85 50 02
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Backfont.900</text>
-      <pattern>
-        E8 xx xx B4 30 CD 21 3C 03 xx xx B8 xx xx BA xx xx CD 21 81 FA xx xx xx xx BA xx xx 8C C0 48 8E C0 8E D8 80 xx xx xx 5A xx xx 03 xx xx xx 40 8E D8 80 xx xx xx 5A xx xx 83
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Caz.1204</text>
-      <pattern>
-        E8 xx xx 5E 83 EE 03 1E 06 B8 FF FF CD 2F 3C 10
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: CIH Version 1.2 TTIT (! WIN95CIH !)</text>
-      <pattern>
-        55 8D xx xx xx 33 DB 64 87 03 E8 xx xx xx xx 5B 8D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Compiler</text>
-      <pattern>
-        8C C3 83 C3 10 2E 01 1E xx 02 2E 03 1E xx 02 53 1E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Danish tiny</text>
-      <pattern>
-        33 C9 B4 4E CD 21 73 02 FF xx BA xx 00 B8 xx 3D CD 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Doom.666</text>
-      <pattern>
-        E8 xx xx xx 5E 83 EE xx B8 CF 7B CD 21 3D CF 7B xx xx 0E 1F 81 C6 xx xx BF xx xx B9 xx xx FC F3 A4 06 1F 06 B8 xx xx 50 CB B4 48 BB 2C 00 CD 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Eddie.1028</text>
-      <pattern>
-        E8 xx xx 5E FC 83 xx xx 81 xx xx xx 4D 5A xx xx FA 8B E6 81 C4 xx xx FB 3B xx xx xx xx xx 50 06 56 1E B8 FE 4B CD 21 81 FF BB 55 xx xx 07 xx xx xx 07 B4 49 CD 21 BB FF FF B4 48 CD 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Eddie.1530</text>
-      <pattern>
-        E8 xx xx 5E 81 EE xx xx FC 2E xx xx xx xx 4D 5A xx xx FA 8B E6 81 C4 xx xx FB 3B xx xx xx xx xx 2E xx xx xx xx 50 06 56 1E 33 C0 50 1F C4 xx xx xx 2E xx xx xx xx 2E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Eddie.1800</text>
-      <pattern>
-        E8 xx xx 5E 81 EE xx xx FC 2E xx xx xx xx 4D 5A xx xx FA 8B E6 81 C4 xx xx FB 3B xx xx xx xx xx 50 06 56 1E 8B FE 33 C0 50 8E D8 C4 xx xx xx 2E xx xx xx xx 2E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Eddie.2000</text>
-      <pattern>
-        E8 xx xx 5E 81 EE xx xx FC 2E xx xx xx xx 2E xx xx xx xx 4D 5A xx xx FA 8B E6 81 C4 xx xx FB 3B xx xx xx xx xx 50 06 56 1E 8B FE 33 C0 50 8E D8 C5 xx xx xx B4 30 CD 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Eddie.2100</text>
-      <pattern>
-        E8 xx xx 4F 4F 0E E8 xx xx 47 47 1E FF xx xx CB E8 xx xx 84 C0 xx xx 50 53 56 57 1E 06 B4 51 CD 21 8E C3 xx xx xx xx xx xx xx 8B F2 B4 2F CD 21 AC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Eddie.based.1745</text>
-      <pattern>
-        E8 xx xx 5E 81 EE xx xx FC xx 2E xx xx xx xx 4D 5A xx xx FA xx 8B E6 81 xx xx xx FB xx 3B xx xx xx xx xx 50 06 xx 56 1E 8B FE 33 C0 xx 50 8E D8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Einstein</text>
-      <pattern>
-        00 42 CD 21 72 31 B9 6E 03 33 D2 B4 40 CD 21 72 19 3B C1 75 15 B8 00 42
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Explosion.1000</text>
-      <pattern>
-        E8 xx xx 5E 1E 06 50 81 xx xx xx 56 FC B8 21 35 CD 21 2E xx xx xx xx 2E xx xx xx xx 26 xx xx xx xx xx xx 74 xx 8C D8 48 8E D8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: FaxFree.Topo</text>
-      <pattern>
-        FA 06 33 C0 8E C0 B8 xx xx 26 xx xx xx xx 50 8C C8 26 xx xx xx xx 50 CC 58 9D 58 26 xx xx xx xx 58 26 xx xx xx xx 07 FB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Gotcha.879</text>
-      <pattern>
-        E8 xx xx 5B 81 EB xx xx 9C FC 2E xx xx xx xx xx xx xx 8C D8 05 xx xx 2E xx xx xx xx 50 2E xx xx xx xx xx xx 8B C3 05 xx xx 8B F0 BF 00 01 B9 20 00 F3 A4 0E B8 00 01 50 B8 DA DA CD 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Grazie.883</text>
-      <pattern>
-        1E 0E 1F 50 06 BF 70 03 B4 1A BA 70 03 CD 21 B4 47 B2 00 BE 32 04 CD 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: GRUNT.1.Family</text>
-      <pattern>
-        01 B9 xx 00 31 17
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: GRUNT.2.Family</text>
-      <pattern>
-        48 E2 F7 C3 51 53 52 E8 DD FF 5A 5B 59 C3 B9 00 00 E2 FE C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: GRUNT.4.Family</text>
-      <pattern>
-        E8 1C 00 8D 9E 41 01 40 3E 8B 96 14 03 B9 EA 00 87 DB F7 D0 31 17 83 C3 02 E2 F7 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Hafen.1641</text>
-      <pattern>
-        E8 xx xx 01 xx xx xx CE CC 25 xx xx 25 xx xx 25 xx xx 40 51 D4 xx xx xx CC 47 CA xx xx 46 8A CC 44 88 CC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Hafen.809</text>
-      <pattern>
-        E8 xx xx 1C xx 81 EE xx xx 50 1E 06 8C C8 8E D8 06 33 C0 8E C0 26 xx xx xx 07 3D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Haryanto</text>
-      <pattern>
-        81 EB 2A 01 8B 0F 1E 5B 03 CB 0E 51 B9 10 01 51 CB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Heloween.1172</text>
-      <pattern>
-        E8 xx xx 5E 81 EE xx xx 56 50 06 0E 1F 8C C0 01 xx xx 01 xx xx 80 xx xx xx xx 8B xx xx A3 xx xx 8A xx xx A2 xx xx B8 xx xx CD 21 3D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Horse.1776</text>
-      <pattern>
-        E8 xx xx 5D 83 xx xx 06 1E 26 xx xx xx xx BF xx xx 1E 0E 1F 8B F7 01 EE B9 xx xx FC F3 A6 1F 1E 07
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Hymn.1865</text>
-      <pattern>
-        E8 xx xx 5E 83 EE 4C FC 2E xx xx xx xx 4D 5A xx xx FA 8B E6 81 xx xx xx FB 3B xx xx xx xx xx 2E xx xx xx xx xx 50 06 56 1E 0E 1F B8 00 C5 CD 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Igor</text>
-      <pattern>
-        1E B8 CD 7B CD 21 81 FB CD 7B 75 03 E9 87 00 33 DB 0E 1F 8C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Involuntary.1349</text>
-      <pattern>
-        xx BA xx xx B9 xx xx 8C DD xx 8C C8 xx 8E D8 8E C0 33 F6 8B FE FC xx xx AD xx 33 C2 AB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: KBDflags.1024</text>
-      <pattern>
-        8B EC 2E 89 2E 24 03 BC 00 04 8C D5 2E 89 2E 22
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Keypress.1212</text>
-      <pattern>
-        E8 xx xx E8 xx xx E8 xx xx E8 xx xx xx xx E8 xx xx xx xx E8 xx xx xx xx EA xx xx xx xx 1E 33 DB 8E DB BB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Kuku.448</text>
-      <pattern>
-        AE 75 ED E2 F8 89 3E xx xx BA xx xx 0E 07 BF xx xx EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Kuku.886</text>
-      <pattern>
-        06 1E 50 8C C8 8E D8 BA 70 03 B8 24 25 CD 21 xx xx xx xx xx 90 B4 2F CD 21 53
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Modification of Hi.924</text>
-      <pattern>
-        50 53 51 52 1E 06 9C B8 21 35 CD 21 53 BB xx xx 26 xx xx 49 48 5B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: MTE (non-encrypted)</text>
-      <pattern>
-        F7 D9 80 E1 FE 75 02 49 49 97 A3 xx xx 03 C1 24 FE 75 02 48
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Ncu-Li.1688</text>
-      <pattern>
-        0E 1E B8 55 AA CD 21 3D 49 4C 74 xx 0E 0E 1F 07 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Necropolis.1963</text>
-      <pattern>
-        B4 30 CD 21 3C 03 xx xx B8 00 12 CD 2F 3C FF B8 xx xx xx xx B4 4A BB 40 01 CD 21 xx xx FA 0E 17 BC xx xx E8 xx xx FB A1 xx xx 0B C0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Necropolis</text>
-      <pattern>
-        50 FC AD 33 C2 AB 8B D0 E2 F8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Noon.1163</text>
-      <pattern>
-        E8 xx xx 5B 50 56 B4 CB CD 21 3C 07 xx xx 81 xx xx xx 2E xx xx 4D 5A xx xx BF 00 01 89 DE FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: November 17.768</text>
-      <pattern>
-        E8 xx xx 5E 81 EE xx xx 50 33 C0 8E D8 80 3E xx xx xx 0E 1F xx xx FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Number One</text>
-      <pattern>
-        F9 07 3C 53 6D 69 6C 65 3E E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Phoenix.927</text>
-      <pattern>
-        E8 00 00 5E 81 C6 xx xx BF 00 01 B9 04 00 F3 A4 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Predator.2448</text>
-      <pattern>
-        0E 1F BF xx xx B8 xx xx B9 xx xx 49 xx xx xx xx 2A C1 4F 4F xx xx F9 CC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Quake.518</text>
-      <pattern>
-        1E 06 8C C8 8E D8 xx xx xx xx xx xx xx B8 21 35 CD 21 81
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: SK</text>
-      <pattern>
-        CD 20 B8 03 00 CD 10 51 E8 00 00 5E 83 EE 09
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Slowload</text>
-      <pattern>
-        03 D6 B4 40 CD 21 B8 02 42 33 D2 33 C9 CD 21 8B D6 B9 78 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Sonik Youth</text>
-      <pattern>
-        8A 16 02 00 8A 07 32 C2 88 07 43 FE C2 81 FB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Spanz</text>
-      <pattern>
-        E8 00 00 5E 81 EE xx xx 8D 94 xx xx B4 1A CD 21 C7 84
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: SYP</text>
-      <pattern>
-        47 8B C2 05 1E 00 52 8B D0 B8 02 3D CD 21 8B D8 5A
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>VX: Tibs/Zhelatin "StormWorm" variant</text>
-      <pattern>
-        FF 74 24 1C 58 8D 80 xx xx 77 04 50 68 62 34 35 04 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: TravJack.883</text>
-      <pattern>
-        EB xx 9C 9E 26 xx xx 51 04 xx 7D xx 00 xx 2E xx xx xx xx 8C C8 8E C0 8E D8 80 xx xx xx xx 74 xx 8A xx xx xx BB xx xx 8A xx 32 C2 88 xx FE C2 43 81
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Trivial.25</text>
-      <pattern>
-        B4 4E FE C6 CD 21 B8 xx 3D BA xx 00 CD 21 93 B4 40 CD
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Trivial.46</text>
-      <pattern>
-        B4 4E B1 20 BA xx xx CD 21 BA xx xx B8 xx 3D CD 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Trojan.Telefoon</text>
-      <pattern>
-        60 1E E8 3B 01 BF CC 01 2E 03 3E CA 01 2E C7 05
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: Uddy.2617</text>
-      <pattern>
-        2E xx xx xx xx xx 2E xx xx xx xx xx 2E xx xx xx 8C C8 8E D8 8C xx xx xx 2B xx xx xx 03 xx xx xx A3 xx xx A1 xx xx A3 xx xx A1 xx xx A3 xx xx 8C C8 2B xx xx xx 03 xx xx xx A3 xx xx B8 AB 9C CD 2F 3D 76 98
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: VCL (encrypted)</text>
-      <pattern>
-        01 B9 xx xx 81 34 xx xx 46 46 E2 F8 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: VCL (encrypted)</text>
-      <pattern>
-        01 B9 xx xx 81 35 xx xx 47 47 E2 F8 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: VCL</text>
-      <pattern>
-        AC B9 00 80 F2 AE B9 04 00 AC AE 75 xx E2 FA 89
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: VirusConstructor(IVP).based</text>
-      <pattern>
-        E9 xx xx E8 xx xx 5D xx xx xx xx xx 81 ED xx xx xx xx xx xx E8 xx xx 81 FC xx xx xx xx 8D xx xx xx BF xx xx 57 A4 A5
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: VirusConstructor.based</text>
-      <pattern>
-        BB xx xx B9 xx xx 2E xx xx xx xx 43 43 xx xx 8B EC CC 8B xx xx 81 xx xx xx 06 1E B8 xx xx CD 21 3D xx xx xx xx 8C D8 48 8E D8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: VirusConstructor.based</text>
-      <pattern>
-        E8 xx xx 5D 81 xx xx xx 06 1E E8 xx xx E8 xx xx xx xx 2E xx xx xx xx xx xx B4 4A BB FF FF CD 21 83 xx xx B4 4A CD 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: XPEH.4768</text>
-      <pattern>
-        E8 xx xx 5B 81 xx xx xx 50 56 57 2E xx xx xx xx xx 2E xx xx xx xx xx xx B8 01 00 50 B8 xx xx 50 E8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Vx: XRCV.1015</text>
-      <pattern>
-        E8 xx xx 5E 83 xx xx 53 51 1E 06 B4 99 CD 21 80 FC 21 xx xx xx xx xx 33 C0 50 8C D8 48 8E C0 1F A1 xx xx 8B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>W32.Jeefo (PE File Infector)</text>
-      <pattern>
-        55 89 E5 83 EC 08 83 C4 F4 6A 02 A1 C8 xx xx xx FF D0 E8 xx xx xx xx C9 C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WARNING -> TROJAN -> ADinjector</text>
-      <pattern>
-        90 61 BE 00 20 44 00 8D BE 00 F0 FB FF C7 87 9C E0 04 00 6A F0 8A 5E 57 83 CD FF EB 0E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WARNING -> TROJAN -> HuiGeZi</text>
-      <pattern>
-        55 8B EC 81 C4 xx FE FF FF 53 56 57 33 C0 89 85 xx FE FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WARNING -> TROJAN -> RobinPE</text>
-      <pattern>
-        60 6A 00 6A 20 6A 02 6A 00 6A 03 68 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WARNING -> TROJAN -> XiaoHui</text>
-      <pattern>
-        60 9C E8 00 00 00 00 5D B8 xx 85 40 00 2D xx 85 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Warning! may be SimbyOZ polycryptor by 3xpl01t ver 2.xx (25.03.2007 22:00)</text>
-      <pattern>
-        57 57 8D 7C 24 04 50 B8 00 D0 17 13 AB 58 5F C3 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WATCOM C/C++ 32 Run-Time System 1988-1994</text>
-      <pattern>
-        FB 83 xx xx 89 E3 89 xx xx xx xx xx 89 xx xx xx xx xx 66 xx xx xx 66 xx xx xx xx xx BB xx xx xx xx 29 C0 B4 30 CD 21
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WATCOM C/C++ 32 Run-Time System 1988-1995</text>
-      <pattern>
-        E9 xx xx xx xx xx xx xx xx 57 41 54 43 4F 4D 20 43 2F 43 2B 2B 33 32 20 52 75 6E 2D 54
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WATCOM C/C++ 32 Run-Time System 1988-1995</text>
-      <pattern>
-        E9 xx xx xx xx xx xx xx xx 57 41 54 43 4F 4D xx 43 2F 43 2B 2B 33 32 xx 52 75
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WATCOM C/C++ 32 Run-Time System 1989, 1994</text>
-      <pattern>
-        0E 1F 8C C6 B4 xx 50 BB xx xx CD 21 73 xx 58 CD 21 72
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WATCOM C/C++ DLL</text>
-      <pattern>
-        53 56 57 55 8B 74 24 14 8B 7C 24 18 8B 6C 24 1C 83 FF 03 0F 87
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WATCOM C/C++ Run-Time system+DOS4GW DOS Extender 1988-93</text>
-      <pattern>
-        BF xx xx 8E D7 81 C4 xx xx BE xx xx 2B F7 8B C6 B1 xx D3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Watcom C/C++</text>
-      <pattern>
-        E9 xx xx 00 00 03 10 40 00 57 41 54 43 4F 4D 20 43 2F 43 2B 2B 33 32 20 52 75 6E 2D 54 69 6D 65 20 73 79 73 74 65 6D 2E 20 28 63 29 20 43 6F 70 79 72 69 67 68 74 20 62 79 20 57 41 54 43 4F 4D 20 49 6E 74 65 72 6E 61 74 69 6F 6E 61 6C 20 43 6F 72 70 2E 20
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Watcom C/C++</text>
-      <pattern>
-        E9 xx xx 00 00 03 10 40 00 57 41 54 43 4F 4D 20 43 2F 43 2B 2B 33 32 20 52 75 6E 2D 54 69 6D 65 20 73 79 73 74 65 6D 2E 20 28 63 29 20 43 6F 70 79 72 69 67 68 74 20 62 79 20 57 41 54 43 4F 4D 20 49 6E 74 65 72 6E 61 74 69 6F 6E 61 6C 20 43 6F 72 70 2E 20 31 39 38 38 2D 31 39 39 35 2E 20 41 6C 6C 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2E 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        WebCops DLL
-      </text>
-      <pattern>
-        A8 BE 58 DC D6 CC C4 63 4A 0F E0 02 BB CE F3 5C 50 23 FB 62 E7 3D 2B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        WebCops EXE
-      </text>
-      <pattern>
-        EB 03 05 EB 02 EB FC 55 EB 03 EB 04 05 EB FB EB 53 E8 04 00 00 00 72
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Werus Crypter 1.0 - by Kas</text>
-      <pattern>
-        BB E8 12 40 00 80 33 05 E9 7D FF FF FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Werus Crypter 1.0 -> Kas</text>
-      <pattern>
-        68 98 11 40 00 6A 00 E8 50 00 00 00 C9 C3 ED B3 FE FF FF 6A 00 E8 0C 00 00 00 FF 25 80 10 40 00 FF 25 84 10 40 00 FF 25 88 10 40 00 FF 25 8C 10 40 00 FF 25 90 10 40 00 FF 25 94 10 40 00 FF 25 98 10 40 00 FF 25 9C 10 40 00 FF 25 A0 10 40 00 FF 25 A4 10 40
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Werus Crypter 1.0 -> Kas</text>
-      <pattern>
-        68 98 11 40 00 6A 00 E8 50 00 00 00 C9 C3 ED B3 FE FF FF 6A 00 E8 0C 00 00 00 FF 25 80 10 40 00 FF 25 84 10 40 00 FF 25 88 10 40 00 FF 25 8C 10 40 00 FF 25 90 10 40 00 FF 25 94 10 40 00 FF 25 98 10 40 00 FF 25 9C 10 40 00 FF 25 A0 10 40 00 FF 25 A4 10 40 00 FF 25 A8 10 40 00 FF 25 B0 10 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 BB E8 12 40 00 80 33 05 E9 7D FF FF FF
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WIBU-Key V4.10A -> WIBU-SYSTEMS AG ! Sign by fly</text>
-      <pattern>
-        F7 05 xx xx xx xx FF 00 00 00 75 12
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Wind of Crypt 1.0 - by DarkPressure</text>
-      <pattern>
-        55 8B EC 83 C4 EC 53 xx xx xx xx 89 45 EC B8 64 40 00 10 E8 28 EA FF FF 33 C0 55 68 CE 51 00 10 64 xx xx xx xx 20 6A 00 68 80 00 00 00 6A 03 6A 00 6A 01 68 00 00 00 80 8D 55 EC 33 C0 E8 F6 DB FF FF 8B 45 EC E8 12 E7 FF FF 50 E8 3C EA FF FF 8B D8 83 FB FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Wind of Crypt 1.0 - by DarkPressure</text>
-      <pattern>
-        55 8B EC 83 C4 EC 53 xx xx xx xx 89 45 EC B8 64 40 00 10 E8 28 EA FF FF 33 C0 55 68 CE 51 00 10 64 xx xx xx xx 20 6A 00 68 80 00 00 00 6A 03 6A 00 6A 01 68 00 00 00 80 8D 55 EC 33 C0 E8 F6 DB FF FF 8B 45 EC E8 12 E7 FF FF 50 E8 3C EA FF FF 8B D8 83 FB FF 0F 84 A6 00 00 00 6A 00 53 E8 41 EA FF FF 8B F0 81 EE 00 5E 00 00 6A 00 6A 00 68 00 5E 00 00 53 E8 52 EA FF FF B8 F4 97 00 10 8B D6 E8 2E E7 FF FF B8 F8 97 00 10 8B D6 E8 22 E7 FF FF 8B C6 E8 AB D8 FF FF 8B F8 6A 00 68 F0 97 00 10 56 A1 F4 97 00 10 50 53 E8 05 EA FF FF 53 E8 CF E9 FF FF B8 FC 97 00 10 BA E8 51 00 10 E8 74 EA FF FF A1 F4 97 00 10 85 C0 74 05 83 E8 04 8B 00 50 B9 F8 97 00 10 B8 FC 97 00 10 8B 15 F4 97 00 10 E8 D8 EA FF FF B8 FC 97 00 10 E8 5A EB FF FF 8B CE 8B 15 F8 97 00 10 8B C7 E8 EB E9 FF FF 8B C7 85 C0 74 05 E8 E4 EB FF FF 33 C0 5A 59 59 64 89 10 68 D5 51 00 10 8D 45 EC E8 BB E5 FF FF C3 E9 A9 DF FF FF EB F0 5F 5E 5B E8 B7 E4 FF FF 00 00 00 FF FF FF FF 0A 00 00 00 63 5A 6C 56 30 55 6C 6B 70 4D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Windows Animation format</text>
-      <pattern>
-        52 49 46 46 xx xx xx xx 41 43 4F 4E 4C 49 53 54
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Windows Type 1 font metric file</text>
-      <pattern>
-        00 01 xx xx 00 00 43 6F 70 79 72 69 67 68 74 20
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WinKript 1.0 -> Mr. Crimson (h)</text>
-      <pattern>
-        33 C0 8B B8 00 xx xx xx 8B 90 04 xx xx xx 85 FF 74 1B 33 C9 50 EB 0C 8A 04 39 C0 C8 04 34 1B 88 04 39 41 3B CA 72 F0 58 83 C0 08 EB D5 61 E9 xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WinKript v1.0 -> Mr. Crimson (h)</text>
-      <pattern>
-        33 C0 8B B8 00 xx xx xx 8B 90 04 xx xx xx 85 FF 74 1B 33 C9 50 EB 0C 8A 04 39 C0 C8 04 34 1B 88 04 39 41 3B CA 72 F0 58 83 C0 08 EB D5 61 E9 xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Winkript v1.0</text>
-      <pattern>
-        33 C0 8B B8 00 xx xx xx 8B 90 04 xx xx xx 85 FF 74 1B 33 C9 50 EB 0C 8A 04 39 C0 C8 04 34 1B 88 04 39 41 3B CA 72 F0 58
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WinRAR 32-bit SFX Module</text>
-      <pattern>
-        E9 xx xx 00 00 00 00 00 00 90 90 90 xx xx xx xx xx xx 00 xx 00 xx xx xx xx xx FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WinUpack v0.30 beta -> By Dwing (h)</text>
-      <pattern>
-        E9 xx xx xx xx 42 79 44 77 69 6E 67 40 00 00 00 50 45 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WinUpack v0.30 beta -> By Dwing</text>
-      <pattern>
-        E9 xx xx xx xx 42 79 44 77 69 6E 67 40 00 00 00 50 45 00 00 4C 01 02
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WinUpack v0.39 final (relocated image base) -> By Dwing (c)2005 (h2)</text>
-      <pattern>
-        60 E8 09 00 00 00 xx xx xx 00 E9 06 02 00 00 33 C9 5E 87 0E E3 F4 2B F1 8B DE AD 2B D8 AD 03 C3 50 97 AD 91 F3 A5 5E AD 56 91 01 1E AD E2 FB AD 8D 6E 10 01 5D 00 8D 7D 1C B5 xx F3 AB 5E AD 53 50 51 97 58 8D 54 85 5C FF 16 72 57 2C 03 73 02 B0 00 3C 07 72 02 2C 03 50 0F B6 5F FF C1 E3 xx B3 00 8D 1C 5B 8D 9C 9D 0C 10 00 00 B0 01 E3 29 8B D7 2B 55 0C 8A 2A 33 D2 84 E9 0F 95 C6 52 FE C6 8A D0 8D 14 93 FF 16 5A 9F 12 C0 D0 E9 74 0E 9E 1A F2 74 E4 B4 00 33 C9 B5 01 FF 56 08 33 C9 FF 66 1C B1 30 8B 5D 0C 03 D1 FF 16 73 4C 03 D1 FF 16 72 19 03 D1 FF 16 72 29 3C 07 B0 09 72 02 B0 0B 50 8B C7 2B 45 0C 8A 00 FF 66 18 83 C2 60 FF 16 87 5D 10 73 0C 03 D1 FF 16 87 5D 14 73 03 87 5D 18 3C 07 B0 08 72 02 B0 0B 50 53 8B D5 03 56 38 FF 56 0C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WinUpack v0.39 final -> By Dwing (c)2005 (h1)</text>
-      <pattern>
-        BE B0 11 xx xx AD 50 FF 76 34 EB 7C 48 01 xx xx 0B 01 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 18 10 00 00 10 00 00 00 00 xx xx xx 00 00 xx xx 00 10 00 00 00 02 00 00 04 00 00 00 00 00 39 00 04 00 00 00 00 00 00 00 00 xx xx xx 00 02 00 00 00 00 00 00 xx 00 00 xx 00 00 xx 00 00 xx xx 00 00 00 10 00 00 10 00 00 00 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 EE xx xx xx 14 00 00 00 00 xx xx xx xx xx xx 00 FF 76 38 AD 50 8B 3E BE F0 xx xx xx 6A 27 59 F3 A5 FF 76 04 83 C8 FF 8B DF AB EB 1C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 xx xx xx xx xx 00 00 00 40 AB 40 B1 04 F3 AB C1 E0 0A B5 xx F3 AB 8B 7E 0C 57 51 E9 xx xx xx xx 56 10 E2 E3 B1 04 D3 E0 03 E8 8D 53 18 33 C0 55 40 51 D3 E0 8B EA 91 FF 56 4C 99 59 D1 E8 13 D2 E2 FA 5D 03 EA 45 59 89 6B 08 56 8B F7 2B F5 F3 A4 AC 5E B1 80 AA 3B 7E 34 0F 82 AC FE FF FF 58 5F 59 E3 1B 8A 07 47 04 18 3C 02 73 F7 8B 07 3C xx 75 F3 B0 00 0F C8 03 46 38 2B C7 AB E2 E5 5E 5D 59 46 AD 85 C0 74 1F 51 56 97 FF D1 93 AC 84 C0 75 FB 38 06 74 EA 8B C6 7
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WinUpack v0.39 final -> By Dwing (c)2005 (h1)</text>
-      <pattern>
-        BE B0 11 xx xx AD 50 FF 76 34 EB 7C 48 01 xx xx 0B 01 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 18 10 00 00 10 00 00 00 00 xx xx xx 00 00 xx xx 00 10 00 00 00 02 00 00 04 00 00 00 00 00 39 00 04 00 00 00 00 00 00 00 00 xx xx xx 00 02 00 00 00 00 00 00 xx 00 00 xx 00 00 xx 00 00 xx xx 00 00 00 10 00 00 10 00 00 00 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 EE xx xx xx 14 00 00 00 00 xx xx xx xx xx xx 00 FF 76 38 AD 50 8B 3E BE F0 xx xx xx 6A 27 59 F3 A5 FF 76 04 83 C8 FF 8B DF AB EB 1C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 xx xx xx xx xx 00 00 00 40 AB 40 B1 04 F3 AB C1 E0 0A B5 xx F3 AB 8B 7E 0C 57 51 E9 xx xx xx xx 56 10 E2 E3 B1 04 D3 E0 03 E8 8D 53 18 33 C0 55 40 51 D3 E0 8B EA 91 FF 56 4C 99 59 D1 E8 13 D2 E2 FA 5D 03 EA 45 59 89 6B 08 56 8B F7 2B F5 F3 A4 AC 5E B1 80 AA 3B 7E 34 0F 82 AC FE FF FF 58 5F 59 E3 1B 8A 07 47 04 18 3C 02 73 F7 8B 07 3C xx 75 F3 B0 00 0F C8 03 46 38 2B C7 AB E2 E5 5E 5D 59 46 AD 85 C0 74 1F 51 56 97 FF D1 93 AC 84 C0 75 FB 38 06 74 EA 8B C6 79 05 46 33 C0 66 AD 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WinUpack v0.39 final -> By Dwing (c)2005 (h1)</text>
-      <pattern>
-        BE B0 11 xx xx AD 50 FF 76 34 EB 7C 48 01 xx xx 0B 01 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 18 10 00 00 10 00 00 00 00 xx xx xx 00 00 xx xx 00 10 00 00 00 02 00 00 04 00 00 00 00 00 39 00 04 00 00 00 00 00 00 00 00 xx xx xx 00 02 00 00 00 00 00 00 xx 00 00 xx 00 00 xx 00 00 xx xx 00 00 00 10 00 00 10 00 00 00 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 EE xx xx xx 14 00 00 00 00 xx xx xx xx xx xx 00 FF 76 38 AD 50 8B 3E BE F0 xx xx xx 6A 27 59 F3 A5 FF 76 04 83 C8 FF 8B DF AB EB 1C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 xx xx xx xx xx 00 00 00 40 AB 40 B1 04 F3 AB C1 E0 0A B5 xx F3 AB 8B 7E 0C 57 51 E9 xx xx xx xx 56 10 E2 E3 B1 04 D3 E0 03 E8 8D 53 18 33 C0 55 40 51 D3 E0 8B EA 91 FF 56 4C 99 59 D1 E8 13 D2 E2 FA 5D 03 EA 45 59 89 6B 08 56 8B F7 2B F5 F3 A4 AC 5E B1 80 AA 3B 7E 34 0F 82 AC FE FF FF 58 5F 59 E3 1B 8A 07 47 04 18 3C 02 73 F7 8B 07 3C xx 75 F3 B0 00 0F C8 03 46 38 2B C7 AB E2 E5 5E 5D 59 46 AD 85 C0 74 1F 51 56 97 FF D1 93 AC 84 C0 75 FB 38 06 74 EA 8B C6 7E P_ ON LY = T RU E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WinUpack v0.39 final -> By Dwing (c)2005 (h1)</text>
-      <pattern>
-        BE B0 11 xx xx AD 50 FF 76 34 EB 7C 48 01 xx xx 0B 01 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 18 10 00 00 10 00 00 00 xx xx xx xx 00 00 xx xx 00 10 00 00 00 02 00 00 04 00 00 00 00 00 39 00 04 00 00 00 00 00 00 00 00 xx xx xx 00 02 00 00 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WinUpack v0.39 final -> By Dwing (c)2005 (h1)</text>
-      <pattern>
-        BE B0 11 xx xx AD 50 FF 76 34 EB 7C 48 01 xx xx 0B 01 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 18 10 00 00 10 00 00 00 xx xx xx xx 00 00 xx xx 00 10 00 00 00 02 00 00 04 00 00 00 00 00 39 00 04 00 00 00 00 00 00 00 00 xx xx xx 00 02 00 00 00 00 00 00 xx 00 00 xx 00 00 xx 00 00 xx xx 00 00 00 10 00 00 10 00 00 00 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 EE xx xx xx 14 00 00 00 00 xx xx xx xx xx xx 00 FF 76 38 AD 50 8B 3E BE F0 xx xx xx 6A 27 59 F3 A5 FF 76 04 83 C8 FF 8B DF AB EB 1C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 xx xx xx xx xx 00 00 00 40 AB 40 B1 04 F3 AB C1 E0 0A B5 xx F3 AB 8B 7E 0C 57 51 E9 xx xx xx xx 56 10 E2 E3 B1 04 D3 E0 03 E8 8D 53 18 33 C0 55 40 51 D3 E0 8B EA 91 FF 56 4C 99 59 D1 E8 13 D2 E2 FA 5D 03 EA 45 59 89 6B 08 56 8B F7 2B F5 F3 A4 AC 5E B1 80 AA 3B 7E 34 0F 82 AC FE FF FF 58 5F 59 E3 1B 8A 07 47 04 18 3C 02 73 F7 8B 07 3C xx 75 F3 B0 00 0F C8 03 46 38 2B C7 AB E2 E5 5E 5D 59 46 AD 85 C0 74 1F 51 56 97 FF D1 93 AC 84 C0 75 FB 38 06 74 EA 8B C6 79 05 46 33 C0 66 AD 50
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WinUpack v0.39 final -> By Dwing (c)2005 (h1)</text>
-      <pattern>
-        BE B0 11 xx xx AD 50 FF 76 34 EB 7C 48 01 xx xx 0B 01 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 18 10 00 00 10 00 00 00 xx xx xx xx 00 00 xx xx 00 10 00 00 00 02 00 00 04 00 00 00 00 00 39 00 04 00 00 00 00 00 00 00 00 xx xx xx 00 02 00 00 00 00 00 00 xx 00 00 xx 00 00 xx 00 00 xx xx 00 00 00 10 00 00 xx 00 00 00 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 EE xx xx xx 14 00 00 00 00 xx xx xx xx xx xx 00 FF 76 38 AD 50 8B 3E BE F0 xx xx xx 6A 27 59 F3 A5 FF 76 04 83 C8 FF 8B DF AB EB 1C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 xx xx xx xx xx 00 00 00 40 AB 40 B1 04 F3 AB C1 E0 0A B5 xx F3 AB 8B 7E 0C 57 51 E9 xx xx xx xx 56 10 E2 E3 B1 04 D3 E0 03 E8 8D 53 18 33 C0 55 40 51 D3 E0 8B EA 91 FF 56 4C 99 59 D1 E8 13 D2 E2 FA 5D 03 EA 45 59 89 6B 08 56 8B F7 2B F5 F3 A4 AC 5E B1 80 AA 3B 7E 34 0F 82 AC FE FF FF 58 5F 59 E3 1B 8A 07 47 04 18 3C 02 73 F7 8B 07 3C xx 75 F3 B0 00 0F C8 03 46 38 2B C7 AB E2 E5 5E 5D 59 46 AD 85 C0 74 1F 51 56 97 FF D1 93 AC 84 C0 75 FB 38 06 74 EA 8B C6 79 05 46 33
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WinUpack v0.39 final -> By Dwing c)2005</text>
-      <pattern>
-        BE B0 11 xx xx AD 50 FF 76 34 EB 7C 48 01 xx xx 0B 01 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 18 10 00 00 10 00 00 00 00 xx xx xx 00 00 xx xx 00 10 00 00 00 02 00 00 04 00 00 00 00 00 39 00 04 00 00 00 00 00 00 00 00 xx xx xx 00 02 00 00 00 00 00 00 xx 00 00 xx 00 00 xx 00 00 xx xx 00 00 00 10 00 00 10 00 00 00 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 EE xx xx xx 14 00 00 00 00 xx xx xx xx xx xx 00 FF 76 38 AD 50 8B 3E BE F0 xx xx xx 6A 27 59 F3 A5 FF 76 04 83 C8 FF 8B DF AB EB 1C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 xx xx xx xx xx 00 00 00 40 AB 40 B1 04 F3 AB C1 E0 0A B5 xx F3 AB 8B 7E 0C 57 51 E9 xx xx xx xx 56 10 E2 E3 B1 04 D3 E0 03 E8 8D 53 18 33 C0 55 40 51 D3 E0 8B EA 91 FF 56 4C 99 59 D1 E8 13 D2 E2 FA 5D 03 EA 45 59 89 6B 08 56 8B F7 2B F5 F3 A4 AC 5E B1 80 AA 3B 7E 34 0F 82 AC FE FF FF 58 5F 59 E3 1B 8A 07 47 04 18 3C 02 73 F7 8B 07 3C xx 75 F3 B0 00 0F C8 03 46 38 2B C7 AB E2 E5 5E 5D 59 46 AD 85 C0 74 1F 51
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WinZip (32-bit) 6.x</text>
-      <pattern>
-        FF 15 FC 81 40 00 B1 22 38 08 74 02 B1 20 40 80 38 00 74 10
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WinZip 32-bit SFX v6.x module</text>
-      <pattern>
-        FF 15 xx xx xx 00 B1 22 38 08 74 02 B1 20 40 80 38 00 74 10 38 08 74 06 40 80 38 00 75 F6 80 38 00 74 01 40 33 C9 xx xx xx xx FF 15
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WinZip 32-bit SFX v8.x module</text>
-      <pattern>
-        53 FF 15 xx xx xx 00 B3 22 38 18 74 03 80 C3 FE 8A 48 01 40 33 D2 3A CA 74 0A 3A CB 74 06 8A 48 01 40 EB F2 38 10 74 01 40 xx xx xx xx FF 15
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WinZip Self-Extractor 2.2 personal edition -> WinZip Computing (h)</text>
-      <pattern>
-        53 FF 15 58 70 40 00 B3 22 38 18 74 03 80 C3 FE 40 33 D2 8A 08 3A CA 74 10 3A CB 74 07 40 8A 08 3A CA 75 F5 38 10 74 01 40 52 50 52 52 FF 15 5C 70 40 00 50 E8 15 FB FF FF 50 FF 15 8C 70 40 00 5B
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Wise Installer Stub 1.10.1029.1</text>
-      <pattern>
-        55 8B EC 81 EC 40 0F 00 00 53 56 57 6A 04 FF 15 F4 30 40 00 FF 15 74 30 40 00 8A 08 89 45 E8 80 F9 22 75 48 8A 48 01 40 89 45 E8 33 F6 84 C9 74 0E 80 F9 22 74 09 8A 48 01 40 89 45 E8 EB EE 80 38 22 75 04 40 89 45 E8 80 38 20 75 09 40 80 38 20 74 FA 89 45
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Wise Installer Stub v1.10.1029.1</text>
-      <pattern>
-        55 8B EC 81 EC 40 0F 00 00 53 56 57 6A 04 FF 15 F4 30 40 00 FF 15 74 30 40 00 8A 08 89 45 E8 80 F9 22 75 48 8A 48 01 40 89 45 E8 33 F6 84 C9 74 0E 80 F9 22 74 09 8A 48 01 40 89 45 E8 EB EE 80 38 22 75 04 40 89 45 E8 80 38 20 75 09 40 80 38 20 74 FA 89 45 E8 8A 08 80 F9 2F 74 2B 84 C9 74 1F 80 F9 3D 74 1A 8A 48 01 40 EB F1 33 F6 84 C9 74 D6 80 F9 20 74
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Wise Installer Stub</text>
-      <pattern>
-        55 8B EC 81 EC 78 05 00 00 53 56 BE 04 01 00 00 57 8D 85 94 FD FF FF 56 33 DB 50 53 FF 15 34 20 40 00 8D 85 94 FD FF FF 56 50 8D 85 94 FD FF FF 50 FF 15 30 20 40 00 8B 3D 2C 20 40 00 53 53 6A 03 53 6A 01 8D 85 94 FD FF FF 68 00 00 00 80 50 FF D7 83 F8 FF
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Wise Installer Stub</text>
-      <pattern>
-        55 8B EC 81 EC 78 05 00 00 53 56 BE 04 01 00 00 57 8D 85 94 FD FF FF 56 33 DB 50 53 FF 15 34 20 40 00 8D 85 94 FD FF FF 56 50 8D 85 94 FD FF FF 50 FF 15 30 20 40 00 8B 3D 2C 20 40 00 53 53 6A 03 53 6A 01 8D 85 94 FD FF FF 68 00 00 00 80 50 FF D7 83 F8 FF 89 45 FC 0F 84 7B 01 00 00 8D 85 90 FC FF FF 50 56 FF 15 28 20 40 00 8D 85 98 FE FF FF 50 53 8D 85 90 FC FF FF 68 10 30 40 00 50 FF 15 24 20 40 00 53 68 80 00 00 00 6A 02 53 53 8D 85 98 FE FF FF 68 00 00 00 40 50 FF D7 83 F8 FF 89 45 F4 0F 84 2F 01 00 00 53 53 53 6A 02 53 FF 75 FC FF 15 00 20 40 00 53 53 53 6A 04 50 89 45 F8 FF 15 1C 20 40 00 8B F8 C7 45 FC 01 00 00 00 8D 47 01 8B 08 81 F9 4D 5A 9A 00 74 08 81 F9 4D 5A 90 00 75 06 80 78 04 03 74 0D FF 45 FC 40 81 7D FC 00 80 00 00 7C DB 8D 4D F0 53 51 68
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Wise Installer Stub</text>
-      <pattern>
-        55 8B EC 81 EC xx xx 00 00 53 56 57 6A 01 5E 6A 04 89 75 E8 FF 15 xx 40 40 00 FF 15 xx 40 40 00 8B F8 89 7D xx 8A 07 3C 22 0F 85 xx 00 00 00 8A 47 01 47 89 7D xx 33 DB 3A C3 74 0D 3C 22 74 09 8A 47 01 47 89 7D xx EB EF 80 3F 22 75 04 47 89 7D xx 80 3F 20
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Wise Installer Stub</text>
-      <pattern>
-        55 8B EC 81 EC xx xx 00 00 53 56 57 6A 01 5E 6A 04 89 75 E8 FF 15 xx 40 40 00 FF 15 xx 40 40 00 8B F8 89 7D xx 8A 07 3C 22 0F 85 xx 00 00 00 8A 47 01 47 89 7D xx 33 DB 3A C3 74 0D 3C 22 74 09 8A 47 01 47 89 7D xx EB EF 80 3F 22 75 04 47 89 7D xx 80 3F 20 75 09 47 80 3F 20 74 FA 89 7D xx 53 FF 15 xx 40 40 00 80 3F 2F 89 45 xx 75 xx 8A 47 01 3C 53 74 04 3C 73 75 06 89 35
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WWPACK v3.00, v3.01 (Extractable)</text>
-      <pattern>
-        B8 xx xx 8C CA 03 D0 8C C9 81 C1 xx xx 51 6A xx 06 06 8C D3 83 xx xx 53 6A xx FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WWPACK v3.00, v3.01 (Relocations pack)</text>
-      <pattern>
-        BE xx xx BA xx xx BF xx xx B9 xx xx 8C CD 8E DD 81 ED xx xx 06 06 8B DD 2B DA 8B D3 FC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WWPACK v3.02, v3.02a (Extractable)</text>
-      <pattern>
-        B8 xx xx 8C CA 03 D0 8C C9 81 C1 xx xx 51 33 C9 B1 xx 51 06 06 BB xx xx 53 8C D3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WWPACK v3.02, v3.02a, v3.04 (Relocations pack)</text>
-      <pattern>
-        BE xx xx BF xx xx B9 xx xx 8C CD 81 ED xx xx 8B DD 81 EB xx xx 8B D3 FC FA 1E 8E DB 01 15 33 C0 2E AC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WWPACK v3.03</text>
-      <pattern>
-        B8 xx xx 8C CA 03 D0 8C C9 81 C1 xx xx 51 B9 xx xx 51 06 06 BB xx xx 53
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WWPACK v3.05c4 (Extr. Passw.check. Vir. shield)</text>
-      <pattern>
-        03 05 C0 1A B8 xx xx 8C CA 03 D0 8C C9 81 C1 xx xx 51 B9 xx xx 51 06 06 B1 xx 51 8C D3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WWPACK v3.05c4 (Extractable + Password checking)</text>
-      <pattern>
-        03 05 80 1A B8 xx xx 8C CA 03 D0 8C C9 81 C1 xx xx 51 B9 xx xx 51 06 06 B1 xx 51 8C D3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WWPACK v3.05c4 (Extractable + Virus Shield)</text>
-      <pattern>
-        03 05 40 1A B8 xx xx 8C CA 03 D0 8C C9 81 C1 xx xx 51 B9 xx xx 51 06 06 B1 xx 51 8C D3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WWPACK v3.05c4 (Extractable)</text>
-      <pattern>
-        03 05 00 1A B8 xx xx 8C CA 03 D0 8C C9 81 C1 xx xx 51 B9 xx xx 51 06 06 B1 xx 51 8C D3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WWPACK v3.05c4 (Modified)</text>
-      <pattern>
-        B8 xx xx 8C CA 03 D0 8C C9 81 C1 xx xx 51 B9 xx xx 51 06 06 B1 xx 51 8C D3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WWPACK v3.05c4 (Unextr. Passw.check. Vir. shield)</text>
-      <pattern>
-        03 05 C0 1B B8 xx xx 8C CA 03 D0 8C C9 81 C1 xx xx 51 B9 xx xx 51 06 06 B1 xx 51 8C D3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WWPACK v3.05c4 (Unextractable + Password checking)</text>
-      <pattern>
-        03 05 80 1B B8 xx xx 8C CA 03 D0 8C C9 81 C1 xx xx 51 B9 xx xx 51 06 06 B1 xx 51 8C D3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WWPACK v3.05c4 (Unextractable + Virus Shield)</text>
-      <pattern>
-        03 05 40 1B B8 xx xx 8C CA 03 D0 8C C9 81 C1 xx xx 51 B9 xx xx 51 06 06 B1 xx 51 8C D3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WWPACK v3.05c4 (Unextractable)</text>
-      <pattern>
-        03 05 00 1B B8 xx xx 8C CA 03 D0 8C C9 81 C1 xx xx 51 B9 xx xx 51 06 06 B1 xx 51 8C D3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WWPack32 v1.00, v1.11, v1.12, v1.20</text>
-      <pattern>
-        53 55 8B E8 33 DB EB 60 0D 0A 0D 0A 57 57 50 61 63 6B 33 32
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>WWPack32 v1.x</text>
-      <pattern>
-        53 55 8B E8 33 DB EB 60
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>X-Hider 1.0 -> GlobaL</text>
-      <pattern>
-        55 8B EC 83 C4 EC 33 C0 89 45 EC B8 54 20 44 44 E8 DF F8 FF FF 33 C0 55 68 08 21 44 44 64 FF 30 64 89 20 8D 55 EC B8 1C 21 44 44 E8 E0 F9 FF FF 8B 55 EC B8 40 xx xx 44 E8 8B F5 FF FF 6A 00 6A 00 6A 02 6A 00 6A 01 68 00 00 00 40 A1 40 xx xx 44 E8 7E F6 FF FF 50 E8 4C F9 FF FF 6A 00 50 E8 4C F9 FF FF A3 28 xx xx 44 E8 CE FE FF FF 33 C0 5A 59 59 64 89 10 68 0F 21 44 44 8D 45 EC E8 F1 F4 FF FF C3 E9 BB F2 FF FF EB F0 E8 FC F3 FF FF FF FF FF FF 0E 00 00 00 63 3A 5C 30 30 30 30 30 30 31 2E 64 61 74 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>X-Hider 1.0 -> GlobaL</text>
-      <pattern>
-        85 D2 74 23 8B 4A F8 41 7F 1A 50 52 8B 42 FC E8 30 00 00 00 89 C2 58 52 8B 48 FC E8 48 FB FF FF 5A 58 EB 03 FF 42 F8 87 10 85 D2 74 13 8B 4A F8 49 7C 0D FF 4A F8 75 08 8D 42 F8 E8 5C FA FF FF C3 8D 40 00 85 C0 7E 24 50 83 C0 0A 83 E0 FE 50 E8 2F FA FF FF 5A 66 C7 44 02 FE 00 00 83 C0 08 5A 89 50 FC C7 40 F8 01 00 00 00 C3 31 C0 C3 90
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>X-Pack v1.4.2</text>
-      <pattern>
-        72 xx C3 8B DE 83 xx xx C1 xx xx 8C D8 03 C3 8E D8 8B DF 83 xx xx C1 xx xx 8C C0 03 C3 8E C0 C3
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>X-PEOR v0.99b</text>
-      <pattern>
-        E8 00 00 00 00 5D 8B CD 81 ED 7A 29 40 00 89 AD 0F 6D 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>X-PEOR v0.99b</text>
-      <pattern>
-        E8 xx xx xx xx 5D 8B CD 81 ED 7A 29 40 xx 89 AD 0F 6D 40
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>XCF File Format by Adeline Software</text>
-      <pattern>
-        46 72 61 6D 65 4C 65 6E F4 0F
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>XCR v0.11</text>
-      <pattern>
-        60 8B F0 33 DB 83 C3 01 83 C0 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>XCR v0.12</text>
-      <pattern>
-        60 9C E8 xx xx xx xx 8B DD 5D 81 ED xx xx xx xx 89 9D
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>XCR v0.13</text>
-      <pattern>
-        93 71 08 xx xx xx xx xx xx xx xx 8B D8 78 E2 xx xx xx xx 9C 33 C3 xx xx xx xx 60 79 CE xx xx xx xx E8 01 xx xx xx xx 83 C4 04 E8 AB FF FF FF xx xx xx xx 2B E8 xx xx xx xx 03 C5 FF 30 xx xx xx xx C6 xx EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>XJ / XPAL -> LiNSoN</text>
-      <pattern>
-        55 8B EC 6A FF 68 xx xx 40 00 68 xx xx 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 44 53 56 57 66 9C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>XM music file</text>
-      <pattern>
-        45 78 74 65 6E 64 65 64 20 4D 6F 64 75 6C 65 3A
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>XMI music file</text>
-      <pattern>
-        46 4F 52 4D xx xx xx xx 58 4D 49 44
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>XPack 1.52 - 1.64</text>
-      <pattern>
-        8B EC FA 33 C0 8E D0 BC xx xx 2E xx xx xx xx 2E xx xx xx xx EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>
-        XPack 1.67 com
-      </text>
-      <pattern>
-        E9 53 00 FF FD FF FB FF F9 FF BC 03 00 8B E5 4C 4C C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>XPack 1.67</text>
-      <pattern>
-        B8 8C D3 15 33 75 81 3E E8 0F 00 9A E8 F9 FF 9A 9C EB 01 9A 59 80 CD 01 51 9D EB
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>xPEP 0.3x -> xIkUg</text>
-      <pattern>
-        55 53 56 51 52 57 E8 16 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Xtreme-Protector 1.06</text>
-      <pattern>
-        B8 xx xx xx 00 B9 75 xx xx 00 50 51 E8 05 00 00 00 E9 4A 01 00 00 60 8B 74 24 24 8B 7C 24 28 FC B2 80 8A 06 46 88 07 47 BB 02 00 00 00 02 D2 75 05 8A 16 46 12 D2 73 EA 02 D2 75 05 8A 16 46 12 D2 73 4F 33 C0 02 D2 75 05 8A 16 46 12 D2 0F 83 DF 00 00 00 02
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Xtreme-Protector v1.05</text>
-      <pattern>
-        E9 xx xx 00 00 00 00 00 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Xtreme-Protector v1.06</text>
-      <pattern>
-        B8 xx xx xx 00 B9 75 xx xx 00 50 51 E8 05 00 00 00 E9 4A 01 00 00 60 8B 74 24 24 8B 7C 24 28 FC B2 80 8A 06 46 88 07 47 BB 02 00 00 00 02 D2 75 05 8A 16 46 12 D2 73 EA 02 D2 75 05 8A 16 46 12 D2 73 4F 33 C0 02 D2 75 05 8A 16 46 12 D2 0F 83 DF 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 13 C0 74 06 57 2B F8 8A 07 5F 88 07 47 BB 02 00 00 00 EB 9B B8 01 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 72 EA 2B C3 BB 01 00 00 00 75 28 B9 01 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C9 02 D2 75 05 8A 16 46 12 D2 72 EA 56 8B F7 2B F5 F3 A4 5E E9 4F FF FF FF 48 C1 E0 08 8A 06 46 8B E8 B9 01 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C9 02 D2 75 05 8A 16 46 12 D2 72 EA 3D 00 7D 00 00 73 1A 3D 00 05 00 00 72 0E 41 56 8B F7 2B F0 F3 A4 5E E9 0F FF FF FF 83 F8 7F 77 03 83 C1 02 56 8B F7 2B F0 F3 A4 5E E9 FA FE FF FF 8A 06 46 33 C9 C0 E8 01 74 17 83 D1 02 8B E8 56 8B F7 2B F0 F3 A4 5E BB 01 00 00 00 E9 D9 F
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Xtreme-Protector v1.06</text>
-      <pattern>
-        B8 xx xx xx 00 B9 75 xx xx 00 50 51 E8 05 00 00 00 E9 4A 01 00 00 60 8B 74 24 24 8B 7C 24 28 FC B2 80 8A 06 46 88 07 47 BB 02 00 00 00 02 D2 75 05 8A 16 46 12 D2 73 EA 02 D2 75 05 8A 16 46 12 D2 73 4F 33 C0 02 D2 75 05 8A 16 46 12 D2 0F 83 DF 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 13 C0 74 06 57 2B F8 8A 07 5F 88 07 47 BB 02 00 00 00 EB 9B B8 01 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 72 EA 2B C3 BB 01 00 00 00 75 28 B9 01 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C9 02 D2 75 05 8A 16 46 12 D2 72 EA 56 8B F7 2B F5 F3 A4 5E E9 4F FF FF FF 48 C1 E0 08 8A 06 46 8B E8 B9 01 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C9 02 D2 75 05 8A 16 46 12 D2 72 EA 3D 00 7D 00 00 73 1A 3D 00 05 00 00 72 0E 41 56 8B F7 2B F0 F3 A4 5E E9 0F FF FF FF 83 F8 7F 77 03 83 C1 02 56 8B F7 2B F0 F3 A4 5E E9 FA FE FF FF 8A 06 46 33 C9 C0 E8 01 74 17 83 D1 02 8B E8 56 8B F7 2B F0 F3 A4 5E BB 01 00 00 00 E9 D9 FE FF FF 2B 7C 24 28 89 7C 24 1C 61 C2 08 00 E9 xx xx xx 00 E9 38 xx xx xx 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Xtreme-Protector v1.06</text>
-      <pattern>
-        B8 xx xx xx 00 B9 75 xx xx 00 50 51 E8 05 00 00 00 E9 4A 01 00 00 60 8B 74 24 24 8B 7C 24 28 FC B2 80 8A 06 46 88 07 47 BB 02 00 00 00 02 D2 75 05 8A 16 46 12 D2 73 EA 02 D2 75 05 8A 16 46 12 D2 73 4F 33 C0 02 D2 75 05 8A 16 46 12 D2 0F 83 DF 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 13 C0 74 06 57 2B F8 8A 07 5F 88 07 47 BB 02 00 00 00 EB 9B B8 01 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 72 EA 2B C3 BB 01 00 00 00 75 28 B9 01 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C9 02 D2 75 05 8A 16 46 12 D2 72 EA 56 8B F7 2B F5 F3 A4 5E E9 4F FF FF FF 48 C1 E0 08 8A 06 46 8B E8 B9 01 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C9 02 D2 75 05 8A 16 46 12 D2 72 EA 3D 00 7D 00 00 73 1A 3D 00 05 00 00 72 0E 41 56 8B F7 2B F0 F3 A4 5E E9 0F FF FF FF 83 F8 7F 77 03 83 C1 02 56 8B F7 2B F0 F3 A4 5E E9 FA FE FF FF 8A 06 46 33 C9 C0 E8 01 74 17 83 D1 02 8B E8 56 8B F7 2B F0 F3 A4 5E BB 01 00 00 00 E9 D9 FE P_ ON LY = T RU E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>XWD graphics format</text>
-      <pattern>
-        00 00 00 71 00 00 00 07 00 00 00 02 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>XXPack 0.1 -> bagie</text>
-      <pattern>
-        E8 04 00 00 00 83 60 EB 0C 5D EB 05 45 55 EB 04 B8 EB F9 00 C3 E8 00 00 00 00 5D EB 01 00 81 ED 5E 1F 40 00 EB 02 83 09 8D B5 EF 1F 40 00 EB 02 83 09 BA A3 11 00 00 EB 00 68 00 xx xx xx C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>y0da's Crypter v1.0</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED E7 1A 40 00 E8 A1 00 00 00 E8 D1 00 00 00 E8 85 01 00 00 F7 85
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>y0da's Crypter v1.1</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 8A 1C 40 00 B9 9E 00 00 00 8D BD 4C 23 40 00 8B F7 33
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>y0da's Crypter v1.x / Modified</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED xx xx xx xx B9 xx xx 00 00 8D BD xx xx xx xx 8B F7 AC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yC 1.3 by Ashkbiz Danehkar</text>
-      <pattern>
-        55 8B EC 81 EC C0 00 00 00 53 56 57 8D BD 40 FF FF FF B9 30 00 00 00 B8 CC CC CC CC F3 AB 60 E8 00 00 00 00 5D 81 ED 84 52 41 00 B9 75 5E 41 00 81 E9 DE 52 41 00 8B D5 81 C2 DE 52 41 00 8D 3A 8B F7 33 C0 EB 04 90 EB 01 C2 AC
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yoda's Crypter 1.3 -> Ashkbiz Danehkar</text>
-      <pattern>
-        55 8B EC 53 56 57 60 E8 00 00 00 00 5D 81 ED 6C 28 40 00 B9 5D 34 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yoda's Crypter 1.3 -> Ashkbiz Danehkar</text>
-      <pattern>
-        55 8B EC 53 56 57 60 E8 00 00 00 00 5D 81 ED 6C 28 40 00 B9 5D 34 40 00 81 E9 C6 28 40 00 8B D5 81 C2 C6 28 40 00 8D 3A 8B F7 33 C0 EB 04 90 EB 01 C2 AC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yoda's Protector 1.0 beta -> Ashkbiz Danehkar</text>
-      <pattern>
-        55 8B EC 53 56 57 60 E8 00 00 00 00 5D 81 ED 4C 32 40 00 E8 03 00 00 00 EB 01 xx B9 EA 47 40 00 81 E9 E9 32 40 00 8B D5 81 C2 E9 32 40 00 8D 3A 8B F7 33 C0 E8 04 00 00 00 90 EB 01 xx E8 03 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yoda's Protector 1.01 -> Ashkbiz Danehkar (h)</text>
-      <pattern>
-        55 8B EC 53 56 57 E8 03 00 00 00 EB 01 xx E8 86 00 00 00 E8 03 00 00 00 EB 01 xx E8 79 00 00 00 E8 03 00 00 00 EB 01 xx E8 A4 00 00 00 E8 03 00 00 00 EB 01 xx E8 97 00 00 00 E8 03 00 00 00 EB 01 xx E8 2D 00 00 00 E8 03 00 00 00 EB 01 xx 60 E8 00 00 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yoda's Protector 1.02 (.exe,.scr,.com) -> Ashkbiz Danehkar (h)</text>
-      <pattern>
-        E8 03 00 00 00 EB 01 xx BB 55 00 00 00 E8 03 00 00 00 EB 01 xx E8 8F 00 00 00 E8 03 00 00 00 EB 01 xx E8 82 00 00 00 E8 03 00 00 00 EB 01 xx E8 B8 00 00 00 E8 03 00 00 00 EB 01 xx E8 AB 00 00 00 E8 03 00 00 00 EB 01 xx 83 FB 55 E8 03 00 00 00 EB 01 xx 75
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yoda's Protector 1.02 - 1.03 -> Ashkbiz Danehkar</text>
-      <pattern>
-        E8 03 00 00 00 EB 01 xx BB 55 00 00 00 E8 03 00 00 00 EB 01 xx E8 8F 00 00 00 E8 03 00 00 00 EB 01 xx E8 82 00 00 00 E8 03 00 00 00 EB 01 xx E8 B8 00 00 00 E8 03 00 00 00 EB 01 xx E8 AB 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yoda's Protector 1.02 -> Ashkibiz Danehlar</text>
-      <pattern>
-        E8 03 00 00 00 EB 01 xx BB 55 00 00 00 E8 03 00 00 00 EB 01 xx E8 8F 00 00 00 E8 03 00 00 00 EB 01 xx E8 82 00 00 00 E8 03 00 00 00 EB 01 xx E8 B8 00 00 00 E8 03 00 00 00 EB 01 xx E8 AB 00 00 00 E8 03 00 00 00 EB 01 xx 83 FB 55 E8 03 00 00 00 EB 01 xx 75 2E E8 03 00 00 00 EB 01 xx C3 60 E8 00 00 00 00 5D 81 ED 23 3F 42 00 8B D5 81 C2 72 3F 42 00 52 E8 01 00 00 00 C3 C3 E8 03 00 00 00 EB 01 xx E8 0E 00 00 00 E8 D1 FF FF FF C3 E8 03 00 00 00 EB 01 xx 33 C0 64 FF 30 64 89 20 CC C3 E8 03 00 00 00 EB 01 xx 33 C0 64 FF 30 64 89 20 4B CC C3 E8 03 00 00 00 EB 01 xx 33 DB B9 3A 66 42 00 81 E9 1D 40 42 00 8B D5 81 C2 1D 40 42 00 8D 3A 8B F7 33 C0 E8 03 00 00 00 EB 01 xx E8 17 00 00 00 90 90 90 E9 C3 1F 00 00 33 C0 64 FF 30 64 89 20 43 CC C3 90 EB 01 xx AC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yoda's Protector 1.03.1 -> Ashkibiz Danehlar</text>
-      <pattern>
-        E8 03 00 00 00 EB 01 xx BB 55 00 00 00 E8 03 00 00 00 EB 01 xx E8 8F 00 00 00 E8 03 00 00 00 EB 01 xx E8 82 00 00 00 E8 03 00 00 00 EB 01 xx E8 B8 00 00 00 E8 03 00 00 00 EB 01 xx E8 AB 00 00 00 E8 03 00 00 00 EB 01 xx 83 FB 55 E8 03 00 00 00 EB 01 xx 75 2E E8 03 00 00 00 EB 01 xx C3 60 E8 00 00 00 00 5D 81 ED 74 72 42 00 8B D5 81 C2 C3 72 42 00 52 E8 01 00 00 00 C3 C3 E8 03 00 00 00 EB 01 xx E8 0E 00 00 00 E8 D1 FF FF FF C3 E8 03 00 00 00 EB 01 xx 33 C0 64 FF 30 64 89 20 CC C3 E8 03 00 00 00 EB 01 xx 33 C0 64 FF 30 64 89 20 4B CC C3 E8 03 00 00 00 EB 01 xx 33 DB B9 3F A9 42 00 81 E9 6E 73 42 00 8B D5 81 C2 6E 73 42 00 8D 3A 8B F7 33 C0 E8 03 00 00 00 EB 01 xx E8 17 00 00 00 90 90 90 E9 98 2E 00 00 33 C0 64 FF 30 64 89 20 43 CC C3 90 EB 01 xx AC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yoda's Protector 1.0b -> Ashkbiz Danehkar (h)</text>
-      <pattern>
-        55 8B EC 53 56 57 60 E8 00 00 00 00 5D 81 ED 4C 32 40 00 E8 03 00 00 00 EB 01 xx B9 EA 47 40 00 81 E9 E9 32 40 00 8B D5 81 C2 E9 32 40 00 8D 3A 8B F7 33 C0 E8 04 00 00 00 90 EB 01 xx E8 03 00 00 00 EB 01
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yoda's Protector 1.0b -> Ashkbiz Danehkar</text>
-      <pattern>
-        55 8B EC 53 56 57 60 E8 00 00 00 00 5D 81 ED 4C 32 40 00 E8 03 00 00 00 EB 01
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yoda's Protector 1.0x -> Ashkbiz Danehkar</text>
-      <pattern>
-        55 8B EC 53 56 57 E8 03 00 00 00 EB 01
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yoda's Protector V1.01 -> Ashkbiz Danehkar ! Sign by fly</text>
-      <pattern>
-        55 8B EC 53 56 57 E8 03 00 00 00 EB 01 xx E8 86 00 00 00 E8 03 00 00 00 EB 01 xx E8 79 00 00 00 E8 03 00 00 00 EB 01 xx E8 A4 00 00 00 E8 03 00 00 00 EB 01 xx E8 97 00 00 00 E8 03 00 00 00 EB 01 xx E8 2D 00 00 00 E8 03 00 00 00 EB 01 xx 60 E8 00 00 00 00 5D 81 ED D5 E4 41 00 8B D5 81 C2 23 E5 41 00 52 E8 01 00 00 00 C3 C3 E8 03 00 00 00 EB 01 xx E8 0E 00 00 00 E8 D1 FF FF FF C3 E8 03 00 00 00 EB 01 xx 33 C0 64 FF 30 64 89 20 CC C3 E8 03 00 00 00 EB 01 xx 33 C0 64 FF 30 64 89 20 CC C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yoda's Protector v1.02 (.exe,.scr,.com) -> Ashkbiz Danehkar (h)</text>
-      <pattern>
-        E8 03 00 00 00 EB 01 xx BB 55 00 00 00 E8 03 00 00 00 EB 01 xx E8 8F 00 00 00 E8 03 00 00 00 EB 01 xx E8 82 00 00 00 E8 03 00 00 00 EB 01 xx E8 B8 00 00 00 E8 03 00 00 00 EB 01 xx E8 AB 00 00 00 E8 03 00 00 00 EB 01 xx 83 FB 55 E8 03 00 00 00 EB 01 xx 75 2E E8 03 00 00 00 EB 01 xx C3 60 E8 00 00 00 00 5D 81 ED 23 3F 42 00 8B D5 81 C2 72 3F 42 00 52 E8 01 00 00 00 C3 C3 E8 03 00 00 00 EB 01 xx E8 0E 00 00 00 E8 D1 FF FF FF C3 E8 03 00 00 00 EB 01 xx 33 C0 64 FF 30 64 89 20 CC C3 E8 03 00 00 00 EB 01 xx 33 C0 64 FF 30 64 89 20 4B CC C3 E8 03 00 00 00 EB 01 xx 33 DB B9 35 66 42 00 81 E9 1D 40 42 00 8B D5 81 C2 1D 40 42 00 8D 3A 8B F7 33 C0 E8 03 00 00 00 EB 01 xx E8 17 00 00 00 90 90 90 E9 BE 1F 00 00 33 C0 64 FF 30 64 89 20 43 CC C3 90 EB 01 xx AC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yoda's Protector V1.02 -> Ashkbiz Danehkar ! Sign by fly</text>
-      <pattern>
-        E8 03 00 00 00 EB 01 xx BB 55 00 00 00 E8 03 00 00 00 EB 01 xx E8 8F 00 00 00 E8 03 00 00 00 EB 01 xx E8 82 00 00 00 E8 03 00 00 00 EB 01 xx E8 B8 00 00 00 E8 03 00 00 00 EB 01 xx E8 AB 00 00 00 E8 03 00 00 00 EB 01 xx 83 FB 55 E8 03 00 00 00 EB 01 xx 75 2E E8 03 00 00 00 EB 01 xx C3 60 E8 00 00 00 00 5D 81 ED 23 3F 42 00 8B D5 81 C2 72 3F 42 00 52 E8 01 00 00 00 C3 C3 E8 03 00 00 00 EB 01 xx E8 0E 00 00 00 E8 D1 FF FF FF C3 E8 03 00 00 00 EB 01 xx 33 C0 64 FF 30 64 89 20 CC C3 E8 03 00 00 00 EB 01 xx 33 C0 64 FF 30 64 89 20 4B CC C3 E8 03 00 00 00 EB 01 xx 33 DB B9 3A 66 42 00 81 E9 1D 40 42 00 8B D5 81 C2 1D 40 42 00 8D 3A 8B F7 33 C0 E8 03 00 00 00 EB 01 xx E8 17 00 00 00 90 90 90 E9 C3 1F 00 00 33 C0 64 FF 30 64 89 20 43 CC C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yoda's Protector V1.03.1 -> Ashkbiz Danehkar ! Sign by fly</text>
-      <pattern>
-        E8 03 00 00 00 EB 01 xx BB 55 00 00 00 E8 03 00 00 00 EB 01 xx E8 8F 00 00 00 E8 03 00 00 00 EB 01 xx E8 82 00 00 00 E8 03 00 00 00 EB 01 xx E8 B8 00 00 00 E8 03 00 00 00 EB 01 xx E8 AB 00 00 00 E8 03 00 00 00 EB 01 xx 83 FB 55 E8 03 00 00 00 EB 01 xx 75 2E E8 03 00 00 00 EB 01 xx C3 60 E8 00 00 00 00 5D 81 ED 74 72 42 00 8B D5 81 C2 C3 72 42 00 52 E8 01 00 00 00 C3 C3 E8 03 00 00 00 EB 01 xx E8 0E 00 00 00 E8 D1 FF FF FF C3 E8 03 00 00 00 EB 01 xx 33 C0 64 FF 30 64 89 20 CC C3 E8 03 00 00 00 EB 01 xx 33 C0 64 FF 30 64 89 20 4B CC C3 E8 03 00 00 00 EB 01 xx 33 DB B9 3F A9 42 00 81 E9 6E 73 42 00 8B D5 81 C2 6E 73 42 00 8D 3A 8B F7 33 C0 E8 03 00 00 00 EB 01 xx E8 17 00 00 00 90 90 90 E9 98 2E 00 00 33 C0 64 FF 30 64 89 20 43 CC C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yoda's Protector v1.03.2 (.exe,.scr,.com) -> Ashkbiz Danehkar (h)</text>
-      <pattern>
-        E8 03 00 00 00 EB 01 xx BB 55 00 00 00 E8 03 00 00 00 EB 01 xx E8 8F 00 00 00 E8 03 00 00 00 EB 01 xx E8 82 00 00 00 E8 03 00 00 00 EB 01 xx E8 B8 00 00 00 E8 03 00 00 00 EB 01 xx E8 AB 00 00 00 E8 03 00 00 00 EB 01 xx 83 FB 55 E8 03 00 00 00 EB 01 xx 75 2E E8 03 00 00 00 EB 01 xx C3 60 E8 00 00 00 00 5D 81 ED 94 73 42 00 8B D5 81 C2 E3 73 42 00 52 E8 01 00 00 00 C3 C3 E8 03 00 00 00 EB 01 xx E8 0E 00 00 00 E8 D1 FF FF FF C3 E8 03 00 00 00 EB 01 xx 33 C0 64 FF 30 64 89 20 CC C3 E8 03 00 00 00 EB 01 xx 33 C0 64 FF 30 64 89 20 4B CC C3 E8 03 00 00 00 EB 01 xx 33 DB B9 BF A4 42 00 81 E9 8E 74 42 00 8B D5 81 C2 8E 74 42 00 8D 3A 8B F7 33 C0 E8 03 00 00 00 EB 01 xx E8 17 00 00 00 90 90 90 E9 63 29 00 00 33 C0 64 FF 30 64 89 20 43 CC C3 90 EB 01 xx AC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yoda's Protector V1.03.2 -> Ashkbiz Danehkar ! Sign by fly</text>
-      <pattern>
-        E8 03 00 00 00 EB 01 xx BB 55 00 00 00 E8 03 00 00 00 EB 01 xx E8 8F 00 00 00 E8 03 00 00 00 EB 01 xx E8 82 00 00 00 E8 03 00 00 00 EB 01 xx E8 B8 00 00 00 E8 03 00 00 00 EB 01 xx E8 AB 00 00 00 E8 03 00 00 00 EB 01 xx 83 FB 55 E8 03 00 00 00 EB 01 xx 75 2E E8 03 00 00 00 EB 01 xx C3 60 E8 00 00 00 00 5D 81 ED 94 73 42 00 8B D5 81 C2 E3 73 42 00 52 E8 01 00 00 00 C3 C3 E8 03 00 00 00 EB 01 xx E8 0E 00 00 00 E8 D1 FF FF FF C3 E8 03 00 00 00 EB 01 xx 33 C0 64 FF 30 64 89 20 CC C3 E8 03 00 00 00 EB 01 xx 33 C0 64 FF 30 64 89 20 4B CC C3 E8 03 00 00 00 EB 01 xx 33 DB B9 BF A4 42 00 81 E9 8E 74 42 00 8B D5 81 C2 8E 74 42 00 8D 3A 8B F7 33 C0 E8 03 00 00 00 EB 01 xx E8 17 00 00 00 90 90 90 E9 63 29 00 00 33 C0 64 FF 30 64 89 20 43 CC C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Yoda's Protector v1.03.2 Beta2 -> Ashkbiz Danehkar</text>
-      <pattern>
-        E8 03 00 00 00 EB 01 xx BB 55 00 00 00 E8 03 00 00 00 EB 01 xx E8 8F 00 00 00 E8 03 00 00 00 EB 01 xx E8 82 00 00 00 E8 03 00 00 00 EB 01 xx E8 B8 00 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yoda's Protector v1.03.2 by Ashkbiz Danehkar</text>
-      <pattern>
-        E8 03 00 00 00 EB 01 xx BB 55 00 00 00 E8 03 00 00 00 EB 01 xx E8 8F 00 00 00 E8 03 00 00 00 EB 01 xx E8 82 00 00 00 E8 03 00 00 00 EB 01 xx E8 B8 00 00 00 E8 03 00 00 00 EB 01 xx E8 AB 00 00 00 E8 03 00 00 00 EB 01 xx 83 FB 55 E8 03 00 00 00 EB 01 xx 75 2E E8 03 00 00 00 EB 01 xx C3 60 E8 00 00 00 00 5D 81 ED 94 73 42 00 8B D5 81 C2 E3 73 42 00 52 E8 01 00 00 00 C3 C3 E8 03 00 00
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yoda's Protector v1.03.3 (.exe,.scr,.com) -> Ashkbiz Danehkar (h)</text>
-      <pattern>
-        E8 03 00 00 00 EB 01 xx BB 55 00 00 00 E8 03 00 00 00 EB 01 xx E8 8E 00 00 00 E8 03 00 00 00 EB 01 xx E8 81 00 00 00 E8 03 00 00 00 EB 01 xx E8 B7 00 00 00 E8 03 00 00 00 EB 01 xx E8 AA 00 00 00 E8 03 00 00 00 EB 01 xx 83 FB 55 E8 03 00 00 00 EB 01 xx 75 2D E8 03 00 00 00 EB 01 xx 60 E8 00 00 00 00 5D 81 ED 07 E2 40 00 8B D5 81 C2 56 E2 40 00 52 E8 01 00 00 00 C3 C3 E8 03 00 00 00 EB 01 xx E8 0E 00 00 00 E8 D1 FF FF FF C3 E8 03 00 00 00 EB 01 xx 33 C0 64 FF 30 64 89 20 CC C3 E8 03 00 00 00 EB 01 xx 33 C0 64 FF 30 64 89 20 4B CC C3 E8 03 00 00 00 EB 01 xx 33 DB B9 4B 0C 41 00 81 E9 01 E3 40 00 8B D5 81 C2 01 E3 40 00 8D 3A 8B F7 33 C0 E8 03 00 00 00 EB 01 xx E8 17 00 00 00 90 90 90 E9 9C 22 00 00 33 C0 64 FF 30 64 89 20 43 CC C3 CC CC CC CC AC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yoda's Protector V1.03.3 -> Ashkbiz Danehkar ! Sign by fly</text>
-      <pattern>
-        E8 03 00 00 00 EB 01 xx BB 55 00 00 00 E8 03 00 00 00 EB 01 xx E8 8E 00 00 00 E8 03 00 00 00 EB 01 xx E8 81 00 00 00 E8 03 00 00 00 EB 01 xx E8 B7 00 00 00 E8 03 00 00 00 EB 01 xx E8 AA 00 00 00 E8 03 00 00 00 EB 01 xx 83 FB 55 E8 03 00 00 00 EB 01 xx 75 2D E8 03 00 00 00 EB 01 xx 60 E8 00 00 00 00 5D 81 ED 07 E2 40 00 8B D5 81 C2 56 E2 40 00 52 E8 01 00 00 00 C3 C3 E8 03 00 00 00 EB 01 xx E8 0E 00 00 00 E8 D1 FF FF FF C3 E8 03 00 00 00 EB 01 xx 33 C0 64 FF 30 64 89 20 CC C3 E8 03 00 00 00 EB 01 xx 33 C0 64 FF 30 64 89 20 4B CC C3
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yoda's Protector V1.0b -> Ashkbiz Danehkar ! Sign by fly</text>
-      <pattern>
-        55 8B EC 53 56 57 60 E8 00 00 00 00 5D 81 ED 4C 32 40 00 E8 03 00 00 00 EB 01 xx B9 EA 47 40 00 81 E9 E9 32 40 00 8B D5 81 C2 E9 32 40 00 8D 3A 8B F7 33 C0 E8 04 00 00 00 90 EB 01 xx E8 03 00 00 00 EB 01 xx AC
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yP 1.0b by Ashkbiz Danehkar</text>
-      <pattern>
-        55 8B EC 53 56 57 60 E8 00 00 00 00 5D 81 ED 4C 32 40 00 E8 03 00 00 00 EB 01 xx B9 EA 47 40 00 81 E9 E9 32 40 00 8B D5 81 C2 E9 32 40 00 8D 3A 8B F7 33 C0 E8 04 00 00 00 90 EB 01 C2 E8 03 00 00 00 EB 01 xx AC xx xx xx xx xx xx xx EB 01 E8
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yzPack 1.0 -> UsAr</text>
-      <pattern>
-        60 33 C0 8D 48 07 50 E2 FD 8B EC 64 8B 40 30 78 0C 8B 40 0C
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>YZPack 1.2 -> UsAr</text>
-      <pattern>
-        4D 5A 52 45 60 83 EC 18 8B EC 8B FC 33 C0 64 8B 40 30 78 0C 8B 40 0C 8B 70 1C AD 8B 40 08 EB 09 8B 40 34 83 C0 7C 8B 40 3C AB E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yzpack V1.1 -> UsAr ! Sign by fly</text>
-      <pattern>
-        60 33 C0 8D 48 07 50 E2 FD 8B EC 64 8B 40 30 78 0C 8B 40 0C 8B 70 1C AD 8B 40 08 EB 09 8B 40 34 8D 40 7C 8B 40 3C 89 45 04 E8 F3 07 00 00 60 8B 5D 04 8B 73 3C 8B 74 33 78 03 F3 56 8B 76 20 03 F3 33 C9 49 92 41 AD 03 C3 52 33 FF 0F B6 10 38 F2
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yzpack V1.12 -> UsAr ! Sign by fly</text>
-      <pattern>
-        5A 52 45 60 83 EC 18 8B EC 8B FC 33 C0 64 8B 40 30 78 0C 8B 40 0C 8B 70 1C AD 8B 40 08 EB 09 8B 40 34 83 C0 7C 8B 40 3C AB E9 xx xx xx xx B4 09 BA 00 00 1F CD 21 B8 01 4C CD 21 40 00 00 00 50 45 00 00 4C 01 02 00 xx xx xx xx 00 00 00 00 00 00 00 00 E0 00 xx xx 0B 01 xx xx xx xx 00 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yzpack V1.12 -> UsAr</text>
-      <pattern>
-        5A 52 45 60 83 EC 18 8B EC 8B FC 33 C0 64 8B 40 30 78 0C 8B 40 0C 8B 70 1C AD 8B 40 08 EB 09 8B 40 34 83 C0 7C 8B 40 3C AB E9 xx xx xx xx B4 09 BA 00 00 1F CD 21 B8 01 4C CD 21 40 00 00 00 50 45 00 00 4C 01 02 00 xx xx xx xx 00 00 00 00 00 00 00 00 E0 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yzpack V2.0 -> UsAr ! Sign by fly</text>
-      <pattern>
-        25 xx xx xx xx 61 87 CC 55 45 45 55 81 ED CA 00 00 00 55 A4 B3 02 FF 14 24
-        73 F8 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 1F B3 02 41 B0 10 FF 14 24 12
-        C0 73 F9 75 3C AA EB DC FF 54 24 04 2B CB 75 0F FF 54 24 08 EB 27 AC D1 E8
-        74 30 13 C9 EB 1B 91 48 C1 E0 08 AC FF 54 24 08 3D 00 7D 00 00 73 0A 80 FC
-        05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 99
-        BD xx xx xx xx FF 65 28
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yzpack V2.0 -> UsAr</text>
-      <pattern>
-        25 xx xx xx xx 61 87 CC 55 45 45 55 81 ED CA 00 00 00 55 A4 B3 02 FF 14 24 73 F8 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 1F B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3C AA EB DC FF 54 24 04 2B CB 75 0F FF 54 24 08 EB 27 AC D1 E8 74 30 13 C9 EB 1B 91 48 C1 E0
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ZCode Win32/PE Protector v1.01</text>
-      <pattern>
-        E9 12 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx E9 FB FF FF FF C3 68 xx xx xx xx 64 FF 35
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ZealPack 1.0 -> Zeal</text>
-      <pattern>
-        C7 45 F4 00 00 40 00 C7 45 F0 xx xx xx xx 8B 45 F4 05 xx xx xx xx 89 45 F4 C7 45 FC 00 00 00 00 EB 09 8B 4D FC 83 C1 01 89 4D FC 8B 55 FC 3B 55 F0 7D 22 8B 45 F4 03 45 FC 8A 08 88 4D F8 0F BE 55 F8 83 F2 0F 88 55 F8 8B 45 F4 03 45 FC 8A 4D F8 88 08 EB CD FF 65 F4
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ZipWorxSecureEXE 2.5 -> ZipWORX Technologies LLC (h)</text>
-      <pattern>
-        E9 B8 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx 00 53 65 63 75 72 65 45 58 45 20 45 78 65 63 75 74 61 62 6C 65 20 46 69 6C 65 20 50 72 6F 74 65 63 74 6F 72 0D 0A 43 6F 70 79 72 69 67 68 74 28 63 29 20 32 30
-      </pattern>
-      <ep>false</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>ZipWorxSecureEXE v2.5 -> ZipWORX Technologies LLC (h)</text>
-      <pattern>
-        E9 B8 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx 00 53 65 63 75 72 65 45 58 45 20 45 78 65 63 75 74 61 62 6C 65 20 46 69 6C 65 20 50 72 6F 74 65 63 74 6F 72 0D 0A 43 6F 70 79 72 69 67 68 74 28 63 29 20 32 30 30 34 2D 32 30 30 37 20 5A 69 70 57 4F 52 58 20 54 65 63 68 6E 6F 6C 6F 67 69 65 73 2C 20 4C 4C 43 0D 0A 50 6F 72 74 69 6F 6E 73 20 43 6F 70 79 72 69 67 68 74 20 28 63 29 20 31 39 39 37 2D 32 30 30 31 20 4C 65 65 20 48 61 73 69 75 6B 0D 0A 41 6C 6C 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 2E 0D 0A 00 00 8B 44 24 04 23 05 xx xx xx xx xx xx xx xx 00 00 83 C4 04 FE 05 xx xx xx xx 0B C0 74 02 FF E0 8B E5 5D C2 0C 00 80 3D xx xx xx xx 00 75 13 50 2B C0 50 E8 xx xx 00 00 83 C4 04 58 FE 05 xx xx xx xx xx 94 9A 8D 91 9A 93 CC CD 00 B8 93 90 9D 9E 93 BE 93 93 90 9C 00 B8 93 90 9D 9E 93 B9 8D 9A 9A 00 B8 9A 8B B2 90 9B 8A 93 9A B7 9E 91 9B 93 9A BE 00 B8 9A 8B B2 90
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Zortech C v2.00 1988, 1989</text>
-      <pattern>
-        FA B8 xx xx 8E D8 8C xx xx xx 26 8B xx xx xx 89 1E xx xx 8B D8 2B 1E xx xx 89 1E
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Zortech C v3.0</text>
-      <pattern>
-        FA FC B8 xx xx xx 8C C8 8E D8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Zortech C</text>
-      <pattern>
-        E8 xx xx 2E FF xx xx xx FC 06
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Zurenava DOS Extender v0.45, v0.49</text>
-      <pattern>
-        BE xx xx BF xx xx B9 xx xx 56 FC F3 A5 5F E9
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>?</text>
-      <pattern>
-        55 8B EC 83 C4 E4 53 56 57 33 C0 89 45 E4 89 45
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>?</text>
-      <pattern>
-        55 8B EC 6A FF 68 08 4B 40 00 68 36 3A 40 00 64 A1
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>Li-Jianjun</text>
-      <pattern>
-        60 E8 00 00 00 00 5D 81 ED 0A 4A 44 00 BB 04 4A 44
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>?</text>
-      <pattern>
-        64 A1 00 00 00 00 55 89 E5 6A FF 68 1C 30 40 00
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>yy66</text>
-      <pattern>
-        68 78 18 40 00 E8 F0 FF FF FF 00 00 00 00 00 00 30
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>2.2b -> Shoooo</text>
-      <pattern>
-        68 xx xx xx xx E8 01 00 00 00 C3 C3 11 55 07 8B EC B8 14 80 0E 03 E8 D1 09 00 0A 57 33 D2 FF 75 18 B9 E8 1F DE 16 81 C0 8D BD EE 7F FB F8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-    <sig id="" bl="0">
-      <text>2.2b Anti -> xiaohui</text>
-      <pattern>
-        EB F4 11 55 07 8B EC B8 14 80 0E 03 E8 D1 09 00 0A 57 33 D2 FF 75 18 B9 E8 1F DE 16 81 C0 8D BD EE 7F FB F8
-      </pattern>
-      <ep>true</ep>
-    </sig>
-
-  </sigs>
-</xml>
diff --git a/assemblyline_v4_service/common/pestudio/xml/strings.xml b/assemblyline_v4_service/common/pestudio/xml/strings.xml
deleted file mode 100644
index 8d510936..00000000
--- a/assemblyline_v4_service/common/pestudio/xml/strings.xml
+++ /dev/null
@@ -1,2379 +0,0 @@
-<!--
-strings.mxl is part of the pestudio (www.winitor.com)
-It contains the strings that will be detected as blackListed by pestudio.
--->
-
-<xml version="1.0" encoding="utf-8" md5="2DAF1731A644116D0965C0CA4B51C082">
-
-  <settings>
-    <setting>
-
-      <!--
-      the minimum character size of a string
-      -->
-      <minimum-size>4</minimum-size>
-
-      <!--
-      1: Be case-sensitive when searching for strings
-      0: Dont be case-sensitive when searching for strings
-      -->
-      <CaseSensitive>0</CaseSensitive>
-
-      <!--
-      1: Enable Substring when searching for strings (e.g. "soft" being a substring of "software")
-      0: Disable Substring when searching for strings
-      -->
-      <Substring>0</Substring>
-
-      <!--  
-      0: Show Imported Library Names in Strings collection
-      1: Hide Imported Library Names from Strings collection 
-      -->
-      <HideImportedLibraryNames>0</HideImportedLibraryNames>
-
-      <!--  
-      0: Show Imported String Names in Strings collection
-      1: Hide Imported String Names from Strings collection 
-      -->
-      <HideImportedFunctionNames>0</HideImportedFunctionNames>
-
-    </setting>
-  </settings>
-
-  <privs>
-    <priv>SeAssignPrimaryTokenPrivilege</priv>
-    <priv>SeAuditPrivilege</priv>
-    <priv>SeBackupPrivilege</priv>
-    <priv>SeChangeNotifyPrivilege</priv>
-    <priv>SeCreateGlobalPrivilege</priv>
-    <priv>SeCreatePagefilePrivilege</priv>
-    <priv>SeCreatePermanentPrivilege</priv>
-    <priv>SeCreateSymbolicLinkPrivilege</priv>
-    <priv>SeCreateTokenPrivilege</priv>
-    <priv>SeDebugPrivilege</priv>
-    <priv>SeEnableDelegationPrivilege</priv>
-    <priv>SeImpersonatePrivilege</priv>
-    <priv>SeIncreaseBasePriorityPrivilege</priv>
-    <priv>SeIncreaseQuotaPrivilege</priv>
-    <priv>SeIncreaseWorkingSetPrivilege</priv>
-    <priv>SeLoadDriverPrivilege</priv>
-    <priv>SeLockMemoryPrivilege</priv>
-    <priv>SeMachineAccountPrivilege</priv>
-    <priv>SeManageVolumePrivilege</priv>
-    <priv>SeProfileSingleProcessPrivilege</priv>
-    <priv>SeRelabelPrivilege</priv>
-    <priv>SeRemoteShutdownPrivilege</priv>
-    <priv>SeRestorePrivilege</priv>
-    <priv>SeSecurityPrivilege</priv>
-    <priv>SeShutdownPrivilege</priv>
-    <priv>SeSyncAgentPrivilege</priv>
-    <priv>SeSystemEnvironmentPrivilege</priv>
-    <priv>SeSystemProfilePrivilege</priv>
-    <priv>SeSystemtimePrivilege</priv>
-    <priv>SeTakeOwnershipPrivilege</priv>
-    <priv>SeTcbPrivilege</priv>
-    <priv>SeTimeZonePrivilege</priv>
-    <priv>SeTrustedCredManAccessPrivilege</priv>
-    <priv>SeUndockPrivilege</priv>
-    <priv>SeUnsolicitedInputPrivilege</priv>
-  </privs>
-
-  <oids>
-    <oid>2.16.840.1.113730.4.1</oid>
-    <oid>1.3.6.1.4.1.311.10.3.3</oid>
-    <oid>1.3.6.1.5.5.7.3.2</oid>
-    <oid>1.3.6.1.5.5.7.3.1</oid>
-    <oid>1.2.840.113549.1.1.11</oid>
-    <oid>1.2.840.113549.1.1.2</oid>
-    <oid>1.2.840.113549.1.1.4</oid>
-    <oid>1.2.840.113549.1.1.5</oid>
-    <oid>1.2.840.113549.1.9.6</oid>
-    <oid>1.2.840.113549.2.5</oid>
-    <oid>1.2.840.113549.1.9.5</oid>
-    <oid>1.2.840.113556.1.4.1221</oid>
-    <oid>1.2.840.113556.1.4.1222</oid>
-    <oid>1.2.840.113556.1.4.1362</oid>
-    <oid>1.2.840.113556.1.4.1413</oid>
-    <oid>1.2.840.113556.1.4.521</oid>
-    <oid>1.2.840.113556.1.4.616</oid>
-    <oid>1.2.840.113556.1.4.801</oid>
-    <oid>1.2.840.113556.1.4.805</oid>
-    <oid>1.2.840.113556.1.4.903</oid>
-    <oid>1.2.840.113556.1.4.904</oid>
-    <oid>1.2.840.113556.1.4.905</oid>
-    <oid>1.2.840.113556.1.4.906</oid>
-    <oid>1.2.840.113556.1.4.907</oid>
-    <oid>1.3.14.3.2.26</oid>
-    <oid>1.3.14.3.2.29</oid>
-    <oid>1.3.14.3.2.3</oid>
-    <oid>1.3.6.1.4.1.311.2.1.12</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.10</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.11</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.12</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.13</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.14</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.15</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.19</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.2</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.21</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.22</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.23</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.24</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.25</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.26</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.27</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.28</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.3</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.32</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.33</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.34</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.36</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.37</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.38</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.39</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.4</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.40</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.41</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.43</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.44</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.5</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.50</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.51</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.52</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.53</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.6</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.7</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.8</oid>
-    <oid>1.3.6.1.4.1.1466.115.121.1.9</oid>
-    <oid>1.3.6.1.4.1.311.10.3.6</oid>
-    <oid>1.3.6.1.4.1.311.88.2.1</oid>
-    <oid>1.3.6.1.4.1.311.88.2.2</oid>
-    <oid>1.3.6.1.5.5.7.3.3</oid>
-  </oids>
-
-  <exts>
-    <ext enable="1" risk="1">b64</ext>
-    <ext enable="1" risk="1">bat</ext>
-    <ext enable="1" risk="1">cert</ext>
-    <ext enable="1" risk="1">cmd</ext>
-    <ext enable="1" risk="1">dll</ext>
-    <ext enable="1" risk="1">exe</ext>
-    <ext enable="1" risk="1">ftp</ext>
-    <ext enable="1" risk="1">gzip</ext>
-    <ext enable="1" risk="1">hta</ext>
-    <ext enable="1" risk="1">html</ext>
-    <ext enable="1" risk="1">iso</ext>
-    <ext enable="1" risk="1">jar</ext>
-    <ext enable="1" risk="1">rsrc</ext>
-    <ext enable="1" risk="1">tar</ext>
-    <ext enable="1" risk="1">tmp</ext>
-    <ext enable="1" risk="1">temp</ext>
-    <ext enable="1" risk="1">tor</ext>
-    <ext enable="1" risk="1">url</ext>
-    <ext enable="1" risk="1">vb</ext>
-    <ext enable="1" risk="1">vbe</ext>
-    <ext enable="1" risk="1">vbs</ext>
-    <ext enable="1" risk="1">vbp</ext>
-    <ext enable="1" risk="1">xll</ext>
-    <ext enable="1" risk="1">zip</ext>
-  </exts>
-
-  <agents>
-    <agent>Mozilla/1.22</agent>
-    <agent>Mozilla/3.0</agent>
-    <agent>Mozilla/3.1</agent>
-    <agent>Mozilla/3.6</agent>
-    <agent>Mozilla/4.0</agent>
-    <agent>Mozilla/4.08</agent>
-    <agent>Mozilla/5.0</agent>
-
-    <agent>Opera/8.90</agent>
-    <agent>Opera/9.00</agent>
-    <agent>Opera/9.25</agent>
-    <agent>Opera/9.33</agent>
-    <agent>Opera 9.4</agent>
-    <agent>Opera/9.80</agent>
-  </agents>
-
-  <!-- guid -->
-  <guids>
-    <guid>27C3B8ED-0790-42BD-9AD7-18465E7F7696</guid>
-    <guid>27C3B8ED-0790-42BD-9AD7-18465E7F7696</guid>
-    <guid>27C3B8ED-0790-42BD-9AD7-18465E7F7696</guid>
-    <guid>97808F6C-4769-49D5-9553-18AE9C62ACD7</guid>
-    <guid>B196B286-BAB4-101A-B69C-00AA00341D07</guid>
-    <guid>D27CDB6E-AE6D-11CF-96B8-444553540000</guid>
-    <guid>abe2869f-9b47-4cd9-a358-c22904dba7f7</guid>
-    <guid>00000000-0000-0000-C000-000000000046</guid>
-    <guid>ADB880A6-D8FF-11CF-9377-00AA003B7A11</guid>
-    <guid>5e7e8100-9138-11d1-945a-00c04fc308ff</guid>
-    <guid>82bd0e67-9fea-4748-8672-d5efe5b779b0</guid>
-    <guid>5e7e8100-9138-11d1-945a-00c04fc308ff</guid>
-    <guid>82BD0E67-9FEA-4748-8672-D5EFE5B779B0</guid>
-    <guid>8856F961-340A-11D0-A96B-00C04FD705A2</guid>
-  </guids>
-
-  <!-- Registry -->
-  <regs>
-    <reg>\Device\KeyboardClass0</reg>
-    <reg>Software\Skype\Phone</reg>
-    <reg>\registry\machine\system\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\</reg>
-    <reg>Software\Microsoft</reg>
-    <reg>System\WPA\</reg>
-    <reg>HARDWARE\DEVICEMAP\SERIALCOMM</reg>
-    <reg>HARDWARE\DEVICEMAP\PARALLEL PORTS</reg>
-    <reg>Software\Microsoft\Windows\CurrentVersion\Run</reg>
-    <reg>.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices</reg>
-    <reg>.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Runonce</reg>
-    <reg>.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run</reg>
-    <reg>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UserReset</reg>
-    <reg>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\</reg>
-    <reg>HKEY_CURRENT_USER\Software\Microsoft</reg>
-    <reg>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit</reg>
-    <reg>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell</reg>
-    <reg>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wdfmgr</reg>
-    <reg>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UserRestart</reg>
-    <reg>Software\Policies\Microsoft\Cryptography\AutoEnrollment</reg>
-    <reg>Software\KasperskyLab\protected\AVP9\settings</reg>
-    <reg>Software\KasperskyLab\protected\AVP8\settings</reg>
-    <reg>Software\kingsoft\AntiVirus</reg>
-    <reg>Software\JiangMin</reg>
-    <reg>Software\Norton\SecurityStatusSDK</reg>
-    <reg>Software\ESET\ESET Security\CurrentVersion\Info</reg>
-    <reg>Software\Cisco Systems\VPN Client\AllAccess</reg>
-    <reg>Software\AVAST Software</reg>
-    <reg>Software\ESET</reg>
-    <reg>Software\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32</reg>
-    <reg>CurrentVersion\Run</reg>
-    <reg>Hardware\Description\System\CentralProcessor</reg>
-    <reg>Hardware\ACPI\DSDT</reg>
-    <reg>HARDWARE\DEVICEMAP</reg>
-    <reg>hklm\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}</reg>
-    <reg>hklm\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}</reg>
-    <reg>HARDWARE\DESCRIPTION\System\CentralProcessor\0</reg>
-    <reg>DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run</reg>
-    <reg>DisableTaskManager</reg>
-    <reg>HKCU\Control Panel\Desktop</reg>
-    <reg>LoadAppInit_DLLs</reg>
-    <reg>AppInit_DLLs</reg>
-    <reg>WarnOnIntranet</reg>
-    <reg>NoProtectedModeBanner</reg>
-    <reg>Global\{A3BD3259-3E4F-428a-84C8-F0463A9D3EB5}</reg>
-    <reg>Global\{A64C7F33-DA35-459b-96CA-63B51FB0CDB9}</reg>
-    <reg>CLSID\{6C736DB0-BD94-11D0-8A23-00AA00B58E10}\EnableEvents</reg>
-    <reg>ROOT\SecurityCenter</reg>
-    <reg>ROOT\SecurityCenter2</reg>
-    <reg>\shell\open\command</reg>
-    <reg>\Device\KeyboardClassC</reg>
-    <reg>\DosDevices\KeyboardClassC</reg>
-  </regs>
-
-  <oss>
-    <os>Microsoft Windows ME</os>
-    <os>Microsoft Windows 98</os>
-    <os>Microsoft Windows 95</os>
-    <os>Microsoft Windows 2000</os>
-    <os>Microsoft Windows XP</os>
-    <os>Home-Basic-Edition</os>
-    <os>Home-Premium-Edition</os>
-    <os>Home_Edition</os>
-    <os>Home_Server</os>
-    <os>WinNT</os>
-    <os>WIN32_NT</os>
-    <os>WIN_2008R2</os>
-    <os>WIN_7</os>
-    <os>WIN_2008</os>
-    <os>WIN_VISTA</os>
-    <os>WIN_2003</os>
-    <os>WIN_XPe</os>
-    <os>WIN_XP</os>
-    <os>WIN_2000</os>
-    <os>Web_Server_Edition</os>
-    <os>Standard_Edition_core_installation</os>
-    <os>Standard_Edition</os>
-    <os>Small_Business_Server_Premium_Edition</os>
-    <os>Small_Business_Server</os>
-    <os>Enterprise_Edition_for_ItaniumBased_System</os>
-    <os>Enterprise_Edition_core_installation</os>
-    <os>Datacenter_Edition_core_installation</os>
-    <os>Datacenter_Edition</os>
-    <os>Cluster_Server_Edition</os>
-    <os>Starter_Edition</os>
-    <os>Business_Edition</os>
-    <os>Enterprise_Edition</os>
-    <os>Home_Basic_Edition</os>
-    <os>Home_Premium_Edition</os>
-    <os>Ultimate_Edition</os>
-    <os>Server2008R2</os>
-    <os>Server2008</os>
-    <os>Win8</os>
-    <os>WinServer2012</os>
-    <os>Win7</os>
-    <os>WinServer2008R2</os>
-    <os>WinServer2008</os>
-    <os>Vista</os>
-    <os>WinHomeServer</os>
-    <os>WinServer2003R2</os>
-    <os>WinServer2003</os>
-    <os>WinXP64</os>
-    <os>WinXP</os>
-    <os>Win2K</os>
-    <os>Windows Me</os>
-    <os>Windows 98</os>
-    <os>Windows 95</os>
-    <os>Windows NT</os>
-    <os>Windows Vista</os>
-    <os>Windows 7</os>
-    <os>Windows 8</os>
-    <os>Windows 8.1</os>
-    <os>Windows NT 3.51</os>
-    <os>Windows NT 4.0</os>
-    <os>Windows Server</os>
-    <os>Windows Server 2012 R2</os>
-    <os>Windows 10</os>
-    <os>Windows Server 2016 Technical Preview</os>
-    <os>Ultimate Edition</os>
-    <os>Home Premium Edition</os>
-    <os>Home Basic Edition</os>
-    <os>Enterprise Edition</os>
-    <os>Business Edition</os>
-    <os>Starter Edition</os>
-    <os>Cluster Server Edition</os>
-    <os>Datacenter Edition</os>
-    <os>Datacenter Edition (core installation)</os>
-    <os>Enterprise Edition (core installation)</os>
-    <os>Enterprise Edition for Itanium-based Systems</os>
-    <os>Small Business Server</os>
-    <os>Small Business Server Premium Edition</os>
-    <os>Standard Edition</os>
-    <os>Standard Edition (core installation)</os>
-    <os>Web Server Edition</os>
-    <os>Professional Edition</os>
-    <os>Windows Server 2003</os>
-    <os>Windows Server 2003 R2</os>
-    <os>Windows Storage Server 2003</os>
-    <os>Windows XP</os>
-    <os>Windows XP Professional x64 Edition</os>
-    <os>Windows XP Professional x64</os>
-    <os>Datacenter Edition for Itanium-based Systems</os>
-    <os>Datacenter x64 Edition</os>
-    <os>Enterprise x64 Edition</os>
-    <os>Standard x64 Edition</os>
-    <os>Compute Cluster Edition</os>
-    <os>Web Edition</os>
-    <os>Home Edition</os>
-    <os>Windows 2000</os>
-    <os>Datacenter Server</os>
-    <os>Advanced Server</os>
-    <os>Windows Home Server</os>
-    <os>Windows Server 2008</os>
-    <os>Windows Server 2008 R2</os>
-    <os>Windows Server R2</os>
-    <os>Media Center Edition</os>
-    <os>Tablet PC Edition</os>
-    <os>Embedded Edition</os>
-    <os>Professional x64 Edition</os>
-    <os>Storage Server 2003 R2</os>
-    <os>Storage Server 2003</os>
-    <os>Server 2003 R2</os>
-    <os>Server 2003</os>
-    <os>Server 2008</os>
-    <os>Business N</os>
-    <os>Datacenter Edition(Core)</os>
-    <os>Enterprise N</os>
-    <os>Enterprise Edition(Core)</os>
-    <os>Home Basic</os>
-    <os>Home Basic N</os>
-    <os>Home Premium</os>
-    <os>Home Premium N</os>
-    <os>Ultimate N</os>
-    <os>Standard Edition(Core)</os>
-    <os>NT3.1</os>
-    <os>NT3.5</os>
-    <os>NT3.51</os>
-    <os>2003 Server</os>
-    <os>2008 Server</os>
-    <os>Win Vista</os>
-    <os>Win Srv 2008</os>
-    <os>Win 7</os>
-    <os>Win 8</os>
-    <os>Windows+8.1</os>
-    <os>Win Srv 2003</os>
-    <os>Win Srv</os>
-    <os>Win XP</os>
-    <os>Windows+XP</os>
-    <os>Windows XP (5.1)</os>
-    <os>Win 2000</os>
-    <os>Windows Server 2012</os>
-    <os>32-bit Edition</os>
-    <os>64-bit Edition</os>
-    <os>Windows Server 2000</os>
-    <os>Windows Server 2000</os>
-    <os>Windows+8</os>
-    <os>Windows+7</os>
-    <os>Windows+Vista</os>
-    <os>Windows+Server+2003</os>
-    <os>Windows+2000</os>
-    <os>Windows 2000 (5.0)</os>
-    <os>Windows 7 (6.1)</os>
-    <os>Windows Server 2003  (5.2)</os>
-    <os>Windows Server 2003 R2 (5.2)</os>
-    <os>Windows Server 2008 (6.0)</os>
-    <os>Windows Server 2008 R2 (6.1)</os>
-    <os>Windows Vista (6.0)</os>
-  </oss>
-
-  <!--Sandbox Product IDs -->
-  <products>
-    <product>76487-640-1457236-23837</product>
-    <product>76487-337-8429955-22614</product>
-    <product>76487-644-3177037-23510</product>
-    <product>76487-640-8834005-23195</product>
-    <product>76487-640-0716662-23535</product>
-    <product>76487-644-8648466-23106</product>
-    <product>76487-341-5883812-22420</product>
-    <product>76487-OEM-0027453-63796</product>
-    <product>76497-640-6308873-23835</product>
-    <product>55274-640-2673064-23950</product>
-    <product>00426-293-8170032-85146</product>
-  </products>
-
-  <!-- SID (Security Identifiers -->
-  <sids>
-    <sid>S-1-0</sid>
-    <sid>S-1-0-0</sid>
-    <sid>S-1-1</sid>
-    <sid>S-1-1-0</sid>
-    <sid>S-1-2</sid>
-    <sid>S-1-2-0</sid>
-    <sid>S-1-2-1</sid>
-    <sid>S-1-3</sid>
-    <sid>S-1-3-0</sid>
-    <sid>S-1-3-1</sid>
-    <sid>S-1-3-2</sid>
-    <sid>S-1-3-3</sid>
-    <sid>S-1-3-4</sid>
-    <sid>S-1-5-80-0</sid>
-    <sid>S-1-4</sid>
-    <sid>S-1-5</sid>
-    <sid>S-1-5-1</sid>
-    <sid>S-1-5-2</sid>
-    <sid>S-1-5-3</sid>
-    <sid>S-1-5-4</sid>
-    <sid>S-1-5-6</sid>
-    <sid>S-1-5-7</sid>
-    <sid>S-1-5-8</sid>
-    <sid>S-1-5-9</sid>
-    <sid>S-1-5-10</sid>
-    <sid>S-1-5-11</sid>
-    <sid>S-1-5-12</sid>
-    <sid>S-1-5-13</sid>
-    <sid>S-1-5-14</sid>
-    <sid>S-1-5-15</sid>
-    <sid>S-1-5-17</sid>
-    <sid>S-1-5-18</sid>
-    <sid>S-1-5-19</sid>
-    <sid>S-1-5-20</sid>
-    <sid>S-1-5-32-544</sid>
-    <sid>S-1-5-32-545</sid>
-    <sid>S-1-5-32-546</sid>
-    <sid>S-1-5-32-547</sid>
-    <sid>S-1-5-32-548</sid>
-    <sid>S-1-5-32-549</sid>
-    <sid>S-1-5-32-550</sid>
-    <sid>S-1-5-32-551</sid>
-    <sid>S-1-5-32-552</sid>
-    <sid>S-1-5-64-10</sid>
-    <sid>S-1-5-64-14</sid>
-    <sid>S-1-5-64-21</sid>
-    <sid>S-1-5-80</sid>
-    <sid>S-1-5-83-0</sid>
-    <sid>S-1-16-0</sid>
-    <sid>S-1-16-4096</sid>
-    <sid>S-1-16-8192</sid>
-    <sid>S-1-16-8448</sid>
-    <sid>S-1-16-12288</sid>
-    <sid>S-1-16-16384</sid>
-    <sid>S-1-16-20480</sid>
-    <sid>S-1-16-28672</sid>
-    <sid>S-1-5-32-554</sid>
-    <sid>S-1-5-32-555</sid>
-    <sid>S-1-5-32-556</sid>
-    <sid>S-1-5-32-557</sid>
-    <sid>S-1-5-32-558</sid>
-    <sid>S-1-5-32-559</sid>
-    <sid>S-1-5-32-560</sid>
-    <sid>S-1-5-32-561</sid>
-    <sid>S-1-5-32-562</sid>
-    <sid>S-1-5-32-569</sid>
-    <sid>S-1-5-32-573</sid>
-    <sid>S-1-5-32-574</sid>
-    <sid>S-1-5-32-575</sid>
-    <sid>S-1-5-32-576</sid>
-    <sid>S-1-5-32-577</sid>
-    <sid>S-1-5-32-578</sid>
-    <sid>S-1-5-32-579</sid>
-    <sid>S-1-5-32-580</sid>
-    <sid>S-1-5-80-2006800713-1441093265-249754844-3404434343-1444102779</sid>
-    <sid>S-1-5-80-3864065939-1897331054-469427076-3133256761-1570309435</sid>
-  </sids>
-
-  <protocols>
-    <protocol enable="1" risk="1">httpmail</protocol>
-    <protocol enable="1" risk="1">nntp</protocol>
-    <protocol enable="1" risk="1">imap</protocol>
-    <protocol enable="1" risk="1">pop3</protocol>
-    <protocol enable="1" risk="1">smb</protocol>
-    <protocol enable="1" risk="1">smtp</protocol>
-    <protocol enable="1" risk="1">ftp</protocol>
-    <protocol enable="1" risk="1">icmp</protocol>
-  </protocols>
-
-  <keys>
-    <key enable="1" risk="1">[ESCAPE]</key>
-    <key enable="1" risk="1">[ENTER]</key>
-    <key enable="1" risk="1">[TAB]</key>
-    <key enable="1" risk="1">[DELETE]</key>
-    <key enable="1" risk="1">[CAPS LOCK]</key>
-    <key enable="1" risk="1">[BACKCPACE]</key>
-    <key enable="1" risk="1">[Backspace]</key>
-    <key enable="1" risk="1">[Enter]</key>
-    <key enable="1" risk="1">[Tab]</key>
-    <key enable="1" risk="1">[Arrow Left]</key>
-    <key enable="1" risk="1">[Arrow Up]</key>
-    <key enable="1" risk="1">[Arrow Right]</key>
-    <key enable="1" risk="1">[Arrow Down]</key>
-    <key enable="1" risk="1">[Home]</key>
-    <key enable="1" risk="1">[Page Up]</key>
-    <key enable="1" risk="1">[Page Down]</key>
-    <key enable="1" risk="1">[End]</key>
-    <key enable="1" risk="1">[Break]</key>
-    <key enable="1" risk="1">[Delete]</key>
-    <key enable="1" risk="1">[Insert]</key>
-    <key enable="1" risk="1">[Ent]</key>
-    <key enable="1" risk="1">[Print Screen]</key>
-    <key enable="1" risk="1">[Scroll Lock]</key>
-    <key enable="1" risk="1">[Caps Lock]</key>
-    <key enable="1" risk="1">[Alt]</key>
-    <key enable="1" risk="1">[Esc]</key>
-    <key enable="1" risk="1">[Back Space]</key>
-    <key enable="1" risk="1">[CONTROL]</key>
-    <key enable="1" risk="1">[PUSE]</key>
-    <key enable="1" risk="1">[LEFT]</key>
-    <key enable="1" risk="1">[RIGHT]</key>
-    <key enable="1" risk="1">[UP]</key>
-    <key enable="1" risk="1">[DOWN]</key>
-    <key enable="1" risk="1">[NUM LOCK]</key>
-    <key enable="1" risk="1">[RMOUSE]</key>
-    <key enable="1" risk="1">[LMOUSE]</key>
-    <key enable="1" risk="1">[AltRight]</key>
-    <key enable="1" risk="1">[AltLeft]</key>
-    <key enable="1" risk="1">[CtrlRight]</key>
-    <key enable="1" risk="1">[CtrlLeft]</key>
-    <key enable="1" risk="1">[ShiftRight]</key>
-    <key enable="1" risk="1">[ShiftLeft]</key>
-    <key enable="1" risk="1">[Scroll]</key>
-    <key enable="1" risk="1">[NumLock]</key>
-    <key enable="1" risk="1">[Sleep]</key>
-    <key enable="1" risk="1">[Menu]</key>
-    <key enable="1" risk="1">[WindowsRight]</key>
-    <key enable="1" risk="1">[WindowsLeft]</key>
-    <key enable="1" risk="1">[Suppr]</key>
-    <key enable="1" risk="1">[PrintScreen]</key>
-    <key enable="1" risk="1">[PageDown]</key>
-    <key enable="1" risk="1">[PageUp]</key>
-    <key enable="1" risk="1">[Caps]</key>
-    <key enable="1" risk="1">[Pause]</key>
-    <key enable="1" risk="1">[Ctrl]</key>
-    <key enable="1" risk="1">[Shift]</key>
-    <key enable="1" risk="1">[Clear]</key>
-    <key enable="1" risk="1">[DownArrow]</key>
-    <key enable="1" risk="1">[RightArrow]</key>
-    <key enable="1" risk="1">[UpArrow]</key>
-    <key enable="1" risk="1">[LeftArrow]</key>
-    <key enable="1" risk="1">[Space]</key>
-    <key enable="1" risk="1">[CapsLock]</key>
-    <key enable="1" risk="1">[ALT-DOWN]</key>
-    <key enable="1" risk="1">[ALT-UP]</key>
-    <key enable="1" risk="1">[APPS]</key>
-    <key enable="1" risk="1">[BACK]</key>
-    <key enable="1" risk="1">[CLR]</key>
-    <key enable="1" risk="1">[CTRL-DOWN]</key>
-    <key enable="1" risk="1">[CTRL-UP]</key>
-    <key enable="1" risk="1">[DEL]</key>
-    <key enable="1" risk="1">[EXECUTE]</key>
-    <key enable="1" risk="1">[F1]</key>
-    <key enable="1" risk="1">[F2]</key>
-    <key enable="1" risk="1">[F3]</key>
-    <key enable="1" risk="1">[F4]</key>
-    <key enable="1" risk="1">[F5]</key>
-    <key enable="1" risk="1">[F6]</key>
-    <key enable="1" risk="1">[F7]</key>
-    <key enable="1" risk="1">[F8]</key>
-    <key enable="1" risk="1">[F9]</key>
-    <key enable="1" risk="1">[F10]</key>
-    <key enable="1" risk="1">[F11]</key>
-    <key enable="1" risk="1">[F12]</key>
-    <key enable="1" risk="1">[HELP]</key>
-    <key enable="1" risk="1">[BACK_SPACE]</key>
-    <key enable="1" risk="1">[RETURN]</key>
-    <key enable="1" risk="1">[Esc]</key>
-    <key enable="1" risk="1">[TAB]</key>
-    <key enable="1" risk="1">[CAPS LOCK]</key>
-    <key enable="1" risk="1">[SPACE]</key>
-    <key enable="1" risk="1">[LEFT_SHIFT]</key>
-    <key enable="1" risk="1">[RIGHT_SHIFT]</key>
-    <key enable="1" risk="1">[LEFT_CONTROL]</key>
-    <key enable="1" risk="1">[RIGHT_CONTROL]</key>
-    <key enable="1" risk="1">[LCONTROL-DOWN]</key>
-    <key enable="1" risk="1">[LCONTROL-UP]</key>
-    <key enable="1" risk="1">[LMENU-DOWN]</key>
-    <key enable="1" risk="1">[LMENU-UP]</key>
-    <key enable="1" risk="1">[LWIN-DOWN]</key>
-    <key enable="1" risk="1">[LWIN-UP]</key>
-    <key enable="1" risk="1">[PGDOWN]</key>
-    <key enable="1" risk="1">[PGUP]</key>
-    <key enable="1" risk="1">[PRINT]</key>
-    <key enable="1" risk="1">[RCONTROL-DOWN]</key>
-    <key enable="1" risk="1">[RCONTROL-UP]</key>
-    <key enable="1" risk="1">[RMENU-DOWN]</key>
-    <key enable="1" risk="1">[RMENU-UP]</key>
-    <key enable="1" risk="1">[RWIN-DOWN]</key>
-    <key enable="1" risk="1">[RWIN-UP]</key>
-    <key enable="1" risk="1">[SELECT]</key>
-    <key enable="1" risk="1">[SEPARATOR]</key>
-    <key enable="1" risk="1">[SNAPSHOT]</key>
-    <key enable="1" risk="1">[PRSC]</key>
-  </keys>
-
-  <events>
-    <event enable="1" risk="1">OnActivate</event>
-    <event enable="1" risk="1">OnCanClose</event>
-    <event enable="1" risk="1">OnChange</event>
-    <event enable="1" risk="1">OnClick</event>
-    <event enable="1" risk="1">OnClose</event>
-    <event enable="1" risk="1">OnCloseQuery</event>
-    <event enable="1" risk="1">OnCloseUp</event>
-    <event enable="1" risk="1">OnClose</event>
-    <event enable="1" risk="1">OnCreate</event>
-    <event enable="1" risk="1">OnCreatePanelClass</event>
-    <event enable="1" risk="1">OnData</event>
-    <event enable="1" risk="1">OnDataFind</event>
-    <event enable="1" risk="1">OnDataHint</event>
-    <event enable="1" risk="1">OnDataStateChange</event>
-    <event enable="1" risk="1">OnDeletion</event>
-    <event enable="1" risk="1">OnDestroy</event>
-    <event enable="1" risk="1">OnDockOver</event>
-    <event enable="1" risk="1">OnDragDrop</event>
-    <event enable="1" risk="1">OnDragOver</event>
-    <event enable="1" risk="1">OnDropDown</event>
-    <event enable="1" risk="1">OnEndDock</event>
-    <event enable="1" risk="1">OnEndDrag</event>
-    <event enable="1" risk="1">OnExit</event>
-    <event enable="1" risk="1">OnKeyDown</event>
-    <event enable="1" risk="1">OnKeyPress</event>
-    <event enable="1" risk="1">OnKeyUp</event>
-    <event enable="1" risk="1">OnMouseDown</event>
-    <event enable="1" risk="1">OnMouseEnter</event>
-    <event enable="1" risk="1">OnMouseLeave</event>
-    <event enable="1" risk="1">OnMouseMove</event>
-    <event enable="1" risk="1">OnMouseUp</event>
-    <event enable="1" risk="1">OnProgress</event>
-    <event enable="1" risk="1">OnTimer</event>
-    <event enable="1" risk="1">OnUnDock</event>
-    <event enable="1" risk="1">OnUpdate</event>
-  </events>
-
-  <strings>
-    <string score="0">unzip</string>
-    <string score="0">inflate</string>
-    <string score="0">\\.\SICE</string>
-    <string score="0">\\.\SIWVID</string>
-    <string score="0">\\.\REGSYS</string>
-    <string score="0">\\.\REGVXG</string>
-    <string score="0">\\.\FILEVXG</string>
-    <string score="0">\\.\FILEM</string>
-    <string score="0">\\.\TR</string>
-
-    <string score="0">MSXML2.ServerXMLHTTP$</string>
-    <string score="0">MSXML2.DOMDocument$</string>
-    <string score="0">MSXML2.DOMDocument.6.0</string>
-    <string score="0">MSXML2.DOMDocument.5.0</string>
-    <string score="0">MSXML2.DOMDocument.4.0</string>
-    <string score="0">MSXML2.DOMDocument.3.0</string>
-    <string score="0">Word.Document.8</string>
-    <string score="0">PROJECT.THISDOCUMENT.AUTOOPEN</string>
-    <string score="0">PROJECTwm</string>
-
-    <string score="1">webcam</string>
-    <string score="1">Please Enable Content* to see this document.</string>
-    <string score="1">Enable Content</string>
-    <string score="1">Program Files (x86)</string>
-    <string score="1">Playx64</string>
-    <string score="1">PlayWin32</string>
-    <string score="1">PROCEXPLORER</string>
-    <string score="1">MSScriptControl.ScriptControl.1</string>
-    <string score="1">Embedded Control</string>
-    <string score="1">Microsoft Word 10.0</string>
-    <string score="1">OCXNAME</string>
-    <string score="0">Accept-Language: </string>
-    <string score="0">Accept-Encoding: </string>
-    <string score="0">Mr.Black</string>
-
-    <string score="0">WinZip Self-Extractor - Password</string>
-    <string score="0">This self-extracting Zip file is password protected.</string>
-    <string score="0">Windows Installer XML (3.0.5419.0)</string>
-    <string score="0">ResponseText</string>
-    <string score="0">Macros must be enabled to display the contents of the document.</string>
-
-    <string score="0">Your decryption price will</string>
-    <string score="0">Your personal files are encrypted!</string>
-    <string score="0">!!!Rescue your files!!!</string>
-    <string score="0">Any attempt to remove or corrupt this software will result</string>
-    <string score="0">Now you have the last chance to decrypt your files.</string>
-    <string score="0">Any attempt to remove or corrupt this software will result</string>
-    <string score="0">in immediate elimination of the private key by the server.</string>
-    <string score="0">the more chances are left to recover the files.</string>
-    <string score="0">You must install this browser</string>
-    <string score="0">Your decryption price will</string>
-    <string score="0">Everything is fine now decrypting all files.</string>
-    <string score="0">All files Decrypted</string>
-    <string score="0">Enter Decrypt Key</string>
-    <string score="0">WScript.Shell</string>
-    <string score="0">System Volume Information</string>
-    <string score="0">Boot</string>
-    <string score="0">This document was edited in later version of Microsoft Word.</string>
-    <string score="0">To load the document, please Enable Content.</string>
-
-    <string score="0">wevtutil clear-log Security</string>
-    <string score="0">wevtutil clear-log Setup</string>
-    <string score="0">wevtutil clear-log System</string>
-    <string score="0">wevtutil clear-log Application</string>
-    <string score="0">SECG curve over a 256 bit prime field</string>
-    <string score="0">SmartAssembly.Attributes</string>
-    <string score="0">Copyright (c) 1998-2009 by Joergen Ibsen All Rights Reserved.</string>
-    <string score="0">"Powered by SmartAssembly 6.8.0.121</string>
-    <string score="0">!Powered by SmartAssembly 6.6.1.44</string>
-
-    <string score="0">Microsoft Enhanced RSA and AES Cryptographic Provider</string>
-
-    <string score="0">$Info: This file is packed with the UPX executable packer http://upx.sf.net $</string>
-    <string score="0">$Id: UPX 3.91 Copyright (C) 1996-2013 the UPX Team. All Rights Reserved. $</string>
-    <string score="0">Microsoft Application Compatibility Toolkit 5.6</string>
-    <string score="0">System Manager</string>
-    <string score="0">Screen Capture</string>
-    <string score="0">Webcam Capture</string>
-    <string score="0">Packet Sniffer</string>
-    <string score="0">\\.\mailslot\%s</string>
-    <string score="0">Network Performance and Security Manager</string>
-    <string score="0">ProxyEnable</string>
-    <string score="0">ProxyServer</string>
-    <string score="0">ProxyOverride</string>
-    <string score="0">ProxyUserName</string>
-    <string score="0">ProxyPassword</string>
-    <string score="0">SkpWnd</string>
-    <string score="0">AdministratorsGroup</string>
-    <string score="0">NtAuthority</string>
-    <string score="0">masterkey</string>
-    <string score="0">IEHistory</string>
-    <string score="0">NT AUTHORITY</string>
-
-    <!-- Firefox -->
-    <string score="0">PR_Bind</string>
-    <string score="0">PR_Accept</string>
-    <string score="0">PR_AcceptRead</string>
-    <string score="0">PR_Connect</string>
-    <string score="0">PR_Listen</string>
-    <string score="0">PR_Read</string>
-    <string score="0">PR_Write</string>
-    <string score="0">PR_Writev</string>
-    <string score="0">PR_Close</string>
-    <string score="0">PR_Send</string>
-    <string score="0">PR_TransmitFile</string>
-    <string score="0">PR_OpenTCPSocket</string>
-    <string score="0">PR_GetSocketOption</string>
-    <string score="0">PR_SetSocketOption</string>
-    <string score="0">PR_Shutdown</string>
-    <string score="0">PR_GetError</string>
-    <string score="0">PR_SetError</string>
-    <string score="0">PR_GetNameForIdentity</string>
-
-    <!-- Unclassified -->
-    <string score="0">PClock</string>
-    <string score="0">Start scanner</string>
-    <string score="0">Scanner completed</string>
-    <string score="0">Start crypter</string>
-    <string score="0">Files encrypted</string>
-
-    <string score="0">TCustomDecompressor</string>
-    <string score="0">TCompressedBlockReader</string>
-    <string score="0">SoftDownloaderWnd</string>
-    <string score="0">MemoryScanner</string>
-    <string score="0">ActiveX Control</string>
-    <string score="0">\\.\PhysicalDrive%d</string>
-    <string score="0">Microsoft Windows Auto Update</string>
-    <string score="0">PB_DropAccept</string>
-    <string score="0">PB_WindowID</string>
-    <string score="0">IsAdmin</string>
-    <string score="0">CryptKeyType</string>
-    <string score="0">CryptKeyId</string>
-    <string score="0">NetAdapter</string>
-    <string score="0">Gateway</string>
-    <string score="0">PriWinsServer</string>
-    <string score="0">SecWinsServer</string>
-    <string score="0">DHCPServer</string>
-    <string score="0">DnsServer</string>
-    <string score="0">Microsoft Enhanced Cryptographic Provider v1.0</string>
-    <string score="0">Microsoft Base Cryptographic Provider v1.0</string>
-    <string score="0">Gestalt</string>
-    <string score="0">stub_helper</string>
-    <string score="0">vm_protect</string>
-
-    <string score="0">FtpServer</string>
-    <string score="0">FtpUserName</string>
-    <string score="0">FtpPassword</string>
-    <string score="0">FtpDirectory</string>
-    <string score="0">ServerType</string>
-    <string score="0">onEnterFrame</string>
-    <string score="0">error to get HDD firmware serial</string>
-    <string score="0">aPLib v1.01  -  the smaller the better :)</string>
-    <string score="0">TrojanEngine</string>
-    <string score="0">NetMon</string>
-    <string score="0">FileSmash</string>
-    <string score="0">IERepair</string>
-    <string score="0">KillVirus</string>
-    <string score="0">SoftMove</string>
-    <string score="0">SysClean</string>
-    <string score="0">Trojan</string>
-    <string score="0">CrashStackLen</string>
-    <string score="0">CrashDumpLen</string>
-    <string score="0">CrashStackBase64Len</string>
-    <string score="0">CrashDumpBase64Len</string>
-    <string score="0">CrashStack</string>
-    <string score="0">MinDump</string>
-    <string score="0">VIRUS</string>
-    <string score="0">QEMU</string>
-
-    <string score="0">Safengine Shielden v2.3.0.0</string>
-    <string score="0">EnumProcess</string>
-    <string score="0">InjectByPid</string>
-    <string score="0">Send to Server failed.</string>
-    <string score="0">HandShake with the server failed. Error:</string>
-    <string score="0">Microsoft Unified Security Protocol Provider</string>
-    <string score="0">ddos.bot</string>
-    <string score="0">makedir</string>
-    <string score="0">opencmd</string>
-    <string score="0">ProcessorNameString</string>
-    <string score="0">VendorIdentifier</string>
-    <string score="0">SystemBiosVersion</string>
-    <string score="0">SystemBiosDate</string>
-    <string score="0">VideoBiosVersion</string>
-    <string score="0">VideoBiosDate</string>
-    <string score="0">Windows File Protection</string>
-    <string score="0">LogonFailure</string>
-    <string score="0">killthread</string>
-    <string score="0">startkeylogger</string>
-    <string score="0">stopkeylogger</string>
-    <string score="0">listprocesses</string>
-    <string score="0">killprocess</string>
-    <string score="0">stopspy</string>
-    <string score="0">redirectspy</string>
-    <string score="0">stopredirectspy</string>
-    <string score="0">kazaabackupfiles</string>
-    <string score="0">SC_MONITORPOWER</string>
-    <string score="0">HWND_BROADCAST</string>
-    <string score="0">IsConnectedToInternet</string>
-    <string score="0">get_MachineName</string>
-    <string score="0">MacAddress</string>
-    <string score="0">InternetExplorer.Application</string>
-
-    <string score="0">EmailAddress</string>
-    <string score="0">PopServer</string>
-    <string score="0">PopPort</string>
-    <string score="0">PopAccount</string>
-    <string score="0">PopPassword</string>
-    <string score="0">SmtpServer</string>
-    <string score="0">SmtpPort</string>
-    <string score="0">SmtpAccount</string>
-    <string score="0">SmtpPassword</string>
-    <string score="0">WininetCacheCredentials</string>
-    <string score="0">PasswordType</string>
-    <string score="0">OutpostMonitor</string>
-
-    <string score="1">DisableAllPrivileges</string>
-    <string score="1">SetPrivilege</string>
-    <string score="0">telnet</string>
-    <string score="0">Download.Complete</string>
-    <string score="0">Download.Cancelled</string>
-    <string score="0">Download.Failed</string>
-    <string score="0">onLoadInit</string>
-    <string score="0">onLoadProgress</string>
-    <string score="0">onLoadError</string>
-    <string score="0">onLoadComplete</string>
-    <string score="0">onLoadStart</string>
-    <string score="0">onScroller</string>
-    <string score="0">onChanged</string>
-    <string score="0">onConstruct</string>
-    <string score="0">onDragOut</string>
-    <string score="0">onDragOver</string>
-    <string score="0">onRollOut</string>
-    <string score="0">onRollOver</string>
-    <string score="0">onReleaseOutside</string>
-    <string score="0">onRelease</string>
-    <string score="0">onPress</string>
-    <string score="0">onInitialize</string>
-    <string score="0">onKeyUp</string>
-    <string score="0">onKeyDownv</string>
-    <string score="0">onMouseUp</string>
-    <string score="0">onMouseDown</string>
-    <string score="0">onMouseMove</string>
-    <string score="0">onUnload</string>
-    <string score="0">onEnterFrame</string>
-    <string score="0">location.href</string>
-    <string score="0">xmlns:xlink</string>
-
-    <string score="0">SMTP Password</string>
-    <string score="0">HTTPMail Password</string>
-    <string score="0">NNTP Password</string>
-    <string score="0">IMAP Password</string>
-    <string score="0">POP3 Password</string>
-    <string score="0">NNTP Password</string>
-    <string score="0">IMAP Password</string>
-    <string score="0">POP3 Password</string>
-    <string score="0">IMAP Port</string>
-    <string score="0">SMTP Port</string>
-    <string score="0">POP3 Port</string>
-    <string score="0">SMTP User</string>
-    <string score="0">HTTPMail Server</string>
-    <string score="0">IMAP User</string>
-    <string score="0">POP3 User</string>
-    <string score="0">HTTP Server URL</string>
-    <string score="0">HTTP User</string>
-    <string score="0">Email</string>
-    <string score="0">IMAP User Name</string>
-    <string score="0">IMAP Server</string>
-    <string score="0">NNTP Server</string>
-    <string score="0">NNTP User Name</string>
-    <string score="0">NNTP Email Address</string>
-    <string score="0">SMTP User Name</string>
-    <string score="0">SMTP Server</string>
-    <string score="0">SMTP Email Address</string>
-
-    <string score="0">Adobe ImageReadyq</string>
-    <string score="0">ClearBrowsingHistoryOnExit</string>
-    <string score="0">GetMACAddress</string>
-    <string score="0">GetProcessesByName</string>
-    <string score="0">WebRequest</string>
-    <string score="0">WebResponse</string>
-    <string score="0">GetResponse</string>
-    <string score="0">GetVolumeSerial</string>
-    <string score="0">ENCRYPtSTRING</string>
-    <string score="0">ENCRYPTBYTe</string>
-    <string score="0">VBRUN</string>
-    <string score="0">Blowfish</string>
-    <string score="0">CreateDecryptor</string>
-    <string score="0">MD5CryptoServiceProvider</string>
-    <string score="0">TripleDESCryptoServiceProvider</string>
-    <string score="0">PaddingMode</string>
-    <string score="0">iexplorer</string>
-    <string score="0">Shell_TrayWnd</string>
-    <string score="0">ExecuteCommand</string>
-    <string score="0">RunPE</string>
-    <string score="0">CCleaner</string>
-    <string score="0">Binder</string>
-    <string score="0">SpyTheSpy</string>
-    <string score="0">TCPEye</string>
-    <string score="0">SpeedGear</string>
-    <string score="0">taskmgr</string>
-    <string score="0">IPBlocker</string>
-    <string score="0">CCleaner</string>
-    <string score="0">procexp</string>
-    <string score="0">Windows Update</string>
-    <string score="0">Payment ok</string>
-    <string score="0">Payment Received. Proceed to decryption.</string>
-    <string score="0">Waiting Payment</string>
-    <string score="0">Waiting TOR Connection</string>
-    <string score="0">TorLocker</string>
-    <string score="0">proxyPort = 58010</string>
-    <string score="0">socksParentProxy = 127.0.0.1:9150</string>
-    <string score="0">socksProxyType = socks5</string>
-    <string score="0">TorLocker_v0.9.3</string>
-    <string score="0">Wallpaper</string>
-    <string score="0">kippohome</string>
-    <string score="0">huffman</string>
-    <string score="0">DecodeHuffman</string>
-    <string score="0">Decode</string>
-    <string score="0">Inflate</string>
-    <string score="0">Unzip</string>
-    <string score="0">ZipAndEncrypt</string>
-    <string score="0">ZipAndAES</string>
-    <string score="0">LoadFile</string>
-    <string score="0">SafenSoft</string>
-    <string score="0">SysWatch</string>
-    <string score="0">McAfee</string>
-    <string score="0">Security Center</string>
-    <string score="0">Symantec</string>
-    <string score="0">Protection</string>
-    <string score="0">Norton</string>
-    <string score="0">Host OS</string>
-
-    <string score="0">ReadPort</string>
-    <string score="0">WritePort</string>
-    <string score="0">cookie_module</string>
-    <string score="0">Proxy-Connection</string>
-    <string score="0">CompressAndSend</string>
-    <string score="0">EncryptFile</string>
-    <string score="0">RunAsShellUser</string>
-    <string score="0">SVNCStartServer</string>
-    <string score="0">Terminal Server</string>
-    <string score="0">Enterprise</string>
-    <string score="0">LanmanNT</string>
-    <string score="0">CONNECTED</string>
-    <string score="0">SENDME</string>
-    <string score="0">EXTEND</string>
-    <string score="0">EXTENDED</string>
-    <string score="0">TRUNCATE</string>
-    <string score="0">TRUNCATED</string>
-    <string score="0">RESOLVE</string>
-    <string score="0">RESOLVED</string>
-    <string score="0">BEGIN_DIR</string>
-    <string score="0">ESTABLISH_INTRO</string>
-    <string score="0">ESTABLISH_RENDEZVOUS</string>
-    <string score="0">INTRODUCE1</string>
-    <string score="0">INTRODUCE2</string>
-    <string score="0">RENDEZVOUS1</string>
-    <string score="0">RENDEZVOUS2</string>
-    <string score="0">INTRO_ESTABLISHED</string>
-    <string score="0">RENDEZVOUS_ESTABLISHED</string>
-    <string score="0">INTRODUCE_ACK</string>
-    <string score="0">.onion/</string>
-    <string score="0">TMemoryScanner</string>
-    <string score="0">Symantec Shared</string>
-    <string score="0">CWSandbox</string>
-    <string score="0">AVAST Software</string>
-    <string score="0">Registry optimiser</string>
-    <string score="0">Optimizing the registry...</string>
-    <string score="0">Virtual HD</string>
-    <string score="0">db2admin</string>
-    <string score="0">changeme</string>
-    <string score="0">MsComCtl.ocx</string>
-    <string score="0">HotTracking</string>
-    <string score="0">OpenProcessToken fail</string>
-    <string score="0">AdjustTokenPrivileges fail</string>
-    <string score="0">formgrabber</string>
-    <string score="0">redirects</string>
-    <string score="0">httpinjects</string>
-    <string score="0">Transfer-Encoding</string>
-    <string score="0">NtShutdownSystem</string>
-    <string score="0">coin-miner</string>
-    <string score="0">regwrite</string>
-    <string score="0">urlmon</string>
-    <string score="0">Internet Explorer</string>
-    <string score="0">inhibitPolicyMapping</string>
-    <string score="0">Bad time value</string>
-    <string score="0">pubkey.bin</string>
-    <string score="0">openssl</string>
-    <string score="0">relativename</string>
-    <string score="0">Polynomial</string>
-    <string score="0">cryptedcount.txt</string>
-    <string score="0">explicitText</string>
-    <string score="0">ASN1</string>
-    <string score="0">requireExplicitPolicy</string>
-    <string score="0">LanmanWorkstation</string>
-    <string score="0">LanmanServer</string>
-    <string score="0">Salt Length</string>
-    <string score="0">Seed</string>
-    <string score="0">Prime</string>
-    <string score="0">config.nt</string>
-    <string score="0">autoexec.nt</string>
-    <string score="0">protocol testing</string>
-    <string score="0">experience Destroy</string>
-    <string score="0">Dispatch</string>
-    <string score="0">winsock</string>
-    <string score="0">connection failed</string>
-    <string score="0">open internet failed</string>
-    <string score="0">payload</string>
-    <string score="0">Wscript.Shell</string>
-    <string score="0">Shell.Application</string>
-    <string score="0">createobject</string>
-    <string score="0">Extracting</string>
-    <string score="0">UltraVnc</string>
-    <string score="0">UltraVncSC</string>
-    <string score="0">RunProgram</string>
-    <string score="0">Fast decoding</string>
-    <string score="0">Gina</string>
-    <string score="0">cgets</string>
-    <string score="0">NetworkService\Cookies\</string>
-    <string score="0">Scheduler</string>
-    <string score="0">Local Settings\History\History.IE5</string>
-    <string score="0">leave the progress due to 10 attempts</string>
-    <string score="0">unrarw32</string>
-    <string score="0">server</string>
-    <string score="0">verifyinginstaller</string>
-    <string score="0">CONNECT</string>
-    <string score="0">AppData</string>
-    <string score="0">admin</string>
-    <string score="0">Microsoft.VisualBasic</string>
-    <string score="0">Protocol not supported</string>
-    <string score="0">referer</string>
-    <string score="0">partner_online_url</string>
-    <string score="0">partner_new_url</string>
-    <string score="0">exe.agent.mail</string>
-    <string score="0">mail.ru</string>
-    <string score="0">password</string>
-    <string score="0">Launcher</string>
-    <string score="0">remote</string>
-    <string score="0">inject</string>
-    <string score="0">hook</string>
-    <string score="0">crack</string>
-    <string score="0">script</string>
-    <string score="0">browse</string>
-    <string score="0">Event</string>
-    <string score="0">Privilege</string>
-    <string score="0">Reboot</string>
-    <string score="0">CabinetFile</string>
-    <string score="0">cabfile</string>
-    <string score="0">extract</string>
-    <string score="0">VB Runtime Installation</string>
-    <string score="0">Command.com</string>
-    <string score="0">Resume</string>
-    <string score="0">Pause</string>
-    <string score="0">Socket</string>
-    <string score="0">GetCode</string>
-    <string score="0">Console</string>
-    <string score="0">LZStart</string>
-    <string score="0">shell</string>
-    <string score="0">alert</string>
-    <string score="0">reverse</string>
-    <string score="0">swap</string>
-    <string score="0">logon</string>
-    <string score="0">logoff</string>
-    <string score="0">HookProc</string>
-    <string score="0">attempt</string>
-    <string score="0">users</string>
-    <string score="0">load</string>
-    <string score="0">query</string>
-    <string score="0">scan</string>
-    <string score="0">module</string>
-    <string score="0">drop</string>
-    <string score="0">loop</string>
-    <string score="0">Download</string>
-    <string score="0">Upload</string>
-    <string score="0">CONNECT</string>
-    <string score="0">pipe</string>
-    <string score="0">Transaction</string>
-    <string score="0">Created by</string>
-    <string score="0">WinDir</string>
-    <string score="0">exec error</string>
-    <string score="0">application/x-www-form-urlencoded</string>
-    <string score="0">LordPE</string>
-    <string score="0">deflate</string>
-    <string score="0">60794-12b3-e4169440</string>
-    <string score="0">Keep-Alive</string>
-    <string score="0">Referer</string>
-    <string score="0">WinSta0</string>
-    <string score="0">Update</string>
-    <string score="0">Forbidden</string>
-    <string score="0">Accepted</string>
-    <string score="0">sessionid</string>
-
-    <string score="0">sharedaccess</string>
-    <string score="0">localgroup</string>
-    <string score="0">administrators</string>
-    <string score="0">Administrator</string>
-    <string score="0">guest</string>
-    <string score="0">RDP-Tcp</string>
-    <string score="0">UnknownProcess</string>
-    <string score="0">%d Day %d Hour %d Min</string>
-    <string score="0">termsrv_t</string>
-    <string score="0">Winlogon</string>
-    <string score="0">nsocket</string>
-    <string score="0">compression</string>
-    <string score="0">userprofile</string>
-    <string score="0">webkit</string>
-    <string score="0">command</string>
-    <string score="0">tracing</string>
-    <string score="0">sandbox</string>
-    <string score="0">keystroke</string>
-    <string score="0">scanning</string>
-    <string score="0">Callback</string>
-    <string score="0">torrent</string>
-    <string score="0">Outsanding</string>
-    <string score="0">localhost</string>
-    <string score="0">proxy</string>
-    <string score="0">downspeed</string>
-    <string score="0">webseeds</string>
-    <string score="0">POST</string>
-    <string score="0">fingerprint</string>
-    <string score="0">DNA_Proxy</string>
-    <string score="0">min_http_connections</string>
-    <string score="0">Unauthorized</string>
-    <string score="0">TOKEN</string>
-    <string score="0">multicast</string>
-    <string score="0">payload</string>
-    <string score="0">UPnP</string>
-    <string score="0">channel</string>
-    <string score="0">tracker</string>
-    <string score="0">NAT</string>
-    <string score="0">DHCP</string>
-    <string score="0">Host</string>
-    <string score="0">keyhash</string>
-    <string score="0">packet</string>
-    <string score="0">watchdog</string>
-    <string score="0">shared</string>
-    <string score="0">are you debugging me</string>
-    <string score="0">HHA Version 4.74.8702</string>
-
-    <string score="0">ThisprogrammustberununderWin32</string>
-    <string score="0">Exefiles</string>
-    <string score="0">Scanning</string>
-    <string score="0">StdOut</string>
-    <string score="0">Codecs</string>
-    <string score="0">ProgramFilesDir</string>
-    <string score="0">Install</string>
-    <string score="0">\Temp</string>
-    <string score="0">SHFOLDER</string>
-    <string score="0">NullsoftInst</string>
-    <string score="0">WinRAR SFX</string>
-    <string score="0">287333.dat</string>
-    <string score="0">\\cryptme\\</string>
-    <string score="0">run.vbs</string>
-    <string score="0">{0000054f-0000-0010-8000-00aa006d2ea4}</string>
-    <string score="0">Expires</string>
-    <string score="0">User-Agent</string>
-    <string score="0">Cookie</string>
-    <string score="0">Windows Update Service</string>
-    <string score="0">serialNumber</string>
-    <string score="0">userPassword</string>
-    <string score="0">public_key</string>
-    <string score="0">serial</string>
-    <string score="0">Private-Key</string>
-    <string score="0">Seed:</string>
-    <string score="0">encryption</string>
-    <string score="0">PECompact2</string>
-    <string score="0">logFile</string>
-    <string score="0">application/pdf</string>
-    <string score="0">Run as a daemon</string>
-    <string score="0">http.c</string>
-    <string score="0">client.c</string>
-    <string score="0">127.0.0.1</string>
-    <string score="0">serverTimeout</string>
-    <string score="0">Server closed connection</string>
-    <string score="0">nameserver</string>
-    <string score="0">COMSPEC</string>
-    <string score="0">OLLYDBG</string>
-    <string score="0">WinDbgFrameClass</string>
-    <string score="0">BankID</string>
-    <string score="0">Mscomctl32.ocx</string>
-    <string score="0">WebBrowser</string>
-    <string score="0">9368265E-85FE-11d1-8BE3-0000F8754DA1</string>
-    <string score="0">Scripting.FileSystemObject</string>
-    <string score="0">KerNel32.dll</string>
-    <string score="0">downloader</string>
-    <string score="0">browser</string>
-    <string score="0">RemoveRange</string>
-    <string score="0">AuthenticationMode</string>
-    <string score="0">Downloader</string>
-    <string score="0">ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/</string>
-    <string score="0">FPC 2.7.1 [2013/10/22] for i386 - Win32</string>
-    <string score="0">pipedatacontinue</string>
-    <string score="0">Shell</string>
-    <string score="0">IE 8.5</string>
-    <string score="0">whoami</string>
-    <string score="0">pidrun</string>
-    <string score="0">geturl</string>
-    <string score="0">Destroy</string>
-    <string score="0">likubes</string>
-    <string score="0">file not found</string>
-    <string score="0">_RTL_CRITICAL_SECTION_DEBUG</string>
-    <string score="0">_RTL_CRITICAL_SECTION</string>
-    <string score="0">_SECURITY_ATTRIBUTES</string>
-    <string score="0">lpSecurityDescriptor</string>
-    <string score="0">SysUtils</string>
-    <string score="0">ActiveX</string>
-    <string score="0">Sitikat</string>
-    <string score="0">ping</string>
-    <string score="0">pkxm</string>
-    <string score="0">Reply from</string>
-    <string score="0">DCOM not installed</string>
-    <string score="0">PROXY_TYPE_DIRECT</string>
-    <string score="0">PROXY_TYPE_AUTO_DETECT</string>
-    <string score="0">downfile</string>
-    <string score="0">upfile</string>
-    <string score="0">quitz</string>
-    <string score="0">debugmessage</string>
-    <string score="0">debugclient</string>
-    <string score="0">debugfile</string>
-    <string score="0">delfile</string>
-    <string score="0">delmessage</string>
-    <string score="0">delclient</string>
-    <string score="0">listfiles</string>
-    <string score="0">listmessages</string>
-    <string score="0">listclients</string>
-    <string score="0">WinSta0\Default</string>
-    <string score="0">POST</string>
-    <string score="0">CONNECT</string>
-    <string score="0">NetSubKey</string>
-    <string score="0">FileDescrsiption</string>
-    <string score="0">state.ini</string>
-    <string score="0">sha256</string>
-    <string score="0">AckPacket</string>
-    <string score="0">Connection</string>
-    <string score="0">autoRunKeyPath</string>
-    <string score="0">SIGNATURE</string>
-    <string score="0">messageId</string>
-    <string score="0">HeartBeat</string>
-    <string score="0">Request</string>
-    <string score="0">Unload</string>
-    <string score="0">RequestLoop</string>
-    <string score="0">HeartBeatLoop</string>
-    <string score="0">TcpClient</string>
-    <string score="0">Connect</string>
-    <string score="0">Login</string>
-    <string score="0">CurrentUser</string>
-    <string score="0">CreateDomain</string>
-    <string score="0">ComputeHash</string>
-    <string score="0">cookies.*</string>
-    <string score="0">Tfrmrpcap</string>
-    <string score="0">ProcessLasso_Notification_Class</string>
-    <string score="0">TSystemExplorerTrayForm.UnicodeClass</string>
-    <string score="0">PROCMON_WINDOW_CLASS</string>
-    <string score="0">PROCEXPL</string>
-    <string score="0">WdcWindow</string>
-    <string score="0">ProcessHacker</string>
-    <string score="0">Dumper</string>
-    <string score="0">Dumper64</string>
-    <string score="0">APISpy32Class</string>
-    <string score="0">Zone.Identifier</string>
-    <string score="0">:Zone.Identifier</string>
-    <string score="0">Explorer.exe:Zone.Identifier</string>
-    <string score="0">Java Update Manager</string>
-    <string score="0">runas</string>
-    <string score="0">sysprep</string>
-    <string score="0">TokenPrivilege</string>
-    <string score="0">Shutdown</string>
-    <string score="0">WebKit2WebProcess</string>
-    <string score="0">Sleeping</string>
-    <string score="0">Rijndael</string>
-    <string score="0">SystemBiosVersion</string>
-    <string score="0">VideoBiosVersion</string>
-    <string score="0">UDPV6</string>
-    <string score="0">TCPV6</string>
-    <string score="0"> deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly</string>
-    <string score="0"> deflate 1.1.4 Copyright 1995-2002 Jean-loup Gailly</string>
-    <string score="0"> inflate 1.2.3 Copyright 1995-2005 Mark Adler </string>
-    <string score="0"> inflate 1.1.4 Copyright 1995-2002 Mark Adler </string>
-    <string score="0">RegisterRawInputDevices</string>
-    <string score="0">GetRawInputData</string>
-    <string score="0">sqlite3_open</string>
-    <string score="0">sqlite3_close</string>
-    <string score="0">sqlite3_prepare_v2</string>
-    <string score="0">sqlite3_step</string>
-    <string score="0">sqlite3_column_text</string>
-    <string score="0">Hibernating</string>
-    <string score="0">downtime-started</string>
-    <string score="0">uptime-started</string>
-    <string score="0">Intel Hardware Cryptographic Service Provider</string>
-    <string score="0">lpAddress</string>
-    <string score="0">BeginInvoke</string>
-    <string score="0">EndInvoke</string>
-    <string score="0">StatusChecker</string>
-    <string score="0">Encoding</string>
-    <string score="0">stand by</string>
-    <string score="0">startime</string>
-    <string score="0">throttle</string>
-    <string score="0">Mandatory Level</string>
-    <string score="0">_invoke_watson</string>
-    <string score="0">remove</string>
-    <string score="0">debug</string>
-    <string score="0">hostname</string>
-    <string score="0">clientkey</string>
-    <string score="0">reqfilepath</string>
-    <string score="0">reqfile</string>
-    <string score="0">postvalue</string>
-    <string score="0">postfile</string>
-    <string score="0">postdata</string>
-    <string score="0">mkdir</string>
-    <string score="0">rmdir</string>
-    <string score="0">chdir</string>
-    <string score="0">rpcsrv</string>
-    <string score="0">svchost</string>
-    <string score="0">Deleting Service...</string>
-    <string score="0">Service uninstall success.</string>
-    <string score="0">CompareString</string>
-    <string score="0">Engine started</string>
-    <string score="0">Running in background</string>
-    <string score="0">Stale thread</string>
-    <string score="0">Locking doors</string>
-    <string score="0">Rotors engaged</string>
-    <string score="0">\DosDevices\DKOM_Driver</string>
-    <string score="0">\Device\DKOM_Driver</string>
-    <string score="0">Process successfully hidden.</string>
-    <string score="0">Process ID: %d</string>
-    <string score="0">EPROCESS address: %#x</string>
-    <string score="0">ActiveProcessLinks offset: %#x</string>
-    <string score="0">Extracting %s</string>
-    <string score="0">Couponserver</string>
-    <string score="0">xmlUrl</string>
-    <string score="0">LoadXml</string>
-    <string score="0">LocalMachine</string>
-    <string score="0">DownloadAll</string>
-    <string score="0">DownloadComplete</string>
-    <string score="0">DownloadFile</string>
-    <string score="0">DownloadFileAsync</string>
-    <string score="0">DownloadServer</string>
-    <string score="0">DownloadThreads</string>
-    <string score="0">DownloadUrl</string>
-    <string score="0">Downloaded</string>
-    <string score="0">DownloadedBrowser</string>
-    <string score="0">Downloading...</string>
-    <string score="0">CorruptedMachine</string>
-    <string score="0">HtmlGenerator</string>
-    <string score="0">MachineInfo</string>
-    <string score="0">MachineRestriction</string>
-    <string score="0">RegSAM</string>
-    <string score="0">MemoryManagement</string>
-    <string score="0">Trackingurls</string>
-    <string score="0">DownloadUrl</string>
-    <string score="0">QueueDownloader</string>
-    <string score="0">ZipManager</string>
-    <string score="0">ZipStorer</string>
-    <string score="0">Firefox</string>
-    <string score="0">Chrome</string>
-    <string score="0">InternetExplorer</string>
-    <string score="0">GetIEVersion</string>
-    <string score="0">GetWBVersion</string>
-    <string score="0">webBrowser1</string>
-    <string score="0">changeHtmlCode</string>
-    <string score="0">retries</string>
-    <string score="0">completed</string>
-    <string score="0">addextension</string>
-    <string score="0">DownloadComplete</string>
-    <string score="0">add_DownloadComplete</string>
-    <string score="0">remove_DownloadComplete</string>
-    <string score="0">DownloadThreads</string>
-    <string score="0">Arquitecture</string>
-    <string score="0">internetTurbo</string>
-    <string score="0">strongvault</string>
-    <string score="0">amonetize</string>
-    <string score="0">Couponserver</string>
-    <string score="0">ShoppingChip</string>
-    <string score="0">UsedBrowser</string>
-    <string score="0">AndroidAPK</string>
-    <string score="0">IexplorerMinVersion</string>
-    <string score="0">checkMachineInfo</string>
-    <string score="0">checkCouponserver</string>
-    <string score="0">checkInternet</string>
-    <string score="0">hideWhenInstalling</string>
-    <string score="0">WebmasterId</string>
-    <string score="0">firewalls</string>
-    <string score="0">IsControlled</string>
-    <string score="0">Microsoft Network Monitoring Service</string>
-    <string score="0">Host Process for Windows Services</string>
-    <string score="0">MsNetMonitor</string>
-    <string score="0">HideWindow</string>
-    <string score="0">Windows Filter Driver</string>
-    <string score="0">firewall</string>
-    <string score="0">IsUserAdministrator</string>
-    <string score="0">CreateSubKey</string>
-    <string score="0">NotifyDownloading</string>
-    <string score="0">isvirtualMachine</string>
-    <string score="0">isdebugging</string>
-    <string score="0">HasDebugger</string>
-    <string score="0">debugging</string>
-    <string score="0">checkurls</string>
-    <string score="0">ListSoftwares</string>
-    <string score="0">CheckAdminPrivileges</string>
-    <string score="0">TrackOnDefaultBrowser</string>
-    <string score="0">GetDomain</string>
-    <string score="0">checkdomain</string>
-    <string score="0">bytesDownloaded</string>
-    <string score="0">logger</string>
-    <string score="0">This plugin is already loaded.</string>
-    <string score="0">The plugin you are trying to load does not exist</string>
-    <string score="0">Hook cleaning on</string>
-    <string score="0">PiD obfuscation on</string>
-    <string score="0">Code injection successful!</string>
-    <string score="0">Code injection failed!</string>
-    <string score="0">Injecting code ...</string>
-    <string score="0">Code Injection</string>
-    <string score="0">Creating a remote thread ...</string>
-    <string score="0">Keylogging disabled.</string>
-    <string score="0">failed to get memory</string>
-    <string score="0">#requireadmin</string>
-    <string score="0">#notrayicon</string>
-    <string score="0">#include-once</string>
-    <string score="0">D:\RECYCLER\</string>
-    <string score="0">Windows Registry Editor Version 5.00</string>
-    <string score="0">DisallowRun</string>
-    <string score="0">NoDriveTypeAutoRun</string>
-    <string score="0">HideFileExt</string>
-    <string score="0">Hidden</string>
-    <string score="0">Application cannot be run with debugger or monitoring tool(s) loaded!</string>
-    <string score="0">Logon User Name</string>
-    <string score="0">NoFolderOptions</string>
-
-    <string score="0">Starting Hide myself ...</string>
-    <string score="0">Starting Killing myself ...</string>
-    <string score="0">newKeyPair</string>
-    <string score="0">privateKey</string>
-    <string score="0">publicKey</string>
-    <string score="0">cypherText</string>
-    <string score="0">LZO real-time data compression library.</string>
-
-    <string score="0">Access denied!</string>
-    <string score="0">Total entries: %d</string>
-    <string score="0">Entries enumerated: %d</string>
-    <string score="0">Upload file ok!</string>
-    <string score="0">create remote file error!</string>
-    <string score="0">Download file ok!</string>
-    <string score="0">Reading remote file error!</string>
-    <string score="0">create pipe error!</string>
-    <string score="0">start cmd error!</string>
-    <string score="0">Logon user err!</string>
-    <string score="0">execute error!</string>
-    <string score="0">bind cmd frist!</string>
-    <string score="0">get user name error!</string>
-    <string score="0">cant get ver info!</string>
-    <string score="0">Windows?</string>
-    <string score="0">Remote</string>
-    <string score="0">Ramdisk</string>
-    <string score="0">Client process-%d-stoped!</string>
-    <string score="0">Create localfile error!</string>
-    <string score="0">DownloadEnd</string>
-    <string score="0">List domain server ok!#</string>
-    <string score="0">fileupload</string>
-    <string score="0">cruisenet</string>
-    <string score="0">javascript:</string>
-
-    <string score="0">All the important files on your computer were encrypted.</string>
-    <string score="0">All the important files on your disks were encrypted.</string>
-
-    <string score="0">Schedule service command line interface</string>
-    <string score="0">already running</string>
-    <string score="0">Botnet has been shutdown - restart bot?</string>
-    <string score="0">Botnet shutdown</string>
-    <string score="0">QUIT :Botnet shutdown</string>
-    <string score="0">PRIVMSG %s :bingo - botnet shutting down</string>
-    <string score="0">Anti-debug</string>
-    <string score="0">.detour</string>
-    <string score="0">Detoured</string>
-    <string score="0">Client hook allocation failure.</string>
-    <string score="0">silentpostback</string>
-    <string score="0">AlreadyRunning</string>
-    <string score="0">StubInfo</string>
-    <string score="0">wrapper</string>
-    <string score="0">keeplog</string>
-    <string score="0">pingdialog</string>
-    <string score="0">runonce</string>
-    <string score="0">noreq</string>
-    <string score="0">verifycookies</string>
-    <string score="0">account</string>
-    <string score="0">accountid</string>
-    <string score="0">selftest</string>
-    <string score="0">silenterr</string>
-    <string score="0">preload</string>
-    <string score="0">PostbackSent</string>
-    <string score="0">StubRun</string>
-    <string score="0">StubExtract</string>
-    <string score="0">WaitablePort</string>
-    <string score="0">Waiting</string>
-    <string score="0">Waiting Connections</string>
-    <string score="0">ServiceMain</string>
-    <string score="0">ServTestDos</string>
-    <string score="0">VBoxGuest</string>
-    <string score="0">Betabot</string>
-    <string score="0">HGFS</string>
-    <string score="0">Hashtable</string>
-    <string score="0">GetResourceString</string>
-    <string score="0">Monitor</string>
-    <string score="0">www.memtest86.com</string>
-    <string score="0">boxedapp.com</string>
-    <string score="0">RegServer</string>
-    <string score="0">Send ack is successful.</string>
-    <string score="0">Get the right data.</string>
-    <string score="0">Receiving acknowledgment is successful.</string>
-    <string score="0">Receiving packet failed.</string>
-    <string score="0">Sending packet success...</string>
-    <string score="0">Cant get the right data</string>
-    <string score="0">Initialization is successful.</string>
-    <string score="0">Initialization is failed.</string>
-    <string score="0">tempPass.txt</string>
-    <string score="0">POP3 Password2</string>
-    <string score="0">POP3 Server</string>
-    <string score="0">POP3 User Name</string>
-    <string score="0">HTTPMail Password2</string>
-    <string score="0">HTTPMail User Name</string>
-    <string score="0"> 2004 2005 Pierre le Riche / Professional Software Development</string>
-    <string score="0">Broadcast adress :</string>
-    <string score="0">Broadcasts : NO</string>
-    <string score="0">Broadcasts : YES</string>
-    <string score="0">SHELLEXECUTE</string>
-    <string score="0">SHELLEXECUTEWAIT</string>
-    <string score="0">#BOT#CloseServer</string>
-    <string score="0">#BOT#OpenUrl</string>
-    <string score="0">#BOT#Ping</string>
-    <string score="0">#BOT#RunPrompt</string>
-    <string score="0">#BOT#SvrUninstall</string>
-    <string score="0">#BOT#URLDownload</string>
-    <string score="0">#BOT#URLUpdate</string>
-    <string score="0">#BOT#VisitUrl</string>
-    <string score="0">#CAMEND</string>
-    <string score="0">#FreezeIO</string>
-    <string score="0">#GetClipboardText</string>
-    <string score="0">#GetScreenSize</string>
-    <string score="0">#KCMDDC51#-</string>
-    <string score="0">#KEEPALIVE#</string>
-    <string score="0">#RemoteScreenSize</string>
-    <string score="0">#SendClip</string>
-    <string score="0">#SendTaskMgr</string>
-    <string score="0">#UnFreezeIO</string>
-    <string score="0">%IPPORTSCAN</string>
-    <string score="0">ActiveOfflineKeylogger</string>
-    <string score="0">ActiveOnlineKeyStrokes</string>
-    <string score="0">ActiveOnlineKeylogger</string>
-    <string score="0">AntiVirusDisableNotify</string>
-    <string score="0">BTMemoryLoadLibary: Cant attach library</string>
-    <string score="0">Be Right Back</string>
-    <string score="0">DownloadFail</string>
-    <string score="0">DownloadSuccess</string>
-    <string score="0">Progman</string>
-    <string score="0">Sender</string>
-    <string score="0">UPLOADEXEC</string>
-    <string score="0">UPLOADFILE</string>
-    <string score="0">UnActiveOfflineKeylogger</string>
-    <string score="0">UnActiveOnlineKeyStrokes</string>
-    <string score="0">UnBlockContact</string>
-    <string score="0">Video Capture</string>
-    <string score="0">WEBCAMLIVE</string>
-    <string score="0">WEBCAMSTOP</string>
-    <string score="0">drivers\etc\hosts</string>
-    <string score="0">unknown compression method</string>
-    <string score="0">wscsvc</string>
-    <string score="0">httpstop</string>
-    <string score="0">logstop</string>
-    <string score="0">ftfpstop</string>
-    <string score="0">procsstop</string>
-    <string score="0">securestop</string>
-    <string score="0">reconnect</string>
-    <string score="0">disconnect</string>
-    <string score="0">botid</string>
-    <string score="0">aliases</string>
-    <string score="0">flusharp</string>
-    <string score="0">flushdns</string>
-    <string score="0">crash</string>
-    <string score="0">killthreads</string>
-    <string score="0">killproc</string>
-    <string score="0">killid</string>
-    <string score="0">.download</string>
-    <string score="0">.update</string>
-    <string score="0">Kennwort</string>
-    <string score="0">Object dump complete.</string>
-    <string score="0">PAYPAL</string>
-    <string score="0">PAYPAL.COM</string>
-    <string score="0">Ping flood</string>
-    <string score="0">ROOTED</string>
-    <string score="0">Rebooting system</string>
-    <string score="0">Reconnecting</string>
-    <string score="0">Referer: %s</string>
-    <string score="0">Remote Command Prompt</string>
-    <string score="0">Removing Bot</string>
-    <string score="0">[DDoS]</string>
-    <string score="0">[KEYLOG]: %s</string>
-    <string score="0">[PSNIFF]</string>
-    <string score="0">[PING]</string>
-    <string score="0">[TFTP]</string>
-    <string score="0">[UPD]</string>
-    <string score="0">Download complete</string>
-    <string score="0">ALIEN-Z</string>
-    <string score="0">\Google\Chrome\User Data</string>
-    <string score="0">VncSrvWndProc</string>
-    <string score="0">VncStopServer</string>
-    <string score="0">VncStartServer</string>
-    <string score="0">VNCCreateServer</string>
-    <string score="0">VNCServerThread</string>
-    <string score="0">VNCStartServer</string>
-    <string score="0">FPUMaskValue</string>
-    <string score="0">PhysicalDrive0</string>
-    <string score="0">Protection Error</string>
-    <string score="0">LOADER ERROR</string>
-    <string score="0">The procedure entry point</string>
-    <string score="0">Invalid DOS signature</string>
-    <string score="0">Invalid COFF signature</string>
-    <string score="0">Invalid Windows Image</string>
-    <string score="0">Host is down.</string>
-    <string score="0">No route to host.</string>
-    <string score="0">CoMessengerU</string>
-    <string score="0">debugger</string>
-    <string score="0">sample</string>
-    <string score="0">virtual</string>
-    <string score="0">emulat</string>
-    <string score="0">GetProcesses</string>
-    <string score="0">MemoryStream</string>
-    <string score="0">GZipStream</string>
-    <string score="0">MulticastDelegate</string>
-    <string score="0">IAT processed</string>
-    <string score="0">putfile:</string>
-    <string score="0">getfile:</string>
-    <string score="0">Connecting</string>
-    <string score="0">Downloading</string>
-    <string score="0">Connecting</string>
-    <string score="0">Reconnect Pause</string>
-    <string score="0">Terminated</string>
-    <string score="0">Transfer Error</string>
-    <string score="0">Connection Error</string>
-    <string score="0">OpenRequest Error</string>
-    <string score="0">SendRequest Error</string>
-    <string score="0">URL Parts Error</string>
-    <string score="0">CreateThread Error</string>
-    <string score="0">Request Error</string>
-    <string score="0">Server Error</string>
-    <string score="0">Redirection</string>
-    <string score="0">TypeLib</string>
-    <string score="0">Interface</string>
-    <string score="0">FileType</string>
-    <string score="0">Component Categories</string>
-    <string score="0">CLSID</string>
-    <string score="0">AppID</string>
-    <string score="0">Delete</string>
-    <string score="0">NoRemove</string>
-    <string score="0">ForceRemove</string>
-    <string score="0">Keylogger</string>
-    <string score="0">crypter</string>
-    <string score="0">vbox</string>
-    <string score="0">NetKeyLogger</string>
-    <string score="0">TARGET</string>
-    <string score="0">pipeline</string>
-    <string score="0">miner</string>
-    <string score="0">Execute ERROR</string>
-    <string score="0">Download ERROR</string>
-    <string score="0">Executed As</string>
-    <string score="0">Execute ERROR</string>
-    <string score="0">Update ERROR</string>
-    <string score="0">Updating To</string>
-    <string score="0">Update ERROR</string>
-    <string score="0">ASPNET</string>
-    <string score="0">IUSR_</string>
-    <string score="0">IWAM_</string>
-    <string score="0">ASPNET</string>
-    <string score="0">POP3</string>
-    <string score="0">Admins</string>
-    <string score="0">webBrowser2</string>
-    <string score="0">IEFrame</string>
-    <string score="0">\\.\pipe\</string>
-    <string score="0">permission denied</string>
-    <string score="0">permission_denied</string>
-    <string score="0">connection_already_in_progress</string>
-    <string score="0">connection_aborted</string>
-    <string score="0">connection_refused</string>
-    <string score="0">host_unreachable</string>
-    <string score="0">already_connected</string>
-    <string score="0">network_down</string>
-    <string score="0">network_reset</string>
-    <string score="0">network_unreachable</string>
-    <string score="0">not_connected</string>
-    <string score="0">wrong_protocol_type</string>
-    <string score="0">broken pipe</string>
-    <string score="0">connection aborted</string>
-    <string score="0">connection already in progress</string>
-    <string score="0">connection refused</string>
-    <string score="0">host unreachable</string>
-    <string score="0">network down</string>
-    <string score="0">network reset</string>
-    <string score="0">network unreachable</string>
-    <string score="0">owner dead</string>
-    <string score="0">protocol error</string>
-    <string score="0">wrong protocol type</string>
-    <string score="0">EXECUTABLE</string>
-    <string score="0">master</string>
-    <string score="0">debian</string>
-    <string score="0">mysql</string>
-    <string score="0">daemon</string>
-    <string score="0">backup</string>
-    <string score="0">redhat</string>
-    <string score="0">VNC%d.%d</string>
-    <string score="0">exploitable</string>
-    <string score="0">passwd</string>
-    <string score="0">proxypasswd</string>
-    <string score="0">proxyuser</string>
-    <string score="0">Login denied</string>
-    <string score="0">Remote file not found</string>
-    <string score="0">RenameFile</string>
-    <string score="0">RunPrompt</string>
-    <string score="0">RunSelectedAsAdmin</string>
-    <string score="0">RunSelectedHidden</string>
-    <string score="0">RunSelectedShow</string>
-    <string score="0">RemoteMachineName</string>
-    <string score="0">AheadLib</string>
-    <string score="0">PlusDLL</string>
-    <string score="0">PLUSUNIT</string>
-    <string score="0">web-browser</string>
-    <string score="0">SetHook</string>
-    <string score="0">TMemoryScanner</string>
-    <string score="0">Protect</string>
-    <string score="0">PAGE_NOACCESS</string>
-    <string score="0">PAGE_READONLY</string>
-    <string score="0">PAGE_READWRITE</string>
-    <string score="0">PAGE_WRITECOPY</string>
-    <string score="0">PAGE_EXECUTE</string>
-    <string score="0">PAGE_EXECUTE_READ</string>
-    <string score="0">PAGE_EXECUTE_READWRITE</string>
-    <string score="0">PAGE_EXECUTE_WRITECOPY</string>
-    <string score="0">PAGE_GUARD</string>
-    <string score="0">PAGE_NOCACHE</string>
-    <string score="0">PAGE_WRITECOMBINE</string>
-
-    <string score="0">EXECUTE</string>
-    <string score="0">EXECUTE_READ</string>
-    <string score="0">EXECUTE_READWRITE</string>
-    <string score="0">EXECUTE_WRITECOPY</string>
-    <string score="0">NOACCESS</string>
-    <string score="0">READONLY</string>
-    <string score="0">READWRITE</string>
-    <string score="0">WRITECOPY</string>
-    <string score="0">MOVEFILE_REPLACE_EXISTING</string>
-    <string score="0">MOVEFILE_COPY_ALLOWED</string>
-    <string score="0">MOVEFILE_DELAY_UNTIL_REBOOT</string>
-    <string score="0">MOVEFILE_WRITE_THROUGH</string>
-
-    <string score="0">TokenUser</string>
-    <string score="0">TokenGroups</string>
-    <string score="0">TokenPrivileges</string>
-    <string score="0">TokenOwner</string>
-    <string score="0">TokenPrimaryGroup</string>
-    <string score="0">TokenDefaultDacl</string>
-    <string score="0">TokenSource</string>
-    <string score="0">TokenType</string>
-    <string score="0">TokenImpersonationLevel</string>
-    <string score="0">TokenStatistics</string>
-    <string score="0">TokenRestrictedSids</string>
-    <string score="0">TokenSessionId</string>
-    <string score="0">TokenGroupsAndPrivileges</string>
-    <string score="0">TokenSessionReference</string>
-    <string score="0">TokenSandBoxInert</string>
-    <string score="0">TokenAuditPolicy</string>
-    <string score="0">TokenOrigin</string>
-    <string score="0">TokenElevationType</string>
-    <string score="0">TokenLinkedToken</string>
-    <string score="0">TokenElevation</string>
-    <string score="0">TokenHasRestrictions</string>
-    <string score="0">TokenAccessInformation</string>
-    <string score="0">TokenVirtualizationAllowed</string>
-    <string score="0">TokenVirtualizationEnabled</string>
-    <string score="0">TokenIntegrityLevel</string>
-    <string score="0">TokenUIAccess</string>
-    <string score="0">TokenMandatoryPolicy</string>
-    <string score="0">TokenLogonSid</string>
-    <string score="0">TokenPrimary</string>
-    <string score="0">TokenImpersonation</string>
-    <string score="0">SecurityAnonymous</string>
-    <string score="0">SecurityIdentification</string>
-    <string score="0">SecurityImpersonation</string>
-    <string score="0">SecurityDelegation</string>
-
-    <string score="0">\\.\PhysicalDrive0</string>
-
-    <!-- VM patterns -->
-    <string score="0">windowsupdate</string>
-    <string score="0">wilderssecurity</string>
-    <string score="0">castlecops</string>
-    <string score="0">spamhaus</string>
-    <string score="0">cpsecure</string>
-    <string score="0">arcabit</string>
-    <string score="0">emsisoft</string>
-    <string score="0">sunbelt</string>
-    <string score="0">securecomputing</string>
-    <string score="0">rising</string>
-    <string score="0">prevx</string>
-    <string score="0">computerassociates</string>
-    <string score="0">networkassociates</string>
-    <string score="0">etrust</string>
-    <string score="0">rootkit</string>
-    <string score="0">spyware</string>
-
-    <string score="0">vmdebug</string>
-    <string score="0">VMware Replay Debugging Helper</string>
-    <string score="0">VMware VMCI Bus Driver</string>
-    <string score="0">vmci</string>
-    <string score="0">VMware Pointing Device</string>
-    <string score="0">vmmouse</string>
-    <string score="0">Virtual Machine Additions Mouse Integration Filter Driver</string>
-    <string score="0">msvmmouf</string>
-    <string score="0">MS Virtual SCSI Disk Device</string>
-    <string score="0">VMware Workstation v10</string>
-    <string score="0">VMwareDragDetWndClass</string>
-    <string score="0">VMwareSwitchUserControlClass</string>
-    <string score="0">VMware</string>
-    <string score="0">VMware Pointing</string>
-    <string score="0">VMware server memory</string>
-    <string score="0">VMware Replay</string>
-    <string score="0">AntiVirtualBox</string>
-    <string score="0">AntiVmWare</string>
-    <string score="0">AntiVirtualPC</string>
-    <string score="0">AntiMalwarebytes</string>
-    <string score="0">AntiOllydbg</string>
-    <string score="0">AntiWireshark</string>
-    <string score="0">antiSpyware</string>
-    <string score="0">Anti-Virus</string>
-    <string score="0">avast!</string>
-    <string score="0">AntiVir</string>
-    <string score="0">Inspection</string>
-    <string score="0">Malware</string>
-    <string score="0">Norton Personal Firewall</string>
-    <string score="0">ZoneAlarm</string>
-    <string score="0">Comodo Firewall</string>
-    <string score="0">eTrust EZ Firewall</string>
-    <string score="0">F-Secure Internet Security</string>
-    <string score="0">McAfee Personal Firewall</string>
-    <string score="0">Outpost Personal Firewall</string>
-    <string score="0">Panda Internet Seciruty Suite</string>
-    <string score="0">Panda Anti-Virus/Firewall</string>
-    <string score="0">BitDefnder/Bull Guard Antivirus</string>
-    <string score="0">Rising Firewall</string>
-    <string score="0">360Safe AntiArp</string>
-    <string score="0">Kingsoft Safe</string>
-    <string score="0">Fiddler</string>
-    <string score="0">wireshark</string>
-    <string score="0">Chromium</string>
-    <string score="80">!This is a PE executable</string>
-
-    <string score="0">NEWGRAB</string>
-    <string score="0">SCREENSHOT</string>
-    <string score="0">sURL</string>
-    <string score="0">sFileName</string>
-
-    <string score="0">AddressBook</string>
-    <string score="0">TrustedPeople</string>
-    <string score="0">TrustedPublisher</string>
-    <string score="0">RunProgram</string>
-    <string score="0">GUIMode</string>
-    <string score="0">@Install@</string>
-    <string score="0">@InstallEnd@</string>
-    <string score="0">protocol_not_supported</string>
-    <string score="0">network down</string>
-    <string score="0">network reset</string>
-    <string score="0">network unreachable</string>
-    <string score="0">network_down</string>
-    <string score="0">network_reset</string>
-    <string score="0">network_unreachable</string>
-    <string score="0">host unreachable</string>
-    <string score="0">host_unreachable</string>
-    <string score="0">PendingFileRenameOperations</string>
-    <string score="0">MyApplication.app</string>
-    <string score="0">Microsoft.Windows.MyCoolApp</string>
-    <string score="0">Application description here</string>
-    <string score="0">InstallHOOK</string>
-    <string score="0">InstallLocalHOOK</string>
-    <string score="0">UninstallHOOK</string>
-    <string score="0">ZLibEx</string>
-    <string score="0">PsAPI</string>
-    <string score="0">Xenocode Virtual Desktop</string>
-    <string score="0">start.spoon.net</string>
-    <string score="0">Spoon Virtual Machine</string>
-    <string score="0">Xenocode Virtual Appliance Runtime</string>
-    <string score="0">CPlApplet</string>
-    <string score="0">Java Security Plugin</string>
-    <string score="0">javaplugin</string>
-    <string score="0">Java Security Plugin</string>
-    <string score="0">Sun Java Security Plugin</string>
-    <string score="0">VMProtect begin</string>
-    <string score="0">VMProtect end</string>
-    <string score="0">[BeginChat]</string>
-    <string score="0">friend</string>
-    <string score="0">KernelUtil</string>
-    <string score="0">NETWORK SERVICE</string>
-    <string score="0">Cookies</string>
-    <string score="0">Administrative Tools</string>
-    <string score="0">WinFTP</string>
-    <string score="0">PortNumber</string>
-    <string score="0">CREATE_SUSPENDED</string>
-    <string score="0">VBScript.Encode</string>
-    <string score="0">JScript.Encode</string>
-    <string score="0">WScript</string>
-    <string score="0">ExeScriptPAD</string>
-    <string score="0">ExeScript</string>
-    <string score="0">silent</string>
-    <string score="0">ExeScript Host</string>
-    <string score="0">onbeforeunload</string>
-    <string score="0">onunload</string>
-    <string score="0">Godmode</string>
-    <string score="0">anonymous</string>
-    <string score="0">Connecting....</string>
-    <string score="0">DECOMPRESSOR</string>
-    <string score="0">antivirus</string>
-    <string score="0">AntivirusProduct</string>
-    <string score="0">DefaultBrowser</string>
-    <string score="0">MemoryProtection</string>
-    <string score="0">BaseScript</string>
-    <string score="0">Updater</string>
-    <string score="0">SafeStarter</string>
-    <string score="0">CreateProcessInternal</string>
-    <string score="0">IDetourHook</string>
-    <string score="0">DetourHook</string>
-
-    <string score="0">productUptoDate</string>
-    <string score="0">productState</string>
-
-    <!-- WMI-->
-    <string score="0">ScriptText</string>
-    <string score="0">ScriptingEngine</string>
-    <string score="0">ProbeScriptFint</string>
-    <string score="0">ActiveScriptEventConsumer</string>
-    <string score="0">__EventConsumer</string>
-    <string score="0">__EventFilter</string>
-    <string score="0">__FilterToConsumerBinding</string>
-    <string score="0">__TimerInstruction</string>
-    <string score="0">root/cimv2</string>
-    <string score="0">WbemScripting.SWbemLocator</string>
-    <string score="0">ROOT\CIMV2</string>
-    <string score="0">SELECT * from Win32_BaseBoard</string>
-    <string score="0">Manufacturer</string>
-    <string score="0">Model</string>
-    <string score="0">SerialNumber</string>
-    <string score="0">ChassisTypes</string>
-    <string score="0">SMBIOSAssetTag</string>
-
-    <!-- SQL -->
-    <string score="0">CREATE %s %.*s</string>
-    <string score="0">CREATE TABLE</string>
-    <string score="0">CREATE TABLE %Q.%s(%s)</string>
-    <string score="0">CREATE TABLE sqlite_master(</string>
-    <string score="0">CREATE VIRTUAL TABLE %T</string>
-    <string score="0">CREATE%s INDEX %.*s</string>
-
-    <string score="0">WMessages</string>
-    <string score="0">WM_HTML_GETOBJECT</string>
-    <string score="0">WM_MOUSEMOVE</string>
-    <string score="0">WM_LBUTTONUP</string>
-    <string score="0">WM_LBUTTONDOWN</string>
-    <string score="0">WM_COPYDATA</string>
-
-    <string score="0">STANDARD_RIGHTS_REQUIRED</string>
-    <string score="0">STANDARD_RIGHTS_READ</string>
-    <string score="0">TOKEN_ASSIGN_PRIMARY</string>
-    <string score="0">TOKEN_DUPLICATE</string>
-    <string score="0">TOKEN_IMPERSONATE</string>
-    <string score="0">TOKEN_QUERY</string>
-    <string score="0">TOKEN_QUERY_SOURCE</string>
-    <string score="0">TOKEN_ADJUST_PRIVILEGES</string>
-    <string score="0">TOKEN_ADJUST_GROUPS</string>
-    <string score="0">TOKEN_ADJUST_DEFAULT</string>
-    <string score="0">TOKEN_ADJUST_SESSIONID</string>
-    <string score="0">TOKEN_READ</string>
-    <string score="0">TOKEN_ALL_ACCESS</string>
-    <string score="0">ERROR_INSUFFICIENT_BUFFER</string>
-    <string score="0">SECURITY_MANDATORY_UNTRUSTED_RID</string>
-    <string score="0">SECURITY_MANDATORY_LOW_RID</string>
-    <string score="0">SECURITY_MANDATORY_MEDIUM_RID</string>
-    <string score="0">SECURITY_MANDATORY_HIGH_RID</string>
-    <string score="0">SECURITY_MANDATORY_SYSTEM_RID</string>
-    <string score="0">SECURITY_MANDATORY_LABEL_AUTHORITY</string>
-
-    <string score="0">SE_PRIVILEGE_ENABLED_BY_DEFAULT</string>
-    <string score="0">SE_PRIVILEGE_ENABLED</string>
-    <string score="0">SE_PRIVILEGE_REMOVED</string>
-    <string score="0">SE_PRIVILEGE_USED_FOR_ACCESS</string>
-    <string score="0">SE_PRIVILEGE_VALID_ATTRIBUTES</string>
-
-    <string score="0">SE_CREATE_TOKEN_NAME</string>
-    <string score="0">SE_ASSIGNPRIMARYTOKEN_NAME</string>
-    <string score="0">SE_LOCK_MEMORY_NAME</string>
-    <string score="0">SE_INCREASE_QUOTA_NAME</string>
-    <string score="0">SE_UNSOLICITED_INPUT_NAME</string>
-    <string score="0">SE_MACHINE_ACCOUNT_NAME</string>
-    <string score="0">SE_TCB_NAME</string>
-    <string score="0">SE_SECURITY_NAME</string>
-    <string score="0">SE_TAKE_OWNERSHIP_NAME</string>
-    <string score="0">SE_LOAD_DRIVER_NAME</string>
-    <string score="0">SE_SYSTEM_PROFILE_NAME</string>
-    <string score="0">SE_SYSTEMTIME_NAME</string>
-    <string score="0">SE_PROF_SINGLE_PROCESS_NAME</string>
-    <string score="0">SE_INC_BASE_PRIORITY_NAME</string>
-    <string score="0">SE_CREATE_PAGEFILE_NAME</string>
-    <string score="0">SE_CREATE_PERMANENT_NAME</string>
-    <string score="0">SE_BACKUP_NAME</string>
-    <string score="0">SE_RESTORE_NAME</string>
-    <string score="0">SE_SHUTDOWN_NAME</string>
-    <string score="0">SE_DEBUG_NAME</string>
-    <string score="0">SE_AUDIT_NAME</string>
-    <string score="0">SE_SYSTEM_ENVIRONMENT_NAME</string>
-    <string score="0">SE_CHANGE_NOTIFY_NAME</string>
-    <string score="0">SE_REMOTE_SHUTDOWN_NAME</string>
-    <string score="0">SE_UNDOCK_NAME</string>
-    <string score="0">SE_SYNC_AGENT_NAME</string>
-    <string score="0">SE_ENABLE_DELEGATION_NAME</string>
-    <string score="0">SE_MANAGE_VOLUME_NAME</string>
-    <string score="0">SE_IMPERSONATE_NAME</string>
-    <string score="0">SE_CREATE_GLOBAL_NAME</string>
-    <string score="0">SE_TRUSTED_CREDMAN_ACCESS_NAME</string>
-    <string score="0">SE_RELABEL_NAME</string>
-    <string score="0">SE_INC_WORKING_SET_NAME</string>
-    <string score="0">SE_TIME_ZONE_NAME</string>
-    <string score="0">SE_CREATE_SYMBOLIC_LINK_NAME</string>
-
-    <string score="0">SE_GROUP_ENABLED_BY_DEFAULT</string>
-    <string score="0">SE_GROUP_ENABLED</string>
-    <string score="0">SE_GROUP_OWNER</string>
-    <string score="0">SE_GROUP_USE_FOR_DENY_ONLY</string>
-    <string score="0">SE_GROUP_INTEGRITY</string>
-    <string score="0">SE_GROUP_INTEGRITY_ENABLED</string>
-    <string score="0">SE_GROUP_LOGON_ID</string>
-    <string score="0">SE_GROUP_RESOURCE</string>
-    <string score="0">SE_GROUP_VALID_ATTRIBUTES</string>
-
-    <!-- DOT NET-->
-    <string score="0">RuntimeHelpers</string>
-    <string score="0">System.Security</string>
-    <string score="0">System.Runtime.CompilerServices</string>
-    <string score="0">System.Security.Cryptography</string>
-    <string score="0">System.Reflection</string>
-    <string score="0">System.Text.RegularExpressions</string>
-    <string score="0">System.Runtime.InteropServices</string>
-    <string score="0">System.Security.Principal</string>
-    <string score="0">System.Threading</string>
-    <string score="0">System.IO.Compression</string>
-    <string score="0">System.Net.Configuration</string>
-    <string score="0">System.Net.Sockets</string>
-    <string score="0">Microsoft.VisualBasic.CompilerServices</string>
-    <string score="0">Internet Explorer_Server</string>
-    <string score="0">vbscript</string>
-    <string score="0">javascript</string>
-    <string score="0">JavaScript</string>
-    <string score="0">execScript</string>
-    <string score="0">AutoRun</string>
-    <string score="0">HashSize</string>
-    <string score="0">Algorithm</string>
-    <string score="0">BlockSize</string>
-    <string score="0">CipherMode</string>
-    <string score="0">Twofish</string>
-    <string score="0">Wrong password</string>
-    <string score="0">Proxy-Connection:</string>
-    <string score="0">WWW-Authenticate:</string>
-    <string score="0">Proxy-authenticate:</string>
-    <string score="0">Content-Length:</string>
-    <string score="0">Connection:</string>
-    <string score="0">Transfer-Encoding:</string>
-    <string score="0">GOPHER</string>
-    <string score="0">Digest</string>
-    <string score="0">nonce</string>
-    <string score="0">stale</string>
-    <string score="0">realm</string>
-    <string score="0">opaque</string>
-    <string score="0">Referer:</string>
-    <string score="0">Range:</string>
-    <string score="0">ConfuserEx v0.1.0</string>
-    <string score="0">ConfuserEx v0.1.1</string>
-    <string score="0">ConfuserEx v0.1.2</string>
-    <string score="0">ConfuserEx v0.2.0</string>
-    <string score="0">ConfuserEx v0.2.1</string>
-    <string score="0">ConfuserEx v0.2.2</string>
-    <string score="0">ConfuserEx v0.2.3</string>
-    <string score="0">ConfuserEx v0.3.0</string>
-    <string score="0">ConfuserEx v0.4.0</string>
-    <string score="0">ConfuserEx v0.5.0</string>
-
-    <!-- Well-known (local) directories -->
-    <string score="0">AppData\Local</string>
-    <string score="0">AppData\Local\Microsoft\Windows\History</string>
-    <string score="0">AppData\Local\Microsoft\Windows\Temporary Internet Files</string>
-    <string score="0">AppData\Roaming</string>
-    <string score="0">AppData\Roaming\Microsoft\Windows\Cookies</string>
-    <string score="0">AppData\Roaming\Microsoft\Windows\Network Shortcuts</string>
-    <string score="0">AppData\Roaming\Microsoft\Windows\Printer Shortcuts</string>
-    <string score="0">AppData\Roaming\Microsoft\Windows\Recent</string>
-    <string score="0">AppData\Roaming\Microsoft\Windows\SendTo</string>
-    <string score="0">AppData\Roaming\Microsoft\Windows\Start Menu</string>
-    <string score="0">AppData\Roaming\Microsoft\Windows\Start Menu\Programs</string>
-    <string score="0">AppData\Roaming\Microsoft\Windows\Templates</string>
-    <string score="0">Microsoft\Windows\Start Menu</string>
-    <string score="0">Microsoft\Windows\Start Menu\Programs</string>
-    <string score="0">Microsoft\Windows\Templates</string>
-    <string score="0">Public\Desktop</string>
-    <string score="0">Public\Documents</string>
-    <string score="0">Public\Favorites</string>
-    <string score="0">Public\Music</string>
-    <string score="0">Public\Pictures</string>
-    <string score="0">Public\Videos</string>
-    <string score="0">System</string>
-    <string score="0">Videos</string>
-    <string score="0">Windows NT\Accessories</string>
-    <string score="0">Explorer\Shell Folders</string>
-
-    <!-- Borland -->
-    <string score="0">TCoreThread</string>
-    <string score="0">EObserver</string>
-    <string score="0">TStream</string>
-    <string score="0">TFiler</string>
-    <string score="0">TReaderH</string>
-    <string score="0">TWriter4</string>
-    <string score="0">TComponent</string>
-    <string score="0">TFPList</string>
-    <string score="0">TList</string>
-    <string score="0">TThreadList</string>
-    <string score="0">TPersistent</string>
-    <string score="0">TCollection</string>
-    <string score="0">TStrings</string>
-    <string score="0">TStringList</string>
-    <string score="0">TOwnerStream</string>
-    <string score="0">THandleStream</string>
-    <string score="0">TFileStream</string>
-    <string score="0">TCustomMemoryStream</string>
-    <string score="0">TRegExpr</string>
-    <string score="0">ERegExpr</string>
-
-    <!-- AutoIt -->
-    <string score="0">/AutoIt3ExecuteLine</string>
-    <string score="0">/AutoIt3ExecuteScript</string>
-    <string score="0">/AutoIt3OutputDebug</string>
-    <string score="0">AutoIt3GUI</string>
-    <string score="0">AutoIt v3</string>
-    <string score="0">AutoIt script files (*.au3 *.a3x)</string>
-    <string score="0">AutoIt</string>
-    <string score="0">AUTOIT SCRIPT</string>
-    <string score="0">AUTOIT NO CMDEXECUTE</string>
-    <string score="0">AutoIt3OutputDebug</string>
-    <string score="0">AutoIt3ExecuteScript</string>
-    <string score="0">AutoIt3ExecuteLine</string>
-    <string score="0">#NoAutoIt3Execute</string>
-    <string score="0">Software\AutoIt v3\AutoIt</string>
-    <string score="0">*.au3;*.a3x</string>
-    <string score="0">AutoIt Error</string>
-    <string score="0">AutoIt has detected the stack has become corrupt.</string>
-    <string score="0">CompiledScript</string>
-    <string score="0">AutoIt v3 Script: 3 3 8 1</string>
-    <string score="0">AutoIt v3 Script: 3 3 8 0</string>
-    <string score="0">AutoIt3</string>
-    <string score="0">AUTOITPID</string>
-    <string score="0">AUTOITEXE</string>
-    <string score="0">AUTOITVERSION</string>
-    <string score="0">AUTOITSETOPTION</string>
-    <string score="0">AUTOITWINGETTITLE</string>
-    <string score="0">AUTOITWINSETTITLE</string>
-    <string score="0">powershell</string>
-    <string score="0">bitsadmin</string>
-    <string score="0">bitstransfer</string>
-    <string score="0">certutil</string>
-    <string score="0">downloadstring</string>
-    <string score="0">webclient</string>
-    <string score="0">ADODB.Stream</string>
-    <string score="0">SaveToFile</string>
-    <string score="0">Microsoft.XMLHTTP</string>
-    <string score="0">WinHttpRequest</string>
-
-  </strings>
-
-  <powershells>
-    <!-- https://blogs.technet.microsoft.com/heyscriptingguy/2015/06/11/table-of-basic-powershell-commands/ -->
-    <powershell score="0">Add-Content</powershell>
-    <powershell score="0">Add-PSSnapIn</powershell>
-    <powershell score="0">AppData</powershell>
-    <powershell score="0">Clear-Content</powershell>
-    <powershell score="0">Clear-Host</powershell>
-    <powershell score="0">Clear-History</powershell>
-    <powershell score="0">Clear-Item</powershell>
-    <powershell score="0">Clear-ItemProperty</powershell>
-    <powershell score="0">Clear-Variable</powershell>
-    <powershell score="0">Compare-Object</powershell>
-    <powershell score="0">Connect-PSSession</powershell>
-    <powershell score="0">Copy-Item</powershell>
-    <powershell score="0">Copy-ItemProperty</powershell>
-    <powershell score="0">Convert-Path</powershell>
-    <powershell score="0">cmd</powershell>
-    <powershell score="0">Disable-PSBreakpoint</powershell>
-    <powershell score="0">Disconnect-PSSession</powershell>
-    <powershell score="0">Enable-PSBreakpoint</powershell>
-    <powershell score="0">Enter-PSSession</powershell>
-    <powershell score="0">Export-Alias</powershell>
-    <powershell score="0">Export-Csv</powershell>
-    <powershell score="0">Export-PSSession</powershell>
-    <powershell score="0">Exit-PSSession</powershell>
-    <powershell score="0">Format-Custom</powershell>
-    <powershell score="0">Format-List</powershell>
-    <powershell score="0">ForEach-Object</powershell>
-    <powershell score="0">Format-Table</powershell>
-    <powershell score="0">Format-Wide</powershell>
-    <powershell score="0">Get-Alias</powershell>
-    <powershell score="0">Get-Content</powershell>
-    <powershell score="0">Get-ChildItem</powershell>
-    <powershell score="0">Get-Command</powershell>
-    <powershell score="0">Get-History</powershell>
-    <powershell score="0">Get-Item</powershell>
-    <powershell score="0">Get-Job</powershell>
-    <powershell score="0">Get-Location</powershell>
-    <powershell score="0">Get-Member</powershell>
-    <powershell score="0">Get-Module</powershell>
-    <powershell score="0">Get-ItemProperty</powershell>
-    <powershell score="0">Get-Location</powershell>
-    <powershell score="0">Get-Process</powershell>
-    <powershell score="0">Get-PSBreakpoint</powershell>
-    <powershell score="0">Get-PSCallStack</powershell>
-    <powershell score="0">Get-PSDrive</powershell>
-    <powershell score="0">Get-PSSession</powershell>
-    <powershell score="0">Get-PSSnapIn</powershell>
-    <powershell score="0">Get-Service</powershell>
-    <powershell score="0">Get-Unique</powershell>
-    <powershell score="0">Get-Variable</powershell>
-    <powershell score="0">Get-WmiObject</powershell>
-    <powershell score="0">Group-Object</powershell>
-    <powershell score="0">Import-Alias</powershell>
-    <powershell score="0">Import-Csv</powershell>
-    <powershell score="0">Import-Module</powershell>
-    <powershell score="0">Import-PSSession</powershell>
-    <powershell score="0">Invoke-Command</powershell>
-    <powershell score="0">Invoke-Expression</powershell>
-    <powershell score="0">Invoke-History</powershell>
-    <powershell score="0">Invoke-Item</powershell>
-    <powershell score="0">Invoke-RestMethod</powershell>
-    <powershell score="0">Invoke-WebRequest</powershell>
-    <powershell score="0">Invoke-WMIMethod</powershell>
-    <powershell score="0">Measure-Object</powershell>
-    <powershell score="0">Move-Item</powershell>
-    <powershell score="0">Move-ItemProperty</powershell>
-    <powershell score="0">New-Alias</powershell>
-    <powershell score="0">New-Item</powershell>
-    <powershell score="0">New-Module</powershell>
-    <powershell score="0">New-PSDrive</powershell>
-    <powershell score="0">New-PSSession</powershell>
-    <powershell score="0">New-PSSessionConfigurationFile</powershell>
-    <powershell score="0">New-Variable</powershell>
-    <powershell score="0">New-Object</powershell>
-    <powershell score="0">Out-GridView</powershell>
-    <powershell score="0">Out-Host</powershell>
-    <powershell score="0">Out-Printer</powershell>
-    <powershell score="0">Pop-Location</powershell>
-    <powershell score="0">Push-Location</powershell>
-    <powershell score="0">Receive-Job</powershell>
-    <powershell score="0">Receive-PSSession</powershell>
-    <powershell score="0">Remove-Job</powershell>
-    <powershell score="0">Remove-Item</powershell>
-    <powershell score="0">Remove-ItemProperty</powershell>
-    <powershell score="0">Remove-Module</powershell>
-    <powershell score="0">Remove-PSBreakpoint</powershell>
-    <powershell score="0">Remove-PSDrive</powershell>
-    <powershell score="0">Remove-PSSession</powershell>
-    <powershell score="0">Remove-PSSnapin</powershell>
-    <powershell score="0">Remove-Variable</powershell>
-    <powershell score="0">Remove-WMIObject</powershell>
-    <powershell score="0">Rename-Item</powershell>
-    <powershell score="0">Rename-ItemProperty</powershell>
-    <powershell score="0">Resolve-Path</powershell>
-    <powershell score="0">Resume-Job</powershell>
-    <powershell score="0">Select-Object</powershell>
-    <powershell score="0">Set-Alias</powershell>
-    <powershell score="0">Set-Content</powershell>
-    <powershell score="0">Set-Item</powershell>
-    <powershell score="0">Set-Location</powershell>
-    <powershell score="0">Set-PSBreakpoint</powershell>
-    <powershell score="0">Set-Variable</powershell>
-    <powershell score="0">Shell</powershell>
-    <powershell score="0">Show-Command</powershell>
-    <powershell score="0">Start-Job</powershell>
-    <powershell score="0">Start-Process</powershell>
-    <powershell score="0">Start-Service</powershell>
-    <powershell score="0">Stop-Process</powershell>
-    <powershell score="0">Where-Object</powershell>
-    <powershell score="0">Write-Output</powershell>
-
-  </powershells>
-</xml>
-
diff --git a/assemblyline_v4_service/common/safelist_helper.py b/assemblyline_v4_service/common/safelist_helper.py
deleted file mode 100644
index 7657680f..00000000
--- a/assemblyline_v4_service/common/safelist_helper.py
+++ /dev/null
@@ -1,73 +0,0 @@
-from re import compile, IGNORECASE, match, search
-from typing import Dict, List
-from urllib.parse import urlparse
-
-from assemblyline.odm.base import DOMAIN_REGEX, IP_REGEX
-
-URL_REGEX = compile(
-    r"(?:(?:(?:[A-Za-z]*:)?//)?(?:\S+(?::\S*)?@)?(?:(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}"
-    r"(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|(?:(?:[A-Za-z0-9\u00a1-\uffff][A-Za-z0-9\u00a1-\uffff_-]{0,62})"
-    r"?[A-Za-z0-9\u00a1-\uffff]\.)+(?:xn--)?(?:[A-Za-z0-9\u00a1-\uffff]{2,}\.?))(?::\d{2,5})?)(?:[/?#][^\s,\\\\]*)?")
-
-
-def is_tag_safelisted(
-        value: str, tags: List[str],
-        safelist: Dict[str, Dict[str, List[str]]],
-        substring: bool = False) -> bool:
-    """
-    This method determines if a given value has any safelisted components.
-    :param value: The value to be checked if it has been safelisted
-    :param tags: The tags which will be used for grabbing specific values from the safelist
-    :param safelist: The safelist containing matches and regexs. The
-                     product of a service using self.get_api_interface().get_safelist().
-    :param substring: A flag that indicates if we should check if the value is contained within the match
-    :return: A boolean indicating if the value has been safelisted
-    """
-    if not value or not tags or not safelist:
-        return False
-
-    if not any(key in safelist for key in ["match", "regex"]):
-        return False
-
-    safelist_matches = safelist.get("match", {})
-    safelist_regexes = safelist.get("regex", {})
-
-    for tag in tags:
-        if tag in safelist_matches:
-            for safelist_match in safelist_matches[tag]:
-                if value.lower() == safelist_match.lower():
-                    return True
-                elif substring and safelist_match.lower() in value.lower():
-                    return True
-
-        if tag in safelist_regexes:
-            for safelist_regex in safelist_regexes[tag]:
-                if match(safelist_regex, value, IGNORECASE):
-                    return True
-
-    return False
-
-
-def contains_safelisted_value(val: str, safelist: Dict[str, Dict[str, List[str]]]) -> bool:
-    """
-    This method checks if a given value is part of a safelist
-    :param val: The given value
-    :param safelist: A dictionary containing matches and regexes for use in safelisting values
-    :return: A boolean representing if the given value is part of a safelist
-    """
-    if not val or not isinstance(val, str):
-        return False
-    ip = search(IP_REGEX, val)
-    url = search(URL_REGEX, val)
-    domain = search(DOMAIN_REGEX, val)
-    if ip is not None:
-        ip = ip.group()
-        return is_tag_safelisted(ip, ["network.dynamic.ip"], safelist)
-    elif domain is not None:
-        domain = domain.group()
-        return is_tag_safelisted(domain, ["network.dynamic.domain"], safelist)
-    elif url is not None:
-        url_pieces = urlparse(url.group())
-        domain = url_pieces.netloc
-        return is_tag_safelisted(domain, ["network.dynamic.domain"], safelist)
-    return False
diff --git a/assemblyline_v4_service/common/section_reducer.py b/assemblyline_v4_service/common/section_reducer.py
deleted file mode 100644
index c8a3ebfc..00000000
--- a/assemblyline_v4_service/common/section_reducer.py
+++ /dev/null
@@ -1,43 +0,0 @@
-from assemblyline_v4_service.common.result import Result, ResultSection
-from assemblyline_v4_service.common.tag_reducer import REDUCE_MAP
-
-
-def reduce(al_result: Result) -> Result:
-    """
-    This function goes through a result section recursively and try reduce the amount of
-    produced tags based on a reducer set for each specific tags
-
-    :param al_result: An Assemblyline result object
-    :return: Reduced Assemblyline result object
-    """
-    for section in al_result.sections:
-        _section_traverser(section)
-    return al_result
-
-
-def _section_traverser(section: ResultSection = None) -> ResultSection:
-    """
-    This function goes through each section and sends the tags to a function
-    that will reduce specific tags
-
-    :param section: An Assemblyline result section
-    :return: Reduced Assemblyline result section
-    """
-    for subsection in section.subsections:
-        _section_traverser(subsection)
-    if section.tags:
-        section.set_tags(_reduce_specific_tags(section.tags))
-    return section
-
-
-def _reduce_specific_tags(tags=None) -> dict:
-    """
-    This function is very much a work in progress. Currently the only tags that we
-    feel the need to reduce are unique uris and uri paths
-    :param tags: Dictionary of tag types and their values
-    :return: Dictionary of tag types and their reduced values
-    """
-    if tags is None:
-        tags = {}
-
-    return {tag_type: REDUCE_MAP.get(tag_type, lambda x: x)(tag_values) for tag_type, tag_values in tags.items()}
diff --git a/assemblyline_v4_service/common/tag_helper.py b/assemblyline_v4_service/common/tag_helper.py
deleted file mode 100644
index 789f2ab7..00000000
--- a/assemblyline_v4_service/common/tag_helper.py
+++ /dev/null
@@ -1,117 +0,0 @@
-from re import match, search
-from typing import Any, Dict, List, Optional, Union
-
-from assemblyline.common.net import is_valid_domain, is_valid_ip
-from assemblyline.common.str_utils import safe_str
-from assemblyline.odm.base import DOMAIN_ONLY_REGEX, DOMAIN_REGEX, FULL_URI, IP_REGEX, URI_PATH
-from assemblyline_v4_service.common.result import ResultSection
-from assemblyline_v4_service.common.safelist_helper import is_tag_safelisted
-
-
-def add_tag(
-    result_section: ResultSection,
-    tag: str, value: Union[Any, List[Any]],
-    safelist: Dict[str, Dict[str, List[str]]] = None
-) -> bool:
-    """
-    This method adds the value(s) as a tag to the ResultSection. Can take a list of values or a single value.
-    :param result_section: The ResultSection that the tag will be added to
-    :param tag: The tag type that the value will be tagged under
-    :param value: The value, a single item or a list, that will be tagged under the tag type
-    :param safelist: The safelist containing matches and regexs. The product of a
-                     service using self.get_api_interface().get_safelist().
-    :return: Tag was successfully added
-    """
-    if safelist is None:
-        safelist = {}
-
-    tags_were_added = False
-    if not value:
-        return tags_were_added
-
-    if type(value) == list:
-        for item in value:
-            # If one tag is added, then return True
-            tags_were_added = _validate_tag(result_section, tag, item, safelist) or tags_were_added
-    else:
-        tags_were_added = _validate_tag(result_section, tag, value, safelist)
-    return tags_were_added
-
-
-def _get_regex_for_tag(tag: str) -> str:
-    """
-    This method returns a regular expression used for validating a certain tag type
-    :param tag: The type of tag
-    :return: The relevant regular expression
-    """
-    reg_to_match: Optional[str] = None
-    if "domain" in tag:
-        reg_to_match = DOMAIN_ONLY_REGEX
-    elif "uri_path" in tag:
-        reg_to_match = URI_PATH
-    elif "uri" in tag:
-        reg_to_match = FULL_URI
-    elif "ip" in tag:
-        reg_to_match = IP_REGEX
-    return reg_to_match
-
-
-def _validate_tag(
-    result_section: ResultSection,
-    tag: str,
-    value: Any,
-    safelist: Dict[str, Dict[str, List[str]]] = None
-) -> bool:
-    """
-    This method validates the value relative to the tag type before adding the value as a tag to the ResultSection.
-    :param result_section: The ResultSection that the tag will be added to
-    :param tag: The tag type that the value will be tagged under
-    :param value: The item that will be tagged under the tag type
-    :param safelist: The safelist containing matches and regexs. The product of a
-                     service using self.get_api_interface().get_safelist().
-    :return: Tag was successfully added
-    """
-    if safelist is None:
-        safelist = {}
-
-    if tag.startswith("network.static."):
-        network_tag_type = "static"
-    else:
-        network_tag_type = "dynamic"
-
-    regex = _get_regex_for_tag(tag)
-    if regex and not match(regex, value):
-        return False
-
-    if "ip" in tag and not is_valid_ip(value):
-        return False
-
-    if "domain" in tag and not is_valid_domain(value):
-            return False
-
-    if is_tag_safelisted(value, [tag], safelist):
-        return False
-
-    # if "uri" is in the tag, let's try to extract its domain/ip and tag it.
-    if "uri_path" not in tag and "uri" in tag:
-        # First try to get the domain
-        valid_domain = False
-        domain = search(DOMAIN_REGEX, value)
-        if domain:
-            domain = domain.group()
-            valid_domain = _validate_tag(result_section, f"network.{network_tag_type}.domain", domain, safelist)
-        # Then try to get the IP
-        valid_ip = False
-        ip = search(IP_REGEX, value)
-        if ip:
-            ip = ip.group()
-            valid_ip = _validate_tag(result_section, f"network.{network_tag_type}.ip", ip, safelist)
-
-        if value not in [domain, ip] and (valid_domain or valid_ip):
-            result_section.add_tag(tag, safe_str(value))
-        else:
-            return False
-    else:
-        result_section.add_tag(tag, safe_str(value))
-
-    return True
diff --git a/assemblyline_v4_service/common/tag_reducer.py b/assemblyline_v4_service/common/tag_reducer.py
deleted file mode 100644
index 0e9b5637..00000000
--- a/assemblyline_v4_service/common/tag_reducer.py
+++ /dev/null
@@ -1,242 +0,0 @@
-import regex as re
-import os.path
-
-from copy import deepcopy
-from typing import List
-from urllib.parse import urlparse, parse_qs, urlunparse, urlencode, unquote
-
-NUMBER_REGEX = re.compile("[0-9]*")
-ALPHA_REGEX = re.compile("[a-zA-Z]*")
-ALPHANUM_REGEX = re.compile("[a-zA-Z0-9]*")
-BASE64_REGEX = re.compile("(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?")
-DO_NOT_REDUCE = ["netloc", "hostname"]
-
-
-def reduce_uri_tags(uris=None) -> List[str]:
-    """
-    The purpose of this helper function is to reduce the amount of unique uris to be tagged.
-    ex. If a sample makes a hundred network calls to four unqiue domains, with only one parameter
-    changing in the HTTP request each time, this should be synthesized to four uris to
-    be tagged, but with a placeholder for the parameter(s) that changes in each callout.
-    """
-    if uris is None:
-        uris = []
-
-    parsed_uris = []
-    reduced_uris = set()
-    for uri in uris:
-        parsed_uri = urlparse(uri)
-        # Match items we care about into a nice dictionary
-        uri_dict = {
-            "scheme": parsed_uri.scheme,      # scheme param
-            "netloc": parsed_uri.netloc,      # ""
-            "path": parsed_uri.path,          # ""
-            "params": parsed_uri.params,      # ""
-            "query": parsed_uri.query,        # ""
-            "fragment": parsed_uri.fragment,  # ""
-            "username": parsed_uri.username,  # None
-            "password": parsed_uri.password,  # None
-            "hostname": parsed_uri.hostname,  # None
-            "port": parsed_uri.port           # None
-        }
-
-        # We need to parse a couple of the returned params from urlparse more in-depth
-        if uri_dict["query"] != "":
-            # note that values of keys in dict will be in lists of length 1, which we don't want
-            uri_dict["query"] = parse_qs(uri_dict["query"])
-        if uri_dict["path"] != "":
-            # converting tuple to list
-            uri_dict["path"] = list(os.path.split(uri_dict["path"]))
-            # removing lone slashes
-            uri_dict["path"] = [not_slash for not_slash in uri_dict["path"] if not_slash != "/"]
-
-        parsed_uris.append(uri_dict)
-
-    # iterate through, comparing two parsed uris. if the percentage of similarity
-    # is greater than x, then they are sufficiently similar and can have parts
-    # replaced.
-
-    # time for the smarts
-    comparison_uris = deepcopy(parsed_uris)
-    for parsed_uri in parsed_uris:
-        # this flag will be used to check if this uri matches any other uri ever
-        totally_unique = True
-        for comparison_uri in comparison_uris:
-            if parsed_uri == comparison_uri:
-                continue
-            equal_keys = 0
-            total_list_len = 0
-            total_dict_len = 0
-            difference = {}
-            # now go through each key, and check for equality
-            for key in parsed_uri.keys():
-                val = parsed_uri[key]
-                comp_val = comparison_uri[key]
-
-                # if equal, add to count of similar keys
-                if type(val) == list:
-                    val_len = len(val)
-                    if val == comp_val:
-                        equal_keys += val_len
-                    else:
-                        difference[key] = dict()
-                        comp_len = len(comp_val)
-                        max_list_len = max(val_len, comp_len)
-                        for item in range(max_list_len):
-                            if item >= comp_len or item >= val_len:
-                                # bail!
-                                break
-                            if val[item] == comp_val[item]:
-                                equal_keys += 1
-                            else:
-                                difference[key][item] = []
-                                difference[key][item].append(val[item])
-                                difference[key][item].append(comp_val[item])
-                        total_list_len += val_len
-
-                elif type(val) == dict:
-                    val_len = len(val)
-                    if val == comp_val:
-                        equal_keys += val_len
-                    else:
-                        difference[key] = dict()
-                        if comp_val != "":
-                            comp_keys = list(comp_val.keys())
-                            val_keys = list(val.keys())
-                            all_keys = set(comp_keys + val_keys)
-                            val_len = len(all_keys)
-
-                            for item in all_keys:
-                                if val.get(item) and comp_val.get(item) and val[item] == comp_val[item]:
-                                    equal_keys += 1
-                                else:
-                                    difference[key][item] = []
-                                    if val.get(item):
-                                        difference[key][item].append(val[item])
-                                    if comp_val.get(item):
-                                        difference[key][item].append(comp_val[item])
-                        total_dict_len += val_len
-                else:  # Not dict or a list
-                    if val == comp_val:
-                        equal_keys += 1
-                    else:
-                        difference[key] = []
-                        difference[key].append(val)
-                        difference[key].append(comp_val)
-            # now find percentage similar
-            if total_dict_len > 1 and total_list_len > 1:
-                percentage_equal = equal_keys / (len(parsed_uri.keys()) - 2 + total_list_len + total_dict_len)
-            elif total_dict_len > 1 or total_list_len > 1:
-                percentage_equal = equal_keys / (len(parsed_uri.keys()) - 1 + total_list_len + total_dict_len)
-            else:
-                percentage_equal = equal_keys / (len(parsed_uri.keys()) + total_list_len + total_dict_len)
-
-            # if percentage equal is > some value (say 90), then we can say that
-            # urls are similar enough to reduce
-            if percentage_equal >= 0.80:
-                # So that we don't overwrite details
-                comparison_uri_copy = deepcopy(comparison_uri)
-                # somehow recognize where parameters are that match and replace them.
-                for item in difference.keys():
-                    # We don't want to replace the following:
-                    if item in DO_NOT_REDUCE:
-                        continue
-
-                    val = difference[item]
-                    if item == "query":
-                        for key in val.keys():
-                            placeholders = []
-                            # since each of these items is a list of lists
-                            for val_item in val[key]:
-                                # use regex to determine the parameter type
-                                value = val_item[0]
-                                placeholder = _get_placeholder(value)
-                                placeholders.append(placeholder)
-                            if len(set(placeholders)) == 1:
-                                # the same placeholder type is consistent with all values
-                                # update the url_dict value
-                                comparison_uri_copy[item][key] = list(set(placeholders))
-                            else:
-                                # the placeholder types vary
-                                comparison_uri_copy[item][key] = ",".join(placeholders)
-                    elif item == "path":
-                        placeholders = {}
-                        for key in val.keys():
-                            placeholders[key] = []
-                            for list_item in val[key]:
-                                # if / exists, pop the rest out
-                                if list_item != "/" and list_item[0] == "/":
-                                    # use regex to determine the parameter type
-                                    placeholder = _get_placeholder(list_item[1:])
-                                    placeholders[key].append("/"+placeholder)
-                                else:
-                                    placeholder = _get_placeholder(list_item)
-                                    placeholders[key].append(placeholder)
-                        for key in placeholders.keys():
-                            if len(set(placeholders[key])) == 1:
-                                # the same placeholder type is consistent with all values
-                                # update the comparison_uri_copy value
-                                comparison_uri_copy[item][key] = list(set(placeholders[key]))[0]
-                            else:
-                                # the placeholder types vary
-                                comparison_uri_copy[item][key] = ",".join(set(placeholders[key]))
-                    else:
-                        comparison_uri_copy[item] = _get_placeholder(val)
-
-                # now it's time to rejoin the parts of the url
-                reduced_uris.add(_turn_back_into_uri(comparison_uri_copy))
-                totally_unique = False
-
-        # Congratulations, you are one in a million
-        if totally_unique:
-            reduced_uris.add(_turn_back_into_uri(parsed_uri))
-    reduced_uris_list = list(reduced_uris)
-    # recursive_list = reduce_uri_tags(reduced_uris_list)
-    # if len(recursive_list) < len(reduced_uris_list):
-    #     return reduced_uris_list
-    # elif
-    # if reduce_uri_tags(reduced_uris_list))
-    return reduced_uris_list
-
-
-def _turn_back_into_uri(uri_parts: dict) -> str:
-    # turn the path back into a string
-    uri_parts["path"] = '/'.join(uri_parts["path"])
-    # turn the query back into a query string
-    # first, remove the list wrappers
-    if uri_parts["query"] != "":
-        for item in uri_parts["query"].keys():
-            uri_parts["query"][item] = uri_parts["query"][item][0]
-    uri_parts["query"] = unquote(urlencode(uri_parts["query"]))
-
-    uri_tuple = (uri_parts["scheme"], uri_parts["netloc"],
-                 uri_parts["path"], uri_parts["params"],
-                 uri_parts["query"], uri_parts["fragment"])
-    real_url = urlunparse(uri_tuple)
-    return real_url
-
-
-def _get_placeholder(val: str) -> str:
-    if not val:
-        return "${UNKNOWN_TYPE}"
-
-    if NUMBER_REGEX.fullmatch(val):
-        placeholder = "${NUMBER}"
-    elif ALPHA_REGEX.fullmatch(val):
-        placeholder = "${ALPHA}"
-    # Note that BASE64 Regex must happen before ALPHANUM regex or else ALPHANUM will hit on BASE64
-    elif BASE64_REGEX.fullmatch(val):
-        placeholder = "${BASE64}"
-    elif ALPHANUM_REGEX.fullmatch(val):
-        placeholder = "${ALPHA_NUM}"
-    else:
-        placeholder = "${UNKNOWN_TYPE}"
-    return placeholder
-
-
-REDUCE_MAP = {
-    "network.dynamic.uri": reduce_uri_tags,
-    "network.static.uri": reduce_uri_tags,
-    "network.dynamic.uri_path": reduce_uri_tags,
-    "network.static.uri_path": reduce_uri_tags
-}
diff --git a/assemblyline_v4_service/common/utils.py b/assemblyline_v4_service/common/utils.py
deleted file mode 100644
index 9858a2be..00000000
--- a/assemblyline_v4_service/common/utils.py
+++ /dev/null
@@ -1,85 +0,0 @@
-from __future__ import annotations
-
-import signal
-import sys
-import ctypes
-import re
-
-libc = ctypes.CDLL("libc.so.6")
-
-PASSWORD_WORDS = [
-    "كلمه السر",  # Arabic
-    "密码",  # Chinese Simplified
-    "密碼",  # Chinese Traditional
-    "password",  # English
-    "mot de passe",  # French
-    "passwort",  # German
-    "parola d'ordine",  # Italian
-    "비밀번호",  # Korean
-    "parole",  # Latvian, Lithuanian
-    "senha",  # Portuguese
-    "пароль",  # Russian
-    "contraseña",  # Spanish
-]
-PASSWORD_REGEXES = [re.compile(fr".*{p}:(.+)", re.I) for p in PASSWORD_WORDS]
-
-PASSWORD_STRIP = [
-    '"',
-    "'",
-    "입니다",
-    "이에요",
-]
-
-
-def set_death_signal(sig=signal.SIGTERM):
-    if 'linux' not in sys.platform:
-        return None
-
-    def process_control():
-        return libc.prctl(1, sig)
-    return process_control
-
-
-class TimeoutException(Exception):
-    pass
-
-
-class alarm_clock:
-    """A context manager that causes an exception to be raised after a timeout."""
-
-    def __init__(self, timeout):
-        self.timeout = timeout
-        self.alarm_default = signal.getsignal(signal.SIGALRM)
-
-    def __enter__(self):
-        # noinspection PyUnusedLocal
-        def handler(signum, frame):
-            raise TimeoutException("Timeout")
-
-        signal.signal(signal.SIGALRM, handler)
-
-        signal.alarm(self.timeout)
-        return self
-
-    def __exit__(self, exc_type, exc_val, exc_tb):
-        signal.alarm(0)
-        signal.signal(signal.SIGALRM, self.alarm_default)
-
-
-def extract_passwords(text: str) -> set[str]:
-    passwords: set[str] = set()
-    text_split, text_split_n = set(text.split()), set(text.split("\n"))
-    passwords.update(text_split)
-    passwords.update(re.split(r"\W+", text))
-    for i, r in enumerate(PASSWORD_REGEXES):
-        for line in text_split:
-            if PASSWORD_WORDS[i] in line.lower():
-                passwords.update(re.split(r, line))
-        for line in text_split_n:
-            if PASSWORD_WORDS[i] in line.lower():
-                passwords.update(re.split(r, line))
-    for p in list(passwords):
-        p = p.strip()
-        # We can assume that at least one of the strip_char won't be there, to have the simple space stripping option
-        passwords.update([p.strip(strip_char) for strip_char in PASSWORD_STRIP])
-    return passwords
diff --git a/assemblyline_v4_service/testing/__init__.py b/assemblyline_v4_service/testing/__init__.py
deleted file mode 100644
index e69de29b..00000000
diff --git a/assemblyline_v4_service/testing/helper.py b/assemblyline_v4_service/testing/helper.py
deleted file mode 100644
index f9a6b560..00000000
--- a/assemblyline_v4_service/testing/helper.py
+++ /dev/null
@@ -1,463 +0,0 @@
-import json
-import os
-import pytest
-import shutil
-import re
-
-from pathlib import Path
-
-from assemblyline.common import forge
-from assemblyline.common.dict_utils import flatten
-from assemblyline.common.uid import get_random_id
-from assemblyline.odm.messages.task import Task as ServiceTask
-from assemblyline_v4_service.common import helper
-from assemblyline_v4_service.common.request import ServiceRequest
-from assemblyline_v4_service.common.task import Task
-from cart import unpack_file
-
-
-class FileMissing(Exception):
-    pass
-
-
-class HeuristicFiletypeMismatch(Exception):
-    pass
-
-
-class IssueHelper:
-    ACTION_MISSING = "--"
-    ACTION_ADDED = "++"
-    ACTION_CHANGED = "-+"
-
-    TYPE_HEUR = "HEURISTICS"
-    TYPE_TAGS = "TAGS"
-    TYPE_TEMP = "TEMP_DATA"
-    TYPE_SUPPLEMENTARY = "SUPPLEMENTARY"
-    TYPE_EXTRACTED = "EXTRACTED"
-    TYPE_EXTRA = "EXTRA"
-
-    def __init__(self):
-        self.issues = {}
-
-    def add_issue(self, itype: str, action: str, message: str):
-        self.issues.setdefault(itype, [])
-        self.issues[itype].append((action, message))
-
-    def get_issue_list(self):
-        return [f"[{k.upper()}] {action.capitalize()} {message}"
-                for k, v in self.issues.items()
-                for action, message in v]
-
-    def get_issues(self):
-        return self.issues
-
-    def has_issues(self):
-        return len(self.issues.keys()) != 0
-
-
-class TestHelper:
-    def __init__(self, service_class, result_folder, extra_sample_locations=None):
-        # Set service class to use
-        self.service_class = service_class
-
-        # Set location for samples
-        self.locations = []
-
-        # Extra samples location
-        if extra_sample_locations:
-            self.locations.append(extra_sample_locations)
-
-        # Main samples location
-        full_samples_location = os.environ.get("FULL_SAMPLES_LOCATION", None)
-        if full_samples_location:
-            self.locations.append(full_samples_location)
-
-        # Set result folder location
-        self.result_folder = result_folder
-
-        # Load identify
-        self.identify = forge.get_identify(use_cache=False)
-
-        # Load submission params
-        self.submission_params = helper.get_service_attributes().submission_params
-
-        # Load service heuristic
-        self.heuristics = helper.get_heuristics()
-
-    def _create_service_task(self, file_path, params):
-        fileinfo_keys = ["magic", "md5", "mime", "sha1", "sha256", "size", "type"]
-
-        # Set proper default values
-        if params is None:
-            params = {}
-
-        metadata = params.get('metadata', {})
-        temp_submission_data = params.get('temp_submission_data', {})
-        submission_params = params.get('submission_params', {})
-        tags = params.get('tags', [])
-        filename = params.get('filename', os.path.basename(file_path))
-
-        return ServiceTask(
-            {
-                "sid": get_random_id(),
-                "metadata": metadata,
-                "deep_scan": False,
-                "service_name": self.service_class.__name__,
-                "service_config": {param.name: submission_params.get(param.name, param.default)
-                                   for param in self.submission_params},
-                "fileinfo": {k: v for k, v in self.identify.fileinfo(file_path).items() if k in fileinfo_keys},
-                "filename": filename,
-                "min_classification": "TLP:C",
-                "max_files": 501,
-                "ttl": 3600,
-                "temporary_submission_data": [
-                    {'name': name, 'value': value} for name, value in temp_submission_data.items()
-                ],
-                "tags": tags,
-            }
-        )
-
-    def _find_sample(self, sample):
-        # Assume samples are carted
-        sample = f"{sample.split('_', 1)[0]}.cart"
-
-        for location in self.locations:
-            p = [path for path in Path(location).rglob(sample)]
-            if len(p) == 1:
-                return p[0]
-
-        raise FileMissing(sample)
-
-    @staticmethod
-    def _generalize_result(result, temp_submission_data=None):
-        # Create a result for this file that contain generalized information for testing and
-        # detailed information as well so the service writter has a better idea of the impact
-        # of its changes to the service output.
-        generalized_results = {
-            "files": {
-                "extracted": sorted(
-                    [{"name": x["name"], "sha256": x["sha256"]}
-                     for x in result.get("response", {}).get("extracted", [])], key=lambda x: x["sha256"]
-                ),
-                "supplementary": sorted(
-                    [{"name": x["name"], "sha256": x["sha256"]}
-                     for x in result.get("response", {}).get("supplementary", [])], key=lambda x: x["sha256"]
-                )
-            },
-            "results": {
-                "heuristics": [],
-                "tags": {},
-                "temp_submission_data": temp_submission_data
-            },
-            "extra": {
-                "sections": [],
-                "score": result.get("result", {}).get('score', 0),
-                "drop_file": result.get("drop", False)
-            }
-        }
-
-        # Parse sections
-        for section in result.get("result", {}).get("sections", []):
-
-            # Add section to extras (This will not be tested)
-            generalized_results['extra']['sections'].append(section)
-
-            # Parse Heuristics
-            heuristic = section.get('heuristic', None)
-            sigs = []
-            heur_id = None
-            if heuristic:
-                sigs = list(heuristic['signatures'].keys())
-                heur_id = heuristic['heur_id']
-                generalized_results["results"]["heuristics"].append(
-                    {
-                        "heur_id": heur_id,
-                        "attack_ids": heuristic['attack_ids'],
-                        'signatures': sigs
-                    }
-                )
-            # Sort Heuristics
-            generalized_results["results"]["heuristics"] = \
-                sorted(generalized_results["results"]["heuristics"], key=lambda x: x["heur_id"])
-
-            # Parse tags
-            for k, v in flatten(section.get("tags", {})).items():
-                generalized_results["results"]["tags"].setdefault(k, [])
-                for tag in v:
-                    generalized_results["results"]["tags"][k].append({
-                        "value": tag,
-                        "heur_id": heur_id,
-                        "signatures": sigs
-                    })
-            # Sort Tags
-            for k, v in generalized_results["results"]["tags"].items():
-                try:
-                    generalized_results["results"]["tags"][k] = sorted(v, key=lambda x: x["value"])
-                except TypeError:
-                    # Sorting for list with different types: https://stackoverflow.com/a/68416981
-                    type_weights = {}
-                    for element in v:
-                        if type(element["value"]) not in type_weights:
-                            type_weights[type(element["value"])] = len(type_weights)
-
-                    generalized_results["results"]["tags"][k] = sorted(
-                        v, key=lambda x: (type_weights[type(x["value"])], str(x["value"]))
-                    )
-
-        return generalized_results
-
-    def _execute_sample(self, sample, save=False, save_files=False):
-        file_path = os.path.join("/tmp", sample.split('_', 1)[0])
-        cls = None
-
-        try:
-            # Find and unpack sample
-            sample_path = self._find_sample(sample)
-            unpack_file(sample_path, file_path)
-
-            # Load optional submission parameters
-            params_file = os.path.join(self.result_folder, sample, 'params.json')
-            if os.path.exists(params_file):
-                params = json.load(open(params_file))
-            else:
-                params = {}
-
-            # Initialize service class
-            cls = self.service_class(params.get('config', {}))
-            cls.start()
-
-            # Create the service request
-            task = Task(self._create_service_task(file_path, params))
-            service_request = ServiceRequest(task)
-            cls._working_directory = task.working_directory
-
-            # Execute the service
-            cls.execute(service_request)
-
-            # Get results from the scan
-            results = self._generalize_result(task.get_service_result(), task.temp_submission_data)
-
-            # Save results if needs be
-            if save:
-                # If we are re-writing the results, validate that the heuristics raised were meant for the sample
-                for heuristic in results["results"]["heuristics"]:
-                    if not re.match(self.heuristics[heuristic["heur_id"]].filetype, task.file_type):
-                        raise HeuristicFiletypeMismatch(
-                            (
-                                f"Tried to raise Heuristic {heuristic['heur_id']} "
-                                f"({self.heuristics[heuristic['heur_id']].filetype}) for filetype {task.file_type}"
-                            )
-                        )
-
-                # Save results
-                result_json = os.path.join(self.result_folder, sample, 'result.json')
-                json.dump(results, open(result_json, 'w'), indent=2, allow_nan=False, sort_keys=True)
-
-                if save_files:
-                    # Cleanup old extracted and supplementary
-                    extracted_dir = os.path.join(self.result_folder, sample, 'extracted')
-                    supplementary_dir = os.path.join(self.result_folder, sample, 'supplementary')
-                    if os.path.exists(extracted_dir):
-                        shutil.rmtree(extracted_dir)
-                    if os.path.exists(supplementary_dir):
-                        shutil.rmtree(supplementary_dir)
-
-                    # Save extracted files
-                    for ext in task.extracted:
-                        target_file = os.path.join(self.result_folder, sample, 'extracted', ext['name'])
-                        os.makedirs(os.path.dirname(target_file), exist_ok=True)
-                        shutil.move(ext['path'], target_file)
-
-                    # Save supplementary files
-                    for ext in task.supplementary:
-                        target_file = os.path.join(self.result_folder, sample, 'supplementary', ext['name'])
-                        os.makedirs(os.path.dirname(target_file), exist_ok=True)
-                        shutil.move(ext['path'], target_file)
-
-            return results
-        finally:
-            # Cleanup files
-            if cls:
-                if os.path.exists(cls.working_directory):
-                    shutil.rmtree(cls.working_directory)
-                cls._cleanup()
-            if os.path.exists(file_path):
-                os.remove(file_path)
-
-    def result_list(self):
-        return [f for f in os.listdir(self.result_folder)
-                if len(f.split("_")[0]) == 64 and os.path.isdir(os.path.join(self.result_folder, f))]
-
-    def compare_sample_results(self, sample, test_extra=False):
-        ih = IssueHelper()
-        original_results_file = os.path.join(self.result_folder, sample, 'result.json')
-
-        if os.path.exists(original_results_file):
-            original_results = json.load(open(original_results_file))
-            results = self._execute_sample(sample)
-
-            # Compile the list of issues between the two results
-            # Test extra results
-            if test_extra and original_results.get('extra', None) != results.get('extra', None):
-                ih.add_issue(ih.TYPE_EXTRA, ih.ACTION_CHANGED, "Extra results have changed.")
-
-            # Extracted files
-            self._file_compare(
-                ih, ih.TYPE_EXTRACTED, original_results['files']['extracted'],
-                results['files']['extracted'])
-            # Supplementary files
-            self._file_compare(ih, ih.TYPE_SUPPLEMENTARY, original_results['files']['supplementary'],
-                               results['files']['supplementary'])
-            # Heuristics triggered
-            self._heuristic_compare(ih, original_results['results']['heuristics'], results['results']['heuristics'])
-            # Tags generated
-            self._tag_compare(ih, original_results['results']['tags'], results['results']['tags'])
-            # Temp submission data generated
-            self._temp_data_compare(
-                ih, original_results['results']['temp_submission_data'],
-                results['results']['temp_submission_data'])
-        else:
-            ih.append(f"Original result file missing for sample: {sample}")
-
-        return ih
-
-    def run_test_comparison(self, sample, test_extra=False):
-        # WARNING: This function is only to be run into a pytest context!
-        ih = self.compare_sample_results(sample, test_extra=test_extra)
-        if ih.has_issues():
-            issues = ih.get_issue_list()
-            issues.insert(0, "")
-            pytest.fail("\n".join(issues))
-
-    @ staticmethod
-    def _heuristic_compare(ih: IssueHelper, original, new):
-        oh_map = {x['heur_id']: x for x in original}
-        nh_map = {x['heur_id']: x for x in new}
-        for heur_id, heur in oh_map.items():
-            if heur_id not in nh_map:
-                ih.add_issue(ih.TYPE_HEUR, ih.ACTION_MISSING, f"Heuristic #{heur_id} missing from results.")
-            else:
-                new_heur = nh_map[heur_id]
-                for attack_id in heur['attack_ids']:
-                    if attack_id not in new_heur['attack_ids']:
-                        ih.add_issue(ih.TYPE_HEUR, ih.ACTION_MISSING,
-                                     f"Attack ID '{attack_id}' missing from heuristic #{heur_id}.")
-                for signature in heur['signatures']:
-                    if signature not in new_heur['signatures']:
-                        ih.add_issue(ih.TYPE_HEUR, ih.ACTION_MISSING,
-                                     f"Signature '{signature}' missing from heuristic #{heur_id}.")
-
-                for attack_id in new_heur['attack_ids']:
-                    if attack_id not in heur['attack_ids']:
-                        ih.add_issue(ih.TYPE_HEUR, ih.ACTION_ADDED,
-                                     f"Attack ID '{attack_id}' added to heuristic #{heur_id}.")
-                for signature in new_heur['signatures']:
-                    if signature not in heur['signatures']:
-                        ih.add_issue(ih.TYPE_HEUR, ih.ACTION_ADDED,
-                                     f"Signature '{signature}' added to heuristic #{heur_id}.")
-
-        for heur_id in nh_map.keys():
-            if heur_id not in oh_map:
-                ih.add_issue(ih.TYPE_HEUR, ih.ACTION_ADDED, f"Heuristic #{heur_id} added to results.")
-
-    @ staticmethod
-    def _tag_compare(ih: IssueHelper, original, new):
-        for tag_type, tags in original.items():
-            if tag_type not in new:
-                for t in tags:
-                    ih.add_issue(ih.TYPE_TAGS, ih.ACTION_MISSING,
-                                 f"Tag '{t['value']} [{tag_type}]' missing from the results.")
-            else:
-                otm = {x['value']: x for x in tags}
-                ntm = {x['value']: x for x in new[tag_type]}
-                for v, tag in otm.items():
-                    if v not in ntm:
-                        ih.add_issue(ih.TYPE_TAGS, ih.ACTION_MISSING,
-                                     f"Tag '{v} [{tag_type}]' missing from the results.")
-                    else:
-                        new_tag = ntm[v]
-                        if tag['heur_id'] != new_tag['heur_id']:
-                            ih.add_issue(
-                                ih.TYPE_TAGS, ih.ACTION_CHANGED,
-                                (
-                                    f"Heuristic ID for tag '{v} [{tag_type}]' has changed "
-                                    f"from {tag['heur_id']} to {new_tag['heur_id']}."
-                                )
-                            )
-                        if tag['signatures'] != new_tag['signatures']:
-                            ih.add_issue(
-                                ih.TYPE_TAGS, ih.ACTION_CHANGED,
-                                (
-                                    f"Associated signatures for tag '{v} [{tag_type}]' have changed "
-                                    f"from {tag['signatures']} to {new_tag['signatures']}."
-                                )
-                            )
-
-                for v in ntm.keys():
-                    if v not in otm:
-                        ih.add_issue(ih.TYPE_TAGS, ih.ACTION_ADDED, f"Tag '{v} [{tag_type}]' added to results.")
-
-        for tag_type, tags in new.items():
-            if tag_type not in original:
-                for t in tags:
-                    ih.add_issue(ih.TYPE_TAGS, ih.ACTION_ADDED,
-                                 f"Tag '{t['value']} [{tag_type}]' added to the results.")
-
-    @ staticmethod
-    def _temp_data_compare(ih: IssueHelper, original, new):
-        for k, v in original.items():
-            if k not in new:
-                ih.add_issue(ih.TYPE_TEMP, ih.ACTION_MISSING,
-                             f"Temporary submission data with key '{k}' is missing from the results.")
-            elif v != new[k]:
-                ih.add_issue(ih.TYPE_TEMP, ih.ACTION_CHANGED,
-                             f"Value of temporary submission data with key '{k}' has changed.")
-
-        for k, v in new.items():
-            if k not in original:
-                ih.add_issue(ih.TYPE_TEMP, ih.ACTION_ADDED,
-                             f"Temporary submission data with key '{k}' was added to the results.")
-
-    @ staticmethod
-    def _file_compare(ih: IssueHelper, f_type, original, new):
-        oh_map = {x['sha256']: x['name'] for x in original}
-        on_map = {x['name']: x['sha256'] for x in original}
-        nh_map = {x['sha256']: x['name'] for x in new}
-        nn_map = {x['name']: x['sha256'] for x in new}
-
-        for sha256, name in oh_map.items():
-            if sha256 not in nh_map:
-                if name not in nn_map:
-                    ih.add_issue(f_type, ih.ACTION_MISSING, f"File '{name} [{sha256}]' missing from the file list.")
-                    continue
-
-                if sha256 != nn_map[name]:
-                    ih.add_issue(
-                        f_type,
-                        ih.ACTION_CHANGED,
-                        f"The sha256 of the file '{name}' has changed. {sha256} -> {nn_map[name]}"
-                    )
-                    continue
-
-            if name != nh_map[sha256]:
-                ih.add_issue(
-                    f_type,
-                    ih.ACTION_CHANGED,
-                    f"The name of the file '{sha256}' has changed. {name} -> {nh_map[sha256]}"
-                )
-                continue
-
-        for sha256, name in nh_map.items():
-            if sha256 not in oh_map and name not in on_map:
-                ih.add_issue(f_type, ih.ACTION_ADDED, f"File '{name} [{sha256}]' added to the file list.")
-
-    def regenerate_results(self, save_files=False, sample_sha256=""):
-        for f in self.result_list():
-            if sample_sha256 and f != sample_sha256:
-                print(f"{sample_sha256} requested. Skipping {f}...")
-                continue
-            try:
-                print(f"Executing {f}")
-                self._execute_sample(f, save=True, save_files=save_files)
-            except FileMissing:
-                print(f"[W] File {f} was not found in any of the following locations: {', '.join(self.locations)}")
diff --git a/assemblyline_v4_service/testing/regenerate_results.py b/assemblyline_v4_service/testing/regenerate_results.py
deleted file mode 100644
index 865f26ef..00000000
--- a/assemblyline_v4_service/testing/regenerate_results.py
+++ /dev/null
@@ -1,37 +0,0 @@
-import os
-
-from assemblyline.common.importing import load_module_by_path
-from assemblyline_v4_service.testing.helper import TestHelper
-
-required_env = [
-    'SERVICE_MANIFEST_PATH',
-    'SERVICE_TESTING_RESULT_FOLDER',
-    'SERVICE_PATH'
-]
-
-optional_env = [
-    'SERVICE_TESTING_EXTRA_SAMPLE_FOLDER',
-    'FULL_SAMPLES_LOCATION',
-    'SERVICE_TESTING_SAVE_FILES'
-]
-
-
-def run():
-    for env in required_env:
-        if os.environ.get(env, None) is None:
-            print(f"[E] You must set {env} environement variable.")
-            exit(1)
-
-    for env in optional_env:
-        if os.environ.get(env, None) is None:
-            print(f"[W] {env} environement variable is not set, it should probably be...")
-
-    th = TestHelper(load_module_by_path(os.environ['SERVICE_PATH']),
-                    os.environ['SERVICE_TESTING_RESULT_FOLDER'],
-                    os.environ.get('SERVICE_TESTING_EXTRA_SAMPLE_FOLDER', None))
-    save_files = os.environ.get('SERVICE_TESTING_SAVE_FILES', 'false').lower() == 'true'
-    th.regenerate_results(save_files=save_files)
-
-
-if __name__ == "__main__":
-    run()
diff --git a/test/requirements.txt b/test/requirements.txt
deleted file mode 100644
index 12136494..00000000
--- a/test/requirements.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-pytest
-pytest-mock
diff --git a/test/test_dynamic_service_helper.py b/test/test_dynamic_service_helper.py
deleted file mode 100644
index 1820dcc8..00000000
--- a/test/test_dynamic_service_helper.py
+++ /dev/null
@@ -1,9396 +0,0 @@
-import os
-from uuid import UUID
-
-import pytest
-
-SERVICE_CONFIG_NAME = "service_manifest.yml"
-TEMP_SERVICE_CONFIG_PATH = os.path.join("/tmp", SERVICE_CONFIG_NAME)
-
-
-from assemblyline_v4_service.common.dynamic_service_helper import (HOLLOWSHUNTER_TITLE, Artifact, Attribute,
-                                                                   NetworkConnection, NetworkDNS, NetworkHTTP, ObjectID,
-                                                                   OntologyResults, Process, Sandbox, Signature,
-                                                                   convert_sysmon_network, convert_sysmon_processes,
-                                                                   extract_iocs_from_text_blob, set_optional_argument,
-                                                                   set_required_argument, update_object_items)
-
-
-def setup_module():
-    if not os.path.exists(TEMP_SERVICE_CONFIG_PATH):
-        open_manifest = open(TEMP_SERVICE_CONFIG_PATH, "w")
-        open_manifest.write(
-            "name: Sample\nversion: sample\ndocker_config: \n  image: sample\nheuristics:\n  - heur_id: 17\n"
-            "    name: blah\n    description: blah\n    filetype: '*'\n    score: 250"
-        )
-        open_manifest.close()
-
-
-def teardown_module():
-    if os.path.exists(TEMP_SERVICE_CONFIG_PATH):
-        os.remove(TEMP_SERVICE_CONFIG_PATH)
-
-
-def check_section_equality(this, that) -> bool:
-    # Recursive method to check equality of result section and nested sections
-
-    # Heuristics also need their own equality checks
-    if this.heuristic and that.heuristic:
-        result_heuristic_equality = (
-            this.heuristic.attack_ids == that.heuristic.attack_ids
-            and this.heuristic.frequency == that.heuristic.frequency
-            and this.heuristic.heur_id == that.heuristic.heur_id
-            and this.heuristic.score == that.heuristic.score
-            and this.heuristic.score_map == that.heuristic.score_map
-            and this.heuristic.signatures == that.heuristic.signatures
-        )
-
-    elif not this.heuristic and not that.heuristic:
-        result_heuristic_equality = True
-    else:
-        result_heuristic_equality = False
-
-    # Assuming we are given the "root section" at all times, it is safe to say that we don't need to confirm parent
-    current_section_equality = (
-        result_heuristic_equality
-        and this.body == that.body
-        and this.body_format == that.body_format
-        and this.classification == that.classification
-        and this.depth == that.depth
-        and len(this.subsections) == len(that.subsections)
-        and this.title_text == that.title_text
-    )
-
-    if not current_section_equality:
-        return False
-
-    for index, subsection in enumerate(this.subsections):
-        subsection_equality = check_section_equality(
-            subsection, that.subsections[index]
-        )
-        if not subsection_equality:
-            return False
-
-    return True
-
-
-@pytest.fixture
-def dummy_object_class():
-    class DummyObject:
-        def __init__(self, id=None) -> None:
-            self.id = id
-
-    yield DummyObject
-
-
-@pytest.fixture
-def dummy_timestamp_class():
-    class DummyEvent:
-        class DummyObjectID:
-            def __init__(self, item):
-                self.time_observed = item.get("time_observed")
-                self.guid = item.get("guid")
-
-        def __init__(self, item):
-            self.objectid = self.DummyObjectID(item.get("objectid", {}))
-            self.pobjectid = self.DummyObjectID(item.get("pobjectid", {}))
-
-    yield DummyEvent
-
-
-@pytest.fixture
-def dummy_task_class():
-    class DummyTask:
-        def __init__(self):
-            self.supplementary = []
-            self.extracted = []
-
-    yield DummyTask
-
-
-@pytest.fixture
-def dummy_request_class(dummy_task_class):
-    class DummyRequest(dict):
-        def __init__(self):
-            super(DummyRequest, self).__init__()
-            self.task = dummy_task_class()
-            self.extracted = self.task.extracted
-
-        def add_supplementary(self, path, name, description):
-            self.task.supplementary.append(
-                {"path": path, "name": name, "description": description}
-            )
-
-        def add_extracted(self, path, name, description):
-            self.task.extracted.append(
-                {"path": path, "name": name, "description": description}
-            )
-
-    yield DummyRequest
-
-
-class TestModule:
-    @staticmethod
-    def test_set_required_argument(dummy_object_class):
-        dummy = dummy_object_class()
-        with pytest.raises(ValueError):
-            set_required_argument(dummy, "id", None, str)
-
-        with pytest.raises(ValueError):
-            set_required_argument(dummy, "id", "", str)
-
-        with pytest.raises(TypeError):
-            set_required_argument(dummy, "id", 1, str)
-
-        set_required_argument(dummy, "id", "blah", str)
-        assert dummy.id == "blah"
-
-    @staticmethod
-    def test_set_optional_argument(dummy_object_class):
-        dummy = dummy_object_class()
-        set_optional_argument(dummy, "id", None, str)
-        assert dummy.id == None
-
-        with pytest.raises(ValueError):
-            set_optional_argument(dummy, "id", "", str)
-
-        with pytest.raises(TypeError):
-            set_optional_argument(dummy, "id", 1, str)
-
-        set_optional_argument(dummy, "id", "blah", str)
-        assert dummy.id == "blah"
-
-    @staticmethod
-    def test_update_object_items(dummy_object_class):
-        dummy = dummy_object_class()
-        update_object_items(
-            dummy, {"id": "blah", "something": "blah", "blah": None, "blahblah": ""}
-        )
-        assert dummy.id == "blah"
-        assert dummy.__dict__ == {"id": "blah"}
-        assert update_object_items(dummy, {"id": None}) is None
-
-
-class TestArtifact:
-    @staticmethod
-    @pytest.mark.parametrize(
-        "name, path, description, to_be_extracted",
-        [
-            (None, None, None, None),
-            ("blah", "blah", "blah", True),
-            ("blah", "blah", "blah", False),
-        ],
-    )
-    def test_artifact_init(name, path, description, to_be_extracted):
-        if any(item is None for item in [name, path, description, to_be_extracted]):
-            with pytest.raises(Exception):
-                Artifact(
-                    name=name,
-                    path=path,
-                    description=description,
-                    to_be_extracted=to_be_extracted,
-                )
-            return
-        a = Artifact(
-            name=name,
-            path=path,
-            description=description,
-            to_be_extracted=to_be_extracted,
-        )
-        assert a.name == name
-        assert a.path == path
-        assert a.description == description
-        assert a.to_be_extracted == to_be_extracted
-
-    @staticmethod
-    def test_artifact_as_primitives():
-        a = Artifact(
-            name="blah", path="blah", description="blah", to_be_extracted="blah", sha256="blah"
-        )
-        assert a.as_primitives() == {
-            "name": "blah",
-            "path": "blah",
-            "description": "blah",
-            "to_be_extracted": "blah",
-            "sha256": "blah",
-        }
-
-
-class TestObjectID:
-    @staticmethod
-    def test_objectid_init():
-        # Enforce positional arguments requirements
-        with pytest.raises(TypeError):
-            ObjectID()
-
-        with pytest.raises(TypeError):
-            ObjectID(tag="blah")
-
-        with pytest.raises(ValueError):
-            ObjectID(tag="blah", ontology_id="blah")
-
-        default_oid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        assert default_oid.tag == "blah"
-        assert default_oid.ontology_id == "blah"
-        assert default_oid.service_name == "blah"
-        assert default_oid.guid is None
-        assert default_oid.treeid is None
-        assert default_oid.processtree is None
-        assert default_oid.time_observed is None
-        assert default_oid.session is None
-
-        set_oid = ObjectID(
-            tag="blah",
-            ontology_id="blah",
-            service_name="blah",
-            guid="{12345678-1234-5678-1234-567812345678}",
-            treeid="blah",
-            processtree="blah",
-            time_observed="1970-01-01 00:00:01,000",
-            session="blah",
-        )
-
-        assert set_oid.tag == "blah"
-        assert set_oid.ontology_id == "blah"
-        assert set_oid.service_name == "blah"
-        assert set_oid.guid == "{12345678-1234-5678-1234-567812345678}"
-        assert set_oid.treeid == "blah"
-        assert set_oid.processtree == "blah"
-        assert set_oid.time_observed == "1970-01-01 00:00:01,000"
-        assert set_oid.session == "blah"
-
-    @staticmethod
-    def test_objectid_as_primitives():
-        default_oid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        assert default_oid.as_primitives() == {
-            "tag": "blah",
-            "ontology_id": "blah",
-            "service_name": "blah",
-            "guid": None,
-            "treeid": None,
-            "processtree": None,
-            "time_observed": None,
-            "session": None,
-        }
-
-    @staticmethod
-    def test_set_tag():
-        oid = ObjectID(tag="yaba", ontology_id="blah", service_name="blah")
-        oid.set_tag("blah")
-        assert oid.tag == "blah"
-
-        oid.set_tag(None)
-        assert oid.tag == "blah"
-
-        oid.set_tag("")
-        assert oid.tag == "blah"
-
-        oid.set_tag(1.0)
-        assert oid.tag == "blah"
-
-    @staticmethod
-    def test_set_time_observed():
-        oid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        oid.set_time_observed("1970-01-01 00:00:01")
-        assert oid.time_observed == "1970-01-01 00:00:01"
-
-        with pytest.raises(ValueError):
-            oid.set_time_observed(None)
-
-        with pytest.raises(ValueError):
-            oid.set_time_observed("blah")
-
-        with pytest.raises(TypeError):
-            oid.set_time_observed(1.0)
-
-        oid.set_time_observed("1970-01-01 00:00:02")
-        assert oid.time_observed == "1970-01-01 00:00:02"
-
-
-class TestProcess:
-    @staticmethod
-    def test_process_init():
-        current_pid = 2
-        current_ppid = 1
-        current_image = "blah"
-        current_command_line = "blah"
-        current_oid = "blah1"
-
-        parent_image = "blah"
-        parent_oid = "blah2"
-
-        current_objectid = ObjectID(
-            tag="blah", ontology_id=current_oid, service_name="blah"
-        )
-        current_p = Process(
-            objectid=current_objectid,
-            image=current_image,
-            start_time="1970-01-01 00:00:01.001",
-            pid=current_pid,
-            ppid=current_ppid,
-            command_line=current_command_line,
-        )
-        assert current_p.objectid == current_objectid
-        assert current_p.pobjectid is None
-        assert current_p.pimage is None
-        assert current_p.pcommand_line is None
-        assert current_p.ppid == 1
-        assert current_p.pid == 2
-        assert current_p.image == current_image
-        assert current_p.command_line == current_command_line
-        assert current_p.start_time == "1970-01-01 00:00:01.001"
-        assert current_p.end_time is None
-        assert current_p.integrity_level is None
-        assert current_p.image_hash is None
-        assert current_p.original_file_name is None
-
-        pobjectid = ObjectID(
-            tag="blah",
-            ontology_id=parent_oid,
-            service_name="blah",
-        )
-
-        set_p1 = Process(
-            objectid=current_objectid,
-            image=current_image,
-            start_time="1970-01-01 00:00:01.001",
-            pobjectid=pobjectid,
-            pimage=parent_image,
-            pcommand_line="C:\\Windows\\System32\\cmd.exe -m bad.exe",
-            ppid=123,
-            pid=124,
-            command_line="C:\\Windows\\System32\\cmd.exe -m bad.exe",
-            end_time="1970-01-01 00:00:01.001",
-            integrity_level="BLAH",
-            image_hash="blah",
-            original_file_name="blah",
-        )
-
-        assert set_p1.objectid == current_objectid
-        assert set_p1.image == current_image
-        assert set_p1.start_time == "1970-01-01 00:00:01.001"
-        assert set_p1.pobjectid == pobjectid
-        assert set_p1.pimage == parent_image
-        assert set_p1.pcommand_line == "C:\\Windows\\System32\\cmd.exe -m bad.exe"
-        assert set_p1.ppid == 123
-        assert set_p1.pid == 124
-        assert set_p1.command_line == "C:\\Windows\\System32\\cmd.exe -m bad.exe"
-        assert set_p1.end_time == "1970-01-01 00:00:01.001"
-        assert set_p1.integrity_level == "blah"
-        assert set_p1.image_hash == "blah"
-        assert set_p1.original_file_name == "blah"
-
-        with pytest.raises(ValueError):
-            Process(
-                objectid=current_objectid,
-                image=current_image,
-                start_time="1970-01-01 00:00:01.001",
-                pid=123,
-                ppid=123,
-            )
-
-        with pytest.raises(ValueError):
-            Process(
-                objectid=current_objectid,
-                image=current_image,
-                start_time="1970-01-01 00:00:02.001",
-                end_time="1970-01-01 00:00:01.001",
-            )
-
-    @staticmethod
-    def test_process_as_primitives():
-        current_image = "blah"
-        current_oid = "blah1"
-
-        current_objectid = ObjectID(
-            tag="blah", ontology_id=current_oid, service_name="blah"
-        )
-        p = Process(
-            objectid=current_objectid,
-            image=current_image,
-            start_time="1970-01-01 00:00:01.001",
-        )
-        assert p.as_primitives() == {
-            "objectid": {
-                "tag": "blah",
-                "ontology_id": current_oid,
-                "service_name": "blah",
-                "guid": None,
-                "treeid": None,
-                "processtree": None,
-                "time_observed": "1970-01-01 00:00:01.001",
-                "session": None,
-            },
-            "pobjectid": None,
-            "pimage": None,
-            "pcommand_line": None,
-            "ppid": None,
-            "pid": None,
-            "image": current_image,
-            "command_line": None,
-            "start_time": "1970-01-01 00:00:01.001",
-            "end_time": None,
-            "integrity_level": None,
-            "image_hash": None,
-            "original_file_name": None,
-        }
-
-    @staticmethod
-    def test_process_update():
-        current_image = "blah"
-        current_oid = "blah1"
-
-        current_objectid = ObjectID(
-            tag="blah", ontology_id=current_oid, service_name="blah"
-        )
-        p = Process(
-            objectid=current_objectid,
-            image=current_image,
-            start_time="1970-01-01 00:00:01.001",
-        )
-
-        p.update(image=None)
-        assert p.image == current_image
-
-        p.update(
-            objectid={
-                "guid": "{12345678-1234-5678-1234-567812345679}",
-                "treeid": "blah",
-                "processtree": "blah",
-                "time_observed": "1970-01-01 00:00:01.002",
-            }
-        )
-        assert p.objectid.guid == "{12345678-1234-5678-1234-567812345679}"
-        assert p.objectid.treeid == "blah"
-        assert p.objectid.processtree == "blah"
-        assert p.objectid.time_observed == "1970-01-01 00:00:01.001"
-
-        p.update(command_line="C:\\program files\\blah")
-        assert p.command_line == "C:\\program files\\blah"
-
-        p.update(
-            pobjectid={
-                "guid": "{12345678-1234-5678-1234-567812345679}",
-                "tag": "blah",
-                "treeid": "blah",
-                "processtree": "blah",
-                "time_observed": 1,
-                "ontology_id": "blah",
-                "service_name": "blah",
-            }
-        )
-        assert p.pobjectid.guid == "{12345678-1234-5678-1234-567812345679}"
-        assert p.pobjectid.tag == "blah"
-        assert p.pobjectid.treeid == "blah"
-        assert p.pobjectid.processtree == "blah"
-        assert p.pobjectid.time_observed == 1
-
-        p = Process(
-            objectid=current_objectid,
-            image=current_image,
-            start_time="1970-01-01 00:00:01.001",
-        )
-        pobjectid = ObjectID(
-            guid="{12345678-1234-5678-1234-567812345678}",
-            tag="blah2",
-            treeid="blah2",
-            processtree="blah2",
-            time_observed="1970-01-01 00:00:01.001",
-            ontology_id="blah",
-            service_name="blah",
-        )
-        p.update(pobjectid=pobjectid)
-        assert p.pobjectid.guid == "{12345678-1234-5678-1234-567812345678}"
-        assert p.pobjectid.tag == "blah2"
-        assert p.pobjectid.treeid == "blah2"
-        assert p.pobjectid.processtree == "blah2"
-        assert p.pobjectid.time_observed == "1970-01-01 00:00:01.001"
-
-        p.update(pimage="C:\\program files\\blah")
-        assert p.pimage == "C:\\program files\\blah"
-
-        p.update(integrity_level="BLAH")
-        assert p.integrity_level == "blah"
-
-    @staticmethod
-    def test_set_parent():
-        current_image = "blah"
-        current_oid = "blah1"
-        current_objectid = ObjectID(
-            tag="blah", ontology_id=current_oid, service_name="blah"
-        )
-
-        parent_image = "blah"
-        parent_oid = "blah2"
-        parent_objectid = ObjectID(
-            tag="blah", ontology_id=parent_oid, service_name="blah"
-        )
-        child_p1 = Process(
-            objectid=current_objectid,
-            image=current_image,
-            start_time="1970-01-01 00:00:01.001",
-        )
-        parent_p1 = Process(
-            objectid=parent_objectid,
-            image=parent_image,
-            start_time="1970-01-01 00:00:01.001",
-            command_line="blah",
-            pid=123,
-        )
-        child_p1.set_parent(parent_p1)
-
-        assert child_p1.pobjectid.guid == parent_p1.objectid.guid
-        assert child_p1.pobjectid.tag == parent_p1.objectid.tag
-        assert child_p1.pobjectid.treeid == parent_p1.objectid.treeid
-        assert child_p1.pobjectid.processtree == parent_p1.objectid.processtree
-        assert child_p1.pobjectid.time_observed == parent_p1.objectid.time_observed
-        assert child_p1.pimage == parent_p1.image
-        assert child_p1.pcommand_line == parent_p1.command_line
-        assert child_p1.ppid == parent_p1.pid
-
-        child_p2 = Process(
-            objectid=current_objectid,
-            image=current_image,
-            start_time="1970-01-01 00:00:01.001",
-            pcommand_line="blah",
-        )
-        parent_p2 = Process(
-            objectid=parent_objectid,
-            image=parent_image,
-            start_time="1970-01-01 00:00:01.001",
-            command_line="blahblah",
-            pid=123,
-        )
-        child_p2.set_parent(parent_p2)
-
-        assert child_p2.pobjectid.guid == parent_p2.objectid.guid
-        assert child_p2.pobjectid.tag == parent_p2.objectid.tag
-        assert child_p2.pobjectid.treeid == parent_p2.objectid.treeid
-        assert child_p2.pobjectid.processtree == parent_p2.objectid.processtree
-        assert child_p2.pobjectid.time_observed == parent_p2.objectid.time_observed
-        assert child_p2.pimage == parent_p2.image
-        assert child_p2.pcommand_line == "blah"
-        assert child_p2.ppid == parent_p2.pid
-
-    @staticmethod
-    def test_set_start_time():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        p = Process(
-            objectid=current_objectid,
-            image="blah",
-            start_time="1970-01-01 00:00:00.001",
-        )
-        p.set_start_time("1970-01-01 00:00:01.001")
-        assert p.start_time == "1970-01-01 00:00:01.001"
-
-    @staticmethod
-    def test_set_end_time():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        p = Process(
-            objectid=current_objectid,
-            image="blah",
-            start_time="1970-01-01 00:00:00.001",
-        )
-        p.set_end_time("1970-01-01 00:00:01.001")
-        assert p.end_time == "1970-01-01 00:00:01.001"
-
-    @staticmethod
-    def test_is_guid_a_match():
-        current_objectid = ObjectID(
-            tag="blah",
-            ontology_id="blah",
-            service_name="blah",
-            guid="{12345678-1234-5678-1234-567812345678}",
-        )
-        p = Process(
-            objectid=current_objectid,
-            image="blah",
-            start_time="1970-01-01 00:00:00.001",
-        )
-        assert p.is_guid_a_match("{12345678-1234-5678-1234-567812345678}")
-        assert not p.is_guid_a_match("{12345678-1234-5678-1234-567812345670}")
-
-    @staticmethod
-    def test_set_objectid_tag():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        p = Process(
-            objectid=current_objectid,
-            image="blah",
-            start_time="1970-01-01 00:00:00.001",
-        )
-        p.set_objectid_tag("C:\\program files\\blah")
-        assert p.objectid.tag == "?pf86\\blah"
-
-    @staticmethod
-    def test_create_objectid_tag():
-        tag = Process.create_objectid_tag("C:\\program files\\blah")
-        assert tag == "?pf86\\blah"
-
-    @staticmethod
-    def test_set_pobjectid_tag():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        p = Process(
-            objectid=current_objectid,
-            image="blah",
-            start_time="1970-01-01 00:00:00.001",
-        )
-
-        p.set_pobjectid_tag("")
-        assert p.pobjectid is None
-
-        assert p.pobjectid is None
-
-        parent_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        p = Process(
-            objectid=current_objectid,
-            image="blah",
-            start_time="1970-01-01 00:00:00.001",
-            pobjectid=parent_objectid,
-        )
-        p.set_pobjectid_tag("C:\\program files\\blah")
-        assert p.pobjectid.tag == "?pf86\\blah"
-
-    @staticmethod
-    def test_process_update_objectid():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        p = Process(
-            objectid=current_objectid, image="blah", start_time="1970-01-01 00:00:00"
-        )
-        p.update_objectid()
-        assert p.objectid.tag == "blah"
-        assert p.objectid.ontology_id == "blah"
-        assert p.objectid.service_name == "blah"
-        assert p.objectid.guid is None
-        assert p.objectid.treeid is None
-        assert p.objectid.processtree is None
-        assert p.objectid.time_observed == "1970-01-01 00:00:00"
-        assert p.objectid.session is None
-
-        p.update_objectid(
-            guid="{12345678-1234-5678-1234-567812345678}",
-            tag="blah",
-            treeid="blah",
-            processtree="blah",
-            time_observed="1970-01-01 00:00:02",
-            session="blah",
-        )
-
-        assert p.objectid.tag == "blah"
-        assert p.objectid.ontology_id == "blah"
-        assert p.objectid.service_name == "blah"
-        assert p.objectid.guid == "{12345678-1234-5678-1234-567812345678}"
-        assert p.objectid.treeid == "blah"
-        assert p.objectid.processtree == "blah"
-        assert p.objectid.time_observed == "1970-01-01 00:00:00"
-        assert p.objectid.session == "blah"
-
-    @staticmethod
-    def test_process_update_pobjectid():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        p = Process(
-            objectid=current_objectid, image="blah", start_time="1970-01-01 00:00:00"
-        )
-        p.update_pobjectid()
-        assert p.pobjectid is None
-
-        p.update_pobjectid(
-            guid="{12345678-1234-5678-1234-567812345678}",
-            tag="blah",
-            treeid="blah",
-            processtree="blah",
-            time_observed="1970-01-01 00:00:00",
-            session="blah",
-        )
-        assert p.pobjectid is None
-
-        p.update_pobjectid(
-            guid="{12345678-1234-5678-1234-567812345678}",
-            tag="blah",
-            ontology_id="blah",
-            service_name="blah",
-            treeid="blah",
-            processtree="blah",
-            time_observed="1970-01-01 00:00:02",
-            session="blah",
-        )
-        assert p.pobjectid.guid == "{12345678-1234-5678-1234-567812345678}"
-        assert p.pobjectid.tag == "blah"
-        assert p.pobjectid.ontology_id == "blah"
-        assert p.pobjectid.service_name == "blah"
-        assert p.pobjectid.treeid == "blah"
-        assert p.pobjectid.processtree == "blah"
-        assert p.pobjectid.time_observed == "1970-01-01 00:00:02"
-        assert p.pobjectid.session == "blah"
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "path, expected_result",
-        [
-            ("blah", "x86"),
-            ("C:\\program files\\blah", "x86"),
-            ("C:\\program files (x86)\\blah", "x86_64"),
-            ("C:\\syswow64\\blah", "x86_64"),
-        ],
-    )
-    def test_determine_arch(path, expected_result):
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        p = Process(
-            objectid=current_objectid, image=path, start_time="1970-01-01 00:00:00.001"
-        )
-        actual_result = p._determine_arch(path)
-        assert actual_result == expected_result
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "path, rule, expected_result",
-        [
-            ("blah", {"pattern": "", "replacement": ""}, "blah"),
-            ("blah", {"pattern": "ah", "replacement": "ue"}, "blah"),
-            ("blah", {"pattern": "bl", "replacement": "y"}, "yah"),
-        ],
-    )
-    def test_pattern_substitution(path, rule, expected_result):
-        actual_result = Process._pattern_substitution(path, rule)
-        assert actual_result == expected_result
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "path, rule, expected_result",
-        [
-            ("blah", {"regex": "", "replacement": ""}, "blah"),
-            ("blah", {"regex": "bl*ah", "replacement": "bl"}, "blah"),
-            ("blah", {"regex": "\\bl*ah", "replacement": "bl"}, "blah"),
-            ("blaah", {"regex": "bl*ah", "replacement": "blue"}, "blue"),
-        ],
-    )
-    def test_regex_substitution(path, rule, expected_result):
-        actual_result = Process._regex_substitution(path, rule)
-        assert actual_result == expected_result
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "path, arch, expected_result",
-        [
-            ("blah", None, "blah"),
-            ("C:\\Program Files\\Word.exe", None, "?pf86\\word.exe"),
-            ("C:\\Program Files (x86)\\Word.exe", None, "?pf86\\word.exe"),
-            ("C:\\Program Files (x86)\\Word.exe", "x86_64", "?pf86\\word.exe"),
-            ("C:\\Windows\\System32\\Word.exe", None, "?sys32\\word.exe"),
-            ("C:\\Windows\\SysWow64\\Word.exe", None, "?sys32\\word.exe"),
-            ("C:\\Windows\\SysWow64\\Word.exe", "x86", "?win\\syswow64\\word.exe"),
-            ("C:\\Windows\\SysWow64\\Word.exe", "x86_64", "?sys32\\word.exe"),
-            (
-                "C:\\Users\\buddy\\AppData\\Local\\Temp\\Word.exe",
-                None,
-                "?usrtmp\\word.exe",
-            ),
-            ("C:\\Users\\buddy\\Word.exe", None, "?usr\\word.exe"),
-            ("%WINDIR%\\explorer.exe", None, "?win\\explorer.exe"),
-            ("%SAMPLEPATH%\\diagerr.exe", None, "?usrtmp\\diagerr.exe"),
-        ],
-    )
-    def test_normalize_path(path, arch, expected_result):
-        actual_result = Process._normalize_path(path, arch)
-        assert actual_result == expected_result
-
-
-class TestNetworkConnection:
-    @staticmethod
-    def test_network_connection_init():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        default_nc = NetworkConnection(
-            objectid=current_objectid,
-            destination_ip="1.1.1.1",
-            destination_port=1,
-            transport_layer_protocol="tcp",
-            direction="outbound",
-        )
-        assert default_nc.objectid == current_objectid
-        assert default_nc.destination_ip == "1.1.1.1"
-        assert default_nc.destination_port == 1
-        assert default_nc.transport_layer_protocol == "tcp"
-        assert default_nc.direction == "outbound"
-        assert default_nc.process is None
-        assert default_nc.source_ip is None
-        assert default_nc.source_port is None
-        assert default_nc.http_details is None
-        assert default_nc.dns_details is None
-        assert default_nc.connection_type is None
-
-        # Invalid transport_layer_protocol
-        with pytest.raises(ValueError):
-            NetworkConnection(
-                objectid=current_objectid,
-                destination_ip="1.1.1.1",
-                destination_port=1,
-                transport_layer_protocol="blah",
-                direction="outbound",
-            )
-
-        # Invalid direction
-        with pytest.raises(ValueError):
-            NetworkConnection(
-                objectid=current_objectid,
-                destination_ip="1.1.1.1",
-                destination_port=1,
-                transport_layer_protocol="tcp",
-                direction="blah",
-            )
-
-        http_details = NetworkHTTP(
-            request_uri="blah",
-            request_method="GET",
-        )
-
-        dns_details = NetworkDNS(domain="blah", resolved_ips=["blah"], lookup_type="A")
-
-        # Both http and dns details
-        with pytest.raises(ValueError):
-            NetworkConnection(
-                objectid=current_objectid,
-                destination_ip="1.1.1.1",
-                destination_port=1,
-                transport_layer_protocol="tcp",
-                direction="outbound",
-                http_details=http_details,
-                dns_details=dns_details,
-            )
-
-        p = Process(
-            objectid=current_objectid,
-            image="C:\\Windows\\System32\\cmd.exe",
-            start_time="1970-01-01 00:00:00.001",
-        )
-        nc_w_p = NetworkConnection(
-            objectid=current_objectid,
-            destination_ip="1.1.1.1",
-            destination_port=1,
-            transport_layer_protocol="tcp",
-            direction="outbound",
-            process=p,
-        )
-        assert nc_w_p.process.image == "C:\\Windows\\System32\\cmd.exe"
-
-        # http details but no connection type
-        with pytest.raises(ValueError):
-            NetworkConnection(
-                objectid=current_objectid,
-                destination_ip="1.1.1.1",
-                destination_port=1,
-                transport_layer_protocol="tcp",
-                direction="outbound",
-                http_details=http_details,
-            )
-
-        # dns details but no connection type
-        with pytest.raises(ValueError):
-            NetworkConnection(
-                objectid=current_objectid,
-                destination_ip="1.1.1.1",
-                destination_port=1,
-                transport_layer_protocol="tcp",
-                direction="outbound",
-                dns_details=dns_details,
-            )
-
-        # invalid connection type
-        with pytest.raises(ValueError):
-            NetworkConnection(
-                objectid=current_objectid,
-                destination_ip="1.1.1.1",
-                destination_port=1,
-                transport_layer_protocol="tcp",
-                direction="outbound",
-                connection_type="blah",
-            )
-
-        # http connection type without http details
-        with pytest.raises(ValueError):
-            NetworkConnection(
-                objectid=current_objectid,
-                destination_ip="1.1.1.1",
-                destination_port=1,
-                transport_layer_protocol="tcp",
-                direction="outbound",
-                connection_type="http",
-            )
-
-        # dns connection type without dns details
-        with pytest.raises(ValueError):
-            NetworkConnection(
-                objectid=current_objectid,
-                destination_ip="1.1.1.1",
-                destination_port=1,
-                transport_layer_protocol="tcp",
-                direction="outbound",
-                connection_type="dns",
-            )
-
-    @staticmethod
-    def test_network_connection_update_objectid():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        nc = NetworkConnection(
-            objectid=current_objectid,
-            destination_ip="1.1.1.1",
-            destination_port=1,
-            transport_layer_protocol="tcp",
-            direction="outbound",
-        )
-        nc.update_objectid()
-        assert nc.objectid == current_objectid
-
-        nc.update_objectid(
-            processtree="blahblah",
-        )
-        assert nc.objectid.processtree == "blahblah"
-
-    @staticmethod
-    def test_network_connection_update():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        nc = NetworkConnection(
-            objectid=current_objectid,
-            destination_ip="1.1.1.1",
-            destination_port=1,
-            transport_layer_protocol="tcp",
-            direction="outbound",
-        )
-        nc.update(destination_ip=None)
-        assert nc.destination_ip == "1.1.1.1"
-
-        nc.update(
-            objectid={
-                "treeid": "blah",
-                "processtree": "blah",
-                "time_observed": 1,
-            }
-        )
-        assert nc.objectid.treeid == "blah"
-        assert nc.objectid.processtree == "blah"
-        assert nc.objectid.time_observed == 1
-
-        nc.update(source_ip="blahblah")
-        assert nc.source_ip == "blahblah"
-
-        nc.update(process={})
-        assert nc.process is None
-
-        p = Process(
-            objectid=current_objectid,
-            image="C:\\Windows\\System32\\cmd.exe",
-            start_time="1970-01-01 00:00:00.001",
-        )
-        nc.update(process=p)
-        assert nc.process.objectid.tag == "blah"
-
-    @staticmethod
-    def test_network_connection_update_process():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        nc = NetworkConnection(
-            objectid=current_objectid,
-            destination_ip="1.1.1.1",
-            destination_port=1,
-            transport_layer_protocol="tcp",
-            direction="outbound",
-        )
-        nc.update_process(
-            objectid=current_objectid,
-            pid=123,
-            image="C:\\Windows\\System32\\cmd.exe",
-            pimage="C:\\Windows\\System32\\cmd.exe",
-            integrity_level="BLAH",
-            start_time="1970-01-01 00:00:00",
-        )
-        assert nc.process.pid == 123
-        assert nc.process.image == "C:\\Windows\\System32\\cmd.exe"
-        assert nc.process.objectid.tag == "blah"
-        assert nc.process.integrity_level == "blah"
-        assert nc.process.objectid.time_observed == "1970-01-01 00:00:00"
-
-        nc.update_process(image=None)
-        assert nc.process.image == "C:\\Windows\\System32\\cmd.exe"
-
-    @staticmethod
-    def test_network_connection_update_process_objectid():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        nc = NetworkConnection(
-            objectid=current_objectid,
-            destination_ip="1.1.1.1",
-            destination_port=1,
-            transport_layer_protocol="tcp",
-            direction="outbound",
-        )
-        with pytest.raises(ValueError):
-            nc.update_process_objectid()
-
-        nc.update_process(
-            objectid=current_objectid,
-            image="C:\\Windows\\System32\\cmd.exe",
-            start_time="1970-01-01 00:00:00",
-        )
-        nc.update_process_objectid(
-            guid="{12345678-1234-5678-1234-567812345678}",
-            treeid="blah",
-            processtree="blah",
-        )
-        assert nc.process.objectid.guid == "{12345678-1234-5678-1234-567812345678}"
-        assert nc.process.objectid.treeid == "blah"
-        assert nc.process.objectid.processtree == "blah"
-
-    @staticmethod
-    def test_network_connection_set_process():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        nc = NetworkConnection(
-            objectid=current_objectid,
-            destination_ip="1.1.1.1",
-            destination_port=1,
-            transport_layer_protocol="tcp",
-            direction="outbound",
-        )
-        p1 = Process(
-            objectid=current_objectid,
-            image="blah",
-            start_time="1970-01-01 00:00:00",
-            pid=1,
-        )
-        nc.set_process(p1)
-        assert nc.process.pid == 1
-
-    @staticmethod
-    def test_create_tag():
-        assert NetworkConnection.create_tag() is None
-        assert NetworkConnection.create_tag("blah.com") is None
-        assert (
-            NetworkConnection.create_tag(destination_ip="1.1.1.1", destination_port=123)
-            == "1.1.1.1:123"
-        )
-        assert (
-            NetworkConnection.create_tag(
-                domain="blah.com", destination_ip="1.1.1.1", destination_port=123
-            )
-            == "1.1.1.1:123"
-        )
-        assert (
-            NetworkConnection.create_tag(
-                domain="blah.com",
-                direction="outbound",
-                destination_ip="1.1.1.1",
-                destination_port=123,
-            )
-            == "blah.com:123"
-        )
-
-    @staticmethod
-    def test_network_connection_as_primitives():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        nc = NetworkConnection(
-            objectid=current_objectid,
-            destination_ip="1.1.1.1",
-            destination_port=1,
-            transport_layer_protocol="tcp",
-            direction="outbound",
-        )
-        nc_as_primitives = nc.as_primitives()
-        assert nc_as_primitives == {
-            "objectid": {
-                "tag": "blah",
-                "treeid": None,
-                "processtree": None,
-                "time_observed": None,
-                "processtree": None,
-                "guid": None,
-                "session": None,
-                "ontology_id": "blah",
-                "service_name": "blah",
-            },
-            "process": None,
-            "source_ip": None,
-            "source_port": None,
-            "destination_ip": "1.1.1.1",
-            "destination_port": 1,
-            "transport_layer_protocol": "tcp",
-            "direction": "outbound",
-            "http_details": None,
-            "dns_details": None,
-            "connection_type": None,
-        }
-
-
-class TestNetworkDNS:
-    @staticmethod
-    def test_network_dns_init():
-        with pytest.raises(ValueError):
-            NetworkDNS(
-                domain="blah.com",
-                resolved_ips=[],
-                lookup_type="A",
-            )
-
-        nd = NetworkDNS(domain="blah", resolved_ips=["blah"], lookup_type="A")
-
-        assert nd.domain == "blah"
-        assert nd.resolved_ips == ["blah"]
-        assert nd.lookup_type == "A"
-
-    @staticmethod
-    def test_network_dns_as_primitives():
-        nd = NetworkDNS(domain="blah", resolved_ips=["blah"], lookup_type="A")
-        nd_as_primitives = nd.as_primitives()
-        assert nd_as_primitives == {
-            "domain": "blah",
-            "resolved_ips": ["blah"],
-            "lookup_type": "A",
-        }
-
-
-class TestNetworkHTTP:
-    @staticmethod
-    def test_network_http_init():
-        nh = NetworkHTTP(
-            request_uri="blah",
-            request_method="GET",
-        )
-        assert nh.request_uri == "blah"
-        assert nh.request_method == "GET"
-        assert nh.request_headers == {}
-        assert nh.response_headers == {}
-        assert nh.response_status_code is None
-        assert nh.response_body is None
-        assert nh.response_body_path is None
-        assert nh.request_body_path is None
-
-        set_nh = NetworkHTTP(
-            request_uri="blah",
-            request_headers={"a": "b"},
-            request_body="blah",
-            request_method="blah",
-            response_headers={"a": "b"},
-            response_status_code=123,
-            response_body="blah",
-            response_body_path="blah",
-            request_body_path="blah",
-        )
-
-        assert set_nh.request_uri == "blah"
-        assert set_nh.request_headers == {"a": "b"}
-        assert set_nh.request_body == "blah"
-        assert set_nh.request_method == "blah"
-        assert set_nh.response_headers == {"a": "b"}
-        assert set_nh.response_status_code == 123
-        assert set_nh.response_body == "blah"
-        assert set_nh.response_body_path == "blah"
-        assert set_nh.request_body_path == "blah"
-
-    @staticmethod
-    def test_network_http_update():
-        nh = NetworkHTTP(
-            request_uri="blah",
-            request_method="GET",
-        )
-
-        nh.update(request_uri="blahblah")
-        assert nh.request_uri == "blah"
-
-        nh.update(request_headers={"a", "b"})
-        assert nh.request_headers == {"a", "b"}
-
-    @staticmethod
-    def test_network_http_as_primitives():
-        nh = NetworkHTTP(
-            request_uri="blah",
-            request_method="GET",
-        )
-        nh_as_primitives = nh.as_primitives()
-        assert nh_as_primitives == {
-            "request_uri": "blah",
-            "request_headers": {},
-            "request_body": None,
-            "request_method": "GET",
-            "response_headers": {},
-            "response_status_code": None,
-            "response_body": None,
-        }
-
-
-class TestAttribute:
-    @staticmethod
-    def test_attribute_init():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        default_attribute = Attribute(source=current_objectid)
-        assert default_attribute.source == current_objectid
-        assert default_attribute.target is None
-        assert default_attribute.action is None
-        assert default_attribute.meta is None
-        assert default_attribute.event_record_id is None
-        assert default_attribute.domain is None
-        assert default_attribute.uri is None
-        assert default_attribute.file_hash is None
-
-        with pytest.raises(ValueError):
-            Attribute(
-                source=current_objectid,
-                action="blah",
-            )
-
-        set_attribute = Attribute(
-            source=current_objectid,
-            target=current_objectid,
-            action="clipboard_capture",
-            meta="blah",
-            event_record_id="blah",
-            domain="blah",
-            uri="blah",
-            file_hash="blah",
-        )
-        assert set_attribute.source == current_objectid
-        assert set_attribute.target == current_objectid
-        assert set_attribute.action == "clipboard_capture"
-        assert set_attribute.meta == "blah"
-        assert set_attribute.event_record_id == "blah"
-        assert set_attribute.domain == "blah"
-        assert set_attribute.uri == "blah"
-        assert set_attribute.file_hash == "blah"
-
-    @staticmethod
-    def test_attribute_as_primitives():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        default_attribute = Attribute(source=current_objectid)
-        assert default_attribute.as_primitives() == {
-            "action": None,
-            "event_record_id": None,
-            "file_hash": None,
-            "meta": None,
-            "source": {
-                "guid": None,
-                "ontology_id": "blah",
-                "processtree": None,
-                "service_name": "blah",
-                "session": None,
-                "tag": "blah",
-                "time_observed": None,
-                "treeid": None,
-            },
-            "domain": None,
-            "uri": None,
-            "target": None,
-        }
-
-
-class TestSignature:
-    @staticmethod
-    def test_signature_init():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-
-        with pytest.raises(ValueError):
-            Signature(objectid=current_objectid, name="blah", type="blah")
-
-        sig = Signature(objectid=current_objectid, name="blah", type="CUCKOO")
-        assert sig.objectid == current_objectid
-        assert sig.name == "blah"
-        assert sig.type == "CUCKOO"
-        assert sig.attributes == []
-        assert sig.attacks == []
-        assert sig.actors == []
-        assert sig.malware_families == []
-        assert sig.score is None
-
-        sig = Signature(
-            objectid=current_objectid,
-            name="blah",
-            type="CUCKOO",
-            attributes=["blah"],
-            attacks=["blah"],
-            actors=["blah"],
-            malware_families=["blah"],
-            score=10,
-        )
-        assert sig.objectid == current_objectid
-        assert sig.name == "blah"
-        assert sig.type == "CUCKOO"
-        assert sig.attributes == ["blah"]
-        assert sig.attacks == ["blah"]
-        assert sig.actors == ["blah"]
-        assert sig.malware_families == ["blah"]
-        assert sig.score == 10
-
-    @staticmethod
-    def test_signature_update():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        sig = Signature(objectid=current_objectid, name="blah", type="CUCKOO")
-        sig.update(attributes=["blah"])
-        assert sig.attributes == ["blah"]
-
-    @staticmethod
-    def test_add_attack_id():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        sig = Signature(objectid=current_objectid, name="blah", type="CUCKOO")
-        sig.add_attack_id("T1187")
-        assert sig.attacks == [
-            {
-                "attack_id": "T1187",
-                "categories": ["credential-access"],
-                "pattern": "Forced Authentication",
-            }
-        ]
-        # Note that it does not add duplicates
-        sig.add_attack_id("T1187")
-        assert sig.attacks == [
-            {
-                "attack_id": "T1187",
-                "categories": ["credential-access"],
-                "pattern": "Forced Authentication",
-            }
-        ]
-
-    @staticmethod
-    def test_create_attribute():
-        assert Signature.create_attribute() is None
-        with pytest.raises(ValueError):
-            Signature.create_attribute(blah="blah")
-        with pytest.raises(ValueError):
-            Signature.create_attribute(source="blah")
-        source = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        assert Signature.create_attribute(source=source).as_primitives() == {
-            "source": source.as_primitives(),
-            'action': None,
-            'domain': None,
-            'event_record_id': None,
-            'file_hash': None,
-            'meta': None,
-            'target': None,
-            'uri': None
-        }
-
-    @staticmethod
-    def test_add_attribute():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        sig = Signature(objectid=current_objectid, name="blah", type="CUCKOO")
-        attr1 = sig.create_attribute(uri="http://blah.com", source=current_objectid)
-        sig.add_attribute(attr1)
-        assert sig.attributes[0].uri == "http://blah.com"
-        attr2 = sig.create_attribute(uri="http://blah.com", source=current_objectid)
-        sig.add_attribute(attr2)
-        assert len(sig.attributes) == 1
-
-    @staticmethod
-    def test_get_attributes():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        sig = Signature(objectid=current_objectid, name="blah", type="CUCKOO")
-        attr1 = sig.create_attribute(uri="http://blah.com", source=current_objectid)
-        sig.add_attribute(attr1)
-        assert sig.get_attributes()[0].uri == "http://blah.com"
-
-    @staticmethod
-    def test_set_score():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        sig = Signature(objectid=current_objectid, name="blah", type="CUCKOO")
-        sig.set_score(1)
-        assert sig.score == 1
-
-    @staticmethod
-    def test_set_malware_families():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        sig = Signature(objectid=current_objectid, name="blah", type="CUCKOO")
-        sig.set_malware_families(["blah"])
-        assert sig.malware_families == ["blah"]
-
-    @staticmethod
-    def test_signature_as_primitives():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        sig = Signature(objectid=current_objectid, name="blah", type="CUCKOO")
-        assert sig.as_primitives() == {
-            "actors": [],
-            "attacks": [],
-            "attributes": [],
-            "malware_families": [],
-            "name": "blah",
-            "objectid": {
-                "guid": None,
-                "ontology_id": "blah",
-                "processtree": None,
-                "service_name": "blah",
-                "session": None,
-                "tag": "blah",
-                "time_observed": None,
-                "treeid": None,
-            },
-            "type": "CUCKOO",
-        }
-
-
-class TestMachineMetadata:
-    @staticmethod
-    def test_machine_metadata_init():
-        default_mm = Sandbox.AnalysisMetadata.MachineMetadata()
-        assert default_mm.ip is None
-        assert default_mm.hypervisor is None
-        assert default_mm.hostname is None
-        assert default_mm.platform is None
-        assert default_mm.version is None
-        assert default_mm.architecture is None
-
-        set_mm = Sandbox.AnalysisMetadata.MachineMetadata(
-            ip="blah",
-            hypervisor="blah",
-            hostname="blah",
-            platform="blah",
-            version="blah",
-            architecture="blah",
-        )
-        assert set_mm.ip == "blah"
-        assert set_mm.hypervisor == "blah"
-        assert set_mm.hostname == "blah"
-        assert set_mm.platform == "blah"
-        assert set_mm.version == "blah"
-        assert set_mm.architecture == "blah"
-
-    @staticmethod
-    def test_machine_metadata_as_primitives():
-        default_mm = Sandbox.AnalysisMetadata.MachineMetadata()
-        assert default_mm.as_primitives() == {
-            "ip": None,
-            "hypervisor": None,
-            "hostname": None,
-            "platform": None,
-            "version": None,
-            "architecture": None,
-        }
-
-    @staticmethod
-    def test_machine_metadata_load_from_json():
-        default_mm = Sandbox.AnalysisMetadata.MachineMetadata()
-        default_mm.load_from_json(
-            {
-                "ip": "blah",
-                "hypervisor": "blah",
-                "hostname": "blah",
-                "platform": "blah",
-                "version": "blah",
-                "architecture": "blah",
-            }
-        )
-        assert default_mm.ip == "blah"
-        assert default_mm.hypervisor == "blah"
-        assert default_mm.hostname == "blah"
-        assert default_mm.platform == "blah"
-        assert default_mm.version == "blah"
-        assert default_mm.architecture == "blah"
-
-
-class TestAnalysisMetadata:
-    @staticmethod
-    def test_analysis_metadata_init():
-        default_am = Sandbox.AnalysisMetadata(start_time="1970-01-01 00:00:00")
-        assert default_am.task_id is None
-        assert default_am.start_time == "1970-01-01 00:00:00"
-        assert default_am.end_time == "9999-12-31 23:59:59"
-        assert default_am.routing is None
-        assert default_am.machine_metadata is None
-
-        set_am = Sandbox.AnalysisMetadata(
-            task_id=123,
-            start_time="1970-01-01 00:00:00",
-            end_time="1970-01-01 00:00:00",
-            routing="blah",
-        )
-        assert set_am.task_id == 123
-        assert set_am.start_time == "1970-01-01 00:00:00"
-        assert set_am.end_time == "1970-01-01 00:00:00"
-        assert set_am.routing == "blah"
-
-    @staticmethod
-    def test_analysis_metadata_as_primitives():
-        default_am = Sandbox.AnalysisMetadata(start_time="1970-01-01 00:00:00")
-        assert default_am.as_primitives() == {
-            "task_id": None,
-            "start_time": "1970-01-01 00:00:00",
-            "end_time": "9999-12-31 23:59:59",
-            "routing": None,
-            "machine_metadata": None,
-        }
-
-    @staticmethod
-    def test_analysis_metadata_load_from_json():
-        default_am = Sandbox.AnalysisMetadata(start_time="1970-01-01 00:00:00")
-        default_am.load_from_json(
-            {
-                "task_id": "blah",
-                "start_time": "blah",
-                "end_time": "blah",
-                "routing": "blah",
-                "machine_metadata": {
-                    "ip": "blah",
-                    "hypervisor": "blah",
-                    "hostname": "blah",
-                    "platform": "blah",
-                    "version": "blah",
-                    "architecture": "blah",
-                },
-            }
-        )
-        assert default_am.task_id == "blah"
-        assert default_am.start_time == "blah"
-        assert default_am.end_time == "blah"
-        assert default_am.routing == "blah"
-        assert default_am.machine_metadata.ip == "blah"
-        assert default_am.machine_metadata.hypervisor == "blah"
-        assert default_am.machine_metadata.hostname == "blah"
-        assert default_am.machine_metadata.platform == "blah"
-        assert default_am.machine_metadata.version == "blah"
-        assert default_am.machine_metadata.architecture == "blah"
-
-
-class TestSandbox:
-    @staticmethod
-    def test_sandbox_init():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        default_so = Sandbox(
-            objectid=current_objectid,
-            analysis_metadata=Sandbox.AnalysisMetadata(
-                start_time="1970-01-01 00:00:00"
-            ),
-            sandbox_name="blah",
-        )
-        assert default_so.analysis_metadata.task_id is None
-        assert default_so.analysis_metadata.start_time == "1970-01-01 00:00:00"
-        assert default_so.analysis_metadata.end_time == "9999-12-31 23:59:59"
-        assert default_so.analysis_metadata.routing is None
-        assert default_so.analysis_metadata.machine_metadata is None
-        assert default_so.sandbox_name == "blah"
-        assert default_so.sandbox_version is None
-
-    @staticmethod
-    def test_update_analysis_metadata():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        default_so = Sandbox(
-            objectid=current_objectid,
-            analysis_metadata=Sandbox.AnalysisMetadata(
-                start_time="1970-01-01 00:00:00"
-            ),
-            sandbox_name="blah",
-        )
-        default_so.update_analysis_metadata(task_id=123)
-        assert default_so.analysis_metadata.task_id == 123
-
-    @staticmethod
-    def test_update_machine_metadata():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        default_so = Sandbox(
-            objectid=current_objectid,
-            analysis_metadata=Sandbox.AnalysisMetadata(
-                start_time="1970-01-01 00:00:00"
-            ),
-            sandbox_name="blah",
-        )
-
-        default_so.update_machine_metadata(ip="blah")
-        assert default_so.analysis_metadata.machine_metadata.ip == "blah"
-
-    @staticmethod
-    def test_ontology_results_as_primitives():
-        current_objectid = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        default_so = Sandbox(
-            objectid=current_objectid,
-            analysis_metadata=Sandbox.AnalysisMetadata(
-                start_time="1970-01-01 00:00:00"
-            ),
-            sandbox_name="blah",
-        )
-        assert default_so.as_primitives() == {
-            "analysis_metadata": {
-                "task_id": None,
-                "start_time": "1970-01-01 00:00:00",
-                "end_time": "9999-12-31 23:59:59",
-                "routing": None,
-                "machine_metadata": None,
-            },
-            "sandbox_name": "blah",
-            "sandbox_version": None,
-            "objectid": {
-                "guid": None,
-                "ontology_id": "blah",
-                "processtree": None,
-                "service_name": "blah",
-                "session": None,
-                "tag": "blah",
-                "time_observed": None,
-                "treeid": None
-            },
-        }
-
-
-class TestOntologyResults:
-    @staticmethod
-    def test_ontology_results_init():
-        default_or = OntologyResults()
-        assert default_or.netflows == []
-        assert default_or.dns_netflows == []
-        assert default_or.http_netflows == []
-        assert default_or.processes == []
-        assert default_or.sandboxes == []
-        assert default_or.signatures == []
-        assert default_or._guid_process_map == {}
-
-    @staticmethod
-    def test_create_objectid():
-        # Need the tag and ontology_id
-        with pytest.raises(ValueError):
-            OntologyResults.create_objectid()
-
-        # Need the ontology_id
-        with pytest.raises(ValueError):
-            OntologyResults.create_objectid(tag="blah")
-
-        # Need the tag
-        with pytest.raises(ValueError):
-            OntologyResults.create_objectid(ontology_id="blah")
-
-        # Need the service name
-        with pytest.raises(ValueError):
-            OntologyResults.create_objectid(tag="blah", ontology_id="blah")
-
-        # time_observed must be a str
-        with pytest.raises(ValueError):
-            OntologyResults.create_objectid(tag="blah", ontology_id="blah", service_name="CAPE", time_observed=1)
-
-        objectid = OntologyResults.create_objectid(
-            tag="blah", ontology_id="blah", service_name="CAPE", time_observed="1970-01-01 00:00:00"
-        )
-        assert objectid.tag == "blah"
-        assert objectid.ontology_id == "blah"
-        assert objectid.service_name == "CAPE"
-        assert objectid.time_observed == "1970-01-01 00:00:00"
-
-    @staticmethod
-    def test_create_session():
-        assert isinstance(OntologyResults.create_session(), str)
-
-    @staticmethod
-    def test_set_sandboxes():
-        default_or = OntologyResults(service_name="blah")
-        sandbox = Sandbox(
-            objectid=ObjectID(ontology_id="blah", tag="blah", session="blah"),
-            analysis_metadata=Sandbox.AnalysisMetadata(
-                start_time="1970-01-01 00:00:01", end_time="1970-01-01 00:00:02"
-            ),
-            sandbox_name="blah",
-        )
-        default_or.set_sandboxes([sandbox])
-        assert default_or.sandboxes == [sandbox]
-
-    @staticmethod
-    def test_add_sandbox():
-        default_or = OntologyResults(service_name="blah")
-        sandbox = Sandbox(
-            objectid=ObjectID(ontology_id="blah", tag="blah", session="blah"),
-            analysis_metadata=Sandbox.AnalysisMetadata(
-                start_time="1970-01-01 00:00:01", end_time="1970-01-01 00:00:02"
-            ),
-            sandbox_name="blah",
-        )
-        default_or.add_sandbox(sandbox)
-        assert default_or.sandboxes == [sandbox]
-
-    @staticmethod
-    def test_create_sandbox():
-        sandbox = OntologyResults.create_sandbox(
-            objectid=ObjectID(ontology_id="blah", tag="blah", session="blah"),
-            analysis_metadata=Sandbox.AnalysisMetadata(
-                start_time="1970-01-01 00:00:01", end_time="1970-01-01 00:00:02"
-            ),
-            sandbox_name="blah",
-        )
-        assert isinstance(sandbox, Sandbox)
-
-    @staticmethod
-    def test_get_sandbox_by_session():
-        default_or = OntologyResults(service_name="blah")
-        sandbox = Sandbox(
-            objectid=ObjectID(ontology_id="blah", tag="blah", session="blah"),
-            analysis_metadata=Sandbox.AnalysisMetadata(
-                start_time="1970-01-01 00:00:01", end_time="1970-01-01 00:00:02"
-            ),
-            sandbox_name="blah",
-        )
-        default_or.add_sandbox(sandbox)
-        assert default_or.get_sandbox_by_session("blah") == sandbox
-        assert default_or.get_sandbox_by_session("blahblah") is None
-
-    @staticmethod
-    def test_get_sandboxes():
-        default_or = OntologyResults(service_name="blah")
-        sandbox = Sandbox(
-            objectid=ObjectID(ontology_id="blah", tag="blah", session="blah"),
-            analysis_metadata=Sandbox.AnalysisMetadata(
-                start_time="1970-01-01 00:00:01", end_time="1970-01-01 00:00:02"
-            ),
-            sandbox_name="blah",
-        )
-        default_or.add_sandbox(sandbox)
-        assert default_or.get_sandboxes() == [sandbox]
-
-    @staticmethod
-    def test_set_processes():
-        default_or = OntologyResults(service_name="blah")
-        current_objectid = ObjectID(tag="blah", ontology_id="blah")
-        p = default_or.create_process(
-            objectid=current_objectid,
-            image="C:\\Windows\\System32\\cmd.exe",
-            start_time="1970-01-01 00:00:00",
-        )
-        default_or.set_processes([p])
-        assert default_or.processes == [p]
-
-    @staticmethod
-    def test_ontology_results_create_process():
-        default_or = OntologyResults(service_name="blah")
-        current_objectid = ObjectID(tag="blah", ontology_id="blah")
-        p = default_or.create_process(
-            objectid=current_objectid,
-            image="C:\\Windows\\System32\\cmd.exe",
-            start_time="1970-01-01 00:00:00",
-        )
-        assert p.image == "C:\\Windows\\System32\\cmd.exe"
-        assert p.objectid.tag == "blah"
-
-    @staticmethod
-    def test_add_process():
-        default_or = OntologyResults(service_name="blah")
-        assert default_or.processes == []
-
-        current_objectid = ObjectID(tag="blah", ontology_id="blah")
-        p = default_or.create_process(
-            objectid=current_objectid,
-            image="C:\\Windows\\System32\\cmd.exe",
-            start_time="1970-01-01 00:00:00",
-        )
-        default_or.add_process(p)
-        process_as_primitives = default_or.processes[0].as_primitives()
-        guid = process_as_primitives["objectid"].pop("guid")
-        assert guid.isupper()
-        assert str(UUID(guid))
-        assert process_as_primitives == {
-            "objectid": {
-                "tag": "blah",
-                "treeid": None,
-                "processtree": None,
-                "time_observed": "1970-01-01 00:00:00",
-                "ontology_id": "blah",
-                "session": None,
-                "service_name": "blah",
-            },
-            "pobjectid": None,
-            "pimage": None,
-            "pcommand_line": None,
-            "ppid": None,
-            "pid": None,
-            "image": "C:\\Windows\\System32\\cmd.exe",
-            "command_line": None,
-            "start_time": "1970-01-01 00:00:00",
-            "end_time": "9999-12-31 23:59:59",
-            "integrity_level": None,
-            "image_hash": None,
-            "original_file_name": None,
-        }
-
-    @staticmethod
-    def test_ontology_results_update_process():
-        default_or = OntologyResults(service_name="blah")
-        current_objectid = ObjectID(tag="blah", ontology_id="blah")
-
-        p = default_or.create_process(
-            objectid=current_objectid,
-            image="C:\\Windows\\System32\\cmd.exe",
-            start_time="1970-01-01 00:00:00",
-        )
-        default_or.add_process(p)
-        assert default_or.processes[0].pid is None
-
-        default_or.update_process(guid=default_or.processes[0].objectid.guid, pid=1)
-        assert default_or.processes[0].pid == 1
-
-        default_or.update_process(pid=1, start_time="1970-01-01 00:02:00")
-        assert default_or.processes[0].start_time == "1970-01-01 00:00:00"
-
-        default_or.update_process(pid=1, end_time="1970-01-01 00:02:00")
-        assert default_or.processes[0].end_time == "1970-01-01 00:02:00"
-
-        default_or.update_process(pid=None)
-        assert default_or.processes[0].pid == 1
-
-        default_or.update_process(
-            image="C:\\Windows\\System32\\cmd.exe",
-            pguid="{12345678-1234-5678-1234-567812345679}",
-            pimage="C:\\Windows\\System32\\cmd.exe",
-            pid=1,
-            start_time="1970-01-01 00:00:00",
-        )
-        assert default_or.processes[0].image == "C:\\Windows\\System32\\cmd.exe"
-        assert default_or.processes[0].objectid.tag == "blah"
-        assert default_or.processes[0].pimage == "C:\\Windows\\System32\\cmd.exe"
-        assert default_or.processes[0].pobjectid is None
-
-        parent_objectid = ObjectID(
-            tag="blah",
-            ontology_id="blah",
-            guid="{12345678-1234-5678-1234-567812345679}",
-        )
-        parent = default_or.create_process(
-            objectid=parent_objectid,
-            image="C:\\Windows\\System32\\cmd.exe",
-            start_time="1970-01-01 00:00:00",
-        )
-        default_or.add_process(parent)
-        default_or.update_process(
-            guid=default_or.processes[0].objectid.guid,
-            pguid="{12345678-1234-5678-1234-567812345679}",
-        )
-        assert (
-            default_or.processes[0].pobjectid.guid
-            == "{12345678-1234-5678-1234-567812345679}"
-        )
-        assert default_or.processes[0].pimage == "C:\\Windows\\System32\\cmd.exe"
-        assert default_or.processes[0].pobjectid.tag == "blah"
-
-        default_or.update_process(
-            guid=default_or.processes[0].objectid.guid,
-            pobjectid={"guid": "{12345678-1234-5678-1234-567812345679}"},
-        )
-        assert (
-            default_or.processes[0].pobjectid.guid
-            == "{12345678-1234-5678-1234-567812345679}"
-        )
-
-    @staticmethod
-    def test_ontology_results_update_objectid():
-        default_or = OntologyResults(service_name="blah")
-
-        process_objectid = ObjectID(
-            tag="blah",
-            ontology_id="blah",
-            guid="{12345678-1234-5678-1234-567812345678}",
-        )
-        p = default_or.create_process(
-            objectid=process_objectid,
-            image="C:\\Windows\\System32\\cmd.exe",
-            start_time="1970-01-01 00:00:00",
-        )
-        default_or.add_process(p)
-        nc_objectid = ObjectID(
-            tag="blah",
-            ontology_id="blah",
-            guid="{12345678-1234-5678-1234-567812345678}",
-        )
-        nc = default_or.create_network_connection(
-            objectid=nc_objectid,
-            destination_ip="1.1.1.1",
-            destination_port=123,
-            transport_layer_protocol="tcp",
-            direction="outbound",
-        )
-        nc_guid = nc.objectid.guid
-        default_or.add_network_connection(nc)
-
-        default_or.update_objectid()
-        default_or.update_objectid(thing=None)
-        default_or.update_objectid(thing="blah")
-        default_or.update_objectid(guid="blah")
-
-        assert p.objectid.guid == "{12345678-1234-5678-1234-567812345678}"
-        assert p.objectid.tag == "blah"
-        assert p.objectid.treeid is None
-        assert p.objectid.processtree is None
-        assert p.objectid.time_observed == "1970-01-01 00:00:00"
-
-        assert nc.objectid.guid == nc_guid
-        assert nc.objectid.tag == "blah"
-        assert nc.objectid.treeid is None
-        assert nc.objectid.processtree is None
-        assert nc.objectid.time_observed is None
-
-        default_or.update_objectid(
-            guid="{12345678-1234-5678-1234-567812345678}", tag="blah"
-        )
-
-        assert p.objectid.guid == "{12345678-1234-5678-1234-567812345678}"
-        assert p.objectid.tag == "blah"
-        assert p.objectid.treeid is None
-        assert p.objectid.processtree is None
-        assert p.objectid.time_observed == "1970-01-01 00:00:00"
-
-        default_or.update_objectid(guid=nc_guid, tag="blah")
-
-        assert nc.objectid.guid == nc_guid
-        assert nc.objectid.tag == "blah"
-        assert nc.objectid.treeid is None
-        assert nc.objectid.processtree is None
-        assert nc.objectid.time_observed is None
-
-    @staticmethod
-    def test_set_parent_details():
-        default_or = OntologyResults(service_name="blah")
-        parent_objectid = ObjectID(
-            tag="blah",
-            ontology_id="blah",
-            guid="{12345678-1234-5678-1234-567812345678}",
-        )
-        parent_process = default_or.create_process(
-            objectid=parent_objectid,
-            image="blah.exe",
-            start_time="1970-01-01 00:00:02",
-            end_time="1970-01-01 00:00:03",
-            pid=1,
-        )
-        default_or.add_process(parent_process)
-        current_objectid = ObjectID(
-            tag="blah",
-            ontology_id="blah",
-            guid="{12345678-1234-5678-1234-567812345677}",
-        )
-        p1 = default_or.create_process(
-            objectid=current_objectid,
-            image="blah",
-            start_time="1970-01-01 00:00:04",
-            pobjectid=parent_objectid,
-        )
-        default_or.set_parent_details(p1)
-        assert p1.as_primitives() == {
-            "objectid": {
-                "guid": "{12345678-1234-5678-1234-567812345677}",
-                "ontology_id": "blah",
-                "processtree": None,
-                "service_name": "blah",
-                "session": None,
-                "tag": "blah",
-                "time_observed": "1970-01-01 00:00:04",
-                "treeid": None,
-            },
-            "pobjectid": {
-                "guid": "{12345678-1234-5678-1234-567812345678}",
-                "ontology_id": "blah",
-                "processtree": None,
-                "service_name": "blah",
-                "session": None,
-                "tag": "blah",
-                "time_observed": "1970-01-01 00:00:02",
-                "treeid": None,
-            },
-            "pimage": "blah.exe",
-            "pcommand_line": None,
-            "ppid": 1,
-            "pid": None,
-            "image": "blah",
-            "command_line": None,
-            "start_time": "1970-01-01 00:00:04",
-            "end_time": "9999-12-31 23:59:59",
-            "integrity_level": None,
-            "image_hash": None,
-            "original_file_name": None,
-        }
-
-        currenter_objectid = ObjectID(
-            tag="blah",
-            ontology_id="blah",
-            guid="{12345678-1234-5678-1234-567812345676}",
-        )
-        p2 = default_or.create_process(
-            objectid=currenter_objectid,
-            image="blah",
-            ppid=1,
-            start_time="1970-01-01 00:00:03",
-        )
-        default_or.set_parent_details(p2)
-        assert p2.as_primitives() == {
-            "objectid": {
-                "guid": "{12345678-1234-5678-1234-567812345676}",
-                "ontology_id": "blah",
-                "processtree": None,
-                "service_name": "blah",
-                "session": None,
-                "tag": "blah",
-                "time_observed": "1970-01-01 00:00:03",
-                "treeid": None,
-            },
-            "pobjectid": {
-                "guid": "{12345678-1234-5678-1234-567812345678}",
-                "ontology_id": "blah",
-                "processtree": None,
-                "service_name": "blah",
-                "session": None,
-                "tag": "blah",
-                "time_observed": "1970-01-01 00:00:02",
-                "treeid": None,
-            },
-            "pimage": "blah.exe",
-            "pcommand_line": None,
-            "ppid": 1,
-            "pid": None,
-            "image": "blah",
-            "command_line": None,
-            "start_time": "1970-01-01 00:00:03",
-            "end_time": "9999-12-31 23:59:59",
-            "integrity_level": None,
-            "image_hash": None,
-            "original_file_name": None,
-        }
-
-    @staticmethod
-    def test_set_child_details():
-        default_or = OntologyResults(service_name="blah")
-        child_process1_objectid = ObjectID(
-            tag="blah",
-            ontology_id="blah",
-            guid="{12345678-1234-5678-1234-567812345678}",
-        )
-        child_process1_pobjectid = ObjectID(
-            tag="blah",
-            ontology_id="blah",
-            guid="{12345678-1234-5678-1234-567812345679}",
-        )
-        child_process1 = default_or.create_process(
-            objectid=child_process1_objectid,
-            image="blah.exe",
-            start_time="1970-01-01 00:00:02",
-            end_time="1970-01-01 00:00:03",
-            pid=1,
-            pobjectid=child_process1_pobjectid,
-        )
-        default_or.add_process(child_process1)
-
-        child_process2_objectid = ObjectID(
-            tag="blah",
-            ontology_id="blah",
-            guid="{12345678-1234-5678-1234-567812345670}",
-        )
-        child_process2 = default_or.create_process(
-            objectid=child_process2_objectid,
-            image="blah.exe",
-            start_time="1970-01-01 00:00:02",
-            end_time="1970-01-01 00:00:03",
-            pid=3,
-            ppid=2,
-        )
-        default_or.add_process(child_process2)
-        parent_objectid = ObjectID(
-            tag="blah",
-            ontology_id="blah",
-            guid="{12345678-1234-5678-1234-567812345679}",
-        )
-        parent = default_or.create_process(
-            objectid=parent_objectid,
-            pid=2,
-            start_time="1970-01-01 00:00:02",
-            image="parent.exe",
-        )
-        default_or.set_child_details(parent)
-        assert child_process1.as_primitives() == {
-            "objectid": {
-                "guid": "{12345678-1234-5678-1234-567812345678}",
-                "ontology_id": "blah",
-                "processtree": None,
-                "service_name": "blah",
-                "session": None,
-                "tag": "blah",
-                "time_observed": "1970-01-01 00:00:02",
-                "treeid": None,
-            },
-            "pobjectid": {
-                "guid": "{12345678-1234-5678-1234-567812345679}",
-                "ontology_id": "blah",
-                "processtree": None,
-                "service_name": "blah",
-                "session": None,
-                "tag": "blah",
-                "time_observed": "1970-01-01 00:00:02",
-                "treeid": None,
-            },
-            "pimage": "parent.exe",
-            "pcommand_line": None,
-            "ppid": 2,
-            "pid": 1,
-            "image": "blah.exe",
-            "command_line": None,
-            "start_time": "1970-01-01 00:00:02",
-            "end_time": "1970-01-01 00:00:03",
-            "integrity_level": None,
-            "image_hash": None,
-            "original_file_name": None,
-        }
-        assert child_process2.as_primitives() == {
-            "objectid": {
-                "guid": "{12345678-1234-5678-1234-567812345670}",
-                "ontology_id": "blah",
-                "processtree": None,
-                "service_name": "blah",
-                "session": None,
-                "tag": "blah",
-                "time_observed": "1970-01-01 00:00:02",
-                "treeid": None,
-            },
-            "pobjectid": {
-                "guid": "{12345678-1234-5678-1234-567812345679}",
-                "ontology_id": "blah",
-                "processtree": None,
-                "service_name": "blah",
-                "session": None,
-                "tag": "blah",
-                "time_observed": "1970-01-01 00:00:02",
-                "treeid": None,
-            },
-            "pimage": "parent.exe",
-            "pcommand_line": None,
-            "ppid": 2,
-            "pid": 3,
-            "image": "blah.exe",
-            "command_line": None,
-            "start_time": "1970-01-01 00:00:02",
-            "end_time": "1970-01-01 00:00:03",
-            "integrity_level": None,
-            "image_hash": None,
-            "original_file_name": None,
-        }
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "events, validated_events_num",
-        [
-            (
-                [
-                    {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:02",
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345678}",
-                            ontology_id="blah",
-                            service_name="blah",
-                            tag="blah",
-                        ),
-                        "pobjectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345679}",
-                            ontology_id="blah",
-                            service_name="blah",
-                            tag="blah",
-                        ),
-                    }
-                ],
-                1,
-            ),
-        ],
-    )
-    def test_get_processes(events, validated_events_num):
-        default_or = OntologyResults()
-        for event in events:
-            p = default_or.create_process(**event)
-            default_or.add_process(p)
-        assert len(default_or.get_processes()) == validated_events_num
-
-    @staticmethod
-    def test_get_guid_by_pid_and_time():
-        default_or = OntologyResults(service_name="blah")
-        current_objectid = ObjectID(
-            guid="{12345678-1234-5678-1234-567812345678}",
-            ontology_id="blah",
-            tag="blah",
-        )
-        assert default_or.get_guid_by_pid_and_time(1, "1970-01-01 00:00:00") is None
-
-        p = default_or.create_process(
-            objectid=current_objectid,
-            image="blah",
-            pid=1,
-            start_time="1970-01-01 00:00:00",
-            end_time="1970-01-01 00:00:01",
-        )
-        default_or.add_process(p)
-        assert (
-            default_or.get_guid_by_pid_and_time(1, "1970-01-01 00:00:01")
-            == "{12345678-1234-5678-1234-567812345678}"
-        )
-
-    @staticmethod
-    def test_get_processes_by_ppid_and_time():
-        default_or = OntologyResults(service_name="blah")
-        assert default_or.get_processes_by_ppid_and_time(1, "1970-01-01 00:00:00") == []
-        current_objectid = ObjectID(
-            guid="{12345678-1234-5678-1234-567812345678}",
-            ontology_id="blah",
-            tag="blah",
-        )
-        p = default_or.create_process(
-            objectid=current_objectid,
-            image="blah",
-            pid=1,
-            start_time="1970-01-01 00:00:00",
-            end_time="1970-01-01 00:00:01",
-            guid="{12345678-1234-5678-1234-567812345678}",
-            ppid=2,
-        )
-        default_or.add_process(p)
-        assert default_or.get_processes_by_ppid_and_time(2, "1970-01-01 00:00:01") == [
-            p
-        ]
-
-    @staticmethod
-    def test_get_pguid_by_pid_and_time():
-        default_or = OntologyResults(service_name="blah")
-        assert default_or.get_pguid_by_pid_and_time(1, "1970-01-01 00:00:00") is None
-        current_objectid = ObjectID(
-            guid="{12345678-1234-5678-1234-567812345678}",
-            ontology_id="blah",
-            tag="blah",
-        )
-        pobjectid = ObjectID(
-            guid="{12345678-1234-5678-1234-567812345679}",
-            ontology_id="blah",
-            tag="blah",
-        )
-        child = default_or.create_process(
-            objectid=current_objectid,
-            image="blah",
-            pid=1,
-            start_time="1970-01-01 00:00:00",
-            end_time="1970-01-01 00:00:01",
-            pobjectid=pobjectid,
-        )
-        default_or.add_process(child)
-        assert (
-            default_or.get_pguid_by_pid_and_time(1, "1970-01-01 00:00:01")
-            == "{12345678-1234-5678-1234-567812345679}"
-        )
-
-    @staticmethod
-    def test_is_guid_in_gpm():
-        default_or = OntologyResults(service_name="blah")
-        guid = "{12345678-1234-5678-1234-567812345678}"
-        assert not default_or.is_guid_in_gpm(guid)
-        current_objectid = ObjectID(
-            guid="{12345678-1234-5678-1234-567812345678}",
-            ontology_id="blah",
-            tag="blah",
-        )
-        p = default_or.create_process(
-            objectid=current_objectid,
-            image="blah",
-            pid=1,
-            start_time="1970-01-01 00:00:00",
-            end_time="1970-01-01 00:00:01",
-            guid=guid,
-        )
-        default_or.add_process(p)
-        assert default_or.is_guid_in_gpm(guid)
-
-    @staticmethod
-    def test_get_process_by_guid():
-        default_or = OntologyResults(service_name="blah")
-        assert not default_or.get_process_by_guid(None)
-
-        guid = "{12345678-1234-5678-1234-567812345678}"
-        assert not default_or.get_process_by_guid(guid)
-
-        current_objectid = ObjectID(
-            guid=guid,
-            ontology_id="blah",
-            tag="blah",
-        )
-        p = default_or.create_process(
-            objectid=current_objectid,
-            image="blah",
-            start_time="1970-01-01 00:00:00",
-        )
-        default_or.add_process(p)
-        assert default_or.get_process_by_guid(guid) == p
-
-    @staticmethod
-    def test_get_process_by_command_line():
-        default_or = OntologyResults(service_name="blah")
-        assert default_or.get_process_by_command_line() is None
-        objectid1 = ObjectID(
-            ontology_id="blah",
-            tag="blah",
-        )
-        p1 = default_or.create_process(
-            objectid=objectid1,
-            image="blah",
-            start_time="1970-01-01 00:00:00",
-            command_line="blah1",
-        )
-        objectid2 = ObjectID(
-            ontology_id="blah",
-            tag="blah",
-        )
-        p2 = default_or.create_process(
-            objectid=objectid2,
-            image="blah",
-            start_time="1970-01-01 00:00:00",
-            command_line="blah2",
-        )
-        objectid3 = ObjectID(
-            ontology_id="blah",
-            tag="blah",
-        )
-        p3 = default_or.create_process(
-            objectid=objectid3,
-            image="blah",
-            start_time="1970-01-01 00:00:00",
-            command_line="blah1",
-        )
-        default_or.add_process(p1)
-        default_or.add_process(p2)
-        default_or.add_process(p3)
-
-        assert default_or.get_process_by_command_line() is None
-        assert default_or.get_process_by_command_line("blah2") == p2
-        assert default_or.get_process_by_command_line("blah1") == p1
-
-    @staticmethod
-    def test_get_process_by_pid_and_time():
-        default_or = OntologyResults(service_name="blah")
-        assert default_or.get_process_by_pid_and_time(None, 1.0) is None
-        assert default_or.get_process_by_pid_and_time(1, None) is None
-        assert default_or.get_process_by_pid_and_time(1, 1.0) is None
-
-        objectid = ObjectID(
-            ontology_id="blah",
-            tag="blah",
-        )
-        p = default_or.create_process(
-            objectid=objectid,
-            image="blah",
-            pid=1,
-            start_time="1970-01-01 00:00:01",
-            end_time="1970-01-01 00:00:02",
-        )
-        default_or.add_process(p)
-        assert default_or.get_process_by_pid_and_time(1, "1970-01-01 00:00:01") == p
-
-    @staticmethod
-    def test_get_processes_by_pguid():
-        default_or = OntologyResults(service_name="blah")
-        assert not default_or.get_processes_by_pguid(None)
-
-        guid = "{12345678-1234-5678-1234-567812345678}"
-        assert not default_or.get_processes_by_pguid(guid)
-
-        objectid = ObjectID(
-            ontology_id="blah",
-            tag="blah",
-        )
-        pobjectid = ObjectID(
-            ontology_id="blah",
-            tag="blah",
-            guid=guid,
-        )
-        p = default_or.create_process(
-            objectid=objectid,
-            pobjectid=pobjectid,
-            image="blah",
-            start_time="1970-01-01 00:00:01",
-        )
-        default_or.add_process(p)
-        assert default_or.get_processes_by_pguid(guid) == [p]
-
-    @staticmethod
-    def test_create_attribute():
-        assert OntologyResults.create_attribute() is None
-        with pytest.raises(ValueError):
-            OntologyResults.create_attribute(blah="blah")
-        with pytest.raises(ValueError):
-            OntologyResults.create_attribute(source="blah")
-        source = ObjectID(tag="blah", ontology_id="blah", service_name="blah")
-        assert OntologyResults.create_attribute(source=source).as_primitives() == {
-            "source": source.as_primitives(),
-            'action': None,
-            'domain': None,
-            'event_record_id': None,
-            'file_hash': None,
-            'meta': None,
-            'target': None,
-            'uri': None
-        }
-
-    @staticmethod
-    def test_set_netflows():
-        default_or = OntologyResults(service_name="blah")
-        objectid = ObjectID(
-            ontology_id="blah",
-            tag="blah",
-        )
-        nc = default_or.create_network_connection(
-            objectid=objectid,
-            destination_ip="1.1.1.1",
-            destination_port=123,
-            transport_layer_protocol="tcp",
-            direction="outbound",
-        )
-        default_or.set_netflows([nc])
-        assert default_or.netflows == [nc]
-
-    @staticmethod
-    def test_create_network_connection():
-        default_or = OntologyResults(service_name="blah")
-        objectid = ObjectID(
-            ontology_id="blah",
-            tag="blah",
-        )
-        nc = default_or.create_network_connection(
-            objectid=objectid,
-            destination_ip="1.1.1.1",
-            destination_port=123,
-            transport_layer_protocol="tcp",
-            direction="outbound",
-        )
-        assert nc.objectid == objectid
-        assert nc.destination_ip == "1.1.1.1"
-        assert nc.destination_port == 123
-        assert nc.transport_layer_protocol == "tcp"
-        assert nc.direction == "outbound"
-
-    @staticmethod
-    def test_add_network_connection():
-        default_or = OntologyResults(service_name="blah")
-        assert default_or.netflows == []
-
-        objectid = ObjectID(
-            ontology_id="blah",
-            tag="blah",
-        )
-        nc1 = default_or.create_network_connection(
-            objectid=objectid,
-            destination_ip="1.1.1.1",
-            destination_port=123,
-            transport_layer_protocol="tcp",
-            direction="outbound",
-        )
-        default_or.add_network_connection(nc1)
-        nc1_as_primitives = default_or.netflows[0].as_primitives()
-        assert nc1_as_primitives == {
-            "objectid": {
-                "guid": None,
-                "ontology_id": "blah",
-                "processtree": None,
-                "service_name": "blah",
-                "session": None,
-                "tag": "blah",
-                "time_observed": None,
-                "treeid": None,
-            },
-            "process": None,
-            "source_ip": None,
-            "source_port": None,
-            "destination_ip": "1.1.1.1",
-            "destination_port": 123,
-            "transport_layer_protocol": "tcp",
-            "direction": "outbound",
-            "dns_details": None,
-            "http_details": None,
-            "connection_type": None,
-        }
-
-        tag = NetworkConnection.create_tag("1.1.1.1", 123)
-        objectid = ObjectID(
-            ontology_id="blah",
-            tag=tag,
-        )
-        nc2 = default_or.create_network_connection(
-            objectid=objectid,
-            source_ip="2.2.2.2",
-            source_port=321,
-            destination_ip="1.1.1.1",
-            destination_port=123,
-            direction="outbound",
-            time_observed="1970-01-01 00:00:01",
-            transport_layer_protocol="tcp",
-        )
-        default_or.add_network_connection(nc2)
-        assert nc2.objectid.tag == "1.1.1.1:123"
-
-    @staticmethod
-    def test_get_network_connections():
-        default_or = OntologyResults(service_name="blah")
-        objectid = ObjectID(
-            ontology_id="blah",
-            tag="blah",
-        )
-        nc = default_or.create_network_connection(
-            objectid=objectid,
-            destination_ip="1.1.1.1",
-            destination_port=123,
-            transport_layer_protocol="tcp",
-            direction="outbound",
-        )
-        default_or.add_network_connection(nc)
-        assert default_or.get_network_connections() == [nc]
-
-    @staticmethod
-    def test_get_network_connection_by_pid():
-        default_or = OntologyResults(service_name="blah")
-        nc_objectid = ObjectID(
-            ontology_id="blah",
-            tag="blah",
-        )
-        nc = default_or.create_network_connection(
-            objectid=nc_objectid,
-            destination_ip="1.1.1.1",
-            destination_port=123,
-            transport_layer_protocol="tcp",
-            direction="outbound",
-        )
-        p1_objectid = ObjectID(
-            ontology_id="blah",
-            tag="blah",
-        )
-        nc.update_process(
-            pid=1, objectid=p1_objectid, image="blah", start_time="1970-01-01 00:00:01"
-        )
-        default_or.add_network_connection(nc)
-        assert default_or.get_network_connection_by_pid(1) == []
-
-        p2_objectid = ObjectID(
-            ontology_id="blah",
-            tag="blah",
-        )
-        p = default_or.create_process(
-            objectid=p2_objectid,
-            image="blah",
-            pid=2,
-            start_time="1970-01-01 00:00:01",
-            end_time="1970-01-01 00:00:05",
-        )
-        default_or.add_process(p)
-        nc2_objectid = ObjectID(
-            ontology_id="blah", tag="blah", time_observed="1970-01-01 00:00:02"
-        )
-        nc2 = default_or.create_network_connection(
-            objectid=nc2_objectid,
-            destination_ip="1.1.1.1",
-            destination_port=123,
-            transport_layer_protocol="tcp",
-            direction="outbound",
-        )
-        nc2.update_process(
-            objectid=p2_objectid, image="blah", pid=2, start_time="1970-01-01 00:00:02"
-        )
-        default_or.add_network_connection(nc2)
-        assert (
-            default_or.get_network_connection_by_pid(2)[0].destination_ip == "1.1.1.1"
-        )
-
-    @staticmethod
-    def test_get_network_connection_by_guid():
-        default_or = OntologyResults(service_name="blah")
-        nc_objectid = ObjectID(
-            ontology_id="blah",
-            tag="blah",
-            guid="{12345678-1234-5678-1234-567812345678}",
-        )
-        nc = default_or.create_network_connection(
-            objectid=nc_objectid,
-            destination_ip="1.1.1.1",
-            destination_port=123,
-            transport_layer_protocol="tcp",
-            direction="outbound",
-        )
-        default_or.add_network_connection(nc)
-        assert default_or.get_network_connection_by_guid("blah") is None
-
-        assert (
-            default_or.get_network_connection_by_guid(
-                "{12345678-1234-5678-1234-567812345678}"
-            )
-            == nc
-        )
-
-    @staticmethod
-    def test_get_network_connection_by_details():
-        default_or = OntologyResults(service_name="blah")
-        objectid = ObjectID(
-            ontology_id="blah",
-            tag="blah",
-        )
-        nc = default_or.create_network_connection(
-            objectid=objectid,
-            destination_ip="1.1.1.1",
-            destination_port=1,
-            direction="outbound",
-            transport_layer_protocol="tcp",
-        )
-        default_or.add_network_connection(nc)
-        assert (
-            default_or.get_network_connection_by_details(
-                destination_ip="1.1.1.1",
-                destination_port=1,
-                direction="outbound",
-                transport_layer_protocol="tcp",
-            )
-            == nc
-        )
-        assert (
-            default_or.get_network_connection_by_details(
-                destination_ip="1.1.1.1",
-                destination_port=1,
-                direction=None,
-                transport_layer_protocol="tcp",
-            )
-            is None
-        )
-
-    @staticmethod
-    def test_set_dns_netflows():
-        default_or = OntologyResults()
-        nd = default_or.create_network_dns(
-            domain="blah", resolved_ips=["1.1.1.1"], lookup_type="A"
-        )
-        default_or.set_dns_netflows([nd])
-        assert default_or.dns_netflows == [nd]
-
-    @staticmethod
-    def test_create_network_dns():
-        default_or = OntologyResults()
-        nd = default_or.create_network_dns(
-            domain="blah", resolved_ips=["1.1.1.1"], lookup_type="A"
-        )
-        assert nd.domain == "blah"
-
-    @staticmethod
-    def test_add_network_dns():
-        default_or = OntologyResults()
-        assert default_or.dns_netflows == []
-
-        nd = default_or.create_network_dns(
-            domain="blah", resolved_ips=["1.1.1.1"], lookup_type="A"
-        )
-        default_or.add_network_dns(nd)
-        nd_as_primitives = default_or.dns_netflows[0].as_primitives()
-        assert nd_as_primitives == {
-            "domain": "blah",
-            "resolved_ips": ["1.1.1.1"],
-            "lookup_type": "A",
-        }
-
-    @staticmethod
-    def test_get_network_dns():
-        default_or = OntologyResults()
-        nd = default_or.create_network_dns(
-            domain="blah", resolved_ips=["1.1.1.1"], lookup_type="A"
-        )
-        default_or.add_network_dns(nd)
-        assert default_or.get_network_dns() == [nd]
-
-    @staticmethod
-    def test_get_domain_by_destination_ip():
-        default_or = OntologyResults()
-        assert default_or.get_domain_by_destination_ip("1.1.1.1") is None
-
-        nd1 = default_or.create_network_dns(
-            domain="blah.com", resolved_ips=["1.1.1.1"], lookup_type="A"
-        )
-        default_or.add_network_dns(nd1)
-        assert default_or.get_domain_by_destination_ip("1.1.1.1") == "blah.com"
-
-        nd2 = default_or.create_network_dns(
-            domain="blah.ca", resolved_ips=["1.1.1.1"], lookup_type="A"
-        )
-        default_or.add_network_dns(nd2)
-        assert default_or.get_domain_by_destination_ip("1.1.1.1") == "blah.com"
-
-    @staticmethod
-    def test_get_destination_ip_by_domain():
-        default_or = OntologyResults()
-        assert default_or.get_destination_ip_by_domain("blah.com") is None
-
-        nd1 = default_or.create_network_dns(
-            domain="blah.com", resolved_ips=["1.1.1.1"], lookup_type="A"
-        )
-        default_or.add_network_dns(nd1)
-        assert default_or.get_destination_ip_by_domain("blah.com") == "1.1.1.1"
-
-        nd2 = default_or.create_network_dns(
-            domain="blah.com", resolved_ips=["2.2.2.2"], lookup_type="A"
-        )
-        default_or.add_network_dns(nd2)
-        assert default_or.get_destination_ip_by_domain("blah.com") == "1.1.1.1"
-
-    @staticmethod
-    def test_set_http_netflows():
-        default_or = OntologyResults()
-        nh = default_or.create_network_http(
-            request_uri="blah",
-            request_method="GET",
-        )
-        default_or.set_http_netflows([nh])
-        assert default_or.http_netflows == [nh]
-
-    @staticmethod
-    def test_create_network_http():
-        default_or = OntologyResults()
-        nh = default_or.create_network_http(
-            request_uri="blah",
-            request_method="GET",
-        )
-        assert nh.request_uri == "blah"
-        assert nh.request_uri == "blah"
-
-    @staticmethod
-    def test_add_network_http():
-        default_or = OntologyResults()
-        assert default_or.http_netflows == []
-
-        nh = default_or.create_network_http(
-            request_uri="blah",
-            request_method="GET",
-        )
-        default_or.add_network_http(nh)
-        nh_as_primitives = default_or.http_netflows[0].as_primitives()
-        assert nh_as_primitives == {
-            "request_uri": "blah",
-            "request_headers": {},
-            "request_body": None,
-            "request_method": "GET",
-            "response_headers": {},
-            "response_status_code": None,
-            "response_body": None,
-        }
-
-    @staticmethod
-    def test_get_network_http():
-        default_or = OntologyResults()
-        nh = default_or.create_network_http(
-            request_uri="blah",
-            request_method="GET",
-        )
-        default_or.add_network_http(nh)
-        assert default_or.get_network_http() == [nh]
-
-    @staticmethod
-    def test_get_network_http_by_path():
-        default_or = OntologyResults()
-        nh = default_or.create_network_http(
-            request_uri="blah",
-            request_method="GET",
-            request_body_path="/blah1",
-            response_body_path="/blah2",
-        )
-        default_or.add_network_http(nh)
-
-        assert default_or.get_network_http_by_path("/blah1") == nh
-        assert default_or.get_network_http_by_path("/blah2") == nh
-
-    @staticmethod
-    def test_get_network_http_by_details():
-        default_or = OntologyResults()
-        nh = default_or.create_network_http(
-            request_uri="http://blah.com",
-            request_method="GET",
-            request_headers={"a": "b"},
-        )
-        default_or.add_network_http(nh)
-
-        assert (
-            default_or.get_network_http_by_details("http://blah.com", "GET", {"a": "b"})
-            == nh
-        )
-        assert (
-            default_or.get_network_http_by_details("http://blah.ca", "GET", {"a": "b"})
-            is None
-        )
-
-    @staticmethod
-    def test_set_signature():
-        default_or = OntologyResults(service_name="blah")
-        objectid = ObjectID(
-            tag="blah",
-            ontology_id="blah",
-        )
-        s = default_or.create_signature(
-            objectid=objectid,
-            name="blah",
-            type="CUCKOO",
-        )
-        default_or.set_signatures([s])
-        assert default_or.signatures == [s]
-
-    @staticmethod
-    def test_create_signature():
-        default_or = OntologyResults(service_name="blah")
-        objectid = ObjectID(
-            tag="blah",
-            ontology_id="blah",
-        )
-        s = default_or.create_signature(
-            objectid=objectid,
-            name="blah",
-            type="CUCKOO",
-        )
-        assert s.name == "blah"
-        assert s.type == "CUCKOO"
-        assert s.objectid == objectid
-
-    @staticmethod
-    def test_add_signature():
-        default_or = OntologyResults(service_name="blah")
-        assert default_or.signatures == []
-
-        objectid = ObjectID(
-            tag="blah",
-            ontology_id="blah",
-        )
-        s = default_or.create_signature(
-            objectid=objectid,
-            name="blah",
-            type="CUCKOO",
-        )
-        default_or.add_signature(s)
-        sig_as_prims = default_or.signatures[0].as_primitives()
-        assert sig_as_prims == {
-            "actors": [],
-            "attacks": [],
-            "attributes": [],
-            "malware_families": [],
-            "name": "blah",
-            "objectid": {
-                "guid": None,
-                "ontology_id": "blah",
-                "processtree": None,
-                "service_name": "blah",
-                "session": None,
-                "tag": "blah",
-                "time_observed": None,
-                "treeid": None,
-            },
-            "type": "CUCKOO",
-        }
-
-    @staticmethod
-    def test_get_signatures():
-        default_or = OntologyResults(service_name="blah")
-        objectid = ObjectID(
-            tag="blah",
-            ontology_id="blah",
-        )
-        sig = default_or.create_signature(
-            objectid=objectid,
-            name="blah",
-            type="CUCKOO",
-        )
-        default_or.add_signature(sig)
-        assert default_or.get_signatures()[0].name == "blah"
-
-    @staticmethod
-    def test_get_signatures_by_pid():
-        default_or = OntologyResults(service_name="blah")
-        p_objectid = ObjectID(
-            ontology_id="blah",
-            tag="blah",
-        )
-        p = default_or.create_process(
-            objectid=p_objectid,
-            image="blah",
-            pid=1,
-            start_time="1970-01-01 00:00:05",
-            end_time="1970-01-01 00:00:06",
-        )
-        default_or.add_process(p)
-
-        sig_objectid = ObjectID(
-            tag="blah",
-            ontology_id="blah",
-        )
-        sig = default_or.create_signature(
-            objectid=sig_objectid,
-            name="blah",
-            type="CUCKOO",
-            attributes=[Attribute(source=p_objectid)],
-        )
-        default_or.add_signature(sig)
-        assert default_or.get_signatures_by_pid(1)[0].name == "blah"
-
-    @staticmethod
-    def test_get_events():
-        default_or = OntologyResults(service_name="blah")
-        p_objectid = ObjectID(ontology_id="blah", tag="blah", treeid="blahblah")
-        p = default_or.create_process(
-            objectid=p_objectid,
-            pid=1,
-            ppid=1,
-            image="blah",
-            command_line="blah",
-            start_time="1970-01-01 00:00:01",
-            guid="{12345678-1234-5678-1234-567812345678}",
-            pguid="{12345678-1234-5678-1234-567812345679}",
-        )
-        default_or.add_process(p)
-        nc_objectid = ObjectID(
-            ontology_id="blah",
-            tag="blah",
-            time_observed="1970-01-01 00:00:01",
-        )
-        nc = default_or.create_network_connection(
-            objectid=nc_objectid,
-            transport_layer_protocol="tcp",
-            source_ip="blah",
-            source_port=1,
-            destination_ip="blah",
-            destination_port=1,
-            guid="{12345678-1234-5678-1234-567812345670}",
-            direction="outbound",
-        )
-        default_or.add_network_connection(nc)
-        assert default_or.get_events() == [p, nc]
-        assert default_or.get_events(["blahblah"]) == [nc]
-
-    @staticmethod
-    def test_get_non_safelisted_processes():
-        default_or = OntologyResults(service_name="blah")
-        safelist = ["blahblah"]
-        p1_objectid = ObjectID(ontology_id="blah", tag="blah", treeid="blahblah")
-        p1 = default_or.create_process(
-            objectid=p1_objectid,
-            image="blah",
-            start_time="1970-01-01 00:00:01",
-        )
-        p2_objectid = ObjectID(ontology_id="blah", tag="blah", treeid="blahblahblah")
-        p2 = default_or.create_process(
-            objectid=p2_objectid,
-            image="blah",
-            start_time="1970-01-01 00:00:01",
-        )
-        default_or.add_process(p1)
-        default_or.add_process(p2)
-        assert default_or.get_non_safelisted_processes(safelist) == [p2]
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "event_list, safelist, expected_result",
-        [
-            (None, [], []),
-            ([], [], []),
-            # One process, tags for both objectid and pobjectid
-            (
-                [
-                    {
-                        "pid": 2,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345678}",
-                            tag="blah",
-                            time_observed="1970-01-01 00:00:01",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                        "pobjectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345679}",
-                            tag="blah",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                    }
-                ],
-                ["blah"],
-                [
-                    {
-                        "pid": 2,
-                        "image": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "end_time": "9999-12-31 23:59:59",
-                        "objectid": {
-                            "guid": "{12345678-1234-5678-1234-567812345678}",
-                            "tag": "blah",
-                            "treeid": "8b7df143d91c716ecfa5fc1730022f6b421b05cedee8fd52b1fc65a96030ad52",
-                            "processtree": "blah|blah",
-                            "time_observed": "1970-01-01 00:00:01",
-                            "ontology_id": "blah",
-                            "service_name": "blah",
-                            "session": None,
-                        },
-                        "pobjectid": {
-                            "guid": "{12345678-1234-5678-1234-567812345679}",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                            "ontology_id": "blah",
-                            "service_name": "blah",
-                            "session": None,
-                        },
-                        "ppid": 1,
-                        "integrity_level": None,
-                        "image_hash": None,
-                        "original_file_name": None,
-                        "command_line": "blah",
-                        "pimage": None,
-                        "pcommand_line": None,
-                        "children": [],
-                    }
-                ],
-            ),
-            # Two processes, one parent one child
-            (
-                [
-                    {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345678}",
-                            tag="blah",
-                            time_observed="1970-01-01 00:00:01",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                        "pobjectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345678}",
-                            tag="blah",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                    },
-                    {
-                        "pid": 2,
-                        "ppid": 1,
-                        "image": "blah2",
-                        "command_line": "blah2",
-                        "start_time": "1970-01-01 00:00:02",
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345679}",
-                            tag="blah2",
-                            time_observed="1970-01-01 00:00:02",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                        "pobjectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345678}",
-                            tag="blah",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                    },
-                ],
-                [],
-                [
-                    {
-                        "pid": 1,
-                        "image": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "end_time": "9999-12-31 23:59:59",
-                        "objectid": {
-                            "guid": "{12345678-1234-5678-1234-567812345678}",
-                            "tag": "blah",
-                            "treeid": "8b7df143d91c716ecfa5fc1730022f6b421b05cedee8fd52b1fc65a96030ad52",
-                            "processtree": "blah|blah",
-                            "time_observed": "1970-01-01 00:00:01",
-                            "ontology_id": "blah",
-                            "service_name": "blah",
-                            "session": None,
-                        },
-                        "pobjectid": {
-                            "guid": "{12345678-1234-5678-1234-567812345678}",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                            "ontology_id": "blah",
-                            "service_name": "blah",
-                            "session": None,
-                        },
-                        "ppid": 1,
-                        "command_line": "blah",
-                        "pimage": None,
-                        "pcommand_line": None,
-                        "integrity_level": None,
-                        "image_hash": None,
-                        "original_file_name": None,
-                        "children": [
-                            {
-                                "pid": 2,
-                                "image": "blah2",
-                                "start_time": "1970-01-01 00:00:02",
-                                "end_time": "9999-12-31 23:59:59",
-                                "objectid": {
-                                    "guid": "{12345678-1234-5678-1234-567812345679}",
-                                    "tag": "blah2",
-                                    "treeid": "28fb5ed121e549f67b678d225bb2fc9971ed02c18a087f8fa9b05bf18a23d9e1",
-                                    "processtree": "blah|blah|blah2",
-                                    "time_observed": "1970-01-01 00:00:02",
-                                    "ontology_id": "blah",
-                                    "service_name": "blah",
-                                    "session": None,
-                                },
-                                "pobjectid": {
-                                    "guid": "{12345678-1234-5678-1234-567812345678}",
-                                    "tag": "blah",
-                                    "treeid": None,
-                                    "processtree": None,
-                                    "time_observed": "1970-01-01 00:00:01",
-                                    "ontology_id": "blah",
-                                    "service_name": "blah",
-                                    "session": None,
-                                },
-                                "ppid": 1,
-                                "command_line": "blah2",
-                                "pimage": "blah",
-                                "pcommand_line": "blah",
-                                "children": [],
-                                "integrity_level": None,
-                                "image_hash": None,
-                                "original_file_name": None,
-                            }
-                        ],
-                    }
-                ],
-            ),
-            # Four processes, two pairs of parent-child, one child is safelisted
-            (
-                [
-                    {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345671}",
-                            tag="blah",
-                            time_observed="1970-01-01 00:00:01",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                        "pobjectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345671}",
-                            tag="blah",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                    },
-                    {
-                        "pid": 2,
-                        "ppid": 1,
-                        "image": "blah2",
-                        "command_line": "blah2",
-                        "start_time": "1970-01-01 00:00:02",
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345672}",
-                            tag="blah2",
-                            time_observed="1970-01-01 00:00:02",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                        "pobjectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345671}",
-                            tag="blah",
-                            time_observed="1970-01-01 00:00:01",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                    },
-                    {
-                        "pid": 3,
-                        "ppid": 3,
-                        "image": "blah3",
-                        "command_line": "blah3",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345673}",
-                            tag="blah3",
-                            time_observed="1970-01-01 00:00:01",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                        "pobjectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345673}",
-                            tag="blah3",
-                            time_observed="1970-01-01 00:00:01",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                    },
-                    {
-                        "pid": 4,
-                        "ppid": 3,
-                        "image": "blah4",
-                        "command_line": "blah4",
-                        "start_time": "1970-01-01 00:00:02",
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345674}",
-                            tag="blah4",
-                            time_observed="1970-01-01 00:00:02",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                        "pobjectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345673}",
-                            tag="blah3",
-                            time_observed="1970-01-01 00:00:01",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                    },
-                ],
-                ["55459caaa8ca94a90de5643a6a930e1b19bab480982607327081f46eb86f816c"],
-                [
-                    {
-                        "pid": 1,
-                        "image": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "end_time": "9999-12-31 23:59:59",
-                        "objectid": {
-                            "guid": "{12345678-1234-5678-1234-567812345671}",
-                            "tag": "blah",
-                            "treeid": "8b7df143d91c716ecfa5fc1730022f6b421b05cedee8fd52b1fc65a96030ad52",
-                            "processtree": "blah|blah",
-                            "time_observed": "1970-01-01 00:00:01",
-                            "ontology_id": "blah",
-                            "service_name": "blah",
-                            "session": None,
-                        },
-                        "pobjectid": {
-                            "guid": "{12345678-1234-5678-1234-567812345671}",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                            "ontology_id": "blah",
-                            "service_name": "blah",
-                            "session": None,
-                        },
-                        "ppid": 1,
-                        "command_line": "blah",
-                        "pimage": None,
-                        "pcommand_line": None,
-                        "integrity_level": None,
-                        "image_hash": None,
-                        "original_file_name": None,
-                        "children": [
-                            {
-                                "pid": 2,
-                                "image": "blah2",
-                                "start_time": "1970-01-01 00:00:02",
-                                "end_time": "9999-12-31 23:59:59",
-                                "objectid": {
-                                    "guid": "{12345678-1234-5678-1234-567812345672}",
-                                    "tag": "blah2",
-                                    "treeid": "28fb5ed121e549f67b678d225bb2fc9971ed02c18a087f8fa9b05bf18a23d9e1",
-                                    "processtree": "blah|blah|blah2",
-                                    "time_observed": "1970-01-01 00:00:02",
-                                    "ontology_id": "blah",
-                                    "service_name": "blah",
-                                    "session": None,
-                                },
-                                "pobjectid": {
-                                    "guid": "{12345678-1234-5678-1234-567812345671}",
-                                    "tag": "blah",
-                                    "treeid": None,
-                                    "processtree": None,
-                                    "time_observed": "1970-01-01 00:00:01",
-                                    "ontology_id": "blah",
-                                    "service_name": "blah",
-                                    "session": None,
-                                },
-                                "ppid": 1,
-                                "command_line": "blah2",
-                                "children": [],
-                                "pimage": "blah",
-                                "pcommand_line": "blah",
-                                "integrity_level": None,
-                                "image_hash": None,
-                                "original_file_name": None,
-                            }
-                        ],
-                    },
-                ],
-            ),
-            # One process, safelisted
-            (
-                [
-                    {
-                        "pid": 2,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345678}",
-                            tag="blah",
-                            time_observed="1970-01-01 00:00:01",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                        "pobjectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345679}",
-                            tag="blah",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                    }
-                ],
-                ["8b7df143d91c716ecfa5fc1730022f6b421b05cedee8fd52b1fc65a96030ad52"],
-                [],
-            ),
-            # One network connection
-            (
-                [
-                    {
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345678}",
-                            tag="blah:blah",
-                            time_observed="1970-01-01 00:00:01",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                        "source_ip": "blah",
-                        "source_port": "blah",
-                        "destination_ip": "blah",
-                        "destination_port": 123,
-                        "transport_layer_protocol": "tcp",
-                        "direction": "outbound",
-                        "process": None,
-                    },
-                ],
-                ["blah"],
-                [
-                    {
-                        "connection_type": None,
-                        "dns_details": None,
-                        "http_details": None,
-                        "objectid": {
-                            "guid": "{12345678-1234-5678-1234-567812345678}",
-                            "tag": "blah:blah",
-                            "treeid": "5f687d6145fb95eb502e4b6c1c83914aca058b35ce0aa6fe3d80f7e972e4f363",
-                            "processtree": "blah:blah",
-                            "time_observed": "1970-01-01 00:00:01",
-                            "ontology_id": "blah",
-                            "service_name": "blah",
-                            "session": None,
-                        },
-                        "source_ip": "blah",
-                        "source_port": "blah",
-                        "destination_ip": "blah",
-                        "destination_port": 123,
-                        "transport_layer_protocol": "tcp",
-                        "direction": "outbound",
-                        "process": None,
-                        "children": [],
-                    },
-                ],
-            ),
-            # Two objects, one parent process, one child network connection
-            (
-                [
-                    {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345678}",
-                            tag="blah",
-                            time_observed="1970-01-01 00:00:01",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                        "pobjectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345678}",
-                            tag="blah",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                    },
-                    {
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345679}",
-                            tag="blah:blah",
-                            time_observed="1970-01-01 00:00:02",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                        "source_ip": "blah",
-                        "source_port": "blah",
-                        "destination_ip": "blah",
-                        "destination_port": 123,
-                        "transport_layer_protocol": "tcp",
-                        "direction": "outbound",
-                        "process": {
-                            "objectid": ObjectID(
-                                guid="{12345678-1234-5678-1234-567812345678}",
-                                tag="blah",
-                                ontology_id="blah",
-                                service_name="blah",
-                                time_observed="1970-01-01 00:00:01",
-                            ),
-                            "image": "blah",
-                            "start_time": "1970-01-01 00:00:01",
-                        },
-                    },
-                ],
-                [],
-                [
-                    {
-                        "pid": 1,
-                        "image": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "end_time": "9999-12-31 23:59:59",
-                        "objectid": {
-                            "guid": "{12345678-1234-5678-1234-567812345678}",
-                            "tag": "blah",
-                            "treeid": "8b7df143d91c716ecfa5fc1730022f6b421b05cedee8fd52b1fc65a96030ad52",
-                            "processtree": "blah|blah",
-                            "time_observed": "1970-01-01 00:00:01",
-                            "ontology_id": "blah",
-                            "service_name": "blah",
-                            "session": None,
-                        },
-                        "pobjectid": {
-                            "guid": "{12345678-1234-5678-1234-567812345678}",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                            "ontology_id": "blah",
-                            "service_name": "blah",
-                            "session": None,
-                        },
-                        "ppid": 1,
-                        "command_line": "blah",
-                        "pimage": None,
-                        "pcommand_line": None,
-                        "integrity_level": None,
-                        "image_hash": None,
-                        "original_file_name": None,
-                        "children": [
-                            {
-                                "objectid": {
-                                    "guid": "{12345678-1234-5678-1234-567812345679}",
-                                    "tag": "blah:blah",
-                                    "treeid": "81a167be9a70e6d9c9b14f4dec79c052e463c3fda116583731c1065143e8f277",
-                                    "processtree": "blah|blah|blah:blah",
-                                    "time_observed": "1970-01-01 00:00:02",
-                                    "ontology_id": "blah",
-                                    "service_name": "blah",
-                                    "session": None,
-                                },
-                                "source_ip": "blah",
-                                "source_port": "blah",
-                                "destination_ip": "blah",
-                                "destination_port": 123,
-                                "transport_layer_protocol": "tcp",
-                                "direction": "outbound",
-                                "process": {
-                                    "pid": 1,
-                                    "ppid": 1,
-                                    "image": "blah",
-                                    "command_line": "blah",
-                                    "start_time": "1970-01-01 00:00:01",
-                                    "end_time": "9999-12-31 23:59:59",
-                                    "pimage": None,
-                                    "pcommand_line": None,
-                                    "integrity_level": None,
-                                    "image_hash": None,
-                                    "original_file_name": None,
-                                    "objectid": {
-                                        "ontology_id": "blah",
-                                        "guid": "{12345678-1234-5678-1234-567812345678}",
-                                        "tag": "blah",
-                                        "treeid": None,
-                                        "processtree": None,
-                                        "time_observed": "1970-01-01 00:00:01",
-                                        "processtree": None,
-                                        "session": None,
-                                        "service_name": "blah",
-                                    },
-                                    "pobjectid": {
-                                        "ontology_id": "blah",
-                                        "guid": "{12345678-1234-5678-1234-567812345678}",
-                                        "tag": "blah",
-                                        "treeid": None,
-                                        "processtree": None,
-                                        "time_observed": None,
-                                        "processtree": None,
-                                        "session": None,
-                                        "service_name": "blah",
-                                    },
-                                },
-                                "children": [],
-                                "connection_type": None,
-                                "dns_details": None,
-                                "http_details": None,
-                            },
-                        ],
-                    }
-                ],
-            ),
-        ],
-    )
-    def test_get_process_tree(event_list, safelist, expected_result):
-        default_or = OntologyResults()
-        if event_list:
-            for event in event_list:
-                if "process" in event:
-                    nc = default_or.create_network_connection(**event)
-                    default_or.add_network_connection(nc)
-                else:
-                    p = default_or.create_process(**event)
-                    default_or.add_process(p)
-        actual_result = default_or.get_process_tree(safelist=safelist)
-        assert actual_result == expected_result
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "event_list, signatures, safelist, correct_section_body",
-        [
-            (None, None, [], []),
-            ([], None, [], []),
-            (
-                [
-                    {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "end_time": "9999-12-31 23:59:59",
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345678}",
-                            tag="blah",
-                            time_observed="1970-01-01 00:00:01",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                    }
-                ],
-                None,
-                [],
-                [
-                    {
-                        "process_pid": 1,
-                        "process_name": "blah",
-                        "command_line": "blah",
-                        "signatures": {},
-                        "children": [],
-                        "file_count": 0,
-                        "network_count": 0,
-                        "registry_count": 0,
-                        "safelisted": False,
-                    }
-                ],
-            ),
-            (
-                [
-                    {
-                        "pid": 1,
-                        "ppid": 2,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "end_time": "9999-12-31 23:59:59",
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345678}",
-                            tag="blah",
-                            time_observed="1970-01-01 00:00:01",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                        "pobjectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345679}",
-                            time_observed="1970-01-01 00:00:01",
-                            ontology_id="blah",
-                            service_name="blah",
-                            tag="blah",
-                        ),
-                    },
-                    {
-                        "pid": 2,
-                        "ppid": 3,
-                        "image": "blah2",
-                        "command_line": "blah2",
-                        "start_time": "1970-01-01 00:00:01",
-                        "end_time": "9999-12-31 23:59:59",
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345679}",
-                            tag="blah",
-                            time_observed="1970-01-01 00:00:01",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                    },
-                ],
-                None,
-                [],
-                [
-                    {
-                        "process_pid": 2,
-                        "process_name": "blah2",
-                        "command_line": "blah2",
-                        "signatures": {},
-                        "children": [
-                            {
-                                "process_pid": 1,
-                                "process_name": "blah",
-                                "command_line": "blah",
-                                "signatures": {},
-                                "children": [],
-                                "file_count": 0,
-                                "network_count": 0,
-                                "registry_count": 0,
-                                "safelisted": False,
-                            }
-                        ],
-                        "file_count": 0,
-                        "network_count": 1,
-                        "registry_count": 0,
-                        "safelisted": False,
-                    }
-                ],
-            ),
-            (
-                [
-                    {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "end_time": "9999-12-31 23:59:59",
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345678}",
-                            tag="blah",
-                            time_observed="1970-01-01 00:00:01",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                        "pobjectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345678}",
-                            tag="blah",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                    },
-                    {
-                        "pid": 2,
-                        "ppid": 1,
-                        "image": "blah2",
-                        "command_line": "blah2",
-                        "start_time": "1970-01-01 00:00:02",
-                        "end_time": "9999-12-31 23:59:59",
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345679}",
-                            tag="blah2",
-                            time_observed="1970-01-01 00:00:02",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                        "pobjectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345678}",
-                            tag="blah",
-                            time_observed="1970-01-01 00:00:01",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                    },
-                    {
-                        "pid": 3,
-                        "ppid": 3,
-                        "image": "blah3",
-                        "command_line": "blah3",
-                        "start_time": "1970-01-01 00:00:01",
-                        "end_time": "9999-12-31 23:59:59",
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345671}",
-                            tag="blah3",
-                            time_observed="1970-01-01 00:00:01",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                    },
-                    {
-                        "pid": 4,
-                        "ppid": 3,
-                        "image": "blah4",
-                        "command_line": "blah4",
-                        "start_time": "1970-01-01 00:00:02",
-                        "end_time": "9999-12-31 23:59:59",
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345674}",
-                            tag="blah4",
-                            time_observed="1970-01-01 00:00:02",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                        "pobjectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345671}",
-                            tag="blah3",
-                            time_observed="1970-01-01 00:00:01",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                    },
-                ],
-                None,
-                ["55459caaa8ca94a90de5643a6a930e1b19bab480982607327081f46eb86f816c"],
-                [
-                    {
-                        "process_pid": 1,
-                        "process_name": "blah",
-                        "command_line": "blah",
-                        "signatures": {},
-                        "children": [
-                            {
-                                "process_pid": 2,
-                                "process_name": "blah2",
-                                "command_line": "blah2",
-                                "signatures": {},
-                                "children": [],
-                                "file_count": 0,
-                                "network_count": 1,
-                                "registry_count": 0,
-                                "safelisted": False,
-                            }
-                        ],
-                        "file_count": 0,
-                        "network_count": 0,
-                        "registry_count": 0,
-                        "safelisted": False,
-                    }
-                ],
-            ),
-            (
-                [
-                    {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "end_time": "9999-12-31 23:59:59",
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345678}",
-                            tag="blah",
-                            time_observed="1970-01-01 00:00:01",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                    }
-                ],
-                [
-                    {
-                        "objectid": ObjectID(
-                            tag="blah",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                        "name": "blah",
-                        "type": "CUCKOO",
-                        "score": 1,
-                        "attributes": [
-                            Attribute(
-                                source=ObjectID(
-                                    guid="{12345678-1234-5678-1234-567812345678}",
-                                    tag="blah",
-                                    time_observed="1970-01-01 00:00:01",
-                                    ontology_id="blah",
-                                    service_name="blah",
-                                ),
-                            )
-                        ],
-                    }
-                ],
-                [],
-                [
-                    {
-                        "process_pid": 1,
-                        "process_name": "blah",
-                        "command_line": "blah",
-                        "signatures": {"blah": 1},
-                        "children": [],
-                        "file_count": 0,
-                        "network_count": 0,
-                        "registry_count": 0,
-                        "safelisted": False,
-                    }
-                ],
-            ),
-            (
-                [
-                    {
-                        "pid": 2,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "end_time": "9999-12-31 23:59:59",
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345678}",
-                            tag="blah",
-                            time_observed="1970-01-01 00:00:01",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                    }
-                ],
-                [
-                    {
-                        "objectid": ObjectID(
-                            tag="blah",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                        "name": "blah",
-                        "type": "CUCKOO",
-                        "score": 1,
-                        "attributes": [
-                            Attribute(
-                                source=ObjectID(
-                                    guid="{12345678-1234-5678-1234-567812345679}",
-                                    tag="blah",
-                                    time_observed="1970-01-01 00:00:01",
-                                    ontology_id="blah",
-                                    service_name="blah",
-                                ),
-                            )
-                        ],
-                    }
-                ],
-                [],
-                [
-                    {
-                        "process_pid": 2,
-                        "process_name": "blah",
-                        "command_line": "blah",
-                        "signatures": {},
-                        "children": [],
-                        "file_count": 0,
-                        "network_count": 0,
-                        "registry_count": 0,
-                        "safelisted": False,
-                    }
-                ],
-            ),
-            (
-                [
-                    {
-                        "pid": 2,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "end_time": "9999-12-31 23:59:59",
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345678}",
-                            tag="blah",
-                            time_observed="1970-01-01 00:00:01",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                    }
-                ],
-                [
-                    {
-                        "objectid": ObjectID(
-                            tag="blah",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                        "name": "blah",
-                        "type": "CUCKOO",
-                        "score": 1,
-                        "attributes": [
-                            Attribute(
-                                source=ObjectID(
-                                    guid="{12345678-1234-5678-1234-567812345679}",
-                                    tag="blah",
-                                    time_observed="1970-01-01 00:00:01",
-                                    ontology_id="blah",
-                                    service_name="blah",
-                                ),
-                            )
-                        ],
-                    }
-                ],
-                ["blah"],
-                [
-                    {
-                        "process_pid": 2,
-                        "process_name": "blah",
-                        "command_line": "blah",
-                        "signatures": {},
-                        "children": [],
-                        "file_count": 0,
-                        "file_count": 0,
-                        "network_count": 0,
-                        "registry_count": 0,
-                        "safelisted": False,
-                    }
-                ],
-            ),
-            (
-                [
-                    {
-                        "pid": 2,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "end_time": "9999-12-31 23:59:59",
-                        "objectid": ObjectID(
-                            guid="{12345678-1234-5678-1234-567812345678}",
-                            tag="blah",
-                            time_observed="1970-01-01 00:00:01",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                    }
-                ],
-                [
-                    {
-                        "objectid": ObjectID(
-                            tag="blah",
-                            ontology_id="blah",
-                            service_name="blah",
-                        ),
-                        "name": "blah",
-                        "type": "CUCKOO",
-                        "score": 1,
-                        "attributes": [
-                            Attribute(
-                                source=ObjectID(
-                                    guid="{12345678-1234-5678-1234-567812345679}",
-                                    tag="blah",
-                                    time_observed="1970-01-01 00:00:01",
-                                    ontology_id="blah",
-                                    service_name="blah",
-                                ),
-                            )
-                        ],
-                    }
-                ],
-                ["8b7df143d91c716ecfa5fc1730022f6b421b05cedee8fd52b1fc65a96030ad52"],
-                [],
-            ),
-        ],
-    )
-    def test_get_process_tree_result_section(
-        event_list, signatures, safelist, correct_section_body
-    ):
-        from assemblyline_v4_service.common.result import ResultProcessTreeSection
-
-        default_or = OntologyResults(service_name="blah")
-        if event_list:
-            for event in event_list:
-                p = default_or.create_process(**event)
-                default_or.add_process(p)
-        nc_objectid = ObjectID(tag="blah", ontology_id="blah")
-        nc = default_or.create_network_connection(
-            objectid=nc_objectid,
-            destination_ip="1.1.1.1",
-            destination_port=443,
-            source_ip="2.2.2.2",
-            source_port=9999,
-            transport_layer_protocol="tcp",
-            direction="outbound",
-        )
-        nc.update_process(
-            pid=2,
-            image="blah2",
-            start_time="1970-01-01 00:00:02",
-            end_time="9999-12-31 23:59:59",
-            objectid=ObjectID(
-                guid="{12345678-1234-5678-1234-567812345679}",
-                tag="blah",
-                time_observed="1970-01-01 00:00:01",
-                ontology_id="blah",
-                service_name="blah",
-            ),
-        )
-        default_or.add_network_connection(nc)
-        if signatures:
-            for signature in signatures:
-                s = default_or.create_signature(**signature)
-                default_or.add_signature(s)
-        actual_result = default_or.get_process_tree_result_section(safelist=safelist)
-        assert isinstance(actual_result, ResultProcessTreeSection)
-        assert actual_result.section_body.__dict__["_data"] == correct_section_body
-
-    @staticmethod
-    @pytest.mark.skip("TBD")
-    def test_load_from_json():
-        default_or = OntologyResults()
-        default_or.load_from_json(
-            {
-                "analysis_metadata": {
-                    "task_id": "blah",
-                    "start_time": "blah",
-                    "end_time": "blah",
-                    "routing": "blah",
-                    "machine_metadata": {
-                        "ip": "blah",
-                        "hypervisor": "blah",
-                        "hostname": "blah",
-                        "platform": "blah",
-                        "version": "blah",
-                        "architecture": "blah",
-                    },
-                },
-                "signatures": [
-                    {
-                        "name": "blah",
-                        "description": "blah",
-                        "attack": ["blah"],
-                        "subjects": [
-                            {
-                                "ip": "blah",
-                                "domain": None,
-                                "uri": None,
-                                "process": None,
-                                "file": None,
-                                "registry": None,
-                            },
-                            {
-                                "ip": "blah",
-                                "domain": None,
-                                "uri": None,
-                                "process": {
-                                    "objectid": {
-                                        "guid": "{12345678-1234-5678-1234-567812345678}",
-                                        "tag": "blah",
-                                        "treeid": "blah",
-                                        "processtree": "blah",
-                                        "time_observed": "blah",
-                                    },
-                                    "pobjectid": {
-                                        "guid": "{12345678-1234-5678-1234-567812345678}",
-                                        "tag": "blah",
-                                        "treeid": "blah",
-                                        "processtree": "blah",
-                                        "time_observed": "blah",
-                                    },
-                                    "pimage": "blah",
-                                    "pcommand_line": "blah",
-                                    "ppid": "blah",
-                                    "pid": "blah",
-                                    "image": "blah",
-                                    "command_line": "blah",
-                                    "start_time": "blah",
-                                    "end_time": "blah",
-                                    "integrity_level": "blah",
-                                    "image_hash": "blah",
-                                    "original_file_name": "blah",
-                                },
-                                "file": None,
-                                "registry": None,
-                            },
-                        ],
-                        "process": {
-                            "objectid": {
-                                "guid": "{12345678-1234-5678-1234-567812345678}",
-                                "tag": "blah",
-                                "treeid": "blah",
-                                "processtree": "blah",
-                                "time_observed": "blah",
-                            },
-                            "pobjectid": {
-                                "guid": "{12345678-1234-5678-1234-567812345678}",
-                                "tag": "blah",
-                                "treeid": "blah",
-                                "processtree": "blah",
-                                "time_observed": "blah",
-                            },
-                            "pimage": "blah",
-                            "pcommand_line": "blah",
-                            "ppid": "blah",
-                            "pid": "blah",
-                            "image": "blah",
-                            "command_line": "blah",
-                            "start_time": "blah",
-                            "end_time": "blah",
-                            "integrity_level": "blah",
-                            "image_hash": "blah",
-                            "original_file_name": "blah",
-                        },
-                    }
-                ],
-                "network_connections": [
-                    {
-                        "objectid": {
-                            "tag": "blah",
-                            "treeid": "blah",
-                            "processtree": "blah",
-                            "time_observed": "blah",
-                        },
-                        "source_ip": "blah",
-                        "source_port": "blah",
-                        "destination_ip": "blah",
-                        "destination_port": "blah",
-                        "transport_layer_protocol": "blah",
-                        "direction": "blah",
-                        "process": {
-                            "objectid": {
-                                "guid": "{12345678-1234-5678-1234-567812345678}",
-                                "tag": "blah",
-                                "treeid": "blah",
-                                "processtree": "blah",
-                                "time_observed": "blah",
-                            },
-                            "pobjectid": {
-                                "guid": "{12345678-1234-5678-1234-567812345678}",
-                                "tag": "blah",
-                                "treeid": "blah",
-                                "processtree": "blah",
-                                "time_observed": "blah",
-                            },
-                            "pimage": "blah",
-                            "pcommand_line": "blah",
-                            "ppid": "blah",
-                            "pid": "blah",
-                            "image": "blah",
-                            "command_line": "blah",
-                            "start_time": "blah",
-                            "end_time": "blah",
-                            "integrity_level": "blah",
-                            "image_hash": "blah",
-                            "original_file_name": "blah",
-                        },
-                    }
-                ],
-                "network_dns": [
-                    {
-                        "domain": "blah",
-                        "resolved_ips": ["blah"],
-                        "lookup_type": "blah",
-                        "connection_details": {
-                            "objectid": {
-                                "tag": "blah",
-                                "treeid": "blah",
-                                "processtree": "blah",
-                                "time_observed": "blah",
-                            },
-                            "source_ip": "blah",
-                            "source_port": "blah",
-                            "destination_ip": "blah",
-                            "destination_port": "blah",
-                            "transport_layer_protocol": "blah",
-                            "direction": "blah",
-                            "process": {
-                                "objectid": {
-                                    "guid": "{12345678-1234-5678-1234-567812345678}",
-                                    "tag": "blah",
-                                    "treeid": "blah",
-                                    "processtree": "blah",
-                                    "time_observed": "blah",
-                                },
-                                "pobjectid": {
-                                    "guid": "{12345678-1234-5678-1234-567812345678}",
-                                    "tag": "blah",
-                                    "treeid": "blah",
-                                    "processtree": "blah",
-                                    "time_observed": "blah",
-                                },
-                                "pimage": "blah",
-                                "pcommand_line": "blah",
-                                "ppid": "blah",
-                                "pid": "blah",
-                                "image": "blah",
-                                "command_line": "blah",
-                                "start_time": "blah",
-                                "end_time": "blah",
-                                "integrity_level": "blah",
-                                "image_hash": "blah",
-                                "original_file_name": "blah",
-                            },
-                        },
-                    }
-                ],
-                "network_http": [
-                    {
-                        "request_uri": "blah",
-                        "request_headers": {"a": "b"},
-                        "request_body": "blah",
-                        "request_method": "blah",
-                        "response_headers": {"a": "b"},
-                        "response_status_code": 123,
-                        "response_body": "blah",
-                        "connection_details": {
-                            "objectid": {
-                                "tag": "blah",
-                                "treeid": "blah",
-                                "processtree": "blah",
-                                "time_observed": "blah",
-                            },
-                            "source_ip": "blah",
-                            "source_port": "blah",
-                            "destination_ip": "blah",
-                            "destination_port": "blah",
-                            "transport_layer_protocol": "blah",
-                            "direction": "blah",
-                            "process": {
-                                "objectid": {
-                                    "guid": "{12345678-1234-5678-1234-567812345678}",
-                                    "tag": "blah",
-                                    "treeid": "blah",
-                                    "processtree": "blah",
-                                    "time_observed": "blah",
-                                },
-                                "pobjectid": {
-                                    "guid": "{12345678-1234-5678-1234-567812345678}",
-                                    "tag": "blah",
-                                    "treeid": "blah",
-                                    "processtree": "blah",
-                                    "time_observed": "blah",
-                                },
-                                "pimage": "blah",
-                                "pcommand_line": "blah",
-                                "ppid": "blah",
-                                "pid": "blah",
-                                "image": "blah",
-                                "command_line": "blah",
-                                "start_time": "blah",
-                                "end_time": "blah",
-                                "integrity_level": "blah",
-                                "image_hash": "blah",
-                                "original_file_name": "blah",
-                            },
-                        },
-                    }
-                ],
-                "processes": [
-                    {
-                        "objectid": {
-                            "guid": "{12345678-1234-5678-1234-567812345678}",
-                            "tag": "blah",
-                            "treeid": "blah",
-                            "processtree": "blah",
-                            "time_observed": "blah",
-                        },
-                        "pobjectid": {
-                            "guid": "{12345678-1234-5678-1234-567812345678}",
-                            "tag": "blah",
-                            "treeid": "blah",
-                            "processtree": "blah",
-                            "time_observed": "blah",
-                        },
-                        "pimage": "blah",
-                        "pcommand_line": "blah",
-                        "ppid": "blah",
-                        "pid": "blah",
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "blah",
-                        "end_time": "blah",
-                        "integrity_level": "blah",
-                        "image_hash": "blah",
-                        "original_file_name": "blah",
-                    }
-                ],
-                "sandbox_name": "blah",
-                "sandbox_version": "blah",
-            }
-        )
-
-        assert default_or.analysis_metadata.task_id == "blah"
-        assert default_or.analysis_metadata.start_time == "blah"
-        assert default_or.analysis_metadata.end_time == "blah"
-        assert default_or.analysis_metadata.routing == "blah"
-
-        assert default_or.analysis_metadata.machine_metadata.ip == "blah"
-        assert default_or.analysis_metadata.machine_metadata.hypervisor == "blah"
-        assert default_or.analysis_metadata.machine_metadata.hostname == "blah"
-        assert default_or.analysis_metadata.machine_metadata.platform == "blah"
-        assert default_or.analysis_metadata.machine_metadata.version == "blah"
-        assert default_or.analysis_metadata.machine_metadata.architecture == "blah"
-
-        assert default_or.signatures[0].name == "blah"
-        assert default_or.signatures[0].description == "blah"
-        assert default_or.signatures[0].attack == ["blah"]
-
-        assert default_or.signatures[0].subjects[0].ip == "blah"
-        assert default_or.signatures[0].subjects[0].domain is None
-        assert default_or.signatures[0].subjects[0].uri is None
-        assert default_or.signatures[0].subjects[0].process is None
-        assert default_or.signatures[0].subjects[0].file is None
-        assert default_or.signatures[0].subjects[0].registry is None
-
-        assert default_or.signatures[0].subjects[1].ip is None
-        assert default_or.signatures[0].subjects[1].domain is None
-        assert default_or.signatures[0].subjects[1].uri is None
-        assert default_or.signatures[0].subjects[1].file is None
-        assert default_or.signatures[0].subjects[1].registry is None
-
-        assert (
-            default_or.signatures[0].subjects[1].process.objectid.guid
-            == "{12345678-1234-5678-1234-567812345678}"
-        )
-        assert default_or.signatures[0].subjects[1].process.objectid.tag == "blah"
-        assert default_or.signatures[0].subjects[1].process.objectid.treeid == "blah"
-        assert (
-            default_or.signatures[0].subjects[1].process.objectid.time_observed
-            == "blah"
-        )
-        assert (
-            default_or.signatures[0].subjects[1].process.pobjectid.guid
-            == "{12345678-1234-5678-1234-567812345678}"
-        )
-        assert default_or.signatures[0].subjects[1].process.pobjectid.tag == "blah"
-        assert default_or.signatures[0].subjects[1].process.pobjectid.treeid == "blah"
-        assert (
-            default_or.signatures[0].subjects[1].process.pobjectid.processtree == "blah"
-        )
-        assert (
-            default_or.signatures[0].subjects[1].process.pobjectid.time_observed
-            == "blah"
-        )
-        assert default_or.signatures[0].subjects[1].process.pimage == "blah"
-        assert default_or.signatures[0].subjects[1].process.pcommand_line == "blah"
-        assert default_or.signatures[0].subjects[1].process.ppid == "blah"
-        assert default_or.signatures[0].subjects[1].process.pid == "blah"
-        assert default_or.signatures[0].subjects[1].process.image == "blah"
-        assert default_or.signatures[0].subjects[1].process.command_line == "blah"
-        assert default_or.signatures[0].subjects[1].process.start_time == "blah"
-        assert default_or.signatures[0].subjects[1].process.end_time == "blah"
-        assert default_or.signatures[0].subjects[1].process.integrity_level == "blah"
-        assert default_or.signatures[0].subjects[1].process.image_hash == "blah"
-        assert default_or.signatures[0].subjects[1].process.original_file_name == "blah"
-
-        assert (
-            default_or.signatures[0].process.objectid.guid
-            == "{12345678-1234-5678-1234-567812345678}"
-        )
-        assert default_or.signatures[0].process.objectid.tag == "blah"
-        assert default_or.signatures[0].process.objectid.treeid == "blah"
-        assert default_or.signatures[0].process.objectid.time_observed == "blah"
-        assert (
-            default_or.signatures[0].process.pobjectid.guid
-            == "{12345678-1234-5678-1234-567812345678}"
-        )
-        assert default_or.signatures[0].process.pobjectid.tag == "blah"
-        assert default_or.signatures[0].process.pobjectid.treeid == "blah"
-        assert default_or.signatures[0].process.pobjectid.processtree == "blah"
-        assert default_or.signatures[0].process.pobjectid.time_observed == "blah"
-        assert default_or.signatures[0].process.pimage == "blah"
-        assert default_or.signatures[0].process.pcommand_line == "blah"
-        assert default_or.signatures[0].process.ppid == "blah"
-        assert default_or.signatures[0].process.pid == "blah"
-        assert default_or.signatures[0].process.image == "blah"
-        assert default_or.signatures[0].process.command_line == "blah"
-        assert default_or.signatures[0].process.start_time == "blah"
-        assert default_or.signatures[0].process.end_time == "blah"
-        assert default_or.signatures[0].process.integrity_level == "blah"
-        assert default_or.signatures[0].process.image_hash == "blah"
-        assert default_or.signatures[0].process.original_file_name == "blah"
-
-        assert str(UUID(default_or.network_connections[0].objectid.guid))
-        assert default_or.network_connections[0].objectid.tag == "blah"
-        assert default_or.network_connections[0].objectid.treeid == "blah"
-        assert default_or.network_connections[0].objectid.processtree == "blah"
-        assert default_or.network_connections[0].objectid.time_observed == "blah"
-        assert default_or.network_connections[0].source_ip == "blah"
-        assert default_or.network_connections[0].source_port == "blah"
-        assert default_or.network_connections[0].destination_ip == "blah"
-        assert default_or.network_connections[0].destination_port == "blah"
-        assert default_or.network_connections[0].transport_layer_protocol == "blah"
-        assert default_or.network_connections[0].direction == "blah"
-
-        assert (
-            default_or.network_connections[0].process.objectid.guid
-            == "{12345678-1234-5678-1234-567812345678}"
-        )
-        assert default_or.network_connections[0].process.objectid.tag == "blah"
-        assert default_or.network_connections[0].process.objectid.treeid == "blah"
-        assert default_or.network_connections[0].process.objectid.processtree == "blah"
-        assert (
-            default_or.network_connections[0].process.objectid.time_observed == "blah"
-        )
-        assert (
-            default_or.network_connections[0].process.pobjectid.guid
-            == "{12345678-1234-5678-1234-567812345678}"
-        )
-        assert default_or.network_connections[0].process.pobjectid.tag == "blah"
-        assert default_or.network_connections[0].process.pobjectid.treeid == "blah"
-        assert default_or.network_connections[0].process.pobjectid.processtree == "blah"
-        assert (
-            default_or.network_connections[0].process.pobjectid.time_observed == "blah"
-        )
-        assert default_or.network_connections[0].process.pimage == "blah"
-        assert default_or.network_connections[0].process.pcommand_line == "blah"
-        assert default_or.network_connections[0].process.ppid == "blah"
-        assert default_or.network_connections[0].process.pid == "blah"
-        assert default_or.network_connections[0].process.image == "blah"
-        assert default_or.network_connections[0].process.command_line == "blah"
-        assert default_or.network_connections[0].process.start_time == "blah"
-        assert default_or.network_connections[0].process.end_time == "blah"
-        assert default_or.network_connections[0].process.integrity_level == "blah"
-        assert default_or.network_connections[0].process.image_hash == "blah"
-        assert default_or.network_connections[0].process.original_file_name == "blah"
-
-        assert default_or.network_dns[0].domain == "blah"
-        assert default_or.network_dns[0].resolved_ips == ["blah"]
-        assert default_or.network_dns[0].lookup_type == "blah"
-
-        assert str(UUID(default_or.network_dns[0].connection_details.objectid.guid))
-        assert default_or.network_dns[0].connection_details.objectid.tag == "blah"
-        assert default_or.network_dns[0].connection_details.objectid.treeid == "blah"
-        assert (
-            default_or.network_dns[0].connection_details.objectid.processtree == "blah"
-        )
-        assert (
-            default_or.network_dns[0].connection_details.objectid.time_observed
-            == "blah"
-        )
-        assert default_or.network_dns[0].connection_details.source_ip == "blah"
-        assert default_or.network_dns[0].connection_details.source_port == "blah"
-        assert default_or.network_dns[0].connection_details.destination_ip == "blah"
-        assert default_or.network_dns[0].connection_details.destination_port == "blah"
-        assert (
-            default_or.network_dns[0].connection_details.transport_layer_protocol
-            == "blah"
-        )
-        assert default_or.network_dns[0].connection_details.direction == "blah"
-
-        assert (
-            default_or.network_dns[0].connection_details.process.objectid.guid
-            == "{12345678-1234-5678-1234-567812345678}"
-        )
-        assert (
-            default_or.network_dns[0].connection_details.process.objectid.tag == "blah"
-        )
-        assert (
-            default_or.network_dns[0].connection_details.process.objectid.treeid
-            == "blah"
-        )
-        assert (
-            default_or.network_dns[0].connection_details.process.objectid.processtree
-            == "blah"
-        )
-        assert (
-            default_or.network_dns[0].connection_details.process.objectid.time_observed
-            == "blah"
-        )
-        assert (
-            default_or.network_dns[0].connection_details.process.pobjectid.guid
-            == "{12345678-1234-5678-1234-567812345678}"
-        )
-        assert (
-            default_or.network_dns[0].connection_details.process.pobjectid.tag == "blah"
-        )
-        assert (
-            default_or.network_dns[0].connection_details.process.pobjectid.treeid
-            == "blah"
-        )
-        assert (
-            default_or.network_dns[0].connection_details.process.pobjectid.processtree
-            == "blah"
-        )
-        assert (
-            default_or.network_dns[0].connection_details.process.pobjectid.time_observed
-            == "blah"
-        )
-        assert default_or.network_dns[0].connection_details.process.pimage == "blah"
-        assert (
-            default_or.network_dns[0].connection_details.process.pcommand_line == "blah"
-        )
-        assert default_or.network_dns[0].connection_details.process.ppid == "blah"
-        assert default_or.network_dns[0].connection_details.process.pid == "blah"
-        assert default_or.network_dns[0].connection_details.process.image == "blah"
-        assert (
-            default_or.network_dns[0].connection_details.process.command_line == "blah"
-        )
-        assert default_or.network_dns[0].connection_details.process.start_time == "blah"
-        assert default_or.network_dns[0].connection_details.process.end_time == "blah"
-        assert (
-            default_or.network_dns[0].connection_details.process.integrity_level
-            == "blah"
-        )
-        assert default_or.network_dns[0].connection_details.process.image_hash == "blah"
-        assert (
-            default_or.network_dns[0].connection_details.process.original_file_name
-            == "blah"
-        )
-
-        assert default_or.network_http[0].request_uri == "blah"
-        assert default_or.network_http[0].request_headers == {"a": "b"}
-        assert default_or.network_http[0].request_body == "blah"
-        assert default_or.network_http[0].request_method == "blah"
-        assert default_or.network_http[0].response_headers == {"a": "b"}
-        assert default_or.network_http[0].response_status_code == 123
-        assert default_or.network_http[0].response_body == "blah"
-
-        assert str(UUID(default_or.network_http[0].connection_details.objectid.guid))
-        assert default_or.network_http[0].connection_details.objectid.tag == "blah"
-        assert default_or.network_http[0].connection_details.objectid.treeid == "blah"
-        assert (
-            default_or.network_http[0].connection_details.objectid.processtree == "blah"
-        )
-        assert (
-            default_or.network_http[0].connection_details.objectid.time_observed
-            == "blah"
-        )
-        assert default_or.network_http[0].connection_details.source_ip == "blah"
-        assert default_or.network_http[0].connection_details.source_port == "blah"
-        assert default_or.network_http[0].connection_details.destination_ip == "blah"
-        assert default_or.network_http[0].connection_details.destination_port == "blah"
-        assert (
-            default_or.network_http[0].connection_details.transport_layer_protocol
-            == "blah"
-        )
-        assert default_or.network_http[0].connection_details.direction == "blah"
-
-        assert (
-            default_or.network_http[0].connection_details.process.objectid.guid
-            == "{12345678-1234-5678-1234-567812345678}"
-        )
-        assert (
-            default_or.network_http[0].connection_details.process.objectid.tag == "blah"
-        )
-        assert (
-            default_or.network_http[0].connection_details.process.objectid.treeid
-            == "blah"
-        )
-        assert (
-            default_or.network_http[0].connection_details.process.objectid.processtree
-            == "blah"
-        )
-        assert (
-            default_or.network_http[0].connection_details.process.objectid.time_observed
-            == "blah"
-        )
-        assert (
-            default_or.network_http[0].connection_details.process.pobjectid.guid
-            == "{12345678-1234-5678-1234-567812345678}"
-        )
-        assert (
-            default_or.network_http[0].connection_details.process.pobjectid.tag
-            == "blah"
-        )
-        assert (
-            default_or.network_http[0].connection_details.process.pobjectid.treeid
-            == "blah"
-        )
-        assert (
-            default_or.network_http[0].connection_details.process.pobjectid.processtree
-            == "blah"
-        )
-        assert (
-            default_or.network_http[
-                0
-            ].connection_details.process.pobjectid.time_observed
-            == "blah"
-        )
-        assert default_or.network_http[0].connection_details.process.pimage == "blah"
-        assert (
-            default_or.network_http[0].connection_details.process.pcommand_line
-            == "blah"
-        )
-        assert default_or.network_http[0].connection_details.process.ppid == "blah"
-        assert default_or.network_http[0].connection_details.process.pid == "blah"
-        assert default_or.network_http[0].connection_details.process.image == "blah"
-        assert (
-            default_or.network_http[0].connection_details.process.command_line == "blah"
-        )
-        assert (
-            default_or.network_http[0].connection_details.process.start_time == "blah"
-        )
-        assert default_or.network_http[0].connection_details.process.end_time == "blah"
-        assert (
-            default_or.network_http[0].connection_details.process.integrity_level
-            == "blah"
-        )
-        assert (
-            default_or.network_http[0].connection_details.process.image_hash == "blah"
-        )
-        assert (
-            default_or.network_http[0].connection_details.process.original_file_name
-            == "blah"
-        )
-
-        assert (
-            default_or.processes[0].objectid.guid
-            == "{12345678-1234-5678-1234-567812345678}"
-        )
-        assert default_or.processes[0].objectid.tag == "blah"
-        assert default_or.processes[0].objectid.treeid == "blah"
-        assert default_or.processes[0].objectid.processtree == "blah"
-        assert default_or.processes[0].objectid.time_observed == "blah"
-        assert (
-            default_or.processes[0].pobjectid.guid
-            == "{12345678-1234-5678-1234-567812345678}"
-        )
-        assert default_or.processes[0].pobjectid.tag == "blah"
-        assert default_or.processes[0].pobjectid.treeid == "blah"
-        assert default_or.processes[0].pobjectid.processtree == "blah"
-        assert default_or.processes[0].pobjectid.time_observed == "blah"
-        assert default_or.processes[0].pimage == "blah"
-        assert default_or.processes[0].pcommand_line == "blah"
-        assert default_or.processes[0].ppid == "blah"
-        assert default_or.processes[0].pid == "blah"
-        assert default_or.processes[0].image == "blah"
-        assert default_or.processes[0].command_line == "blah"
-        assert default_or.processes[0].start_time == "blah"
-        assert default_or.processes[0].end_time == "blah"
-        assert default_or.processes[0].integrity_level == "blah"
-        assert default_or.processes[0].image_hash == "blah"
-        assert default_or.processes[0].original_file_name == "blah"
-
-        assert default_or.sandbox_name == "blah"
-        assert default_or.sandbox_version == "blah"
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "artifact_list, expected_result",
-        [
-            (None, None),
-            ([], None),
-            (
-                [
-                    {
-                        "name": "blah",
-                        "path": "blah",
-                        "description": "blah",
-                        "to_be_extracted": True,
-                        "sha256": "blah",
-                    }
-                ],
-                None,
-            ),
-            (
-                [
-                    {
-                        "name": "blah",
-                        "path": "blah",
-                        "description": "blah",
-                        "to_be_extracted": False,
-                        "sha256": "blah",
-                    }
-                ],
-                None,
-            ),
-        ],
-    )
-    def test_handle_artifacts(artifact_list, expected_result, dummy_request_class):
-        r = dummy_request_class()
-        o = OntologyResults()
-        actual_result = o.handle_artifacts(artifact_list, r)
-        assert actual_result == expected_result
-
-    @staticmethod
-    def test_get_guids():
-        so = OntologyResults(service_name="blah")
-        objectid = ObjectID(
-            tag="blah",
-            ontology_id="blah",
-            guid="{12345678-1234-5678-1234-567812345678}",
-        )
-        p = so.create_process(
-            objectid=objectid,
-            pid=1,
-            start_time="1970-01-01 00:00:00",
-            end_time="1970-01-01 00:00:01",
-            image="blah",
-        )
-        so.add_process(p)
-        assert so._get_guids() == ["{12345678-1234-5678-1234-567812345678}"]
-
-    @staticmethod
-    def test_validate_process():
-        so = OntologyResults(service_name="blah")
-        p1_objectid = ObjectID(tag="blah", ontology_id="blah")
-
-        # if not p.guid and p.pid not in pids:
-        p1 = so.create_process(
-            objectid=p1_objectid,
-            pid=1,
-            start_time="1970-01-01 00:00:00",
-            end_time="1970-01-01 00:00:01",
-            image="blah",
-        )
-        assert so._validate_process(p1)
-        assert UUID(p1.objectid.guid)
-        so.add_process(p1)
-
-        # else
-        p2_objectid = ObjectID(
-            tag="blah",
-            ontology_id="blah",
-            guid="{12345678-1234-5678-1234-567812345678}",
-        )
-        p2 = so.create_process(
-            objectid=p2_objectid,
-            pid=2,
-            start_time="1970-01-01 00:00:00",
-            end_time="1970-01-01 00:00:01",
-            image="blah",
-        )
-        assert so._validate_process(p2)
-        so.add_process(p2)
-
-        # elif p.guid in guids and p.pid in pids:
-        p3_objectid = ObjectID(
-            tag="blah",
-            ontology_id="blah",
-            guid="{12345678-1234-5678-1234-567812345678}",
-        )
-        p3 = so.create_process(
-            objectid=p3_objectid,
-            pid=2,
-            start_time="1970-01-01 00:00:00",
-            end_time="1970-01-01 00:00:01",
-            image="blah",
-        )
-        assert not so._validate_process(p3)
-
-        # elif p.guid in guids and p.pid not in pids:
-        p4_objectid = ObjectID(
-            tag="blah",
-            ontology_id="blah",
-            guid="{12345678-1234-5678-1234-567812345678}",
-        )
-        p4 = so.create_process(
-            objectid=p4_objectid,
-            pid=4,
-            start_time="1970-01-01 00:00:00",
-            end_time="1970-01-01 00:00:01",
-            guid="{12345678-1234-5678-1234-567812345678}",
-            image="blah",
-        )
-        assert not so._validate_process(p4)
-
-        # elif p.guid not in guids and p.pid in pids:
-        p5_objectid = ObjectID(
-            tag="blah",
-            ontology_id="blah",
-            guid="{87654321-1234-5678-1234-567812345678}",
-        )
-        p5 = so.create_process(
-            objectid=p5_objectid,
-            pid=3,
-            start_time="1970-01-01 00:00:01",
-            end_time="1970-01-01 00:00:02",
-            image="blah",
-        )
-        assert so._validate_process(p5)
-
-    @staticmethod
-    def test_handle_pid_match():
-        so = OntologyResults(service_name="blah")
-
-        # Test where no process is added
-        p1_objectid = ObjectID(tag="blah", ontology_id="blah")
-        p1 = so.create_process(
-            objectid=p1_objectid,
-            image="blah",
-            pid=1,
-            start_time="1970-01-01 00:00:01",
-            end_time="1970-01-01 00:00:02",
-        )
-        assert so._handle_pid_match(p1)
-        so.add_process(p1)
-        assert len(so.processes) == 1
-
-        # Test where duplicate entry
-        p2_objectid = ObjectID(tag="blah", ontology_id="blah")
-        p2 = so.create_process(
-            objectid=p2_objectid,
-            image="blah",
-            pid=1,
-            start_time="1970-01-01 00:00:01",
-            end_time="1970-01-01 00:00:02",
-        )
-        assert not so._handle_pid_match(p2)
-
-        # Test with valid start time
-        p3_objectid = ObjectID(tag="blah", ontology_id="blah")
-        p3 = so.create_process(
-            objectid=p3_objectid,
-            image="blah",
-            pid=1,
-            start_time="1970-01-01 00:00:02",
-            end_time="1970-01-01 00:00:03",
-        )
-        assert so._handle_pid_match(p3)
-        so.add_process(p3)
-        assert len(so.processes) == 2
-
-        # Test with valid end time
-        p4_objectid = ObjectID(tag="blah", ontology_id="blah")
-        p4 = so.create_process(
-            objectid=p4_objectid,
-            image="blah",
-            pid=1,
-            start_time="1970-01-01 00:00:00",
-            end_time="1970-01-01 00:00:01",
-        )
-        assert so._handle_pid_match(p4)
-        so.add_process(p4)
-        assert len(so.processes) == 3
-
-        # Test invalid entry
-        p5_objectid = ObjectID(tag="blah", ontology_id="blah")
-        p5 = so.create_process(
-            objectid=p5_objectid,
-            image="blah",
-            pid=1,
-            start_time="1970-01-01 00:00:00",
-            end_time="1970-01-01 00:00:03",
-        )
-        assert not so._handle_pid_match(p5)
-
-    @staticmethod
-    def test_remove_process():
-        default_or = OntologyResults(service_name="blah")
-        p_objectid = ObjectID(tag="blah", ontology_id="blah")
-        p = default_or.create_process(
-            objectid=p_objectid,
-            image="blah",
-            start_time="1970-01-01 00:00:00",
-        )
-        default_or.add_process(p)
-        assert default_or.get_processes() == [p]
-        p1_objectid = ObjectID(tag="blah", ontology_id="blah")
-        p1 = default_or.create_process(
-            objectid=p1_objectid,
-            image="blah",
-            start_time="1970-01-01 00:00:00",
-        )
-        default_or._remove_process(p1)
-        assert default_or.get_processes() == [p]
-        default_or._remove_process(p)
-        assert default_or.get_processes() == []
-
-    @staticmethod
-    def test_remove_network_http():
-        default_or = OntologyResults()
-        nh = default_or.create_network_http(
-            request_uri="blah.com", request_method="GET"
-        )
-        default_or.add_network_http(nh)
-        assert default_or.get_network_http() == [nh]
-        nh1 = default_or.create_network_http(
-            request_uri="blah.com", request_method="GET"
-        )
-        default_or._remove_network_http(nh1)
-        assert default_or.get_network_http() == [nh]
-        default_or._remove_network_http(nh)
-        assert default_or.get_network_http() == []
-
-    @staticmethod
-    def test_remove_network_dns():
-        default_or = OntologyResults()
-        nd = default_or.create_network_dns(
-            domain="blah.com", resolved_ips=["1.1.1.1"], lookup_type="A"
-        )
-        default_or.add_network_dns(nd)
-        assert default_or.get_network_dns() == [nd]
-        nd1 = default_or.create_network_dns(
-            domain="blah.com", resolved_ips=["1.1.1.1"], lookup_type="A"
-        )
-        default_or._remove_network_dns(nd1)
-        assert default_or.get_network_dns() == [nd]
-        default_or._remove_network_dns(nd)
-        assert default_or.get_network_dns() == []
-
-    @staticmethod
-    def test_remove_network_connection():
-        default_or = OntologyResults(service_name="blah")
-        nc_objectid = ObjectID(tag="blah", ontology_id="blah")
-        nc = default_or.create_network_connection(
-            objectid=nc_objectid,
-            destination_ip="1.1.1.1",
-            destination_port=123,
-            transport_layer_protocol="tcp",
-            direction="outbound",
-        )
-        default_or.add_network_connection(nc)
-        assert default_or.get_network_connections() == [nc]
-        nc1_objectid = ObjectID(tag="blah", ontology_id="blah")
-        nc1 = default_or.create_network_connection(
-            objectid=nc1_objectid,
-            destination_ip="1.1.1.1",
-            destination_port=123,
-            transport_layer_protocol="tcp",
-            direction="outbound",
-        )
-        default_or._remove_network_connection(nc1)
-        assert default_or.get_network_connections() == [nc]
-        default_or._remove_network_connection(nc)
-        assert default_or.get_network_connections() == []
-
-    @staticmethod
-    def test_remove_signature():
-        default_or = OntologyResults(service_name="blah")
-        sig_objectid = ObjectID(tag="blah", ontology_id="blah")
-        signature = default_or.create_signature(
-            objectid=sig_objectid, name="blah", type="CUCKOO"
-        )
-        default_or.add_signature(signature)
-        assert default_or.get_signatures() == [signature]
-        sig1_objectid = ObjectID(tag="blah", ontology_id="blah")
-        signature1 = default_or.create_signature(
-            objectid=sig1_objectid, name="blah", type="CUCKOO"
-        )
-        default_or._remove_signature(signature1)
-        assert default_or.get_signatures() == [signature]
-        default_or._remove_signature(signature)
-        assert default_or.get_signatures() == []
-
-    @staticmethod
-    @pytest.mark.skip("TBD")
-    def test_load_process_from_json():
-        default_so = SandboxOntology()
-        p = default_so._load_process_from_json(
-            {
-                "objectid": {
-                    "guid": "{12345678-1234-5678-1234-567812345678}",
-                    "tag": "blah",
-                    "treeid": "blah",
-                    "processtree": "blah",
-                    "time_observed": "blah",
-                },
-                "pobjectid": {
-                    "guid": "{12345678-1234-5678-1234-567812345678}",
-                    "tag": "blah",
-                    "treeid": "blah",
-                    "processtree": "blah",
-                    "time_observed": "blah",
-                },
-                "pimage": "blah",
-                "pcommand_line": "blah",
-                "ppid": "blah",
-                "pid": "blah",
-                "image": "blah",
-                "command_line": "blah",
-                "start_time": "blah",
-                "end_time": "blah",
-            }
-        )
-        assert p.objectid.guid == "{12345678-1234-5678-1234-567812345678}"
-        assert p.objectid.tag == "blah"
-        assert p.objectid.treeid == "blah"
-        assert p.objectid.processtree == "blah"
-        assert p.objectid.time_observed == "blah"
-        assert p.pobjectid.guid == "{12345678-1234-5678-1234-567812345678}"
-        assert p.pobjectid.tag == "blah"
-        assert p.pobjectid.treeid == "blah"
-        assert p.pobjectid.processtree == "blah"
-        assert p.pobjectid.time_observed == "blah"
-        assert p.pimage == "blah"
-        assert p.pcommand_line == "blah"
-        assert p.ppid == "blah"
-        assert p.pid == "blah"
-        assert p.image == "blah"
-        assert p.command_line == "blah"
-        assert p.start_time == "blah"
-        assert p.end_time == "blah"
-
-    @staticmethod
-    @pytest.mark.skip("TBD")
-    def test_load_signature_from_json():
-        default_so = SandboxOntology()
-        s = default_so._load_signature_from_json(
-            {
-                "name": "blah",
-                "description": "blah",
-                "attack": [
-                    {
-                        "attack_id": "T1187",
-                        "categories": ["credential-access"],
-                        "pattern": "Forced Authentication",
-                    }
-                ],
-                "subjects": [
-                    {
-                        "ip": "blah",
-                        "domain": None,
-                        "uri": None,
-                        "process": None,
-                        "file": None,
-                        "registry": None,
-                    },
-                    {
-                        "ip": "blah",
-                        "domain": None,
-                        "uri": None,
-                        "process": {
-                            "objectid": {
-                                "guid": "{12345678-1234-5678-1234-567812345678}",
-                                "tag": "blah",
-                                "treeid": "blah",
-                                "processtree": "blah",
-                                "time_observed": "blah",
-                            },
-                            "pobjectid": {
-                                "guid": "{12345678-1234-5678-1234-567812345678}",
-                                "tag": "blah",
-                                "treeid": "blah",
-                                "processtree": "blah",
-                                "time_observed": "blah",
-                            },
-                            "pimage": "blah",
-                            "pcommand_line": "blah",
-                            "ppid": "blah",
-                            "pid": "blah",
-                            "image": "blah",
-                            "command_line": "blah",
-                            "start_time": "blah",
-                            "end_time": "blah",
-                        },
-                        "file": None,
-                        "registry": None,
-                    },
-                ],
-                "process": {
-                    "objectid": {
-                        "guid": "{12345678-1234-5678-1234-567812345678}",
-                        "tag": "blah",
-                        "treeid": "blah",
-                        "processtree": "blah",
-                        "time_observed": "blah",
-                    },
-                    "pobjectid": {
-                        "guid": "{12345678-1234-5678-1234-567812345678}",
-                        "tag": "blah",
-                        "treeid": "blah",
-                        "processtree": "blah",
-                        "time_observed": "blah",
-                    },
-                    "pimage": "blah",
-                    "pcommand_line": "blah",
-                    "ppid": "blah",
-                    "pid": "blah",
-                    "image": "blah",
-                    "command_line": "blah",
-                    "start_time": "blah",
-                    "end_time": "blah",
-                },
-            }
-        )
-        assert s.name == "blah"
-        assert s.description == "blah"
-        assert s.attack == [
-            {
-                "attack_id": "T1187",
-                "categories": ["credential-access"],
-                "pattern": "Forced Authentication",
-            }
-        ]
-        assert s.subjects[0].ip == "blah"
-        assert s.subjects[0].domain is None
-        assert s.subjects[0].uri is None
-        assert s.subjects[0].process is None
-        assert s.subjects[0].file is None
-        assert s.subjects[0].registry is None
-        assert s.subjects[1].ip is None
-        assert s.subjects[1].domain is None
-        assert s.subjects[1].uri is None
-        assert s.subjects[1].file is None
-        assert s.subjects[1].registry is None
-        assert (
-            s.subjects[1].process.objectid.guid
-            == "{12345678-1234-5678-1234-567812345678}"
-        )
-        assert s.subjects[1].process.objectid.tag == "blah"
-        assert s.subjects[1].process.objectid.treeid == "blah"
-        assert s.subjects[1].process.objectid.processtree == "blah"
-        assert s.subjects[1].process.objectid.time_observed == "blah"
-        assert (
-            s.subjects[1].process.pobjectid.guid
-            == "{12345678-1234-5678-1234-567812345678}"
-        )
-        assert s.subjects[1].process.pobjectid.tag == "blah"
-        assert s.subjects[1].process.pobjectid.treeid == "blah"
-        assert s.subjects[1].process.pobjectid.processtree == "blah"
-        assert s.subjects[1].process.pobjectid.time_observed == "blah"
-        assert s.subjects[1].process.pimage == "blah"
-        assert s.subjects[1].process.pcommand_line == "blah"
-        assert s.subjects[1].process.ppid == "blah"
-        assert s.subjects[1].process.pid == "blah"
-        assert s.subjects[1].process.image == "blah"
-        assert s.subjects[1].process.command_line == "blah"
-        assert s.subjects[1].process.start_time == "blah"
-        assert s.subjects[1].process.end_time == "blah"
-        assert s.process.objectid.guid == "{12345678-1234-5678-1234-567812345678}"
-        assert s.process.objectid.tag == "blah"
-        assert s.process.objectid.treeid == "blah"
-        assert s.process.objectid.processtree == "blah"
-        assert s.process.objectid.time_observed == "blah"
-        assert s.process.pobjectid.guid == "{12345678-1234-5678-1234-567812345678}"
-        assert s.process.pobjectid.tag == "blah"
-        assert s.process.pobjectid.treeid == "blah"
-        assert s.process.pobjectid.processtree == "blah"
-        assert s.process.pobjectid.time_observed == "blah"
-        assert s.process.pimage == "blah"
-        assert s.process.pcommand_line == "blah"
-        assert s.process.ppid == "blah"
-        assert s.process.pid == "blah"
-        assert s.process.image == "blah"
-        assert s.process.command_line == "blah"
-        assert s.process.start_time == "blah"
-        assert s.process.end_time == "blah"
-
-    @staticmethod
-    @pytest.mark.skip("TBD")
-    def test_load_network_connection_from_json():
-        default_so = SandboxOntology()
-        nc = default_so._load_network_connection_from_json(
-            {
-                "objectid": {
-                    "tag": "blah",
-                    "treeid": "blah",
-                    "processtree": "blah",
-                    "time_observed": "blah",
-                },
-                "source_ip": "blah",
-                "source_port": "blah",
-                "destination_ip": "blah",
-                "destination_port": "blah",
-                "transport_layer_protocol": "blah",
-                "direction": "blah",
-                "process": {
-                    "objectid": {
-                        "guid": "{12345678-1234-5678-1234-567812345678}",
-                        "tag": "blah",
-                        "treeid": "blah",
-                        "processtree": "blah",
-                        "time_observed": "blah",
-                    },
-                    "pobjectid": {
-                        "guid": "{12345678-1234-5678-1234-567812345678}",
-                        "tag": "blah",
-                        "treeid": "blah",
-                        "processtree": "blah",
-                        "time_observed": "blah",
-                    },
-                    "pimage": "blah",
-                    "pcommand_line": "blah",
-                    "ppid": "blah",
-                    "pid": "blah",
-                    "image": "blah",
-                    "command_line": "blah",
-                    "start_time": "blah",
-                    "end_time": "blah",
-                    "integrity_level": "blah",
-                    "image_hash": "blah",
-                    "original_file_name": "blah",
-                },
-            }
-        )
-        assert str(UUID(nc.objectid.guid))
-        assert nc.objectid.tag == "blah"
-        assert nc.objectid.treeid == "blah"
-        assert nc.objectid.processtree == "blah"
-        assert nc.objectid.time_observed == "blah"
-        assert nc.source_ip == "blah"
-        assert nc.source_port == "blah"
-        assert nc.destination_ip == "blah"
-        assert nc.destination_port == "blah"
-        assert nc.transport_layer_protocol == "blah"
-        assert nc.direction == "blah"
-        assert nc.process.objectid.guid == "{12345678-1234-5678-1234-567812345678}"
-        assert nc.process.objectid.tag == "blah"
-        assert nc.process.objectid.treeid == "blah"
-        assert nc.process.objectid.processtree == "blah"
-        assert nc.process.objectid.time_observed == "blah"
-        assert nc.process.pobjectid.guid == "{12345678-1234-5678-1234-567812345678}"
-        assert nc.process.pobjectid.tag == "blah"
-        assert nc.process.pobjectid.treeid == "blah"
-        assert nc.process.pobjectid.processtree == "blah"
-        assert nc.process.pobjectid.time_observed == "blah"
-        assert nc.process.pimage == "blah"
-        assert nc.process.pcommand_line == "blah"
-        assert nc.process.ppid == "blah"
-        assert nc.process.pid == "blah"
-        assert nc.process.image == "blah"
-        assert nc.process.command_line == "blah"
-        assert nc.process.start_time == "blah"
-        assert nc.process.end_time == "blah"
-        assert nc.process.integrity_level == "blah"
-        assert nc.process.image_hash == "blah"
-        assert nc.process.original_file_name == "blah"
-
-    @staticmethod
-    @pytest.mark.skip("TBD")
-    def test_load_network_dns_from_json():
-        default_so = SandboxOntology()
-        nd = default_so._load_network_dns_from_json(
-            {
-                "domain": "blah",
-                "resolved_ips": ["blah"],
-                "lookup_type": "blah",
-                "connection_details": {
-                    "objectid": {
-                        "tag": "blah",
-                        "treeid": "blah",
-                        "processtree": "blah",
-                        "time_observed": "blah",
-                    },
-                    "source_ip": "blah",
-                    "source_port": "blah",
-                    "destination_ip": "blah",
-                    "destination_port": "blah",
-                    "transport_layer_protocol": "blah",
-                    "direction": "blah",
-                    "process": {
-                        "objectid": {
-                            "guid": "{12345678-1234-5678-1234-567812345678}",
-                            "tag": "blah",
-                            "treeid": "blah",
-                            "processtree": "blah",
-                            "time_observed": "blah",
-                        },
-                        "pobjectid": {
-                            "guid": "{12345678-1234-5678-1234-567812345678}",
-                            "tag": "blah",
-                            "treeid": "blah",
-                            "processtree": "blah",
-                            "time_observed": "blah",
-                        },
-                        "pimage": "blah",
-                        "pcommand_line": "blah",
-                        "ppid": "blah",
-                        "pid": "blah",
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "blah",
-                        "end_time": "blah",
-                        "integrity_level": "blah",
-                        "image_hash": "blah",
-                        "original_file_name": "blah",
-                    },
-                },
-            }
-        )
-        assert nd.domain == "blah"
-        assert nd.resolved_ips == ["blah"]
-        assert nd.lookup_type == "blah"
-        assert str(UUID(nd.connection_details.objectid.guid))
-        assert nd.connection_details.objectid.tag == "blah"
-        assert nd.connection_details.objectid.treeid == "blah"
-        assert nd.connection_details.objectid.processtree == "blah"
-        assert nd.connection_details.objectid.time_observed == "blah"
-        assert nd.connection_details.source_ip == "blah"
-        assert nd.connection_details.source_port == "blah"
-        assert nd.connection_details.destination_ip == "blah"
-        assert nd.connection_details.destination_port == "blah"
-        assert nd.connection_details.transport_layer_protocol == "blah"
-        assert nd.connection_details.direction == "blah"
-        assert (
-            nd.connection_details.process.objectid.guid
-            == "{12345678-1234-5678-1234-567812345678}"
-        )
-        assert nd.connection_details.process.objectid.tag == "blah"
-        assert nd.connection_details.process.objectid.treeid == "blah"
-        assert nd.connection_details.process.objectid.processtree == "blah"
-        assert nd.connection_details.process.objectid.time_observed == "blah"
-        assert (
-            nd.connection_details.process.pobjectid.guid
-            == "{12345678-1234-5678-1234-567812345678}"
-        )
-        assert nd.connection_details.process.pobjectid.tag == "blah"
-        assert nd.connection_details.process.pobjectid.treeid == "blah"
-        assert nd.connection_details.process.pobjectid.processtree == "blah"
-        assert nd.connection_details.process.pobjectid.time_observed == "blah"
-        assert nd.connection_details.process.pimage == "blah"
-        assert nd.connection_details.process.pcommand_line == "blah"
-        assert nd.connection_details.process.ppid == "blah"
-        assert nd.connection_details.process.pid == "blah"
-        assert nd.connection_details.process.image == "blah"
-        assert nd.connection_details.process.command_line == "blah"
-        assert nd.connection_details.process.start_time == "blah"
-        assert nd.connection_details.process.end_time == "blah"
-        assert nd.connection_details.process.integrity_level == "blah"
-        assert nd.connection_details.process.image_hash == "blah"
-        assert nd.connection_details.process.original_file_name == "blah"
-
-    @staticmethod
-    @pytest.mark.skip("TBD")
-    def test_load_network_http_from_json():
-        default_so = SandboxOntology()
-        nh = default_so._load_network_http_from_json(
-            {
-                "request_uri": "blah",
-                "request_headers": {"a": "b"},
-                "request_body": "blah",
-                "request_method": "blah",
-                "response_headers": {"a": "b"},
-                "response_status_code": 123,
-                "response_body": "blah",
-                "connection_details": {
-                    "objectid": {
-                        "tag": "blah",
-                        "treeid": "blah",
-                        "processtree": "blah",
-                        "time_observed": "blah",
-                    },
-                    "source_ip": "blah",
-                    "source_port": "blah",
-                    "destination_ip": "blah",
-                    "destination_port": "blah",
-                    "transport_layer_protocol": "blah",
-                    "direction": "blah",
-                    "process": {
-                        "objectid": {
-                            "guid": "{12345678-1234-5678-1234-567812345678}",
-                            "tag": "blah",
-                            "treeid": "blah",
-                            "processtree": "blah",
-                            "time_observed": "blah",
-                        },
-                        "pobjectid": {
-                            "guid": "{12345678-1234-5678-1234-567812345678}",
-                            "tag": "blah",
-                            "treeid": "blah",
-                            "processtree": "blah",
-                            "time_observed": "blah",
-                        },
-                        "pimage": "blah",
-                        "pcommand_line": "blah",
-                        "ppid": "blah",
-                        "pid": "blah",
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "blah",
-                        "end_time": "blah",
-                        "integrity_level": "blah",
-                        "image_hash": "blah",
-                        "original_file_name": "blah",
-                    },
-                },
-            }
-        )
-        assert nh.request_uri == "blah"
-        assert nh.request_headers == {"a": "b"}
-        assert nh.request_method == "blah"
-        assert nh.response_status_code == 123
-        assert nh.response_body == "blah"
-        assert str(UUID(nh.connection_details.objectid.guid))
-        assert nh.connection_details.objectid.tag == "blah"
-        assert nh.connection_details.objectid.treeid == "blah"
-        assert nh.connection_details.objectid.processtree == "blah"
-        assert nh.connection_details.objectid.time_observed == "blah"
-        assert nh.connection_details.source_ip == "blah"
-        assert nh.connection_details.source_port == "blah"
-        assert nh.connection_details.destination_ip == "blah"
-        assert nh.connection_details.destination_port == "blah"
-        assert nh.connection_details.transport_layer_protocol == "blah"
-        assert nh.connection_details.direction == "blah"
-        assert (
-            nh.connection_details.process.objectid.guid
-            == "{12345678-1234-5678-1234-567812345678}"
-        )
-        assert nh.connection_details.process.objectid.tag == "blah"
-        assert nh.connection_details.process.objectid.treeid == "blah"
-        assert nh.connection_details.process.objectid.processtree == "blah"
-        assert nh.connection_details.process.objectid.time_observed == "blah"
-        assert (
-            nh.connection_details.process.pobjectid.guid
-            == "{12345678-1234-5678-1234-567812345678}"
-        )
-        assert nh.connection_details.process.pobjectid.tag == "blah"
-        assert nh.connection_details.process.pobjectid.treeid == "blah"
-        assert nh.connection_details.process.pobjectid.processtree == "blah"
-        assert nh.connection_details.process.pobjectid.time_observed == "blah"
-        assert nh.connection_details.process.pimage == "blah"
-        assert nh.connection_details.process.pcommand_line == "blah"
-        assert nh.connection_details.process.ppid == "blah"
-        assert nh.connection_details.process.pid == "blah"
-        assert nh.connection_details.process.image == "blah"
-        assert nh.connection_details.process.command_line == "blah"
-        assert nh.connection_details.process.start_time == "blah"
-        assert nh.connection_details.process.end_time == "blah"
-        assert nh.connection_details.process.integrity_level == "blah"
-        assert nh.connection_details.process.image_hash == "blah"
-        assert nh.connection_details.process.original_file_name == "blah"
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "things_to_sort_by_time_observed, expected_result",
-        [
-            (None, []),
-            ([], []),
-            (
-                [{"objectid": {"time_observed": 1}}],
-                [{"objectid": {"time_observed": 1}}],
-            ),
-            (
-                [
-                    {"objectid": {"time_observed": 1}},
-                    {"objectid": {"time_observed": 2}},
-                ],
-                [
-                    {"objectid": {"time_observed": 1}},
-                    {"objectid": {"time_observed": 2}},
-                ],
-            ),
-            (
-                [
-                    {"objectid": {"time_observed": 1}},
-                    {"objectid": {"time_observed": 1}},
-                ],
-                [
-                    {"objectid": {"time_observed": 1}},
-                    {"objectid": {"time_observed": 1}},
-                ],
-            ),
-            (
-                [
-                    {"objectid": {"time_observed": 2}},
-                    {"objectid": {"time_observed": 1}},
-                ],
-                [
-                    {"objectid": {"time_observed": 1}},
-                    {"objectid": {"time_observed": 2}},
-                ],
-            ),
-            (
-                [
-                    {"objectid": {"time_observed": 3}},
-                    {"objectid": {"time_observed": 2}},
-                    {"objectid": {"time_observed": 1}},
-                ],
-                [
-                    {"objectid": {"time_observed": 1}},
-                    {"objectid": {"time_observed": 2}},
-                    {"objectid": {"time_observed": 3}},
-                ],
-            ),
-            (
-                [
-                    {"objectid": {"time_observed": "1970-01-01 00:00:03"}},
-                    {"objectid": {"time_observed": "1970-01-01 00:00:02"}},
-                    {"objectid": {"time_observed": "1970-01-01 00:00:01"}},
-                ],
-                [
-                    {"objectid": {"time_observed": "1970-01-01 00:00:01"}},
-                    {"objectid": {"time_observed": "1970-01-01 00:00:02"}},
-                    {"objectid": {"time_observed": "1970-01-01 00:00:03"}},
-                ],
-            ),
-            (
-                [
-                    {"objectid": {"time_observed": "1970-01-01 00:00:03"}},
-                    {"objectid": {"time_observed": "1970-01-01 00:00:02"}},
-                    {"objectid": {"time_observed": "1-01-01 00:00:00"}},
-                ],
-                [
-                    {"objectid": {"time_observed": "1-01-01 00:00:00"}},
-                    {"objectid": {"time_observed": "1970-01-01 00:00:02"}},
-                    {"objectid": {"time_observed": "1970-01-01 00:00:03"}},
-                ],
-            ),
-        ],
-    )
-    def test_sort_things_by_time_observed(
-        things_to_sort_by_time_observed, expected_result, dummy_timestamp_class
-    ):
-        dummy_things = []
-        dummy_results = []
-        if things_to_sort_by_time_observed is None:
-            assert OntologyResults._sort_things_by_time_observed(dummy_things) == []
-            return
-
-        actual_result = OntologyResults._sort_things_by_time_observed(
-            things_to_sort_by_time_observed
-        )
-        for index, item in enumerate(actual_result):
-            assert item == expected_result[index]
-
-        dummy_things = []
-        dummy_results = []
-        for thing in things_to_sort_by_time_observed:
-            dummy_things.append(dummy_timestamp_class(thing))
-        for result in expected_result:
-            dummy_results.append(dummy_timestamp_class(result))
-        actual_result = OntologyResults._sort_things_by_time_observed(dummy_things)
-        for index, item in enumerate(actual_result):
-            assert (
-                item.__dict__["objectid"].__dict__
-                == dummy_results[index].__dict__["objectid"].__dict__
-            )
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "things_to_sort, expected_result",
-        [
-            (None, []),
-            ([], []),
-            # One item
-            (
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "a"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    }
-                ],
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "a"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    }
-                ],
-            ),
-            # Two unrelated items, sorted by time
-            (
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "a"},
-                        "pobjectid": {"time_observed": 1, "guid": "c"},
-                    },
-                    {
-                        "objectid": {"time_observed": 2, "guid": "b"},
-                        "pobjectid": {"time_observed": 2, "guid": "d"},
-                    },
-                ],
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "a"},
-                        "pobjectid": {"time_observed": 1, "guid": "c"},
-                    },
-                    {
-                        "objectid": {"time_observed": 2, "guid": "b"},
-                        "pobjectid": {"time_observed": 2, "guid": "d"},
-                    },
-                ],
-            ),
-            # Two unrelated items, not sorted by time
-            (
-                [
-                    {
-                        "objectid": {"time_observed": 2, "guid": "b"},
-                        "pobjectid": {"time_observed": 2, "guid": "d"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "a"},
-                        "pobjectid": {"time_observed": 1, "guid": "c"},
-                    },
-                ],
-                [
-                    {
-                        "objectid": {"time_observed": 2, "guid": "b"},
-                        "pobjectid": {"time_observed": 2, "guid": "d"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "a"},
-                        "pobjectid": {"time_observed": 1, "guid": "c"},
-                    },
-                ],
-            ),
-            #  Two unrelated items, sharing the same times
-            (
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "a"},
-                        "pobjectid": {"time_observed": 1, "guid": "c"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "b"},
-                        "pobjectid": {"time_observed": 1, "guid": "d"},
-                    },
-                ],
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "a"},
-                        "pobjectid": {"time_observed": 1, "guid": "c"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "b"},
-                        "pobjectid": {"time_observed": 1, "guid": "d"},
-                    },
-                ],
-            ),
-            # A parent-child relationship, sharing the same time, in the correct order
-            (
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "b"},
-                        "pobjectid": {"time_observed": 1, "guid": "a"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "c"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                ],
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "b"},
-                        "pobjectid": {"time_observed": 1, "guid": "a"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "c"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                ],
-            ),
-            # A parent-child relationship, sharing the same time, in the incorrect order
-            (
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "c"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "b"},
-                        "pobjectid": {"time_observed": 1, "guid": "a"},
-                    },
-                ],
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "b"},
-                        "pobjectid": {"time_observed": 1, "guid": "a"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "c"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                ],
-            ),
-            # A parent-child relationship, sharing the same time, in the correct order, with a random item in-between
-            (
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "b"},
-                        "pobjectid": {"time_observed": 1, "guid": "a"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "e"},
-                        "pobjectid": {"time_observed": 1, "guid": "d"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "c"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                ],
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "b"},
-                        "pobjectid": {"time_observed": 1, "guid": "a"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "e"},
-                        "pobjectid": {"time_observed": 1, "guid": "d"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "c"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                ],
-            ),
-            # A parent-child-child relationship, sharing the same time, in the incorrect order, with a random item in-between, parent at the bottom
-            (
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "d"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                    {
-                        "objectid": {"time_observed": 2, "guid": "f"},
-                        "pobjectid": {"time_observed": 2, "guid": "e"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "c"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "b"},
-                        "pobjectid": {"time_observed": 1, "guid": "a"},
-                    },
-                ],
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "b"},
-                        "pobjectid": {"time_observed": 1, "guid": "a"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "d"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                    {
-                        "objectid": {"time_observed": 2, "guid": "f"},
-                        "pobjectid": {"time_observed": 2, "guid": "e"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "c"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                ],
-            ),
-            # A parent-child-child relationship, sharing the same time, in the incorrect order, parent in the middle
-            (
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "d"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "b"},
-                        "pobjectid": {"time_observed": 1, "guid": "a"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "c"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                ],
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "b"},
-                        "pobjectid": {"time_observed": 1, "guid": "a"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "d"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "c"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                ],
-            ),
-            # A grandparent-parent-child relationship, sharing the same time, in the incorrect order, in ascending order
-            (
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "d"},
-                        "pobjectid": {"time_observed": 1, "guid": "c"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "c"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "b"},
-                        "pobjectid": {"time_observed": 1, "guid": "a"},
-                    },
-                ],
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "b"},
-                        "pobjectid": {"time_observed": 1, "guid": "a"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "c"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "d"},
-                        "pobjectid": {"time_observed": 1, "guid": "c"},
-                    },
-                ],
-            ),
-            # A grandparent-parent-child relationship, sharing the same time, in the incorrect order, in mismatched order
-            (
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "d"},
-                        "pobjectid": {"time_observed": 1, "guid": "c"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "b"},
-                        "pobjectid": {"time_observed": 1, "guid": "a"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "c"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                ],
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "b"},
-                        "pobjectid": {"time_observed": 1, "guid": "a"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "c"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "d"},
-                        "pobjectid": {"time_observed": 1, "guid": "c"},
-                    },
-                ],
-            ),
-            # A grandparent-parent-parent-child-child-child relationship, sharing the same time, in the incorrect order, in ascending order
-            (
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "g"},
-                        "pobjectid": {"time_observed": 1, "guid": "d"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "f"},
-                        "pobjectid": {"time_observed": 1, "guid": "c"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "e"},
-                        "pobjectid": {"time_observed": 1, "guid": "c"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "d"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "c"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "b"},
-                        "pobjectid": {"time_observed": 1, "guid": "a"},
-                    },
-                ],
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "b"},
-                        "pobjectid": {"time_observed": 1, "guid": "a"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "d"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "g"},
-                        "pobjectid": {"time_observed": 1, "guid": "d"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "c"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "f"},
-                        "pobjectid": {"time_observed": 1, "guid": "c"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "e"},
-                        "pobjectid": {"time_observed": 1, "guid": "c"},
-                    },
-                ],
-            ),
-            # A grandparent-parent-parent-parent-child-child-child-random-random relationship, sharing the same time, in the incorrect order, in ascending order
-            (
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "z"},
-                        "pobjectid": {"time_observed": 1, "guid": "y"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "x"},
-                        "pobjectid": {"time_observed": 1, "guid": "v"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "g"},
-                        "pobjectid": {"time_observed": 1, "guid": "d"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "f"},
-                        "pobjectid": {"time_observed": 1, "guid": "c"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "e"},
-                        "pobjectid": {"time_observed": 1, "guid": "c"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "h"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "d"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "c"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "b"},
-                        "pobjectid": {"time_observed": 1, "guid": "a"},
-                    },
-                ],
-                [
-                    {
-                        "objectid": {"time_observed": 1, "guid": "z"},
-                        "pobjectid": {"time_observed": 1, "guid": "y"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "x"},
-                        "pobjectid": {"time_observed": 1, "guid": "v"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "b"},
-                        "pobjectid": {"time_observed": 1, "guid": "a"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "d"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "g"},
-                        "pobjectid": {"time_observed": 1, "guid": "d"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "c"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "f"},
-                        "pobjectid": {"time_observed": 1, "guid": "c"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "e"},
-                        "pobjectid": {"time_observed": 1, "guid": "c"},
-                    },
-                    {
-                        "objectid": {"time_observed": 1, "guid": "h"},
-                        "pobjectid": {"time_observed": 1, "guid": "b"},
-                    },
-                ],
-            ),
-            # A grandparent-parent-child+parent-child+random relationship, sharing different times time, in the incorrect order, in mismatched order
-            (
-                [
-                    {
-                        "objectid": {"guid": "d", "time_observed": float("-inf")},
-                        "pobjectid": {"guid": "c", "time_observed": float("-inf")},
-                    },
-                    {
-                        "objectid": {"guid": "g", "time_observed": float("-inf")},
-                        "pobjectid": {"guid": "f", "time_observed": float("-inf")},
-                    },
-                    {
-                        "objectid": {"guid": "c", "time_observed": float("-inf")},
-                        "pobjectid": {"guid": "b", "time_observed": float("-inf")},
-                    },
-                    {
-                        "objectid": {"guid": "f", "time_observed": float("-inf")},
-                        "pobjectid": {"guid": "e", "time_observed": None},
-                    },
-                    {
-                        "objectid": {"guid": "b", "time_observed": float("-inf")},
-                        "pobjectid": {"guid": "a", "time_observed": None},
-                    },
-                    {
-                        "objectid": {"guid": "h", "time_observed": float("-inf")},
-                        "pobjectid": {"guid": "i", "time_observed": None},
-                    },
-                ],
-                [
-                    {
-                        "objectid": {"guid": "b", "time_observed": float("-inf")},
-                        "pobjectid": {"guid": "a", "time_observed": None},
-                    },
-                    {
-                        "objectid": {"guid": "c", "time_observed": float("-inf")},
-                        "pobjectid": {"guid": "b", "time_observed": float("-inf")},
-                    },
-                    {
-                        "objectid": {"guid": "d", "time_observed": float("-inf")},
-                        "pobjectid": {"guid": "c", "time_observed": float("-inf")},
-                    },
-                    {
-                        "objectid": {"guid": "f", "time_observed": float("-inf")},
-                        "pobjectid": {"guid": "e", "time_observed": None},
-                    },
-                    {
-                        "objectid": {"guid": "g", "time_observed": float("-inf")},
-                        "pobjectid": {"guid": "f", "time_observed": float("-inf")},
-                    },
-                    {
-                        "objectid": {"guid": "h", "time_observed": float("-inf")},
-                        "pobjectid": {"guid": "i", "time_observed": None},
-                    },
-                ],
-            ),
-        ],
-    )
-    def test_sort_things_by_relationship(
-        things_to_sort, expected_result, dummy_timestamp_class
-    ):
-        dummy_things = []
-        dummy_results = []
-        if things_to_sort is None:
-            assert OntologyResults._sort_things_by_relationship(dummy_things) == []
-            return
-
-        actual_result = OntologyResults._sort_things_by_relationship(things_to_sort)
-        for index, item in enumerate(actual_result):
-            assert item == expected_result[index]
-
-        dummy_things = []
-        dummy_results = []
-        for thing in things_to_sort:
-            dummy_things.append(dummy_timestamp_class(thing))
-        for result in expected_result:
-            dummy_results.append(dummy_timestamp_class(result))
-        actual_result = OntologyResults._sort_things_by_relationship(dummy_things)
-        for index, item in enumerate(actual_result):
-            assert (
-                item.__dict__["objectid"].__dict__
-                == dummy_results[index].__dict__["objectid"].__dict__
-            )
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "events, expected_events_dict",
-        [
-            (
-                [
-                    {
-                        "pid": 1,
-                        "image": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "guid": "{12345678-1234-5678-1234-567812345678}",
-                    }
-                ],
-                {
-                    "{12345678-1234-5678-1234-567812345678}": {
-                        "objectid": {
-                            "guid": "{12345678-1234-5678-1234-567812345678}",
-                            "tag": "blah",
-                            "ontology_id": "blah",
-                            "service_name": "blah",
-                            "session": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": "1970-01-01 00:00:01",
-                        },
-                        "pobjectid": None,
-                        "pimage": None,
-                        "pcommand_line": None,
-                        "ppid": None,
-                        "pid": 1,
-                        "image": "blah",
-                        "command_line": None,
-                        "start_time": "1970-01-01 00:00:01",
-                        "end_time": None,
-                        "integrity_level": None,
-                        "image_hash": None,
-                        "original_file_name": None,
-                    }
-                },
-            ),
-            (
-                [
-                    {
-                        "pid": 1,
-                        "image": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "guid": None,
-                    }
-                ],
-                {},
-            ),
-            (
-                [
-                    {
-                        "pid": 1,
-                        "image": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "guid": "{12345678-1234-5678-1234-567812345678}",
-                    },
-                    {
-                        "pid": 2,
-                        "image": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "guid": "{12345678-1234-5678-1234-567812345679}",
-                    },
-                ],
-                {
-                    "{12345678-1234-5678-1234-567812345678}": {
-                        "objectid": {
-                            "guid": "{12345678-1234-5678-1234-567812345678}",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": "1970-01-01 00:00:01",
-                            "ontology_id": "blah",
-                            "service_name": "blah",
-                            "session": None,
-                        },
-                        "pobjectid": None,
-                        "pimage": None,
-                        "pcommand_line": None,
-                        "ppid": None,
-                        "pid": 1,
-                        "image": "blah",
-                        "command_line": None,
-                        "start_time": "1970-01-01 00:00:01",
-                        "end_time": None,
-                        "integrity_level": None,
-                        "image_hash": None,
-                        "original_file_name": None,
-                    },
-                    "{12345678-1234-5678-1234-567812345679}": {
-                        "objectid": {
-                            "guid": "{12345678-1234-5678-1234-567812345679}",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": "1970-01-01 00:00:01",
-                            "ontology_id": "blah",
-                            "service_name": "blah",
-                            "session": None,
-                        },
-                        "pobjectid": None,
-                        "pimage": None,
-                        "pcommand_line": None,
-                        "ppid": None,
-                        "pid": 2,
-                        "image": "blah",
-                        "command_line": None,
-                        "start_time": "1970-01-01 00:00:01",
-                        "end_time": None,
-                        "integrity_level": None,
-                        "image_hash": None,
-                        "original_file_name": None,
-                    },
-                },
-            ),
-        ],
-    )
-    def test_convert_events_to_dict(events, expected_events_dict):
-        event_objects = [
-            Process(
-                pid=event["pid"],
-                image=event["image"],
-                start_time=event["start_time"],
-                objectid=ObjectID(
-                    tag="blah",
-                    ontology_id="blah",
-                    service_name="blah",
-                    guid=event["guid"],
-                ),
-            )
-            for event in events
-        ]
-        assert (
-            OntologyResults._convert_events_to_dict(event_objects)
-            == expected_events_dict
-        )
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "events_dict, expected_result",
-        [
-            # No processes
-            ({}, []),
-            # One process
-            (
-                {
-                    "a": {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "a",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    }
-                },
-                [
-                    {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "children": [],
-                        "objectid": {
-                            "guid": "a",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    }
-                ],
-            ),
-            # One parent process and one child process
-            (
-                {
-                    "a": {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "a",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    },
-                    "b": {
-                        "pid": 2,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "b",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": "a",
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    },
-                },
-                [
-                    {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "a",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                        "children": [
-                            {
-                                "pid": 2,
-                                "ppid": 1,
-                                "image": "blah",
-                                "command_line": "blah",
-                                "start_time": "1970-01-01 00:00:01",
-                                "objectid": {
-                                    "guid": "b",
-                                    "tag": "blah",
-                                    "treeid": None,
-                                    "processtree": None,
-                                    "time_observed": 1,
-                                },
-                                "pobjectid": {
-                                    "guid": "a",
-                                    "tag": None,
-                                    "treeid": None,
-                                    "processtree": None,
-                                    "time_observed": None,
-                                },
-                                "children": [],
-                            }
-                        ],
-                    },
-                ],
-            ),
-            # Two unrelated processes
-            (
-                {
-                    "a": {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "a",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    },
-                    "b": {
-                        "pid": 2,
-                        "ppid": 2,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "b",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    },
-                },
-                [
-                    {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "a",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                        "children": [],
-                    },
-                    {
-                        "pid": 2,
-                        "ppid": 2,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "b",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                        "children": [],
-                    },
-                ],
-            ),
-            # Three processes consisting of a parent-child relationship and a rando process
-            (
-                {
-                    "a": {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "a",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    },
-                    "b": {
-                        "pid": 2,
-                        "ppid": 2,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "b",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    },
-                    "c": {
-                        "pid": 3,
-                        "ppid": 2,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "c",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": "b",
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    },
-                },
-                [
-                    {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "a",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                        "children": [],
-                    },
-                    {
-                        "pid": 2,
-                        "ppid": 2,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "b",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                        "children": [
-                            {
-                                "pid": 3,
-                                "ppid": 2,
-                                "image": "blah",
-                                "command_line": "blah",
-                                "start_time": "1970-01-01 00:00:01",
-                                "objectid": {
-                                    "guid": "c",
-                                    "tag": "blah",
-                                    "treeid": None,
-                                    "processtree": None,
-                                    "time_observed": 1,
-                                },
-                                "pobjectid": {
-                                    "guid": "b",
-                                    "tag": None,
-                                    "treeid": None,
-                                    "processtree": None,
-                                    "time_observed": None,
-                                },
-                                "children": [],
-                            }
-                        ],
-                    },
-                ],
-            ),
-            # Three processes consisting of a grandparent-parent-child relationship and one rando process
-            (
-                {
-                    "a": {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "a",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    },
-                    "b": {
-                        "pid": 2,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:02",
-                        "objectid": {
-                            "guid": "b",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": "a",
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    },
-                    "c": {
-                        "pid": 3,
-                        "ppid": 2,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": 3,
-                        "objectid": {
-                            "guid": "c",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": "b",
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    },
-                    "d": {
-                        "pid": 4,
-                        "ppid": 4,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:02",
-                        "objectid": {
-                            "guid": "d",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    },
-                },
-                [
-                    {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "a",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                        "children": [
-                            {
-                                "pid": 2,
-                                "ppid": 1,
-                                "image": "blah",
-                                "command_line": "blah",
-                                "start_time": "1970-01-01 00:00:02",
-                                "objectid": {
-                                    "guid": "b",
-                                    "tag": "blah",
-                                    "treeid": None,
-                                    "processtree": None,
-                                    "time_observed": 1,
-                                },
-                                "pobjectid": {
-                                    "guid": "a",
-                                    "tag": None,
-                                    "treeid": None,
-                                    "processtree": None,
-                                    "time_observed": None,
-                                },
-                                "children": [
-                                    {
-                                        "pid": 3,
-                                        "ppid": 2,
-                                        "image": "blah",
-                                        "command_line": "blah",
-                                        "start_time": 3,
-                                        "objectid": {
-                                            "guid": "c",
-                                            "tag": "blah",
-                                            "treeid": None,
-                                            "processtree": None,
-                                            "time_observed": 1,
-                                        },
-                                        "pobjectid": {
-                                            "guid": "b",
-                                            "tag": None,
-                                            "treeid": None,
-                                            "processtree": None,
-                                            "time_observed": None,
-                                        },
-                                        "children": [],
-                                    },
-                                ],
-                            }
-                        ],
-                    },
-                    {
-                        "pid": 4,
-                        "ppid": 4,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:02",
-                        "objectid": {
-                            "guid": "d",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                        "children": [],
-                    },
-                ],
-            ),
-            # Four processes consisting of a grandparent-parent-parent-child relationship
-            (
-                {
-                    "a": {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "a",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    },
-                    "b": {
-                        "pid": 2,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:02",
-                        "objectid": {
-                            "guid": "b",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 2,
-                        },
-                        "pobjectid": {
-                            "guid": "a",
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    },
-                    "c": {
-                        "pid": 3,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": 3,
-                        "objectid": {
-                            "guid": "c",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 3,
-                        },
-                        "pobjectid": {
-                            "guid": "a",
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    },
-                    "d": {
-                        "pid": 4,
-                        "ppid": 2,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": 4,
-                        "objectid": {
-                            "guid": "d",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 4,
-                        },
-                        "pobjectid": {
-                            "guid": "b",
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    },
-                },
-                [
-                    {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "a",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                        "children": [
-                            {
-                                "pid": 2,
-                                "ppid": 1,
-                                "image": "blah",
-                                "command_line": "blah",
-                                "start_time": "1970-01-01 00:00:02",
-                                "objectid": {
-                                    "guid": "b",
-                                    "tag": "blah",
-                                    "treeid": None,
-                                    "processtree": None,
-                                    "time_observed": 2,
-                                },
-                                "pobjectid": {
-                                    "guid": "a",
-                                    "tag": None,
-                                    "treeid": None,
-                                    "processtree": None,
-                                    "time_observed": None,
-                                },
-                                "children": [
-                                    {
-                                        "pid": 4,
-                                        "ppid": 2,
-                                        "image": "blah",
-                                        "command_line": "blah",
-                                        "start_time": 4,
-                                        "objectid": {
-                                            "guid": "d",
-                                            "tag": "blah",
-                                            "treeid": None,
-                                            "processtree": None,
-                                            "time_observed": 4,
-                                        },
-                                        "pobjectid": {
-                                            "guid": "b",
-                                            "tag": None,
-                                            "treeid": None,
-                                            "processtree": None,
-                                            "time_observed": None,
-                                        },
-                                        "children": [],
-                                    }
-                                ],
-                            },
-                            {
-                                "pid": 3,
-                                "ppid": 1,
-                                "image": "blah",
-                                "command_line": "blah",
-                                "start_time": 3,
-                                "objectid": {
-                                    "guid": "c",
-                                    "tag": "blah",
-                                    "treeid": None,
-                                    "processtree": None,
-                                    "time_observed": 3,
-                                },
-                                "pobjectid": {
-                                    "guid": "a",
-                                    "tag": None,
-                                    "treeid": None,
-                                    "processtree": None,
-                                    "time_observed": None,
-                                },
-                                "children": [],
-                            },
-                        ],
-                    },
-                ],
-            ),
-            # Four processes consisting of a grandparent-parent-parent-child relationship with non-ordered times
-            (
-                {
-                    "a": {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "a",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    },
-                    "b": {
-                        "pid": 2,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": 3,
-                        "objectid": {
-                            "guid": "b",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 3,
-                        },
-                        "pobjectid": {
-                            "guid": "a",
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    },
-                    "c": {
-                        "pid": 3,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:02",
-                        "objectid": {
-                            "guid": "c",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 2,
-                        },
-                        "pobjectid": {
-                            "guid": "a",
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    },
-                    "d": {
-                        "pid": 4,
-                        "ppid": 2,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": 4,
-                        "objectid": {
-                            "guid": "d",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 4,
-                        },
-                        "pobjectid": {
-                            "guid": "b",
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    },
-                },
-                [
-                    {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "a",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                        "children": [
-                            {
-                                "pid": 3,
-                                "ppid": 1,
-                                "image": "blah",
-                                "command_line": "blah",
-                                "start_time": "1970-01-01 00:00:02",
-                                "objectid": {
-                                    "guid": "c",
-                                    "tag": "blah",
-                                    "treeid": None,
-                                    "processtree": None,
-                                    "time_observed": 2,
-                                },
-                                "pobjectid": {
-                                    "guid": "a",
-                                    "tag": None,
-                                    "treeid": None,
-                                    "processtree": None,
-                                    "time_observed": None,
-                                },
-                                "children": [],
-                            },
-                            {
-                                "pid": 2,
-                                "ppid": 1,
-                                "image": "blah",
-                                "command_line": "blah",
-                                "start_time": 3,
-                                "objectid": {
-                                    "guid": "b",
-                                    "tag": "blah",
-                                    "treeid": None,
-                                    "processtree": None,
-                                    "time_observed": 3,
-                                },
-                                "pobjectid": {
-                                    "guid": "a",
-                                    "tag": None,
-                                    "treeid": None,
-                                    "processtree": None,
-                                    "time_observed": None,
-                                },
-                                "children": [
-                                    {
-                                        "pid": 4,
-                                        "ppid": 2,
-                                        "image": "blah",
-                                        "command_line": "blah",
-                                        "start_time": 4,
-                                        "objectid": {
-                                            "guid": "d",
-                                            "tag": "blah",
-                                            "treeid": None,
-                                            "processtree": None,
-                                            "time_observed": 4,
-                                        },
-                                        "pobjectid": {
-                                            "guid": "b",
-                                            "tag": None,
-                                            "treeid": None,
-                                            "processtree": None,
-                                            "time_observed": None,
-                                        },
-                                        "children": [],
-                                    }
-                                ],
-                            },
-                        ],
-                    },
-                ],
-            ),
-            # One process and one unrelated network connection with no process
-            (
-                {
-                    "a": {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "a",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    },
-                    "b": {
-                        "process": None,
-                        "source_ip": None,
-                        "source_port": None,
-                        "destination_ip": None,
-                        "destination_port": None,
-                        "transport_layer_protocol": None,
-                        "direction": None,
-                        "objectid": {
-                            "guid": "b",
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 2,
-                        },
-                    },
-                },
-                [
-                    {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "a",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                        "children": [],
-                    },
-                    {
-                        "process": None,
-                        "source_ip": None,
-                        "source_port": None,
-                        "destination_ip": None,
-                        "destination_port": None,
-                        "transport_layer_protocol": None,
-                        "direction": None,
-                        "objectid": {
-                            "guid": "b",
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 2,
-                        },
-                        "children": [],
-                    },
-                ],
-            ),
-            # One process and one child network connection
-            (
-                {
-                    "a": {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "a",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    },
-                    "b": {
-                        "process": {
-                            "objectid": {"guid": "a", "time_observed": 1},
-                            "pobject": {"guid": "c", "time_observed": 0},
-                        },
-                        "source_ip": None,
-                        "source_port": None,
-                        "destination_ip": None,
-                        "destination_port": None,
-                        "transport_layer_protocol": None,
-                        "direction": None,
-                        "objectid": {
-                            "guid": "b",
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 2,
-                        },
-                    },
-                },
-                [
-                    {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "a",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                        "children": [
-                            {
-                                "process": {
-                                    "objectid": {"guid": "a", "time_observed": 1},
-                                    "pobject": {"guid": "c", "time_observed": 0},
-                                },
-                                "source_ip": None,
-                                "source_port": None,
-                                "destination_ip": None,
-                                "destination_port": None,
-                                "transport_layer_protocol": None,
-                                "direction": None,
-                                "objectid": {
-                                    "guid": "b",
-                                    "tag": None,
-                                    "treeid": None,
-                                    "processtree": None,
-                                    "time_observed": 2,
-                                },
-                                "children": [],
-                            }
-                        ],
-                    }
-                ],
-            ),
-            # One process and two child network connections, unordered times
-            (
-                {
-                    "a": {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "a",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                    },
-                    "b": {
-                        "process": {
-                            "objectid": {"guid": "a", "time_observed": 1},
-                            "pobject": {"guid": "c", "time_observed": 0},
-                        },
-                        "source_ip": None,
-                        "source_port": None,
-                        "destination_ip": None,
-                        "destination_port": None,
-                        "transport_layer_protocol": None,
-                        "direction": None,
-                        "objectid": {
-                            "guid": "b",
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 3,
-                        },
-                    },
-                    "c": {
-                        "process": {
-                            "objectid": {"guid": "a", "time_observed": 1},
-                            "pobject": {"guid": "c", "time_observed": 0},
-                        },
-                        "source_ip": None,
-                        "source_port": None,
-                        "destination_ip": None,
-                        "destination_port": None,
-                        "transport_layer_protocol": None,
-                        "direction": None,
-                        "objectid": {
-                            "guid": "c",
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 2,
-                        },
-                    },
-                },
-                [
-                    {
-                        "pid": 1,
-                        "ppid": 1,
-                        "image": "blah",
-                        "command_line": "blah",
-                        "start_time": "1970-01-01 00:00:01",
-                        "objectid": {
-                            "guid": "a",
-                            "tag": "blah",
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": 1,
-                        },
-                        "pobjectid": {
-                            "guid": None,
-                            "tag": None,
-                            "treeid": None,
-                            "processtree": None,
-                            "time_observed": None,
-                        },
-                        "children": [
-                            {
-                                "process": {
-                                    "objectid": {"guid": "a", "time_observed": 1},
-                                    "pobject": {"guid": "c", "time_observed": 0},
-                                },
-                                "source_ip": None,
-                                "source_port": None,
-                                "destination_ip": None,
-                                "destination_port": None,
-                                "transport_layer_protocol": None,
-                                "direction": None,
-                                "objectid": {
-                                    "guid": "c",
-                                    "tag": None,
-                                    "treeid": None,
-                                    "processtree": None,
-                                    "time_observed": 2,
-                                },
-                                "children": [],
-                            },
-                            {
-                                "process": {
-                                    "objectid": {"guid": "a", "time_observed": 1},
-                                    "pobject": {"guid": "c", "time_observed": 0},
-                                },
-                                "source_ip": None,
-                                "source_port": None,
-                                "destination_ip": None,
-                                "destination_port": None,
-                                "transport_layer_protocol": None,
-                                "direction": None,
-                                "objectid": {
-                                    "guid": "b",
-                                    "tag": None,
-                                    "treeid": None,
-                                    "processtree": None,
-                                    "time_observed": 3,
-                                },
-                                "children": [],
-                            },
-                        ],
-                    }
-                ],
-            ),
-        ],
-    )
-    def test_convert_events_dict_to_tree(events_dict, expected_result):
-        actual_result = OntologyResults._convert_events_dict_to_tree(events_dict)
-        assert actual_result == expected_result
-
-    @staticmethod
-    def test_depth():
-        dict_1 = { "children": [ {"children": [{"children": []}]}, {"children": []}, ], }
-        dict_2 = { "children": [ {"children": []}, {"children": [{"children": []}]}, ], }
-        assert OntologyResults._depth(dict_1) == 3
-        assert OntologyResults._depth(dict_2) == 3
-
-    @staticmethod
-    def test_convert_events_dict_to_tree_with_recursion():
-        # This is used to generate a large dict
-        # The default maximum recursion depth is 1000, so we want to exceed that
-        events_dict = {}
-        for i in range(1001):
-            events_dict[f"blah_{i+1}"] = {
-                "pid": i+1,
-                "ppid": i,
-                "image": "blah",
-                "command_line": "blah",
-                "start_time": 1,
-                "objectid": {
-                    "guid": f"blah_{i+1}",
-                    "tag": "blah",
-                    "treeid": None,
-                    "processtree": None,
-                    "time_observed": i+1,
-                },
-                "pobjectid": {
-                    "guid": f"blah_{i}",
-                    "tag": None,
-                    "treeid": None,
-                    "processtree": None,
-                    "time_observed": i,
-                },
-            }
-
-        # We also want to test that only the too deep dicts are affected
-        events_dict["blah_9999"] = {
-            "pid": 9999,
-            "ppid": 9998,
-            "image": "blah",
-            "command_line": "blah",
-            "start_time": 1,
-            "objectid": {
-                "guid": "blah_9999",
-                "tag": "blah",
-                "treeid": None,
-                "processtree": None,
-                "time_observed": 9999,
-            },
-            "pobjectid": {
-                "guid": "blah_9998",
-                "tag": None,
-                "treeid": None,
-                "processtree": None,
-                "time_observed": 9998,
-            },
-        }
-
-        # We have no problem generating a large value, we just cannot use this value for the UI
-        actual_result = OntologyResults._convert_events_dict_to_tree(events_dict)
-        assert OntologyResults._depth(actual_result[0]) == 10
-        assert len(actual_result) == 2
-
-    @staticmethod
-    def test_convert_event_tree_to_result_section():
-        from assemblyline_v4_service.common.result import ResultProcessTreeSection
-
-        result_section = ResultProcessTreeSection("Spawned Process Tree")
-
-        so = OntologyResults(service_name="blah")
-        actual_items = []
-        event = {
-            "pid": 1,
-            "image": "blah",
-            "command_line": "blah",
-            "objectid": {
-                "treeid": "blahblah",
-                "processtree": "blahblah",
-            },
-            "children": [
-                {
-                    "process": {},
-                    "objectid": {"processtree": "blahblahblah", "treeid": None},
-                },
-                {
-                    "pid": 2,
-                    "image": "blah",
-                    "command_line": "blah",
-                    "children": [],
-                    "objectid": {"processtree": "blahblahblahblah", "treeid": None},
-                },
-            ],
-        }
-        safelist = ["blahblah"]
-        p_objectid = ObjectID(tag="blah", ontology_id="blah")
-        p = so.create_process(
-            objectid=p_objectid, image="blah", pid=2, start_time="1970-01-01 00:00:01"
-        )
-        so.add_process(p)
-        sig_objectid = ObjectID(tag="blah", ontology_id="blah")
-        sig = so.create_signature(
-            objectid=sig_objectid,
-            attributes=[Attribute(source=p_objectid)],
-            name="bad",
-            score=99,
-            type="CUCKOO",
-        )
-        so.add_signature(sig)
-        nc_objectid = ObjectID(tag="blah", ontology_id="blah")
-        nc = so.create_network_connection(
-            objectid=nc_objectid,
-            process=p,
-            destination_ip="1.1.1.1",
-            destination_port=123,
-            transport_layer_protocol="tcp",
-            direction="outbound",
-        )
-        so.add_network_connection(nc)
-        so._convert_event_tree_to_result_section(
-            actual_items, event, safelist, result_section
-        )
-        assert actual_items[0].as_primitives() == {
-            "process_name": "blah",
-            "command_line": "blah",
-            "process_pid": 1,
-            "children": [
-                {
-                    "process_name": "blah",
-                    "command_line": "blah",
-                    "process_pid": 2,
-                    "children": [],
-                    "signatures": {"bad": 99},
-                    "file_count": 0,
-                    "network_count": 1,
-                    "registry_count": 0,
-                    "safelisted": False,
-                }
-            ],
-            "signatures": {},
-            "file_count": 0,
-            "network_count": 0,
-            "registry_count": 0,
-            "safelisted": True,
-        }
-        assert result_section.tags == {"dynamic.processtree_id": ["blahblahblahblah"], "dynamic.process.command_line": ["blah"]}
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "parent_treeid, parent_processtree, node, expected_node, expected_treeids, expected_processtrees",
-        [
-            (
-                "",
-                "",
-                {
-                    "objectid": {
-                        "tag": "got the image",
-                        "guid": "{12345678-1234-5678-1234-567812345678}",
-                    },
-                    "children": [
-                        {
-                            "objectid": {
-                                "tag": "image number 2",
-                                "guid": "{12345678-1234-5678-1234-567812345679}",
-                            },
-                            "children": [],
-                        },
-                        {
-                            "objectid": {
-                                "tag": "image number 3",
-                                "guid": "{12345678-1234-5678-1234-567812345670}",
-                            },
-                            "children": [],
-                        },
-                    ],
-                },
-                {
-                    "objectid": {
-                        "tag": "got the image",
-                        "guid": "{12345678-1234-5678-1234-567812345678}",
-                        "treeid": "b71bf6eacf36ecdf07b3f1efa5d6f50725271ca85369b966e19da5b76c175b5b",
-                        "processtree": "got the image",
-                    },
-                    "children": [
-                        {
-                            "objectid": {
-                                "tag": "image number 2",
-                                "treeid": "294156e02fb77c860933c93da8629dbceab367629a1ff9af68ff4b03c8596b17",
-                                "processtree": "got the image|image number 2",
-                                "guid": "{12345678-1234-5678-1234-567812345679}",
-                            },
-                            "children": [],
-                        },
-                        {
-                            "objectid": {
-                                "tag": "image number 3",
-                                "treeid": "0483e740e929697527964c71227dd76403cdc91ca16e7a4a9a430f734481f129",
-                                "processtree": "got the image|image number 3",
-                                "guid": "{12345678-1234-5678-1234-567812345670}",
-                            },
-                            "children": [],
-                        },
-                    ],
-                },
-                [
-                    "b71bf6eacf36ecdf07b3f1efa5d6f50725271ca85369b966e19da5b76c175b5b",
-                    "294156e02fb77c860933c93da8629dbceab367629a1ff9af68ff4b03c8596b17",
-                    "0483e740e929697527964c71227dd76403cdc91ca16e7a4a9a430f734481f129",
-                ],
-                [
-                    "got the image",
-                    "got the image|image number 2",
-                    "got the image|image number 3",
-                ],
-            ),
-            (
-                "blahblah",
-                "blahblah",
-                {
-                    "objectid": {
-                        "tag": "got the image",
-                        "guid": "{12345678-1234-5678-1234-567812345678}",
-                    },
-                    "children": [
-                        {
-                            "objectid": {
-                                "tag": "image number 2",
-                                "guid": "{12345678-1234-5678-1234-567812345679}",
-                            },
-                            "children": [],
-                        },
-                        {
-                            "objectid": {
-                                "tag": "image number 3",
-                                "guid": "{12345678-1234-5678-1234-567812345670}",
-                            },
-                            "children": [],
-                        },
-                    ],
-                },
-                {
-                    "objectid": {
-                        "tag": "got the image",
-                        "treeid": "66ca3e01980a462ae88cf5e329ca479519f75d87192e93a8573e661bedb0cb9c",
-                        "processtree": "blahblah|got the image",
-                        "guid": "{12345678-1234-5678-1234-567812345678}",
-                    },
-                    "children": [
-                        {
-                            "objectid": {
-                                "tag": "image number 2",
-                                "treeid": "9dc17d47ccef093c965c150401b717ba27728dd2c6360322526bd4c19493b154",
-                                "processtree": "blahblah|got the image|image number 2",
-                                "guid": "{12345678-1234-5678-1234-567812345679}",
-                            },
-                            "children": [],
-                        },
-                        {
-                            "objectid": {
-                                "tag": "image number 3",
-                                "treeid": "020951694e1d88b34a8a3409d1f6f027173302728800e000af9d874ff9a3004d",
-                                "processtree": "blahblah|got the image|image number 3",
-                                "guid": "{12345678-1234-5678-1234-567812345670}",
-                            },
-                            "children": [],
-                        },
-                    ],
-                },
-                [
-                    "66ca3e01980a462ae88cf5e329ca479519f75d87192e93a8573e661bedb0cb9c",
-                    "9dc17d47ccef093c965c150401b717ba27728dd2c6360322526bd4c19493b154",
-                    "020951694e1d88b34a8a3409d1f6f027173302728800e000af9d874ff9a3004d",
-                ],
-                [
-                    "blahblah|got the image",
-                    "blahblah|got the image|image number 2",
-                    "blahblah|got the image|image number 3",
-                ],
-            ),
-        ],
-    )
-    def test_create_hashed_node(
-        parent_treeid,
-        parent_processtree,
-        node,
-        expected_node,
-        expected_treeids,
-        expected_processtrees,
-    ):
-        default_or = OntologyResults(service_name="blah")
-        p = default_or.create_process(
-            objectid=ObjectID(
-                guid="{12345678-1234-5678-1234-567812345678}",
-                tag="blah",
-                ontology_id="blah",
-            ),
-            image="blah",
-            start_time="1970-01-01 00:00:01",
-            pid=1,
-        )
-        p1 = default_or.create_process(
-            objectid=ObjectID(
-                guid="{12345678-1234-5678-1234-567812345679}",
-                tag="blah",
-                ontology_id="blah",
-            ),
-            image="blah",
-            start_time="1970-01-01 00:00:01",
-            pid=2,
-        )
-        p2 = default_or.create_process(
-            objectid=ObjectID(
-                guid="{12345678-1234-5678-1234-567812345670}",
-                tag="blah",
-                ontology_id="blah",
-            ),
-            image="blah",
-            start_time="1970-01-01 00:00:01",
-            pid=3,
-        )
-        default_or.add_process(p)
-        default_or.add_process(p1)
-        default_or.add_process(p2)
-
-        default_or._create_hashed_node(parent_treeid, parent_processtree, node)
-        assert node == expected_node
-        assert [
-            proc.objectid.treeid for proc in default_or.get_processes()
-        ] == expected_treeids
-        assert [
-            proc.objectid.processtree for proc in default_or.get_processes()
-        ] == expected_processtrees
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "process_tree, expected_process_tree",
-        [
-            (
-                [
-                    {
-                        "objectid": {
-                            "tag": "?pf86\\microsoft office\\office14\\excel.exe"
-                        },
-                        "children": [
-                            {
-                                "objectid": {"tag": "?sys32\\wbem\\wmic1.exe"},
-                                "children": [
-                                    {
-                                        "objectid": {"tag": "?sys32\\wbem\\wmic11.exe"},
-                                        "children": [
-                                            {
-                                                "objectid": {
-                                                    "tag": "?sys32\\wbem\\wmic111.exe"
-                                                },
-                                                "children": [],
-                                            }
-                                        ],
-                                    },
-                                    {
-                                        "objectid": {"tag": "?sys32\\wbem\\wmic12.exe"},
-                                        "children": [],
-                                    },
-                                ],
-                            },
-                            {
-                                "objectid": {"tag": "?sys32\\wbem\\wmic2.exe"},
-                                "children": [],
-                            },
-                            {
-                                "objectid": {"tag": "?sys32\\wbem\\wmic3.exe"},
-                                "children": [
-                                    {
-                                        "objectid": {"tag": "?sys32\\wbem\\wmic31.exe"},
-                                        "children": [],
-                                    },
-                                    {
-                                        "objectid": {"tag": "?sys32\\wbem\\wmic32.exe"},
-                                        "children": [],
-                                    },
-                                    {
-                                        "objectid": {"tag": "?sys32\\wbem\\wmic33.exe"},
-                                        "children": [],
-                                    },
-                                ],
-                            },
-                        ],
-                    }
-                ],
-                [
-                    {
-                        "objectid": {
-                            "tag": "?pf86\\microsoft office\\office14\\excel.exe",
-                            "treeid": "e0e3b025c75e49d9306866f83a77c0356d825e25b1f4fc6ddbaf6339d3a22c62",
-                            "processtree": "?pf86\\microsoft office\\office14\\excel.exe",
-                        },
-                        "children": [
-                            {
-                                "objectid": {
-                                    "tag": "?sys32\\wbem\\wmic1.exe",
-                                    "treeid": "444ba8aca3c500c14d6b9948e6564864ffe3533b17c8a7970b20ff4145884448",
-                                    "processtree": "?pf86\\microsoft office\\office14\\excel.exe|?sys32\\wbem\\wmic1.exe",
-                                },
-                                "children": [
-                                    {
-                                        "objectid": {
-                                            "tag": "?sys32\\wbem\\wmic11.exe",
-                                            "treeid": "29ee5e07066a9f5c9f66856c8cadaf706439b1eaef79ddad74f3cac929b54464",
-                                            "processtree": "?pf86\\microsoft office\\office14\\excel.exe|?sys32\\wbem\\wmic1.exe|?sys32\\wbem\\wmic11.exe",
-                                        },
-                                        "children": [
-                                            {
-                                                "objectid": {
-                                                    "tag": "?sys32\\wbem\\wmic111.exe",
-                                                    "treeid": "63f4a4e5d1d649916ae2088bb28c3356b2348184c4dd332907e5498232da71ac",
-                                                    "processtree": "?pf86\\microsoft office\\office14\\excel.exe|?sys32\\wbem\\wmic1.exe|?sys32\\wbem\\wmic11.exe|?sys32\\wbem\\wmic111.exe",
-                                                },
-                                                "children": [],
-                                            }
-                                        ],
-                                    },
-                                    {
-                                        "objectid": {
-                                            "tag": "?sys32\\wbem\\wmic12.exe",
-                                            "treeid": "6943c25c391d6dd1f87670f5135c621d3b30b05e211074225a92da65591ef38d",
-                                            "processtree": "?pf86\\microsoft office\\office14\\excel.exe|?sys32\\wbem\\wmic1.exe|?sys32\\wbem\\wmic12.exe",
-                                        },
-                                        "children": [],
-                                    },
-                                ],
-                            },
-                            {
-                                "objectid": {
-                                    "tag": "?sys32\\wbem\\wmic2.exe",
-                                    "treeid": "a919e092d0d0149ce706c801290feabe3dc392d41283c9b575e6d1f0026bad1b",
-                                    "processtree": "?pf86\\microsoft office\\office14\\excel.exe|?sys32\\wbem\\wmic2.exe",
-                                },
-                                "children": [],
-                            },
-                            {
-                                "objectid": {
-                                    "tag": "?sys32\\wbem\\wmic3.exe",
-                                    "treeid": "878e93a9cb19e3d8d659dbb3bd4945e53055f3b22c79ac49fac3070b3cc1acd7",
-                                    "processtree": "?pf86\\microsoft office\\office14\\excel.exe|?sys32\\wbem\\wmic3.exe",
-                                },
-                                "children": [
-                                    {
-                                        "objectid": {
-                                            "tag": "?sys32\\wbem\\wmic31.exe",
-                                            "treeid": "6efb85adcc57520a6b6b72afaba81d82c5deae025761f98aa33125cb37274b40",
-                                            "processtree": "?pf86\\microsoft office\\office14\\excel.exe|?sys32\\wbem\\wmic3.exe|?sys32\\wbem\\wmic31.exe",
-                                        },
-                                        "children": [],
-                                    },
-                                    {
-                                        "objectid": {
-                                            "tag": "?sys32\\wbem\\wmic32.exe",
-                                            "treeid": "099dc238ab64fb47b78557f727aa3a38a7c8b74c395c7010dd3bd2a63ec7ebdd",
-                                            "processtree": "?pf86\\microsoft office\\office14\\excel.exe|?sys32\\wbem\\wmic3.exe|?sys32\\wbem\\wmic32.exe",
-                                        },
-                                        "children": [],
-                                    },
-                                    {
-                                        "objectid": {
-                                            "tag": "?sys32\\wbem\\wmic33.exe",
-                                            "treeid": "4e99297d75424090c9b9c02fd62d19835e9ae15d3aa137ae3eab1b3c83088fa5",
-                                            "processtree": "?pf86\\microsoft office\\office14\\excel.exe|?sys32\\wbem\\wmic3.exe|?sys32\\wbem\\wmic33.exe",
-                                        },
-                                        "children": [],
-                                    },
-                                ],
-                            },
-                        ],
-                    }
-                ],
-            ),
-        ],
-    )
-    def test_create_treeids(process_tree, expected_process_tree):
-        default_or = OntologyResults()
-        default_or._create_treeids(process_tree)
-        assert process_tree == expected_process_tree
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "node, safe_treeids, expected_node",
-        [
-            (
-                {"image": "a", "objectid": {"treeid": "a"}, "children": []},
-                [],
-                {"image": "a", "objectid": {"treeid": "a"}, "children": []},
-            ),
-            (
-                {"image": "a", "objectid": {"treeid": "a"}, "children": []},
-                ["a"],
-                {"image": "a", "objectid": {"treeid": "a"}, "children": []},
-            ),
-            (
-                {
-                    "image": "a",
-                    "objectid": {"treeid": "a"},
-                    "children": [
-                        {"image": "b", "objectid": {"treeid": "b"}, "children": []}
-                    ],
-                },
-                [],
-                {
-                    "image": "a",
-                    "objectid": {"treeid": "a"},
-                    "children": [
-                        {"image": "b", "objectid": {"treeid": "b"}, "children": []}
-                    ],
-                },
-            ),
-            (
-                {
-                    "image": "a",
-                    "objectid": {"treeid": "a"},
-                    "children": [
-                        {"image": "b", "objectid": {"treeid": "b"}, "children": []}
-                    ],
-                },
-                ["b"],
-                {"children": [], "image": "a", "objectid": {"treeid": "b"}},
-            ),
-            (
-                {
-                    "image": "a",
-                    "objectid": {"treeid": "a"},
-                    "children": [
-                        {"image": "b", "objectid": {"treeid": "b"}, "children": []}
-                    ],
-                },
-                ["a"],
-                {
-                    "children": [
-                        {"children": [], "image": "b", "objectid": {"treeid": "b"}}
-                    ],
-                    "image": "a",
-                    "objectid": {"treeid": "a"},
-                },
-            ),
-            (
-                {
-                    "image": "a",
-                    "objectid": {"treeid": "a"},
-                    "children": [
-                        {"image": "b", "objectid": {"treeid": "b"}, "children": []},
-                        {"image": "c", "objectid": {"treeid": "c"}, "children": []},
-                    ],
-                },
-                [],
-                {
-                    "children": [
-                        {"children": [], "image": "b", "objectid": {"treeid": "b"}},
-                        {"children": [], "image": "c", "objectid": {"treeid": "c"}},
-                    ],
-                    "image": "a",
-                    "objectid": {"treeid": "a"},
-                },
-            ),
-            (
-                {
-                    "image": "a",
-                    "objectid": {"treeid": "a"},
-                    "children": [
-                        {"image": "b", "objectid": {"treeid": "b"}, "children": []},
-                        {"image": "c", "objectid": {"treeid": "c"}, "children": []},
-                    ],
-                },
-                ["b"],
-                {
-                    "children": [
-                        {"children": [], "image": "c", "objectid": {"treeid": "c"}}
-                    ],
-                    "image": "a",
-                    "objectid": {"treeid": "a"},
-                },
-            ),
-            (
-                {
-                    "image": "a",
-                    "objectid": {"treeid": "a"},
-                    "children": [
-                        {"image": "b", "objectid": {"treeid": "b"}, "children": []},
-                        {"image": "c", "objectid": {"treeid": "c"}, "children": []},
-                    ],
-                },
-                ["c"],
-                {
-                    "children": [
-                        {"children": [], "image": "b", "objectid": {"treeid": "b"}}
-                    ],
-                    "image": "a",
-                    "objectid": {"treeid": "a"},
-                },
-            ),
-            (
-                {
-                    "image": "a",
-                    "objectid": {"treeid": "a"},
-                    "children": [
-                        {
-                            "image": "b",
-                            "objectid": {"treeid": "b"},
-                            "children": [
-                                {
-                                    "image": "d",
-                                    "objectid": {"treeid": "d"},
-                                    "children": [],
-                                }
-                            ],
-                        },
-                        {"image": "c", "objectid": {"treeid": "c"}, "children": []},
-                    ],
-                },
-                ["c"],
-                {
-                    "children": [
-                        {
-                            "children": [
-                                {
-                                    "image": "d",
-                                    "objectid": {"treeid": "d"},
-                                    "children": [],
-                                }
-                            ],
-                            "image": "b",
-                            "objectid": {"treeid": "b"},
-                        }
-                    ],
-                    "image": "a",
-                    "objectid": {"treeid": "a"},
-                },
-            ),
-            (
-                {
-                    "image": "a",
-                    "objectid": {"treeid": "a"},
-                    "children": [
-                        {
-                            "image": "b",
-                            "objectid": {"treeid": "b"},
-                            "children": [
-                                {
-                                    "image": "d",
-                                    "objectid": {"treeid": "d"},
-                                    "children": [],
-                                }
-                            ],
-                        },
-                        {"image": "c", "objectid": {"treeid": "c"}, "children": []},
-                    ],
-                },
-                ["d"],
-                {
-                    "children": [
-                        {"children": [], "image": "c", "objectid": {"treeid": "c"}}
-                    ],
-                    "image": "a",
-                    "objectid": {"treeid": "a"},
-                },
-            ),
-            (
-                {
-                    "image": "a",
-                    "objectid": {"treeid": "a"},
-                    "children": [
-                        {"image": "b", "objectid": {"treeid": "b"}, "children": []},
-                        {
-                            "image": "c",
-                            "objectid": {"treeid": "c"},
-                            "children": [
-                                {
-                                    "image": "d",
-                                    "objectid": {"treeid": "d"},
-                                    "children": [],
-                                }
-                            ],
-                        },
-                    ],
-                },
-                ["d"],
-                {
-                    "image": "a",
-                    "objectid": {"treeid": "a"},
-                    "children": [
-                        {"image": "b", "objectid": {"treeid": "b"}, "children": []}
-                    ],
-                },
-            ),
-            (
-                {
-                    "image": "a",
-                    "objectid": {"treeid": "a"},
-                    "children": [
-                        {"image": "b", "objectid": {"treeid": "b"}, "children": []},
-                        {
-                            "image": "c",
-                            "objectid": {"treeid": "c"},
-                            "children": [
-                                {
-                                    "image": "d",
-                                    "objectid": {"treeid": "d"},
-                                    "children": [],
-                                }
-                            ],
-                        },
-                    ],
-                },
-                ["b"],
-                {
-                    "image": "a",
-                    "objectid": {"treeid": "a"},
-                    "children": [
-                        {
-                            "image": "c",
-                            "objectid": {"treeid": "c"},
-                            "children": [
-                                {
-                                    "image": "d",
-                                    "objectid": {"treeid": "d"},
-                                    "children": [],
-                                }
-                            ],
-                        }
-                    ],
-                },
-            ),
-        ],
-    )
-    def test_remove_safe_leaves_helper(node, safe_treeids, expected_node):
-        _ = OntologyResults._remove_safe_leaves_helper(node, safe_treeids)
-        assert node == expected_node
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "process_tree, safe_treeids, expected_process_tree",
-        [
-            (
-                [{"image": "a", "children": [], "objectid": {"treeid": "blah"}}],
-                [],
-                [{"image": "a", "children": [], "objectid": {"treeid": "blah"}}],
-            ),
-            (
-                [{"image": "a", "children": [], "objectid": {"treeid": "blah"}}],
-                ["blah"],
-                [],
-            ),
-            (
-                [
-                    {"image": "a", "children": [], "objectid": {"treeid": "blah"}},
-                    {"image": "b", "children": [], "objectid": {"treeid": "blahblah"}},
-                ],
-                ["blah"],
-                [{"image": "b", "children": [], "objectid": {"treeid": "blahblah"}}],
-            ),
-            (
-                [
-                    {"image": "a", "children": [], "objectid": {"treeid": "blah"}},
-                    {"image": "b", "children": [], "objectid": {"treeid": "blahblah"}},
-                ],
-                ["blahblah"],
-                [{"image": "a", "children": [], "objectid": {"treeid": "blah"}}],
-            ),
-            (
-                [
-                    {
-                        "image": "a",
-                        "children": [
-                            {"image": "b", "children": [], "objectid": {"treeid": "b"}}
-                        ],
-                        "objectid": {"treeid": "a"},
-                    },
-                    {
-                        "image": "c",
-                        "children": [
-                            {"image": "d", "children": [], "objectid": {"treeid": "d"}}
-                        ],
-                        "objectid": {"treeid": "c"},
-                    },
-                ],
-                [],
-                [
-                    {
-                        "image": "a",
-                        "children": [
-                            {"image": "b", "children": [], "objectid": {"treeid": "b"}}
-                        ],
-                        "objectid": {"treeid": "a"},
-                    },
-                    {
-                        "image": "c",
-                        "children": [
-                            {"image": "d", "children": [], "objectid": {"treeid": "d"}}
-                        ],
-                        "objectid": {"treeid": "c"},
-                    },
-                ],
-            ),
-            (
-                [
-                    {
-                        "image": "a",
-                        "children": [
-                            {"image": "b", "children": [], "objectid": {"treeid": "b"}}
-                        ],
-                        "objectid": {"treeid": "a"},
-                    },
-                    {
-                        "image": "c",
-                        "children": [
-                            {"image": "d", "children": [], "objectid": {"treeid": "d"}}
-                        ],
-                        "objectid": {"treeid": "c"},
-                    },
-                ],
-                ["a"],
-                [
-                    {
-                        "image": "a",
-                        "children": [
-                            {"image": "b", "children": [], "objectid": {"treeid": "b"}}
-                        ],
-                        "objectid": {"treeid": "a"},
-                    },
-                    {
-                        "image": "c",
-                        "children": [
-                            {"image": "d", "children": [], "objectid": {"treeid": "d"}}
-                        ],
-                        "objectid": {"treeid": "c"},
-                    },
-                ],
-            ),
-            (
-                [
-                    {
-                        "image": "a",
-                        "children": [
-                            {"image": "b", "children": [], "objectid": {"treeid": "b"}}
-                        ],
-                        "objectid": {"treeid": "a"},
-                    },
-                    {
-                        "image": "c",
-                        "children": [
-                            {"image": "d", "children": [], "objectid": {"treeid": "d"}}
-                        ],
-                        "objectid": {"treeid": "c"},
-                    },
-                ],
-                ["b"],
-                [
-                    {
-                        "image": "c",
-                        "children": [
-                            {"image": "d", "children": [], "objectid": {"treeid": "d"}}
-                        ],
-                        "objectid": {"treeid": "c"},
-                    }
-                ],
-            ),
-        ],
-    )
-    def test_remove_safe_leaves(process_tree, safe_treeids, expected_process_tree):
-        OntologyResults._remove_safe_leaves(process_tree, safe_treeids)
-        assert process_tree == expected_process_tree
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "event_tree, safe_treeids, expected_event_tree",
-        [
-            ([], [], []),
-            (
-                [
-                    {
-                        "image": "a",
-                        "children": [],
-                        "objectid": {
-                            "treeid": "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
-                        },
-                    }
-                ],
-                [],
-                [
-                    {
-                        "image": "a",
-                        "children": [],
-                        "objectid": {
-                            "treeid": "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
-                        },
-                    }
-                ],
-            ),
-            (
-                [
-                    {
-                        "image": "a",
-                        "children": [],
-                        "objectid": {
-                            "treeid": "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
-                        },
-                    }
-                ],
-                ["ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"],
-                [],
-            ),
-            (
-                [
-                    {
-                        "image": "a",
-                        "children": [
-                            {
-                                "image": "b",
-                                "children": [],
-                                "objectid": {
-                                    "treeid": "d107b7d075043599f95950cf82591afa47c4dce9b4d343dc6fbecb1b051ee3ef"
-                                },
-                            }
-                        ],
-                        "objectid": {
-                            "treeid": "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
-                        },
-                    }
-                ],
-                [],
-                [
-                    {
-                        "image": "a",
-                        "children": [
-                            {
-                                "image": "b",
-                                "children": [],
-                                "objectid": {
-                                    "treeid": "d107b7d075043599f95950cf82591afa47c4dce9b4d343dc6fbecb1b051ee3ef"
-                                },
-                            }
-                        ],
-                        "objectid": {
-                            "treeid": "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
-                        },
-                    }
-                ],
-            ),
-            (
-                [
-                    {
-                        "image": "a",
-                        "children": [
-                            {
-                                "image": "b",
-                                "children": [],
-                                "objectid": {
-                                    "treeid": "d107b7d075043599f95950cf82591afa47c4dce9b4d343dc6fbecb1b051ee3ef"
-                                },
-                            }
-                        ],
-                        "objectid": {
-                            "treeid": "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
-                        },
-                    }
-                ],
-                ["d107b7d075043599f95950cf82591afa47c4dce9b4d343dc6fbecb1b051ee3ef"],
-                [],
-            ),
-            (
-                [
-                    {
-                        "image": "a",
-                        "children": [
-                            {
-                                "image": "b",
-                                "children": [],
-                                "objectid": {
-                                    "treeid": "d107b7d075043599f95950cf82591afa47c4dce9b4d343dc6fbecb1b051ee3ef"
-                                },
-                            }
-                        ],
-                        "objectid": {
-                            "treeid": "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
-                        },
-                    }
-                ],
-                ["ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"],
-                [
-                    {
-                        "image": "a",
-                        "children": [
-                            {
-                                "image": "b",
-                                "children": [],
-                                "objectid": {
-                                    "treeid": "d107b7d075043599f95950cf82591afa47c4dce9b4d343dc6fbecb1b051ee3ef"
-                                },
-                            }
-                        ],
-                        "objectid": {
-                            "treeid": "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
-                        },
-                    }
-                ],
-            ),
-            (
-                [
-                    {
-                        "image": "a",
-                        "children": [
-                            {
-                                "image": "b",
-                                "children": [],
-                                "objectid": {
-                                    "treeid": "d107b7d075043599f95950cf82591afa47c4dce9b4d343dc6fbecb1b051ee3ef"
-                                },
-                            }
-                        ],
-                        "objectid": {
-                            "treeid": "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
-                        },
-                    },
-                    {
-                        "image": "c",
-                        "children": [
-                            {
-                                "image": "d",
-                                "children": [],
-                                "objectid": {
-                                    "treeid": "c986d8a25b16022d5da642e622d15252820421dade338015cb8a7efe558d6d04"
-                                },
-                            }
-                        ],
-                        "objectid": {
-                            "treeid": "2e7d2c03a9507ae265ecf5b5356885a53393a2029d241394997265a1a25aefc6"
-                        },
-                    },
-                ],
-                ["d107b7d075043599f95950cf82591afa47c4dce9b4d343dc6fbecb1b051ee3ef"],
-                [
-                    {
-                        "children": [
-                            {
-                                "children": [],
-                                "image": "d",
-                                "objectid": {
-                                    "treeid": "c986d8a25b16022d5da642e622d15252820421dade338015cb8a7efe558d6d04"
-                                },
-                            }
-                        ],
-                        "image": "c",
-                        "objectid": {
-                            "treeid": "2e7d2c03a9507ae265ecf5b5356885a53393a2029d241394997265a1a25aefc6"
-                        },
-                    }
-                ],
-            ),
-            (
-                [
-                    {
-                        "image": "a",
-                        "children": [
-                            {
-                                "image": "b",
-                                "children": [],
-                                "objectid": {
-                                    "treeid": "d107b7d075043599f95950cf82591afa47c4dce9b4d343dc6fbecb1b051ee3ef"
-                                },
-                            }
-                        ],
-                        "objectid": {
-                            "treeid": "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
-                        },
-                    },
-                    {
-                        "image": "c",
-                        "children": [
-                            {
-                                "image": "d",
-                                "children": [],
-                                "objectid": {
-                                    "treeid": "c986d8a25b16022d5da642e622d15252820421dade338015cb8a7efe558d6d04"
-                                },
-                            }
-                        ],
-                        "objectid": {
-                            "treeid": "2e7d2c03a9507ae265ecf5b5356885a53393a2029d241394997265a1a25aefc6"
-                        },
-                    },
-                ],
-                ["2e7d2c03a9507ae265ecf5b5356885a53393a2029d241394997265a1a25aefc6"],
-                [
-                    {
-                        "image": "a",
-                        "children": [
-                            {
-                                "image": "b",
-                                "children": [],
-                                "objectid": {
-                                    "treeid": "d107b7d075043599f95950cf82591afa47c4dce9b4d343dc6fbecb1b051ee3ef"
-                                },
-                            }
-                        ],
-                        "objectid": {
-                            "treeid": "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
-                        },
-                    },
-                    {
-                        "image": "c",
-                        "children": [
-                            {
-                                "image": "d",
-                                "children": [],
-                                "objectid": {
-                                    "treeid": "c986d8a25b16022d5da642e622d15252820421dade338015cb8a7efe558d6d04"
-                                },
-                            }
-                        ],
-                        "objectid": {
-                            "treeid": "2e7d2c03a9507ae265ecf5b5356885a53393a2029d241394997265a1a25aefc6"
-                        },
-                    },
-                ],
-            ),
-            (
-                [
-                    {
-                        "image": "a",
-                        "children": [
-                            {
-                                "image": "b",
-                                "children": [],
-                                "objectid": {
-                                    "treeid": "d107b7d075043599f95950cf82591afa47c4dce9b4d343dc6fbecb1b051ee3ef"
-                                },
-                            }
-                        ],
-                        "objectid": {
-                            "treeid": "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
-                        },
-                    },
-                    {
-                        "image": "c",
-                        "children": [
-                            {
-                                "image": "d",
-                                "children": [],
-                                "objectid": {
-                                    "treeid": "c986d8a25b16022d5da642e622d15252820421dade338015cb8a7efe558d6d04"
-                                },
-                            }
-                        ],
-                        "objectid": {
-                            "treeid": "2e7d2c03a9507ae265ecf5b5356885a53393a2029d241394997265a1a25aefc6"
-                        },
-                    },
-                ],
-                ["c986d8a25b16022d5da642e622d15252820421dade338015cb8a7efe558d6d04"],
-                [
-                    {
-                        "image": "a",
-                        "children": [
-                            {
-                                "image": "b",
-                                "children": [],
-                                "objectid": {
-                                    "treeid": "d107b7d075043599f95950cf82591afa47c4dce9b4d343dc6fbecb1b051ee3ef"
-                                },
-                            }
-                        ],
-                        "objectid": {
-                            "treeid": "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
-                        },
-                    }
-                ],
-            ),
-        ],
-    )
-    def test_filter_event_tree_against_safe_treeids(
-        event_tree, safe_treeids, expected_event_tree
-    ):
-        filtered_event_tree = OntologyResults._filter_event_tree_against_safe_treeids(
-            event_tree, safe_treeids
-        )
-        assert filtered_event_tree == expected_event_tree
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "artifact_list",
-        [
-            None,
-            [],
-            [
-                {
-                    "name": "blah",
-                    "path": "blah",
-                    "description": "blah",
-                    "to_be_extracted": True,
-                    "sha256": "blah",
-                }
-            ],
-        ],
-    )
-    def test_validate_artifacts(artifact_list):
-        actual_validated_artifact_list = OntologyResults._validate_artifacts(
-            artifact_list
-        )
-        if artifact_list is None:
-            artifact_list = []
-        for index, artifact in enumerate(artifact_list):
-            expected_artifact = Artifact(
-                name=artifact["name"],
-                path=artifact["path"],
-                description=artifact["description"],
-                to_be_extracted=artifact["to_be_extracted"],
-                sha256=artifact["sha256"],
-            )
-            assert expected_artifact.as_primitives(), actual_validated_artifact_list[
-                index
-            ].as_primitives()
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "artifact, expected_result_section_title",
-        [
-            (None, None),
-            (
-                {
-                    "path": "blah",
-                    "name": "blah",
-                    "description": "blah",
-                    "to_be_extracted": True,
-                },
-                None,
-            ),
-            (
-                {
-                    "path": "blah",
-                    "name": "123_hollowshunter/hh_process_123_blah.exe",
-                    "description": "blah",
-                    "to_be_extracted": True,
-                },
-                "HollowsHunter Injected Portable Executable",
-            ),
-            (
-                {
-                    "path": "blah",
-                    "name": "123_hollowshunter/hh_process_123_blah.shc",
-                    "description": "blah",
-                    "to_be_extracted": True,
-                },
-                None,
-            ),
-            (
-                {
-                    "path": "blah",
-                    "name": "123_hollowshunter/hh_process_123_blah.dll",
-                    "description": "blah",
-                    "to_be_extracted": True,
-                },
-                "HollowsHunter Injected Portable Executable",
-            ),
-        ],
-    )
-    def test_handle_artifact(artifact, expected_result_section_title):
-        from assemblyline_v4_service.common.result import Heuristic, ResultSection
-
-        if artifact is None:
-            with pytest.raises(Exception):
-                OntologyResults._handle_artifact(artifact, None)
-            return
-
-        expected_result_section = None
-        if expected_result_section_title is not None:
-            expected_result_section = ResultSection(expected_result_section_title)
-            expected_result_section.add_line("HollowsHunter dumped the following:")
-            expected_result_section.add_line(f"\t- {artifact['name']}")
-            expected_result_section.add_tag(
-                "dynamic.process.file_name", artifact["name"]
-            )
-            if expected_result_section_title == HOLLOWSHUNTER_TITLE:
-                heur = Heuristic(17)
-                if ".exe" in artifact["name"]:
-                    heur.add_signature_id("hollowshunter_exe")
-                elif ".dll" in artifact["name"]:
-                    heur.add_signature_id("hollowshunter_dll")
-
-                expected_result_section.set_heuristic(heur)
-        parent_result_section = ResultSection("blah")
-        a = Artifact(
-            name=artifact["name"],
-            path=artifact["path"],
-            description=artifact["description"],
-            to_be_extracted=artifact["to_be_extracted"],
-        )
-        OntologyResults._handle_artifact(a, parent_result_section)
-        if len(parent_result_section.subsections) > 0:
-            actual_result_section = parent_result_section.subsections[0]
-        else:
-            actual_result_section = None
-
-        if expected_result_section is None and actual_result_section is None:
-            assert True
-        else:
-            assert check_section_equality(
-                actual_result_section, expected_result_section
-            )
-
-            additional_artifact = Artifact(
-                name="321_hollowshunter/hh_process_321_blah.dll",
-                path="blah",
-                description="blah",
-                to_be_extracted=False,
-            )
-            OntologyResults._handle_artifact(additional_artifact, parent_result_section)
-            expected_result_section.add_line(f"\t- {additional_artifact.name}")
-            expected_result_section.add_tag(
-                "dynamic.process.file_name", additional_artifact.name
-            )
-            expected_result_section.heuristic.add_signature_id("hollowshunter_dll")
-
-            assert check_section_equality(
-                actual_result_section, expected_result_section
-            )
-
-    @staticmethod
-    def test_set_item_times():
-        default_or = OntologyResults(service_name="blah")
-        sandbox = Sandbox(
-            objectid=ObjectID(ontology_id="blah", tag="blah", session="blah"),
-            analysis_metadata=Sandbox.AnalysisMetadata(
-                start_time="1970-01-01 00:00:01", end_time="1970-01-01 00:00:02"
-            ),
-            sandbox_name="blah",
-        )
-        default_or.add_sandbox(sandbox)
-        p_objectid = ObjectID(tag="blah", ontology_id="blah", session="blah")
-        p = default_or.create_process(
-            objectid=p_objectid, image="blah", start_time="1-01-01 00:00:00", pid=1
-        )
-        default_or._set_item_times(p)
-        assert p.start_time == "1970-01-01 00:00:01"
-        assert p.end_time == "1970-01-01 00:00:02"
-        assert p.objectid.time_observed == "1970-01-01 00:00:01"
-
-        objectid = ObjectID(tag="blah", ontology_id="blah", session="blah")
-        default_or._set_item_times(objectid)
-        assert objectid.time_observed is None
-
-    @staticmethod
-    def test_remove_safelisted_processes():
-        default_or = OntologyResults(service_name="blah")
-        p_objectid = ObjectID(tag="blah", ontology_id="blah", treeid="blah")
-        p = default_or.create_process(
-            objectid=p_objectid, image="blah", start_time="1-01-01 00:00:00", pid=1
-        )
-        default_or.add_process(p)
-
-        nc_objectid = ObjectID(tag="blah", ontology_id="blah")
-        nh = default_or.create_network_http(
-            request_uri="blah.com", request_method="GET"
-        )
-        default_or.add_network_http(nh)
-        nc = default_or.create_network_connection(
-            objectid=nc_objectid,
-            destination_ip="1.1.1.1",
-            destination_port=123,
-            transport_layer_protocol="tcp",
-            direction="outbound",
-            process=p,
-            http_details=nh,
-            connection_type="http",
-        )
-        default_or.add_network_connection(nc)
-        sig_objectid = ObjectID(tag="blah", ontology_id="blah")
-        sig = default_or.create_signature(
-            objectid=sig_objectid,
-            attributes=[Attribute(source=p_objectid)],
-            name="blah",
-            type="CUCKOO",
-        )
-        default_or.add_signature(sig)
-
-        default_or._remove_safelisted_processes(["blah"])
-        assert default_or.get_network_http() == []
-        assert default_or.get_network_connections() == []
-        assert default_or.get_signatures() == []
-        assert default_or.get_processes() == []
-
-    @staticmethod
-    def test_preprocess_ontology():
-        default_or = OntologyResults(service_name="blah")
-        sandbox = Sandbox(
-            objectid=ObjectID(tag="blah", ontology_id="blah"),
-            analysis_metadata=Sandbox.AnalysisMetadata(
-                start_time="1970-01-01 00:00:01", end_time="1970-01-01 00:00:02"
-            ),
-            sandbox_name="blah",
-        )
-        default_or.add_sandbox(sandbox)
-        p = default_or.create_process(
-            objectid=ObjectID(tag="blah", ontology_id="blah", treeid="blah"),
-            pid=1,
-            image="blah",
-            start_time="1-01-01 00:00:00",
-        )
-        default_or.add_process(p)
-        default_or.preprocess_ontology()
-        assert p.start_time == "1970-01-01 00:00:01"
-        assert p.end_time == "1970-01-01 00:00:02"
-        assert p.objectid.time_observed == "1970-01-01 00:00:01"
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "sysmon, expected_process",
-        [([],
-          {}),
-         ([{"System": {"EventID": 2},
-            "EventData":
-            {
-             "Data":
-             [{"@Name": "ParentProcessId", "#text": "2"},
-              {"@Name": "Image", "#text": "blah.exe"},
-              {"@Name": "CommandLine", "#text": "./blah"},
-              {"@Name": "ProcessGuid", "#text": "{12345678-1234-5678-1234-567812345679}"}]}}],
-          {}),
-         ([{"System": {"EventID": 1},
-            "EventData":
-            {
-             "Data":
-             [{"@Name": "UtcTime", "#text": "1970-01-01 12:40:30.123"},
-              {"@Name": "ProcessId", "#text": "1"},
-              {"@Name": "ParentProcessId", "#text": "2"},
-              {"@Name": "Image", "#text": "blah.exe"},
-              {"@Name": "CommandLine", "#text": "./blah"},
-              {"@Name": "ProcessGuid", "#text": "{12345678-1234-5678-1234-567812345679}"}]}}],
-          {'start_time': "1970-01-01 12:40:30",
-           'end_time': "9999-12-31 23:59:59",
-           'objectid':
-           {'guid': '{12345678-1234-5678-1234-567812345679}', 'tag': 'blah.exe', 'treeid': None,
-            'time_observed': "1970-01-01 12:40:30", 'ontology_id': 'process_4Kj6sgz5Y8rvIQnT9nPBS2',
-            'processtree': None, 'service_name': 'CAPE',},
-           'pobjectid': None,
-           'pimage': None, 'pcommand_line': None, 'ppid': 2, 'pid': 1, 'image': 'blah.exe', 'command_line': './blah',
-           'integrity_level': None, 'image_hash': None, 'original_file_name': None}),
-         ([{"System": {"EventID": 1},
-            "EventData":
-            {
-             "Data":
-             [
-              {"@Name": "UtcTime", "#text": "1970-01-01 12:40:30.123"},
-              {"@Name": "ProcessId", "#text": "1"},
-              {"@Name": "ParentProcessId", "#text": "2"},
-              {"@Name": "Image", "#text": "blah.exe"},
-              {"@Name": "CommandLine", "#text": "./blah"},
-              {"@Name": "ProcessGuid", "#text": "{12345678-1234-5678-1234-567812345679}"},
-              {"@Name": "SourceProcessGuid", "#text": "{12345678-1234-5678-1234-567812345678}"}]}}],
-          {'start_time': "1970-01-01 12:40:30",
-           'end_time': "9999-12-31 23:59:59",
-           'objectid':
-           {'guid': '{12345678-1234-5678-1234-567812345679}', 'tag': 'blah.exe', 'treeid': None,
-            'time_observed': "1970-01-01 12:40:30", 'ontology_id': 'process_4Kj6sgz5Y8rvIQnT9nPBS2',
-            'processtree': None, 'service_name': 'CAPE'},
-           'pobjectid': None,
-           'pimage': None, 'pcommand_line': None, 'ppid': 2, 'pid': 1, 'image': 'blah.exe', 'command_line': './blah',
-           'integrity_level': None, 'image_hash': None, 'original_file_name': None}),
-         ([{"System": {"EventID": 1},
-            "EventData":
-            {
-             "Data":
-             [{"@Name": "UtcTime", "#text": "1970-01-01 12:40:30.123"},
-              {"@Name": "ProcessGuid", "#text": "{12345678-1234-5678-1234-567812345678}"},
-              {"@Name": "ProcessId", "#text": "123"},
-              {"@Name": "Image", "#text": "blah"}]}}],
-          {'start_time': '1970-01-01 12:40:30', 'end_time': "9999-12-31 23:59:59",
-           'objectid':
-           {'guid': '{12345678-1234-5678-1234-567812345678}', 'tag': 'blah', 'treeid': None, 'processtree': None,
-            'time_observed': '1970-01-01 12:40:30', 'ontology_id': 'process_5FPZdIxfHmzxsWKUlsSNGl', 'service_name': 'CAPE'},
-           'pobjectid': None,
-           'pimage': None, 'pcommand_line': None, 'ppid': None, 'pid': 123, 'image': 'blah', 'command_line': None,
-           'integrity_level': None, 'image_hash': None, 'original_file_name': None}),
-         ([{"System": {"EventID": 1},
-            "EventData":
-            {
-             "Data":
-             [{"@Name": "UtcTime", "#text": "1970-01-01 12:40:30.123"},
-              {"@Name": "ProcessGuid", "#text": "{12345678-1234-5678-1234-567812345678}"},
-              {"@Name": "ProcessId", "#text": "123"},
-              {"@Name": "Image", "#text": "blah"}]}},
-           {"System": {"EventID": 5},
-            "EventData":
-            {
-               "Data":
-               [{"@Name": "UtcTime", "#text": "1970-01-01 12:40:31.123"},
-                {"@Name": "ProcessGuid", "#text": "{12345678-1234-5678-1234-567812345678}"},
-                   {"@Name": "ProcessId", "#text": "123"},
-                   {"@Name": "Image", "#text": "blah"}]}}],
-          {'start_time': '1970-01-01 12:40:30', 'end_time': "1970-01-01 12:40:31",
-           'objectid':
-           {'guid': '{12345678-1234-5678-1234-567812345678}', 'tag': 'blah', 'treeid': None, 'processtree': None,
-            'time_observed': '1970-01-01 12:40:30', 'ontology_id': 'process_5FPZdIxfHmzxsWKUlsSNGl', 'service_name': 'CAPE'},
-           'pobjectid': None,
-           'pimage': None, 'pcommand_line': None, 'ppid': None, 'pid': 123, 'image': 'blah', 'command_line': None,
-           'integrity_level': None, 'image_hash': None, 'original_file_name': None}), ])
-    def test_convert_sysmon_processes(sysmon, expected_process, mocker):
-        so = OntologyResults(service_name="CAPE")
-        mocker.patch.object(so, "sandboxes", return_value="blah")
-        safelist = {}
-        convert_sysmon_processes(sysmon, safelist, so)
-        if expected_process:
-            proc_as_prims = so.processes[0].as_primitives()
-            _ = proc_as_prims["objectid"].pop("session")
-            assert proc_as_prims == expected_process
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "sysmon, actual_network, correct_network",
-        [
-            ([], {}, {}),
-            ([], {}, {}),
-            ([{"System": {"EventID": '1'}}], {}, {}),
-            ([{
-                "System": {"EventID": '3'},
-                "EventData": {"Data":
-                              [
-                                  {"@Name": "UtcTime", "#text": "2021-07-23 15:42:01.001"},
-                                  {"@Name": "ProcessGuid", "#text": "{blah}"},
-                                  {"@Name": "ProcessId", "#text": "123"},
-                                  {"@Name": "Image", "#text": "blah.exe"},
-                                  {"@Name": "SourceIp", "#text": "10.10.10.10"},
-                                  {"@Name": "SourcePort", "#text": "123"},
-                                  {"@Name": "DestinationIp", "#text": "11.11.11.11"},
-                                  {"@Name": "DestinationPort", "#text": "321"},
-                              ]
-                              }}], {"tcp": []}, {'tcp': []}),
-            ([{
-                "System": {"EventID": '3'},
-                "EventData": {"Data":
-                              [
-                                  {"@Name": "UtcTime", "#text": "2021-07-23 15:42:01.001"},
-                                  {"@Name": "ProcessGuid", "#text": "{blah}"},
-                                  {"@Name": "ProcessId", "#text": "123"},
-                                  {"@Name": "Image", "#text": "blah.exe"},
-                                  {"@Name": "Protocol", "#text": "tcp"},
-                                  {"@Name": "SourceIp", "#text": "10.10.10.10"},
-                                  {"@Name": "SourcePort", "#text": "123"},
-                                  {"@Name": "DestinationIp", "#text": "11.11.11.11"},
-                                  {"@Name": "DestinationPort", "#text": "321"},
-                              ]
-                              }}], {"tcp": []}, {'tcp': [{'dport': 321, 'dst': '11.11.11.11', 'guid': '{blah}', 'image': 'blah.exe', 'pid': 123, 'sport': 123, 'src': '10.10.10.10', 'time': 1627054921.001}]}),
-            ([{
-                "System": {"EventID": '3'},
-                "EventData": {"Data":
-                              [
-                                  {"@Name": "UtcTime", "#text": "2021-07-23 15:42:01.001"},
-                                  {"@Name": "ProcessGuid", "#text": "{blah}"},
-                                  {"@Name": "ProcessId", "#text": "123"},
-                                  {"@Name": "Image", "#text": "blah.exe"},
-                                  {"@Name": "Protocol", "#text": "tcp"},
-                                  {"@Name": "SourceIp", "#text": "10.10.10.10"},
-                                  {"@Name": "SourcePort", "#text": "123"},
-                                  {"@Name": "DestinationIp", "#text": "11.11.11.11"},
-                                  {"@Name": "DestinationPort", "#text": "321"},
-                              ]
-                              }}], {"tcp": [{"dst": '11.11.11.11', "dport": 321, "src": '10.10.10.10', "sport": 123}]}, {'tcp': [
-                                  {'dport': 321, 'dst': '11.11.11.11', 'guid': '{blah}', 'image': 'blah.exe', 'pid': 123, 'sport': 123,
-                                   'src': '10.10.10.10', 'time': 1627054921.001}]}),
-            ([{
-                "System": {"EventID": '3'},
-                "EventData": {"Data":
-                              [
-                                  {"@Name": "UtcTime", "#text": "2021-07-23 15:42:01.001"},
-                                  {"@Name": "ProcessGuid", "#text": "{blah}"},
-                                  {"@Name": "ProcessId", "#text": "123"},
-                                  {"@Name": "Image", "#text": "blah.exe"},
-                                  {"@Name": "Protocol", "#text": "tcp"},
-                                  {"@Name": "SourceIp", "#text": "::ffff:7f00:1"},
-                                  {"@Name": "SourcePort", "#text": "123"},
-                                  {"@Name": "DestinationIp", "#text": "11.11.11.11"},
-                                  {"@Name": "DestinationPort", "#text": "321"},
-                              ]
-                              }}], {"tcp": []}, {'tcp': []}),
-            ([{
-                "System": {"EventID": '3'},
-                "EventData": {"Data":
-                              [
-                                  {"@Name": "UtcTime", "#text": "2021-07-23 15:42:01.001"},
-                                  {"@Name": "ProcessGuid", "#text": "{blah}"},
-                                  {"@Name": "ProcessId", "#text": "123"},
-                                  {"@Name": "Image", "#text": "blah.exe"},
-                                  {"@Name": "Protocol", "#text": "tcp"},
-                                  {"@Name": "SourceIp", "#text": "10.10.10.10"},
-                                  {"@Name": "SourcePort", "#text": "123"},
-                                  {"@Name": "DestinationIp", "#text": "::ffff:7f00:1"},
-                                  {"@Name": "DestinationPort", "#text": "321"},
-                              ]
-                              }}], {"tcp": []}, {'tcp': []}),
-            ([{
-                "System": {"EventID": '22'},
-                "EventData": {"Data":
-                              [
-                                  {"@Name": "UtcTime", "#text": "2021-07-23 15:42:01.001"},
-                                  {"@Name": "ProcessGuid", "#text": "{blah}"},
-                                  {"@Name": "ProcessId", "#text": "123"},
-                                  {"@Name": "Image", "#text": "blah.exe"},
-                                  {"@Name": "QueryName", "#text": "blah.com"},
-                                  {"@Name": "QueryResults", "#text": "::ffffff:10.10.10.10;"},
-                              ]
-                              }}], {"dns": []}, {'dns': [
-                                  {
-                                      'answers': [{'data': '10.10.10.10', 'type': 'A'}],
-                                      'guid': '{blah}',
-                                      'image': 'blah.exe',
-                                      'pid': 123,
-                                      'request': 'blah.com',
-                                      'time': 1627054921.001,
-                                      'type': 'A'
-                                  }]}),
-            ([{
-                "System": {"EventID": '22'},
-                "EventData": {"Data":
-                              [
-                                  {"@Name": "UtcTime", "#text": "2021-07-23 15:42:01.001"},
-                                  {"@Name": "ProcessId", "#text": "123"},
-                                  {"@Name": "Image", "#text": "blah.exe"},
-                                  {"@Name": "QueryName", "#text": "blah.com"},
-                                  {"@Name": "QueryResults", "#text": "::ffffff:10.10.10.10;"},
-                              ]
-                              }}], {"dns": []}, {'dns': []}),
-            ([{
-                "System": {"EventID": '22'},
-                "EventData": {"Data":
-                              [
-                                  {"@Name": "UtcTime", "#text": "2021-07-23 15:42:01.001"},
-                                  {"@Name": "ProcessGuid", "#text": "{blah}"},
-                                  {"@Name": "ProcessId", "#text": "123"},
-                                  {"@Name": "Image", "#text": "blah.exe"},
-                                  {"@Name": "QueryName", "#text": "blah.com"},
-                                  {"@Name": "QueryResults", "#text": "::ffffff:10.10.10.10;"},
-                              ]
-                              }}], {"dns": [{"request": "blah.com"}]}, {'dns': [
-                                  {
-                                      'answers': [{'data': '10.10.10.10', 'type': 'A'}],
-                                      'guid': '{blah}',
-                                      'image': 'blah.exe',
-                                      'pid': 123,
-                                      'request': 'blah.com',
-                                      'time': 1627054921.001,
-                                      'type': 'A'
-                                  }]}
-             ),
-
-
-        ]
-    )
-    def test_convert_sysmon_network_cuckoo(sysmon, actual_network, correct_network):
-        safelist = {}
-        convert_sysmon_network(sysmon, actual_network, safelist, convert_timestamp_to_epoch=True)
-        assert actual_network == correct_network
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "sysmon, actual_network, correct_network",
-        [
-            ([], {}, {}),
-            ([], {}, {}),
-            ([{"System": {"EventID": "1"}}], {}, {}),
-            (
-                [
-                    {
-                        "System": {"EventID": "3"},
-                        "EventData": {
-                            "Data": [
-                                {"@Name": "UtcTime", "#text": "2021-07-23 15:42:01.001"},
-                                {"@Name": "ProcessGuid", "#text": "{blah}"},
-                                {"@Name": "ProcessId", "#text": "123"},
-                                {"@Name": "Image", "#text": "blah.exe"},
-                                {"@Name": "SourceIp", "#text": "10.10.10.10"},
-                                {"@Name": "SourcePort", "#text": "123"},
-                                {"@Name": "DestinationIp", "#text": "11.11.11.11"},
-                                {"@Name": "DestinationPort", "#text": "321"},
-                            ]
-                        },
-                    }
-                ],
-                {"tcp": []},
-                {"tcp": []},
-            ),
-            (
-                [
-                    {
-                        "System": {"EventID": "3"},
-                        "EventData": {
-                            "Data": [
-                                {"@Name": "UtcTime", "#text": "2021-07-23 15:42:01.001"},
-                                {"@Name": "ProcessGuid", "#text": "{blah}"},
-                                {"@Name": "ProcessId", "#text": "123"},
-                                {"@Name": "Image", "#text": "blah.exe"},
-                                {"@Name": "Protocol", "#text": "tcp"},
-                                {"@Name": "SourceIp", "#text": "10.10.10.10"},
-                                {"@Name": "SourcePort", "#text": "123"},
-                                {"@Name": "DestinationIp", "#text": "11.11.11.11"},
-                                {"@Name": "DestinationPort", "#text": "321"},
-                            ]
-                        },
-                    }
-                ],
-                {"tcp": []},
-                {
-                    "tcp": [
-                        {
-                            "dport": 321,
-                            "dst": "11.11.11.11",
-                            "guid": "{blah}",
-                            "image": "blah.exe",
-                            "pid": 123,
-                            "sport": 123,
-                            "src": "10.10.10.10",
-                            "time": "2021-07-23 15:42:01",
-                        }
-                    ]
-                },
-            ),
-            (
-                [
-                    {
-                        "System": {"EventID": "3"},
-                        "EventData": {
-                            "Data": [
-                                {"@Name": "UtcTime", "#text": "2021-07-23 15:42:01.001"},
-                                {"@Name": "ProcessGuid", "#text": "{blah}"},
-                                {"@Name": "ProcessId", "#text": "123"},
-                                {"@Name": "Image", "#text": "blah.exe"},
-                                {"@Name": "Protocol", "#text": "tcp"},
-                                {"@Name": "SourceIp", "#text": "10.10.10.10"},
-                                {"@Name": "SourcePort", "#text": "123"},
-                                {"@Name": "DestinationIp", "#text": "11.11.11.11"},
-                                {"@Name": "DestinationPort", "#text": "321"},
-                            ]
-                        },
-                    }
-                ],
-                {"tcp": [{"dst": "11.11.11.11", "dport": 321, "src": "10.10.10.10", "sport": 123}]},
-                {
-                    "tcp": [
-                        {
-                            "dport": 321,
-                            "dst": "11.11.11.11",
-                            "guid": "{blah}",
-                            "image": "blah.exe",
-                            "pid": 123,
-                            "sport": 123,
-                            "src": "10.10.10.10",
-                            "time": "2021-07-23 15:42:01",
-                        }
-                    ]
-                },
-            ),
-            (
-                [
-                    {
-                        "System": {"EventID": "22"},
-                        "EventData": {
-                            "Data": [
-                                {"@Name": "UtcTime", "#text": "2021-07-23 15:42:01.001"},
-                                {"@Name": "ProcessGuid", "#text": "{blah}"},
-                                {"@Name": "ProcessId", "#text": "123"},
-                                {"@Name": "Image", "#text": "blah.exe"},
-                                {"@Name": "QueryName", "#text": "blah.com"},
-                                {"@Name": "QueryResults", "#text": "::ffffff:10.10.10.10;"},
-                            ]
-                        },
-                    }
-                ],
-                {"dns": []},
-                {
-                    "dns": [
-                        {
-                            "answers": [{"data": "10.10.10.10", "type": "A"}],
-                            "guid": "{blah}",
-                            "image": "blah.exe",
-                            "pid": 123,
-                            "request": "blah.com",
-                            "time": "2021-07-23 15:42:01",
-                            "type": "A",
-                        }
-                    ]
-                },
-            ),
-            (
-                [
-                    {
-                        "System": {"EventID": "22"},
-                        "EventData": {
-                            "Data": [
-                                {"@Name": "UtcTime", "#text": "2021-07-23 15:42:01.001"},
-                                {"@Name": "ProcessId", "#text": "123"},
-                                {"@Name": "Image", "#text": "blah.exe"},
-                                {"@Name": "QueryName", "#text": "blah.com"},
-                                {"@Name": "QueryResults", "#text": "::ffffff:10.10.10.10;"},
-                            ]
-                        },
-                    }
-                ],
-                {"dns": []},
-                {"dns": []},
-            ),
-            (
-                [
-                    {
-                        "System": {"EventID": "22"},
-                        "EventData": {
-                            "Data": [
-                                {"@Name": "UtcTime", "#text": "2021-07-23 15:42:01.001"},
-                                {"@Name": "ProcessGuid", "#text": "{blah}"},
-                                {"@Name": "ProcessId", "#text": "123"},
-                                {"@Name": "Image", "#text": "blah.exe"},
-                                {"@Name": "QueryName", "#text": "blah.com"},
-                                {"@Name": "QueryResults", "#text": "::ffffff:10.10.10.10;"},
-                            ]
-                        },
-                    }
-                ],
-                {"dns": [{"request": "blah.com"}]},
-                {
-                    "dns": [
-                        {
-                            "answers": [{"data": "10.10.10.10", "type": "A"}],
-                            "guid": "{blah}",
-                            "image": "blah.exe",
-                            "pid": 123,
-                            "request": "blah.com",
-                            "time": "2021-07-23 15:42:01",
-                            "type": "A",
-                        }
-                    ]
-                },
-            ),
-        ],
-    )
-    def test_convert_sysmon_network_cape(sysmon, actual_network, correct_network):
-        safelist = {}
-        convert_sysmon_network(sysmon, actual_network, safelist)
-        assert actual_network == correct_network
-
-@pytest.mark.parametrize(
-    "blob, enforce_min, enforce_max, correct_tags, expected_iocs",
-    [
-        ("", False, False, {}, [{}]),
-        (
-            "192.168.100.1",
-            False,
-            False,
-            {"network.dynamic.ip": ["192.168.100.1"]},
-            [],
-        ),
-        (
-            "blah.ca",
-            False,
-            False,
-            {"network.dynamic.domain": ["blah.ca"]},
-            [],
-        ),
-        (
-            "https://blah.ca",
-            False,
-            False,
-            {
-                "network.dynamic.domain": ["blah.ca"],
-                "network.dynamic.uri": ["https://blah.ca"],
-            },
-            [{"uri": "https://blah.ca"}],
-        ),
-        (
-            "https://blah.ca/blah",
-            False,
-            False,
-            {
-                "network.dynamic.domain": ["blah.ca"],
-                "network.dynamic.uri": ["https://blah.ca/blah"],
-                "network.dynamic.uri_path": ["/blah"],
-            },
-            [{"uri": "https://blah.ca/blah"}],
-        ),
-        (
-            "drive:\\\\path to\\\\microsoft office\\\\officeverion\\\\winword.exe",
-            False,
-            False,
-            {},
-            [{}],
-        ),
-        (
-            "DRIVE:\\\\PATH TO\\\\MICROSOFT OFFICE\\\\OFFICEVERION\\\\WINWORD.EXE C:\\\\USERS\\\\BUDDY\\\\APPDATA\\\\LOCAL\\\\TEMP\\\\BLAH.DOC",
-            False,
-            False,
-            {},
-            [{}],
-        ),
-        (
-            "DRIVE:\\\\PATH TO\\\\PYTHON27.EXE C:\\\\USERS\\\\BUDDY\\\\APPDATA\\\\LOCAL\\\\TEMP\\\\BLAH.py",
-            False,
-            False,
-            {},
-            [{}],
-        ),
-        (
-            "POST /some/thing/bad.exe HTTP/1.0\nUser-Agent: Mozilla\nHost: evil.ca\nAccept: */*\nContent-Type: application/octet-stream\nContent-Encoding: binary\n\nConnection: close",
-            False,
-            False,
-            {"network.dynamic.domain": ["evil.ca"]},
-            [],
-        ),
-        (
-            "http://evil.ca/some/thing/bad.exe",
-            False,
-            False,
-            {
-                "network.dynamic.domain": ["evil.ca"],
-                "network.dynamic.uri": ["http://evil.ca/some/thing/bad.exe"],
-                "network.dynamic.uri_path": ["/some/thing/bad.exe"],
-            },
-            [{"uri": "http://evil.ca/some/thing/bad.exe"}],
-        ),
-        ("POST abc.de#fgh", True, False, {}, [{}]),
-        (
-            "'<script src=\"https://blah.link/blah/blah?filename=blah.js\"></script>'",
-            True,
-            False,
-            {
-                "network.dynamic.domain": ["blah.link"],
-                "network.dynamic.uri": ["https://blah.link/blah/blah?filename=blah.js"],
-                "network.dynamic.uri_path": ['/blah/blah?filename=blah.js']
-            },
-            [{"uri": "https://blah.link/blah/blah?filename=blah.js"}]
-        ),
-        (
-            "POST abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde.abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijk.abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijk.abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijk.com ...(Truncated)",
-            True,
-            True,
-            {},
-            [{}]
-        ),
-        (
-            "POST blah.adobe.com)",
-            True,
-            True,
-            {},
-            [{}]
-        ),
-        (
-            "Wscript.Shell.Run(blah.py)",
-            True,
-            True,
-            {},
-            [{}]
-        ),
-        (
-            "blah microsoft.net blah",
-            True,
-            True,
-            {},
-            [{}]
-        ),
-        (
-            "blah blahhttps://microsoft.net blah",
-            True,
-            True,
-            {
-                "network.dynamic.domain": ["microsoft.net"],
-                "network.dynamic.uri": ["https://microsoft.net"],
-            },
-            [{"uri": "https://microsoft.net"}]
-        ),
-    ],
-)
-def test_extract_iocs_from_text_blob(blob, enforce_min, enforce_max, correct_tags, expected_iocs):
-    from assemblyline_v4_service.common.result import ResultTableSection
-
-    test_result_section = ResultTableSection("blah")
-    so_sig = Signature(
-        objectid=ObjectID(ontology_id="blah", tag="blah", service_name="blah"),
-        name="blah",
-        type="CUCKOO",
-    )
-    safelist = {"regex": {"network.dynamic.domain": [".+\.adobe\.com$"]}}
-    default_iocs = []
-    source = ObjectID(ontology_id="blah", tag="blah", service_name="blah")
-    extract_iocs_from_text_blob(
-        blob,
-        test_result_section,
-        so_sig=so_sig,
-        source=source,
-        enforce_char_min=enforce_min,
-        enforce_domain_char_max=enforce_max,
-        safelist=safelist,
-    )
-    assert test_result_section.tags == correct_tags
-    if correct_tags:
-        for expected_ioc in expected_iocs:
-            default_ioc = Attribute(source=source).as_primitives()
-            for key, value in expected_ioc.items():
-                default_ioc[key] = value
-            default_iocs.append(default_ioc)
-        assert so_sig.as_primitives()["attributes"] == default_iocs
diff --git a/test/test_keytool_parse.py b/test/test_keytool_parse.py
deleted file mode 100644
index f73168e6..00000000
--- a/test/test_keytool_parse.py
+++ /dev/null
@@ -1,27 +0,0 @@
-import pytest
-
-
-class TestKeytoolParse:
-
-    @staticmethod
-    @pytest.mark.parametrize("printcert, correct_certs",
-        [
-            ('Owner: CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=CA\nIssuer: CN=root, OU=root, O=root, L=root, ST=root, C=CA\nSerial number: 5f822698\nValid from: Wed Apr 14 13:40:13 EDT 2021 until: Tue Jul 13 13:40:13 EDT 2021\nCertificate fingerprints:\n         SHA1: 59:7C:A0:72:5D:98:9F:61:B9:9F:29:20:C8:73:60:9C:0E:02:EB:DF\n         SHA256: AE:56:E7:5E:49:F2:1B:4B:FF:7A:76:12:6E:72:84:1C:6B:D3:E7:FA:D9:84:43:53:C7:24:A9:2F:3E:12:63:7F\nSignature algorithm name: SHA256withDSA\nSubject Public Key Algorithm: 2048-bit DSA key\nVersion: 3\n\nExtensions:\n\n#1: ObjectId: 2.5.29.35 Criticality=false\nAuthorityKeyIdentifier [\nKeyIdentifier [\n0000: 9D 76 79 BA 97 17 06 07   75 A6 5C E1 E6 98 09 F0  .vy.....u.\.....\n0010: D8 42 F6 C1                                        .B..\n]\n]\n\n#2: ObjectId: 2.5.29.19 Criticality=false\nBasicConstraints:[\n  CA:true\n  PathLen:0\n]\n\n#3: ObjectId: 2.5.29.14 Criticality=false\nSubjectKeyIdentifier [\nKeyIdentifier [\n0000: C2 BF E5 BF 85 2B ED 82   D2 F1 49 89 06 5B 5E 90  .....+....I..[^.\n0010: 64 FC C3 16                                        d...\n]\n]\n', [{'Owner': 'CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=CA', 'Issuer': 'CN=root, OU=root, O=root, L=root, ST=root, C=CA', 'Country': 'CA', 'ValidFrom': 'Wed Apr 14 13:40:13 EDT 2021', 'ValidTo': 'Tue Jul 13 13:40:13 EDT 2021'}]),
-            ('Certificate[1]:\nOwner: CN=server, OU=server, O=server, L=server, ST=server, C=CA\nIssuer: CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=CA\nSerial number: 4e2d045a\nValid from: Wed Apr 14 13:42:22 EDT 2021 until: Tue Jul 13 13:42:22 EDT 2021\nCertificate fingerprints:\n         SHA1: 0B:BE:A7:40:20:F4:F0:DE:D1:C8:99:26:32:A8:33:7A:EB:E8:87:70\n         SHA256: 83:C1:8D:49:A4:98:3F:73:66:97:63:78:4C:E5:70:BF:0C:A2:71:4A:58:CE:B0:4E:65:87:39:F0:06:1F:7F:2C\nSignature algorithm name: SHA256withDSA\nSubject Public Key Algorithm: 2048-bit DSA key\nVersion: 3\n\nExtensions:\n\n#1: ObjectId: 2.5.29.35 Criticality=false\nAuthorityKeyIdentifier [\nKeyIdentifier [\n0000: C2 BF E5 BF 85 2B ED 82   D2 F1 49 89 06 5B 5E 90  .....+....I..[^.\n0010: 64 FC C3 16                                        d...\n]\n]\n\n#2: ObjectId: 2.5.29.15 Criticality=true\nKeyUsage [\n  DigitalSignature\n  Key_Encipherment\n]\n\n#3: ObjectId: 2.5.29.14 Criticality=false\nSubjectKeyIdentifier [\nKeyIdentifier [\n0000: 9B 06 D8 13 2E 6F 2F 62   85 66 42 A9 AC 86 2E A8  .....o/b.fB.....\n0010: 25 89 AB FC                                        %...\n]\n]\n\n\nCertificate[2]:\nOwner: CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=CA\nIssuer: CN=root, OU=root, O=root, L=root, ST=root, C=CA\nSerial number: 5f822698\nValid from: Wed Apr 14 13:40:13 EDT 2021 until: Tue Jul 13 13:40:13 EDT 2021\nCertificate fingerprints:\n         SHA1: 59:7C:A0:72:5D:98:9F:61:B9:9F:29:20:C8:73:60:9C:0E:02:EB:DF\n         SHA256: AE:56:E7:5E:49:F2:1B:4B:FF:7A:76:12:6E:72:84:1C:6B:D3:E7:FA:D9:84:43:53:C7:24:A9:2F:3E:12:63:7F\nSignature algorithm name: SHA256withDSA\nSubject Public Key Algorithm: 2048-bit DSA key\nVersion: 3\n\nExtensions:\n\n#1: ObjectId: 2.5.29.35 Criticality=false\nAuthorityKeyIdentifier [\nKeyIdentifier [\n0000: 9D 76 79 BA 97 17 06 07   75 A6 5C E1 E6 98 09 F0  .vy.....u.\.....\n0010: D8 42 F6 C1                                        .B..\n]\n]\n\n#2: ObjectId: 2.5.29.19 Criticality=false\nBasicConstraints:[\n  CA:true\n  PathLen:0\n]\n\n#3: ObjectId: 2.5.29.14 Criticality=false\nSubjectKeyIdentifier [\nKeyIdentifier [\n0000: C2 BF E5 BF 85 2B ED 82   D2 F1 49 89 06 5B 5E 90  .....+....I..[^.\n0010: 64 FC C3 16                                        d...\n]\n]\n', [{'Owner': 'CN=server, OU=server, O=server, L=server, ST=server, C=CA', 'Issuer': 'CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=CA', 'Country': 'CA', 'ValidFrom': 'Wed Apr 14 13:42:22 EDT 2021', 'ValidTo': 'Tue Jul 13 13:42:22 EDT 2021'}, {'Owner': 'CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=CA', 'Issuer': 'CN=root, OU=root, O=root, L=root, ST=root, C=CA', 'Country': 'CA', 'ValidFrom': 'Wed Apr 14 13:40:13 EDT 2021', 'ValidTo': 'Tue Jul 13 13:40:13 EDT 2021'}]),
-        ]
-    )
-    def test_certificate_chain_from_printcert(printcert, correct_certs):
-        """
-        This function tests that a printcert output is properly parsed by certificate_chain_from_printcert.
-        The certificates used come from running the commands in section 'Generate Certificates for an SSL Server'
-        in the keytool docs: https://docs.oracle.com/javase/8/docs/technotes/tools/windows/keytool.html
-        """
-        from assemblyline_v4_service.common.keytool_parse import certificate_chain_from_printcert
-        certs = certificate_chain_from_printcert(printcert)
-        assert len(certs) == len(correct_certs)
-        for cert, correct in zip(certs, correct_certs):
-            assert cert.country == correct['Country']
-            assert cert.issuer == correct['Issuer']
-            assert cert.owner == correct['Owner']
-            assert cert.valid_from == correct['ValidFrom']
-            assert cert.valid_to == correct['ValidTo']
\ No newline at end of file
diff --git a/test/test_safelist_helper.py b/test/test_safelist_helper.py
deleted file mode 100644
index a2a79368..00000000
--- a/test/test_safelist_helper.py
+++ /dev/null
@@ -1,42 +0,0 @@
-import pytest
-
-
-@pytest.mark.parametrize(
-    "value, tags, safelist, substring, expected_output",
-    [
-        ("", [], {}, False, False),
-        ("blah", ["network.dynamic.domain"], {}, False, False),
-        ("blah", [], {"match": {"network.dynamic.domain": ["google.com"]}}, False, False),
-        ("google.com", ["network.dynamic.domain"], {"match": {"network.dynamic.domain": ["google.com"]}}, False,
-            True),
-        ("google.com", ["network.dynamic.domain"], {"regex": {"network.dynamic.domain": ["google\.com"]}}, False,
-            True),
-        ("google.com", ["network.dynamic.domain"], {"match": {"network.dynamic.domain": ["www.google.com"]}}, True,
-            False),
-        ("www.google.com", ["network.dynamic.domain"], {"match": {"network.dynamic.domain": ["google.com"]}}, True,
-            True),
-        ("www.google.com", ["network.dynamic.domain"], {"blah": {"network.dynamic.domain": ["google.com"]}}, True,
-            False),
-    ]
-)
-def test_is_safelisted(value, tags, safelist, substring, expected_output):
-    from assemblyline_v4_service.common.safelist_helper import is_tag_safelisted
-    assert is_tag_safelisted(value, tags, safelist, substring) == expected_output
-
-
-@pytest.mark.parametrize(
-    "val, expected_return",
-    [
-        (None, False),
-        (b"blah", False),
-        ("127.0.0.1", True),
-        ("http://blah.adobe.com", True),
-        ("play.google.com", True),
-        ("blah.com", False)
-    ]
-)
-def test_contains_safelisted_value(val, expected_return):
-    from assemblyline_v4_service.common.safelist_helper import contains_safelisted_value
-    safelist = {"regex": {"network.dynamic.domain": [".*\.adobe\.com$", "play\.google\.com$"],
-                            "network.dynamic.ip": ["(?:127\.|10\.|192\.168|172\.1[6-9]\.|172\.2[0-9]\.|172\.3[01]\.).*"]}}
-    assert contains_safelisted_value(val, safelist) == expected_return
diff --git a/test/test_section_reducer.py b/test/test_section_reducer.py
deleted file mode 100644
index 31adfb0d..00000000
--- a/test/test_section_reducer.py
+++ /dev/null
@@ -1,70 +0,0 @@
-import pytest
-import os
-
-SERVICE_CONFIG_NAME = "service_manifest.yml"
-TEMP_SERVICE_CONFIG_PATH = os.path.join("/tmp", SERVICE_CONFIG_NAME)
-
-
-def setup_module():
-    if not os.path.exists(TEMP_SERVICE_CONFIG_PATH):
-        open_manifest = open(TEMP_SERVICE_CONFIG_PATH, "w")
-        open_manifest.write("name: Sample\nversion: sample\ndocker_config: \n  image: sample")
-
-
-def teardown_module():
-    if os.path.exists(TEMP_SERVICE_CONFIG_PATH):
-        os.remove(TEMP_SERVICE_CONFIG_PATH)
-
-
-class TestSectionReducer:
-    @staticmethod
-    def test_reduce():
-        from assemblyline_v4_service.common.section_reducer import reduce
-        from assemblyline_v4_service.common.result import Result, ResultSection
-        res = Result()
-        result_section = ResultSection("blah")
-        res.add_section(result_section)
-        reduce(res)
-        # Code coverage only
-        assert True
-
-    @staticmethod
-    @pytest.mark.parametrize("tags, correct_tags",
-                             [({
-                                 "network.dynamic.uri":
-                                 ["https://google.com?query=allo", "https://google.com?query=mon",
-                                  "https://google.com?query=coco"]},
-                               {"network.dynamic.uri": ["https://google.com?query=${ALPHA}"]},), ])
-    def test_section_traverser(tags, correct_tags):
-        from assemblyline_v4_service.common.section_reducer import _section_traverser
-        from assemblyline_v4_service.common.result import ResultSection
-        section = ResultSection("blah")
-        subsection = ResultSection("subblah")
-        for t_type, t_values in tags.items():
-            for t_value in t_values:
-                subsection.add_tag(t_type, t_value)
-        section.add_subsection(subsection)
-        assert _section_traverser(section).subsections[0].tags == correct_tags
-
-    @staticmethod
-    @pytest.mark.parametrize("tags, correct_reduced_tags",
-                             [(None, {}),
-                              ({
-                                  "network.dynamic.uri":
-                                  ["https://google.com?query=allo", "https://google.com?query=mon",
-                                   "https://google.com?query=coco"]},
-                               {"network.dynamic.uri": ["https://google.com?query=${ALPHA}"]}),
-                              ({
-                                  "network.static.uri":
-                                  ["https://google.com?query=allo", "https://google.com?query=mon",
-                                   "https://google.com?query=coco"]},
-                               {"network.static.uri": ["https://google.com?query=${ALPHA}"]}),
-                              ({"network.dynamic.uri_path": ["/blah/123", "/blah/321"]},
-                               {"network.dynamic.uri_path": ["/blah/${NUMBER}"]}),
-                              ({"network.static.uri_path": ["/blah/123", "/blah/321"]},
-                               {"network.static.uri_path": ["/blah/${NUMBER}"]}),
-                              ({"attribution.actor": ["MALICIOUS_ACTOR"]},
-                               {"attribution.actor": ["MALICIOUS_ACTOR"]}), ])
-    def test_reduce_specific_tags(tags, correct_reduced_tags):
-        from assemblyline_v4_service.common.section_reducer import _reduce_specific_tags
-        assert _reduce_specific_tags(tags) == correct_reduced_tags
diff --git a/test/test_tag_helper.py b/test/test_tag_helper.py
deleted file mode 100644
index 82218e22..00000000
--- a/test/test_tag_helper.py
+++ /dev/null
@@ -1,89 +0,0 @@
-import os
-import pytest
-
-
-SERVICE_CONFIG_NAME = "service_manifest.yml"
-TEMP_SERVICE_CONFIG_PATH = os.path.join("/tmp", SERVICE_CONFIG_NAME)
-
-
-def setup_module():
-    if not os.path.exists(TEMP_SERVICE_CONFIG_PATH):
-        open_manifest = open(TEMP_SERVICE_CONFIG_PATH, "w")
-        open_manifest.write("name: Sample\nversion: sample\ndocker_config: \n  image: sample")
-
-
-def teardown_module():
-    if os.path.exists(TEMP_SERVICE_CONFIG_PATH):
-        os.remove(TEMP_SERVICE_CONFIG_PATH)
-
-
-@pytest.mark.parametrize(
-    "value, expected_tags, tags_were_added",
-    [
-        ("", {}, False),
-        ("blah", {"blah": ["blah"]}, True),
-        ([], {}, False),
-        (["blah"], {"blah": ["blah"]}, True),
-        (["blah", "blahblah"], {"blah": ["blah", "blahblah"]}, True)
-    ]
-)
-def test_add_tag(value, expected_tags, tags_were_added):
-    from assemblyline_v4_service.common.result import ResultSection
-    from assemblyline_v4_service.common.tag_helper import add_tag
-    res_sec = ResultSection("blah")
-    tag = "blah"
-    safelist = {"match": {"domain": ["blah.ca"]}}
-    assert add_tag(res_sec, tag, value, safelist) == tags_were_added
-    assert res_sec.tags == expected_tags
-
-
-def test_get_regex_for_tag():
-    from assemblyline.odm.base import DOMAIN_ONLY_REGEX, URI_PATH, FULL_URI, IP_REGEX
-    from assemblyline_v4_service.common.tag_helper import _get_regex_for_tag
-    assert _get_regex_for_tag("network.dynamic.domain") == DOMAIN_ONLY_REGEX
-    assert _get_regex_for_tag("network.dynamic.ip") == IP_REGEX
-    assert _get_regex_for_tag("network.dynamic.uri") == FULL_URI
-    assert _get_regex_for_tag("network.dynamic.uri_path") == URI_PATH
-    assert _get_regex_for_tag("network.port") is None
-
-
-@pytest.mark.parametrize(
-    "tag, value, expected_tags, added_tag",
-    [
-        # Empty values
-        ("", "", {}, False),
-        ("blah", "", {}, False),
-        # Normal run without regex match
-        ("blah", "blah", {"blah": ["blah"]}, True),
-        # Normal run with regex match
-        ("uri_path", "/blah", {"uri_path": ["/blah"]}, True),
-        # No regex match for ip
-        ("ip", "blah", {}, False),
-        # Regex match for ip
-        ("ip", "1.1.1.1", {"ip": ["1.1.1.1"]}, True),
-        # No regex match for domain
-        ("domain", "blah", {}, False),
-        # Regex match but not valid domain
-        ("domain", "blah.blah", {}, False),
-        # Regex match, but FP found (the determination of the FP is no longer handled in this method)
-        ("domain", "microsoft.net", {"domain": ["microsoft.net"]}, True),
-        # Regex match, but FP found (the determination of the FP is no longer handled in this method)
-        ("domain", "blah.py", {"domain": ["blah.py"]}, True),
-        # Safelisted value
-        ("domain", "blah.ca", {}, False),
-        # URI with invalid domain
-        ("uri", "http://blah.blah/blah", {}, False),
-        # URI with valid domain
-        ("uri", "http://blah.com/blah", {"uri": ["http://blah.com/blah"],
-         "network.dynamic.domain": ["blah.com"]}, True),
-        # URI with valid IP
-        ("uri", "http://1.1.1.1/blah", {"uri": ["http://1.1.1.1/blah"], "network.dynamic.ip": ["1.1.1.1"]}, True),
-    ]
-)
-def test_validate_tag(tag, value, expected_tags, added_tag):
-    from assemblyline_v4_service.common.result import ResultSection
-    from assemblyline_v4_service.common.tag_helper import add_tag
-    res_sec = ResultSection("blah")
-    safelist = {"match": {"domain": ["blah.ca"]}}
-    assert add_tag(res_sec, tag, value, safelist) == added_tag
-    assert res_sec.tags == expected_tags
diff --git a/test/test_tag_reducer.py b/test/test_tag_reducer.py
deleted file mode 100644
index 339e6139..00000000
--- a/test/test_tag_reducer.py
+++ /dev/null
@@ -1,100 +0,0 @@
-import pytest
-
-
-class TestTagReducer:
-    @staticmethod
-    def test_constants():
-        from assemblyline_v4_service.common.tag_reducer import NUMBER_REGEX, ALPHA_REGEX, ALPHANUM_REGEX, \
-            BASE64_REGEX, DO_NOT_REDUCE
-        from regex import compile
-        assert NUMBER_REGEX == compile("[0-9]*")
-        assert ALPHA_REGEX == compile("[a-zA-Z]*")
-        assert ALPHANUM_REGEX == compile("[a-zA-Z0-9]*")
-        assert BASE64_REGEX == compile("(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?")
-        assert DO_NOT_REDUCE == ["netloc", "hostname"]
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "val, correct_placeholder",
-        [
-            ("", "${UNKNOWN_TYPE}"),
-            ("2", "${NUMBER}"),
-            ("a", "${ALPHA}"),
-            ("c2hlemxsM3Iz", "${BASE64}"),
-            ("a9", "${ALPHA_NUM}"),
-            ("some-details-330002341219", "${UNKNOWN_TYPE}"),
-        ]
-    )
-    def test_get_placeholder(val, correct_placeholder):
-        from assemblyline_v4_service.common.tag_reducer import _get_placeholder
-        assert _get_placeholder(val) == correct_placeholder
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "uri_parts, correct_uri",
-        [({"path": ["path"],
-           "query": {"query": "answer"},
-           "scheme": "scheme", "netloc": "domain", "params": "params", "fragment": "fragment"},
-          "scheme://domain/path;params?query=a#fragment"),
-         ({"path": ["path"],
-           "query": "", "scheme": "scheme", "netloc": "domain", "params": "params",
-           "fragment": "fragment"},
-          "scheme://domain/path;params#fragment"), ])
-    def test_turn_back_into_uri(uri_parts, correct_uri):
-        from assemblyline_v4_service.common.tag_reducer import _turn_back_into_uri
-        assert _turn_back_into_uri(uri_parts) == correct_uri
-
-    @staticmethod
-    @pytest.mark.parametrize(
-        "uris, correct_tags",
-        [(["https://base64encodethis.com/path?base64hash=c2hlemxsM3Iz",
-           "https://base64encodethis.com/path?base64hash=YXNkZmVyamdhM2diMCBj",
-           "https://base64encodethis.com/path?base64hash=IyQwMjN5di04ICEjIEApIGhcMmJ1cGY5NDMwYTIvNDEyMzIzNCBo", ],
-          ["https://base64encodethis.com/path?base64hash=${BASE64}"],),
-         (["https://googlelicious.com/somepathother?query=allo",
-           "https://googlelicious.com/somepathother?query=mon",
-           "https://googlelicious.com/somepathother?query=coco", ],
-          ["https://googlelicious.com/somepathother?query=${ALPHA}"],),
-         (["https://googlelicious.com/somepath?rng=112431243",
-           "https://googlelicious.com/somepath?rng=124312431243",
-           "https://googlelicious.com/somepath?rng=22", ],
-          ["https://googlelicious.com/somepath?rng=${NUMBER}"],),
-         (["https://googlelicious.com/somepath/morepath?rng=112431243&blah=blah",
-           "https://googlelicious.com/somepath/morepath?rng=124312431243&blah=blah",
-           "https://googlelicious.com/somepath/morepath?rng=22&blah=blah", ],
-          ["https://googlelicious.com/somepath/morepath?rng=${NUMBER}&blah=blah"],),
-         (["https://websitesname.ca", "https://websitesname.com", "https://websitesname.it", ],
-          ["https://websitesname.com", "https://websitesname.ca", "https://websitesname.it", ],),
-         (["https://www.facebook.com/some-details-330002341217/",
-           "https://www.facebook.com/some-details-330002341218/",
-           "https://www.facebook.com/some-details-330002341219/", ],
-          ["https://www.facebook.com/${UNKNOWN_TYPE}/"],),
-         (["ftp://random1.vib.slx/", "ftp://random2.vib.slx/", "ftp://random3.vib.slx/", ],
-          ["ftp://random1.vib.slx", "ftp://random2.vib.slx", "ftp://random3.vib.slx", ],),
-         (["https://en.wikipedia.org/wiki/somelink0", "https://en.wikipedia.org/wiki/somelink1",
-           "https://en.wikipedia.org/wiki/somelink2", "https://en.wikipedia.org/wiki/somelink3", ],
-          ["https://en.wikipedia.org/wiki/${ALPHA_NUM}"],),
-         (["https://google.com?query=allo", "https://google.com?query=mon",
-           "https://google.com?query=coco", ],
-          ["https://google.com?query=${ALPHA}"],),
-         (["https://abc.com?query=THISISATESTTHISISATEST",
-           "https://def.com?query=THISISATESTTHISISATEST",
-           "https://ghi.com?query=THISISATESTTHISISATEST", ],
-          ["https://abc.com?query=THISISATESTTHISISATEST",
-           "https://def.com?query=THISISATESTTHISISATEST",
-           "https://ghi.com?query=THISISATESTTHISISATEST", ],),
-         (["https://hello.com/patha?query=THISISATESTTHISISATEST",
-           "https://hello.com/pathb?query=THISISATESTTHISISATEST",
-           "https://hello.com/pathc?query=THISISATESTTHISISATEST", ],
-          ["https://hello.com/${ALPHA}?query=THISISATESTTHISISATEST"],),
-         (["https://bonjour.com/path?query=THISISATESTTHISISATEST1",
-           "https://bonjour.com/path?query=THISISATESTTHISISATEST1",
-           "https://bonjour.com/path?query=THISISATESTTHISISATEST1", ],
-          ["https://bonjour.com/path?query=THISISATESTTHISISATEST1"],),
-         (["https://hello.com/path?query=THISISATESTTHISISATEST1&rnd=123",
-           "https://hello.com/path?query=THISISATESTTHISISATEST1&rnd=345",
-           "https://hello.com/path?query=THISISATESTTHISISATEST1&rnd=567", ],
-          ["https://hello.com/path?query=THISISATESTTHISISATEST1&rnd=${NUMBER}"],), ])
-    def test_reduce_uri_tags(uris, correct_tags):
-        from assemblyline_v4_service.common.tag_reducer import reduce_uri_tags
-        assert set(reduce_uri_tags(uris)) == set(correct_tags)
diff --git a/test/test_utils.py b/test/test_utils.py
deleted file mode 100644
index 7c31e22c..00000000
--- a/test/test_utils.py
+++ /dev/null
@@ -1,124 +0,0 @@
-from assemblyline_v4_service.common.utils import extract_passwords
-
-
-def test_extract_passwords():
-    # Make sure an empty string doesn't cause any problem
-    text = ""
-    res = extract_passwords(text)
-
-    # Make sure an empty string doesn't cause any problem
-    text = "\n"
-    res = extract_passwords(text)
-
-    text = "Invoice Password: A"
-    wanted_password = ["A"]
-    res = extract_passwords(text)
-    assert all([password in res for password in wanted_password])
-
-    text = "Invoice Password: ABCDE"
-    wanted_password = ["ABCDE"]
-    res = extract_passwords(text)
-    assert all([password in res for password in wanted_password])
-
-    text = (
-        "Password : A\nTest string \nPassword: B\nTest string\npassword:C\nTest string\npassword: D\n"
-        "Test string\npassword: E \nTest string\nPassword: dhfkIJK891\nTest string\nPassword: dh_!l-k&*%#@!91\n"
-        "Test string\nThe Password is: F\nTest string\nPassword:\nG\nTest string\nMot de passe: H\n"
-        "Test string\nPassword:\ndhfkIJK892\nTest string\nPassword:\nKahj#@!!45\n"
-    )
-    wanted_password = [
-        "A",
-        "B",
-        "C",
-        "D",
-        "E",
-        "dhfkIJK891",
-        "dh_!l-k&*%#@!91",
-        "F",
-        "G",
-        "H",
-        "dhfkIJK892",
-        "Kahj#@!!45",
-    ]
-    res = extract_passwords(text)
-    assert all(password in res for password in wanted_password)
-
-    text = "Password:1jdhQ-9!h$\n"
-    wanted_password = ["1jdhQ-9!h$"]
-    res = extract_passwords(text)
-    assert all(password in res for password in wanted_password)
-
-    text = 'password: "Kahj#@!!45"\n'
-    wanted_password = ["Kahj#@!!45"]
-    res = extract_passwords(text)
-    assert all(password in res for password in wanted_password)
-
-    text = 'password:"Kahj#@!!45"\n'
-    wanted_password = ["Kahj#@!!45"]
-    res = extract_passwords(text)
-    assert all(password in res for password in wanted_password)
-
-    text = "Password: '1jdhQ-9!h$'\n"
-    wanted_password = ["1jdhQ-9!h$"]
-    res = extract_passwords(text)
-    assert all(password in res for password in wanted_password)
-
-    text = "Password:'1jdhQ-9!h$'\n"
-    wanted_password = ["1jdhQ-9!h$"]
-    res = extract_passwords(text)
-    assert all(password in res for password in wanted_password)
-
-    text = "mot de passe:Kahj#@!!45\n"
-    wanted_password = ["Kahj#@!!45"]
-    res = extract_passwords(text)
-    assert all(password in res for password in wanted_password)
-
-    text = 'mot de passe: "Kahj#@!!45"\n'
-    wanted_password = ["Kahj#@!!45"]
-    res = extract_passwords(text)
-    assert all(password in res for password in wanted_password)
-
-    text = 'mot de passe:"Kahj#@!!45"\n'
-    wanted_password = ["Kahj#@!!45"]
-    res = extract_passwords(text)
-    assert all(password in res for password in wanted_password)
-
-    text = "mot de passe: 'Kahj#@!!45'\n"
-    wanted_password = ["Kahj#@!!45"]
-    res = extract_passwords(text)
-    assert all(password in res for password in wanted_password)
-
-    text = "mot de passe:'Kahj#@!!45'\n"
-    wanted_password = ["Kahj#@!!45"]
-    res = extract_passwords(text)
-    assert all(password in res for password in wanted_password)
-
-    text = "password: AB5675.\n"
-    wanted_password = ["AB5675"]
-    res = extract_passwords(text)
-    assert all(password in res for password in wanted_password)
-
-    text = "password: the password\n"
-    wanted_password = ["the password"]
-    res = extract_passwords(text)
-    assert all(password in res for password in wanted_password)
-
-    text = 'password: "the password"\n'
-    wanted_password = ["the password"]
-    res = extract_passwords(text)
-    assert all(password in res for password in wanted_password)
-
-    text = "mot de passe: mon secret\n"
-    wanted_password = ["mon secret"]
-    res = extract_passwords(text)
-    assert all(password in res for password in wanted_password)
-
-    text = 'mot de passe: "mon secret"\n'
-    wanted_password = ["mon secret"]
-    res = extract_passwords(text)
-    assert all(password in res for password in wanted_password)
-
-    text = "내 비밀번호는 shibboleet입니다"
-    wanted_password = ["shibboleet"]
-    res = extract_passwords(text)
-    assert all(password in res for password in wanted_password)

From 3d1b0f4371dcd7afba197856925aec9e4885b47e Mon Sep 17 00:00:00 2001
From: cccs-kevin <kevin.hardy-cooper@cyber.gc.ca>
Date: Thu, 25 May 2023 13:28:24 +0000
Subject: [PATCH 18/49] Applying .vscode settings

---
 .gitignore                                    |  3 --
 .vscode/settings.json                         | 22 ++++++++++++
 .../extra_feature.py                          |  3 +-
 .../test/test_extrafeatures.py                |  2 +-
 .../result_sample.py                          | 36 ++++++++++++++-----
 .../test/test_resultsample.py                 |  2 +-
 assemblyline_v4_service/common/api.py         |  5 +--
 assemblyline_v4_service/common/base.py        |  7 ++--
 assemblyline_v4_service/common/helper.py      |  3 +-
 assemblyline_v4_service/common/request.py     |  7 ++--
 assemblyline_v4_service/common/result.py      |  6 ++--
 assemblyline_v4_service/common/task.py        |  6 ++--
 docker/process_handler.py                     |  1 -
 13 files changed, 70 insertions(+), 33 deletions(-)
 create mode 100644 .vscode/settings.json

diff --git a/.gitignore b/.gitignore
index 1635532f..0ae1a580 100644
--- a/.gitignore
+++ b/.gitignore
@@ -83,6 +83,3 @@ venv.bak/
 
 # Cython debug symbols
 cython_debug/
-
-# vscode workspace
-.vscode/
diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 00000000..54c0116a
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,22 @@
+{
+    "python.linting.flake8Args": [
+        "--max-line-length=120",
+        //Added the ignore of E203 for now : https://github.com/PyCQA/pycodestyle/issues/373
+        "--ignore=E203,W503"
+    ],
+    "editor.codeActionsOnSave": {
+        "source.organizeImports": true,
+    },
+    "editor.wordWrap": "wordWrapColumn",
+    "editor.wordWrapColumn": 120,
+    "python.formatting.provider": "black",
+    "python.formatting.blackArgs": [
+        "--line-length=120"
+    ],
+    "isort.args": [
+        "-l",
+        "120",
+        "--profile=black",
+        // "--src=${workspaceFolder}"
+    ]
+}
diff --git a/assemblyline_extra_feature_service/extra_feature.py b/assemblyline_extra_feature_service/extra_feature.py
index 2f60f176..b77db987 100644
--- a/assemblyline_extra_feature_service/extra_feature.py
+++ b/assemblyline_extra_feature_service/extra_feature.py
@@ -1,6 +1,7 @@
 from pprint import pformat
+
 from assemblyline_v4_service.common.base import ServiceBase
-from assemblyline_v4_service.common.result import Result, ResultSection, BODY_FORMAT
+from assemblyline_v4_service.common.result import BODY_FORMAT, Result, ResultSection
 
 
 class ExtraFeature(ServiceBase):
diff --git a/assemblyline_extra_feature_service/test/test_extrafeatures.py b/assemblyline_extra_feature_service/test/test_extrafeatures.py
index 092c8ebd..efe4d8e2 100644
--- a/assemblyline_extra_feature_service/test/test_extrafeatures.py
+++ b/assemblyline_extra_feature_service/test/test_extrafeatures.py
@@ -1,6 +1,6 @@
 import os
-import pytest
 
+import pytest
 from assemblyline.common.importing import load_module_by_path
 from assemblyline_v4_service.testing.helper import TestHelper
 
diff --git a/assemblyline_result_sample_service/result_sample.py b/assemblyline_result_sample_service/result_sample.py
index b02cdba8..65843dbf 100644
--- a/assemblyline_result_sample_service/result_sample.py
+++ b/assemblyline_result_sample_service/result_sample.py
@@ -4,18 +4,38 @@
 import tempfile
 
 from assemblyline.common import forge
-from assemblyline.common.attack_map import software_map, attack_map, group_map, revoke_map
+from assemblyline.common.attack_map import attack_map, group_map, revoke_map, software_map
 from assemblyline.common.dict_utils import flatten
 from assemblyline.common.hexdump import hexdump
-from assemblyline_v4_service.common.base import ServiceBase
-from assemblyline_v4_service.common.result import DividerSectionBody, GraphSectionBody, KVSectionBody, ProcessItem, \
-    ResultGraphSection, ResultImageSection, ResultJSONSection, ResultKeyValueSection, ResultMemoryDumpSection, \
-    ResultMultiSection, ResultProcessTreeSection, ResultSection, BODY_FORMAT, Heuristic, ResultTextSection, \
-    ResultURLSection, ResultTableSection, TableRow, TextSectionBody, Result, ResultOrderedKeyValueSection, \
-    ResultTimelineSection
 
 # DO NOT IMPORT IN YOUR SERVICE. These are just for creating randomized results.
-from assemblyline.odm.randomizer import get_random_phrase, get_random_ip, get_random_host, get_random_tags
+from assemblyline.odm.randomizer import get_random_host, get_random_ip, get_random_phrase, get_random_tags
+from assemblyline_v4_service.common.base import ServiceBase
+from assemblyline_v4_service.common.result import (
+    BODY_FORMAT,
+    DividerSectionBody,
+    GraphSectionBody,
+    Heuristic,
+    KVSectionBody,
+    ProcessItem,
+    Result,
+    ResultGraphSection,
+    ResultImageSection,
+    ResultJSONSection,
+    ResultKeyValueSection,
+    ResultMemoryDumpSection,
+    ResultMultiSection,
+    ResultOrderedKeyValueSection,
+    ResultProcessTreeSection,
+    ResultSection,
+    ResultTableSection,
+    ResultTextSection,
+    ResultTimelineSection,
+    ResultURLSection,
+    TableRow,
+    TextSectionBody,
+)
+
 # DO NOT LIST BODY FORMATS LIKE THIS. This is again for the data randomizer.
 FORMAT_LIST = [BODY_FORMAT.TEXT, BODY_FORMAT.MEMORY_DUMP]
 
diff --git a/assemblyline_result_sample_service/test/test_resultsample.py b/assemblyline_result_sample_service/test/test_resultsample.py
index 046edf80..637623e8 100644
--- a/assemblyline_result_sample_service/test/test_resultsample.py
+++ b/assemblyline_result_sample_service/test/test_resultsample.py
@@ -1,6 +1,6 @@
 import os
-import pytest
 
+import pytest
 from assemblyline.common.importing import load_module_by_path
 from assemblyline_v4_service.testing.helper import TestHelper
 
diff --git a/assemblyline_v4_service/common/api.py b/assemblyline_v4_service/common/api.py
index 164b2210..3dc80e3b 100644
--- a/assemblyline_v4_service/common/api.py
+++ b/assemblyline_v4_service/common/api.py
@@ -1,10 +1,11 @@
 import os
-import requests
 import time
 import traceback
+from io import StringIO
 
+import requests
 from assemblyline_core.safelist_client import SafelistClient
-from io import StringIO
+
 DEFAULT_SERVICE_SERVER = "http://localhost:5003"
 DEFAULT_AUTH_KEY = "ThisIsARandomAuthKey...ChangeMe!"
 DEVELOPMENT_MODE = False
diff --git a/assemblyline_v4_service/common/base.py b/assemblyline_v4_service/common/base.py
index ee4a99b0..e9d1714f 100644
--- a/assemblyline_v4_service/common/base.py
+++ b/assemblyline_v4_service/common/base.py
@@ -3,24 +3,23 @@
 import hashlib
 import logging
 import os
-import requests
 import shutil
 import tarfile
 import tempfile
 import time
 import warnings
-
-from typing import Dict, Optional
 from pathlib import Path
+from typing import Dict, Optional
 
+import requests
 from assemblyline.common import exceptions, log, version
 from assemblyline.common.digests import get_sha256_for_file
 from assemblyline.odm.messages.task import Task as ServiceTask
 from assemblyline_v4_service.common import helper
 from assemblyline_v4_service.common.api import PrivilegedServiceAPI, ServiceAPI
+from assemblyline_v4_service.common.ontology_helper import OntologyHelper
 from assemblyline_v4_service.common.request import ServiceRequest
 from assemblyline_v4_service.common.task import Task
-from assemblyline_v4_service.common.ontology_helper import OntologyHelper
 
 # Ignore all other warnings that a service's libraries can generate
 warnings.filterwarnings("ignore")
diff --git a/assemblyline_v4_service/common/helper.py b/assemblyline_v4_service/common/helper.py
index 3a200cb1..680565cd 100644
--- a/assemblyline_v4_service/common/helper.py
+++ b/assemblyline_v4_service/common/helper.py
@@ -1,9 +1,8 @@
 import os
-import yaml
-
 from io import BytesIO
 from typing import Dict, Union
 
+import yaml
 from assemblyline.common.classification import Classification, InvalidDefinition
 from assemblyline.common.dict_utils import recursive_update
 from assemblyline.common.version import BUILD_MINOR, FRAMEWORK_VERSION, SYSTEM_VERSION
diff --git a/assemblyline_v4_service/common/request.py b/assemblyline_v4_service/common/request.py
index 9d8ad59b..b3b2c874 100644
--- a/assemblyline_v4_service/common/request.py
+++ b/assemblyline_v4_service/common/request.py
@@ -1,17 +1,16 @@
 import logging
 import tempfile
-
-from PIL import Image
 from typing import Any, Dict, Optional, TextIO, Union
 
 from assemblyline.common import forge
 from assemblyline.common import log as al_log
 from assemblyline.common.classification import Classification
-from assemblyline_v4_service.common.api import ServiceAPI, PrivilegedServiceAPI
+from assemblyline_v4_service.common.api import PrivilegedServiceAPI, ServiceAPI
 from assemblyline_v4_service.common.extractor.ocr import ocr_detections
 from assemblyline_v4_service.common.result import Heuristic, Result, ResultKeyValueSection
-from assemblyline_v4_service.common.task import Task, MaxExtractedExceeded
+from assemblyline_v4_service.common.task import MaxExtractedExceeded, Task
 from assemblyline_v4_service.common.utils import extract_passwords
+from PIL import Image
 
 CLASSIFICATION = forge.get_classification()
 WEBP_MAX_SIZE = 16383
diff --git a/assemblyline_v4_service/common/result.py b/assemblyline_v4_service/common/result.py
index d2ca1f0b..2b954309 100644
--- a/assemblyline_v4_service/common/result.py
+++ b/assemblyline_v4_service/common/result.py
@@ -2,14 +2,14 @@
 
 import json
 import logging
-from typing import Any, Dict, List, Optional, TextIO, TYPE_CHECKING, Union
+from typing import TYPE_CHECKING, Any, Dict, List, Optional, TextIO, Union
 
 from assemblyline.common import log as al_log
-from assemblyline.common.attack_map import attack_map, software_map, group_map, revoke_map
+from assemblyline.common.attack_map import attack_map, group_map, revoke_map, software_map
 from assemblyline.common.classification import Classification
 from assemblyline.common.dict_utils import unflatten
 from assemblyline.common.str_utils import StringTable, safe_str
-from assemblyline_v4_service.common.helper import get_service_attributes, get_heuristics
+from assemblyline_v4_service.common.helper import get_heuristics, get_service_attributes
 
 if TYPE_CHECKING:  # Avoid circular dependency
     from assemblyline_v4_service.common.request import ServiceRequest
diff --git a/assemblyline_v4_service/common/task.py b/assemblyline_v4_service/common/task.py
index 0dc92045..6eea5a77 100644
--- a/assemblyline_v4_service/common/task.py
+++ b/assemblyline_v4_service/common/task.py
@@ -2,7 +2,7 @@
 import logging
 import os
 import tempfile
-from typing import List, Optional, Any, Dict, Union
+from typing import Any, Dict, List, Optional, Union
 
 from assemblyline.common import forge
 from assemblyline.common import log as al_log
@@ -10,9 +10,9 @@
 from assemblyline.common.digests import get_digests_for_file, get_sha256_for_file
 from assemblyline.common.isotime import now_as_iso
 from assemblyline.odm.messages.task import Task as ServiceTask
-from assemblyline_v4_service.common.api import ServiceAPI, PrivilegedServiceAPI
-from assemblyline_v4_service.common.result import Result
+from assemblyline_v4_service.common.api import PrivilegedServiceAPI, ServiceAPI
 from assemblyline_v4_service.common.helper import get_service_manifest
+from assemblyline_v4_service.common.result import Result
 
 
 class MaxExtractedExceeded(Exception):
diff --git a/docker/process_handler.py b/docker/process_handler.py
index 75dead23..eafadf9b 100644
--- a/docker/process_handler.py
+++ b/docker/process_handler.py
@@ -1,7 +1,6 @@
 import logging
 import signal
 import time
-
 from os import environ
 from subprocess import Popen, TimeoutExpired
 

From 30b950908b7b588b0aa8839f9bb89c0045228433 Mon Sep 17 00:00:00 2001
From: cccs-kevin <kevin.hardy-cooper@cyber.gc.ca>
Date: Thu, 25 May 2023 13:32:43 +0000
Subject: [PATCH 19/49] Updating import paths

---
 assemblyline_v4_service/common/base.py    | 2 +-
 assemblyline_v4_service/common/request.py | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/assemblyline_v4_service/common/base.py b/assemblyline_v4_service/common/base.py
index e9d1714f..2b28c543 100644
--- a/assemblyline_v4_service/common/base.py
+++ b/assemblyline_v4_service/common/base.py
@@ -15,9 +15,9 @@
 from assemblyline.common import exceptions, log, version
 from assemblyline.common.digests import get_sha256_for_file
 from assemblyline.odm.messages.task import Task as ServiceTask
+from assemblyline_service_utilities.common.ontology_helper import OntologyHelper
 from assemblyline_v4_service.common import helper
 from assemblyline_v4_service.common.api import PrivilegedServiceAPI, ServiceAPI
-from assemblyline_v4_service.common.ontology_helper import OntologyHelper
 from assemblyline_v4_service.common.request import ServiceRequest
 from assemblyline_v4_service.common.task import Task
 
diff --git a/assemblyline_v4_service/common/request.py b/assemblyline_v4_service/common/request.py
index b3b2c874..4377d098 100644
--- a/assemblyline_v4_service/common/request.py
+++ b/assemblyline_v4_service/common/request.py
@@ -5,11 +5,11 @@
 from assemblyline.common import forge
 from assemblyline.common import log as al_log
 from assemblyline.common.classification import Classification
+from assemblyline_service_utilities.common.extractor.ocr import ocr_detections
+from assemblyline_service_utilities.common.utils import extract_passwords
 from assemblyline_v4_service.common.api import PrivilegedServiceAPI, ServiceAPI
-from assemblyline_v4_service.common.extractor.ocr import ocr_detections
 from assemblyline_v4_service.common.result import Heuristic, Result, ResultKeyValueSection
 from assemblyline_v4_service.common.task import MaxExtractedExceeded, Task
-from assemblyline_v4_service.common.utils import extract_passwords
 from PIL import Image
 
 CLASSIFICATION = forge.get_classification()

From cce1e33cb7b650dee157af6049dc2d0be6cbe4ae Mon Sep 17 00:00:00 2001
From: cccs-kevin <kevin.hardy-cooper@cyber.gc.ca>
Date: Fri, 26 May 2023 18:37:16 +0000
Subject: [PATCH 20/49] Exit if there are no tests

---
 pipelines/azure-tests.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pipelines/azure-tests.yaml b/pipelines/azure-tests.yaml
index f3935342..69114446 100644
--- a/pipelines/azure-tests.yaml
+++ b/pipelines/azure-tests.yaml
@@ -23,6 +23,8 @@ jobs:
         inputs:
           versionSpec: "$(python.version)"
       - script: |
+          [ ! -d "$(pwd)/test" ] && echo "No test found" && exit
+
           sudo mkdir -p /etc/assemblyline/
           sudo mkdir -p /var/cache/assemblyline/
           sudo cp pipelines/config.yml /etc/assemblyline
@@ -33,5 +35,7 @@ jobs:
           sudo env "PATH=$PATH" python -m pip install --no-cache-dir -e .
           sudo env "PATH=$PATH" python -m pip install --no-cache-dir -r test/requirements.txt
         displayName: Setup environment
-      - script: python -m pytest -rsx -vv
+      - script: |
+          [ ! -d "$(pwd)/test" ] && echo "No test found" && exit
+          python -m pytest -rsx -vv
         displayName: Test

From 78ef063aff4de31265392c9b7c60e9b1c103d655 Mon Sep 17 00:00:00 2001
From: cccs-kevin <kevin.hardy-cooper@cyber.gc.ca>
Date: Fri, 26 May 2023 19:07:42 +0000
Subject: [PATCH 21/49] Unmigrating ontology helper

---
 assemblyline_v4_service/common/base.py        |   2 +-
 .../common/ontology_helper.py                 | 186 ++++++++++++++++++
 2 files changed, 187 insertions(+), 1 deletion(-)
 create mode 100644 assemblyline_v4_service/common/ontology_helper.py

diff --git a/assemblyline_v4_service/common/base.py b/assemblyline_v4_service/common/base.py
index 2b28c543..e9d1714f 100644
--- a/assemblyline_v4_service/common/base.py
+++ b/assemblyline_v4_service/common/base.py
@@ -15,9 +15,9 @@
 from assemblyline.common import exceptions, log, version
 from assemblyline.common.digests import get_sha256_for_file
 from assemblyline.odm.messages.task import Task as ServiceTask
-from assemblyline_service_utilities.common.ontology_helper import OntologyHelper
 from assemblyline_v4_service.common import helper
 from assemblyline_v4_service.common.api import PrivilegedServiceAPI, ServiceAPI
+from assemblyline_v4_service.common.ontology_helper import OntologyHelper
 from assemblyline_v4_service.common.request import ServiceRequest
 from assemblyline_v4_service.common.task import Task
 
diff --git a/assemblyline_v4_service/common/ontology_helper.py b/assemblyline_v4_service/common/ontology_helper.py
new file mode 100644
index 00000000..b0e8c83f
--- /dev/null
+++ b/assemblyline_v4_service/common/ontology_helper.py
@@ -0,0 +1,186 @@
+import json
+import os
+from collections import defaultdict
+from typing import Dict
+
+from assemblyline.common import forge
+from assemblyline.common.dict_utils import flatten, get_dict_fingerprint_hash, unflatten
+from assemblyline.odm.base import Model, construct_safe
+from assemblyline.odm.models.ontology import ODM_VERSION
+from assemblyline.odm.models.ontology.filetypes import PE
+from assemblyline.odm.models.ontology.results import NetworkConnection
+from assemblyline.odm.models.tagging import Tagging
+from assemblyline_v4_service.common import helper
+
+ONTOLOGY_FILETYPE_MODELS = [PE]
+ONTOLOGY_CLASS_TO_FIELD = {
+    NetworkConnection: "netflow"
+}
+
+Classification = forge.get_classification()
+
+
+class OntologyHelper:
+    def __init__(self, logger, service_name) -> None:
+        self.log = logger
+        self._file_info = dict()
+        self._result_parts: Dict[str, Model] = dict()
+        self.results = defaultdict(list)
+        self.service = service_name
+
+    def add_file_part(self, model: Model, data: Dict) -> None:
+        if not data:
+            return None
+
+        # Unlike result parts, there should only be one file part per type
+        if model in ONTOLOGY_FILETYPE_MODELS:
+            self._file_info[model.__name__.lower()] = model(data)
+
+    def add_result_part(self, model: Model, data: Dict) -> str:
+        if not data:
+            self.log.warning(f'No data given to apply to model {model.__name__}')
+            return None
+
+        if not data.get('objectid'):
+            data['objectid'] = {}
+
+        oid = data['objectid'].get('ontology_id')
+        tag = data['objectid'].get('tag')
+
+        # Generate ID based on data and add reference to collection, prefix with model type
+        # Some models have a deterministic way of generating IDs using the data given
+        if not oid:
+            oid = model.get_oid(data) if hasattr(model, 'get_oid') else \
+                f"{model.__name__.lower()}_{get_dict_fingerprint_hash(data)}"
+        if not tag:
+            tag = model.get_tag(data) if hasattr(model, 'get_tag') else None
+
+        data['objectid']['tag'] = tag
+        data['objectid']['ontology_id'] = oid
+        data['objectid']['service_name'] = self.service
+
+        try:
+            self._result_parts[oid] = model(data)
+        except Exception as e:
+            self.log.error(f'Problem applying data to given model: {e}')
+            self.log.debug(data)
+            oid = None
+        finally:
+            return oid
+
+    def attach_parts(self, ontology: Dict) -> None:
+        ontology['file'].update({k: v.as_primitives(strip_null=True) for k, v in self._file_info.items()})
+
+        # If result section wasn't explicitly defined by service writer, use what we know
+        if not self.results:
+            for v in self._result_parts.values():
+                # Some Ontology classes map to certain fields in the ontology that don't share the same name
+                field = ONTOLOGY_CLASS_TO_FIELD.get(v.__class__, v.__class__.__name__.lower())
+                self.results[field].append(v.as_primitives(strip_null=True))
+
+        ontology['results'].update(self.results)
+
+    def _attach_ontology(self, request, working_dir) -> str:
+        # Get heuristics of service
+        heuristics = helper.get_heuristics()
+
+        def preprocess_result_for_dump(sections, current_max, heur_tag_map, tag_map):
+            for section in sections:
+                # Determine max classification of the overall result
+                current_max = Classification.max_classification(section.classification, current_max)
+
+                # Cleanup invalid tagging from service results
+                def validate_tags(tag_map):
+                    tag_map, _ = construct_safe(Tagging, unflatten(tag_map))
+                    tag_map = flatten(tag_map.as_primitives(strip_null=True))
+                    return tag_map
+
+                # Merge tags
+                def merge_tags(tag_a, tag_b):
+                    if not tag_a:
+                        return tag_b
+
+                    elif not tag_b:
+                        return tag_a
+
+                    all_keys = list(tag_a.keys()) + list(tag_b.keys())
+                    return {key: list(set(tag_a.get(key, []) + tag_b.get(key, []))) for key in all_keys}
+
+                # Append tags raised by the service, if any
+                section_tags = validate_tags(section.tags)
+                if section_tags:
+                    tag_map = merge_tags(tag_map, section_tags)
+
+                # Append tags associated to heuristics raised by the service, if any
+                if section.heuristic:
+                    heur = heuristics[section.heuristic.heur_id]
+                    key = f'{request.task.service_name.upper()}_{heur.heur_id}'
+                    heur_tag_map[key].update({
+                        "heur_id": key,
+                        "name": heur.name,
+                        "tags": merge_tags(heur_tag_map[key]["tags"], section_tags) if section_tags else {},
+                        "score": heur.score,
+                        "times_raised": heur_tag_map[key]["times_raised"] + 1
+                    })
+
+                # Recurse through subsections
+                if section.subsections:
+                    current_max, heur_tag_map, tag_map = preprocess_result_for_dump(
+                        section.subsections, current_max, heur_tag_map, tag_map)
+
+            return current_max, heur_tag_map, tag_map
+
+        if not request.result or not request.result.sections:
+            # No service results, therefore no ontological output
+            return
+
+        max_result_classification, heur_tag_map, tag_map = preprocess_result_for_dump(
+            sections=request.result.sections,
+            current_max=Classification.max_classification(request.task.min_classification,
+                                                          request.task.service_default_result_classification),
+            heur_tag_map=defaultdict(lambda: {"tags": dict(), "times_raised": int()}),
+            tag_map=defaultdict(list))
+
+        if not tag_map and not self._result_parts:
+            # No tagging or ontologies found, therefore informational results
+            return
+
+        ontology = {
+            'odm_type': 'Assemblyline Result Ontology',
+            'odm_version': ODM_VERSION,
+            "classification": max_result_classification,
+            "file": {
+                'md5': request.md5,
+                'sha1': request.sha1,
+                'sha256': request.sha256,
+                'type': request.file_type,
+                'size': request.file_size,
+                'names': [request.file_name] if request.file_name else []
+            },
+            "service": {
+                'name': request.task.service_name,
+                'version': request.task.service_version,
+                'tool_version': request.task.service_tool_version,
+            },
+            "results": {
+                "tags": tag_map,
+                "heuristics": list(heur_tag_map.values())
+            }
+        }
+
+        self.attach_parts(ontology)
+
+        # Include Ontological data
+        ontology_suffix = f"{request.sha256}.ontology"
+        ontology_path = os.path.join(working_dir, ontology_suffix)
+        with open(ontology_path, 'w') as f:
+            f.write(json.dumps(ontology))
+        attachment_name = f'{request.task.service_name}_{ontology_suffix}'.lower()
+        request.add_supplementary(path=ontology_path, name=attachment_name,
+                                  description=f"Result Ontology from {request.task.service_name}",
+                                  classification=max_result_classification)
+
+    def reset(self) -> None:
+        self._file_info = {}
+        self._result_parts = {}
+        self.results = defaultdict(list)

From 9dfce4f2adb474b91240f17d7ce831aca8204885 Mon Sep 17 00:00:00 2001
From: cccs-kevin <kevin.hardy-cooper@cyber.gc.ca>
Date: Fri, 2 Jun 2023 14:38:47 +0000
Subject: [PATCH 22/49] Reverting moving ocr and utils to avoid cyclic imports

---
 assemblyline_v4_service/common/ocr.py     |  96 +++++++++++++++++
 assemblyline_v4_service/common/request.py |   4 +-
 assemblyline_v4_service/common/utils.py   |  85 +++++++++++++++
 test/test_utils.py                        | 124 ++++++++++++++++++++++
 4 files changed, 307 insertions(+), 2 deletions(-)
 create mode 100644 assemblyline_v4_service/common/ocr.py
 create mode 100644 assemblyline_v4_service/common/utils.py
 create mode 100644 test/test_utils.py

diff --git a/assemblyline_v4_service/common/ocr.py b/assemblyline_v4_service/common/ocr.py
new file mode 100644
index 00000000..d838fc8c
--- /dev/null
+++ b/assemblyline_v4_service/common/ocr.py
@@ -0,0 +1,96 @@
+from __future__ import annotations
+
+from typing import TextIO
+
+import regex
+from assemblyline_v4_service.common.helper import get_service_manifest
+from assemblyline_v4_service.common.utils import PASSWORD_WORDS
+
+# TODO: Would prefer this mapping to be dynamic from trusted sources (ie. import from library), but will copy-paste for now
+OCR_INDICATORS_MAPPING: dict[str, list[str]] = {
+    'ransomware': [
+        # https://github.com/cuckoosandbox/community/blob/master/modules/signatures/windows/ransomware_message.py
+        "your files", "your data", "your documents", "restore files",
+        "restore data", "restore the files", "restore the data", "recover files",
+        "recover data", "recover the files", "recover the data", "has been locked",
+        "pay fine", "pay a fine", "pay the fine", "decrypt", "encrypt",
+        "recover files", "recover data", "recover them", "recover your",
+        "recover personal", "bitcoin", "secret server", "secret internet server",
+        "install tor", "download tor", "tor browser", "tor gateway",
+        "tor-browser", "tor-gateway", "torbrowser", "torgateway", "torproject.org",
+        "ransom", "bootkit", "rootkit", "payment", "victim", "AES128", "AES256",
+        "AES 128", "AES 256", "AES-128", "AES-256", "RSA1024", "RSA2048",
+        "RSA4096", "RSA 1024", "RSA 2048", "RSA 4096", "RSA-1024", "RSA-2048",
+        "RSA-4096", "private key", "personal key", "your code", "private code",
+        "personal code", "enter code", "your key", "unique key"
+    ],
+    'macros': [
+        # https://github.com/cuckoosandbox/community/blob/17d57d46ccbca0327a8299cb93abba8604b74df7/modules/signatures/windows/office_enablecontent_ocr.py
+        "enable macro",
+        "enable content",
+        "enable editing",
+    ],
+    'banned': [],
+    'password': PASSWORD_WORDS
+}
+
+
+def ocr_detections(image_path: str, ocr_io: TextIO = None) -> dict[str, list[str]]:
+    try:
+        import pytesseract
+        from PIL import Image
+    except ImportError as exc:
+        raise ImportError('In order to scan for OCR detections, ensure you have the following installed:\n'
+                          'tesseract, pytesseract, and Pillow') from exc
+
+    # Use OCR library to extract strings from an image file
+    ocr_output = ""
+
+    try:
+        ocr_output = pytesseract.image_to_string(Image.open(image_path), timeout=15)  # Stop OCR after 15 seconds
+    except (TypeError, RuntimeError):
+        # Image given isn't supported therefore no OCR output can be given with tesseract
+        return {}
+
+    if ocr_io:
+        ocr_io.flush()
+        ocr_io.write(ocr_output)
+        ocr_io.flush()
+
+    return detections(ocr_output)
+
+
+def detections(ocr_output: str) -> dict[str, list[str]]:
+    detection_output: dict[str, list[str]] = {}
+    ocr_config: dict[str, list[str]] = {}
+    try:
+        # If running an AL service, grab OCR configuration from service manifest
+        ocr_config = get_service_manifest().get('config', {}).get('ocr', {})
+    except Exception:
+        pass
+    indicators = set(list(OCR_INDICATORS_MAPPING.keys()) + list(ocr_config.keys()))
+    # Iterate over the different indicators and include lines of detection in response
+    for indicator in indicators:
+        list_of_terms = ocr_config.get(indicator, []) or OCR_INDICATORS_MAPPING.get(indicator, [])
+        if not list_of_terms:
+            # If no terms specified, move onto next indicator
+            continue
+        indicator_hits: set[str | None] = set()
+        regex_exp = regex.compile(f"({')|('.join(list_of_terms).lower()})")
+        list_of_strings: list[str] = []
+        for line in ocr_output.split('\n'):
+            search = regex_exp.search(line.lower())
+            if search:
+                indicator_hits = indicator_hits.union(set(search.groups()))
+                list_of_strings.append(line)
+        if None in indicator_hits:
+            indicator_hits.remove(None)
+
+        if list_of_strings:
+            if len(indicator_hits) >= 2:
+                # We consider the detection to be credible if there's more than a single indicator hit
+                detection_output[indicator] = list_of_strings
+            if indicator in ['banned', 'password']:
+                # Except if we're dealing with banned/password, one hit is more than enough
+                detection_output[indicator] = list_of_strings
+    return detection_output
diff --git a/assemblyline_v4_service/common/request.py b/assemblyline_v4_service/common/request.py
index 4377d098..9ed689a1 100644
--- a/assemblyline_v4_service/common/request.py
+++ b/assemblyline_v4_service/common/request.py
@@ -5,11 +5,11 @@
 from assemblyline.common import forge
 from assemblyline.common import log as al_log
 from assemblyline.common.classification import Classification
-from assemblyline_service_utilities.common.extractor.ocr import ocr_detections
-from assemblyline_service_utilities.common.utils import extract_passwords
 from assemblyline_v4_service.common.api import PrivilegedServiceAPI, ServiceAPI
+from assemblyline_v4_service.common.ocr import ocr_detections
 from assemblyline_v4_service.common.result import Heuristic, Result, ResultKeyValueSection
 from assemblyline_v4_service.common.task import MaxExtractedExceeded, Task
+from assemblyline_v4_service.common.utils import extract_passwords
 from PIL import Image
 
 CLASSIFICATION = forge.get_classification()
diff --git a/assemblyline_v4_service/common/utils.py b/assemblyline_v4_service/common/utils.py
new file mode 100644
index 00000000..a0a4ef0d
--- /dev/null
+++ b/assemblyline_v4_service/common/utils.py
@@ -0,0 +1,85 @@
+from __future__ import annotations
+
+import ctypes
+import re
+import signal
+import sys
+
+libc = ctypes.CDLL("libc.so.6")
+
+PASSWORD_WORDS = [
+    "كلمه السر",  # Arabic
+    "密码",  # Chinese Simplified
+    "密碼",  # Chinese Traditional
+    "password",  # English
+    "mot de passe",  # French
+    "passwort",  # German
+    "parola d'ordine",  # Italian
+    "비밀번호",  # Korean
+    "parole",  # Latvian, Lithuanian
+    "senha",  # Portuguese
+    "пароль",  # Russian
+    "contraseña",  # Spanish
+]
+PASSWORD_REGEXES = [re.compile(fr".*{p}:(.+)", re.I) for p in PASSWORD_WORDS]
+
+PASSWORD_STRIP = [
+    '"',
+    "'",
+    "입니다",
+    "이에요",
+]
+
+
+def set_death_signal(sig=signal.SIGTERM):
+    if 'linux' not in sys.platform:
+        return None
+
+    def process_control():
+        return libc.prctl(1, sig)
+    return process_control
+
+
+class TimeoutException(Exception):
+    pass
+
+
+class alarm_clock:
+    """A context manager that causes an exception to be raised after a timeout."""
+
+    def __init__(self, timeout):
+        self.timeout = timeout
+        self.alarm_default = signal.getsignal(signal.SIGALRM)
+
+    def __enter__(self):
+        # noinspection PyUnusedLocal
+        def handler(signum, frame):
+            raise TimeoutException("Timeout")
+
+        signal.signal(signal.SIGALRM, handler)
+
+        signal.alarm(self.timeout)
+        return self
+
+    def __exit__(self, exc_type, exc_val, exc_tb):
+        signal.alarm(0)
+        signal.signal(signal.SIGALRM, self.alarm_default)
+
+
+def extract_passwords(text: str) -> set[str]:
+    passwords: set[str] = set()
+    text_split, text_split_n = set(text.split()), set(text.split("\n"))
+    passwords.update(text_split)
+    passwords.update(re.split(r"\W+", text))
+    for i, r in enumerate(PASSWORD_REGEXES):
+        for line in text_split:
+            if PASSWORD_WORDS[i] in line.lower():
+                passwords.update(re.split(r, line))
+        for line in text_split_n:
+            if PASSWORD_WORDS[i] in line.lower():
+                passwords.update(re.split(r, line))
+    for p in list(passwords):
+        p = p.strip()
+        # We can assume that at least one of the strip_char won't be there, to have the simple space stripping option
+        passwords.update([p.strip(strip_char) for strip_char in PASSWORD_STRIP])
+    return passwords
diff --git a/test/test_utils.py b/test/test_utils.py
new file mode 100644
index 00000000..7c31e22c
--- /dev/null
+++ b/test/test_utils.py
@@ -0,0 +1,124 @@
+from assemblyline_v4_service.common.utils import extract_passwords
+
+
+def test_extract_passwords():
+    # Make sure an empty string doesn't cause any problem
+    text = ""
+    res = extract_passwords(text)
+
+    # Make sure an empty string doesn't cause any problem
+    text = "\n"
+    res = extract_passwords(text)
+
+    text = "Invoice Password: A"
+    wanted_password = ["A"]
+    res = extract_passwords(text)
+    assert all([password in res for password in wanted_password])
+
+    text = "Invoice Password: ABCDE"
+    wanted_password = ["ABCDE"]
+    res = extract_passwords(text)
+    assert all([password in res for password in wanted_password])
+
+    text = (
+        "Password : A\nTest string \nPassword: B\nTest string\npassword:C\nTest string\npassword: D\n"
+        "Test string\npassword: E \nTest string\nPassword: dhfkIJK891\nTest string\nPassword: dh_!l-k&*%#@!91\n"
+        "Test string\nThe Password is: F\nTest string\nPassword:\nG\nTest string\nMot de passe: H\n"
+        "Test string\nPassword:\ndhfkIJK892\nTest string\nPassword:\nKahj#@!!45\n"
+    )
+    wanted_password = [
+        "A",
+        "B",
+        "C",
+        "D",
+        "E",
+        "dhfkIJK891",
+        "dh_!l-k&*%#@!91",
+        "F",
+        "G",
+        "H",
+        "dhfkIJK892",
+        "Kahj#@!!45",
+    ]
+    res = extract_passwords(text)
+    assert all(password in res for password in wanted_password)
+
+    text = "Password:1jdhQ-9!h$\n"
+    wanted_password = ["1jdhQ-9!h$"]
+    res = extract_passwords(text)
+    assert all(password in res for password in wanted_password)
+
+    text = 'password: "Kahj#@!!45"\n'
+    wanted_password = ["Kahj#@!!45"]
+    res = extract_passwords(text)
+    assert all(password in res for password in wanted_password)
+
+    text = 'password:"Kahj#@!!45"\n'
+    wanted_password = ["Kahj#@!!45"]
+    res = extract_passwords(text)
+    assert all(password in res for password in wanted_password)
+
+    text = "Password: '1jdhQ-9!h$'\n"
+    wanted_password = ["1jdhQ-9!h$"]
+    res = extract_passwords(text)
+    assert all(password in res for password in wanted_password)
+
+    text = "Password:'1jdhQ-9!h$'\n"
+    wanted_password = ["1jdhQ-9!h$"]
+    res = extract_passwords(text)
+    assert all(password in res for password in wanted_password)
+
+    text = "mot de passe:Kahj#@!!45\n"
+    wanted_password = ["Kahj#@!!45"]
+    res = extract_passwords(text)
+    assert all(password in res for password in wanted_password)
+
+    text = 'mot de passe: "Kahj#@!!45"\n'
+    wanted_password = ["Kahj#@!!45"]
+    res = extract_passwords(text)
+    assert all(password in res for password in wanted_password)
+
+    text = 'mot de passe:"Kahj#@!!45"\n'
+    wanted_password = ["Kahj#@!!45"]
+    res = extract_passwords(text)
+    assert all(password in res for password in wanted_password)
+
+    text = "mot de passe: 'Kahj#@!!45'\n"
+    wanted_password = ["Kahj#@!!45"]
+    res = extract_passwords(text)
+    assert all(password in res for password in wanted_password)
+
+    text = "mot de passe:'Kahj#@!!45'\n"
+    wanted_password = ["Kahj#@!!45"]
+    res = extract_passwords(text)
+    assert all(password in res for password in wanted_password)
+
+    text = "password: AB5675.\n"
+    wanted_password = ["AB5675"]
+    res = extract_passwords(text)
+    assert all(password in res for password in wanted_password)
+
+    text = "password: the password\n"
+    wanted_password = ["the password"]
+    res = extract_passwords(text)
+    assert all(password in res for password in wanted_password)
+
+    text = 'password: "the password"\n'
+    wanted_password = ["the password"]
+    res = extract_passwords(text)
+    assert all(password in res for password in wanted_password)
+
+    text = "mot de passe: mon secret\n"
+    wanted_password = ["mon secret"]
+    res = extract_passwords(text)
+    assert all(password in res for password in wanted_password)
+
+    text = 'mot de passe: "mon secret"\n'
+    wanted_password = ["mon secret"]
+    res = extract_passwords(text)
+    assert all(password in res for password in wanted_password)
+
+    text = "내 비밀번호는 shibboleet입니다"
+    wanted_password = ["shibboleet"]
+    res = extract_passwords(text)
+    assert all(password in res for password in wanted_password)

From 4a5f0c2a6081b65c0f01d060e29e01ba7d6a148a Mon Sep 17 00:00:00 2001
From: cccs-kevin <kevin.hardy-cooper@cyber.gc.ca>
Date: Mon, 12 Jun 2023 14:41:56 +0000
Subject: [PATCH 23/49] Check if requirements file exists in test dir

---
 pipelines/azure-tests.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pipelines/azure-tests.yaml b/pipelines/azure-tests.yaml
index 69114446..b2ed484a 100644
--- a/pipelines/azure-tests.yaml
+++ b/pipelines/azure-tests.yaml
@@ -33,7 +33,7 @@ jobs:
           sudo apt-get install -y build-essential libffi-dev libfuzzy-dev python3-dev
           sudo env "PATH=$PATH" python -m pip install --no-cache-dir -U pip cython setuptools
           sudo env "PATH=$PATH" python -m pip install --no-cache-dir -e .
-          sudo env "PATH=$PATH" python -m pip install --no-cache-dir -r test/requirements.txt
+          [ -f $(pwd)/test/requirements.txt ] && sudo env "PATH=$PATH" python -m pip install --no-cache-dir -r $(pwd)/test/requirements.txt
         displayName: Setup environment
       - script: |
           [ ! -d "$(pwd)/test" ] && echo "No test found" && exit

From d9258c749bc4246c358073f2df76561d9d2147ef Mon Sep 17 00:00:00 2001
From: cccs-kevin <kevin.hardy-cooper@cyber.gc.ca>
Date: Mon, 12 Jun 2023 14:53:11 +0000
Subject: [PATCH 24/49] Adding requirements.txt for test dir

---
 test/requirements.txt | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 test/requirements.txt

diff --git a/test/requirements.txt b/test/requirements.txt
new file mode 100644
index 00000000..e079f8a6
--- /dev/null
+++ b/test/requirements.txt
@@ -0,0 +1 @@
+pytest

From b7008d136412cf710dc15001c48253a2d0e23815 Mon Sep 17 00:00:00 2001
From: gdesmar <75089569+gdesmar@users.noreply.github.com>
Date: Wed, 14 Jun 2023 13:04:26 +0000
Subject: [PATCH 25/49] Handle non-space password delimiter

---
 assemblyline_v4_service/common/utils.py | 32 ++++++++++++++++++++-----
 test/test_utils.py                      | 27 +++++++++++++++++++++
 2 files changed, 53 insertions(+), 6 deletions(-)

diff --git a/assemblyline_v4_service/common/utils.py b/assemblyline_v4_service/common/utils.py
index a0a4ef0d..5991f32e 100644
--- a/assemblyline_v4_service/common/utils.py
+++ b/assemblyline_v4_service/common/utils.py
@@ -30,6 +30,13 @@
     "이에요",
 ]
 
+BRACKET_PAIRS = {
+    "<": ">",
+    "(": ")",
+    "[": "]",
+    "{": "}",
+}
+
 
 def set_death_signal(sig=signal.SIGTERM):
     if 'linux' not in sys.platform:
@@ -66,18 +73,31 @@ def __exit__(self, exc_type, exc_val, exc_tb):
         signal.signal(signal.SIGALRM, self.alarm_default)
 
 
+def __extract_passwords_from_lines(texts, password_word, password_regex):
+    all_passwords = set()
+    password_keyword = f"{password_word}:"
+    for line in texts:
+        if password_keyword in line.lower():
+            new_passwords = re.split(password_regex, line)
+            index = line.lower().rindex(password_keyword)
+            if index > 0 and line[index - 1] != " ":
+                special_char = line[index - 1]
+                if special_char in BRACKET_PAIRS:
+                    special_char = BRACKET_PAIRS[special_char]
+                for password in list(new_passwords):
+                    new_passwords.extend([password[:i] for i, ltr in enumerate(password) if ltr == special_char])
+            all_passwords.update(new_passwords)
+    return all_passwords
+
+
 def extract_passwords(text: str) -> set[str]:
     passwords: set[str] = set()
     text_split, text_split_n = set(text.split()), set(text.split("\n"))
     passwords.update(text_split)
     passwords.update(re.split(r"\W+", text))
     for i, r in enumerate(PASSWORD_REGEXES):
-        for line in text_split:
-            if PASSWORD_WORDS[i] in line.lower():
-                passwords.update(re.split(r, line))
-        for line in text_split_n:
-            if PASSWORD_WORDS[i] in line.lower():
-                passwords.update(re.split(r, line))
+        passwords.update(__extract_passwords_from_lines(text_split, PASSWORD_WORDS[i], r))
+        passwords.update(__extract_passwords_from_lines(text_split_n, PASSWORD_WORDS[i], r))
     for p in list(passwords):
         p = p.strip()
         # We can assume that at least one of the strip_char won't be there, to have the simple space stripping option
diff --git a/test/test_utils.py b/test/test_utils.py
index 7c31e22c..bc0f1d6f 100644
--- a/test/test_utils.py
+++ b/test/test_utils.py
@@ -1,4 +1,5 @@
 from assemblyline_v4_service.common.utils import extract_passwords
+import pytest
 
 
 def test_extract_passwords():
@@ -122,3 +123,29 @@ def test_extract_passwords():
     wanted_password = ["shibboleet"]
     res = extract_passwords(text)
     assert all(password in res for password in wanted_password)
+
+
+@pytest.mark.parametrize(
+    "text, password",
+    [
+        ("Please use attached#password:1234#@!# and tell me if I can do anything else", "1234#@!"),
+        ("Please use attached#password:1234#@!## and tell me if I can do anything else", "1234#@!#"),
+        ("Please use attached[password:1234#@!] and tell me if I can do anything else", "1234#@!"),
+        ("Please use attached<password:1234#@!> and tell me if I can do anything else", "1234#@!"),
+        ("Please use attached password:1234#@!) and tell me if I can do anything else", "1234#@!)"),
+        ("Please use attached(password:1234#@!) and tell me if I can do anything else", "1234#@!"),
+        ("Please use attached(password: 1234#@!) and tell me if I can do anything else", "1234#@!"),
+        ("(mot de passe:1234#@!)", "1234#@!"),
+        ("(mot de passe: 1234#@!)", "1234#@!"),
+        ("(mot de passe: 1234#@!)", " 1234#@!"),
+        # Password-keyword starting line shouldn't cause any problem
+        ("password:1234# and tell me if I can do anything else", "1234#"),
+    ]
+)
+def test_non_space_password_delimiter(text, password):
+    # The use-non-space-as-delimiter
+    # if the character preceding the word password in any language is found in the extracted password
+    # for that line, split on each.
+    # Also check for matching <> () [] {} instead if it's an opening one preceding.
+    res = extract_passwords(text)
+    assert password in res

From 582dd5ff4ed3a7a633f8248be683098103e86468 Mon Sep 17 00:00:00 2001
From: gdesmar <75089569+gdesmar@users.noreply.github.com>
Date: Wed, 14 Jun 2023 16:41:39 +0000
Subject: [PATCH 26/49] Handle empty file list in updater

---
 assemblyline_v4_service/updater/helper.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/assemblyline_v4_service/updater/helper.py b/assemblyline_v4_service/updater/helper.py
index 13e6f2ec..92fca6c0 100644
--- a/assemblyline_v4_service/updater/helper.py
+++ b/assemblyline_v4_service/updater/helper.py
@@ -35,6 +35,10 @@ def add_cacert(cert: str) -> None:
 
 
 def filter_downloads(output_path, pattern, default_pattern=".*") -> List[Tuple[str, str]]:
+    if not output_path:
+        # Nothing to filter.
+        return []
+
     f_files = []
     if not pattern:
         # Regex will either match on the filename, directory, or filepath, either with default or given pattern for source

From 54f8b25be6beb47ad3ae81647ef909b5de885f0d Mon Sep 17 00:00:00 2001
From: cccs-kevin <kevin.hardy-cooper@cyber.gc.ca>
Date: Fri, 23 Jun 2023 15:11:06 +0000
Subject: [PATCH 27/49] Updating the CONTRIBUTING.md to include relevant links

---
 CONTRIBUTING.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 6fb6aeb1..40379e09 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -5,7 +5,7 @@ This guide covers the basics of how to contribute to the Assemblyline project.
 Python code should follow the PEP8 guidelines defined here: [PEP8 Guidelines](https://www.python.org/dev/peps/pep-0008/).
 
 ## Tell us want you want to build/fix
-Before you start coding anything you should connect with the [Assemblyline community](https://groups.google.com/d/forum/cse-cst-assemblyline) to make sure no one else is working on the same thing and that whatever you are going to build still fits with the vision off the system.
+Before you start coding anything you should connect with the Assemblyline community via the [Assemblyline Discord server](https://discord.gg/GUAy9wErNu) and/or the [central Assemblyline GitHub project](https://github.com/CybercentreCanada/assemblyline/issues) to make sure no one else is working on the same thing and that whatever you are going to build still fits with the vision of the system.
 
 ## Git workflow
 
@@ -18,8 +18,8 @@ Before you start coding anything you should connect with the [Assemblyline commu
 #### Transfer your service repo
 If you've worked on a new service that you want to be included in the default service selection you'll have to transfer the repo into our control.
 
-#### You are not allow to merge:
+#### You are not allowed to merge:
 
 Even if you try to merge in your pull request, you will be denied. Only a few people in our team are allowed to merge code into our repositories.
 
-We check for new pull requests every day and will merge them in once they have been approved by someone in our team.
\ No newline at end of file
+We check for new pull requests every day and will merge them in once they have been approved by someone in our team.

From a51e1360b9e22767294b2a8affb9ae717da6bb7d Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Tue, 11 Jul 2023 16:50:53 +0000
Subject: [PATCH 28/49] Remove unused git_config

---
 assemblyline_v4_service/updater/helper.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/assemblyline_v4_service/updater/helper.py b/assemblyline_v4_service/updater/helper.py
index 92fca6c0..8bf1a8d5 100644
--- a/assemblyline_v4_service/updater/helper.py
+++ b/assemblyline_v4_service/updater/helper.py
@@ -182,7 +182,6 @@ def git_clone_repo(source: Dict[str, Any], previous_update: int = None, logger=N
     proxy = source.get('proxy', None)
     auth = f'{username}:{password}@' if username and password else None
 
-    git_config = None
     git_env = {}
 
     if ignore_ssl_errors:
@@ -219,7 +218,7 @@ def git_clone_repo(source: Dict[str, Any], previous_update: int = None, logger=N
 
             # As checking for .git at the end of the URI is not reliable
             # we will use the exception to determine if its a git repo or direct download.
-            repo = Repo.clone_from(url, clone_dir, env=git_env, config=git_config, branch=branch,
+            repo = Repo.clone_from(url, clone_dir, env=git_env, branch=branch,
                                    allow_unsafe_protocols=GIT_ALLOW_UNSAFE_PROTOCOLS)
 
             # Check repo last commit

From 4ac7b526c5a98e92dc721e9157dfdacd42023e84 Mon Sep 17 00:00:00 2001
From: Steve Garon <steve.garon@cyber.gc.ca>
Date: Wed, 12 Jul 2023 17:28:38 +0000
Subject: [PATCH 29/49] Use new assemblyline_service_utilities for TestHelper

---
 assemblyline_extra_feature_service/test/test_extrafeatures.py | 2 +-
 assemblyline_result_sample_service/test/test_resultsample.py  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/assemblyline_extra_feature_service/test/test_extrafeatures.py b/assemblyline_extra_feature_service/test/test_extrafeatures.py
index efe4d8e2..5452f7d4 100644
--- a/assemblyline_extra_feature_service/test/test_extrafeatures.py
+++ b/assemblyline_extra_feature_service/test/test_extrafeatures.py
@@ -2,7 +2,7 @@
 
 import pytest
 from assemblyline.common.importing import load_module_by_path
-from assemblyline_v4_service.testing.helper import TestHelper
+from assemblyline_service_utilities.testing.helper import TestHelper
 
 # Force manifest location
 os.environ['SERVICE_MANIFEST_PATH'] = os.path.join(os.path.dirname(__file__), "..", "service_manifest.yml")
diff --git a/assemblyline_result_sample_service/test/test_resultsample.py b/assemblyline_result_sample_service/test/test_resultsample.py
index 637623e8..7411aed0 100644
--- a/assemblyline_result_sample_service/test/test_resultsample.py
+++ b/assemblyline_result_sample_service/test/test_resultsample.py
@@ -2,7 +2,7 @@
 
 import pytest
 from assemblyline.common.importing import load_module_by_path
-from assemblyline_v4_service.testing.helper import TestHelper
+from assemblyline_service_utilities.testing.helper import TestHelper
 
 # Force manifest location
 os.environ['SERVICE_MANIFEST_PATH'] = os.path.join(os.path.dirname(__file__), "..", "service_manifest.yml")

From c798d5d14e583068e7e93246f371bf8abfd2a93b Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Thu, 13 Jul 2023 18:48:48 +0000
Subject: [PATCH 30/49] Pass signature metadata forward to the service to
 account for local changes

---
 assemblyline_v4_service/common/base.py     |  8 +++++
 assemblyline_v4_service/updater/updater.py | 40 +++++++++++++++++-----
 2 files changed, 40 insertions(+), 8 deletions(-)

diff --git a/assemblyline_v4_service/common/base.py b/assemblyline_v4_service/common/base.py
index 265234e6..b101e1bb 100644
--- a/assemblyline_v4_service/common/base.py
+++ b/assemblyline_v4_service/common/base.py
@@ -1,6 +1,7 @@
 from __future__ import annotations
 
 import hashlib
+import json
 import logging
 import os
 import shutil
@@ -29,6 +30,7 @@
 UPDATES_CA = os.environ.get('UPDATES_CA', '/etc/assemblyline/ssl/al_root-ca.crt')
 PRIVILEGED = os.environ.get('PRIVILEGED', 'false') == 'true'
 MIN_SECONDS_BETWEEN_UPDATES = float(os.environ.get('MIN_SECONDS_BETWEEN_UPDATES', '10.0'))
+SIGNATURES_META_FILENAME = "signatures_meta.json"
 
 RECOVERABLE_RE_MSG = [
     "cannot schedule new futures after interpreter shutdown",
@@ -80,6 +82,7 @@ def __init__(self, config: Optional[Dict] = None) -> None:
         self.update_hash: str = None
         self.update_check_time: float = 0.0
         self.rules_hash: str = None
+        self.signatures_meta: dict = {}
 
     @property
     def api_interface(self):
@@ -311,6 +314,11 @@ def _download_rules(self):
     # Generate the rules_hash and init rules_list based on the raw files in the rules_directory from updater
     def _gen_rules_hash(self) -> str:
         self.rules_list = [str(f) for f in Path(self.rules_directory).rglob("*") if os.path.isfile(str(f))]
+        signatures_meta_path = os.path.join(self.rules_directory, SIGNATURES_META_FILENAME)
+        if signatures_meta_path in self.rules_list:
+            self.rules_list.remove(signatures_meta_path)
+            self.signatures_meta = json.loads(open(signatures_meta_path, 'r').read())
+
         all_sha256s = [get_sha256_for_file(f) for f in self.rules_list]
 
         if len(all_sha256s) == 1:
diff --git a/assemblyline_v4_service/updater/updater.py b/assemblyline_v4_service/updater/updater.py
index 5e0fc8ca..12f07aa0 100644
--- a/assemblyline_v4_service/updater/updater.py
+++ b/assemblyline_v4_service/updater/updater.py
@@ -54,6 +54,7 @@
 UPDATER_DIR = os.getenv('UPDATER_DIR', os.path.join(tempfile.gettempdir(), 'updater'))
 UPDATER_API_ROLES = ['signature_import', 'signature_download', 'signature_view', 'safelist_manage', 'apikey_access', 'signature_manage']
 STATUS_FILE = '/tmp/status'
+SIGNATURES_META_FILENAME = "signatures_meta.json"
 
 classification = forge.get_classification()
 
@@ -86,7 +87,7 @@ def __init__(self, logger: logging.Logger = None,
                  shutdown_timeout: float = None, config: Config = None,
                  datastore: AssemblylineDatastore = None,
                  redis: RedisType = None, redis_persist: RedisType = None,
-                 default_pattern=".*"):
+                 default_pattern=".*", downloadable_signature_statuses=['DEPLOYED', 'NOISY']):
 
         self.updater_type = os.environ['SERVICE_PATH'].split('.')[-1].lower()
         self.default_pattern = default_pattern
@@ -139,6 +140,11 @@ def __init__(self, logger: logging.Logger = None,
         if not os.path.exists(self.latest_updates_dir):
             os.makedirs(self.latest_updates_dir)
 
+        # Statuses that we're going to use as a filter to download signatures
+        self.statuses = downloadable_signature_statuses
+        status_query = ' OR '.join([f'status:{s}' for s in self.statuses])
+        self.signatures_query = f"type:{self.updater_type} AND ({status_query})"
+
         # SSL configuration to UI_SERVER
         self.verify = None if not os.path.exists(UI_SERVER_ROOT_CA) else UI_SERVER_ROOT_CA
 
@@ -237,6 +243,8 @@ def _handle_source_update_event(self, data: Optional[list[str]]):
             self.source_update_flag.set()
 
     def _handle_signature_change_event(self, data: Optional[SignatureChange]):
+        # Make sure to pull in latest changes
+        self._sync_settings()
         self.local_update_flag.set()
 
     def _handle_service_change_event(self, data: Optional[ServiceChange]):
@@ -338,10 +346,7 @@ def do_local_update(self) -> None:
                     # service's use of signature source. Patience..
                     while not extracted_zip and attempt < 5:
                         temp_zip_file = os.path.join(output_directory, 'temp.zip')
-                        al_client.signature.download(
-                            output=temp_zip_file,
-                            query=f"type:{self.updater_type} AND (status:NOISY OR status:DEPLOYED)")
-
+                        al_client.signature.download(output=temp_zip_file, query=self.signatures_query)
                         self.log.debug(f"Downloading update to {temp_zip_file}")
                         if os.path.exists(temp_zip_file) and os.path.getsize(temp_zip_file) > 0:
                             self.log.debug(
@@ -363,7 +368,7 @@ def do_local_update(self) -> None:
 
                     if extracted_zip:
                         self.log.info("New ruleset successfully downloaded and ready to use")
-                        self.serve_directory(output_directory, time_keeper)
+                        self.serve_directory(output_directory, time_keeper, al_client)
                     else:
                         self.log.error("Signatures aren't saved to disk.")
                         shutil.rmtree(output_directory, ignore_errors=True)
@@ -376,7 +381,7 @@ def do_local_update(self) -> None:
                         os.unlink(time_keeper)
         else:
             output_directory = self.prepare_output_directory()
-            self.serve_directory(output_directory, time_keeper)
+            self.serve_directory(output_directory, time_keeper, al_client)
 
     def do_source_update(self, service: Service, specific_sources: list[str] = []) -> None:
         self.log.info(f"Connecting to Assemblyline API: {UI_SERVER}...")
@@ -533,9 +538,28 @@ def _run_source_updates(self):
                 self.sleep(60)
                 continue
 
-    def serve_directory(self, new_directory: str, new_time: str):
+    def serve_directory(self, new_directory: str, new_time: str, client: Client):
         self.log.info("Update finished with new data.")
         new_tar = ''
+
+        # Before serving directory, let's maintain a map of the different signatures and their current deployment state
+        # This map allows the service to be more responsive to changes made locally to the system that such as classification changes
+        # This also avoids the need to have to insert this kind of metadata into the signature itself
+        if self._service.update_config.generates_signatures:
+            # Pull signature metadata from the API
+            signature_map = {
+                item['signature_id']: item
+                for item in client.search.stream.signature(query=self.signatures_query,
+                                                           fl="classification,source,status,signature_id,name")
+            }
+        else:
+            # Pull source metadata from synced service configuration
+            signature_map = {
+                source.name: {'classification': source['default_classfication']}
+                for source in self._service.update_config.sources
+             }
+        open(os.path.join(new_directory, SIGNATURES_META_FILENAME), 'w').write(json.dumps(signature_map, indent=2))
+
         try:
             # Tar update directory
             _, new_tar = tempfile.mkstemp(prefix="signatures_", dir=UPDATER_DIR, suffix='.tar.bz2')

From a6cfc431e36c1a838c148ab3c64b4d39250072c0 Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Fri, 14 Jul 2023 12:19:59 +0000
Subject: [PATCH 31/49] Sync not required on signature change events; improve
 readiness state logging

---
 assemblyline_v4_service/updater/updater.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/assemblyline_v4_service/updater/updater.py b/assemblyline_v4_service/updater/updater.py
index 12f07aa0..101446f8 100644
--- a/assemblyline_v4_service/updater/updater.py
+++ b/assemblyline_v4_service/updater/updater.py
@@ -243,8 +243,6 @@ def _handle_source_update_event(self, data: Optional[list[str]]):
             self.source_update_flag.set()
 
     def _handle_signature_change_event(self, data: Optional[SignatureChange]):
-        # Make sure to pull in latest changes
-        self._sync_settings()
         self.local_update_flag.set()
 
     def _handle_service_change_event(self, data: Optional[ServiceChange]):
@@ -280,7 +278,9 @@ def _set_service_stage(self):
 
         if old_service_stage != new_service_stage:
             # There has been a change in service stages, alert Scaler
-            self.log.info(f"Moving service from stage: {old_service_stage} to {new_service_stage}")
+            if not old_service_stage:
+                old_service_stage = ServiceStage(0)
+            self.log.info(f"Moving service from stage: {old_service_stage.name} to {new_service_stage.name}")
             self._service_stage_hash.set(SERVICE_NAME, new_service_stage)
             self.event_sender.send(SERVICE_NAME, {'operation': Operation.Modified, 'name': SERVICE_NAME})
 

From 4ac426c32ac0dbdfa8fb8eb8fa3c1fd2e092fe5f Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Fri, 14 Jul 2023 13:12:38 +0000
Subject: [PATCH 32/49] typo; use centralized constant

---
 assemblyline_v4_service/updater/updater.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/assemblyline_v4_service/updater/updater.py b/assemblyline_v4_service/updater/updater.py
index 101446f8..457517fd 100644
--- a/assemblyline_v4_service/updater/updater.py
+++ b/assemblyline_v4_service/updater/updater.py
@@ -32,6 +32,7 @@
 from assemblyline.odm.models.user import User
 from assemblyline.odm.models.user_settings import UserSettings
 
+from assemblyline_v4_service.common.base import SIGNATURES_META_FILENAME
 from assemblyline_v4_service.updater.helper import url_download, git_clone_repo, SkipSource, filter_downloads
 
 
@@ -54,7 +55,6 @@
 UPDATER_DIR = os.getenv('UPDATER_DIR', os.path.join(tempfile.gettempdir(), 'updater'))
 UPDATER_API_ROLES = ['signature_import', 'signature_download', 'signature_view', 'safelist_manage', 'apikey_access', 'signature_manage']
 STATUS_FILE = '/tmp/status'
-SIGNATURES_META_FILENAME = "signatures_meta.json"
 
 classification = forge.get_classification()
 
@@ -543,7 +543,7 @@ def serve_directory(self, new_directory: str, new_time: str, client: Client):
         new_tar = ''
 
         # Before serving directory, let's maintain a map of the different signatures and their current deployment state
-        # This map allows the service to be more responsive to changes made locally to the system that such as classification changes
+        # This map allows the service to be more responsive to changes made locally to the system such as classification changes
         # This also avoids the need to have to insert this kind of metadata into the signature itself
         if self._service.update_config.generates_signatures:
             # Pull signature metadata from the API

From 92d288b7bb577c7fc0598b9bee545515cb8d523e Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Fri, 14 Jul 2023 14:58:56 +0000
Subject: [PATCH 33/49] Assorted bugfixes

---
 assemblyline_v4_service/updater/updater.py | 29 ++++++++++++----------
 1 file changed, 16 insertions(+), 13 deletions(-)

diff --git a/assemblyline_v4_service/updater/updater.py b/assemblyline_v4_service/updater/updater.py
index 457517fd..1a31ab71 100644
--- a/assemblyline_v4_service/updater/updater.py
+++ b/assemblyline_v4_service/updater/updater.py
@@ -243,6 +243,9 @@ def _handle_source_update_event(self, data: Optional[list[str]]):
             self.source_update_flag.set()
 
     def _handle_signature_change_event(self, data: Optional[SignatureChange]):
+        if data and data.signature_id == "*":
+            # A classification change to the source was made, sync settings
+            self._pull_settings()
         self.local_update_flag.set()
 
     def _handle_service_change_event(self, data: Optional[ServiceChange]):
@@ -320,16 +323,16 @@ def do_local_update(self) -> None:
         if not os.path.exists(UPDATER_DIR):
             os.makedirs(UPDATER_DIR)
 
-        _, time_keeper = tempfile.mkstemp(prefix="time_keeper_", dir=UPDATER_DIR)
-        if self._service.update_config.generates_signatures:
-            output_directory = tempfile.mkdtemp(prefix="update_dir_", dir=UPDATER_DIR)
+        self.log.info("Setup service account.")
+        username = self.ensure_service_account()
+        self.log.info("Create temporary API key.")
+        with temporary_api_key(self.datastore, username) as api_key:
+            self.log.info(f"Connecting to Assemblyline API: {UI_SERVER}")
+            al_client = get_client(UI_SERVER, apikey=(username, api_key), verify=self.verify)
 
-            self.log.info("Setup service account.")
-            username = self.ensure_service_account()
-            self.log.info("Create temporary API key.")
-            with temporary_api_key(self.datastore, username) as api_key:
-                self.log.info(f"Connecting to Assemblyline API: {UI_SERVER}")
-                al_client = get_client(UI_SERVER, apikey=(username, api_key), verify=self.verify)
+            _, time_keeper = tempfile.mkstemp(prefix="time_keeper_", dir=UPDATER_DIR)
+            if self._service.update_config.generates_signatures:
+                output_directory = tempfile.mkdtemp(prefix="update_dir_", dir=UPDATER_DIR)
 
                 # Check if new signatures have been added
                 self.log.info("Check for new signatures.")
@@ -379,9 +382,9 @@ def do_local_update(self) -> None:
                     shutil.rmtree(output_directory, ignore_errors=True)
                     if os.path.exists(time_keeper):
                         os.unlink(time_keeper)
-        else:
-            output_directory = self.prepare_output_directory()
-            self.serve_directory(output_directory, time_keeper, al_client)
+            else:
+                output_directory = self.prepare_output_directory()
+                self.serve_directory(output_directory, time_keeper, al_client)
 
     def do_source_update(self, service: Service, specific_sources: list[str] = []) -> None:
         self.log.info(f"Connecting to Assemblyline API: {UI_SERVER}...")
@@ -555,7 +558,7 @@ def serve_directory(self, new_directory: str, new_time: str, client: Client):
         else:
             # Pull source metadata from synced service configuration
             signature_map = {
-                source.name: {'classification': source['default_classfication']}
+                source.name: {'classification': source['default_classification'].value}
                 for source in self._service.update_config.sources
              }
         open(os.path.join(new_directory, SIGNATURES_META_FILENAME), 'w').write(json.dumps(signature_map, indent=2))

From 1944acf3cfaf7384ebd9d474a9d4ad1b511da841 Mon Sep 17 00:00:00 2001
From: cccs-kevin <kevin.hardy-cooper@cyber.gc.ca>
Date: Mon, 17 Jul 2023 19:18:44 +0000
Subject: [PATCH 34/49] Add docstring for parent_relation

---
 assemblyline_v4_service/common/request.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/assemblyline_v4_service/common/request.py b/assemblyline_v4_service/common/request.py
index 9ed689a1..7f5ab4b6 100644
--- a/assemblyline_v4_service/common/request.py
+++ b/assemblyline_v4_service/common/request.py
@@ -5,12 +5,13 @@
 from assemblyline.common import forge
 from assemblyline.common import log as al_log
 from assemblyline.common.classification import Classification
+from PIL import Image
+
 from assemblyline_v4_service.common.api import PrivilegedServiceAPI, ServiceAPI
 from assemblyline_v4_service.common.ocr import ocr_detections
 from assemblyline_v4_service.common.result import Heuristic, Result, ResultKeyValueSection
 from assemblyline_v4_service.common.task import MaxExtractedExceeded, Task
 from assemblyline_v4_service.common.utils import extract_passwords
-from PIL import Image
 
 CLASSIFICATION = forge.get_classification()
 WEBP_MAX_SIZE = 16383
@@ -50,6 +51,7 @@ def add_extracted(self, path: str, name: str, description: str,
         :param safelist_interface: Safelisting interface provided by service. Used to filter extracted files.
         :param allow_dynamic_recursion: Allow this file to be analyzed during Dynamic Analysis even if
                Dynamic Recursion Prevention (DRP) is enabled.
+        :param parent_relation: File relation to parent, if any.
         :return: None
         """
 

From 660c963b8c46e70b6b571df0027ad1a3b79aa54e Mon Sep 17 00:00:00 2001
From: cccs-rs <62077998+cccs-rs@users.noreply.github.com>
Date: Thu, 20 Jul 2023 14:27:56 -0400
Subject: [PATCH 35/49] Parse service stage into Enum to be used in logging
 message

---
 assemblyline_v4_service/updater/updater.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/assemblyline_v4_service/updater/updater.py b/assemblyline_v4_service/updater/updater.py
index 1a31ab71..d3959d37 100644
--- a/assemblyline_v4_service/updater/updater.py
+++ b/assemblyline_v4_service/updater/updater.py
@@ -282,7 +282,8 @@ def _set_service_stage(self):
         if old_service_stage != new_service_stage:
             # There has been a change in service stages, alert Scaler
             if not old_service_stage:
-                old_service_stage = ServiceStage(0)
+                old_service_stage = 0
+            old_service_stage = ServiceStage(old_service_stage)
             self.log.info(f"Moving service from stage: {old_service_stage.name} to {new_service_stage.name}")
             self._service_stage_hash.set(SERVICE_NAME, new_service_stage)
             self.event_sender.send(SERVICE_NAME, {'operation': Operation.Modified, 'name': SERVICE_NAME})

From 83351788c315b5fee762ac21abd2476e2f62813c Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Wed, 26 Jul 2023 14:06:23 +0000
Subject: [PATCH 36/49] Use custom AL client to sync signatures with source

---
 assemblyline_v4_service/updater/client.py  | 101 +++++++++++++++++++++
 assemblyline_v4_service/updater/updater.py |  12 ++-
 2 files changed, 108 insertions(+), 5 deletions(-)
 create mode 100644 assemblyline_v4_service/updater/client.py

diff --git a/assemblyline_v4_service/updater/client.py b/assemblyline_v4_service/updater/client.py
new file mode 100644
index 00000000..89f1a8f9
--- /dev/null
+++ b/assemblyline_v4_service/updater/client.py
@@ -0,0 +1,101 @@
+import os
+
+from assemblyline.common import forge
+from assemblyline.odm.base import Classification
+from assemblyline.odm.models.signature import Signature as SignatureModel
+from assemblyline_client import Client4, get_client as get_AL_client
+from assemblyline_client.v4_client.module.signature import Signature as SignatureAPI
+
+from typing import List, Union
+
+SIGNATURE_UPDATE_BATCH = int(os.environ.get('SIGNATURE_UPDATE_BATCH', '1000'))
+
+
+class Signature(SignatureAPI):
+    def __init__(self, connection, logger):
+        super().__init__(connection)
+        self.datastore = forge.get_datastore()
+        self.log = logger
+
+    def add_update_many(self, source: str, sig_type: str, data: List[Union[dict, SignatureModel]], dedup_name=True):
+        # This version of the API will sync signatures with the system by making direct changes to the datastore
+        # Signatures that no longer exist at the source will be DISABLED, but users can always re-deploy signatures if desired
+
+        # Get the list of signature currently existing in the system for the source
+        existing_signature_ids = set([
+            i.id for i in self.datastore.signature.stream_search(f'source:{source} AND type:{sig_type}', fl='id')
+            ])
+        current_signature_ids = set()
+
+        # Iterate over the data
+        data_to_send = []
+        for d in data:
+            if isinstance(d, SignatureModel):
+                d = d.as_primitives()
+
+            # Add to current signature ID list
+            sig_id = f"{sig_type}_{source}_{d['signature_id']}"
+            current_signature_ids.add(sig_id)
+
+            # Check to see if there's any important changes
+            sig_exists: SignatureModel = self.datastore.signature.get_if_exists(sig_id, as_obj=False)
+            if sig_exists and all(sig_exists[attr] == d[attr] for attr in ['status', 'data', 'classification']):
+                # If no changes, then use the old `last_modified` value
+                d['last_modified'] = sig_exists['last_modified']
+            else:
+                # Otherwise a change did happen and this has to be reflected
+                d['last_modified'] = 'NOW'
+
+            # Append JSON-friendly data to be sent to API
+            data_to_send.append(d)
+
+        # Find the signature IDs that don't exist at this source and disable them (if they haven't been already disabled)
+        for missing_signature_id in (existing_signature_ids - current_signature_ids):
+            missing_signature = self.datastore.signature.get(missing_signature_id)
+            if missing_signature.state_change_user in ['update_service_account', None] and missing_signature.status != 'DISABLED':
+                # Only disable signature if it doesn't seem to be in use/altered by a (real) user
+                self.datastore.signature.update(missing_signature_id,
+                                                [(self.datastore.signature.UPDATE_SET, 'status', 'DISABLED'),
+                                                 (self.datastore.signature.UPDATE_SET, 'last_modified', 'NOW')])
+
+        # Proceed with adding/updating signatures via the API server
+        if len(data_to_send) < SIGNATURE_UPDATE_BATCH:
+            # Update all of them in a single batch
+            return super().add_update_many(source, sig_type, data_to_send, dedup_name)
+        else:
+            response = {
+                'success': 0,
+                'errors': [],
+                'skipped': []
+            }
+
+            def update_response(r):
+                # Response has to be in the same format, but show the accumulation of batches
+                response['success'] = response['success'] + r['success']
+                response['errors'] = response['errors'] + r['errors']
+                response['success'] = response['skipped'] + r['skipped']
+
+            # Split up data into batches to avoid server timeouts handling requests
+            batch_num = 0
+            start = batch_num*SIGNATURE_UPDATE_BATCH
+            while start < len(data_to_send):
+                end = (batch_num+1)*SIGNATURE_UPDATE_BATCH
+                update_response(super().add_update_many(source, sig_type, data_to_send[start:end], dedup_name))
+                batch_num += 1
+
+            return response
+
+
+class UpdaterALClient(Client4):
+    # Custom version of the Assemblyline client specifically for updaters
+    def __init__(self, connection, logger):
+        super().__init__(connection)
+        self.signature = Signature(connection, logger)
+
+    @staticmethod
+    def get_client(server, auth=None, cert=None, debug=lambda x: None, headers=None, retries=0,
+                   silence_requests_warnings=True, apikey=None, verify=True, timeout=None, oauth=None,
+                   logger=None):
+        return UpdaterALClient(get_AL_client(server, auth, cert, debug, headers,
+                                             retries, silence_requests_warnings,
+                                             apikey, verify, timeout, oauth)._connection, logger=logger)
diff --git a/assemblyline_v4_service/updater/updater.py b/assemblyline_v4_service/updater/updater.py
index d3959d37..afdcb2dc 100644
--- a/assemblyline_v4_service/updater/updater.py
+++ b/assemblyline_v4_service/updater/updater.py
@@ -23,7 +23,6 @@
 from assemblyline.odm.messages.changes import Operation, ServiceChange, SignatureChange
 from assemblyline.remote.datatypes.events import EventSender, EventWatcher
 
-from assemblyline_client import Client, get_client
 from assemblyline_core.server_base import ThreadedCoreBase, ServiceStage
 from assemblyline.odm.models.service import Service, UpdateSource
 from assemblyline.remote.datatypes.hash import Hash
@@ -33,6 +32,7 @@
 from assemblyline.odm.models.user_settings import UserSettings
 
 from assemblyline_v4_service.common.base import SIGNATURES_META_FILENAME
+from assemblyline_v4_service.updater.client import UpdaterALClient
 from assemblyline_v4_service.updater.helper import url_download, git_clone_repo, SkipSource, filter_downloads
 
 
@@ -329,7 +329,8 @@ def do_local_update(self) -> None:
         self.log.info("Create temporary API key.")
         with temporary_api_key(self.datastore, username) as api_key:
             self.log.info(f"Connecting to Assemblyline API: {UI_SERVER}")
-            al_client = get_client(UI_SERVER, apikey=(username, api_key), verify=self.verify)
+            al_client = UpdaterALClient.get_client(UI_SERVER, apikey=(username, api_key), verify=self.verify,
+                                                   logger=self.log)
 
             _, time_keeper = tempfile.mkstemp(prefix="time_keeper_", dir=UPDATER_DIR)
             if self._service.update_config.generates_signatures:
@@ -393,7 +394,8 @@ def do_source_update(self, service: Service, specific_sources: list[str] = []) -
         username = self.ensure_service_account()
         with temporary_api_key(self.datastore, username) as api_key:
             with tempfile.TemporaryDirectory() as update_dir:
-                al_client = get_client(UI_SERVER, apikey=(username, api_key), verify=self.verify)
+                al_client = UpdaterALClient.get_client(UI_SERVER, apikey=(username, api_key), verify=self.verify,
+                                                       logger=self.log)
                 self.log.info("Connected!")
 
                 # Parse updater configuration
@@ -487,7 +489,7 @@ def is_valid(self, file_path) -> bool:
         return True
 
     # Define how your source update gets imported into Assemblyline
-    def import_update(self, files_sha256: List[Tuple[str, str]], client: Client, source_name: str,
+    def import_update(self, files_sha256: List[Tuple[str, str]], client: UpdaterALClient, source_name: str,
                       default_classification=None):
         raise NotImplementedError()
 
@@ -542,7 +544,7 @@ def _run_source_updates(self):
                 self.sleep(60)
                 continue
 
-    def serve_directory(self, new_directory: str, new_time: str, client: Client):
+    def serve_directory(self, new_directory: str, new_time: str, client: UpdaterALClient):
         self.log.info("Update finished with new data.")
         new_tar = ''
 

From 87efe36eaeb412ed8ee113e43943aec52ec4c0f1 Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Wed, 26 Jul 2023 14:11:15 +0000
Subject: [PATCH 37/49] Fix comments

---
 assemblyline_v4_service/updater/client.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/assemblyline_v4_service/updater/client.py b/assemblyline_v4_service/updater/client.py
index 89f1a8f9..9135d4ee 100644
--- a/assemblyline_v4_service/updater/client.py
+++ b/assemblyline_v4_service/updater/client.py
@@ -21,23 +21,24 @@ def add_update_many(self, source: str, sig_type: str, data: List[Union[dict, Sig
         # This version of the API will sync signatures with the system by making direct changes to the datastore
         # Signatures that no longer exist at the source will be DISABLED, but users can always re-deploy signatures if desired
 
-        # Get the list of signature currently existing in the system for the source
+        # Get the list of signatures that currently existing in the system for the source
         existing_signature_ids = set([
             i.id for i in self.datastore.signature.stream_search(f'source:{source} AND type:{sig_type}', fl='id')
             ])
         current_signature_ids = set()
 
-        # Iterate over the data
+
         data_to_send = []
+        # Iterate over the data given
         for d in data:
             if isinstance(d, SignatureModel):
                 d = d.as_primitives()
 
-            # Add to current signature ID list
+            # Compute the expected signature ID and add it to the list
             sig_id = f"{sig_type}_{source}_{d['signature_id']}"
             current_signature_ids.add(sig_id)
 
-            # Check to see if there's any important changes
+            # Check to see if there's any important changes made
             sig_exists: SignatureModel = self.datastore.signature.get_if_exists(sig_id, as_obj=False)
             if sig_exists and all(sig_exists[attr] == d[attr] for attr in ['status', 'data', 'classification']):
                 # If no changes, then use the old `last_modified` value
@@ -49,7 +50,7 @@ def add_update_many(self, source: str, sig_type: str, data: List[Union[dict, Sig
             # Append JSON-friendly data to be sent to API
             data_to_send.append(d)
 
-        # Find the signature IDs that don't exist at this source and disable them (if they haven't been already disabled)
+        # Find the signature IDs that don't exist at this source anymore and disable them
         for missing_signature_id in (existing_signature_ids - current_signature_ids):
             missing_signature = self.datastore.signature.get(missing_signature_id)
             if missing_signature.state_change_user in ['update_service_account', None] and missing_signature.status != 'DISABLED':

From 92e95c2cad7c6e7d4d3b32a98674a0ff2d52c920 Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Wed, 26 Jul 2023 14:12:54 +0000
Subject: [PATCH 38/49] Remove unused import

---
 assemblyline_v4_service/updater/client.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/assemblyline_v4_service/updater/client.py b/assemblyline_v4_service/updater/client.py
index 9135d4ee..991c8d53 100644
--- a/assemblyline_v4_service/updater/client.py
+++ b/assemblyline_v4_service/updater/client.py
@@ -1,7 +1,6 @@
 import os
 
 from assemblyline.common import forge
-from assemblyline.odm.base import Classification
 from assemblyline.odm.models.signature import Signature as SignatureModel
 from assemblyline_client import Client4, get_client as get_AL_client
 from assemblyline_client.v4_client.module.signature import Signature as SignatureAPI
@@ -27,7 +26,6 @@ def add_update_many(self, source: str, sig_type: str, data: List[Union[dict, Sig
             ])
         current_signature_ids = set()
 
-
         data_to_send = []
         # Iterate over the data given
         for d in data:

From 28196fdbea1629eef8fb2006ff780b02c6eb29e7 Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Wed, 26 Jul 2023 14:16:04 +0000
Subject: [PATCH 39/49] Remove unused logger

---
 assemblyline_v4_service/updater/client.py  | 12 +++++-------
 assemblyline_v4_service/updater/updater.py |  6 ++----
 2 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/assemblyline_v4_service/updater/client.py b/assemblyline_v4_service/updater/client.py
index 991c8d53..291855f9 100644
--- a/assemblyline_v4_service/updater/client.py
+++ b/assemblyline_v4_service/updater/client.py
@@ -11,10 +11,9 @@
 
 
 class Signature(SignatureAPI):
-    def __init__(self, connection, logger):
+    def __init__(self, connection):
         super().__init__(connection)
         self.datastore = forge.get_datastore()
-        self.log = logger
 
     def add_update_many(self, source: str, sig_type: str, data: List[Union[dict, SignatureModel]], dedup_name=True):
         # This version of the API will sync signatures with the system by making direct changes to the datastore
@@ -87,14 +86,13 @@ def update_response(r):
 
 class UpdaterALClient(Client4):
     # Custom version of the Assemblyline client specifically for updaters
-    def __init__(self, connection, logger):
+    def __init__(self, connection):
         super().__init__(connection)
-        self.signature = Signature(connection, logger)
+        self.signature = Signature(connection)
 
     @staticmethod
     def get_client(server, auth=None, cert=None, debug=lambda x: None, headers=None, retries=0,
-                   silence_requests_warnings=True, apikey=None, verify=True, timeout=None, oauth=None,
-                   logger=None):
+                   silence_requests_warnings=True, apikey=None, verify=True, timeout=None, oauth=None):
         return UpdaterALClient(get_AL_client(server, auth, cert, debug, headers,
                                              retries, silence_requests_warnings,
-                                             apikey, verify, timeout, oauth)._connection, logger=logger)
+                                             apikey, verify, timeout, oauth)._connection)
diff --git a/assemblyline_v4_service/updater/updater.py b/assemblyline_v4_service/updater/updater.py
index afdcb2dc..297ca9f3 100644
--- a/assemblyline_v4_service/updater/updater.py
+++ b/assemblyline_v4_service/updater/updater.py
@@ -329,8 +329,7 @@ def do_local_update(self) -> None:
         self.log.info("Create temporary API key.")
         with temporary_api_key(self.datastore, username) as api_key:
             self.log.info(f"Connecting to Assemblyline API: {UI_SERVER}")
-            al_client = UpdaterALClient.get_client(UI_SERVER, apikey=(username, api_key), verify=self.verify,
-                                                   logger=self.log)
+            al_client = UpdaterALClient.get_client(UI_SERVER, apikey=(username, api_key), verify=self.verify)
 
             _, time_keeper = tempfile.mkstemp(prefix="time_keeper_", dir=UPDATER_DIR)
             if self._service.update_config.generates_signatures:
@@ -394,8 +393,7 @@ def do_source_update(self, service: Service, specific_sources: list[str] = []) -
         username = self.ensure_service_account()
         with temporary_api_key(self.datastore, username) as api_key:
             with tempfile.TemporaryDirectory() as update_dir:
-                al_client = UpdaterALClient.get_client(UI_SERVER, apikey=(username, api_key), verify=self.verify,
-                                                       logger=self.log)
+                al_client = UpdaterALClient.get_client(UI_SERVER, apikey=(username, api_key), verify=self.verify)
                 self.log.info("Connected!")
 
                 # Parse updater configuration

From 244021907f3a9d6140e62de833c375849c22064d Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Wed, 26 Jul 2023 16:59:50 +0000
Subject: [PATCH 40/49] Assorted fixes and changes

---
 assemblyline_v4_service/updater/client.py  | 66 +++++++++++-----------
 assemblyline_v4_service/updater/updater.py | 12 ++--
 2 files changed, 40 insertions(+), 38 deletions(-)

diff --git a/assemblyline_v4_service/updater/client.py b/assemblyline_v4_service/updater/client.py
index 291855f9..52b6448d 100644
--- a/assemblyline_v4_service/updater/client.py
+++ b/assemblyline_v4_service/updater/client.py
@@ -5,29 +5,31 @@
 from assemblyline_client import Client4, get_client as get_AL_client
 from assemblyline_client.v4_client.module.signature import Signature as SignatureAPI
 
-from typing import List, Union
+from typing import Any, Dict, List, Union
 
 SIGNATURE_UPDATE_BATCH = int(os.environ.get('SIGNATURE_UPDATE_BATCH', '1000'))
 
 
 class Signature(SignatureAPI):
-    def __init__(self, connection):
+    def __init__(self, connection, datastore=None):
         super().__init__(connection)
-        self.datastore = forge.get_datastore()
+        self.datastore = datastore
+        if not datastore:
+            self.datastore = forge.get_datastore()
 
-    def add_update_many(self, source: str, sig_type: str, data: List[Union[dict, SignatureModel]], dedup_name=True):
+    def add_update_many(self, source: str, sig_type: str, data: List[Union[dict, SignatureModel]], dedup_name: bool = True) -> Dict[str, Any]:
         # This version of the API will sync signatures with the system by making direct changes to the datastore
-        # Signatures that no longer exist at the source will be DISABLED, but users can always re-deploy signatures if desired
+        # Signatures that no longer exist at the source will be DISABLED to maintain active synchronicity,
+        # but users can always re-deploy signatures if desired
 
         # Get the list of signatures that currently existing in the system for the source
         existing_signature_ids = set([
-            i.id for i in self.datastore.signature.stream_search(f'source:{source} AND type:{sig_type}', fl='id')
+            i.id for i in self.datastore.signature.stream_search(f"source:{source} AND type:{sig_type}", fl='id')
             ])
         current_signature_ids = set()
 
-        data_to_send = []
-        # Iterate over the data given
-        for d in data:
+        # Iterate over the list of signatures given
+        for i, d in enumerate(data):
             if isinstance(d, SignatureModel):
                 d = d.as_primitives()
 
@@ -44,8 +46,9 @@ def add_update_many(self, source: str, sig_type: str, data: List[Union[dict, Sig
                 # Otherwise a change did happen and this has to be reflected
                 d['last_modified'] = 'NOW'
 
-            # Append JSON-friendly data to be sent to API
-            data_to_send.append(d)
+            # Update with JSON-friendly version of data to be sent to API
+            data[i] = d
+
 
         # Find the signature IDs that don't exist at this source anymore and disable them
         for missing_signature_id in (existing_signature_ids - current_signature_ids):
@@ -57,42 +60,41 @@ def add_update_many(self, source: str, sig_type: str, data: List[Union[dict, Sig
                                                  (self.datastore.signature.UPDATE_SET, 'last_modified', 'NOW')])
 
         # Proceed with adding/updating signatures via the API server
-        if len(data_to_send) < SIGNATURE_UPDATE_BATCH:
+        if len(data) < SIGNATURE_UPDATE_BATCH:
             # Update all of them in a single batch
-            return super().add_update_many(source, sig_type, data_to_send, dedup_name)
+            return super().add_update_many(source, sig_type, data, dedup_name)
         else:
             response = {
                 'success': 0,
-                'errors': [],
+                'errors': False,
                 'skipped': []
             }
 
-            def update_response(r):
+            def update_response(r: Dict[str, Any]):
                 # Response has to be in the same format, but show the accumulation of batches
-                response['success'] = response['success'] + r['success']
-                response['errors'] = response['errors'] + r['errors']
-                response['success'] = response['skipped'] + r['skipped']
+                response['success']: int = response['success'] + r['success']
+                response['errors']: bool = response['errors'] and r['errors']
+                response['skipped']: List[str] = response['skipped'] + r['skipped']
 
             # Split up data into batches to avoid server timeouts handling requests
             batch_num = 0
             start = batch_num*SIGNATURE_UPDATE_BATCH
-            while start < len(data_to_send):
+            while start < len(data):
                 end = (batch_num+1)*SIGNATURE_UPDATE_BATCH
-                update_response(super().add_update_many(source, sig_type, data_to_send[start:end], dedup_name))
+                update_response(super().add_update_many(source, sig_type, data[start:end], dedup_name))
                 batch_num += 1
+                start = batch_num*SIGNATURE_UPDATE_BATCH
 
             return response
 
 
-class UpdaterALClient(Client4):
-    # Custom version of the Assemblyline client specifically for updaters
-    def __init__(self, connection):
-        super().__init__(connection)
-        self.signature = Signature(connection)
-
-    @staticmethod
-    def get_client(server, auth=None, cert=None, debug=lambda x: None, headers=None, retries=0,
-                   silence_requests_warnings=True, apikey=None, verify=True, timeout=None, oauth=None):
-        return UpdaterALClient(get_AL_client(server, auth, cert, debug, headers,
-                                             retries, silence_requests_warnings,
-                                             apikey, verify, timeout, oauth)._connection)
+def get_client(server, auth=None, cert=None, debug=lambda x: None, headers=None, retries=0,
+               silence_requests_warnings=True, apikey=None, verify=True, timeout=None, oauth=None,
+               datastore=None) -> Client4:
+
+    client = get_AL_client(server, auth, cert, debug, headers,
+                           retries, silence_requests_warnings,
+                           apikey, verify, timeout, oauth)
+    # Override Signature module with custom implementation
+    client.signature = Signature(client._connection, datastore=datastore)
+    return client
diff --git a/assemblyline_v4_service/updater/updater.py b/assemblyline_v4_service/updater/updater.py
index 297ca9f3..cd5ec636 100644
--- a/assemblyline_v4_service/updater/updater.py
+++ b/assemblyline_v4_service/updater/updater.py
@@ -31,11 +31,11 @@
 from assemblyline.odm.models.user import User
 from assemblyline.odm.models.user_settings import UserSettings
 
+from assemblyline_client import Client4
 from assemblyline_v4_service.common.base import SIGNATURES_META_FILENAME
-from assemblyline_v4_service.updater.client import UpdaterALClient
+from assemblyline_v4_service.updater.client import get_client
 from assemblyline_v4_service.updater.helper import url_download, git_clone_repo, SkipSource, filter_downloads
 
-
 if typing.TYPE_CHECKING:
     import redis
     from assemblyline.odm.models.config import Config
@@ -329,7 +329,7 @@ def do_local_update(self) -> None:
         self.log.info("Create temporary API key.")
         with temporary_api_key(self.datastore, username) as api_key:
             self.log.info(f"Connecting to Assemblyline API: {UI_SERVER}")
-            al_client = UpdaterALClient.get_client(UI_SERVER, apikey=(username, api_key), verify=self.verify)
+            al_client = get_client(UI_SERVER, apikey=(username, api_key), verify=self.verify, datastore=self.datastore)
 
             _, time_keeper = tempfile.mkstemp(prefix="time_keeper_", dir=UPDATER_DIR)
             if self._service.update_config.generates_signatures:
@@ -393,7 +393,7 @@ def do_source_update(self, service: Service, specific_sources: list[str] = []) -
         username = self.ensure_service_account()
         with temporary_api_key(self.datastore, username) as api_key:
             with tempfile.TemporaryDirectory() as update_dir:
-                al_client = UpdaterALClient.get_client(UI_SERVER, apikey=(username, api_key), verify=self.verify)
+                al_client = get_client(UI_SERVER, apikey=(username, api_key), verify=self.verify, datastore=self.datastore)
                 self.log.info("Connected!")
 
                 # Parse updater configuration
@@ -487,7 +487,7 @@ def is_valid(self, file_path) -> bool:
         return True
 
     # Define how your source update gets imported into Assemblyline
-    def import_update(self, files_sha256: List[Tuple[str, str]], client: UpdaterALClient, source_name: str,
+    def import_update(self, files_sha256: List[Tuple[str, str]], client: Client4, source_name: str,
                       default_classification=None):
         raise NotImplementedError()
 
@@ -542,7 +542,7 @@ def _run_source_updates(self):
                 self.sleep(60)
                 continue
 
-    def serve_directory(self, new_directory: str, new_time: str, client: UpdaterALClient):
+    def serve_directory(self, new_directory: str, new_time: str, client: Client4):
         self.log.info("Update finished with new data.")
         new_tar = ''
 

From 3071675148f4c6d5ab147fa2df7c01a19c1d975a Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Wed, 26 Jul 2023 17:07:18 +0000
Subject: [PATCH 41/49] Fix check for errors

---
 assemblyline_v4_service/updater/client.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/assemblyline_v4_service/updater/client.py b/assemblyline_v4_service/updater/client.py
index 52b6448d..692dd341 100644
--- a/assemblyline_v4_service/updater/client.py
+++ b/assemblyline_v4_service/updater/client.py
@@ -73,7 +73,7 @@ def add_update_many(self, source: str, sig_type: str, data: List[Union[dict, Sig
             def update_response(r: Dict[str, Any]):
                 # Response has to be in the same format, but show the accumulation of batches
                 response['success']: int = response['success'] + r['success']
-                response['errors']: bool = response['errors'] and r['errors']
+                response['errors']: bool = response['errors'] or r['errors']
                 response['skipped']: List[str] = response['skipped'] + r['skipped']
 
             # Split up data into batches to avoid server timeouts handling requests

From 58f4de63e68132d9a3af7a406e2b19a2565a5ff8 Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Thu, 27 Jul 2023 16:01:52 +0000
Subject: [PATCH 42/49] Make syncing optional

---
 assemblyline_v4_service/updater/client.py  | 53 ++++++++++++----------
 assemblyline_v4_service/updater/updater.py |  3 ++
 2 files changed, 31 insertions(+), 25 deletions(-)

diff --git a/assemblyline_v4_service/updater/client.py b/assemblyline_v4_service/updater/client.py
index 692dd341..148bc93d 100644
--- a/assemblyline_v4_service/updater/client.py
+++ b/assemblyline_v4_service/updater/client.py
@@ -16,16 +16,13 @@ def __init__(self, connection, datastore=None):
         self.datastore = datastore
         if not datastore:
             self.datastore = forge.get_datastore()
+        self.sync = False
 
     def add_update_many(self, source: str, sig_type: str, data: List[Union[dict, SignatureModel]], dedup_name: bool = True) -> Dict[str, Any]:
-        # This version of the API will sync signatures with the system by making direct changes to the datastore
+        # This version of the API allows to sync signatures with the system by making direct changes to the datastore
         # Signatures that no longer exist at the source will be DISABLED to maintain active synchronicity,
         # but users can always re-deploy signatures if desired
 
-        # Get the list of signatures that currently existing in the system for the source
-        existing_signature_ids = set([
-            i.id for i in self.datastore.signature.stream_search(f"source:{source} AND type:{sig_type}", fl='id')
-            ])
         current_signature_ids = set()
 
         # Iterate over the list of signatures given
@@ -33,31 +30,37 @@ def add_update_many(self, source: str, sig_type: str, data: List[Union[dict, Sig
             if isinstance(d, SignatureModel):
                 d = d.as_primitives()
 
-            # Compute the expected signature ID and add it to the list
-            sig_id = f"{sig_type}_{source}_{d['signature_id']}"
-            current_signature_ids.add(sig_id)
+            if self.sync:
+                # Compute the expected signature ID and add it to the list
+                sig_id = f"{sig_type}_{source}_{d['signature_id']}"
+                current_signature_ids.add(sig_id)
 
-            # Check to see if there's any important changes made
-            sig_exists: SignatureModel = self.datastore.signature.get_if_exists(sig_id, as_obj=False)
-            if sig_exists and all(sig_exists[attr] == d[attr] for attr in ['status', 'data', 'classification']):
-                # If no changes, then use the old `last_modified` value
-                d['last_modified'] = sig_exists['last_modified']
-            else:
-                # Otherwise a change did happen and this has to be reflected
-                d['last_modified'] = 'NOW'
+                # Check to see if there's any important changes made
+                sig_exists: SignatureModel = self.datastore.signature.get_if_exists(sig_id, as_obj=False)
+                if sig_exists and all(sig_exists[attr] == d[attr] for attr in ['status', 'data', 'classification']):
+                    # If no changes, then use the old `last_modified` value
+                    d['last_modified'] = sig_exists['last_modified']
+                else:
+                    # Otherwise a change did happen and this has to be reflected
+                    d['last_modified'] = 'NOW'
 
             # Update with JSON-friendly version of data to be sent to API
             data[i] = d
 
-
-        # Find the signature IDs that don't exist at this source anymore and disable them
-        for missing_signature_id in (existing_signature_ids - current_signature_ids):
-            missing_signature = self.datastore.signature.get(missing_signature_id)
-            if missing_signature.state_change_user in ['update_service_account', None] and missing_signature.status != 'DISABLED':
-                # Only disable signature if it doesn't seem to be in use/altered by a (real) user
-                self.datastore.signature.update(missing_signature_id,
-                                                [(self.datastore.signature.UPDATE_SET, 'status', 'DISABLED'),
-                                                 (self.datastore.signature.UPDATE_SET, 'last_modified', 'NOW')])
+        if self.sync:
+            # Get the list of signatures that currently existing in the system for the source
+            existing_signature_ids = set([
+                i.id for i in self.datastore.signature.stream_search(f"source:{source} AND type:{sig_type}", fl='id')
+                ])
+
+            # Find the signature IDs that don't exist at this source anymore and disable them
+            for missing_signature_id in (existing_signature_ids - current_signature_ids):
+                missing_signature = self.datastore.signature.get(missing_signature_id)
+                if missing_signature.state_change_user in ['update_service_account', None] and missing_signature.status != 'DISABLED':
+                    # Only disable signature if it doesn't seem to be in use/altered by a (real) user
+                    self.datastore.signature.update(missing_signature_id,
+                                                    [(self.datastore.signature.UPDATE_SET, 'status', 'DISABLED'),
+                                                     (self.datastore.signature.UPDATE_SET, 'last_modified', 'NOW')])
 
         # Proceed with adding/updating signatures via the API server
         if len(data) < SIGNATURE_UPDATE_BATCH:
diff --git a/assemblyline_v4_service/updater/updater.py b/assemblyline_v4_service/updater/updater.py
index cd5ec636..6cf1bf9c 100644
--- a/assemblyline_v4_service/updater/updater.py
+++ b/assemblyline_v4_service/updater/updater.py
@@ -418,6 +418,9 @@ def do_source_update(self, service: Service, specific_sources: list[str] = []) -
                     source = source_obj.as_primitives()
                     uri: str = source['uri']
                     default_classification = source.get('default_classification', classification.UNRESTRICTED)
+                    # Enable signature syncing if the source specifies it
+                    al_client.signature.sync = source.get('sync', False)
+
                     try:
                         self.push_status("UPDATING", "Pulling..")
                         output = None

From d37f67d0cb434f724505240dbe550c9b6ef9a540 Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Mon, 31 Jul 2023 18:40:11 +0000
Subject: [PATCH 43/49] Update to be compliant with latest version of Pillow

---
 assemblyline_v4_service/common/request.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/assemblyline_v4_service/common/request.py b/assemblyline_v4_service/common/request.py
index 7f5ab4b6..872811d8 100644
--- a/assemblyline_v4_service/common/request.py
+++ b/assemblyline_v4_service/common/request.py
@@ -90,7 +90,7 @@ def add_image(self, path: str, name: str, description: str,
 
             if img_format == "WEBP" and (img.height > WEBP_MAX_SIZE or img.width > WEBP_MAX_SIZE):
                 # Maintain aspect ratio
-                img.thumbnail((WEBP_MAX_SIZE, WEBP_MAX_SIZE), Image.ANTIALIAS)
+                img.thumbnail((WEBP_MAX_SIZE, WEBP_MAX_SIZE), Image.LANCZOS)
 
             # Save and upload new image
             try:

From 02ff69faacce3c6b94db771b3c1503d70c53ffc6 Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Mon, 31 Jul 2023 19:51:00 +0000
Subject: [PATCH 44/49] Lock down version of Pillow

---
 setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.py b/setup.py
index 02f4aa02..77697a50 100644
--- a/setup.py
+++ b/setup.py
@@ -48,7 +48,7 @@
         'cart',
         'fuzzywuzzy',
         'pefile',
-        'pillow',
+        'pillow==10.0.0',
         'python-Levenshtein',
         'regex',
     ],

From 506cae1d17f9ca30bee2863617c9ce10f178db9a Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Thu, 10 Aug 2023 16:50:13 +0000
Subject: [PATCH 45/49] Handle cases where file doesn't exist during cleanup

---
 assemblyline_v4_service/updater/updater.py | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/assemblyline_v4_service/updater/updater.py b/assemblyline_v4_service/updater/updater.py
index 6cf1bf9c..c3d5a0de 100644
--- a/assemblyline_v4_service/updater/updater.py
+++ b/assemblyline_v4_service/updater/updater.py
@@ -598,10 +598,15 @@ def serve_directory(self, new_directory: str, new_time: str, client: Client4):
                 os.unlink(new_time)
 
             # Cleanup old timekeepers/tars from unexpected termination(s) on persistent storage
-            [os.unlink(os.path.join(UPDATER_DIR, file)) for file in os.listdir(UPDATER_DIR)
-             if not self._update_tar.endswith(file) and file.startswith('signatures_')]
-            [os.unlink(os.path.join(UPDATER_DIR, file)) for file in os.listdir(UPDATER_DIR)
-             if not self._time_keeper.endswith(file) and file.startswith('time_keeper_')]
+            for file in os.listdir(UPDATER_DIR):
+                file_path = os.path.join(UPDATER_DIR, file)
+                if (file.startswith('signatures_') and file_path != self._time_keeper) or (file.startswith('time_keeper_') and file_path != self._time_keeper):
+                    try:
+                        # Attempt to cleanup file from directory
+                        os.unlink(file_path)
+                    except FileNotFoundError:
+                        # File has already been removed
+                        pass
 
     def _run_local_updates(self):
         # Wait until basic data is loaded

From 1981fb43a337273ad2d844e1546ba266b124fd3d Mon Sep 17 00:00:00 2001
From: gdesmar <75089569+gdesmar@users.noreply.github.com>
Date: Wed, 16 Aug 2023 19:28:23 +0000
Subject: [PATCH 46/49] Speed up fileinfo calls

---
 assemblyline_v4_service/common/task.py          | 2 +-
 assemblyline_v4_service/dev/run_service_once.py | 4 ++--
 assemblyline_v4_service/updater/helper.py       | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/assemblyline_v4_service/common/task.py b/assemblyline_v4_service/common/task.py
index 6eea5a77..b69ecfea 100644
--- a/assemblyline_v4_service/common/task.py
+++ b/assemblyline_v4_service/common/task.py
@@ -113,7 +113,7 @@ def add_extracted(self, path: str, name: str, description: str,
         # Allows the administrator to be selective about the types of hashes to lookup in the safelist
         if safelist_interface and self.safelist_config.enabled and not (self.deep_scan or self.ignore_filtering):
             # Ignore adding files that are known to the system to be safe
-            digests = get_digests_for_file(path)
+            digests = get_digests_for_file(path, skip_fuzzy_hashes=True)
             for hash_type in self.safelist_config.hash_types:
                 qhash = digests[hash_type]
                 resp = safelist_interface.lookup_safelist(qhash)
diff --git a/assemblyline_v4_service/dev/run_service_once.py b/assemblyline_v4_service/dev/run_service_once.py
index c1a2482e..ccc64aaf 100644
--- a/assemblyline_v4_service/dev/run_service_once.py
+++ b/assemblyline_v4_service/dev/run_service_once.py
@@ -55,7 +55,7 @@ def try_run(self):
         self.service.start_service()
 
         # Identify the file
-        file_info = self.identify.fileinfo(FILE_PATH)
+        file_info = self.identify.fileinfo(FILE_PATH, skip_fuzzy_hashes=True)
         if file_info['type'] == "archive/cart" or file_info['magic'] == "custom: archive/cart":
             original_file_name = get_metadata_only(FILE_PATH).get("name")
             if original_file_name:
@@ -66,7 +66,7 @@ def try_run(self):
             with open(FILE_PATH, 'rb') as ifile, open(original_temp, 'wb') as ofile:
                 unpack_stream(ifile, ofile)
 
-            file_info = self.identify.fileinfo(original_temp)
+            file_info = self.identify.fileinfo(original_temp, skip_fuzzy_hashes=True)
             target_file = os.path.join(tempfile.gettempdir(), file_info['sha256'])
             shutil.move(original_temp, target_file)
             LOG.info(f"File was a CaRT archive, it was un-CaRTed to {target_file} for processing")
diff --git a/assemblyline_v4_service/updater/helper.py b/assemblyline_v4_service/updater/helper.py
index 8bf1a8d5..5ab38b55 100644
--- a/assemblyline_v4_service/updater/helper.py
+++ b/assemblyline_v4_service/updater/helper.py
@@ -142,7 +142,7 @@ def url_download(source: Dict[str, Any], previous_update: int = None, logger=Non
                 for content in response.iter_content(BLOCK_SIZE):
                     f.write(content)
 
-            ident_type = identify.fileinfo(file_path)['type']
+            ident_type = identify.fileinfo(file_path, generate_hashes=False)['type']
             if ident_type.startswith('archive'):
                 extract_dir = os.path.join(output_dir, name)
                 format = ident_type.split('archive/')[-1]

From a0666fb229b3ba2e78dcc5cd3b14e52bbe08b8a8 Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Mon, 21 Aug 2023 16:30:10 +0000
Subject: [PATCH 47/49] Fix copy-paste error

---
 assemblyline_v4_service/updater/updater.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/assemblyline_v4_service/updater/updater.py b/assemblyline_v4_service/updater/updater.py
index c3d5a0de..9e47f3d6 100644
--- a/assemblyline_v4_service/updater/updater.py
+++ b/assemblyline_v4_service/updater/updater.py
@@ -600,7 +600,7 @@ def serve_directory(self, new_directory: str, new_time: str, client: Client4):
             # Cleanup old timekeepers/tars from unexpected termination(s) on persistent storage
             for file in os.listdir(UPDATER_DIR):
                 file_path = os.path.join(UPDATER_DIR, file)
-                if (file.startswith('signatures_') and file_path != self._time_keeper) or (file.startswith('time_keeper_') and file_path != self._time_keeper):
+                if (file.startswith('signatures_') and file_path != self._update_tar) or (file.startswith('time_keeper_') and file_path != self._time_keeper):
                     try:
                         # Attempt to cleanup file from directory
                         os.unlink(file_path)

From 72039ce0793de0e150008d55d05fafecb2780362 Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Mon, 21 Aug 2023 17:25:09 +0000
Subject: [PATCH 48/49] Cleanup stale directories

---
 assemblyline_v4_service/updater/updater.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/assemblyline_v4_service/updater/updater.py b/assemblyline_v4_service/updater/updater.py
index 9e47f3d6..cbd32335 100644
--- a/assemblyline_v4_service/updater/updater.py
+++ b/assemblyline_v4_service/updater/updater.py
@@ -600,10 +600,15 @@ def serve_directory(self, new_directory: str, new_time: str, client: Client4):
             # Cleanup old timekeepers/tars from unexpected termination(s) on persistent storage
             for file in os.listdir(UPDATER_DIR):
                 file_path = os.path.join(UPDATER_DIR, file)
-                if (file.startswith('signatures_') and file_path != self._update_tar) or (file.startswith('time_keeper_') and file_path != self._time_keeper):
+                if (file.startswith('signatures_') and file_path != self._update_tar) or \
+                    (file.startswith('time_keeper_') and file_path != self._time_keeper) or \
+                        (file.startswith('update_dir_') and file_path != self._update_dir):
                     try:
                         # Attempt to cleanup file from directory
                         os.unlink(file_path)
+                    except IsADirectoryError:
+                        # Remove directory using
+                        shutil.rmtree(file_path, ignore_errors=True)
                     except FileNotFoundError:
                         # File has already been removed
                         pass

From 574c5f7667dff0fe119b97038e4d2083c93e5ef1 Mon Sep 17 00:00:00 2001
From: cccs-jh <63320703+cccs-jh@users.noreply.github.com>
Date: Wed, 27 Sep 2023 15:05:05 -0400
Subject: [PATCH 49/49] Update depricated .vscode settings

---
 .vscode/settings.json | 30 ++++++++++++++++++++----------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/.vscode/settings.json b/.vscode/settings.json
index 54c0116a..1d6ab98c 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,22 +1,32 @@
 {
-    "python.linting.flake8Args": [
-        "--max-line-length=120",
-        //Added the ignore of E203 for now : https://github.com/PyCQA/pycodestyle/issues/373
-        "--ignore=E203,W503"
-    ],
     "editor.codeActionsOnSave": {
         "source.organizeImports": true,
     },
+    "editor.formatOnSave": true,
+    "editor.rulers": [
+        120
+    ],
+    "editor.tabSize": 4,
     "editor.wordWrap": "wordWrapColumn",
     "editor.wordWrapColumn": 120,
-    "python.formatting.provider": "black",
-    "python.formatting.blackArgs": [
-        "--line-length=120"
-    ],
+    "files.insertFinalNewline": true,
+    "files.trimFinalNewlines": true,
+    "files.trimTrailingWhitespace": true,
     "isort.args": [
         "-l",
         "120",
         "--profile=black",
         // "--src=${workspaceFolder}"
-    ]
+    ],
+    "[python]": {
+        "editor.defaultFormatter": "ms-python.black-formatter"
+    },
+    "black-formatter.args": [
+        "--line-length=120"
+    ],
+    "flake8.args": [
+        "--max-line-length=120",
+        //Added the ignore of E203 for now : https://github.com/PyCQA/pycodestyle/issues/373
+        "--ignore=E203,W503"
+    ],
 }