Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00002000	0x00173388	0x00173400	6.66736850646
.rsrc	0x00176000	0x00000556	0x00000600	3.93016933803
.reloc	0x00178000	0x0000000c	0x00000200	0.101910425663

Name	Offset	Size	Language	Sub-language	File type
RT_VERSION	0x00176090	0x000002cc	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_MANIFEST	0x0017636c	0x000001ea	LANG_NEUTRAL	SUBLANG_NEUTRAL	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

!This program cannot be run in DOS mode.

`.rsrc

@.reloc

#j]e(_

,'\(W

lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet

PADPADP

450464460

0460460t60460460460460460460460460460460460

@FYWFW]

UQZX_@

6046046`q60x734

TS04604604

7466460460

460T1046p46

46066006046046646046046

360660460450T

04&04&0460$60$604604&04604604604

q36z4604V74

34604604604604604604

74:0460460460460460460460460460460460460460460460460460

60<60460460460<

04~04604604604

DQND460

104404604604604604

FEBW604

3460T1042046

36046046046046p46p

DUXYS46<4604

7462460

10460460460460t60v6046046046046046

u104604~0462430H

4614604604

304604604604604604604604604604604604604604@

@5665

60.H1464

604704'

P140Cj602

0461$6066$4

4<0460

7046046

20]6046046

w90u?5

24z0460460#

464"D660/

6O042

=K464

0Kt600

=Kp464

2Mq464

9Iw042

6Ot042

8?Mv600

204404'&

#7462&5

!0044"6

760I1042

46:'2!0

04<#02

46:'2N

600"!0H

60>""6$3[d040

404Ep46:N

w04<$,

|461'3

q46: .

x605%6

x605%7%1&

,N)600?K0600'7[

2Ep46:N'7+

'>&'?N

600?K7600'8*n"=,"5Yj466

0Ct60>L!2'9

600?K7600'9[x040

2Ep46:N

w04<$,

'%3/dn

|461'<

q46: .

#'5+bh

x605%;"%<J(0429O5042!2':

46/tYv466';!9

6Gv04<JJ)0429O5042!95!?$1[|040

2Ep46:N'5

046h'83%3,l

t46:'9&'$

O5!:)<l

u46:'%3%8/$n

q60>%$7'>+"h

s04<#!'$

~461' 3%#!" !"

p04<N+600?K7600'=%%h% !"

Y&7_~602

6Gv04<J%8/

n#:'"#n#&'"%9

q04<#$H/464=M3464%>.l' .$1[|040

2Ep46:N5!1)

u46:''!8

4%0#9'7+

.H,464=M4464%1_

6Gv04<JJ,0429O2042_

2Ep46:N

0u*046046

346<4605605(2

66[460760%,

47 460460UW07

*Jg042

0460460!

e464c

-He464

/60~*

.Na600

E~46:

44L046446!~$

0B566G

o600Hk464

Ya46:

84'$46546!4

$Whq5046

iQP)WP

#Whq5046O460

6049146

o'V/S'/

m*SR*SQ.Sls6460)604^046

!#s6460

604,146y560J704

Dw)l%&

#nU#UV

?0USV'/

85603'&3'&

4603'&3'&

0467% 7%

<lP'WSQ

I1!"1!"

~1!"1!"

3'&3'&

l.SRn#"'&3

Yb46:8

lf5-n)W

m-S,T'W!RU%(%.

`1h,Thq$046

046(360z104

746B<60

>04R946

<04=;46

:04+=46

;04q>46

>h(UV

g60>%:

7D\66@2Yd46:9

?_a60>

46:[`04<

'4[`04<

04<_b60>

60>Yf46:

46:[`04<

04<_b60>

60>Yf46:

_c60>%

Yg46:''

[a04<#&

_c60>%#

Yg46:'"8

n04<#!

Nm60>'%[l04<

Jm04<_h60>

Ni60>'5[h04<

Ji04<_h60>

NT60>Yl46:

HQ46:%&_V60>

NT60>Yl46:

HS46:%0_j60>

D#UYj46:

046+WYj46:

HV46:<

J^04<_h60>

NW60>'7[h04<

J_04<_h60>

N^60>'![T04<

8UYj46:

HV46:<

J^04<_h60>

NW60>'7[h04<

J_04<_h60>

N^60>'![T04<

n_n60>

NR60>>

J^04<_h60>

NW60>'7[h04<

J_04<_h60>

N^60>'![T04<

;lPU/UVQYj46:

HV46:<

N\60>Yl46:

HS46:%1_j60>

N]60>Yl46:

H[46:%&_V60>

!%Y\46:

H]46:[j04<

Jm04<_h60>

!$Y\46:

H^46:[j04<

JU04<!<Yn46:

H_46:[j04<

JX04<_h60>

ND60>'9[G04<

JD04<_h60>

ND60>':[G04<

W*WS_n60>

NG60>Yl46:

HS46:%=_j60>

n_n60>

i#U_n60>

N]60>Yl46:

60>YE46:

lP_n60>

NW60>'<[h04<

J@04<_h60>

NU60>'"[T04<

JA04<!'YR46:

'$[Z04<

USV[l04<

JX04<_h60>

NW60>'=[h04<

JN04<_h60>

;lP'VYj46:

HI46:[j04<

J@04<_h60>

NN60>Yl46:

60>YE46:

HC46:[j04<

JU04<!?Yn46:

HS46:%:_j60>

!'Y\46:

H^46:[j04<

JU04<!9Yn46:

HK46:[j04<

JJ04<! YR46:

'"[Z04<

Jk04<!:Yn46:

n_n60>

!o_n60>

NW60>'?[h04<

W_n60>HM46:[j04<

\:hRS#,

H04<#0

@+h(U#,

n+W/RFF24F_K60>

lPURS#,

-W!RRSV

iQ.R(U(VPU'.

6U)UP'W

U+S,T$

{2*oV-UV

oVQ*S'.

gYQ+hQP

:*%)WV,UV

WU-T*WP$

mS'WPU

g60>%9

=6x160260%6BX40D

146S#TVQ

)mSQ'1!3

1704UU

Qms3460

604\046

lS(W%7

#C8.i/U

oiq5046

g560#UU'1

As<;W(VS(W

USiq5046`460

6oUls4460R604N0462560v704

li0;RPU

Q(UU'2

604#+VPU'2

.%R&l.R

-l+R)UU-UU.U

=/L/R/UU'2

04<B@40D1

lS)W*RR

7m/SR%4

46:FB24F7

%iQ+R2

[t04<DP605D\66@[

04<BX40D

iR.SQY

46:949

46:FZ24F

60>Br461

20J204104'046

9W'V!R

d*U.RQ+

/Uou7604+046n460

7ims3460c604

=o+Wnu7604

4604704

-AP0WV"

Ee<W'W

lPU,Uhq<046

460l604I046

146]560

2;T>WU

)i5m<

87A#oV

10G604>04'2

04<:&6

46:IW0422#

06t4604604

44r0460460!

40p604?04''

~461.

-MQ464#

66t460=60%!

)OW042

046746!S

Z604>7i

(:28:3h7>4l

04<92k

26w460=60%-

504<04'

W346KM600)

Qv+560

c346KH600 U#U

346KH600

y760q0046%460q604^046

702%5

5OA042361

702%5

23n 4/

3KB600523

13KH6001iIJ042

,4043K

;15?492

1465OA0425ON042K@600

566838

1oh$68

''7q5046*460s604j046

3KB600>

6140&Q/R'1

460<3KC600

'%0u0604-046

460c604G046

702%6

5%2MN600/UR%6

5OA0425ON042KA600

33;6?6

13KC600M

464IH04222o

0460460;K1600

61$604604

451461/

146;46!

`704)(

OLM4v6560

q704?u0604

0465460

604G046

602%4%2

z605=&'3

602%62

466'1!2

~461'>%

6%>&%>

'53'7%>C

'5%1h'3!1

60>%9+&

46:'<&

466'=!?4*6

Y.o_260>

46:ND"76@G

04<J2Y

46: <7

047 4624&1"

1;6046z#

16r560860%

3560O'142

604M"564m

460O'142i

460O!142

604M&564m

!6M'5646M&564"

Fm<2O"1422O 1422O%1422O'1422O$142h2

64K"7000hI 14226M%5642nM!70042O$1426lK"5646M"564

0146#4K"700

4K#700

6M"564-

163660960%6

146u16048046,460

604v046h460+%

560"%8

'6#n#2'62

46:!!=s4460?604$046

`<!h8>7

|461918= 9

5'5&6(

x605%4

040#05

|461'3

#':q2046>460

702%:

!10!3>h

"%7,%:

!3!h'1!3'4

26v560:60%6

1560q5046>460

604~046/=

4647o6"2

60>.=

60452O

&<s4460>604

460g604)$

0427m0&3

600 6327m

0427m0&0

001704904'

6001n54

04266M

46:64K

6005hI

46464K

600:8#nM

600>2O

604&04'

;4q346!46!"

246/,n/

6607>/,n/

60>%47>/,n/$n

60>%57>*l.h

04<#258.n/$n

60>%77>/,n/,n

60>%8+^

z605%9+.

z605%:

]566'=

2466[R040_@602

46:':!8

04<#84

60>%=%=&

04<N#600"!8H

04<'+:N

60>'=%?!>Y

46:'8!>(

60>%?%</$

f>H&464%8!<Y

H$464%8!<?Z

46/tY-466

H%464%8!<5!0 Z[

2Ep46:N #&

z605%#7>/,'7ln/

'"nn!' /

v46:%%/8

46:'"!')

04<!')$

~461' 3%#!" !"

p04<N!600'>%>! \h% !"

6Gv04<J%$'l^#&'"%0

H#464%9!?Y)466

04<#$

60>%!J#042!:'!+&Zl' * Z[

2Ep46:N';*

046!<'5^n&

60>H"464%9!?Y%466

H 464%9_9602

46:J.042!:Y

H(464%9_

41'l=7+<

046046&7609604

346346056056046$4605504#346#4605605

HV464+

&JQ042

76]460760%

YK466

YM466

0461$604604_Y451461'

34`046<46!

4'W&0(*

16q460&60%,

*-KX600

"M]464$

64I046<46!!

O46o$74

20c604%04'

~461

54f046946!

464)K

604&04'

6047 460460

077047#

30]604%04'

26.660 60%6

560q:046>460

046g460Z604J046

560"K@464+?

704%7

g!2MZ464OX0425t

046/>%7

!2MZ464OY0424

5668 #3

<'6O]042ME600);'1

#1!#3

z462?,#3

|044#2/

#0;,'1

>'IF042+'1

`%0K^600M^464%0K^600M_4640o-

'm)/kU'k

z46296%2

#n#0'6

!1!h'3!14

>KD600

>!004#n5#T

602KB464=

>932'l3'V!P

040MG600>

46n9K#700

;O 142

50C604?04'

4040_P602YF466

6046046&

.60R_

047 460460

077047+

404#04'"4

[404$0"

d04<=J

04<#0 #1 #2 #3

=='7#n

;'7,n#3'7=

'4[z04<

600Y|46:

04<<"%8

<9%>'l

l%8%>9

%2_x60>

H704'4"Y

w'4+k_

60>%9%2'%?'mY

7#1)D[

7#2'4%?'lY

46:'2N

600%:%<

464%2_

042!0Y

`46:%2_e60>%;%=

604';[

04<Y';!9

~461'8!?'>"'=[

040#:"#;'6

46:'9&

60>% %&

600Du16@

04<#%'!

04<!%"*

042!0'?[

04<!;%<

04wT460460

7048046

5602604@0470460

7048046

5602604A0470460

704F046z660760470472460x704!146S660<6046046n9&I

704 04'0

146ZlK

704s4460:604

046r460d604)$

042&6M

04<''2

6003h6M

*<s5460>604#046

460u604j046/'

600,<

0425l4K

600o;,:

,542n2O

s3460>604

0425lK

604!04'

x047;21&.Y

~461

4605*0440

D6:460440;6[N6:4604%

460,60%

+98m)/kTh?>'l:86M

464=0!0!i

~!/$'4m)/kTh`?'l;96M

;KD464

9KE464

16}4604604

M*564

nM(700(

146)46!*

1560m-&

600!i/

r5666M

4647,i.

r566"<(

t1406#n:25

600=2O

042<<1

600=2O

042<<1

704904'

604MO464

5&5'6

5KO464

046KM600

460OI042

6MO464

5'5&6

l26l552o2

;$8q5046 460,604

63n:,:

76#MM60005

44y246*46!4

3660q>046>460

046x460h604^046J460

146'l

|461'2,'<

HU4649.#>(

702,h8/#>

n#3'7<

#566'3

+';q0046;460.604

460n604\046/'

046)'=

3!107l

566'0.

140#?#

"%8"%;

z044!2'8

K_464/%;

|462e.#?

%>'l%8%>6

;566-!8s5460:604-046

604z046/=

z044a#%<

&'?)':

x606'6%?6l

M[600,#8

%?'l%9%?7/

76V460/60%

4[404<;-

605&044036

p6 4604%

460860%

R046'lK

600<6#nM

604:04'

\M.564"

aRK.700

SRK(700

PW'lK,564m

hM-564

bM.564*

6M*56464K(700<6#nM(70002O+142.P

6 M)7004&I(142

4604604

47 460460

077047f&K

604?04'

~461/

604 04'0

460q3046$460

046w460c604

702%4

N\6000

J_0426

00E404*04'0

660q1046>460t604j046[460N604

%404.j

4!1.j#n

046,'8*

z047</%>

004-;.%>

&'3)'8

'5#n#1'5<

;702%7)!;s6460?604

604q046Q460+"

702%?

8%>!3'8,l

%1!<.j#n

702%?

x605:)'9

'8#n#<'8<

!2!h'0!2

'' q5046;460!604)046/'

5'm%9,%

6#o#0 #$

'<&'=&':&';!9

~!h`'<#n#8

6%='l%;%;'l%=%;!0.j

!?%4%?'m%9%?&

14904604604

47 460460?=07

20\604:04'

600!ZlK

4604604

7 460460

077047#

30%704:04'

604M.564*

046K.700

046K(700

046'lK,564

604M-564

6044K)700(TI+14226M.564*oM*70032O*1422O-142i

2O*1422O-142&

i$52O,1422O-142303

60>4&I-1422"K,564

2O,1422O-142303

60>42O-1425lK+5641

604?04''

~461%

0060&&

660)60%

660q00462460`604

1560lK

}7024'I

04227-

464#nM

14026M

46464K

0422,K

46465*

600 6

600,hI

y5666)#

6004&I

0422-K

k566?1&

464#nM

0422 K

4646 M

6004*I

60042O

042==!hI

04296>

60048+&iI

0422/K

o702%6%0&

y566%0N

60042O

042==!hI

04296M

/I"142

/ M"700

]K'564"

604904'

0464?/

468m45<

1>h$5*

04260o212

60>53O

0427mK

046.46!.

=s3460>604#046

=$&

660+60%

246K8700

246K%700

N660O8142h

O2462O8142(

04<#24K%700

60>%76M!564

4146h#o#<4K'700'5#o

'?2O%142!1

42.S>12O$142

34K&700=2O%1423%0h

1462O%1423%0h#o

%?pZ7044K'7005

6M#564=

pm7044K'7005'l

2O%1429#n

tv1463,n#0?(l;&

2O%1429#n

2O%142!0!h

4606M#564=!h

6M#564%2'l

6044K'700?'l

4K'700'4#n

0462O%1429#n

2O%142!0!h

N6M#564=!h

6M#564%2'l

V4K'700?'l

4K'700'4#n

p2O%1429#n

2O%142!0!h

6M#564=!h

6M#564%2'l

27K=564=%5=4K%700o#2'63

x6M#564%3'm

#=4K'700'5

%:6M!5649>3

6'66M"564

04<M:700

4K:700/

z044K[600

704s4460:604

046s460e604)$

z044K[600

046!0/

|462OY042:%2'

d560l%4%22

'%=u0604=046*460

x606M_464

~!h`/#?

"%5"%;

h'3!14

z047<

!=s7460>604 046

460`604(

702%9

#%6"%9

*1!2!i

n'V;''?

'6#n#2'62

|462OY042#<'8

5&5'6

|462<'8

K^464<'8

~!h`'7#n#3'76

34A046

aM&564bK#700

702<4O.142K(700

34[0460460Jh042

mJk042

Hn464

6G702E

46:/'

6047 462490fW0?6046#

4&04)p

60>B5462

4042N66001_<602

64q146(46!4

460q1046 460

460g604V046^460+?

4604604Hb464

;Nf600

6047 460460)+077047#

50r604

20c704

=146u2604'046/460

604y046i460F604):

z044K[600

604,#1

604%5

!|044/%

#%2u7604=046

|462I\042'

M_600.#0

z462<!

60><22

602%4%2

040#11!1

7,4624k0$[0>604624

086046

/$ou760440467460=604

04'NR600

1560lb

_q5046:460#604046/'

7HW4642

25JP0426

20@6046046

b566655O

4605*0440

6&r6=46044086I

6:4604\)1

464+:PI

146746!"

046K'700

604M=564

46iI;142

460O'142

04oM%700

046K$700

60mK 564"<

4K?7000

46o?4K?70007

2O:1428

k;2O:1428=

34u046<46!"

00{404

2660#n(o

464%0&

'6#n#2*

S704'66M

z047==0'm

6045(%1j#n

!h'>!<4K

464'>8#n<=5(%1j

?3,'7n!h

464%<'m

|'lb2O

0423,'7n

042'm

604%46M

464%2'm

~!i`4K

600'4#n

z#nd<!2O

042'm'4m)/kTi8>&

z<nd6M

z<od,1j'32O

464%='m

#95!9!h

6005!9

%:'m%<%:&

!?!i'=!?

,>/;='5

~'l^c":!1;!0!h'2

:'4#n#0>'l

042;

|>Xl^cs9

~'l^c

|!h\e!05K

6046046'

-60y_

6047 4604

027047#

20k60404'B{30D

30&504

404M"564

660O$142

660O9142

660O/142

404M#564

246K%700!i

660"K?5640M)564'34O%142#22K$700%70M!5640M 564m%:%1!14!2':

p14040M!564I&142&

2K%700

-1404O;142:0M>564?2K&700/

Z702:8

a4O'1428m

4O8142+

4O8142)

4O'1424O;142i"

32(I81427-

4600M>5643

4600M)564'>4O'142'm0&

i'?7%?!<

1(m=40M!564#nM%70024O$142'mK"5640M"564-

02K%700!hI'14240M"564#oM&7002&I91424,K>564z4O9142

2K-7002K'7002K%700!i

2'I914240M!564#nM%70024O$142'mK"5640M)564O

F4O'1424O&142i!

92K;700

4=!i94

'2K&700

;0M?564"

17&'24O/142#12K'700%60M 564'1!3'5%2!2?

r70224O&1429lK 564%2&

0M"564

06-460860%

560860%

Wou:604

046l4601604

460F604

046w460

604'046

6046046

l046KF600

b046KG600&1g

-sKD600

MA464

042-k)/kRM

76556060%

604604

2466[R040_Z602

6047,4604

08u07704724z0y

0$6046#

704904'&

464*RM

600(iI

604!i$56#n:6M

464m=53

33&36M

464725

04<26M

4641nM

600o'k

60042O

042<<!hI

4646(M

046?46!4

[046u0604=046

604u046/'

lh>/<

3!h?1*

O504MK464

460U!R;

p760OA042K

600KM464

504s9460 604

046P460J604

460'704

146j560

0504MG464

6"ML600

64KC600

140MM600-UR;%

4KM600

64KC600

2IM042

2<KL464-SV9

6MG464

04SVU:

5606MI464

046NV600<

/'5q3046!460

604}046Z460

JU042;+?VQ

4NP600KH464

2"S)WKL464

#WU'3)

\6MI464

604$16$06MG464

''4q5046

460}604_046

mKL464

040ML600

04226MG464O

042MJ600#U

76M560

60%Ho464

5'5&6

604Hm464

a146Nk600

460Ji042;(

460g!0)9

8U%4*!1-Q'3!1)?ms34602604046

460+<#1

%2+ms5460&604

460~604`046/!%5

/;%4+"#1

6Jj042

<!h8>7

6047 4624*0E

0?6046

660360%

560,ou?6043046

604)146X560

704)<I

1406#i

0426#U<<

s34601604)046q460"

7024)I

0422)K

6004,I

1402.K

o702 6

}7024+I

W702;26M

464=oM

04226M

6004-I

K!iq00462460:604,046

vDi16@

*DM16@

60>=7"

605Dg26@

.146$ "_

60>B5461

14646!4

`560,

{704s4460.604

046`460A604)$

704|6mb(

6000iI

6MF4646MJ46424KN600

040;";

g3 30|7

"<s3460>604,046

_i>.<

_h` <

2O@0427"1

3 30|6

''4q5046;460*604046/'

4KB6001&2

466,%4

40|6lb&'2

30+404

5'5&6'

560#n<!!2s4460%604(046

223n8l

&5'6

046461

=!!1s4460?604"046

%2'l%43'4l5z'4(

y047l'4l

#'7q2046;460

046u460+%

702%7

'4l=77

34O046<46!,

_R602YI466

6047 460460AC077047#

30m704

,704\hI

464+)oVVM

60042O

042.lK

4642(i>0&

042/+iT#5/+iR#o%

6005hI

0422"K

042/+iTI

04226M

4646 M

J704s6460:604

604p046d460+<

Y704!#<

4704 #<

0468+&p

140)l;

#'7q2046;460.604

702%7

63'4l07#o

702%7

!0!h'2,

19#oh?,

W460<)!

''9q5046;460)604

140)l%5"%9*

702);l%63'6#oh?1'l=70

06^460

461$604604QW4514617

0460460nK

20j604

04'&v&v

'l=76M

20u704

6704)9

046/;i

046*WS-

3)?k;3=

04282)9WV

?57+9o

1407.U

464'23%2

o702<2O

04282)9WV

?1/;i!0

$71/;i

}7021*W!

600%57'5

m140:6M

+1/;i-

!71/;i

}7021*

4040_\602Y

2466[^040_

4040_\602Y

46q(6046046046

70450461461'

44s046<46!

046<46!

604M-564

604M.564+)oVVM)700

046K*700

460lK.564

046K*700)

604M*56464K(700<6#nM(70002O+142

4K.70042O*142:2!hI*14266M-564*R

42O+142/$RM)700

42O(142/$oM*700!

20P704

2566909l<37M

464=\hI

0427=o;3

600%57M

464.i&

600(o"

3'1!3'6%3

600M.564Q+

042(+<

v702'4+<i'2)

042/(v:

0403+(M

046u06048046

X604)#

|46261

IY042)8

54a246

x#nXg!

704':%?

600%97M

464'<!>'9

s702,:+$=(3O

4=!h>?'m;&

+86-lh7M

140h7M

464l=3O

042<"%4

lh8'4#n#0'4

jl:!1!h'3!1).

<:22055

5&7'l/

v7025K

600%6J

042#3H

464'>%

!3'6%>

T7025K

600%6J

042#3H

464'>!3'6%>

t14032

!h8%9$7%?7%<

604':'?!=

6001!=!i,m

A0467%?!3

;!3!h'1'

146!30

6?'l4K

0428.>j,o

x605%4,>j#o

x605%5'0&':

#9'4,'<n'=

'4,'<n!h!

!1'<6M

%:'l%<%:8

#:18#o

#; #$!#%

%''l>,'53'!

!11!%!h

2'!#n#%1!$1!%

%'#$'!,l'l%!%'8

%">7%'7%&

"%37%''m.k

'l%6'9!0.!;l!:

!0.!;l'l'#

046o%3!'

60>%$%3!;'5%8

h%"i#n

"% #%!

+%37%'

'53'!#n

*l%!3' 3'!

!%% %&(n!h''!%>

83'!3'

&'53'!#o(o

+Jl042

/Bc461-

'@t047

QBKY600

@460OZ042

^046KY600.

kOZ042&`&`KY600

g6IZ042%

2OZ0422O[0423

42O[042;3!hI[0427

604:04''

04<J6!o

604i5O

042/+iRTK

46413K

600(hI

04257K

46412M

60036I

404 04'

560ms4460

460.704

6004$I

o702;9"

}70242O

0429lK

4646)9I

702=7"

m140#0'4"

}70242O

042!0nM

46624K

600o:6+M

06'560;60%

460#nM

4606/i

|!h\e6

1704o*onM

60023#o

)702=4O

x#nXg1*

4643.k#ohI

70~6046046

605&046046vr635605%

60%HX464N

N604P'm

q5046:460(604

73N\6000

0HY4642

46!Je042

(Hd464*

Y056:

k140;3"

Na600Hf4642

$566?1$

vHc4648 =<$3

04<N`6005_

60>!_770>

0_070>

556:?1

4605*0440$6

z6:460440

6:4604%

560"60%6&

460q2046>460)604{046c460+"

JT0427

z044K[600lh>):

!!0s4460?604

HS464<

|462OY042jl<)'2&

>'l:86

06k460860%

#nM(700

5K(700<6#nM(70002*U

?Ig464#

6d702E

46:$&

34T146

)(<)??!1

8&8'59*

'4#n#0

>%2'l%4<!h

464</i,

0428-o)

0428+=i)

2DU26@

_6041h$66/

3n:01i$44

042/?v

246u>6048046

046x460j604\046

2Y756:9 #;

"%8/%?

6[>14<;)%?

6%2&%2

]Y956:

<'8<'8

'4%>9i

x047<*

6< 7[?14<

9146h'>!<1

#1"#2>&G<14<C?70>%9.

460%?_870>

!=Y756:'3!=Y756:%?_370>%:%?_370>%;%=

z605%<%?!8 !?Y956:

':+v;'9%:&%=_=70>

`46:[;14<_:70>

04<J%</8n!8 !?

#%'u7604=046)460

46:,%!

04<&''

60>%7%3(k

0466[914<!2Y 56:"E!56:';!9'7

5&5'6

046!3 Z[

#' q2046;460#604

702%

60>%>,%

!:%7-%

1140/'

96[914<!3

7566;6[914<!3

466%1&^Y

5*0440#7

7'460440

4$4604

-R)K'700

+O'142'l

QI<142

16y560

602;2O

3146i.

m#0'4"

0427#'4+)oV!ik'4

-566'32O

566%3(o!i"

600>'%2/+iR#oo%2

!h>02O

44G046

7 0_v60>

Y$56:

107704:04'

042:2!hI

460k4K

60042O

042:2!hI

460k(RT4K

600)/kTPI

04226M

464+&hI

042^#5&

>/+iR"

06A460860%+

600oZlK

6004&I

J460`

H604;9[

e5666Y

3!h?16

64y246

8660+&

~!h`'5#n#1'56

06609!#3

5i+)oVn<%1/>

70k%8<

70k%9='9%>i+&!3o/+iSl;!3!h'1!3)?

4404%4+9#>

70k%;<0!>

/$':m)/kTi8>

]702'4Q,R%<P\

!0!!>)9m)/

kTh'2!8

460l%<%:!?

%<'m%:%</>

4603'>

_140#;'>"

600'?%;*V'>T^

%9'%8/+iRl%?%9

!$)?k)/kT#%' .UU'&3O

042!$'?+?ST'=.T!:VX

+)oVn#;'?%'

1!:>'+&!:o/+iRl

!9!h';!94

046_\602Y

4040_\602Y

1$604604

451461'

44K046<46!kK

~'l^c6M

005704

140:21&

464"27m

140:64K

4642nM

04'&!

8[.14<Ds605;9[/14<_

*9[,14<N

i660<Y,56:

>E3605%4%2

|702E/56:'3!1Y

70>%6[

70>%7%0

x566%1

~140C+70>%8%>_

14<#=Y

14<#>

|702':

70>%>&8

14<#:$>

14<#8'<

46:';!9

47T460460

07704724

0 604604

07704724

F18604604

H17704724

28604604

27704704

277047;

6046046

D460FS64F&

4040_\602Y

0)p4/$

61$604604

451461'

704)>U

146.ls:460=604

460`604R046D460

%0!3'5%1_

046/:%9

t047<+

%3_x60>

b461'0'

6[:14<#1)

'7#n#3'7%0

<'4%0C

!0!h'2!01

.U%8%>)ls4460&604

460s604

09"1_=70>

z605;/

604:04''

44~0460460J

)(S+9o

464&/8U

54q046946!

~461*

44Q146p46!

4040_\602Y

6602YX466[

~140([

14<<<0

70>0'[

044046

460$604

046=460460460460460W704U14634605605

=,mh=

604w04'

SM:564/T

PM#564UK%700.h

fO:142

fM!564

O46o~K?700

O=14276M!564\

23K:5642

105704t04'

46:- N

566>0N

[!14<<!

56:2>"5

6Gv04<J"

6047,4624

0>60460460

077047;

70;6046046

05&046046;?63}605-

660w60%

704s4460

7043046

x047<718">

v46:2Y

56:90&

702%4%28

x047#2'6%2

w702%7%1&

,6%0&%1_

x047#<'8%2

w702%9%?&

6%>&%?_

60>'4[

70>%52?_

60>0!0M

466#5$

A566'<&03

602%;%=!> !>

Y[004<#8.

90!8 !8

DW26@6

60>L6[

'8BO00D'>[

462460M704

5608604604604604604#246%660.604

60404'.

Pl2;hU

046t46!|

n604s346016048046'460"

604s04'&

4603 C

60>;9<

F566= Z[

04<9'2

24_e60>

461(6066r4,l4;046066

Y4&0460'

54a046#46!

060560$60%

1$604604

451461/

046v46!

0/,U;21/,Ti#

5&0440

6:4604%

460s60%90-

+*Zo(

76H160|60%6046046046

U042/'

S042NQ600 /$

NQ600!/%

NQ600./&

NQ600,.

HU464/+

JS042,+?

JS042-(

NQ600(/>

NQ600)9/

NQ600):+=

JS042/?,

JS042/8)<

HU464+;)

HU464+8/9

NQ600)?,

NQ600) +8

JS042/%!

JS042/&)?

R600HV464"/

JP042'.

NR600.+

HV464-*

JP042*)

NR600-.

HV464()9

HV464)):

HV464*);

HV464+?/9

NR600):+9

JP042/?)!

HV464+:/'

NR600)=+!

JP042/:)+

HV464+9/+

NR600) +

JP042/%)

HV464+$/

NR600)#+

JP042/ )s

HV464+#/g

NR600)&+U

JP042/#)C

HV464+.

NR600))

JP042/.

HV464+-

NR600),

504!h"

3466+*

\600HX464"!

J^042',

N\600.)

HX464-,

J^042*/

N\600--

HX464()9

HX464))=

HX464*)!

HX464+?/-

N\600):+

J^042/?)

HX464+:/u

N\600)=+W

J^042/:

HX464+9

N\600)

J^042/%

HX464+$

N\600)#

J^042/

HX464+#

N\600)&

J^042/#

HX464+.

N\600))

J^042/.

HX464+-

N\600),

J^042/)

]600,<";

4=!h9HY464<?

<!h8>/*

NV600'4

'4lK^464JT042!0

|462*K_464%2'l%4%2

JT042!1

146!1n

604oMZ600HR464%3

x606)9IY042!1!h'3!1

4704%6

NV600'6

z044!2

0560mK^464/

JT042!2

|462)K_464%0'l%6%0

.146#3

JT042!3

046!3n

,704oMZ600HR464%1

x606(M[600'7#n#3'7

JU042!<

|462%>MZ600HS464%>

x606-M[600'8#n#<'8+)

HR464'?NW600%:%<!=

2M]464

=M\4643

60>4/$

|461IZ042

566I@0422!KI4646#MN6004

60>43G

140MC600

04<27K

46:65M

66C460

26@u%

Y)56:

05&046046VR635605(2

661560}60%

00DYr56:

042_w70>

64F_v70>

464[z04<

64F_v70>

6F374F_v70>

464[z04<

5F74F_v70>

046z46!6"M

Yb46:> ;

_r70>:8F

74F_s70>

04<C|70>K

464L8Fs74F_s70>

464w8Fa74F_s70>

6001'l=72

6046046

1$604604

451461/

046{46!.

^460FA74F

Yz56:

47 4624-0

f0>6046+

40A604z04'

0461$6066<4

x4;0460/

24F046}46!"

s7#n;"

E}56:

Y`56:

7 460460]_017047.6

4646.M

34J0460460++

464=K

046#46!

z605<&?

50h6046046)

46464K

600M,564"

146<46!+%

146h*T

61466l+R

46420/?T

'l<6+(

16W46046044

60>43I

7146/;E

04226).#)?G

60042+%*)E

60>43I

04221K

464684I

0422:2

20n604:04'2

04<27K(56465C

702K)5646

x047M'7004

J461I=1422

N605K<56464'

<M%7000M$700

2M.564

=M,564"

x047M.7004

}50464460160400467460<604?046:460?604;046?460%604%046'460/604)046

460604

460w604e046S460G604

04625606604504674604>484:281=3=7=7;604604604604604614605604404624607604504644600604304654602604004674603604>0468460=604?046:460>604=046;4608604:046=4609604&046!460&604604684603604?0466460>6043046;4600604:046346096044046>46056049046"

Th76045046;4604604604604604604604604604604604614605604704614606604404624606604504634607604504644600604204644601604304654601604604614606604504644601604104694609604'046)460

046q460U604

4605704

14616605504744612605>047<461$605.047

605v047P46rg|r56146046<460B

604654Z046

H04&{46D,60

eDF_^SE0460

U04>846

]04&046

scyp604

[46X!60

t\[T04604606605a

66461460

604X046

2462460e704w046

46006041046}460%604

046b460>60440469460<604<0461460<6047046

4605604/046047056046026

026=5+126

126g5k126^5M126

026h6P226M6P226

026p7M126

426r1`5C6Y16026H1

2q626V2q626D2

3`526t3

=q626T=

026]=@926

=`5>6->`526v>

>q626e?

026P?\;26

?P22688P226%8

8P226p8P226

8P226t9P226e9

0>6}%n!>6^%n!26N%

%k1>6`&R">6

"26"'/#

7\'6026

'k126q

`526#!\;.6z!

,`526y,`526d,

14604!046047056

6>430562460$6

4v0162430

0V65440365560

604?07674<1$6d4609634=0>7 4V046=410?6

6V430$6;44146

460=6*4:06704b04694,0$62560T604?0.6$44146T460=6*4.06704T04694,0(62560R604?0.6

44146X460=6*4

06704\04694,0

62560t604?0.6

44146\460=6*4

7 4b0V654,0

44146d460=6

06704V04694

62560P604?0

6q44146R460=6

4s06704P04694

0}62560\604?0

6}44146Z460=6

4g06704v04694

0a62560X604?0

4k046 4b0T654

0j604&0T6P430

6o460$6d4

4R046 4V0V6540_604&0

6\460$6d4P0

64O046 4

604&0`6Z430

604&0T6Z430w6

460$6P4P016s4

046 4R0R654u0

604&0T6

460$6T4V016s4

7 4R0V654u0

60560`6T4'0w6

46146R4V0%6v4

04704b0t6!4|0

60560T6p4'0z6

460$6d4b016a4

0\654g0

604&0P6

1$6T4v016a4

046 4T0

604&0V6V430f6

1$6R4T016b4

046 4P0V654d0

604&0R6V430f6

1$6V4V016c4

7 4V0P654e0

60460P6Z430l6

46146X4T016j4

04694j0

635&0`60430h6

46046Z4T016l4

04694W0

60560t6R430U6

461$6\4T0!6Q4

04604T0\654T0

60460`6X430V6J56146X4P016R4J117 4

04654\0J7=5&0`604;0^6O560$6R4v016\4I1<7 4T0^6=4X0

705&0T6X430D6

561$6P4b016D4

147 4P0t654@0

60430B6

531$6d46016

117 4V04654

704&0P6d4

560$6X4v016

146 4P0

560$6T4^016

146 4\0R654

561$6X4V0

14704\0t6!4

5&0t6V430

117 4b04654

755&0T60430

53146T46016

117 4T04654

755&0R60430

53146X46016

755&0^6043047

531$6p46016*5

117 4Z046

70560^6P430+7

1!704b046=41

7#560T604;0

5%146T46096

1'704T046=41

0`6&400

6,470`6

6)470`6)470

6)470`6

470`6)470

6)470`6)470

`6)4%0

6=5%0`6=5%0

0V6(550

500`6)400T6)4'0

60506{7

0P6(5g

6&450T6

6,450T6

0`6(550

6,450`6,450

0T6(5g

550`6,450t6

0P6,400

6(550T6

6,450`6,450

6&450T6

1`6n6f

7X670D

4Z256H

7X640L

1I424604634

640460450

206046076

454604634

5^2=6046076

494604634

6=0460450

286046076

4?4604634

6&0460450

2&6046076

4$4604634

6.0460450

2-6046076

4+4604634

6+0460450

6046076

4604634

0460450

6046076

4604634

0460450

6046076

4604634

0460450

6046076

4604634

6w0460450

2|6046076

4y4604634

757}0460450

5=3y6046076

4a4604634

6d0460450

5#3`6046076

5n4604634

6\0460450

2_6046076

4]4604634

6X0460450

2E6046076

4B4604634

7B0460450

5r3M6046076

0460450

6046076

4604634

0460450

6046076

4604634

0460450

6046076

4604634

0460450

6046076

4604634

0460450

6046076

4604634

0460450

6046076

4604634

0460450

6046076

4604634

0460450

6046076

4604634

0460450

6046076

4604634

0460450

6046076

4604634

0460450

6046076

4604634

0460450

6046076

4604634

0460450

6046076

4604634

0460450

7M641`

5K267l

47477$

4#417p

0/255b

7M601h

5K227T

0s2:52

8`6s0=1$

>d4q4?7

4f487|

4u4:7H

<b0w2#5.

8`6w0%1

0a2$5v

6k0"1`

4T4!7P

0\2%5B

>d4u4-7

<b0s2)5

7M6,100460

4q4/7t

1I4,5z

0*1l0460

0w2-5N

5"4604

1460450

7046076

5604634

1460450

5Bt4604

5j~4604

7046076

5604634

1460450

7046076

1,y0460

7X{6046

1<f0460

7hd6046

5&a4604

1Pg0460

4t7Xe6046

2p5Za4604

6|0v1Dg0460

?d4z4t7De6046

0u1\c0460

4^2g70460

Antivirus	Signature
Bkav	Clean
Lionic	Trojan.Win32.Blocker.V!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.70558579
FireEye	Trojan.GenericKD.70558579
CAT-QuickHeal	Clean
Skyhigh	BehavesLike.Win32.Generic.th
ALYac	Clean
Malwarebytes	Trojan.Crypt.MSIL.Generic
VIPRE	Clean
Sangfor	Clean
K7AntiVirus	Clean
BitDefender	Trojan.GenericKD.70558579
K7GW	Trojan ( 005ae5da1 )
Cybereason	Clean
Arcabit	Trojan.Generic.D434A373
Baidu	Clean
VirIT	Clean
Symantec	ML.Attribute.HighConfidence
tehtris	Clean
ESET-NOD32	a variant of MSIL/Kryptik.AKFS
Cynet	Malicious (score: 100)
APEX	Malicious
Paloalto	Clean
ClamAV	Clean
Kaspersky	HEUR:Trojan-Ransom.Win32.Blocker.pef
Alibaba	Clean
NANO-Antivirus	Clean
ViRobot	Clean
Rising	Ransom.Blocker!8.12A (CLOUD)
TACHYON	Clean
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Blocker.mysgx
DrWeb	Trojan.Packed2.45944
Zillya	Clean
TrendMicro	Trojan.Win32.AMADEY.YXDKYZ
Trapmine	malicious.moderate.ml.score
CMC	Clean
Emsisoft	Trojan.GenericKD.70558579 (B)
Ikarus	Win32.Outbreak
Jiangmin	Clean
Webroot	W32.Blocker
Varist	W32/ABRisk.BMUI-6250
Avira	TR/Blocker.mysgx
Antiy-AVL	Trojan[Ransom]/Win32.Blocker
Kingsoft	Win32.Trojan-Ransom.Blocker.pef
Gridinsoft	Malware.Win32.Blocker.cc
Xcitium	Clean
Microsoft	Trojan:Win32/ScarletFlash.A
SUPERAntiSpyware	Clean
ZoneAlarm	HEUR:Trojan-Ransom.Win32.Blocker.pef
GData	Win32.Trojan.Agent.CQGMZ3
Google	Detected
AhnLab-V3	Trojan/Win.AntiAnalysis.C5551254
Acronis	Clean
McAfee	Artemis!6866F4E7450D
MAX	malware (ai score=89)
DeepInstinct	MALICIOUS
VBA32	Clean
Cylance	unsafe
Panda	Trj/RansomGen.A
Zoner	Clean
TrendMicro-HouseCall	Trojan.Win32.AMADEY.YXDKYZ
Tencent	Win32.Trojan-Ransom.Blocker.Dkjl
Yandex	Clean
SentinelOne	Clean
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.BBC!tr
BitDefenderTheta	Clean
AVG	Win32:BotX-gen [Trj]
Avast	Win32:BotX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports