-
-
[原创]【病毒分析】Phobos家族新变种 .SRC深度分析:揭示持续演变的勒索新威胁
-
发表于: 3天前
-
# 1.背景
自 2019 年初以来,Phobos 勒索软件家族通过不断的更新与演变,成为一种全球范围内威胁严重的勒索软件。Phobos 主要通过 RDP 暴力破解和钓鱼邮件来进行传播,目标包括企业和个人用户,其感染数量呈不断上升的趋势。Phobos 家族常被认为是 Dharma 勒索软件(CrySis)的升级版,其加密方式、部分代码和勒索信的格式与 CrySis 家族非常相似。然而,Phobos 家族的新变种 .SRC 表现出了一些独特的特点,例如不同的勒索信内容,以及对某些文件夹和文件类型的处理方式上的区别,显示了其在持续演变过程中的差异化特征。
## **1.1 技术特征**
Phobos .SRC 变种在技术上继承了 Phobos 勒索软件的许多特性,同时也有一些改进与变化。以下是其主要技术特征:
- **加密方式**:Phobos 使用 AES-256 和 RSA-1024 的混合加密系统,其中 AES 用于对称加密文件,RSA 用于非对称加密关键密钥,确保文件的加密和解密具有高度的安全性。
- **持久化与特权提升**:为了确保感染持久性,Phobos 会将自身注册到 Windows 启动项和注册表的 Run 键中,并使用工具如 Smokeloader 进行进程注入,使恶意代码隐藏在合法进程中,从而逃避安全软件的检测。
- **防御规避**:Phobos 勒索软件利用 Windows 内置命令(如 `netsh firewall set opmode mode=disable`)来禁用防火墙,并使用工具如 Process Hacker 和 PowerTool 规避系统防御。同时,它会删除卷影副本,以防止受害者通过系统还原来恢复数据。
- **凭证访问与数据收集**:攻击者使用工具如 Mimikatz、Bloodhound 以及 NirSoft 从受感染系统中提取凭证和域账户信息,进行权限提升和 lateral movement。
- **加密文件目标**:Phobos 会加密所有文件,但会跳过特定文件类型和路径,以便于提高加密速度并减少误操作的风险。它通过 Windows API 获取系统区域信息,如果发现受害系统使用特定的语言环境(如俄语),则会终止感染以避免攻击该区域。
**1.2 联系方式与文件后缀**
在最新的Phobos勒索病毒.SRC变种中,勒索信的表现形式有所不同:以前的典型勒索信会生成两种文件格式——info.txt和info.hta,并分布于受感染的每个文件夹中。然而,在.SRC变种中,勒索信则更改为+README-WARNING+.txt格式,且未生成`hta`格式文件。此外,新变种的联系邮箱也发生了变化,使用的是**chewbacca@cock.li**,并新增了Tor联系渠道以增强匿名性。
勒索信内容也进行了显著调整。与旧版本的Phobos勒索信相比,.SRC变种的勒索信内容更加详尽,不再仅仅是几句简单的通知。相反,新的勒索信采用了FAQ形式,通过详细的说明引导受害者与攻击者联系,强调这是最“明智”的选择。这种变化表明Phobos家族在与受害者沟通时愈发注重细节,并努力使受害者相信支付赎金是恢复数据的唯一出路。
# 2.恶意文件基础信息
## 2.1 加密器基本信息
| **文件名:** | SRC_Visual.exe |
| ------------- | ------------------------------------------------------------ |
| **编译器:** | Microsoft Visual C/C++(14.00.50727)[LTCG/C++] |
| **大小:** | 50176(49.00 KiB) |
| **操作系统:** | Windows(95) |
| **架构:** | I386 |
| **模式:** | 32 位 |
| **类型:** | GUI |
| **字节序:** | LE |
| **MD5:** | a60e2c0dec417d2dabe40c003f39c4f2 |
| **SHA1:** | 4e7dc90c06429690c189097dac853d52812a2344 |
| **SHA256:** | 52d89ac9f3b1c74c978618f81b9323ffa8d4b8ace29b12f82bade43fca90719e |
## 2.3 勒索信
+README-WARNING+.txt
```Plain
::: Greetings :::
Little FAQ:
.1.
Q: Whats Happen?
A: Your files have been encrypted. The file structure was not damaged, we did everything possible so that this could not happen.
.2.
Q: How to recover files?
A: If you wish to decrypt your files you will need to pay us.
.3.
Q: What about guarantees?
A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc... not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee.
.4.
Q: How to contact with you?
A: You can write us to our mailbox: chewbacca@cock.li
Or you can contact us via TOX: ADA6E26332F26451E45768179C771CA87A7F0F4E234DA8D882888F505494925DCF274A3EA555
You don't know about TOX? Go to https://tox.chat
.5.
Q: How will the decryption process proceed after payment?
A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files.
.6.
Q: If I don’t want to pay bad people like you?
A: If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice - time is much more valuable than money.
:::BEWARE:::
DON'T try to change encrypted files by yourself!
If you will try to use any third party software for restoring your data or antivirus solutions - please make a backup for all encrypted files!
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.
```
# 3.加密后文件分析
## 3.1 威胁分析
| **病毒家族** | Phobos |
| ----------------------------- | ------------------------------------------------------------ |
| **首次出现时间/捕获分析时间** | 2019/05 \|\| 2024/08/14 |
| **威胁类型** | 勒索软件,加密病毒 |
| **加密文件扩展名** | [C0C5CE62].[hudsonL@cock.li].SRC |
| **勒索信文件名** | +README-WARNING+.txt |
| **有无免费解密器?** | 无 |
| **联系邮箱** | chewbacca@cock.li |
| **检测名称** | Avast (Win32:Malware-gen), AhnLab-V3 (Trojan/Win.Generic.C5576951), ALYac (Gen:Variant.Tedy.512515), Avira (no cloud) (TR/Ransom.imrnt), BitDefenderTheta (Gen:NN.ZexaF.36802.yq0@aSdxC8m), CrowdStrike Falcon (Win/malicious_confidence_100% (W)),Cylance(Unsafe),DeepInstinct(MALICIOUS),Emsisoft(Gen:Variant.Tedy.512515 (B)),ESET-NOD32(A Variant Of MSIL/Filecoder.LU),GData(Gen:Variant.Tedy.512515), Ikarus (Trojan.MSIL.Crypt),K7GW(Trojan ( 0052f4e41 )) |
| **感染症状** | 无法打开存储在计算机上的文件,以前功能的文件现在具有不同的扩展名(例如,solar.docx.locked)。桌面上会显示一条勒索要求消息。网络犯罪分子要求支付赎金(通常以比特币)来解锁您的文件。 |
| **感染方式** | 受感染的电子邮件附件(宏)、恶意广告、漏洞利用、恶意链接 |
| **受灾影响** | 所有文件都经过加密,如果不支付赎金就无法打开。其他密码窃取木马和恶意软件感染可以与勒索软件感染一起安装。 |
## 3.2 加密的测试文件
### 3.2.1 文件名
**sierting.txt**
### 3.2.2 文件大小
**0x228 字节**
### 3.2.3 具体内容
16进制:
## 3.3 加密特征
### 3.3.1 加密文件名特征
加密文件名 = 原始文件名+加密后缀 ,例如:sierting.txt.[F2479DE1].[chewbacca@cock.li].SRC
### 3.3.2 加密数据特征
**文件大小 < = 0x40000字节(全加密)**
`文件原始大小`+`0~16字节不定长的填充数据`+8个字节的`\xff`+`不定长的文件名称结构的加密数据`+4字节的`文件名称结构的加密数据长度`+16字节的IV + 128字节的RSA加密的AES密钥 + 4字节的固定值 + 4字节的加密标志
**文件大小 > 0x40000字节(部分加密):**
0x40000大小的加密数据 + 文件剩余原始数据 + `不定长的文件名称结构的加密数据`+4字节的`文件名称结构的加密数据长度`+16字节的`IV` + 128字节的RSA加密的`AES密钥`+ 4字节的固定值 + 4字节的加密标志
### 3.3.3 加密算法
文件加密使用了AES-CBC加密算法,对于文件加密所使用的KEY采用了RSA加密。
程序内字符串的解密用到了AES-ECB加密算法。
#### AES密钥生成
##### KEY
由produce_random_key函数生成,具体实现可以看密钥生成部分的分析,这里取部分实现
可以看到KEY主要是32位的随机数,随机数生成器是**CryptGenRandom函数****。**
##### IV
这部分可以看文件加密部分,具体实现可以看文件加密部分的分析,**IV**主要由**produce_random函数**生成,这里取部分实现:
可以看到IV是一串16字节的随机数,随机数生成器是**CryptGenRandom函数****。**
#### RSA密钥生成
##### 公钥
由字符串解密便宜标志'0xa'解密得来,自带BLOB结构,如下:
```SQL
0602000000a400005253413100040000010001001d35622bcfbcfe4fde59eae15c05d7528d0c1ae6755c180904dd745cd1f5a19986fce1e0e9534595e4fb7bdd6d5cc1f2cee684851bfc59529108c433185cf76c800f421aad345aa6a964e8f485acf1d3965c85654b124257e0142269eab809af68692309843ce7cd4fa8bf3124926f0403a7502abbecfa2ba7504e63a958e7bd000000000000000000000000
```
### 3.3.4 加密器释放文件
#### 勒索信(+README-WARNING+.txt)
##### 文件内容
```C++
::: Greetings :::
Little FAQ:
.1.
Q: Whats Happen?
A: Your files have been encrypted. The file structure was not damaged, we did everything possible so that this could not happen.
.2.
Q: How to recover files?
A: If you wish to decrypt your files you will need to pay us.
.3.
Q: What about guarantees?
A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc... not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee.
.4.
Q: How to contact with you?
A: You can write us to our mailbox: chewbacca@cock.li
Or you can contact us via TOX: ADA6E26332F26451E45768179C771CA87A7F0F4E234DA8D882888F505494925DCF274A3EA555
You don't know about TOX? Go to https://tox.chat
.5.
Q: How will the decryption process proceed after payment?
A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files.
.6.
Q: If I don’t want to pay bad people like you?
A: If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice - time is much more valuable than money.
:::BEWARE:::
DON'T try to change encrypted files by yourself!
If you will try to use any third party software for restoring your data or antivirus solutions - please make a backup for all encrypted files!
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.
```
##### 成分分析
勒索信的全部信息都是由字符串解密偏移标志'0x8'解密得来,跟加密的ID无任何关系。
#### 勒索壁纸(xxx.tmp.bmp)
##### 文件内容
##### 成分分析
由字符串解密偏移标志'0x3a'解密得来的字符串“Your files were encrypted!”,绘制在制定画布上得来。
# 4. 逆向分析
## 4.1 加密器逆向分析
### 4.1.1 程序入口
打开程序发现开头首先调用了**sub_407A90函数**来实现对执行用户权限的检查之后又调用了**sub_4077D0函数**对执行参数做了校验,接着调用**init_enc_obj函数**实现初始化加密对象和解密了部分字符串,最后根据前面的条件进行判断是否是管理员权限并且输入的参数是否合规,如果不合规则退出。
在完成了上述的校验后,将调用**Init_GUI函数**来显示程序窗口来根据用户需求来触发各种的事件。
### 4.1.2 检查启动权限(sub_407A90函数)
这里是比较常规的**Check管理员**的实现
### 4.1.3检查启动参数(sub_4077D0函数)
这里主要检查了一下输入的启动参数,然后根据参数是否存在和值来返回固定的值:
返回值为0:无参数
返回值为1:参数为e
返回值为2:参数为n+一串数字
### 4.1.4 解密字符串(sub_402950函数)
#### 逻辑分析
这里算是整个程序遇到的第一个算法,这里可以随便找一个,都可以看到,字符串的解密操作都是根据该标志来进行的,第一个标志对应着一串字符,也算是Phobos家族系列的经典操作之一。
在分析了多个版本的Phobos变种,都可以看到,每个版本的字符串解密都不太一样,而我们这个版本的**Phobos**变种采用的依旧是**AES256加密算法**,**ECB模式的解密方式**,但是很明显是自己写的,进入到函数内部可以通过导入密钥的**Blob结构部分**可以得知具体的加密类型和算法模式等信息。
开始分析,首先从外部调用可以看到,依旧是比较常见的偏移标志的查找,根据偏移标志来找寻对应的字符串的长度和密文位置。
进入函数内部可以看到,首先就是初始化加密密钥,这里主要运用CryptAcquireContextW来进行初始化加密类型,0x18代表设定加密类型为PROV_RSA_AES,然后下面调用CryptImportKey来导入加密密钥,其中在导入密钥前会存在一个**Blob的结构,**具体的加密类型可以依靠该结构进行识别。
AES密钥(解密字符串):
```SQL
8C93C36117EE77655080C789D0B92C73C91F1FDA560942CA72AA3DB5AC4CACB1
```
在完成了加密密钥的导入后,就该解密密文数据了
这里我们写一个IDA Python脚本将数据和标志全部提取出来:
```SQL
import idautils
import idaapi
import idc
addr = 0x41F000
sum_cipher = []
for i in range(0,0x2d):
data_addr = addr+8*i
data = hex(idc.read_dbg_byte(data_addr))
len = idc.read_dbg_word(data_addr+4)-idc.read_dbg_word(data_addr+2)
cipher = []
for k in range(0,len):
cipher_data_addr = addr+idc.read_dbg_word(data_addr+2)+k
cipher.append(idc.read_dbg_byte(cipher_data_addr))
sum_cipher.append(cipher)
print(data,cipher)
print('-'*100)
```
然后处理一下数据(从标志0开始),构造一个C++脚本来实现对数据的解密:
```SQL
#include <windows.h>
#include <wincrypt.h>
#include <iostream>
#include <vector>
#include <sstream>
#include <iomanip>
void PrintHex(const std::vector<BYTE>& data) {
std::cout << "Hex: ";
for (BYTE b : data) {
std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)b;
}
std::cout << std::endl;
}
int main() {
HCRYPTPROV hProv = NULL;
HCRYPTKEY hKey = NULL;
if (!CryptAcquireContextW(&hProv, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) {
std::cout << "Failed to acquire crypto context!" << std::endl;
return 1;
}
unsigned char key[32] = {
0x8C, 0x93, 0xC3, 0x61, 0x17, 0xEE, 0x77, 0x65, 0x50, 0x80,
0xC7, 0x89, 0xD0, 0xB9, 0x2C, 0x73, 0xC9, 0x1F, 0x1F, 0xDA,
0x56, 0x09, 0x42, 0xCA, 0x72, 0xAA, 0x3D, 0xB5, 0xAC, 0x4C,
0xAC, 0xB1
};
struct {
BLOBHEADER hdr;
DWORD keySize;
BYTE keyData[32];
} keyBlob;
keyBlob.hdr.bType = PLAINTEXTKEYBLOB;
keyBlob.hdr.bVersion = CUR_BLOB_VERSION;
keyBlob.hdr.reserved = 0;
keyBlob.hdr.aiKeyAlg = CALG_AES_256;
keyBlob.keySize = 32;
memcpy(keyBlob.keyData, key, 32);
std::vector<std::string> sign_list = { "0x0", "0x1", "0x4", "0x5", "0x6", "0x7", "0x8", "0x9", "0xa", "0xc", "0xe", "0xf", "0x10", "0x11", "0x12", "0x13", "0x14", "0x16", "0x17", "0x18", "0x19", "0x1a", "0x1b", "0x1e", "0x1f", "0x20", "0x21", "0x22", "0x23", "0x24", "0x25", "0x26", "0x27", "0x28", "0x29", "0x2a", "0x2b", "0x2c", "0x33", "0x36", "0x37", "0x38", "0x39" ,"0x3a"};;
std::vector<std::vector<BYTE>> cipher_list = {
{84, 193, 164, 131, 219, 130, 47, 108, 192, 20, 48, 116, 31, 202, 206, 31, 45, 132, 42, 178, 65, 215, 203, 28, 93, 184, 43, 117, 78, 237, 248, 206}, {205, 64, 217, 196, 63, 9, 44, 9, 32, 203, 49, 156, 87, 2, 229, 192, 14, 183, 145, 174, 109, 239, 47, 175, 41, 89, 206, 231, 223, 102, 191, 13, 255, 204, 188, 186, 210, 176, 6, 8, 110, 232, 254, 109, 118, 217, 78, 57, 158, 125, 43, 169, 138, 255, 110, 33, 149, 64, 176, 49, 153, 106, 79, 208},
{115, 228, 119, 26, 133, 194, 217, 50, 140, 71, 43, 242, 116, 74, 143, 37, 208, 175, 234, 92, 156, 221, 229, 239, 183, 235, 157, 27, 197, 252, 116, 193, 129, 8, 105, 72, 249, 190, 174, 42, 85, 197, 181, 37, 184, 148, 156, 79, 16, 180, 57, 73, 69, 57, 244, 223, 183, 5, 172, 121, 226, 104, 8, 207, 104, 149, 188, 150, 207, 173, 233, 11, 182, 16, 16, 96, 226, 157, 113, 183, 191, 75, 238, 170, 44, 115, 0, 215, 213, 227, 94, 153, 62, 19, 15, 245, 102, 108, 148, 54, 79, 141, 48, 109, 69, 25, 169, 99, 210, 62, 139, 58, 52, 38, 195, 4, 125, 77, 253, 132, 136, 83, 163, 202, 174, 61, 177, 136, 170, 162, 186, 37, 195, 209, 93, 172, 38, 223, 26, 194, 101, 55, 249, 168, 208, 58, 190, 123, 56, 115, 1, 227, 50, 223, 107, 220, 31, 168, 173, 133, 171, 179, 82, 15, 10, 127, 251, 173, 187, 49, 213, 191, 149, 201, 93, 54, 187, 124, 207, 180, 186, 26, 55, 212, 102, 29, 97, 215, 76, 198, 188, 17},
{222, 55, 116, 106, 205, 240, 172, 80, 144, 36, 154, 125, 243, 40, 137, 67, 242, 106, 3, 192, 230, 18, 88, 45, 138, 203, 130, 141, 255, 206, 44, 196, 102, 200, 233, 123, 44, 15, 163, 29, 159, 34, 139, 36, 233, 181, 55, 138, 73, 231, 255, 89, 123, 127, 226, 171, 187, 66, 102, 214, 42, 138, 31, 146, 24, 220, 180, 89, 206, 36, 47, 58, 169, 128, 102, 212, 139, 165, 184, 246, 242, 203, 51, 33, 247, 235, 206, 147, 165, 134, 240, 14, 97, 152, 221, 55, 72, 204, 140, 107, 155, 57, 33, 147, 169, 23, 61, 86, 34, 160, 138, 160, 53, 122, 51, 154, 19, 108, 152, 195, 74, 243, 64, 81, 231, 96, 235, 61, 222, 207, 140, 216, 39, 79, 16, 124, 117, 85, 195, 237, 174, 50, 49, 169, 21, 157, 216, 39, 175, 185, 87, 175, 185, 78, 225, 68, 131, 211, 161, 5, 199, 178, 175, 110, 57, 43, 202, 237, 8, 38, 229, 175, 240, 221, 234, 22, 113, 33, 159, 75, 206, 161, 164, 199, 129, 6, 15, 146, 198, 218, 102, 66, 238, 102, 84, 67, 21, 62, 5, 74, 189, 47, 246, 126, 25, 197, 166, 136, 150, 180, 237, 145, 15, 14, 81, 83, 28, 131, 178, 6, 116, 71, 129, 10, 48, 74, 174, 74, 179, 248, 134, 41, 225, 100, 161, 133, 65, 16, 176, 249, 209, 89, 212, 4, 73, 131, 128, 140, 185, 190, 80, 204, 214, 41, 183, 208, 61, 130, 53, 115, 177, 246, 27, 174, 13, 127, 218, 158, 42, 63, 201, 237, 22, 201, 231, 92, 9, 151, 180, 165, 113, 66, 57, 4, 153, 102, 56, 239, 24, 136, 195, 251, 23, 99, 99, 112, 139, 221, 39, 9, 225, 168, 220, 107, 210, 95, 127, 83, 6, 156, 124, 60, 246, 100, 54, 194, 110, 59, 227, 65, 232, 39, 119, 177, 195, 89, 172, 148, 229, 131, 92, 47, 52, 169, 2, 77, 223, 179, 233, 41, 21, 204, 0, 85, 160, 103, 243, 112, 213, 70, 174, 248, 255, 28, 176, 17, 114, 204, 152, 97, 250, 181, 127, 84, 49, 236, 52, 4, 207, 141, 234, 22, 20, 12, 151, 241, 143, 113, 219, 207, 216, 45, 199, 218, 235, 12, 142, 161, 97, 62, 208, 19, 82, 179, 109, 119, 184, 213, 216, 222, 23, 29, 192, 79, 127, 209, 111, 155, 171, 133, 110, 254, 188, 75, 22, 117, 33, 166, 105, 146, 230, 134, 184, 233, 46, 110, 150, 94, 222, 27, 250, 42, 141, 230, 24, 173, 165, 11, 46, 80, 101, 140, 74, 190, 118, 157, 133, 133, 111, 69, 211, 96, 83, 148, 160, 230, 148, 96, 104, 79, 204, 164, 9, 119, 33, 189, 150, 180, 206, 83, 201, 149, 17, 111, 15, 19, 130, 169, 253, 16, 178, 47, 242, 181, 203, 111, 250, 156, 212, 177, 157, 44, 44, 228, 76, 61, 203, 146, 68, 127, 156, 10, 0, 121, 113, 32, 254, 96, 115, 249, 208, 239, 251, 146, 179, 26, 6, 99, 22, 46, 255, 175, 121, 42, 5, 223, 234, 145, 115, 201, 199, 155, 76, 76, 244, 5, 39, 97, 249, 52, 71, 52, 23, 235, 255, 187, 194, 0, 52, 239, 14, 158, 34, 206, 51, 255, 167, 208, 121, 36, 70, 7, 147, 100, 122, 46, 105, 219, 244, 212, 77, 137, 205, 241, 61, 23, 247, 184, 247, 16, 22, 238, 176, 33, 171, 13, 250, 131, 18, 28, 189, 226, 86, 219, 21, 90, 99, 238, 212, 7, 58, 7, 225, 187, 159, 115, 67, 136, 87, 111, 131, 46, 99, 209, 80, 45, 64, 163, 104, 40, 29, 84, 238, 36, 150, 1, 18, 5, 10, 69, 160, 220, 38, 216, 237, 232, 225, 18, 246, 104, 39, 54, 58, 83, 88, 109, 61, 228, 77, 188, 14, 206, 25, 15, 172, 135, 69, 24, 75, 85, 42, 17, 109, 132, 235, 52, 113, 5, 222, 33, 38, 241, 229, 76, 235, 221, 227, 52, 0, 196, 130, 239, 73, 130, 254, 70, 102, 230, 145, 84, 94, 76, 190, 140, 220, 34, 113, 202, 141, 77, 141, 80, 161, 94, 111, 124, 118, 63, 124, 91, 211, 45, 178, 205, 64, 159, 155, 157, 30, 69, 242, 141, 225, 107, 207, 122, 56, 221, 96, 69, 168, 56, 131, 176, 30, 69, 95, 78, 38, 139, 48, 203, 14, 133, 166, 61, 8, 86, 217, 70, 158, 73, 153, 172, 52, 13, 210, 249, 252, 106, 119, 245, 87, 4, 247, 198, 35, 138, 162, 251, 164, 201, 40, 13, 33, 27, 101, 114, 228, 167, 182, 62, 47, 79, 36, 18, 116, 237, 159, 181, 244, 147, 7, 77, 228, 144, 171, 236, 249, 110, 237, 118, 67, 84, 8, 141, 11, 40, 122, 163, 163, 111, 88, 221, 251, 133, 158, 159, 139, 119, 109, 119, 223, 212, 2, 112, 152, 253, 133, 245, 209, 62, 203, 255, 24, 91, 4, 123, 104, 212, 253, 13, 164, 58, 48, 233, 37, 14, 201, 209, 177, 47, 59, 162, 223, 210, 15, 119, 86, 69, 174, 151, 201, 55, 45, 5, 142, 252, 215, 79, 25, 187, 230, 157, 238, 30, 222, 176, 233, 147, 156, 235, 120, 13, 177, 53, 80, 21, 99, 147, 199, 93, 95, 18, 3, 50, 48, 92, 227, 81, 102, 102, 227, 255, 58, 167, 101, 200, 142, 189, 166, 54, 162, 189, 123, 233, 50, 67, 26, 236, 144, 200, 23, 2, 159, 147, 17, 158, 111, 149, 11, 160, 99, 60, 0, 47, 163, 107, 70, 107, 59, 100, 0, 141, 1, 134, 104, 30, 221, 110, 109, 103, 243, 243, 229, 236, 185, 252, 69, 196, 229, 0, 198, 35, 222, 28, 253, 193, 234, 124, 60, 196, 255, 192, 240, 45, 70, 51, 186, 43, 55, 161, 230, 103, 236, 245, 226, 61, 153, 10, 246, 149, 111, 88, 191, 230, 101, 144, 116, 13, 46, 53, 123, 34, 135, 27, 24, 107, 255, 57, 132, 133, 63, 102, 255, 136, 149, 166, 243, 150, 60, 169, 172, 11, 114, 138, 58, 77, 93, 64, 44, 166, 17, 67, 126, 137, 23, 145, 45, 234, 4, 109, 192, 153, 75, 124, 17, 98, 168, 226, 71, 164, 114, 209, 16, 57, 232, 173, 136, 220, 147, 205, 162, 79, 66, 247, 220, 14, 187, 122, 120, 152, 11, 71, 129, 242, 196, 178, 51, 102, 21, 51, 127, 203, 124, 227, 6, 221, 52, 90, 214, 222, 139, 147, 239, 199, 228, 177, 26, 160, 47, 107, 39, 101, 59, 144, 213, 61, 251, 152, 233, 185, 28, 126, 91, 197, 182, 16, 199, 26, 44, 93, 147, 212, 123, 184, 253, 253, 195, 51, 13, 53, 19, 144, 130, 92, 65, 221, 229, 90, 40, 88, 152, 29, 103, 180, 82, 225, 206, 221, 159, 83, 125, 131, 141, 215, 64, 190, 97, 128, 241, 143, 187, 47, 128, 154, 71, 165, 40, 177, 97, 218, 203, 45, 94, 87, 7, 110, 6, 32, 117, 50, 68, 46, 170, 212, 29, 81, 157, 191, 52, 113, 212, 28, 138, 9, 206, 152, 216, 251, 31, 8, 81, 237, 75, 189, 111, 15, 202, 14, 45, 199, 181, 65, 17, 3, 8, 78, 116, 72, 38, 139, 114, 82, 106, 41, 4, 70, 4, 159, 100, 109, 200, 197, 169, 232, 149, 136, 112, 133, 82, 175, 203, 162, 56, 96, 140, 81, 56, 198, 251, 198, 107, 238, 150, 33, 154, 15, 193, 150, 187, 152, 100, 193, 216, 208, 89, 57, 147, 212, 13, 64, 147, 53, 46, 10, 45, 108, 87, 157, 57, 129, 209, 222, 71, 216, 29, 17, 107, 212, 124, 196, 87, 210, 139, 11, 158, 106, 208, 230, 127, 211, 219, 176, 39, 114, 5, 101, 45, 145, 117, 47, 123, 249, 94, 80, 154, 228, 196, 126, 114, 164, 91, 127, 250, 21, 195, 247, 46, 207, 14, 117, 113, 131, 167, 224, 112, 218, 104, 231, 215, 108, 193, 147, 129, 185, 237, 26, 83, 106, 197, 190, 93, 246, 252, 42, 123, 111, 236, 102, 238, 14, 158, 58, 62, 206, 107, 11, 96, 103, 188, 210, 178, 49, 181, 197, 144, 115, 28, 240, 132, 225, 153, 189, 164, 57, 251, 180, 224, 124, 29, 19, 113, 168, 12, 73, 15, 163, 169, 119, 220, 129, 238, 160, 227, 42, 240, 228, 71, 226, 174, 59, 16, 140, 160, 91, 244, 130, 39, 208, 75, 97, 216, 174, 143, 87, 75, 65, 194, 94, 217, 201, 67, 63, 34, 229, 240, 192, 73, 64, 142, 145, 124, 209, 71, 183, 163, 153, 87, 70, 160, 105, 172, 222, 193, 117, 234, 253, 146, 211, 141, 52, 97, 58, 226, 103, 104, 8, 139, 137, 164, 243, 107, 223, 57, 142, 247, 250, 7, 33, 196, 98, 167, 195, 169, 172, 245, 55, 40, 120, 106, 167, 213, 139, 153, 48, 25, 156, 80, 40, 109, 175, 101, 205, 232, 184, 252, 156, 140, 36, 144, 225, 160, 180, 162, 178, 204, 192, 174, 189, 97, 236, 191, 14, 82, 142, 30, 141, 117, 79, 197, 208, 70, 58, 205, 227, 219, 137, 245, 170, 202, 16, 174, 20, 143, 218, 253, 235, 21, 231, 181, 226, 74, 207, 206, 137, 190, 113, 234, 115, 163, 111, 17, 156, 213, 13, 205, 14, 120, 26, 214, 18, 171, 117, 162, 255, 137, 250, 93, 235, 48, 126, 234, 49, 73, 216, 81, 206, 141, 35, 86, 55, 24, 118, 42, 128, 53, 213, 85, 253, 76, 185, 12, 230, 52, 37, 241, 172, 166, 36, 191, 168, 168, 156, 24, 228, 14, 255, 146, 237, 245, 164, 118, 15, 224, 198, 192, 29, 70, 212, 48, 27, 130, 192, 73, 199, 117, 18, 204, 216, 51, 190, 144, 171, 32, 103, 172, 12, 2, 194, 243, 231, 79, 148, 46, 193, 88, 195, 198, 165, 203, 242, 144, 225, 32, 6, 140, 219, 161, 224, 208, 211, 98, 7, 102, 117, 169, 241, 54, 122, 57, 245, 164, 66, 42, 158, 40, 45, 101, 218, 27, 112, 30, 6, 204, 104, 90, 83, 210, 151, 42, 71, 230, 110, 163, 69, 86, 230, 48, 100, 24, 249, 140, 103, 179, 187, 23, 40, 255, 144, 6, 152, 7, 86, 246, 99, 37, 169, 48, 53, 106, 234, 202, 172, 51, 95, 195, 166, 50, 208, 0, 146, 37, 75, 77, 131, 123, 223, 185, 197, 101, 54, 143, 63, 92, 194, 255, 67, 6, 22, 194, 133, 8, 199, 59, 87, 204, 206, 239, 8, 85, 91, 67, 42, 173, 231, 27, 178, 37, 40, 88, 61, 185, 156, 176, 236, 98, 167, 191, 128, 226, 168, 97, 9, 62, 71, 241, 26, 142, 7, 9, 169, 126, 33, 138, 215, 169, 55, 122, 38, 138, 50, 71, 90, 11, 175, 158, 16, 66, 34, 218, 133, 162, 225, 126, 86, 12, 40, 95, 120, 233, 242, 123, 215, 73, 167, 19, 147, 131, 151, 224, 186, 83, 227, 7, 214, 113, 229, 37, 223, 10, 66, 61, 237, 151, 36, 196, 174, 158, 118, 144, 42, 37, 169, 241, 172, 255, 61, 211, 201, 82, 254, 210, 144, 201, 123, 254, 190, 155, 227, 92, 11, 118, 220, 191, 98, 57, 249, 209, 241, 135, 31, 55, 164, 161, 158, 135, 46, 71, 213, 37, 60, 38, 39, 84, 55, 251, 52, 141, 188, 225, 38, 100, 152, 48, 7, 149, 193, 31, 222, 126, 211, 117, 90, 89, 129, 156, 57, 110, 21, 127, 248, 107, 83, 65, 49, 34, 225, 142, 54, 240, 137, 252, 57, 180, 208, 92, 161, 72, 16, 234, 11, 123, 230, 255, 18, 7, 220, 46, 48, 78, 103, 216, 153, 242, 153, 79, 17, 104, 90, 202, 0, 145, 122, 205, 196, 28, 159, 81, 141, 15, 115, 165, 220, 46, 181, 0, 122, 35, 154, 195, 173, 42, 14, 157, 241, 253, 170, 176, 232, 91, 81, 173, 0, 17, 198, 93, 26, 62, 65, 226, 102, 162, 25, 183, 235, 1, 36, 210, 196, 114, 228, 109, 148, 179, 122, 156, 128, 144, 71, 93, 77, 147, 5, 155, 204, 165, 147, 233, 238, 248, 103, 122, 173, 110, 21, 184, 98, 165, 216, 53, 27, 180, 28, 148, 200, 166, 59, 43, 142, 10, 17, 115, 247, 222, 137, 200, 167, 254, 164, 33, 75, 78, 44, 1, 156, 120, 9, 142, 218, 53, 177, 154, 149, 148, 140, 184, 254, 244, 48, 202, 226, 67, 59, 29, 168, 39, 225, 193, 122, 213, 225, 217, 66, 50, 160, 96, 133, 133, 220, 110, 232, 166, 33, 104, 90, 225, 181, 248, 59, 138, 44, 91, 229, 191, 21, 36, 173, 47, 245, 200, 37, 144, 32, 78, 11, 109, 127, 2, 98, 108, 62, 36, 83, 174, 68, 60, 109, 204, 232, 112, 115, 69, 130, 17, 46, 180, 61, 42, 158, 81, 48, 133, 137, 70, 124, 253, 37, 105, 130, 88, 239, 151, 85, 190, 146, 23, 240, 100, 71, 24, 237, 49, 254, 27, 206, 203, 247, 129, 198, 165, 15, 131, 14, 141, 91, 40, 149, 88, 64, 200, 62, 11, 167, 134, 193, 86, 203, 139, 227, 10, 243, 175, 122, 248, 3, 252, 155, 136, 137, 75, 187, 30, 54, 209, 137, 107, 14, 73, 187, 82, 246, 108, 57, 236, 179, 115, 127, 3, 236, 49, 133, 41, 217, 157, 41, 91, 106, 56, 102, 157, 62, 32, 42, 124, 185, 189, 76, 68, 158, 61, 162, 159, 24, 14, 158, 69, 164, 222, 213, 250, 156, 43, 27, 199, 96, 234, 148, 90, 228, 162, 90, 223, 1, 136, 117, 65, 142, 175, 14, 108, 76, 58, 185, 179, 138, 99, 18, 150, 178, 215, 121, 240, 98, 172, 62, 154, 8, 212, 104, 96, 111, 97, 169, 31, 137, 179, 156, 120, 145, 242, 222, 163, 59, 201, 0, 194, 24, 210, 225, 59, 191, 118, 68, 22, 223, 22, 56, 43, 24, 46, 145, 251, 127, 227, 74, 86, 105, 48, 11, 50, 223, 175, 107, 223, 210, 193, 39, 126, 5, 149, 158, 84, 240, 71, 140, 244, 19, 74, 53, 252, 81, 26, 43, 241, 44, 54, 242, 4, 169, 129, 120, 106, 131, 2, 41, 223, 60, 67, 222, 243, 212, 105, 188, 99, 220, 41, 30, 76, 189, 114, 65, 40, 41, 128, 96, 206, 211, 55, 252, 60, 188, 125, 155, 210, 31, 165, 192, 82, 204, 143, 130, 225, 75, 85, 152, 43, 167, 88, 151, 121, 170, 137, 47, 169, 227, 105, 228, 91, 210, 24, 155, 237, 204, 1, 6, 206, 213, 45, 60, 135, 36, 134, 108, 207, 153, 0, 29, 164, 131, 186, 152, 248, 185, 46, 115, 163, 99, 244, 67, 209, 122, 74, 56, 187, 227, 182, 90, 85, 57, 108, 223, 239, 77, 28, 209, 158, 138, 222, 162, 103, 28, 122, 101, 105, 140, 176, 1, 70, 136, 62, 60, 48, 67, 108, 239, 49, 145, 111, 61, 145, 182, 107, 53, 55, 32, 101, 96, 210, 252, 181, 194, 196, 66, 177, 166, 156, 140, 114, 60, 62, 150, 92, 247, 186, 0, 105, 206, 99, 217, 164, 185, 124, 97, 227, 143, 100, 14, 159, 226, 95, 3, 237, 221, 176, 252, 74, 143, 42, 164, 74, 215, 236, 144, 185, 173, 159, 188, 11, 170, 155, 203, 73, 134, 17, 196, 197, 252, 241, 157, 52, 250, 55, 34, 110, 92, 119, 254, 197, 54, 193, 194, 68, 130, 226, 28, 238, 162, 38, 252, 34, 33, 210, 75, 48, 204, 168, 135, 23, 104, 75, 103, 242, 131, 84, 230, 72, 70, 167, 97, 9, 101, 175, 63, 86, 232, 186, 80, 92, 248, 22, 15, 202, 18, 245, 54, 127, 149, 101, 20, 97, 17, 203, 86, 130, 91, 14, 104, 164, 225, 190, 155, 36, 203, 243, 187, 83, 16, 30, 241, 98, 93, 145, 37, 42, 141, 41, 89, 113, 178, 201, 147, 149, 149, 137, 188, 92, 195, 211, 218, 92, 37, 60, 61, 165, 198, 159, 229, 99, 25, 211, 171, 134, 60, 127, 223, 156, 51, 138, 181, 151, 140, 233, 10, 44, 104, 228, 218, 113, 174, 57, 67, 248, 157, 229, 252, 234, 124, 145, 186, 157, 198, 226, 95, 155, 169, 97, 204, 240, 18, 34, 153, 235, 7, 93, 161, 199, 147, 50, 195, 244, 243, 69, 0, 101, 26, 252, 110, 113, 116, 231, 173, 29, 170, 136, 131, 146, 60, 54, 17, 16, 184, 17, 79, 187, 202, 78, 198, 139, 70, 214, 29, 247, 34, 174, 3, 98, 17, 29, 137, 69, 155, 116, 114, 70, 87, 225, 169, 212, 108, 206, 232, 118, 47, 23, 96, 63, 31, 88, 227, 82, 221, 153, 108, 55, 178, 220, 173, 98, 39, 213, 225, 229, 142, 177, 7, 195, 254, 85, 62, 172, 141, 252, 191, 204, 142, 143, 161, 147, 249, 194, 208, 62, 140, 102, 29, 195, 158, 101, 200, 79, 241, 92, 42, 14, 62, 97, 218, 81, 80, 197, 143, 47, 43, 241, 181, 97, 104, 45, 19, 24, 142, 169, 144, 237, 34, 55, 80, 192, 141, 78, 51, 69, 128, 4, 129, 19, 246, 112, 201, 179, 131, 244, 208, 245, 137, 98, 77, 255, 232, 109, 226, 183, 111, 137, 23, 220, 32, 237, 236, 216, 78, 104, 166, 151, 238, 217, 137, 126, 190, 6, 95, 254, 197, 228, 51, 85, 122, 138, 53, 36, 60, 142, 234, 88, 156, 104, 171, 203, 173, 159, 214, 40, 253, 11, 218, 49, 48, 5, 156, 250, 30, 59, 71, 135, 119, 202, 121, 213, 194, 45, 197, 251, 15, 111, 242, 16, 233, 163, 165, 25, 5, 123, 214, 227, 246, 126, 57, 44, 139, 134, 154, 224, 65, 143, 42, 59, 29, 226, 195, 160, 139, 77, 91, 55, 194, 120, 232, 243, 93, 166, 188, 155, 132, 168, 1, 169, 66, 50, 81, 194, 205, 29, 222, 160, 210, 155, 49, 228, 110, 216, 127, 250, 93, 13, 48, 152, 231, 117, 1, 222, 59, 0, 88, 184, 204, 232, 101, 235, 58, 89, 221, 93, 43, 138, 92, 79, 203, 106, 231, 133, 247, 244, 75, 249, 97, 188, 143, 188, 165, 83, 247, 227, 236, 162, 219, 113, 4, 176, 46, 203, 55, 104, 218, 108, 181, 118, 215, 246, 196, 223, 3, 181, 161, 79, 41, 70, 78, 19, 171, 48, 4, 50, 170, 144, 97, 237, 210, 38, 54, 58, 150, 241, 108, 26, 183, 253, 83, 118, 19, 30, 46, 38, 156, 12, 36, 73, 249, 39, 220, 31, 171, 53, 24, 142, 217, 122, 106, 236, 93, 79, 120, 62, 103, 117, 129, 128, 175, 24, 62, 34, 221, 102, 148, 243, 50, 220, 47, 31, 30, 0, 220, 89, 18, 180, 136, 253, 194, 248, 223, 179, 66, 111, 46, 62, 218, 148, 53, 248, 13, 141, 168, 29, 77, 246, 217, 127, 49, 97, 26, 229, 100, 122, 47, 65, 192, 45, 4, 119, 217, 163, 23, 1, 35, 37, 151, 16, 87, 144, 141, 120, 65, 63, 10, 204, 88, 154, 136, 134, 109, 114, 132, 101, 167, 146, 81, 136, 156, 37, 114, 186, 209, 23, 66, 86, 62, 161, 221, 233, 23, 90, 74, 238, 219, 243, 226, 193, 97, 225, 166, 78, 156, 208, 33, 170, 166, 115, 26, 83, 5, 205, 10, 47, 239, 101, 39, 62, 254, 207, 122, 192, 238, 33, 134, 100, 50, 47, 55, 7, 93, 81, 4, 131, 247, 124, 96, 228, 227, 53, 194, 151, 222, 36, 69, 211, 133, 231, 79, 152, 37, 58, 207, 203, 230, 3, 233, 205, 91, 9, 199, 216, 230, 162, 10, 97, 92, 27, 80, 154, 203, 152, 253, 129, 46, 185, 135, 170, 27, 226, 204, 31, 143, 250, 6, 117, 144, 197, 247, 103, 214, 184, 172, 28, 21, 137, 122, 64, 128, 218, 243, 220, 174, 251, 224, 222, 252, 248, 167, 92, 122, 138, 214, 188, 247, 98, 71, 95, 211, 228, 195, 121, 155, 46, 38, 109, 254, 167, 59, 222, 104, 57, 96, 67, 173, 23, 66, 238, 21, 196, 58, 205, 135, 166, 39, 73, 118, 41, 176, 234, 74, 145, 67, 43, 121, 40, 247, 175, 132, 238, 132, 56, 123, 171, 236, 23, 115, 136, 171, 113, 172, 173, 44, 154, 31, 19, 170, 56, 5, 3, 38, 182, 27, 236, 127, 119, 204, 215, 116, 192, 198, 194, 38, 236, 172, 162, 154, 77, 202, 30, 24, 204, 60, 24, 118, 134, 164, 236, 143, 212, 236, 153, 64, 219, 135, 142, 27, 24, 250, 95, 126, 255, 247, 96, 126, 13, 229, 217, 217, 112, 250, 150, 138, 158, 211, 80, 128, 36, 231, 121, 226, 135, 164, 177, 18, 68, 45, 153, 18, 220, 32, 250, 200, 5, 252, 135, 160, 202, 64, 181, 176, 4, 146, 215, 232, 249, 10, 98, 54, 209, 87, 190, 124, 61, 213, 4, 251, 46, 141, 11, 128, 115, 53, 243, 5, 237, 60, 68, 58, 248, 149, 231, 251, 69, 18, 200, 237, 156, 181, 19, 32, 155, 232, 125, 29, 85, 206, 149, 5, 181, 53, 30, 89, 106, 58, 80, 42, 116, 37, 93, 127, 22, 103, 32, 122, 41, 98, 71, 154, 194, 108, 184, 125, 175, 243, 136, 38, 203, 168, 52, 133, 136, 76, 71, 144, 2, 198, 62, 73, 131, 229, 238, 91, 36, 3, 237, 143, 247, 205, 192, 42, 32, 12, 250, 65, 2, 48, 76, 16, 204, 4, 246, 106, 200, 254, 36, 165, 27, 225, 60, 53, 127, 0, 147, 93, 35, 218, 122, 5, 164, 14, 89, 187, 15, 45, 46, 183, 173, 230, 84, 205, 224, 62, 252, 21, 204, 220, 161, 10, 40, 126, 2, 137, 79, 31, 102, 109, 203, 99, 196, 189, 205, 61, 193, 244, 247, 1, 213, 4, 111, 198, 196, 179, 72, 69, 203, 168, 115, 148, 9, 21, 20, 142, 61, 167, 157, 187, 128, 193, 73, 111, 161, 174, 170, 191, 219, 128, 20, 181, 66, 89, 238, 201, 66, 12, 187, 94, 56, 208, 189, 174, 161, 178, 47, 37, 93, 3, 231, 42, 89, 122, 112, 243, 181, 65, 27, 197, 128, 73, 92, 139, 126, 63, 159, 114, 203, 70, 146, 0, 184, 73, 151, 33, 225, 244, 86, 182, 119, 30, 166, 222, 165, 127, 120, 214, 81, 34, 92, 65, 37, 195, 196, 153, 6, 184, 57, 44, 179, 138, 185, 39, 93, 51, 229, 72, 241, 169, 232, 74, 134, 210, 200, 150, 178, 12, 104, 115, 38, 68, 220, 228, 94, 190, 166, 232, 250, 77, 138, 55, 76, 170, 217, 130, 243, 64, 154, 189, 152, 71, 119, 33, 48, 249, 41, 97, 182, 173, 241, 250, 55, 135, 4, 76, 64, 154, 150, 247, 234, 136, 197, 129, 197, 24, 239, 122, 219, 64, 79, 78, 69, 127, 35, 210, 198, 177, 194, 193, 89, 251, 62, 73, 31, 116, 176, 32, 228, 77, 142, 96, 74, 171, 247, 2, 45, 254, 216, 30, 229, 221, 149, 95, 169, 194, 97, 251, 28, 59, 26, 228, 13, 34, 55, 58, 31, 4, 66, 129, 55, 134, 139, 63, 103, 13, 133, 252, 45, 197, 78, 137, 157, 114, 202, 83, 136, 197, 199, 30, 26, 178, 199, 198, 166, 101, 199, 72, 212, 191, 155, 98, 27, 222, 195, 137, 186, 149, 159, 109, 213, 56, 246, 134, 240, 109, 194, 57, 142, 34, 12, 54, 192, 243, 135, 82, 215, 144, 195, 138, 177, 168, 168, 109, 225, 15, 102, 84, 160, 71, 162, 29, 32, 13, 81, 203, 29, 21, 49, 159, 213, 127, 50, 189, 143, 115, 180, 194, 148, 201, 230, 46, 202, 223, 164, 184, 72, 73, 152, 134, 204, 72, 144, 43, 125, 68, 140, 53, 68, 246, 179, 52, 196, 16, 247, 189, 4, 117, 201, 53, 151, 243, 88, 191, 146, 139, 2, 24, 211, 197, 23, 58, 218, 219, 24, 179, 172, 177, 102, 194, 3, 221, 59, 161, 239, 123, 19, 9, 162, 144, 58, 222, 239, 56, 176, 105, 154, 164, 57, 167, 236, 56, 84, 161, 166, 144, 142, 73, 205, 83, 183, 146, 222, 132, 3, 102, 29, 152, 68, 140, 130, 118, 131, 55, 129, 229, 18, 109, 173, 31, 28, 224, 149, 43, 146, 80, 163, 59, 156, 238, 169, 93, 49, 34, 125, 100, 64, 128, 165, 248, 212, 25, 123, 187, 96, 104, 207, 143, 77, 17, 159, 107, 176, 148, 253, 150, 165, 166, 39, 112, 144, 12, 26, 139, 123, 175, 135, 188, 95, 192, 56, 185, 82, 244, 37, 172, 170, 83, 183, 209, 161, 12, 122, 55, 164, 41, 3, 235, 214, 251, 218, 227, 254, 23, 201, 104, 195, 251, 104, 96, 40, 196, 185, 233, 56, 29, 197, 238, 217, 251, 191, 5, 103, 55, 138, 147, 45, 167, 208, 112, 146, 115, 221, 76, 52, 199, 235, 142, 71, 9, 65, 59, 8, 228, 127, 199, 36, 73, 145, 214, 213, 32, 114, 14, 130, 11, 122, 23, 206, 8, 179, 193, 167, 186, 62, 26, 31, 56, 243, 52, 164, 30, 80, 103, 135, 218, 205, 159, 209, 34, 79, 109, 180, 90, 248, 193, 54, 169, 87, 85, 3, 71, 173, 155, 143, 95, 114, 80, 207, 114, 116, 174, 39, 122, 81, 65, 131, 106, 96, 49, 104, 128, 174, 125, 150, 236, 180, 110, 92, 45, 197, 146, 123, 192, 171, 217, 224, 175, 211, 227, 214, 20, 66, 60, 146, 135, 248, 227, 31, 51, 251, 5, 142, 29, 16, 128, 192, 29, 160, 224, 200, 78, 179, 108, 186, 132, 95, 33, 209, 182, 37, 114, 243, 206, 184, 92, 233, 81, 117, 223, 231, 146, 177, 149, 159, 36, 46, 243, 225, 204, 214, 170, 210, 33, 84, 236, 137, 131, 77, 76, 104, 42, 75, 249, 103, 140, 223, 150, 132, 252, 253, 139, 155, 228, 129, 76, 78, 56, 34, 181, 193, 206, 10, 39, 51, 123, 85, 45, 67, 118, 46, 199, 106, 45, 68, 33, 51, 240, 28, 79, 41, 20, 64, 47, 66, 80, 110, 107, 9, 110, 38, 179, 143, 254, 76, 239, 100, 27, 167, 83, 77, 180, 93, 252, 122, 18, 224, 21, 17, 26, 191, 126, 113, 88, 58, 119, 114, 77, 16, 5, 17, 207, 210, 100, 104, 181, 114, 165, 201, 20, 241, 77, 187, 180, 169, 237, 178, 29, 174, 92, 191, 253, 255, 152, 186, 15, 162, 161, 18, 174, 216, 106, 218, 230, 108, 235, 118, 200, 10, 203, 51, 175, 154, 123, 213, 135, 229, 221, 30, 65, 235, 221, 129, 92, 60, 222, 8, 65, 138, 91, 25, 225, 127, 67, 183, 197, 249, 107, 151, 187, 218, 77, 253, 55}, {224, 102, 111, 229, 237, 236, 66, 135, 217, 189, 237, 59, 167, 253, 162, 98, 75, 237, 42, 27, 67, 48, 78, 224, 133, 136, 149, 139, 194, 166, 41, 43, 173, 89, 2, 249, 21, 119, 151, 8, 198, 158, 64, 226, 237, 98, 33, 156, 108, 244, 151, 13, 32, 182, 21, 109, 250, 39, 123, 136, 64, 190, 240, 252},
{172, 216, 49, 10, 94, 15, 148, 198, 39, 201, 64, 228, 99, 74, 46, 104, 101, 72, 204, 137, 101, 226, 109, 170, 22, 119, 173, 180, 38, 192, 231, 81, 102, 74, 88, 90, 46, 12, 80, 172, 133, 111, 133, 84, 165, 160, 125, 41, 54, 179, 12, 58, 14, 236, 130, 31, 60, 14, 238, 40, 156, 240, 13, 86},
{141, 224, 118, 136, 253, 124, 94, 190, 31, 93, 66, 101, 200, 215, 7, 56, 44, 175, 116, 172, 61, 57, 174, 21, 159, 215, 160, 147, 147, 37, 30, 109, 143, 204, 45, 139, 230, 202, 236, 234, 84, 173, 253, 163, 23, 241, 40, 167, 205, 243, 90, 173, 169, 11, 7, 1, 222, 30, 184, 7, 158, 231, 176, 240, 213, 32, 234, 81, 148, 123, 168, 52, 222, 29, 48, 172, 204, 88, 131, 166, 38, 26, 40, 117, 155, 99, 158, 45, 193, 188, 176, 27, 209, 24, 61, 247, 62, 164, 94, 244, 70, 116, 133, 206, 73, 138, 216, 133, 38, 86, 207, 81, 87, 143, 137, 212, 204, 112, 254, 174, 187, 219, 170, 83, 30, 96, 84, 218, 95, 241, 92, 203, 156, 11, 147, 126, 83, 110, 62, 62, 106, 28, 66, 254, 84, 118, 58, 77, 81, 163, 138, 236, 235, 127, 199, 35, 249, 124, 109, 122, 0, 240, 23, 74, 113, 89, 112, 151, 224, 240, 108, 199, 105, 218, 85, 188, 3, 174, 161, 133, 46, 213, 139, 125, 145, 56, 134, 101, 124, 227, 23, 236, 135, 187, 47, 180, 249, 210, 107, 86, 180, 109, 145, 119, 221, 88, 193, 151, 211, 151, 9, 247, 201, 227, 47, 26, 17, 98, 55, 172, 151, 63, 83, 98, 200, 210, 214, 159, 67, 89, 229, 220, 180, 219, 32, 118, 68, 24, 144, 96, 110, 76, 121, 72, 189, 29, 154, 48, 148, 205, 56, 184, 162, 228, 9, 54, 52, 152, 223, 121, 3, 27, 100, 214, 1, 204, 166, 113, 237, 239, 227, 139, 220, 106, 169, 81, 207, 61, 78, 191, 44, 120, 205, 93, 57, 195, 224, 64, 100, 214, 181, 81, 14, 120, 102, 69, 114, 182, 91, 19, 98, 196, 232, 165, 231, 4, 121, 188, 241, 0, 120, 133, 65, 36, 49, 239, 64, 151, 164, 150, 104, 177, 76, 137, 117, 199, 198, 222, 50, 156, 93, 17, 244, 30, 252, 128, 148, 109, 106, 120, 204, 26, 58, 220, 218, 67, 24, 16, 225, 53, 19, 207, 36, 125, 42, 189, 198, 3, 84, 182, 142, 101, 176, 166, 226, 193, 132, 167, 242, 195, 51, 230, 151, 58, 27, 57, 127, 227, 187, 133, 31, 32, 141, 203, 68, 8, 28, 122, 121, 241, 138, 251, 37, 53, 87, 210, 162, 246, 233, 38, 101, 121, 28, 177, 226, 250, 254, 0, 6, 153, 215, 147, 142, 109, 110, 117, 68, 208, 68, 151, 172, 44, 116, 20, 139, 148, 204, 59, 85, 20, 124, 102, 100, 213, 253, 175, 95, 231, 10, 3, 158, 170, 100, 96, 216, 229, 107, 236, 47, 54, 110, 91, 127, 98, 106, 228, 138, 141, 27, 170, 207, 237, 163, 210, 198, 78, 228, 44, 115, 80, 225, 146, 244, 56, 33, 140, 78, 157, 174, 176, 189, 9, 177, 188, 62, 103, 40, 202, 40, 227, 8, 200, 202, 223, 136, 142, 238, 52, 142, 123, 13, 223, 141, 240, 15, 215, 180, 29, 247, 164, 237, 95, 213, 26, 222, 106, 9, 248, 211, 245, 255, 109, 111, 179, 32, 81, 134, 7, 151, 86, 57, 90, 148, 149, 186, 29, 192, 233, 137, 117, 188, 65, 235, 213, 232, 178, 154, 39, 122, 240, 116, 145, 168, 84, 213, 198, 35, 40, 136, 171, 81, 159, 82, 73, 129, 129, 25, 20, 127, 143, 27, 16, 176, 245, 254, 28, 14, 229, 113, 147, 207, 115, 168, 170, 116, 193, 254, 186, 45, 156, 204, 47, 88, 232, 109, 17, 226, 115, 229, 117, 62, 78, 245, 85, 190, 130, 204, 200, 58, 38, 67, 46, 92, 12, 242, 188, 248, 102, 159, 90, 61, 15, 158, 195, 170, 47, 59, 81, 38, 62, 196, 2, 88, 186, 51, 85, 214, 12, 96, 7, 29, 240, 31, 115, 159, 79, 206, 40, 164, 89, 57, 79, 207, 108, 85, 202, 161, 22, 124, 73, 140, 241, 250, 161, 172, 28, 97, 11, 70, 28, 49, 143, 161, 14, 148, 149, 115, 34, 110, 93, 222, 99, 47, 26, 218, 234, 94, 49, 223, 58, 238, 145, 201, 255, 130, 2, 179, 23, 181, 219, 65, 81, 74, 55, 78, 112, 52, 95, 58, 117, 116, 234, 210, 99, 235, 106, 70, 29, 219, 37, 70, 237, 83, 14, 49, 174, 4, 79, 15, 167, 248, 202, 118, 125, 128, 238, 77, 118, 6, 207, 79, 142, 155, 22, 52, 149, 235, 11, 174, 138, 85, 192, 179, 75, 161, 212, 35, 45, 249, 69, 117, 83, 105, 188, 82, 229, 10, 113, 137, 46, 1, 244, 172, 106, 111, 254, 241, 75, 68, 10, 174, 228, 71, 8, 36, 199, 66, 174, 220, 160, 42, 147, 113, 224, 192, 150, 102, 186, 134, 105, 6, 222, 58, 237, 241, 42, 201, 83, 230, 192, 33, 229, 143, 16, 44, 17, 96, 186, 188, 150, 68, 100, 33, 187, 245, 89, 144, 66, 203, 197, 209, 73, 77, 30, 205, 3, 50, 64, 138, 99, 94, 66, 110, 237, 245, 60, 139, 139, 80, 216, 53, 54, 133, 22, 95, 79, 52, 85, 136, 84, 169, 8, 210, 78, 109, 29, 38, 74, 155, 237, 134, 160, 59, 70, 243, 10, 98, 57, 227, 188, 211, 223, 45, 30, 6, 8, 34, 165, 252, 187, 52, 3, 133, 137, 82, 194, 110, 157, 195, 167, 4, 45, 8, 69, 4, 38, 184, 177, 138, 28, 7, 35, 92, 39, 30, 90, 167, 221, 153, 58, 83, 56, 245, 205, 174, 29, 215, 81, 53, 4, 36, 243, 132, 101, 250, 240, 46, 243, 247, 66, 213, 128, 120, 191, 49, 142, 123, 98, 47, 144, 56, 24, 27, 152, 1, 60, 55, 54, 57, 55, 146, 15, 143, 186, 140, 117, 43, 182, 220, 31, 126, 122, 87, 70, 131, 91, 179, 8, 135, 172, 48, 140, 96, 186, 18, 186, 153, 255, 56, 195, 209, 165, 78, 134, 12, 176, 239, 92, 206, 234, 118, 197, 173, 180, 147, 88, 184, 124, 123, 42, 32, 223, 44, 108, 28, 71, 158, 202, 34, 3, 120, 71, 175, 34, 178, 18, 224, 69, 80, 16, 199, 72, 157, 246, 90, 94, 129, 203, 128, 62, 65, 164, 204, 152, 104, 238, 183, 91, 103, 42, 42, 225, 215, 175, 118, 84, 164, 245, 146, 145, 234, 120, 67, 49, 214, 252, 146, 158, 244, 72, 134, 123, 137, 25, 34, 138, 135, 41, 2, 207, 217, 237, 82, 4, 164, 113, 83, 25, 236, 234, 132, 145, 205, 19, 240, 200, 20, 182, 13, 40, 221, 51, 204, 19, 242, 173, 98, 192, 126, 16, 10, 44, 243, 43, 52, 183, 129, 224, 248, 45, 110, 89, 100, 192, 199, 205, 152, 24, 203, 158, 35, 61, 21, 100, 62, 200, 53, 87, 255, 61, 42, 9, 9, 159, 195, 128, 221, 226, 227, 184, 120, 17, 175, 86, 130, 223, 206, 52, 96, 48, 78, 161, 131, 140, 112, 111, 142, 253, 239, 205, 21, 1, 128, 96, 175, 108, 126, 233, 1, 175, 17, 113, 47, 186, 250, 163, 35, 74, 198, 113, 11, 231, 184, 147, 8, 209, 71, 146, 3, 164, 41, 229, 245, 86, 165, 94, 2, 65, 55, 123, 120, 16, 61, 217, 140, 73, 232, 118, 28, 14, 177, 213, 66, 165, 149, 255, 248, 156, 24, 242, 121, 245, 240, 43, 89, 183, 106, 93, 161, 30, 27, 247, 53, 231, 57, 81, 239, 229, 199, 229, 91, 250, 105, 59, 83, 0, 85, 191, 87, 58, 34, 105, 201, 25, 244, 120, 4, 116, 206, 157, 187, 151, 223, 110, 89, 228, 164, 230, 242, 54, 42, 62, 88, 92, 52, 139, 231, 132, 90, 162, 105, 119, 182, 199, 1, 200, 73, 190, 158, 110, 120, 92, 204, 174, 209, 61, 211, 252, 194, 54, 143, 209, 28, 26, 214, 184, 249, 10, 2, 41, 161, 77, 203, 181, 237, 4, 70, 165, 181, 68, 129, 60, 167, 39, 102, 100, 146, 88, 64, 36, 243, 148, 244, 246, 50, 87, 169, 83, 191, 189, 242, 235, 133, 237, 10, 46, 58, 42, 204, 53, 243, 222, 251, 14, 182, 137, 156, 25, 197, 25, 237, 138, 188, 8, 222, 56, 8, 25, 227, 188, 108, 97, 254, 63, 131, 144, 155, 94, 120, 29, 134, 234, 61, 156, 216, 207, 13, 7, 109, 22, 189, 137, 79, 52, 133, 144, 48, 21, 10, 229, 56, 77, 1, 199, 0, 43, 235, 177, 201, 62, 120, 201, 7, 68, 144, 205, 17, 100, 244, 196, 92, 191, 91, 13, 224, 97, 146, 123, 251, 6, 254, 118, 190, 69, 147, 166, 245, 47, 251, 83, 240, 201, 93, 42, 176, 122, 55, 218, 51, 238, 171, 193, 216, 235, 128, 80, 203, 16, 177, 209, 103, 174, 115, 4, 45, 92, 159, 48, 54, 112, 216, 119, 218, 209, 212, 84, 12, 78, 99, 44, 0, 36, 228, 180, 81, 118, 50, 181, 179, 209, 14, 158, 155, 238, 153, 2, 137, 216, 80, 255, 251, 231, 214, 12, 11, 59, 51, 164, 238, 20, 90, 9, 203, 200, 202, 105, 233, 82, 145, 17, 9, 187, 168, 3, 134, 21, 118, 66, 1, 174, 35, 205, 216, 47, 135, 60, 220, 6, 46, 21, 245, 77, 32, 110, 26, 161, 0, 129, 100, 251, 190, 193, 5, 14, 55, 203, 24, 232, 238, 124, 36, 55, 51, 72, 129, 198, 63, 78, 207, 46, 254, 87, 154, 176, 188, 131, 13, 186, 22, 68, 43, 14, 148, 173, 161, 126, 244, 135, 137, 58, 133, 63, 25, 194, 172, 4, 79, 149, 204, 37, 216, 1, 184, 213, 139, 135, 16, 58, 181, 44, 88, 225, 55, 219, 6, 51, 83, 230, 198, 227, 106, 196, 137, 208, 223, 74, 56, 182, 109, 49, 200, 211, 72, 70, 226, 25, 171, 187, 67, 138, 88, 103, 19, 202, 112, 9, 129, 141, 244, 122, 55, 238, 26, 131, 231, 197, 68, 203, 146, 207, 198, 104, 184, 190, 43, 201, 143, 130, 110, 156, 88, 167, 57, 61, 72, 171, 25, 85, 224, 158, 73, 70, 158, 90, 8, 165, 221, 61, 217, 236, 29, 122, 31, 220, 237, 195, 255, 229, 237, 248, 140, 130, 62, 111, 235, 193, 224, 34, 127, 66, 65, 13, 222, 140, 79, 253, 54, 170, 195, 88, 133, 19, 204, 201, 114, 113, 46, 194, 194, 2, 234, 22, 246, 142, 50, 114, 206, 189, 55, 117, 85, 220, 167, 238, 172, 65, 85, 20, 169, 56, 183, 200, 234, 105, 156, 113, 111, 124, 254, 20, 207, 138, 175, 188, 85, 109, 158, 108, 120, 88, 120, 24, 72, 193, 84, 187, 130, 161, 61, 225, 113, 58, 175, 36, 50, 116, 160, 208, 231, 163, 56, 78, 124, 168, 175, 160, 221, 11, 179, 255, 32, 59, 120, 41, 141, 67, 25, 228, 197, 152, 183, 39, 8, 129},
{121, 163, 126, 166, 70, 82, 158, 135, 231, 117, 72, 245, 55, 234, 142, 143, 2, 40, 48, 40, 57, 172, 175, 172, 7, 184, 225, 69, 64, 150, 31, 212, 180, 187, 222, 34, 208, 15, 134, 112, 103, 193, 234, 224, 177, 45, 244, 246, 184, 245, 154, 130, 36, 19, 108, 215, 66, 194, 8, 2, 60, 163, 217, 101, 94, 225, 91, 143, 100, 7, 136, 77, 166, 176, 226, 152, 61, 218, 59, 18, 209, 27, 234, 13, 211, 193, 98, 192, 204, 195, 70, 129, 102, 215, 134, 70},
{17, 230, 101, 210, 113, 81, 131, 18, 131, 76, 160, 127, 178, 8, 228, 169, 109, 213, 120, 188, 172, 61, 157, 142, 245, 10, 169, 217, 135, 221, 98, 71, 192, 162, 197, 171, 153, 229, 87, 154, 157, 9, 49, 53, 198, 142, 42, 150, 46, 171, 151, 246, 251, 72, 69, 91, 98, 190, 190, 29, 225, 114, 207, 2, 111, 116, 139, 214, 219, 93, 20, 171, 192, 102, 177, 92, 87, 204, 30, 196, 105, 42, 62, 34, 15, 230, 237, 144, 194, 205, 87, 139, 144, 162, 234, 166, 155, 250, 122, 236, 242, 205, 222, 112, 197, 39, 185, 95, 210, 49, 86, 187, 222, 220, 53, 209, 105, 226, 150, 166, 249, 133, 48, 64, 53, 101, 32, 81, 204, 174, 240, 214, 62, 124, 156, 17, 122, 248, 199, 179, 183, 80, 248, 253, 95, 90, 94, 97, 61, 72, 80, 208, 84, 99, 34, 137, 246, 194, 243, 10},
{206, 63, 216, 111, 119, 204, 152, 113, 39, 8, 244, 241, 236, 127, 109, 73, 242, 80, 165, 14, 114, 115, 170, 141, 101, 46, 111, 228, 3, 67, 110, 41},
{186, 39, 85, 26, 162, 180, 200, 41, 194, 73, 68, 78, 46, 31, 32, 244, 0, 197, 44, 198, 0, 218, 178, 215, 195, 128, 3, 13, 60, 231, 249, 151},
{226, 207, 218, 140, 254, 136, 157, 24, 120, 1, 6, 109, 179, 102, 183, 222, 89, 128, 10, 59, 149, 163, 194, 87, 80, 208, 106, 224, 120, 162, 95, 243},
{246, 240, 58, 163, 220, 47, 102, 221, 14, 218, 96, 153, 104, 232, 240, 162, 226, 79, 17, 97, 82, 205, 34, 128, 153, 211, 191, 126, 171, 185, 9, 19, 28, 238, 251, 234, 140, 160, 110, 143, 181, 247, 238, 106, 227, 172, 161, 175, 223, 205, 79, 119, 12, 160, 168, 78, 126, 157, 157, 169, 232, 39, 138, 3},
{128, 249, 56, 168, 34, 114, 54, 29, 101, 211, 151, 85, 155, 216, 172, 130, 25, 17, 159, 232, 55, 112, 206, 191, 74, 109, 135, 181, 250, 83, 198, 251},
{22, 239, 8, 42, 56, 14, 157, 119, 250, 135, 19, 247, 13, 34, 61, 233, 255, 113, 232, 70, 140, 59, 248, 108, 97, 13, 98, 182, 101, 144, 177, 21},
{99, 214, 157, 24, 52, 212, 41, 114, 163, 134, 136, 247, 32, 100, 52, 221, 98, 185, 59, 233, 232, 21, 173, 138, 180, 239, 37, 98, 61, 142, 192, 140, 152, 53, 102, 235, 103, 184, 206, 48, 234, 147, 155, 161, 63, 45, 212, 190, 153, 246, 142, 40, 225, 219, 0, 197, 249, 143, 231, 14, 243, 3, 193, 103},
{100, 9, 42, 43, 130, 195, 221, 105, 61, 54, 142, 207, 63, 202, 227, 116, 129, 99, 53, 103, 33, 75, 253, 75, 73, 217, 24, 126, 198, 228, 226, 229},
{6, 184, 47, 43, 226, 131, 113, 149, 211, 215, 155, 126, 201, 192, 218, 190, 109, 212, 33, 204, 134, 254, 158, 218, 179, 234, 218, 73, 77, 83, 223, 230},
{174, 147, 21, 204, 35, 237, 105, 225, 217, 125, 155, 197, 82, 27, 87, 9, 142, 51, 71, 45, 79, 115, 96, 219, 205, 162, 253, 115, 79, 24, 41, 183},
{244, 166, 215, 221, 36, 150, 206, 41, 82, 194, 96, 97, 57, 72, 245, 188, 47, 142, 128, 64, 143, 10, 69, 197, 221, 176, 56, 81, 216, 220, 188, 47},
{36, 37, 125, 116, 74, 204, 118, 25, 189, 194, 54, 192, 90, 116, 143, 195, 140, 10, 66, 229, 55, 142, 72, 35, 139, 185, 88, 160, 225, 53, 152, 216, 203, 222, 69, 157, 98, 19, 182, 247, 40, 83, 64, 176, 214, 0, 144, 14, 198, 44, 109, 202, 11, 25, 5, 55, 180, 24, 86, 17, 56, 182, 96, 49, 120, 246, 254, 207, 173, 164, 111, 20, 170, 193, 53, 91, 35, 65, 65, 253, 73, 55, 216, 227, 111, 3, 247, 115, 52, 89, 122, 159, 69, 144, 27, 103},
{28, 226, 151, 180, 52, 101, 230, 26, 183, 120, 151, 249, 251, 91, 21, 180, 178, 183, 238, 91, 183, 106, 2, 96, 161, 169, 73, 187, 246, 40, 116, 101, 189, 208, 73, 250, 171, 146, 149, 82, 183, 47, 136, 10, 86, 252, 214, 10, 111, 18, 66, 130, 55, 233, 48, 92, 76, 67, 217, 28, 232, 102, 198, 106, 214, 211, 78, 41, 49, 238, 95, 164, 20, 218, 84, 40, 167, 137, 19, 242, 100, 191, 215, 15, 4, 108, 12, 134, 89, 241, 90, 248, 77, 223, 112, 245, 214, 81, 42, 61, 232, 20, 98, 121, 91, 143, 240, 206, 96, 11, 10, 251, 87, 137, 247, 128, 45, 7, 38, 244, 232, 155, 6, 48, 89, 232, 54, 125},
{7, 78, 82, 40, 205, 120, 104, 239, 180, 179, 224, 107, 90, 72, 234, 188, 177, 199, 96, 148, 186, 132, 142, 190, 103, 2, 73, 160, 233, 198, 106, 142},
{123, 199, 186, 153, 219, 54, 0, 16, 231, 44, 71, 12, 205, 66, 82, 13, 66, 160, 88, 236, 154, 60, 171, 105, 171, 227, 9, 41, 57, 94, 32, 123},
{91, 92, 65, 75, 10, 153, 168, 126, 207, 108, 122, 152, 185, 100, 107, 73, 85, 126, 249, 2, 102, 216, 32, 48, 173, 163, 221, 126, 46, 169, 175, 191},
{73, 154, 60, 102, 80, 39, 20, 37, 16, 1, 171, 207, 96, 82, 123, 165, 31, 27, 205, 126, 55, 247, 180, 1, 119, 49, 212, 121, 203, 181, 25, 184},
{106, 148, 67, 49, 8, 181, 99, 70, 221, 173, 244, 91, 148, 57, 27, 208, 124, 180, 8, 150, 27, 183, 87, 60, 10, 20, 120, 241, 213, 25, 252, 88},
{176, 172, 163, 118, 20, 201, 255, 181, 205, 48, 93, 75, 17, 3, 11, 18, 76, 166, 237, 124, 79, 119, 85, 243, 23, 87, 178, 9, 237, 65, 70, 232, 251, 101, 9, 54, 55, 123, 179, 7, 234, 130, 170, 101, 169, 22, 252, 74, 233, 49, 101, 237, 235, 3, 26, 187, 108, 179, 199, 96, 150, 37, 104, 125},
{78, 62, 210, 220, 177, 142, 250, 52, 52, 58, 113, 142, 154, 170, 129, 120, 70, 34, 254, 202, 87, 106, 6, 137, 118, 64, 210, 201, 223, 166, 141, 44, 54, 81, 55, 190, 223, 147, 109, 134, 195, 157, 14, 222, 215, 117, 53, 85, 67, 203, 200, 162, 236, 217, 163, 216, 243, 6, 7, 34, 251, 29, 141, 238, 39, 42, 20, 146, 58, 254, 64, 191, 5, 240, 182, 63, 80, 33, 254, 71, 232, 87, 76, 149, 45, 178, 232, 116, 101, 38, 124, 36, 135, 92, 117, 82, 128, 42, 34, 199, 9, 1, 139, 174, 98, 140, 6, 176, 52, 107, 9, 26, 77, 7, 125, 204, 47, 32, 126, 131, 121, 24, 234, 29, 247, 82, 184, 3}, {170, 163, 0, 183, 231, 51, 142, 209, 196, 158, 219, 242, 62, 162, 33, 164, 63, 24, 49, 252, 95, 194, 250, 10, 115, 157, 153, 19, 18, 240, 195, 196, 178, 24, 100, 174, 111, 217, 164, 210, 65, 129, 26, 38, 67, 96, 133, 166, 246, 58, 46, 252, 232, 186, 151, 165, 107, 168, 181, 118, 26, 43, 182, 156, 129, 90, 92, 108, 73, 233, 180, 118, 255, 197, 32, 98, 167, 93, 69, 187, 34, 146, 161, 43, 249, 186, 202, 174, 38, 150, 183, 70, 226, 217, 248, 128, 66, 142, 106, 66, 56, 156, 207, 58, 253, 113, 220, 193, 92, 185, 32, 146, 48, 39, 94, 35, 66, 157, 6, 216, 37, 150, 236, 152, 104, 217, 249, 249},
{246, 90, 179, 234, 48, 142, 1, 26, 36, 136, 217, 47, 237, 39, 148, 183, 90, 52, 241, 83, 206, 43, 5, 13, 203, 219, 225, 101, 6, 190, 3, 70, 84, 81, 155, 234, 52, 88, 75, 21, 60, 165, 20, 36, 118, 21, 128, 11, 126, 233, 21, 107, 160, 49, 220, 133, 107, 16, 147, 19, 163, 9, 158, 246, 46, 40, 42, 123, 63, 57, 219, 105, 105, 92, 145, 51, 2, 188, 172, 174, 31, 181, 110, 138, 233, 29, 63, 169, 66, 180, 179, 227, 49, 90, 49, 115},
{172, 40, 133, 17, 93, 47, 207, 47, 88, 33, 169, 159, 208, 62, 66, 62, 138, 133, 43, 164, 180, 21, 35, 65, 138, 194, 105, 63, 72, 27, 215, 62, 187, 171, 29, 51, 48, 168, 242, 106, 199, 183, 238, 170, 45, 180, 253, 252, 200, 62, 150, 176, 114, 101, 182, 251, 190, 225, 197, 194, 102, 124, 222, 229, 165, 1, 90, 252, 242, 189, 16, 147, 114, 225, 110, 170, 27, 76, 242, 52, 201, 124, 37, 0, 132, 200, 62, 116, 26, 164, 143, 155, 23, 73, 214, 204, 33, 242, 15, 0, 220, 65, 0, 11, 96, 186, 104, 76, 229, 33, 215, 236, 190, 198, 62, 242, 187, 204, 202, 86, 32, 23, 206, 210, 107, 27, 174, 164, 116, 28, 92, 74, 132, 63, 235, 127, 236, 192, 119, 239, 162, 43, 6, 227, 79, 229, 162, 227, 200, 226, 91, 25, 41, 201, 4, 132, 144, 47, 47, 13},
{11, 196, 195, 32, 5, 100, 134, 104, 84, 247, 183, 154, 223, 203, 231, 212, 249, 49, 234, 142, 101, 230, 90, 161, 74, 23, 113, 45, 103, 154, 194, 223},
{225, 27, 175, 232, 18, 37, 161, 122, 76, 83, 88, 208, 28, 104, 151, 150, 163, 88, 178, 12, 210, 196, 186, 7, 100, 84, 199, 125, 35, 111, 137, 22},
{99, 192, 5, 231, 196, 191, 149, 122, 168, 127, 92, 174, 236, 236, 214, 170, 99, 242, 62, 64, 27, 193, 183, 109, 195, 35, 151, 195, 241, 61, 229, 139},
{220, 25, 66, 162, 171, 84, 248, 250, 166, 89, 113, 126, 137, 254, 36, 236, 12, 162, 255, 132, 147, 174, 234, 208, 85, 214, 140, 58, 18, 110, 38, 19},
{225, 122, 168, 104, 101, 254, 28, 98, 196, 73, 255, 234, 209, 50, 85, 59, 215, 4, 226, 206, 4, 104, 132, 56, 18, 67, 88, 151, 197, 2, 113, 127, 69, 221, 16, 243, 76, 58, 31, 9, 95, 116, 231, 41, 124, 176, 43, 219, 80, 250, 227, 102, 37, 99, 70, 154, 210, 218, 203, 39, 185, 172, 105, 226, 61, 186, 80, 177, 99, 220, 135, 98, 81, 16, 9, 92, 31, 164, 131, 178, 171, 9, 183, 126, 180, 152, 146, 86, 97, 108, 146, 58, 5, 97, 94, 71, 250, 186, 95, 57, 197, 129, 20, 161, 241, 231, 58, 137, 100, 166, 203, 100, 219, 53, 174, 245, 209, 156, 214, 41, 79, 235, 133, 119, 11, 253, 45, 195},
{63, 1, 129, 0, 184, 38, 2, 45, 48, 182, 29, 246, 225, 57, 153, 32, 252, 56, 102, 191, 106, 27, 20, 53, 211, 92, 58, 203, 65, 57, 143, 240},
{71, 167, 222, 114, 175, 188, 242, 180, 12, 127, 185, 48, 145, 172, 16, 227, 102, 70, 142, 174, 3, 180, 205, 4, 190, 126, 219, 132, 156, 135, 215, 63, 162, 33, 205, 197, 253, 115, 81, 242, 236, 110, 69, 130, 119, 169, 19, 213, 221, 23, 80, 9, 244, 210, 120, 198, 148, 249, 103, 32, 23, 37, 191, 165, 141, 250, 145, 222, 137, 45, 185, 181, 239, 28, 33, 73, 121, 36, 92, 88, 37, 59, 76, 103, 69, 55, 3, 44, 90, 106, 171, 241, 177, 20, 39, 193},
{71, 222, 90, 85, 178, 32, 186, 251, 190, 85, 181, 183, 104, 108, 40, 65, 9, 60, 190, 160, 123, 93, 92, 3, 123, 136, 133, 229, 80, 51, 62, 238},
{236, 8, 245, 211, 134, 204, 47, 173, 97, 61, 239, 77, 34, 14, 198, 120, 44, 109, 241, 215, 133, 77, 145, 142, 6, 168, 90, 21, 254, 249, 26, 218},
{59, 87, 121, 19, 80, 78, 243, 5, 97, 202, 60, 179, 250, 199, 105, 178, 26, 149, 210, 101, 6, 161, 215, 103, 120, 178, 93, 99, 209, 150, 136, 181, 19, 242, 57, 147, 253, 219, 122, 48, 59, 111, 51, 2, 131, 25, 90, 221, 111, 228, 223, 145, 201, 41, 34, 169, 39, 109, 145, 177, 129, 157, 11, 57, 174, 161, 95, 41, 6, 105, 156, 0, 29, 96, 194, 19, 20, 133, 81, 240, 186, 84, 155, 76, 84, 15, 226, 230, 151, 252, 96, 176, 156, 202, 74, 193, 228, 6, 61, 205, 55, 15, 199, 68, 227, 218, 250, 7, 139, 43, 159, 42, 239, 54, 176, 28, 102, 27, 206, 71, 204, 171, 71, 249, 254, 51, 52, 178, 173, 226, 162, 107, 80, 186, 148, 255, 43, 144, 102, 168, 28, 153, 205, 204, 117, 93, 42, 228, 229, 147, 173, 67, 82, 33, 124, 67, 25, 177, 110, 209, 20, 90, 128, 2, 103, 133, 187, 109, 240, 154, 49, 65, 213, 38, 150, 74, 240, 209, 21, 167, 89, 72, 177, 179, 135, 111, 54, 145, 71, 70, 94, 119},
{91, 47, 23, 232, 198, 63, 14, 123, 10, 15, 137, 32, 228, 93, 19, 41, 157, 82, 6, 83, 50, 236, 50, 57, 149, 66, 140, 61, 76, 155, 176, 70, 93, 84, 127, 86, 142, 185, 211, 80, 34, 97, 95, 238, 38, 223, 43, 52, 27, 235, 20, 42, 116, 51, 52, 165, 98, 254, 148, 221, 125, 233, 64, 164, 154, 182, 24, 104, 74, 145, 234, 27, 239, 233, 45, 188, 118, 23, 251, 127, 57, 233, 46, 180, 212, 197, 177, 74, 201, 132, 230, 34, 9, 28, 2, 234},
{82, 95, 95, 51, 123, 134, 16, 124, 201, 95, 89, 140, 151, 210, 135, 22, 9, 120, 72, 172, 144, 146, 118, 135, 251, 84, 81, 164, 2, 201, 90, 66, 219, 55, 201, 185, 209, 227, 138, 167, 128, 215, 59, 170, 115, 144, 227, 74, 207, 142, 89, 180, 233, 20, 11, 202, 12, 33, 100, 0, 182, 189, 235, 0}
};
for (int i = 0; i < cipher_list.size(); i++)
{
if (!CryptImportKey(hProv, (BYTE*)&keyBlob, sizeof(keyBlob), 0, 0, &hKey)) {
std::cerr << "CryptImportKey failed: " << GetLastError() << std::endl;
if (hProv) CryptReleaseContext(hProv, 0);
return 1;
}
DWORD dataLen = (DWORD)cipher_list[i].size();
if (!CryptDecrypt(hKey, 0, 0, 0, cipher_list[i].data(), &dataLen)) {
std::cerr << "CryptDecrypt failed: " << GetLastError() << std::endl;
CryptDestroyKey(hKey);
CryptReleaseContext(hProv, 0);
return 1;
}
cipher_list[i].resize(dataLen);
std::cout << "Sign: " << sign_list[i] << std::endl;
//std::cout << "明文: " << cipher_list[i].data() << std::endl;
std::cout << "Data ";
PrintHex(cipher_list[i]);
std::cout << "------------------------------" << std::endl;
}
CryptDestroyKey(hKey);
CryptReleaseContext(hProv, 0);
return 0;
}
```
这里得到的结果还是不太好看,就又拿python又处理了一下,结果如下,后续就可以根据标志来进行查表,可以快速的了解到解密的字符。
#### 解密的字符串
```Plain
标志: 0x0
解密字符串:SRC
解密HEX: 5300520043000000000000000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x1
解密字符串:chewbacca@cock.li
解密HEX: 630068006500770062006100630063006100400063006f0063006b002e006c006900000000000000000000000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x4
解密字符串:boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys;+README-WARNING+.txt;desktop.ini;
解密HEX: 62006f006f0074002e0069006e0069003b0062006f006f00740066006f006e0074002e00620069006e003b006e0074006c00640072003b006e0074006400650074006500630074002e0063006f006d003b0069006f002e007300790073003b002b0052004500410044004d0045002d005700410052004e0049004e0047002b002e007400780074003b006400650073006b0074006f0070002e0069006e0069003b00000000000000000000000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x5
解密字符串:sqlbrowser.exe;sqlwriter.exe;sqlservr.exe;msmdsrv.exe;MsDtsSrvr.exe;sqlceip.exe;fdlauncher.exe;Ssms.exe;sqlagent.exe;fdhost.exe;ReportingServicesService.exe;msftesql.exe;pg_ctl.exe;postgres.exe;UniFi.exe;armsvc.exe;IntelCpHDCPSvc.exe;OfficeClickToRun.exe;DellOSDService.exe;DymoPnpService.exe;Agent.exe;FJTWMKSV.exe;IPROSetMonitor.exe;IRMTService.exe;MBCloudEA.exe;QBCFMonitorService.exe;QBIDPService.exe;RstMwService.exe;TeamViewer_Service.exe;dasHost.exe;IntelCpHeciSvc.exe;RAVBg64.exe;vds.exe;unsecapp.exe;TodoBackupService.exe;MediaButtons.exe;IAStorDataMgrSvc.exe;jhi_service.exe;LMS.exe;DDVDataCollector.exe;DDVCollectorSvcApi.exe;TeamViewer.exe;tv_w32.exe;tv_x64.exe;Microsoft.Photos.exe;MicrosoftEdge.exe;ApplicationFrameHost.exe;browser_broker.exe;MicrosoftEdgeSH.exe;MicrosoftEdgeCP.exe;RtkNGUI64.exe;WavesSvc64.exe;OneDrive.exe;DYMO.DLS.Printing.Host.exe;FtLnSOP.exe;FjtwMkup.exe;FTPWREVT.exe;FTErGuid.exe;qbupdate.exe;QBWebConnector.exe;ShellExperienceHost.exe;RuntimeBroker.exe;IAStorIcon.exe;PrivacyIconClient.exe;SupportAssistAgent.exe;SecurityHealthService.exe;taskhostw.exe;taskhosta.exe;wijca.exe;ktfwswe.exe;HeciServer.exe;mdm.exe;ULCDRSvr.exe;WLIDSVC.EXE;WLIDSVCM.EXE;GoogleCrashHandler.exe;GoogleCrashHandler64.exe;RAVCpl64.exe;igfxtray.exe;hkcmd.exe;igfxpers.exe;PsiService_2.exe;UNS.exe;taskeng.exe;AdobeARM.exe;LenovoReg.exe;dwm.exe;wuauclt.exe;avp.exe;FBService.exe;LBAEvent.exe;PDFProFiltSrvPP.exe;avpsus.exe;klnagent.exe;vapm.exe;ScanToPCActivationApp.exe;BrStMonW.exe;BrCtrlCntr.exe;concentr.exe;redirector.exe;BrccMCtl.exe;BrYNSvc.exe;Receiver.exe;BrCcUxSys.exe;LSCNotify.exe;SelfServicePlugin.exe;wfcrun32.exe;HPNETW~1.EXE;HPScan.exe;taskhost.exe;Teams.exe;AuthManSvr.exe;WLXPhotoGallery.exe;outlook.exe;prevhost.exe;excel.exe;chrome.exe;AcroRd32.exe;RdrCEF.exe;vssadmin.exe;WmiPrvSE.exe;oracle.exe;ocssd.exe;dbsnmp.exe;synctime.exe;agntsrvc.exe;mydesktopqos.exe;isqlplussvc.exe;xfssvccon.exe;mydesktopservice.exe;ocautoupds.exe;encsvc.exe;firefoxconfig.exe;tbirdconfig.exe;ocomm.exe;mysqld.exe;mysqld-nt.exe;mysqld-opt.exe;dbeng50.exe;sqbcoreservice.exe;infopath.exe;msaccess.exe;mspub.exe;onenote.exe;powerpnt.exe;steam.exe;thebat.exe;thebat64.exe;thunderbird.exe;visio.exe;winword.exe;wordpad.exe;
解密HEX: 730071006c00620072006f0077007300650072002e006500780065003b00730071006c007700720069007400650072002e006500780065003b00730071006c00730065007200760072002e006500780065003b006d0073006d0064007300720076002e006500780065003b004d00730044007400730053007200760072002e006500780065003b00730071006c0063006500690070002e006500780065003b00660064006c00610075006e0063006800650072002e006500780065003b00530073006d0073002e006500780065003b00730071006c006100670065006e0074002e006500780065003b006600640068006f00730074002e006500780065003b005200650070006f007200740069006e0067005300650072007600690063006500730053006500720076006900630065002e006500780065003b006d007300660074006500730071006c002e006500780065003b00700067005f00630074006c002e006500780065003b0070006f007300740067007200650073002e006500780065003b0055006e006900460069002e006500780065003b00610072006d007300760063002e006500780065003b0049006e00740065006c004300700048004400430050005300760063002e006500780065003b004f006600660069006300650043006c00690063006b0054006f00520075006e002e006500780065003b00440065006c006c004f005300440053006500720076006900630065002e006500780065003b00440079006d006f0050006e00700053006500720076006900630065002e006500780065003b004100670065006e0074002e006500780065003b0046004a00540057004d004b00530056002e006500780065003b004900500052004f005300650074004d006f006e00690074006f0072002e006500780065003b00490052004d00540053006500720076006900630065002e006500780065003b004d00420043006c006f0075006400450041002e006500780065003b0051004200430046004d006f006e00690074006f00720053006500720076006900630065002e006500780065003b005100420049004400500053006500720076006900630065002e006500780065003b005200730074004d00770053006500720076006900630065002e006500780065003b005400650061006d005600690065007700650072005f0053006500720076006900630065002e006500780065003b0064006100730048006f00730074002e006500780065003b0049006e00740065006c004300700048006500630069005300760063002e006500780065003b0052004100560042006700360034002e006500780065003b007600640073002e006500780065003b0075006e007300650063006100700070002e006500780065003b0054006f0064006f004200610063006b007500700053006500720076006900630065002e006500780065003b004d00650064006900610042007500740074006f006e0073002e006500780065003b0049004100530074006f00720044006100740061004d00670072005300760063002e006500780065003b006a00680069005f0073006500720076006900630065002e006500780065003b004c004d0053002e006500780065003b00440044005600440061007400610043006f006c006c006500630074006f0072002e006500780065003b0044004400560043006f006c006c006500630074006f0072005300760063004100700069002e006500780065003b005400650061006d005600690065007700650072002e006500780065003b00740076005f007700330032002e006500780065003b00740076005f007800360034002e006500780065003b004d006900630072006f0073006f00660074002e00500068006f0074006f0073002e006500780065003b004d006900630072006f0073006f006600740045006400670065002e006500780065003b004100700070006c00690063006100740069006f006e004600720061006d00650048006f00730074002e006500780065003b00620072006f0077007300650072005f00620072006f006b00650072002e006500780065003b004d006900630072006f0073006f00660074004500640067006500530048002e006500780065003b004d006900630072006f0073006f00660074004500640067006500430050002e006500780065003b00520074006b004e00470055004900360034002e006500780065003b0057006100760065007300530076006300360034002e006500780065003b004f006e006500440072006900760065002e006500780065003b00440059004d004f002e0044004c0053002e005000720069006e00740069006e0067002e0048006f00730074002e006500780065003b00460074004c006e0053004f0050002e006500780065003b0046006a00740077004d006b00750070002e006500780065003b00460054005000570052004500560054002e006500780065003b00460054004500720047007500690064002e006500780065003b00710062007500700064006100740065002e006500780065003b005100420057006500620043006f006e006e006500630074006f0072002e006500780065003b005300680065006c006c0045007800700065007200690065006e006300650048006f00730074002e006500780065003b00520075006e00740069006d006500420072006f006b00650072002e006500780065003b0049004100530074006f007200490063006f006e002e006500780065003b005000720069007600610063007900490063006f006e0043006c00690065006e0074002e006500780065003b0053007500700070006f00720074004100730073006900730074004100670065006e0074002e006500780065003b00530065006300750072006900740079004800650061006c007400680053006500720076006900630065002e006500780065003b007400610073006b0068006f007300740077002e006500780065003b007400610073006b0068006f007300740061002e006500780065003b00770069006a00630061002e006500780065003b006b007400660077007300770065002e006500780065003b0048006500630069005300650072007600650072002e006500780065003b006d0064006d002e006500780065003b0055004c004300440052005300760072002e006500780065003b0057004c00490044005300560043002e004500580045003b0057004c00490044005300560043004d002e004500580045003b0047006f006f0067006c00650043007200610073006800480061006e0064006c00650072002e006500780065003b0047006f006f0067006c00650043007200610073006800480061006e0064006c0065007200360034002e006500780065003b00520041005600430070006c00360034002e006500780065003b00690067006600780074007200610079002e006500780065003b0068006b0063006d0064002e006500780065003b00690067006600780070006500720073002e006500780065003b0050007300690053006500720076006900630065005f0032002e006500780065003b0055004e0053002e006500780065003b007400610073006b0065006e0067002e006500780065003b00410064006f0062006500410052004d002e006500780065003b004c0065006e006f0076006f005200650067002e006500780065003b00640077006d002e006500780065003b00770075006100750063006c0074002e006500780065003b006100760070002e006500780065003b004600420053006500720076006900630065002e006500780065003b004c00420041004500760065006e0074002e006500780065003b00500044004600500072006f00460069006c007400530072007600500050002e006500780065003b006100760070007300750073002e006500780065003b006b006c006e006100670065006e0074002e006500780065003b007600610070006d002e006500780065003b005300630061006e0054006f0050004300410063007400690076006100740069006f006e004100700070002e006500780065003b0042007200530074004d006f006e0057002e006500780065003b00420072004300740072006c0043006e00740072002e006500780065003b0063006f006e00630065006e00740072002e006500780065003b00720065006400690072006500630074006f0072002e006500780065003b0042007200630063004d00430074006c002e006500780065003b004200720059004e005300760063002e006500780065003b00520065006300650069007600650072002e006500780065003b004200720043006300550078005300790073002e006500780065003b004c00530043004e006f0074006900660079002e006500780065003b00530065006c006600530065007200760069006300650050006c007500670069006e002e006500780065003b00770066006300720075006e00330032002e006500780065003b00480050004e004500540057007e0031002e004500580045003b00480050005300630061006e002e006500780065003b007400610073006b0068006f00730074002e006500780065003b005400650061006d0073002e006500780065003b0041007500740068004d0061006e005300760072002e006500780065003b0057004c005800500068006f0074006f00470061006c006c006500720079002e006500780065003b006f00750074006c006f006f006b002e006500780065003b00700072006500760068006f00730074002e006500780065003b0065007800630065006c002e006500780065003b006300680072006f006d0065002e006500780065003b004100630072006f0052006400330032002e006500780065003b005200640072004300450046002e006500780065003b00760073007300610064006d0069006e002e006500780065003b0057006d006900500072007600530045002e006500780065003b006f007200610063006c0065002e006500780065003b006f0063007300730064002e006500780065003b006400620073006e006d0070002e006500780065003b00730079006e006300740069006d0065002e006500780065003b00610067006e00740073007200760063002e006500780065003b006d0079006400650073006b0074006f00700071006f0073002e006500780065003b006900730071006c0070006c00750073007300760063002e006500780065003b0078006600730073007600630063006f006e002e006500780065003b006d0079006400650073006b0074006f00700073006500720076006900630065002e006500780065003b006f0063006100750074006f0075007000640073002e006500780065003b0065006e0063007300760063002e006500780065003b00660069007200650066006f00780063006f006e006600690067002e006500780065003b007400620069007200640063006f006e006600690067002e006500780065003b006f0063006f006d006d002e006500780065003b006d007900730071006c0064002e006500780065003b006d007900730071006c0064002d006e0074002e006500780065003b006d007900730071006c0064002d006f00700074002e006500780065003b006400620065006e006700350030002e006500780065003b0073007100620063006f007200650073006500720076006900630065002e006500780065003b0069006e0066006f0070006100740068002e006500780065003b006d0073006100630063006500730073002e006500780065003b006d0073007000750062002e006500780065003b006f006e0065006e006f00740065002e006500780065003b0070006f0077006500720070006e0074002e006500780065003b0073007400650061006d002e006500780065003b007400680065006200610074002e006500780065003b00740068006500620061007400360034002e006500780065003b007400680075006e0064006500720062006900720064002e006500780065003b0076006900730069006f002e006500780065003b00770069006e0077006f00720064002e006500780065003b0077006f00720064007000610064002e006500780065003b000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x6
解密字符串:+README-WARNING+.txt
解密HEX: 2b0052004500410044004d0045002d005700410052004e0049004e0047002b002e00740078007400000000000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x7
解密字符串:YOUR_FILES_ARE_ENCRYPTED
解密HEX: 59004f00550052005f00460049004c00450053005f004100520045005f0045004e00430052005900500054004500440000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x8
解密字符串:::: Greetings :::
Little FAQ:
.1.
Q: Whats Happen?
A: Your files have been encrypted. The file structure was not damaged, we did everything possible so that this could not happen.
.2.
Q: How to recover files?
A: If you wish to decrypt your files you will need to pay us.
.3.
Q: What about guarantees?
A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc... not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee.
.4.
Q: How to contact with you?
A: You can write us to our mailbox: chewbacca@cock.li
Or you can contact us via TOX: ADA6E26332F26451E45768179C771CA87A7F0F4E234DA8D882888F505494925DCF274A3EA555
You don't know about TOX? Go to https://tox.chat
.5.
Q: How will the decryption process proceed after payment?
A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files.
.6.
Q: If I don t want to pay bad people like you?
A: If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice - time is much more valuable than money.
:::BEWARE:::
DON'T try to change encrypted files by yourself!
If you will try to use any third party software for restoring your data or antivirus solutions - please make a backup for all encrypted files!
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.
解密HEX: 3a3a3a204772656574696e6773203a3a3a0d0a0d0a4c6974746c65204641513a0d0a0d0a2e312e200d0a513a2057686174732048617070656e3f0d0a413a20596f75722066696c65732068617665206265656e20656e637279707465642e205468652066696c652073747275637475726520776173206e6f742064616d616765642c207765206469642065766572797468696e6720706f737369626c6520736f2074686174207468697320636f756c64206e6f742068617070656e2e0d0a0d0a2e322e200d0a513a20486f7720746f207265636f7665722066696c65733f0d0a413a20496620796f75207769736820746f206465637279707420796f75722066696c657320796f752077696c6c206e65656420746f207061792075732e0d0a0d0a2e332e200d0a513a20576861742061626f75742067756172616e746565733f0d0a413a20497473206a757374206120627573696e6573732e205765206162736f6c7574656c7920646f206e6f7420636172652061626f757420796f7520616e6420796f7572206465616c732c206578636570742067657474696e672062656e65666974732e20496620776520646f206e6f7420646f206f757220776f726b20616e64206c696162696c6974696573202d206e6f626f64792077696c6c20636f6f70657261746520776974682075732e20497473206e6f7420696e206f757220696e746572657374732e0d0a546f20636865636b20746865206162696c697479206f662072657475726e696e672066696c65732c20796f752063616e2073656e6420746f20757320616e7920322066696c657320776974682053494d504c4520657874656e73696f6e73286a70672c786c732c646f632c206574632e2e2e206e6f7420646174616261736573212920616e64206c6f772073697a6573286d61782031206d62292c2077652077696c6c2064656372797074207468656d20616e642073656e64206261636b20746f20796f752e2054686174206973206f75722067756172616e7465652e0d0a0d0a2e342e0d0a513a20486f7720746f20636f6e74616374207769746820796f753f0d0a413a20596f752063616e20777269746520757320746f206f7572206d61696c626f783a2063686577626163636140636f636b2e6c690d0a4f7220796f752063616e20636f6e746163742075732076696120544f583a20414441364532363333324632363435314534353736383137394337373143413837413746304634453233344441384438383238383846353035343934393235444346323734413345413535350d0a596f7520646f6e2774206b6e6f772061626f757420544f583f20476f20746f2068747470733a2f2f746f782e636861740d0a0d0a2e352e0d0a513a20486f772077696c6c207468652064656372797074696f6e2070726f636573732070726f63656564206166746572207061796d656e743f0d0a413a204166746572207061796d656e742077652077696c6c2073656e6420746f20796f75206f7572207363616e6e65722d6465636f6465722070726f6772616d20616e642064657461696c656420696e737472756374696f6e7320666f72207573652e205769746820746869732070726f6772616d20796f752077696c6c2062652061626c6520746f206465637279707420616c6c20796f757220656e637279707465642066696c65732e0d0a0d0a2e362e0d0a513a204966204920646f6e92742077616e7420746f20706179206261642070656f706c65206c696b6520796f753f0d0a413a20496620796f752077696c6c206e6f7420636f6f7065726174652077697468206f75722073657276696365202d20666f722075732c2069747320646f6573206e6f74206d61747465722e2042757420796f752077696c6c206c6f736520796f75722074696d6520616e6420646174612c206361757365206f6e6c792077652068617665207468652070726976617465206b65792e20496e207072616374696365202d2074696d65206973206d756368206d6f72652076616c7561626c65207468616e206d6f6e65792e0d0a0d0a0d0a0d0a3a3a3a4245574152453a3a3a0d0a444f4e27542074727920746f206368616e676520656e637279707465642066696c657320627920796f757273656c6621200d0a496620796f752077696c6c2074727920746f2075736520616e7920746869726420706172747920736f66747761726520666f7220726573746f72696e6720796f75722064617461206f7220616e7469766972757320736f6c7574696f6e73202d20706c65617365206d616b652061206261636b757020666f7220616c6c20656e637279707465642066696c6573210d0a416e79206368616e67657320696e20656e637279707465642066696c6573206d617920656e7461696c2064616d616765206f66207468652070726976617465206b657920616e642c20617320726573756c742c20746865206c6f737320616c6c20646174612e0d0a000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x9
解密字符串:vssadmin delete shadows /all /quiet
wbadmin delete catalog -quiet
wmic shadowcopy delete
exit
解密HEX: 76737361646d696e2064656c65746520736861646f7773202f616c6c202f71756965740a776261646d696e2064656c65746520636174616c6f67202d71756965740a776d696320736861646f77636f70792064656c6574650a657869740a0000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0xa
解密字符串: RSA15b+ϼ O Y \ R u\ t\ SE { m\ 愅 YR 3\ l B 4Z d Ӗ\ eKBW "i hi# < O 1$ o P* + PNc X
解密HEX: 0602000000a400005253413100040000010001001d35622bcfbcfe4fde59eae15c05d7528d0c1ae6755c180904dd745cd1f5a19986fce1e0e9534595e4fb7bdd6d5cc1f2cee684851bfc59529108c433185cf76c800f421aad345aa6a964e8f485acf1d3965c85654b124257e0142269eab809af68692309843ce7cd4fa8bf3124926f0403a7502abbecfa2ba7504e63a958e7bd000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0xc
解密字符串:n z
解密HEX: 6edc7a8e00000000000000000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0xe
解密字符串:
解密HEX: 0000040000000000000000000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0xf
解密字符串:
解密HEX: 0000100000000000000000000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x10
解密字符串:SOFTWARE\Microsoft\Windows NT\CurrentVersion
解密HEX: 534f4654574152455c4d6963726f736f66745c57696e646f7773204e545c43757272656e7456657273696f6e0000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x11
解密字符串:ProductId
解密HEX: 50726f6475637449640000000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x12
解密字符串:\\?\
解密HEX: 5c005c003f005c00000000000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x13
解密字符串:waiting for network...
解密HEX: 770061006900740069006e006700200066006f00720020006e006500740077006f0072006b002e002e002e000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x14
解密字符串:runas
解密HEX: 720075006e006100730000000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x16
解密字符串:SystemDrive
解密HEX: 530079007300740065006d004400720069007600650000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x17
解密字符串:ComSpec
解密HEX: 43006f006d005300700065006300000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x18
解密字符串:.[%08X].[%s].%s
解密HEX: 2e005b0025003000380058005d002e005b00250073005d002e00250073000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x19
解密字符串:X:\ProgramData\microsoft\windows\caches
解密HEX: 58003a005c00500072006f006700720061006d0044006100740061005c006d006900630072006f0073006f00660074005c00770069006e0064006f00770073005c00630061006300680065007300000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x1a
解密字符串:Kernel32.dll;Wow64DisableWow64FsRedirection;Wow64RevertWow64FsRedirection;Advapi32.dll;CreateProcessWithTokenW;
解密HEX: 4b65726e656c33322e646c6c3b576f77363444697361626c65576f77363446735265646972656374696f6e3b576f773634526576657274576f77363446735265646972656374696f6e3b41647661706933322e646c6c3b43726561746550726f6365737357697468546f6b656e573b0000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x1b
解密字符串:exe;dll;
解密HEX: 6500780065003b0064006c006c003b0000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x1e
解密字符串:finished
解密HEX: 66696e6973686564000000000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x1f
解密字符串:open
解密HEX: 6f00700065006e00000000000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x20
解密字符串:admin
解密HEX: 610064006d0069006e0000000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x21
解密字符串:not admin
解密HEX: 6e006f0074002000610064006d0069006e000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x22
解密字符串:1. ID: %08X
2. %s
解密HEX: 31002e002000490044003a00200025003000380058000d000a0032002e002000250073000d000a00000000000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x23
解密字符串:%s (%08X)%c %I64d.%02I64d gb (%u)/%I64d.%02I64d gb (%u)/%u%%
解密HEX: 250073002000280025003000380058002900250063002000250049003600340064002e002500300032004900360034006400200067006200200028002500750029002f00250049003600340064002e002500300032004900360034006400200067006200200028002500750029002f0025007500250025000d000a0000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x24
解密字符串:3. Total: %I64d.%02I64d gb (%u)/%I64d.%02I64d gb (%u)/%u%%
解密HEX: 33002e00200054006f00740061006c003a002000250049003600340064002e002500300032004900360034006400200067006200200028002500750029002f00250049003600340064002e002500300032004900360034006400200067006200200028002500750029002f0025007500250025000d000a000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x25
解密字符串:X:\Users\All Users\Microsoft\Windows\Caches
解密HEX: 58003a005c00550073006500720073005c0041006c006c002000550073006500720073005c004d006900630072006f0073006f00660074005c00570069006e0064006f00770073005c0043006100630068006500730000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x26
解密字符串:ntdll.dll;NtQueryObject;NtQuerySystemInformation;RtlGetVersion;Kernel32.dll;GetFinalPathNameByHandleW;QueryFullProcessImageNameW;
解密HEX: 6e74646c6c2e646c6c3b4e7451756572794f626a6563743b4e74517565727953797374656d496e666f726d6174696f6e3b52746c47657456657273696f6e3b4b65726e656c33322e646c6c3b47657446696e616c506174684e616d65427948616e646c65573b517565727946756c6c50726f63657373496d6167654e616d65573b00000000000000000000000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x27
解密字符串:chrome;
解密HEX: 6300680072006f006d0065003b00000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x28
解密字符串:Users\Public;
解密HEX: 550073006500720073005c005000750062006c00690063003b00000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x29
解密字符串:iplogger.com
解密HEX: 69706c6f676765722e636f6d0000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x2a
解密字符串:/1JfuR4
解密HEX: 2f314a6675523400000000000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x2b
解密字符串:wininet.dll;HttpOpenRequestA;HttpSendRequestA;InternetOpenA;InternetCloseHandle;InternetConnectA;
解密HEX: 77696e696e65742e646c6c3b487474704f70656e52657175657374413b4874747053656e6452657175657374413b496e7465726e65744f70656e413b496e7465726e6574436c6f736548616e646c653b496e7465726e6574436f6e6e656374413b00000000000000000000000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x2c
解密字符串:%08X;%I64d.%02I64d
解密HEX: 253038583b25493634642e253032493634640000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x33
解密字符串:windows;winnt;\system32;\regedit.exe;
解密HEX: 770069006e0064006f00770073003b00770069006e006e0074003b005c00730079007300740065006d00330032003b005c0072006500670065006400690074002e006500780065003b0000000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x36
解密字符串: .Y!
解密HEX: f32e592100000000000000000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x37
解密字符串: !@]
解密HEX: dc21405d00000000000000000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x38
解密字符串:%s /c ping 1.1.1.1 -n 5 & fsutil file setZeroData offset=0 length=131072 "%s" & del /q /f "%s"
解密HEX: 2500730020002f0063002000700069006e006700200031002e0031002e0031002e00310020002d006e0020003500200026002000660073007500740069006c002000660069006c00650020007300650074005a00650072006f00440061007400610020006f00660066007300650074003d00300020006c0065006e006700740068003d0031003300310030003700320020002200250073002200200026002000640065006c0020002f00710020002f0066002000220025007300220000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x39
解密字符串:\Microsoft\Windows\Network Shortcuts
解密HEX: 5c004d006900630072006f0073006f00660074005c00570069006e0064006f00770073005c004e006500740077006f0072006b002000530068006f00720074006300750074007300000000000000000000000000000000000000000000000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
标志: 0x3a
解密字符串:Your files were encrypted!
Please contact us for decryption.
解密HEX: 596f75722066696c6573207765726520656e63727970746564210a506c6561736520636f6e7461637420757320666f722064656372797074696f6e2e00000000
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
```
### 4.1.5 配置初始化(sub_4068B0函数)
这里可以看到首先调用了**sub_402680函数**,然后又调用了**sub_407B10函数**来实现的对当前系统目录和当前运行程序的路径以及一些系统的特征文件夹进行获取。
进入到**sub_402680函数**可以看到**,**主要就是调用了**CryptAcquireContextW函数**来实现对加密对象的初始化,这里依旧是和字符串解密函数用的是一样的加密类型,都是**PROV_RSA_AES类型**(0x18),不知道什么类型的,可以看下图:
接着就是将**0x41f000**地址处的加密字符串数据赋值到**a1+8**结构的位置,然后将解密标志为**0xa**的解密字符串给到**a1+36**结构的位置(**这里0xa标志所解密的字符串既是所有后续所用的解密字符的密文,与后续的a有所区别)**。大致了解到,该函数主要就是实现了对**字符串解密结构的初始化**。
在完成了字符串解密的初始化以后,接着的就是调用**sub_407B10函数**来完成其他所需配置变量的初始化,进入到**sub_407B10函数**可以看到。
首先通过**GetSystemWindowsDirectoryW函数**实现了一下对`C:/Windows`路径的获取
调用**GetModuleFileNameW函数**实现对自身路径的获取
调用**SHGetSpecialFolderPathW函数**实现对`C:\ProgramData`和`C:\Users\Admin\Desktop`路径的获取
在完成了对数据的获取后,将要实现对字符串的解密然后初始化全局变量等
最后就是以分号分片该解密字符串,进行模块的加载。
```SQL
Kernel32.dll;Wow64DisableWow64FsRedirection;Wow64RevertWow64FsRedirection;Advapi32.dll;CreateProcessWithTokenW;
```
### 4.1.6 初始化窗口程序内容(sub_406D70函数)
这里在分析之前,先对可视化的控件的ID做一下分析,以便于后续的分析,后续中的描述也会根据ID+控件类型来进行描述。
因为是纯Windows编写的GUI程序,这里可以找到DialogBoxParamW函数,直接分析其回调DialogFunc即可
进入到DialogFunc函数可以看到,其中a2为消息类型,其中有对窗口初始化、按钮点击、窗口关闭等。
|
|
|---|---|
