AgentTesla Malware

 

Technical report of AgentTesla

 

Identification


Vendor

Detection

Microsoft

Trojan:MSIL/AgentTesla.RSF!MTB

Sangfor Engine Zero

Trojan.MSIL.AgentTesla.RSF

Alibaba

TrojanPSW:MSIL/AgentTesla.0f0d0fab

 

The following table contains list of artifacts that had been analyzed within this document.


 

PE timestamp

SHA256

Size in bytes

File name

Description

2020-10-01 06:40:24

cc262fd3fa1f646aff2f5bcdea33beca5ed081260028b8604d5f714dd23c03ac

200.00 KB (204800 bytes)

Lime_hench ckli 2.0

dropper

 


 

Summary

Agent Tesla is spyware that collects information about the actions of its victims by recording keystrokes and user interactions. It is falsely marketed as legitimate software on the dedicated website where this malware is sold.


Technical details

Code of malware is packed, so after unpacking it you should see only these sections as shown in figure below.





But that’s not actual code, actual code resolved during runtime of malware as shown in figure below.



It resolves QWzgdyIDcJlMs during runtime and code will be around 25k lines of code as shown in figure below.



It checks for the operating system as shown and gets a hash of the current domain in figure below.








It gets the hostname, processor type, name of current user as shown on figures below.







It enumerates network adapter configuration as shown in figure below.






It gets the mac address of the machine as shown in figure below.






Checking for debugger




Get user cookie



Get current process of malware






Enumeration functions in folder path "C:\\Users\\Mahmoud_El_Menshawy\\AppData\\Local”, used for stealing browsers caches, passwords, profiles etc... As shown in figure below.

stealing browsers caches, passwords, profiles etc... As shown in figure below.






CocCo Browser




Coccoc logins



Amigo user data



Amigo logins



Brave Browser user data





Brave Browser logins






Iridium Browser user data and logins






Vivaldi browser user data and logins


 





Torch Browser user data and logins


 






Comodo Dragon user data and logins





Opera Browser user data and logins



 





Citrio user data and logins







Elements Browser user data and logins











Sputnik user data and logins






Epic Privacy  user data and logins









CentBrowser user data and logins






Uran user data and logins








Chromium user data and logins






Chedot user data and logins







360 Browser user data and logins





Yandex Browser user data and logins







7Star user data and logins





Cool Novo (ChromePlus) user data and logins





Chrome user data and logins




keychain.plist






SMTP



Port number: 587 clearly.

Purpose of the code is to get malware configuration like username, password mailfrom etc...

Code of ((97085277-F30F-47FA-9C3D-82DA9E6730B4) shown in figure below.



Probably this is related to anti debugging, it creates specified time after time expires then it does something if not expire it runs normally.



[DebuggerHidden] #

It hides debugging for editing browser state.




Embedded http request

https://api.telegram.org/bot%telegramapi%/.

https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip". # Tor browser.






Enumeration and other important Functions



EnumProcessModules.

GetWindowThreadProcessId.

GetModuleFileNameEx.


Decryption of  all Configurations

All configurations depends on big array called <<EMPTY_NAME>>

Let’s go in depth of code.





Let’s go to the function Bx().



Then. <<EMPTY_NAME>>.



 

<<EMPTY_NAME>> is an array of bytes.




When I did more research I found reference to this array as shown in figure below.



So <<EMPTY_NAME>> is really big array around more than 11k line

So it gets each element of the big array then XOR with itself then XOR with value 170 and save it to array. <<EMPTY_NAME>> (overwrite array with new value) as shown in figure below.



So let’s see big array

{153,158,154,153,215,214,213,212,143,238,237,140,194,195,132,237,242,129,213,212,132,204,207,196,203,202,201,238,251,250,235,209,238,212,192,193,209,226,225,210,241,240,188,227,244,185,184,237,232,165,215,251,244,250,byte.MaxValue,233,222,246,254,246,226,byte.MaxValue,215,253,139,130,134,128,128,136,161,130,134,134,167,162,171,166,145,145,146,175,153,158,178,154,146,154,134,155,179,153,151,158,154,156,164,172,133,166,170,170,135,168,187,135,161,181,167,133,168,170,184,154,157,138,147,182,191,175,189,160,191,183,162,247,132,167,67,70,65,93,71,89,73,13,114,81,79,87,79,67,65,87,121,116,118,119,123,124,104,116,125,125,123,116,115,103,25,116,70,66,94,76,94,93,67,85,91,46,65,84,82,79,65,75,78,82,91,88,74,90,76,79,93,75,73,60,87,66,64,93,37,57,33,51,47,59,37,34,44,55,37,53,52,38,45,41,63,41,44,43,63,49,47,59,55,33,93,52,56,52,59,49,3,5,15,28,30,8,30,12,6,6,101,50,50,38,54,49,47,43,62,54,50,59,57,47,119,15,117,56,56,36,50,58,198,207,205,219,139,243,137,196,204,208,206,192,203,194,129,138,230,158,209,215,205,217,211,209,214,214,194,148,234,228,219,211,254,252,233,251,235,211,193,228,225,241,239,242,233,225,240,217,205,242,246,253,241,232,239,193,209,230,226,227,243,249,224,195,143,153,155,128,129,129,176,191,151,141,197,136,136,148,150,128,157,149,153,148,155,218,175,178,180,167,167,176,164,178,168,184,163,168,186,166,189,160,170,185,158,148,169,175,162,168,179,182,134,152,173,171,172,186,178,169,132,182,162,162,191,184,186,137,111,83,88,69,65,93,73,95,126,112,84,64,84,83,81,85,123,75,72,75,81,73,89,89,110,97,69,95,98,69,65,80,98,127,124,121,125,53,35,34,99,115,105,47,111,119,109,99,99,53,119,107,121,88,89,73,95,124,106,120,122,123,117,58,95,69,88,73,70,56,5,3,6,12,23,18,70,41,48,69,75,75,86,73,69,95,43,20,28,69,68,74,86,15,66,65,113,107,58,63,116,119,124,99,114,106,96,6,35,36,47,42,117,105,104,104,110,111,109,109,99,115,22,56,36,50,50,58,210,132,144,153,128,159,227,230,202,215,212,209,156,136,139,253,224,226,200,236,233,145,223,210,223,239,253,208,219,228,241,249,207,200,220,169,164,175,202,223,205,206,160,214,239,233,183,183,197,203,234,246,253,250,239,238,253,225,222,240,251,242,180,216,168,190,134,130,128,128,155,131,161,172,163,174,185,202,187,203,128,146,136,217,135,134,133,132,223,190,189,220,146,147,212,157,162,230,165,164,227,188,191,142,173,172,171,168,163,166,180,181,182,178,187,184,170,182,179,179,253,169,185,161,133,148,135,150,117,5,66,89,75,72,127,78,80,70,69,79,85,79,75,81,83,86,89,94,91,16,86,77,87,84,31,93,89,80,26,65,103,123,67,69,69,67,83,35,106,119,109,109,58,111,112,104,118,37,36,54,118,107,113,113,44,95,127,118,98,114,108,97,69,3,28,4,2,52,49,57,11,14,5,91,70,42,41,74,30,31,87,0,7,6,5,93,58,59,74,28,27,77,7,6,31,56,45,59,110,1,45,32,39,121,96,2,41,42,52,48,46,62,42,121,16,62,49,56,104,115,31,2,16,34,56,57,228,202,197,204,148,143,239,253,247,153,128,243,231,234,158,133,243,235,152,248,218,219,206,216,193,192,138,145,248,210,195,149,170,217,237,234,225,249,233,byte.MaxValue,231,231,161,212,245,226,246,165,212,250,245,252,164,191,211,206,212,230,252,253,216,246,249,240,159,133,129,135,157,155,141,129,142,176,143,135,146,144,133,151,159,167,181,144,157,141,147,142,157,149,132,173,161,158,154,145,165,188,187,233,128,155,144,142,183,177,178,164,168,179,146,160,168,168,177,182,176,131,139,180,188,183,191,166,165,155,187,180,78,14,78,93,94,71,67,94,86,6,15,4,64,83,84,80,73,94,74,28,27,89,72,77,66,82,67,66,65,88,70,81,47,88,92,70,92,67,105,99,101,119,104,86,116,110,112,96,89,119,119,106,123,88,121,105,80,106,100,116,101,88,100,112,24,10,72,43,28,0,27,30,7,17,47,17,3,21,5,69,41,20,30,13,9,30,14,24,46,60,0,20,4,22,84,38,62,42,42,37,43,22,45,35,38,38,56,97,4,53,43,50,41,62,42,0,63,49,56,56,42,15,9,48,56,51,49,45,232,217,199,222,221,202,222,241,247,208,197,211,134,227,197,209,219,242,202,208,218,214,201,208,146,241,194,222,193,196,209,199,195,249,225,237,231,250,225,209,215,240,229,243,166,195,229,241,251,216,240,235,241,242,245,232,byte.MaxValue,208,248,227,249,250,253,224,135,183,189,154,139,157,204,169,131,151,129,214,181,147,133,151,205,168,140,152,140,163,203,174,134,146,130,173,163,132,145,135,234,143,169,189,175,155,163,191,161,171,224,131,180,168,179,182,191,169,140,182,172,188,180,129,135,160,181,163,246,147,181,161,75,104,71,70,66,15,98,66,84,76,109,64,86,75,65,118,78,78,92,80,81,99,127,85,64,92,93,84,102,91,65,70,86,94,123,108,124,47,72,108,118,98,75,110,107,98,112,100,81,116,117,124,106,126,64,72,97,118,98,49,82,118,96,116,43,6,1,14,1,46,1,4,5,12,60,52,21,2,22,69,62,26,12,24,60,13,29,11,23,49,2,16,0,18,39,26,44,63,63,40,60,42,16,15,48,34,54,36,107,5,54,42,45,40,61,43,2,10,47,56,32,115,20,48,34,54,23,48,196,223,234,219,193,216,223,200,208,224,197,207,210,229,214,202,205,200,221,203,226,234,207,216,192,147,244,208,194,214,247,221,239,239,231,253,205,231,233,233,237,247,220,212,245,226,246,165,222,250,236,248,209,237,254,244,230,230,253,222,228,245,253,225,159,134,180,188,157,138,158,205,166,130,148,128,181,151,145,145,148,146,147,170,142,138,136,147,155,152,172,162,134,130,128,155,163,160,148,156,189,170,190,237,134,162,180,160,133,168,169,170,190,180,248,157,172,190,187,178,188,144,191,188,185,179,187,137,110,89,73,78,65,65,112,120,81,70,82,1,98,70,80,68,108,82,78,88,82,91,85,107,91,69,81,93,82,94,104,96,121,110,122,41,74,110,120,108,65,106,116,115,111,104,71,100,110,122,116,112,112,126,91,111,125,102,96,77,85,126,96,103,3,4,52,60,29,10,30,77,38,2,20,0,85,81,84,69,56,9,23,14,13,26,14,78,68,67,51,25,4,24,25,16,22,8,32,59,33,34,41,17,23,48,37,51,102,3,37,49,59,14,42,56,48,42,31,50,40,30,53,53,63,54,8,0,216,202,198,245,251,220,201,223,130,231,193,213,199,235,205,192,216,218,215,153,252,205,211,202,193,214,194,221,223,210,214,212,229,215,221,250,235,253,172,201,227,247,225,196,234,226,233,224,244,239,235,185,220,237,243,234,225,246,226,212,250,242,249,240,132,159,155,201,172,157,131,154,145,134,146,189,179,148,129,151,218,191,153,141,159,186,140,148,145,211,160,131,159,129,149,150,179,142,184,160,173,239,156,191,171,181,161,162,191,231,134,183,181,172,171,188,172,131,137,174,183,161,240,149,183,163,181,150,69,72,75,70,77,108,67,78,97,76,67,125,100,85,75,82,73,94,74,101,107,76,89,79,18,119,81,69,87,100,88,80,99,123,102,96,124,47,58,75,103,109,114,104,116,39,77,107,121,71,75,117,123,118,108,115,123,97,37,77,101,114,96,97,3,5,15,53,3,0,8,24,14,6,19,61,37,15,22,10,23,18,13,20,40,22,25,10,23,1,33,56,38,87,39,0,56,45,25,0,30,111,31,56,48,37,28,20,53,34,54,101,30,58,44,56,29,48,51,42,61,61,19,62,57,32,59,59,246,232,199,198,217,192,194,241,247,208,197,211,134,227,197,209,219,151,154,236,236,243,134,232,193,214,194,223,215,218,209,143,218,234,251,250,249,224,254,233,184,194,240,241,234,238,231,228,238,242,247,247,164,207,203,205,197,204,144,249,249,249,241,247,133,159,155,169,154,128,152,140,142,143,153,128,136,136,138,156,151,148,141,138,208,156,147,144,199,196,194,153,198,206,192,166,167,170,161,165,224,187,163,185,163,175,172,184,167,169,171,171,163,182,183,172,173,241,191,178,191,190,177,163,190,186,177,185,69,107,90,72,94,74,2,65,77,79,73,76,71,64,65,10,80,75,95,3,100,80,82,88,28,122,84,84,88,67,93,83,99,110,122,85,122,98,124,74,44,119,109,113,35,114,118,105,113,126,97,60,51,121,60,65,86,114,100,112,74,67,123,103,54,31,7,27,28,12,28,80,71,51,15,18,18,50,54,41,95,74,74,78,80,79,82,77,92,66,32,62,37,35,95,80,120,9,41,57,62,35,37,46,35,55,41,46,40,104,60,104,45,44,47,116,56,48,46,48,127,38,34,61,51,57,55,58,206,206,204,143,136,206,193,221,153,159,134,205,210,156,154,131,221,207,131,159,207,202,211,201,137,240,223,193,223,210,208,149,222,238,240,253,180,175,176,235,237,237,244,161,229,232,232,234,232,166,186,186,174,175,254,172,240,242,178,175,170,245,170,206,202,215,199,139,208,207,208,143,220,190,220,206,132,217,196,217,156,148,150,141,222,156,147,145,157,129,205,211,213,199,196,197,250,251,248,235,240,231,229,241,237,165,175,175,178,249,248,234,188,180,182,173,224,153,189,177,161,182,236,183,185,185,160,245,73,68,68,70,92,18,14,14,18,19,66,64,16,17,6,27,65,121,121,122,117,66,0,18,84,92,94,69,8,11,27,83,101,101,124,55,50,105,99,99,118,35,99,110,106,104,118,56,56,56,40,41,124,126,42,43,48,45,107,80,90,67,63,65,43,41,21,85,65,9,3,3,22,93,92,7,9,9,16,69,25,20,20,22,12,66,94,94,66,67,18,16,64,65,86,75,49,10,4,29,101,9,120,48,126,108,38,46,40,51,122,121,60,52,54,45,126,60,51,49,61,33,109,115,117,103,100,55,203,157,158,139,144,212,248,236,224,222,156,142,192,200,202,209,132,135,222,214,208,203,156,222,221,223,223,195,139,149,151,133,186,233,233,191,184,173,178,246,199,208,195,252,186,168,226,234,244,239,166,165,248,240,242,233,178,240,byte.MaxValue,253,249,229,169,183,201,219,216,139,143,217,218,207,220,152,183,136,136,154,216,202,156,148,150,141,192,195,154,146,156,135,208,146,153,155,155,135,247,233,235,249,254,173,173,251,244,225,254,186,133,134,148,150,150,148,155,146,163,227,243,187,189,189,164,239,234,177,187,187,94,11,75,70,66,64,94,16,0,0,16,17,68,70,18,19,24,5,30,76,95,77,78,6,14,28,86,94,88,67,10,9,108,100,102,125,46,108,99,97,109,113,61,35,37,55,52,103,123,45,46,59,32,57,120,124,96,97,43,45,57,113,123,123,30,85,84,15,1,1,24,77,1,12,12,14,20,90,70,70,74,75,26,24,72,73,94,67,84,31,17,3,4,76,72,90,44,36,38,61,112,115,42,34,44,55,96,34,41,43,43,55,103,121,123,105,110,61,61,107,100,113,110,119,36,54,38,39,145,151,135,207,193,193,216,147,158,197,207,207,210,135,199,202,214,212,202,132,156,156,140,141,208,210,134,135,148,137,207,241,207,199,245,181,161,233,227,227,246,189,188,231,233,233,240,165,249,244,244,246,236,162,190,190,162,163,242,240,160,161,182,171,145,174,166,173,147,211,195,139,141,141,148,223,218,129,139,139,142,219,155,150,146,144,142,192,208,208,192,193,148,150,194,195,232,245,179,129,129,130,137,176,254,236,166,174,168,179,250,249,188,180,182,173,254,188,179,177,189,161,237,243,245,231,228,183,75,29,30,11,16,84,101,67,81,70,82,85,91,27,11,67,85,85,76,7,2,89,83,83,70,19,83,94,90,88,70,8,40,40,56,57,108,110,58,59,32,61,123,79,115,106,72,106,121,112,101,37,49,121,115,115,102,45,44,119,121,121,96,53,9,4,4,6,28,82,78,78,82,83,2,0,80,81,70,91,1,43,25,30,27,59,19,10,28,14,76,94,16,24,26,1,116,119,46,38,32,59,108,46,45,47,47,51,123,101,103,117,106,57,57,111,104,125,98,38,2,50,55,52,3,39,41,105,133,205,199,199,218,145,144,203,205,205,212,129,197,200,200,202,200,134,154,154,142,143,222,220,132,133,146,143,205,242,250,225,207,217,245,181,161,233,227,227,246,189,188,231,233,233,240,165,249,244,244,246,236,162,190,190,162,163,242,240,160,161,182,171,145,173,217,148,210,192,138,130,140,151,222,221,128,136,138,145,218,152,151,149,145,141,193,223,209,195,192,147,151,193,194,215,244,176,142,251,179,243,227,171,173,173,180,byte.MaxValue,250,161,171,171,174,251,187,182,178,176,174,224,240,240,224,225,180,182,226,227,8,21,83,111,29,82,16,2,68,76,78,85,24,27,66,74,84,79,24,90,81,83,83,79,15,17,19,1,6,85,85,3,60,41,54,114,72,59,113,49,45,101,111,111,114,57,56,99,117,117,108,57,125,112,112,114,96,46,50,50,38,39,118,116,92,93,74,87,21,41,89,16,94,76,6,14,8,19,90,89,28,20,22,13,94,28,19,17,29,1,77,83,85,71,68,23,43,125,126,107,112,52,10,123,63,127,111,39,41,41,48,123,102,61,55,55,42,127,63,50,62,60,34,108,116,116,100,101,200,202,158,159,140,145,215,235,149,222,156,142,192,200,202,209,132,135,222,214,208,203,156,222,221,223,223,195,139,149,151,133,186,233,233,191,184,173,178,246,196,187,253,189,169,225,235,235,238,165,164,byte.MaxValue,241,241,232,189,241,252,252,254,228,170,182,182,218,219,138,136,216,217,206,211,153,165,217,156,218,200,130,138,148,143,198,197,152,144,146,137,210,144,159,157,153,133,201,215,233,251,248,171,175,249,250,239,252,184,134,240,246,186,248,234,188,180,182,173,224,227,186,178,188,167,240,178,185,187,187,167,23,9,11,25,30,77,77,27,20,1,30,90,96,22,21,88,6,20,94,86,80,75,2,1,84,92,94,69,22,84,91,89,101,121,53,43,45,63,60,111,99,53,54,35,56,124,66,52,40,102,36,54,120,112,114,105,44,112,127,127,98,101,123,121,86,13,7,7,26,79,15,2,14,12,18,92,68,68,84,85,24,26,78,79,92,65,7,62,38,33,60,12,74,88,18,26,36,63,118,30,39,33,40,34,53,48,96,19,2,23,39,55,63,63,61,55,42,54,61,49,34,60,60,56,53,46,54,57,197,201,218,205,201,204,196,223,205,206,197,218,221,220,148,216,199,198,251,214,206,198,232,210,241,220,221,193,195,195,209,253,235,248,224,250,230,238,185,188,176,192,239,241,byte.MaxValue,212,253,246,238,254,245,221,236,246,234,248,206,196,195,242,228,254,228,225,196,184,128,140,130,131,190,136,133,177,133,128,130,128,208,213,203,246,242,244,244,202,204,207,210,254,250,252,252,194,196,197,234,138,172,173,173,167,173,185,157,170,164,228,165,175,165,177,179,191,253,186,191,175,168,180,189,189,184,165,162,167,167,239,5,4,73,89,71,1,88,72,78,70,71,83,71,74,10,74,72,92,23,91,81,75,25,73,87,95,85,86,68,86,89,84,122,98,45,38,125,106,98,105,70,108,99,116,107,98,106,113,126,116,123,108,115,122,114,105,63,62,61,60,59,58,57,56,71,70,69,68,67,66,65,64,79,78,77,76,75,74,73,72,87,86,85,1,115,117,81,80,127,121,29,4,26,3,29,5,43,57,60,102,40,32,62,32,111,39,33,53,39,124,100,39,53,46,54,61,63,45,37,96,17,60,62,37,51,57,32,120,238,194,219,217,193,220,197,217,203,204,206,155,134,193,203,215,215,150,220,216,202,222,135,157,220,210,221,212,139,149,207,133,247,169,133,131,131,133,247,188,byte.MaxValue,192,239,239,242,226,234,241,183,223,241,234,238,240,239,244,230,250,byte.MaxValue,byte.MaxValue,172,183,242,250,152,134,197,141,143,155,141,214,194,141,129,140,131,218,198,158,202,134,218,194,222,153,149,145,151,157,145,156,147,202,214,142,251,182,234,196,196,140,163,163,182,166,174,181,235,147,189,181,191,225,248,162,236,162,209,215,223,217,253,252,219,221,151,186,69,64,65,76,93,96,92,72,80,66,99,73,84,72,73,64,102,124,87,86,89,83,89,97,113,91,66,94,91,82,104,96,121,110,122,41,74,110,120,108,94,48,54,49,69,111,118,106,119,126,68,90,118,109,115,112,119,79,69,98,115,101,52,81,11,31,9,48,15,1,8,8,26,48,50,54,7,21,1,69,51,9,23,23,60,13,29,11,23,83,50,3,25,0,7,16,56,23,1,59,39,43,37,56,47,31,21,50,35,53,100,1,59,47,57,26,49,48,48,19,61,37,63,20,38,62,55,117,250,217,193,223,207,204,213,141,224,209,207,214,213,194,214,230,213,216,251,214,221,238,237,157,240,193,223,198,197,210,198,225,239,229,235,236,224,251,208,220,211,193,242,238,241,244,225,247,198,206,235,252,236,191,216,252,230,242,197,210,182,213,230,250,157,152,141,155,187,172,174,159,141,148,147,132,148,187,145,166,149,129,181,156,154,150,157,158,157,156,155,152,147,132,218,134,187,167,161,189,171,137,165,191,167,165,175,185,135,151,148,129,155,143,153,133,147,176,166,180,190,191,177,141,144,190,166,176,76,68,80,117,103,76,73,110,67,87,124,108,73,93,77,73,86,90,100,80,93,90,95,92,70,111,96,80,90,82,121,90,101,101,84,68,97,96,98,110,106,106,108,101,38,87,118,106,126,110,123,109,119,112,114,110,78,67,113,125,115,55,89,122,5,5,52,58,11,14,33,2,12,8,5,24,58,42,11,31,19,23,20,24,34,44,25,28,63,28,30,26,19,14,40,51,38,36,43,34,18,9,32,34,33,40,28,3,52,40,51,54,63,41,4,18,115,18,57,49,55,60,62,13,29,122,25,48,198,206,199,199,242,byte.MaxValue,195,222,214,193,207,217,250,247,203,214,206,217,215,193,226,235,212,200,220,215,213,195,212,222,198,209,214,223,224,252,224,235,233,byte.MaxValue,224,234,242,229,218,206,231,224,222,233,249,254,241,241,192,222,253,254,byte.MaxValue,245,249,203,221,246,143,175,154,136,137,128,130,177,181,130,148,132,148,161,139,157,166,172,153,141,155,141,154,146,138,175,178,157,151,148,159,189,171,188,163,149,128,138,152,138,131,151,133,225,146,162,167,173,180,180,180,182,185,182,185,174,142,145,188,176,181,188,156,180,93,64,116,106,87,77,73,95,100,76,88,125,30,87,65,70,66,72,76,76,90,86,83,78,110,112,73,83,83,69,82,90,114,87,88,104,122,103,49,37,89,66,45,123,54,42,61,89,53,71,54,69,51,66,55,52,98,97,127,119,127,123,113,102,68,2,6,0,50,43,9,11,3,22,12,21,58,55,22,10,28,18,20,28,17,13,21,26,27,29,47,4,4,27,1,6,47,57,38,40,35,42,19,59,35,47,53,36,54,38,55,54,45,52,42,61,1,41,61,49,39,54,38,96,102,33,101,100,246,231,199,202,207,195,140,254,214,194,212,196,132,194,202,198,200,194,200,205,219,219,227,214,215,202,146,139,148,159,154,159,181,162,170,213,202,234,234,236,247,239,244,221,202,232,227,236,244,187,220,248,234,254,192,209,253,244,249,byte.MaxValue,182,211,245,225,139,183,175,134,129,136,128,136,190,160,136,147,137,138,129,185,175,136,157,139,222,187,157,137,147,175,156,158,145,158,154,134,135,170,162,166,188,130,165,163,173,177,242,135,247,134,242,240,234,239,245,233,232,235,237,240,230,231,147,151,251,239,150,151,31,6,27,31,31,29,104,21,20,22,102,19,99,18,115,76,84,95,87,78,77,31,111,88,81,70,66,84,22,121,91,65,111,56,75,74,74,58,56,52,59,46,56,54,71,63,41,49,88,42,40,52,95,45,45,40,63,37,32,41,46,47,44,81,46,88,42,92,91,56,5,3,6,12,23,18,70,48,1,7,90,43,25,10,13,8,19,15,22,83,51,3,19,19,17,27,62,34,41,37,127,122,120,8,112,112,4,113,107,4,114,113,110,118,108,28,104,25,113,101,17,22,102,124,99,103,98,108,152,156,154,239,151,150,149,235,245,202,206,197,201,208,215,133,249,201,221,221,219,209,200,212,211,223,144,225,223,212,223,208,248,171,216,251,225,251,233,238,246,236,242,181,196,193,176,198,174,175,170,180,167,221,164,220,191,167,161,208,166,186,214,166,210,219,197,173,170,219,173,218,210,215,164,165,164,213,220,178,159,153,216,186,140,154,152,152,156,135,153,144,154,132,195,194,136,136,253,241,252,141,225,139,242,130,246,236,242,130,245,240,247,239,157,225,238,242,234,236,229,224,230,147,224,145,231,151,24,18,127,64,64,75,67,90,81,3,99,83,67,67,65,75,78,82,89,85,77,122,10,4,118,4,8,2,14,26,13,4,72,62,37,61,72,76,53,32,58,58,68,52,43,53,55,53,94,47,92,45,93,92,46,95,81,68,121,127,114,120,99,102,74,47,7,4,15,6,2,77,33,6,18,21,15,1,13,6,27,15,29,89,61,13,25,25,23,29,4,24,23,27,71,48,122,14,123,124,12,10,97,124,0,116,119,108,114,116,1,114,119,25,96,110,109,114,29,24,22,106,96,96,20,97,102,98,159,233,byte.MaxValue,192,192,203,195,218,209,131,228,206,203,198,205,203,154,235,217,202,205,200,211,207,214,147,243,195,211,211,209,219,254,226,233,229,189,204,180,181,180,197,198,178,171,181,178,179,163,182,172,216,223,173,177,220,170,213,210,188,165,209,162,162,223,210,169,222,217,218,216,213,181,138,142,133,137,144,151,197,191,131,140,156,144,155,153,153,210,176,130,148,146,146,154,129,163,170,164,249,254,byte.MaxValue,252,253,242,243,240,236,246,247,244,245,247,235,232,233,238,242,236,237,226,227,253,225,230,231,228,229,26,27,24,25,30,31,28,126,65,75,69,76,71,110,64,85,104,94,75,86,75,77,95,88,119,95,85,92,83,89,64,69,67,111,109,103,122,102,120,116,71,111,101,108,99,105,112,117,74,122,123,114,127,120,121,78,123,119,96,80,99,99,124,112,4,31,1,10,15,27,3,31,39,15,5,12,3,9,16,44,63,84,61,29,25,26,40,4,2,22,38,16,26,2,17,41,9,36,37,36,33,33,108,11,43,47,37,50,26,6,52,53,54,62,4,24,46,47,48,56,114,18,32,33,58,62,55,52,222,194,199,199,142,252,217,221,210,204,210,213,250,215,200,208,206,210,212,151,219,199,217,225,243,195,192,221,211,151,247,218,231,251,253,253,235,253,208,221,240,230,230,228,244,226,234,230,byte.MaxValue,232,196,242,251,230,byte.MaxValue,245,243,250,254,191,230,251,253,230,158,193,164,134,137,134,130,205,166,130,148,128,140,136,145,151,148,154,148,142,145,136,163,145,157,148,153,159,133,171,185,156,169,185,167,186,161,169,184,145,135,167,167,164,154,146,183,160,168,251,156,184,170,190,153,185,181,182,240,146,190,165,187,184,67,94,69,117,99,70,79,95,77,80,79,71,82,123,103,87,95,95,93,87,74,86,93,81,65,111,108,124,95,84,70,90,121,100,110,125,82,95,126,98,118,102,99,117,90,64,113,108,126,86,121,106,106,122,110,86,119,106,76,85,115,113,117,96,6,31,52,44,0,12,30,20,18,23,5,5,53,19,11,23,27,28,29,37,59,17,31,15,11,3,4,20,18,36,0,26,56,42,47,44,43,33,56,63,43,38,51,34,39,51,33,34,53,41,33,9,63,44,47,42,61,33,52,34,34,37,103,38,222,217,154,203,194,192,206,157,242,204,208,241,199,212,215,210,213,201,220,234,211,203,204,237,211,192,195,198,217,197,208,230,229,237,252,254,239,253,233,209,203,237,227,243,227,227,237,200,251,242,244,197,215,251,249,243,230,250,228,248,243,228,200,201,171,136,139,134,155,129,152,158,189,173,133,150,163,138,133,140,150,186,156,157,140,154,143,142,161,158,132,129,165,146,134,131,175,185,161,167,173,189,169,169,171,174,161,168,170,143,143,128,131,132,155,140,140,141,153,147,134,140,133,130,147,133,136,134,69,77,92,94,79,93,73,113,115,86,65,77,69,72,73,72,102,126,77,93,81,77,93,97,113,92,93,92,87,89,80,121,99,101,109,106,123,125,126,104,108,119,83,100,114,115,109,107,125,104,75,120,104,122,76,124,97,96,103,126,100,115,64,112,18,31,58,12,26,26,30,3,35,7,4,19,3,20,23,32,15,31,23,11,31,35,26,28,30,24,31,31,42,7,6,26,44,34,36,44,61,19,63,57,35,49,52,17,52,40,34,44,54,62,101,123,118,4,29,112,40,99,125,104,10,120,8,123,247,128,129,139,242,205,222,194,213,208,197,197,199,211,197,139,222,217,217,204,202,208,218,212,222,223,246,208,218,220,219,219,170,201,250,230,249,252,233,255,241,247,225,243,242,215,246,234,252,242,244,252,163,183,199,220,191,233,160,188,175,203,187,201,196,182,195,192,172,142,143,134,135,141,132,220,206,188,165,200,128,203,213,192,162,208,160,211,223,174,219,216,170,132,145,129,190,162,166,174,189,225,165,163,171,159,131,173,167,176,183,232,183,186,177,181,130,188,176,188,165,160,162,178,166,182,167,166,65,78,81,25,67,78,95,89,71,81,127,81,71,84,87,85,82,73,89,74,91,96,79,92,94,71,13,25,24,28,29,88,107,120,124,108,124,80,124,108,113,112,112,105,116,102,119,96,69,107,122,114,122,121,46,66,96,124,101,127,114,100,41,61,68,64,65,28,29,10,51,0,3,16,20,4,20,56,20,4,9,8,8,17,12,30,15,24,79,91,94,90,95,43,21,22,41,36,61,39,58,61,47,62,47,55,48,30,53,34,54,51,63,41,57,61,58,45,57,46,33,50,51,50,57,34,58,33,246,219,201,218,221,216,195,223,198,208,212,206,212,194,214,198,193,147,150,147,151,147,148,147,152,154,205,153,152,157,157,246,230,234,255,250,195,238,229,225,214,241,225,239,245,225,235,247,247,221,241,247,255,243,222,241,253,240,251,194,227,245,231,225,152,130,134,142,167,155,137,159,131,151,137,142,136,164,139,144,148,143,139,144,153,145,147,147,129,192,222,133,142,131,217,216,231,198,194,231,195,197,163,175,168,166,163,181,181,131,165,177,187,159,189,186,172,166,172,169,134,161,185,161,186,178,144,176,89,109,68,70,77,68,12,111,80,76,87,82,67,85,101,105,118,110,107,124,108,108,108,111,125,117,121,125,115,107,104,113,115,101,76,71,93,83,89,125,102,98,116,100,116,91,103,106,116,125,113,126,48,123,101,115,118,125,99,100,101,114,102,123,11,6,13,84,83,31,13,30,17,20,15,19,2,90,66,45,14,77,51,3,38,23,63,21,26,7,4,1,76,88,91,49,51,37,12,39,61,97,47,34,47,7,57,47,2,9,23,25,10,40,49,5,46,45,51,59,59,63,53,34,10,7,39,60,129,247,216,219,193,201,197,193,199,208,252,192,197,196,203,208,212,207,203,151,198,210,208,211,211,222,213,219,223,211,196,212,249,248,255,230,252,235,220,254,235,172,208,242,239,172,215,234,252,239,239,248,236,250,192,210,226,246,254,199,198,217,185,210,191,162,180,138,129,129,138,132,133,144,179,142,128,147,147,132,136,158,164,182,142,154,146,171,162,189,221,182,163,190,168,150,165,165,174,160,169,188,144,184,177,166,178,175,167,170,161,164,175,175,176,244,186,190,168,188,183,189,164,163,185,167,173,154,90,78,70,9,120,127,98,120,113,102,114,113,116,104,98,108,118,126,100,118,78,90,82,107,98,125,108,82,89,89,82,92,109,87,122,108,99,96,120,104,34,95,70,104,106,98,94,108,118,119,121,69,108,122,127,120,124,103,99,116,100,97,113,103,25,69,16,4,2,83,63,8,16,21,5,19,88,91,44,10,9,15,70,69,81,55,19,14,6,77,74,77,38,24,6,1,116,119,103,25,33,61,56,115,126,22,51,36,52,121,120,106,15,40,61,43,96,99,12,60,33,32,112,52,56,52,59,49,195,197,207,148,140,205,205,222,199,149,148,131,152,155,139,245,219,200,203,135,130,239,221,206,193,141,246,216,218,210,238,220,230,231,233,218,193,201,216,218,195,209,197,221,218,202,229,247,238,242,246,185,206,237,245,246,224,234,252,205,202,192,253,251,185,168,184,201,220,179,176,190,135,144,147,136,137,137,151,173,149,136,140,183,159,146,153,168,129,150,130,191,151,154,145,165,191,169,164,160,173,132,169,180,132,170,172,164,150,168,182,177,148,174,181,187,187,173,238,239,137,131,130,152,128,150,128,144,10,96,109,112,14,99,99,110,99,119,105,110,104,29,4,7,65,11,69,27,99,104,85,83,97,112,96,100,69,82,70,91,107,102,109,72,98,99,44,88,113,102,114,114,90,65,104,100,105,115,94,65,78,67,47,108,103,122,115,122,56,115,117,97,35,59,85,25,1,29,24,80,23,16,5,19,91,23,5,22,9,70,27,11,27,30,8,24,22,78,54,29,23,4,28,51,18,27,20,15,26,31,108,3,35,53,41,38,39,51,43,55,6,29,44,41,50,54,47,41,124,39,40,37,5,50,38,35,207,217,230,198,142,255,205,222,209,212,207,211,194,242,215,192,200,253,236,233,158,241,221,203,219,212,209,197,217,197,228,199,229,236,250,232,227,233,229,225,231,240,168,249,190,177,173,245,232,244,255,235,255,242,250,244,254,246,227,205,252,211,251,226,132,135,135,136,138,138,158,177,129,140,142,135,143,128,184,129,155,143,153,155,159,140,153,211,129,144,130,152,134,131,132,135,165,172,186,168,163,169,165,161,167,176,232,185,254,241,237,140,148,136,157,139,138,255,149,147,134,156,240,146,153,153,146,156,109,11,126,104,98,122,105,126,10,4,97,66,69,72,81,75,78,120,87,87,74,77,83,81,94,86,66,22,26,16,71,68,36,127,112,125,68,75,99,122,108,111,111,96,98,98,118,86,117,125,108,110,127,109,121,65,66,114,124,101,119,123,127,93,33,46,49,54,45,58,62,63,39,45,52,62,51,52,33,55,38,40,23,31,10,8,29,15,23,47,32,16,26,3,21,25,33,23,56,62,42,31,45,33,54,34,44,42,26,105,52,48,40,43,52,60,2,62,63,62,61,38,62,37,37,121,44,56,198,151,201,202,205,192,217,195,214,157,156,209,212,200,208,202,217,212,212,135,130,144,204,207,221,199,223,210,217,219,138,137,228,234,229,236,176,179,163,227,227,238,229,191,186,247,229,246,233,236,247,235,250,161,160,178,226,242,227,226,225,248,230,241,212,187,129,141,137,134,130,177,177,142,129,147,146,161,176,181,166,184,148,144,155,145,136,221,192,221,192,173,176,150,130,154,184,162,188,172,189,147,157,184,171,160,171,225,133,168,170,171,191,184,172,133,130,140,177,188,160,167,150,133,134,139,151,185,67,78,70,93,14,29,2,29,126,101,65,87,73,85,77,81,95,72,100,104,75,86,95,86,18,112,95,95,88,82,87,65,86,33,38,113,99,99,48,93,99,112,115,118,105,117,96,59,38,52,72,120,109,108,107,114,96,119,46,45,88,118,121,112,84,87,71,39,15,2,9,83,49,14,1,19,18,33,48,53,27,11,8,29,31,11,29,33,59,3,3,6,31,3,23,29,22,28,27,22,8,27,28,17,17,42,52,36,53,27,51,54,5,61,44,41,112,54,50,52,26,28,3,5,3,30,16,5,253,239,255,250,241,233,248,253,242,244,228,156,237,194,221,232,213,223,221,240,232,239,221,217,214,218,222,214,245,197,209,212,254,238,204,236,237,253,245,253,246,236,242,221,229,225,240,245,198,221,236,233,242,246,239,233,188,231,232,229,173,196,241,231,156,142,154,212,213,191,131,159,150,222,219,177,135,148,151,146,149,137,156,196,197,170,143,152,128,206,203,176,152,152,154,140,167,164,189,186,243,129,173,160,167,254,134,149,150,132,171,168,183,186,182,189,187,173,128,155,134,131,151,180,162,163,177,167,118,88,77,91,88,74,94,94,12,91,77,77,26,84,65,87,76,94,74,7,2,76,89,79,68,86,66,110,95,71,10,9,37,120,109,123,120,106,126,82,107,115,62,61,117,98,118,115,127,105,71,105,113,109,104,35,46,60,99,116,100,97,113,103,53,27,7,27,26,81,80,30,7,17,22,4,20,56,17,22,31,9,39,23,31,18,25,67,78,92,3,20,4,1,17,7,21,62,59,44,60,16,34,44,47,38,126,125,53,34,54,51,63,41,7,44,45,58,46,2,34,50,35,34,33,56,38,49,148,151,135,218,203,221,218,200,208,252,213,210,195,213,251,213,219,200,203,206,209,205,216,131,244,231,224,246,211,195,192,208,248,195,195,204,215,208,192,194,193,194,204,222,203,198,199,205,211,213,221,197,205,208,218,201,197,210,194,212,202,193,253,225,139,135,159,140,156,132,159,177,166,182,163,169,173,162,189,186,185,174,170,171,187,177,168,162,167,160,181,163,170,164,187,179,158,156,137,155,139,147,154,164,182,162,172,182,163,181,175,182,134,159,141,154,139,140,153,143,188,178,189,180,152,152,249,156,122,0,5,25,31,29,31,25,23,21,23,25,31,102,102,102,126,126,126,126,118,118,118,118,126,126,126,126,102,102,102,102,94,94,94,94,86,86,86,108,96,96,100,100,96,96,108,108,112,112,116,116,112,112,108,108,96,96,100,100,96,96,108,108,16,55,60,1,11,79,46,12,22,66,60,32,5,4,11,16,20,15,86,58,56,49,6,7,8,115,112,113,34,31,17,55,43,63,0,2,11,22,19,14,23,17,18,4,8,19,27,16,9,30,10,5,13,48,58,41,37,50,34,52,10,5,61,56,235,217,220,218,242,237,158,241,241,198,212,213,207,201,195,214,254,218,204,216,250,214,206,251,221,223,212,212,196,153,216,198,254,215,197,232,231,227,238,226,250,173,233,239,239,198,231,230,245,238,246,237,205,210,200,205,193,246,226,231,243,229,217,244,131,135,169,141,138,157,137,158,145,179,129,146,149,176,128,167,159,152,147,128,223,163,168,143,155,159,156,152,151,153,168,128,185,174,186,186,146,168,160,162,160,162,172,157,167,164,167,170,175,181,172,170,240,187,189,169,147,176,179,190,163,185,160,166,126,89,65,69,66,70,77,67,113,76,70,85,81,70,86,64,102,118,81,90,76,80,79,82,84,71,108,126,80,81,93,86,111,87,57,60,32,63,80,66,119,119,108,110,105,108,88,85,104,116,126,112,114,122,111,65,93,102,100,125,121,120,127,73,83,88,95,92,45,41,42,93,86,82,83,80,87,86,0,86,56,67,64,56,78,79,77,77,70,49,66,48,64,65,67,67,25,36,46,61,57,46,62,40,30,14,41,34,52,40,55,42,60,47,4,14,55,49,56,50,37,32,112,31,2,11,23,32,216,217,205,199,218,249,201,223,209,202,207,207,250,240,205,203,222,212,207,202,158,242,217,206,193,210,215,216,216,208,148,230,byte.MaxValue,233,251,240,253,251,233,224,222,211,242,238,224,238,232,224,233,199,215,236,234,243,243,242,249,207,169,162,161,162,215,211,172,219,220,216,221,222,221,220,134,208,162,217,222,166,212,213,203,203,204,187,204,190,202,203,197,197,163,158,144,131,131,148,184,174,148,132,167,172,190,162,177,172,166,181,154,144,173,171,190,180,175,170,254,146,185,174,161,178,183,184,184,176,244,134,95,73,91,80,93,91,73,64,126,115,82,78,64,78,72,64,73,103,1,10,9,10,127,123,116,3,4,0,5,6,5,4,110,56,74,49,54,78,60,61,51,51,52,67,52,70,50,51,45,45,75,118,120,107,107,124,96,118,76,92,127,116,102,122,25,4,14,29,50,32,10,11,11,0,5,61,87,81,74,85,38,52,13,13,18,16,19,22,46,35,2,30,16,30,24,16,57,23,7,60,58,35,35,34,41,31,121,114,113,114,7,3,28,107,108,104,109,110,109,108,54,96,18,105,110,22,100,101,155,155,156,235,156,238,154,155,149,149,229,204,199,206,200,236,247,250,232,153,238,222,207,206,197,220,194,213,230,248,228,134,170,219,233,250,253,248,227,byte.MaxValue,230,203,212,213,214,167,212,228,233,232,239,246,236,251,207,208,198,195,176,193,247,228,231,226,133,153,140,186,163,187,188,205,177,134,146,151,131,149,171,144,142,151,151,150,149,183,183,184,171,172,179,164,164,165,177,187,158,148,157,154,139,157,144,158,173,165,180,182,167,181,161,153,155,190,170,182,184,176,164,129,148,188,168,188,183,190,184,133,88,78,94,64,75,88,105,85,71,64,85,85,71,69,72,64,114,112,125,96,97,124,105,111,96,118,126,101,105,98,103,112,88,87,91,102,104,123,123,108,112,102,92,64,99,117,107,99,117,99,68,95,113,103,113,124,123,127,76,71,37,57,37,83,5,19,5,8,7,3,60,12,22,11,60,50,18,8,22,4,29,30,36,37,19,30,21,17,46,47,38,24,4,3,1,20,38,24,60,38,60,42,16,29,48,44,39,51,39,42,100,3,51,55,61,42,2,25,51,37,63,50,57,61,10,58,53,60,198,247,244,byte.MaxValue,199,221,216,216,195,207,243,213,201,213,193,249,234,201,215,222,204,222,209,157,244,218,220,212,197,151,156,205,178,189,161,213,200,224,244,224,227,234,236,221,235,230,237,233,198,199,217,250,253,240,233,243,230,224,204,208,245,244,251,224,132,159,198,155,139,140,220,177,163,128,131,142,147,137,144,203,137,143,159,171,155,158,152,185,155,128,128,158,133,146,164,186,154,248,128,166,189,187,159,128,150,147,136,174,181,179,141,171,185,180,181,176,176,184,143,184,160,165,181,163,134,152,132,230,122,74,91,90,89,64,94,73,100,76,88,76,71,78,72,16,123,12,9,101,113,79,89,79,83,19,125,80,95,91,104,122,122,110,122,104,46,66,109,100,110,95,119,96,104,99,42,97,123,111,119,105,123,109,125,39,93,99,117,99,119,55,89,116,3,7,9,11,13,172,203,9,7,5,7,165,249,15,160,212,19,17,19,21,19,17,19,190,196,3,1,3,5,178,235,1,63,136,244,63,57,55,53,55,115,113,115,117,115,113,115,125,99,107,7,116,112,33,125,29,113,119,117,15,112,125,124,124,241,208,245,212,242,211,139,150,152,143,156,159,137,152,143,152,183,177,152,229,238,208,223,210,223,210,217,221,234,214,215,214,229,254,230,253,253,161,229,227,235,211,207,209,214,230,247,246,201,214,204,201,206,254,239,238,193,222,196,193,198,248,247,250,167,138,129,133,188,138,141,129,180,173,163,193,210,201,156,182,181,189,172,174,191,173,185,161,165,156,135,199,194,196,198,187,165,175,173,149,156,170,173,161,148,141,131,157,145,174,170,147,148,152,236,139,187,190,176,139,156,144,240,226,248,175,135,154,108,127,127,104,124,106,112,127,71,66,76,119,104,100,120,83,84,88,75,92,76,73,89,79,97,124,118,101,97,118,102,112,86,89,109,104,98,89,66,78,94,84,105,111,80,73,71,49,73,116,126,109,105,126,110,120,78,92,66,93,74,64,125,123,60,37,43,90,58,6,11,5,22,53,46,34,53,8,2,17,13,26,10,28,34,43,21,26,26,7,38,63,53,43,39,16,56,61,45,59,30,46,63,62,53,44,50,37,16,46,33,50,21,53,52,32,10,54,59,53,38,5,30,18,118,20,59,59,222,217,199,197,254,206,223,222,213,204,210,197,229,200,202,209,200,212,212,233,223,204,207,202,221,193,212,229,223,208,209,199,220,197,203,218,225,233,248,250,227,241,229,221,210,238,227,224,232,205,214,218,194,204,249,239,228,246,226,197,228,254,249,192,134,159,154,136,184,161,175,189,144,140,135,147,135,138,162,140,150,158,139,209,134,199,202,212,174,134,134,159,149,215,150,131,168,170,148,156,162,187,190,172,148,141,131,157,179,171,176,183,187,173,182,186,240,182,178,180,162,178,163,162,161,179,164,180,89,88,95,77,28,127,94,66,69,81,65,76,96,78,72,64,73,103,109,85,74,77,93,107,124,112,108,68,90,67,70,84,124,101,107,39,103,97,101,0,8,95,101,76,38,68,104,108,127,117,108,55,122,115,112,120,95,51,83,125,127,114,122,97,54,10,11,10,1,26,2,25,17,77,4,0,18,2,41,69,57,23,17,28,16,11,61,30,17,28,5,31,2,52,27,27,44,34,47,60,60,46,56,36,45,45,119,115,127,119,113,6,110,108,117,31,106,25,24,112,102,16,22,102,123,22,96,109,147,134,156,236,150,158,158,156,227,146,149,148,228,227,204,202,201,207,215,143,134,143,138,139,134,129,219,211,251,128,215,128,214,198,233,224,226,237,229,byte.MaxValue,230,223,211,245,233,245,225,217,201,239,247,235,251,177,248,byte.MaxValue,193,246,226,231,243,229,203,221,133,152,156,172,128,140,158,148,146,151,133,133,182,134,151,150,141,148,138,157,179,158,149,145,144,154,130,149,165,146,154,145,175,185,129,173,171,161,184,164,182,170,165,178,136,168,182,161,140,139,150,151,177,173,184,139,130,157,240,181,191,165,177,182,94,68,90,80,14,65,67,89,2,69,79,84,72,67,5,107,85,73,92,111,78,81,18,88,74,86,26,68,69,82,70,27,105,100,102,111,103,104,95,104,110,102,99,117,85,110,106,98,118,126,86,118,122,122,51,50,97,118,100,101,127,121,115,78,42,5,9,4,11,82,75,56,17,6,18,15,7,10,1,66,39,84,14,24,18,10,25,52,28,29,21,3,34,18,12,1,101,100,59,44,58,59,37,35,37,24,0,47,39,42,33,120,125,11,57,42,45,40,51,47,54,116,13,126,32,54,56,32,207,247,229,208,253,254,224,241,245,204,210,202,196,194,202,198,210,231,207,214,204,212,222,216,220,208,216,238,195,196,209,199,213,239,233,253,239,161,232,236,246,129,131,204,byte.MaxValue,212,213,201,186,204,247,235,245,253,249,243,241,251,181,193,228,248,243,231,139,134,191,223,218,220,222,200,178,145,137,151,135,147,129,197,179,149,140,156,140,145,153,137,210,178,147,146,147,132,135,169,174,170,188,168,146,159,190,164,180,162,180,164,230,142,170,177,191,169,182,188,170,255,157,190,177,182,163,162,138,179,181,161,75,119,73,74,77,64,89,67,86,13,74,82,73,73,10,15,24,78,75,92,76,81,93,80,87,17,10,19,30,25,30,10,35,41,38,35,44,127,109,126,113,116,111,115,98,37,62,39,50,53,50,38,55,61,76,111,123,101,113,101,115,55,93,123,30,14,26,7,11,27,76,44,1,0,5,18,21,91,5,23,8,26,1,71,66,27,21,30,6,77,76,2,2,5,29,27,45,117,116,102,61,59,62,36,44,36,126,125,34,38,48,36,100,103,119,61,63,43,61,99,1,50,54,48,36,62,116,23,216,196,223,218,203,221,140,128,193,204,206,215,195,213,208,133,194,214,212,136,158,146,207,157,159,220,144,147,234,209,221,205,239,239,215,226,235,246,239,229,227,234,238,175,254,234,232,167,186,218,169,169,220,174,173,222,163,161,212,160,165,210,165,161,172,218,221,168,172,172,168,168,164,203,165,143,130,148,179,140,142,147,209,176,144,155,153,133,189,149,165,191,191,166,161,176,190,170,170,165,171,156,163,171,182,180,161,179,163,155,128,170,173,181,180,182,191,187,145,188,188,178,183,180,164,139,132,180,89,88,95,70,92,75,95,113,103,77,67,113,71,84,87,82,85,73,92,112,80,75,89,79,92,86,68,17,114,88,67,91,102,100,105,109,46,66,109,99,99,100,101,115,125,55,121,109,110,111,104,35,49,48,45,47,37,61,32,63,38,57,37,47,34,63,60,57,65,94,66,92,66,43,15,18,18,9,5,8,31,43,23,11,10,77,76,77,82,48,31,31,24,18,23,1,35,36,38,105,43,60,56,44,32,47,41,50,46,34,32,72,80,11,42,54,38,38,113,28,53,54,62,37,108,119,28,1,197,248,157,209,163,165,161,167,225,204,206,207,195,196,208,"Notshowingallelementsbecausethisarrayistoobig(11846elements)"};


So the value of (byte.MaxValue) will be 255 as shown in figure below.



So at this point everything is okay but only problem is string called 

,"Notshowingallelementsbecausethisarrayistoobig(11846elements)At the end of array.





So that means we don’t have all values of bytes of array which means we can’t reverse the array to get string <<EMPTY_NAME>> which will be resolved after finishing the loop.


I tried to create array of bytes but it display error called “cannot implicitly convert type string to byte”

That’s mean we don’t have complete elements of array


 

So I removed string,"Notshowingallelementsbecausethisarrayistoobig(11846elements)".

Let’s see decryption function of malware and how to get host

That’s the beginning of the SMTP function.

So class call function Bx() as shown in figure below.




If we go through Bx() we see this code.

So it pushes an array called <<EMPTY_NAME>> with parameters (151, 1888, 25) and the return value will save at an array called <<EMPTY_NAME>> [151].

<<EMPTY_NAME>> with parameters (151, 1888, 25)

151 => refers to the save position of the first array.

1888 => starting counting position of big array which was already mentioned at the beginning of report.

25 => counting.

So that means it starts from the position of array 1888 until 1913.

So length of host name will be 25




So let’s go inside <<EMPTY_NAME>>



EMPTY_NAME>> with parameters (151, 1888, 25)

Num => 151, index => 1888, count => 25.

So num2 =0.

So we hit if condition if (num2 ==0){num2 =1}

So value of num2 will be 1

If value of num2 = 4 exit while loop otherwise continue looping

Value of num2 = 1.

So we hit condition

If (num2 == 1) {num2 =2}

So value of num2 will be 2

Then continue looping because num2! = 4.

So we hit condition


If (num2 == 2)

{

@string = Encoding.UTF8.GetString(97085277-F30F-47FA-9C3D-82DA9E6730B4.<<EMPTY_NAME>>, index, count);

num2 = 3;

}

So it pushes big array and gets string (host) based on specific parameters.

<<EMPTY_NAME>>, index, count)

Index => 1888, count => 25.

 And save value in @string.

So value will be =>  mail.totallyanonymous.com.

 Same thing for credentials username will be at function Bw(), and password will be at function BX());



Bw()=> Username



 

If we apply the same technique we get the result honebots@totallyanonymous.com.

 

Same technique for password.

BX() => Password




Result => 572h094S.

Same technique for Mail address to.





Results => marhmelo@rape.lol.

 

So at this point I noticed that the class called 97085277-F30F-47FA-9C3D-82DA9E6730B4 includes all configurations so I decided to decrypt all big arrays.

So I write .net code as shown in figure to decrypt all content of the array.

I just got the length of the array which will be 9998.


 

My code

//Decryption AgentTesla configurations

// Author : Mahmoud ElMenshawy

using System;


using System.Text;

                                               

public class Program

{

            public static void Main()

            {

                        string @host;

                        string @to;

                        string @from;

                        string @password;

                        string @content;

                       

 

                        byte[] array = {153,158,154,153,215,214,213,212,143,238,237,140,194,195,132,237,242,129,213,212,132,204,207,196,203,202,201,238,251,250,235,209,238,212,192,193,209,226,225,210,241,240,188,227,244,185,184,237,232,165,215,251,244,250,255,233,222,246,254,246,226,255,215,253,139,130,134,128,128,136,161,130,134,134,167,162,171,166,145,145,146,175,153,158,178,154,146,154,134,155,179,153,151,158,154,156,164,172,133,166,170,170,135,168,187,135,161,181,167,133,168,170,184,154,157,138,147,182,191,175,189,160,191,183,162,247,132,167,67,70,65,93,71,89,73,13,114,81,79,87,79,67,65,87,121,116,118,119,123,124,104,116,125,125,123,116,115,103,25,116,70,66,94,76,94,93,67,85,91,46,65,84,82,79,65,75,78,82,91,88,74,90,76,79,93,75,73,60,87,66,64,93,37,57,33,51,47,59,37,34,44,55,37,53,52,38,45,41,63,41,44,43,63,49,47,59,55,33,93,52,56,52,59,49,3,5,15,28,30,8,30,12,6,6,101,50,50,38,54,49,47,43,62,54,50,59,57,47,119,15,117,56,56,36,50,58,198,207,205,219,139,243,137,196,204,208,206,192,203,194,129,138,230,158,209,215,205,217,211,209,214,214,194,148,234,228,219,211,254,252,233,251,235,211,193,228,225,241,239,242,233,225,240,217,205,242,246,253,241,232,239,193,209,230,226,227,243,249,224,195,143,153,155,128,129,129,176,191,151,141,197,136,136,148,150,128,157,149,153,148,155,218,175,178,180,167,167,176,164,178,168,184,163,168,186,166,189,160,170,185,158,148,169,175,162,168,179,182,134,152,173,171,172,186,178,169,132,182,162,162,191,184,186,137,111,83,88,69,65,93,73,95,126,112,84,64,84,83,81,85,123,75,72,75,81,73,89,89,110,97,69,95,98,69,65,80,98,127,124,121,125,53,35,34,99,115,105,47,111,119,109,99,99,53,119,107,121,88,89,73,95,124,106,120,122,123,117,58,95,69,88,73,70,56,5,3,6,12,23,18,70,41,48,69,75,75,86,73,69,95,43,20,28,69,68,74,86,15,66,65,113,107,58,63,116,119,124,99,114,106,96,6,35,36,47,42,117,105,104,104,110,111,109,109,99,115,22,56,36,50,50,58,210,132,144,153,128,159,227,230,202,215,212,209,156,136,139,253,224,226,200,236,233,145,223,210,223,239,253,208,219,228,241,249,207,200,220,169,164,175,202,223,205,206,160,214,239,233,183,183,197,203,234,246,253,250,239,238,253,225,222,240,251,242,180,216,168,190,134,130,128,128,155,131,161,172,163,174,185,202,187,203,128,146,136,217,135,134,133,132,223,190,189,220,146,147,212,157,162,230,165,164,227,188,191,142,173,172,171,168,163,166,180,181,182,178,187,184,170,182,179,179,253,169,185,161,133,148,135,150,117,5,66,89,75,72,127,78,80,70,69,79,85,79,75,81,83,86,89,94,91,16,86,77,87,84,31,93,89,80,26,65,103,123,67,69,69,67,83,35,106,119,109,109,58,111,112,104,118,37,36,54,118,107,113,113,44,95,127,118,98,114,108,97,69,3,28,4,2,52,49,57,11,14,5,91,70,42,41,74,30,31,87,0,7,6,5,93,58,59,74,28,27,77,7,6,31,56,45,59,110,1,45,32,39,121,96,2,41,42,52,48,46,62,42,121,16,62,49,56,104,115,31,2,16,34,56,57,228,202,197,204,148,143,239,253,247,153,128,243,231,234,158,133,243,235,152,248,218,219,206,216,193,192,138,145,248,210,195,149,170,217,237,234,225,249,233,255,231,231,161,212,245,226,246,165,212,250,245,252,164,191,211,206,212,230,252,253,216,246,249,240,159,133,129,135,157,155,141,129,142,176,143,135,146,144,133,151,159,167,181,144,157,141,147,142,157,149,132,173,161,158,154,145,165,188,187,233,128,155,144,142,183,177,178,164,168,179,146,160,168,168,177,182,176,131,139,180,188,183,191,166,165,155,187,180,78,14,78,93,94,71,67,94,86,6,15,4,64,83,84,80,73,94,74,28,27,89,72,77,66,82,67,66,65,88,70,81,47,88,92,70,92,67,105,99,101,119,104,86,116,110,112,96,89,119,119,106,123,88,121,105,80,106,100,116,101,88,100,112,24,10,72,43,28,0,27,30,7,17,47,17,3,21,5,69,41,20,30,13,9,30,14,24,46,60,0,20,4,22,84,38,62,42,42,37,43,22,45,35,38,38,56,97,4,53,43,50,41,62,42,0,63,49,56,56,42,15,9,48,56,51,49,45,232,217,199,222,221,202,222,241,247,208,197,211,134,227,197,209,219,242,202,208,218,214,201,208,146,241,194,222,193,196,209,199,195,249,225,237,231,250,225,209,215,240,229,243,166,195,229,241,251,216,240,235,241,242,245,232,255,208,248,227,249,250,253,224,135,183,189,154,139,157,204,169,131,151,129,214,181,147,133,151,205,168,140,152,140,163,203,174,134,146,130,173,163,132,145,135,234,143,169,189,175,155,163,191,161,171,224,131,180,168,179,182,191,169,140,182,172,188,180,129,135,160,181,163,246,147,181,161,75,104,71,70,66,15,98,66,84,76,109,64,86,75,65,118,78,78,92,80,81,99,127,85,64,92,93,84,102,91,65,70,86,94,123,108,124,47,72,108,118,98,75,110,107,98,112,100,81,116,117,124,106,126,64,72,97,118,98,49,82,118,96,116,43,6,1,14,1,46,1,4,5,12,60,52,21,2,22,69,62,26,12,24,60,13,29,11,23,49,2,16,0,18,39,26,44,63,63,40,60,42,16,15,48,34,54,36,107,5,54,42,45,40,61,43,2,10,47,56,32,115,20,48,34,54,23,48,196,223,234,219,193,216,223,200,208,224,197,207,210,229,214,202,205,200,221,203,226,234,207,216,192,147,244,208,194,214,247,221,239,239,231,253,205,231,233,233,237,247,220,212,245,226,246,165,222,250,236,248,209,237,254,244,230,230,253,222,228,245,253,225,159,134,180,188,157,138,158,205,166,130,148,128,181,151,145,145,148,146,147,170,142,138,136,147,155,152,172,162,134,130,128,155,163,160,148,156,189,170,190,237,134,162,180,160,133,168,169,170,190,180,248,157,172,190,187,178,188,144,191,188,185,179,187,137,110,89,73,78,65,65,112,120,81,70,82,1,98,70,80,68,108,82,78,88,82,91,85,107,91,69,81,93,82,94,104,96,121,110,122,41,74,110,120,108,65,106,116,115,111,104,71,100,110,122,116,112,112,126,91,111,125,102,96,77,85,126,96,103,3,4,52,60,29,10,30,77,38,2,20,0,85,81,84,69,56,9,23,14,13,26,14,78,68,67,51,25,4,24,25,16,22,8,32,59,33,34,41,17,23,48,37,51,102,3,37,49,59,14,42,56,48,42,31,50,40,30,53,53,63,54,8,0,216,202,198,245,251,220,201,223,130,231,193,213,199,235,205,192,216,218,215,153,252,205,211,202,193,214,194,221,223,210,214,212,229,215,221,250,235,253,172,201,227,247,225,196,234,226,233,224,244,239,235,185,220,237,243,234,225,246,226,212,250,242,249,240,132,159,155,201,172,157,131,154,145,134,146,189,179,148,129,151,218,191,153,141,159,186,140,148,145,211,160,131,159,129,149,150,179,142,184,160,173,239,156,191,171,181,161,162,191,231,134,183,181,172,171,188,172,131,137,174,183,161,240,149,183,163,181,150,69,72,75,70,77,108,67,78,97,76,67,125,100,85,75,82,73,94,74,101,107,76,89,79,18,119,81,69,87,100,88,80,99,123,102,96,124,47,58,75,103,109,114,104,116,39,77,107,121,71,75,117,123,118,108,115,123,97,37,77,101,114,96,97,3,5,15,53,3,0,8,24,14,6,19,61,37,15,22,10,23,18,13,20,40,22,25,10,23,1,33,56,38,87,39,0,56,45,25,0,30,111,31,56,48,37,28,20,53,34,54,101,30,58,44,56,29,48,51,42,61,61,19,62,57,32,59,59,246,232,199,198,217,192,194,241,247,208,197,211,134,227,197,209,219,151,154,236,236,243,134,232,193,214,194,223,215,218,209,143,218,234,251,250,249,224,254,233,184,194,240,241,234,238,231,228,238,242,247,247,164,207,203,205,197,204,144,249,249,249,241,247,133,159,155,169,154,128,152,140,142,143,153,128,136,136,138,156,151,148,141,138,208,156,147,144,199,196,194,153,198,206,192,166,167,170,161,165,224,187,163,185,163,175,172,184,167,169,171,171,163,182,183,172,173,241,191,178,191,190,177,163,190,186,177,185,69,107,90,72,94,74,2,65,77,79,73,76,71,64,65,10,80,75,95,3,100,80,82,88,28,122,84,84,88,67,93,83,99,110,122,85,122,98,124,74,44,119,109,113,35,114,118,105,113,126,97,60,51,121,60,65,86,114,100,112,74,67,123,103,54,31,7,27,28,12,28,80,71,51,15,18,18,50,54,41,95,74,74,78,80,79,82,77,92,66,32,62,37,35,95,80,120,9,41,57,62,35,37,46,35,55,41,46,40,104,60,104,45,44,47,116,56,48,46,48,127,38,34,61,51,57,55,58,206,206,204,143,136,206,193,221,153,159,134,205,210,156,154,131,221,207,131,159,207,202,211,201,137,240,223,193,223,210,208,149,222,238,240,253,180,175,176,235,237,237,244,161,229,232,232,234,232,166,186,186,174,175,254,172,240,242,178,175,170,245,170,206,202,215,199,139,208,207,208,143,220,190,220,206,132,217,196,217,156,148,150,141,222,156,147,145,157,129,205,211,213,199,196,197,250,251,248,235,240,231,229,241,237,165,175,175,178,249,248,234,188,180,182,173,224,153,189,177,161,182,236,183,185,185,160,245,73,68,68,70,92,18,14,14,18,19,66,64,16,17,6,27,65,121,121,122,117,66,0,18,84,92,94,69,8,11,27,83,101,101,124,55,50,105,99,99,118,35,99,110,106,104,118,56,56,56,40,41,124,126,42,43,48,45,107,80,90,67,63,65,43,41,21,85,65,9,3,3,22,93,92,7,9,9,16,69,25,20,20,22,12,66,94,94,66,67,18,16,64,65,86,75,49,10,4,29,101,9,120,48,126,108,38,46,40,51,122,121,60,52,54,45,126,60,51,49,61,33,109,115,117,103,100,55,203,157,158,139,144,212,248,236,224,222,156,142,192,200,202,209,132,135,222,214,208,203,156,222,221,223,223,195,139,149,151,133,186,233,233,191,184,173,178,246,199,208,195,252,186,168,226,234,244,239,166,165,248,240,242,233,178,240,255,253,249,229,169,183,201,219,216,139,143,217,218,207,220,152,183,136,136,154,216,202,156,148,150,141,192,195,154,146,156,135,208,146,153,155,155,135,247,233,235,249,254,173,173,251,244,225,254,186,133,134,148,150,150,148,155,146,163,227,243,187,189,189,164,239,234,177,187,187,94,11,75,70,66,64,94,16,0,0,16,17,68,70,18,19,24,5,30,76,95,77,78,6,14,28,86,94,88,67,10,9,108,100,102,125,46,108,99,97,109,113,61,35,37,55,52,103,123,45,46,59,32,57,120,124,96,97,43,45,57,113,123,123,30,85,84,15,1,1,24,77,1,12,12,14,20,90,70,70,74,75,26,24,72,73,94,67,84,31,17,3,4,76,72,90,44,36,38,61,112,115,42,34,44,55,96,34,41,43,43,55,103,121,123,105,110,61,61,107,100,113,110,119,36,54,38,39,145,151,135,207,193,193,216,147,158,197,207,207,210,135,199,202,214,212,202,132,156,156,140,141,208,210,134,135,148,137,207,241,207,199,245,181,161,233,227,227,246,189,188,231,233,233,240,165,249,244,244,246,236,162,190,190,162,163,242,240,160,161,182,171,145,174,166,173,147,211,195,139,141,141,148,223,218,129,139,139,142,219,155,150,146,144,142,192,208,208,192,193,148,150,194,195,232,245,179,129,129,130,137,176,254,236,166,174,168,179,250,249,188,180,182,173,254,188,179,177,189,161,237,243,245,231,228,183,75,29,30,11,16,84,101,67,81,70,82,85,91,27,11,67,85,85,76,7,2,89,83,83,70,19,83,94,90,88,70,8,40,40,56,57,108,110,58,59,32,61,123,79,115,106,72,106,121,112,101,37,49,121,115,115,102,45,44,119,121,121,96,53,9,4,4,6,28,82,78,78,82,83,2,0,80,81,70,91,1,43,25,30,27,59,19,10,28,14,76,94,16,24,26,1,116,119,46,38,32,59,108,46,45,47,47,51,123,101,103,117,106,57,57,111,104,125,98,38,2,50,55,52,3,39,41,105,133,205,199,199,218,145,144,203,205,205,212,129,197,200,200,202,200,134,154,154,142,143,222,220,132,133,146,143,205,242,250,225,207,217,245,181,161,233,227,227,246,189,188,231,233,233,240,165,249,244,244,246,236,162,190,190,162,163,242,240,160,161,182,171,145,173,217,148,210,192,138,130,140,151,222,221,128,136,138,145,218,152,151,149,145,141,193,223,209,195,192,147,151,193,194,215,244,176,142,251,179,243,227,171,173,173,180,255,250,161,171,171,174,251,187,182,178,176,174,224,240,240,224,225,180,182,226,227,8,21,83,111,29,82,16,2,68,76,78,85,24,27,66,74,84,79,24,90,81,83,83,79,15,17,19,1,6,85,85,3,60,41,54,114,72,59,113,49,45,101,111,111,114,57,56,99,117,117,108,57,125,112,112,114,96,46,50,50,38,39,118,116,92,93,74,87,21,41,89,16,94,76,6,14,8,19,90,89,28,20,22,13,94,28,19,17,29,1,77,83,85,71,68,23,43,125,126,107,112,52,10,123,63,127,111,39,41,41,48,123,102,61,55,55,42,127,63,50,62,60,34,108,116,116,100,101,200,202,158,159,140,145,215,235,149,222,156,142,192,200,202,209,132,135,222,214,208,203,156,222,221,223,223,195,139,149,151,133,186,233,233,191,184,173,178,246,196,187,253,189,169,225,235,235,238,165,164,255,241,241,232,189,241,252,252,254,228,170,182,182,218,219,138,136,216,217,206,211,153,165,217,156,218,200,130,138,148,143,198,197,152,144,146,137,210,144,159,157,153,133,201,215,233,251,248,171,175,249,250,239,252,184,134,240,246,186,248,234,188,180,182,173,224,227,186,178,188,167,240,178,185,187,187,167,23,9,11,25,30,77,77,27,20,1,30,90,96,22,21,88,6,20,94,86,80,75,2,1,84,92,94,69,22,84,91,89,101,121,53,43,45,63,60,111,99,53,54,35,56,124,66,52,40,102,36,54,120,112,114,105,44,112,127,127,98,101,123,121,86,13,7,7,26,79,15,2,14,12,18,92,68,68,84,85,24,26,78,79,92,65,7,62,38,33,60,12,74,88,18,26,36,63,118,30,39,33,40,34,53,48,96,19,2,23,39,55,63,63,61,55,42,54,61,49,34,60,60,56,53,46,54,57,197,201,218,205,201,204,196,223,205,206,197,218,221,220,148,216,199,198,251,214,206,198,232,210,241,220,221,193,195,195,209,253,235,248,224,250,230,238,185,188,176,192,239,241,255,212,253,246,238,254,245,221,236,246,234,248,206,196,195,242,228,254,228,225,196,184,128,140,130,131,190,136,133,177,133,128,130,128,208,213,203,246,242,244,244,202,204,207,210,254,250,252,252,194,196,197,234,138,172,173,173,167,173,185,157,170,164,228,165,175,165,177,179,191,253,186,191,175,168,180,189,189,184,165,162,167,167,239,5,4,73,89,71,1,88,72,78,70,71,83,71,74,10,74,72,92,23,91,81,75,25,73,87,95,85,86,68,86,89,84,122,98,45,38,125,106,98,105,70,108,99,116,107,98,106,113,126,116,123,108,115,122,114,105,63,62,61,60,59,58,57,56,71,70,69,68,67,66,65,64,79,78,77,76,75,74,73,72,87,86,85,1,115,117,81,80,127,121,29,4,26,3,29,5,43,57,60,102,40,32,62,32,111,39,33,53,39,124,100,39,53,46,54,61,63,45,37,96,17,60,62,37,51,57,32,120,238,194,219,217,193,220,197,217,203,204,206,155,134,193,203,215,215,150,220,216,202,222,135,157,220,210,221,212,139,149,207,133,247,169,133,131,131,133,247,188,255,192,239,239,242,226,234,241,183,223,241,234,238,240,239,244,230,250,255,255,172,183,242,250,152,134,197,141,143,155,141,214,194,141,129,140,131,218,198,158,202,134,218,194,222,153,149,145,151,157,145,156,147,202,214,142,251,182,234,196,196,140,163,163,182,166,174,181,235,147,189,181,191,225,248,162,236,162,209,215,223,217,253,252,219,221,151,186,69,64,65,76,93,96,92,72,80,66,99,73,84,72,73,64,102,124,87,86,89,83,89,97,113,91,66,94,91,82,104,96,121,110,122,41,74,110,120,108,94,48,54,49,69,111,118,106,119,126,68,90,118,109,115,112,119,79,69,98,115,101,52,81,11,31,9,48,15,1,8,8,26,48,50,54,7,21,1,69,51,9,23,23,60,13,29,11,23,83,50,3,25,0,7,16,56,23,1,59,39,43,37,56,47,31,21,50,35,53,100,1,59,47,57,26,49,48,48,19,61,37,63,20,38,62,55,117,250,217,193,223,207,204,213,141,224,209,207,214,213,194,214,230,213,216,251,214,221,238,237,157,240,193,223,198,197,210,198,225,239,229,235,236,224,251,208,220,211,193,242,238,241,244,225,247,198,206,235,252,236,191,216,252,230,242,197,210,182,213,230,250,157,152,141,155,187,172,174,159,141,148,147,132,148,187,145,166,149,129,181,156,154,150,157,158,157,156,155,152,147,132,218,134,187,167,161,189,171,137,165,191,167,165,175,185,135,151,148,129,155,143,153,133,147,176,166,180,190,191,177,141,144,190,166,176,76,68,80,117,103,76,73,110,67,87,124,108,73,93,77,73,86,90,100,80,93,90,95,92,70,111,96,80,90,82,121,90,101,101,84,68,97,96,98,110,106,106,108,101,38,87,118,106,126,110,123,109,119,112,114,110,78,67,113,125,115,55,89,122,5,5,52,58,11,14,33,2,12,8,5,24,58,42,11,31,19,23,20,24,34,44,25,28,63,28,30,26,19,14,40,51,38,36,43,34,18,9,32,34,33,40,28,3,52,40,51,54,63,41,4,18,115,18,57,49,55,60,62,13,29,122,25,48,198,206,199,199,242,255,195,222,214,193,207,217,250,247,203,214,206,217,215,193,226,235,212,200,220,215,213,195,212,222,198,209,214,223,224,252,224,235,233,255,224,234,242,229,218,206,231,224,222,233,249,254,241,241,192,222,253,254,255,245,249,203,221,246,143,175,154,136,137,128,130,177,181,130,148,132,148,161,139,157,166,172,153,141,155,141,154,146,138,175,178,157,151,148,159,189,171,188,163,149,128,138,152,138,131,151,133,225,146,162,167,173,180,180,180,182,185,182,185,174,142,145,188,176,181,188,156,180,93,64,116,106,87,77,73,95,100,76,88,125,30,87,65,70,66,72,76,76,90,86,83,78,110,112,73,83,83,69,82,90,114,87,88,104,122,103,49,37,89,66,45,123,54,42,61,89,53,71,54,69,51,66,55,52,98,97,127,119,127,123,113,102,68,2,6,0,50,43,9,11,3,22,12,21,58,55,22,10,28,18,20,28,17,13,21,26,27,29,47,4,4,27,1,6,47,57,38,40,35,42,19,59,35,47,53,36,54,38,55,54,45,52,42,61,1,41,61,49,39,54,38,96,102,33,101,100,246,231,199,202,207,195,140,254,214,194,212,196,132,194,202,198,200,194,200,205,219,219,227,214,215,202,146,139,148,159,154,159,181,162,170,213,202,234,234,236,247,239,244,221,202,232,227,236,244,187,220,248,234,254,192,209,253,244,249,255,182,211,245,225,139,183,175,134,129,136,128,136,190,160,136,147,137,138,129,185,175,136,157,139,222,187,157,137,147,175,156,158,145,158,154,134,135,170,162,166,188,130,165,163,173,177,242,135,247,134,242,240,234,239,245,233,232,235,237,240,230,231,147,151,251,239,150,151,31,6,27,31,31,29,104,21,20,22,102,19,99,18,115,76,84,95,87,78,77,31,111,88,81,70,66,84,22,121,91,65,111,56,75,74,74,58,56,52,59,46,56,54,71,63,41,49,88,42,40,52,95,45,45,40,63,37,32,41,46,47,44,81,46,88,42,92,91,56,5,3,6,12,23,18,70,48,1,7,90,43,25,10,13,8,19,15,22,83,51,3,19,19,17,27,62,34,41,37,127,122,120,8,112,112,4,113,107,4,114,113,110,118,108,28,104,25,113,101,17,22,102,124,99,103,98,108,152,156,154,239,151,150,149,235,245,202,206,197,201,208,215,133,249,201,221,221,219,209,200,212,211,223,144,225,223,212,223,208,248,171,216,251,225,251,233,238,246,236,242,181,196,193,176,198,174,175,170,180,167,221,164,220,191,167,161,208,166,186,214,166,210,219,197,173,170,219,173,218,210,215,164,165,164,213,220,178,159,153,216,186,140,154,152,152,156,135,153,144,154,132,195,194,136,136,253,241,252,141,225,139,242,130,246,236,242,130,245,240,247,239,157,225,238,242,234,236,229,224,230,147,224,145,231,151,24,18,127,64,64,75,67,90,81,3,99,83,67,67,65,75,78,82,89,85,77,122,10,4,118,4,8,2,14,26,13,4,72,62,37,61,72,76,53,32,58,58,68,52,43,53,55,53,94,47,92,45,93,92,46,95,81,68,121,127,114,120,99,102,74,47,7,4,15,6,2,77,33,6,18,21,15,1,13,6,27,15,29,89,61,13,25,25,23,29,4,24,23,27,71,48,122,14,123,124,12,10,97,124,0,116,119,108,114,116,1,114,119,25,96,110,109,114,29,24,22,106,96,96,20,97,102,98,159,233,255,192,192,203,195,218,209,131,228,206,203,198,205,203,154,235,217,202,205,200,211,207,214,147,243,195,211,211,209,219,254,226,233,229,189,204,180,181,180,197,198,178,171,181,178,179,163,182,172,216,223,173,177,220,170,213,210,188,165,209,162,162,223,210,169,222,217,218,216,213,181,138,142,133,137,144,151,197,191,131,140,156,144,155,153,153,210,176,130,148,146,146,154,129,163,170,164,249,254,255,252,253,242,243,240,236,246,247,244,245,247,235,232,233,238,242,236,237,226,227,253,225,230,231,228,229,26,27,24,25,30,31,28,126,65,75,69,76,71,110,64,85,104,94,75,86,75,77,95,88,119,95,85,92,83,89,64,69,67,111,109,103,122,102,120,116,71,111,101,108,99,105,112,117,74,122,123,114,127,120,121,78,123,119,96,80,99,99,124,112,4,31,1,10,15,27,3,31,39,15,5,12,3,9,16,44,63,84,61,29,25,26,40,4,2,22,38,16,26,2,17,41,9,36,37,36,33,33,108,11,43,47,37,50,26,6,52,53,54,62,4,24,46,47,48,56,114,18,32,33,58,62,55,52,222,194,199,199,142,252,217,221,210,204,210,213,250,215,200,208,206,210,212,151,219,199,217,225,243,195,192,221,211,151,247,218,231,251,253,253,235,253,208,221,240,230,230,228,244,226,234,230,255,232,196,242,251,230,255,245,243,250,254,191,230,251,253,230,158,193,164,134,137,134,130,205,166,130,148,128,140,136,145,151,148,154,148,142,145,136,163,145,157,148,153,159,133,171,185,156,169,185,167,186,161,169,184,145,135,167,167,164,154,146,183,160,168,251,156,184,170,190,153,185,181,182,240,146,190,165,187,184,67,94,69,117,99,70,79,95,77,80,79,71,82,123,103,87,95,95,93,87,74,86,93,81,65,111,108,124,95,84,70,90,121,100,110,125,82,95,126,98,118,102,99,117,90,64,113,108,126,86,121,106,106,122,110,86,119,106,76,85,115,113,117,96,6,31,52,44,0,12,30,20,18,23,5,5,53,19,11,23,27,28,29,37,59,17,31,15,11,3,4,20,18,36,0,26,56,42,47,44,43,33,56,63,43,38,51,34,39,51,33,34,53,41,33,9,63,44,47,42,61,33,52,34,34,37,103,38,222,217,154,203,194,192,206,157,242,204,208,241,199,212,215,210,213,201,220,234,211,203,204,237,211,192,195,198,217,197,208,230,229,237,252,254,239,253,233,209,203,237,227,243,227,227,237,200,251,242,244,197,215,251,249,243,230,250,228,248,243,228,200,201,171,136,139,134,155,129,152,158,189,173,133,150,163,138,133,140,150,186,156,157,140,154,143,142,161,158,132,129,165,146,134,131,175,185,161,167,173,189,169,169,171,174,161,168,170,143,143,128,131,132,155,140,140,141,153,147,134,140,133,130,147,133,136,134,69,77,92,94,79,93,73,113,115,86,65,77,69,72,73,72,102,126,77,93,81,77,93,97,113,92,93,92,87,89,80,121,99,101,109,106,123,125,126,104,108,119,83,100,114,115,109,107,125,104,75,120,104,122,76,124,97,96,103,126,100,115,64,112,18,31,58,12,26,26,30,3,35,7,4,19,3,20,23,32,15,31,23,11,31,35,26,28,30,24,31,31,42,7,6,26,44,34,36,44,61,19,63,57,35,49,52,17,52,40,34,44,54,62,101,123,118,4,29,112,40,99,125,104,10,120,8,123,247,128,129,139,242,205,222,194,213,208,197,197,199,211,197,139,222,217,217,204,202,208,218,212,222,223,246,208,218,220,219,219,170,201,250,230,249,252,233,255,241,247,225,243,242,215,246,234,252,242,244,252,163,183,199,220,191,233,160,188,175,203,187,201,196,182,195,192,172,142,143,134,135,141,132,220,206,188,165,200,128,203,213,192,162,208,160,211,223,174,219,216,170,132,145,129,190,162,166,174,189,225,165,163,171,159,131,173,167,176,183,232,183,186,177,181,130,188,176,188,165,160,162,178,166,182,167,166,65,78,81,25,67,78,95,89,71,81,127,81,71,84,87,85,82,73,89,74,91,96,79,92,94,71,13,25,24,28,29,88,107,120,124,108,124,80,124,108,113,112,112,105,116,102,119,96,69,107,122,114,122,121,46,66,96,124,101,127,114,100,41,61,68,64,65,28,29,10,51,0,3,16,20,4,20,56,20,4,9,8,8,17,12,30,15,24,79,91,94,90,95,43,21,22,41,36,61,39,58,61,47,62,47,55,48,30,53,34,54,51,63,41,57,61,58,45,57,46,33,50,51,50,57,34,58,33,246,219,201,218,221,216,195,223,198,208,212,206,212,194,214,198,193,147,150,147,151,147,148,147,152,154,205,153,152,157,157,246,230,234,255,250,195,238,229,225,214,241,225,239,245,225,235,247,247,221,241,247,255,243,222,241,253,240,251,194,227,245,231,225,152,130,134,142,167,155,137,159,131,151,137,142,136,164,139,144,148,143,139,144,153,145,147,147,129,192,222,133,142,131,217,216,231,198,194,231,195,197,163,175,168,166,163,181,181,131,165,177,187,159,189,186,172,166,172,169,134,161,185,161,186,178,144,176,89,109,68,70,77,68,12,111,80,76,87,82,67,85,101,105,118,110,107,124,108,108,108,111,125,117,121,125,115,107,104,113,115,101,76,71,93,83,89,125,102,98,116,100,116,91,103,106,116,125,113,126,48,123,101,115,118,125,99,100,101,114,102,123,11,6,13,84,83,31,13,30,17,20,15,19,2,90,66,45,14,77,51,3,38,23,63,21,26,7,4,1,76,88,91,49,51,37,12,39,61,97,47,34,47,7,57,47,2,9,23,25,10,40,49,5,46,45,51,59,59,63,53,34,10,7,39,60,129,247,216,219,193,201,197,193,199,208,252,192,197,196,203,208,212,207,203,151,198,210,208,211,211,222,213,219,223,211,196,212,249,248,255,230,252,235,220,254,235,172,208,242,239,172,215,234,252,239,239,248,236,250,192,210,226,246,254,199,198,217,185,210,191,162,180,138,129,129,138,132,133,144,179,142,128,147,147,132,136,158,164,182,142,154,146,171,162,189,221,182,163,190,168,150,165,165,174,160,169,188,144,184,177,166,178,175,167,170,161,164,175,175,176,244,186,190,168,188,183,189,164,163,185,167,173,154,90,78,70,9,120,127,98,120,113,102,114,113,116,104,98,108,118,126,100,118,78,90,82,107,98,125,108,82,89,89,82,92,109,87,122,108,99,96,120,104,34,95,70,104,106,98,94,108,118,119,121,69,108,122,127,120,124,103,99,116,100,97,113,103,25,69,16,4,2,83,63,8,16,21,5,19,88,91,44,10,9,15,70,69,81,55,19,14,6,77,74,77,38,24,6,1,116,119,103,25,33,61,56,115,126,22,51,36,52,121,120,106,15,40,61,43,96,99,12,60,33,32,112,52,56,52,59,49,195,197,207,148,140,205,205,222,199,149,148,131,152,155,139,245,219,200,203,135,130,239,221,206,193,141,246,216,218,210,238,220,230,231,233,218,193,201,216,218,195,209,197,221,218,202,229,247,238,242,246,185,206,237,245,246,224,234,252,205,202,192,253,251,185,168,184,201,220,179,176,190,135,144,147,136,137,137,151,173,149,136,140,183,159,146,153,168,129,150,130,191,151,154,145,165,191,169,164,160,173,132,169,180,132,170,172,164,150,168,182,177,148,174,181,187,187,173,238,239,137,131,130,152,128,150,128,144,10,96,109,112,14,99,99,110,99,119,105,110,104,29,4,7,65,11,69,27,99,104,85,83,97,112,96,100,69,82,70,91,107,102,109,72,98,99,44,88,113,102,114,114,90,65,104,100,105,115,94,65,78,67,47,108,103,122,115,122,56,115,117,97,35,59,85,25,1,29,24,80,23,16,5,19,91,23,5,22,9,70,27,11,27,30,8,24,22,78,54,29,23,4,28,51,18,27,20,15,26,31,108,3,35,53,41,38,39,51,43,55,6,29,44,41,50,54,47,41,124,39,40,37,5,50,38,35,207,217,230,198,142,255,205,222,209,212,207,211,194,242,215,192,200,253,236,233,158,241,221,203,219,212,209,197,217,197,228,199,229,236,250,232,227,233,229,225,231,240,168,249,190,177,173,245,232,244,255,235,255,242,250,244,254,246,227,205,252,211,251,226,132,135,135,136,138,138,158,177,129,140,142,135,143,128,184,129,155,143,153,155,159,140,153,211,129,144,130,152,134,131,132,135,165,172,186,168,163,169,165,161,167,176,232,185,254,241,237,140,148,136,157,139,138,255,149,147,134,156,240,146,153,153,146,156,109,11,126,104,98,122,105,126,10,4,97,66,69,72,81,75,78,120,87,87,74,77,83,81,94,86,66,22,26,16,71,68,36,127,112,125,68,75,99,122,108,111,111,96,98,98,118,86,117,125,108,110,127,109,121,65,66,114,124,101,119,123,127,93,33,46,49,54,45,58,62,63,39,45,52,62,51,52,33,55,38,40,23,31,10,8,29,15,23,47,32,16,26,3,21,25,33,23,56,62,42,31,45,33,54,34,44,42,26,105,52,48,40,43,52,60,2,62,63,62,61,38,62,37,37,121,44,56,198,151,201,202,205,192,217,195,214,157,156,209,212,200,208,202,217,212,212,135,130,144,204,207,221,199,223,210,217,219,138,137,228,234,229,236,176,179,163,227,227,238,229,191,186,247,229,246,233,236,247,235,250,161,160,178,226,242,227,226,225,248,230,241,212,187,129,141,137,134,130,177,177,142,129,147,146,161,176,181,166,184,148,144,155,145,136,221,192,221,192,173,176,150,130,154,184,162,188,172,189,147,157,184,171,160,171,225,133,168,170,171,191,184,172,133,130,140,177,188,160,167,150,133,134,139,151,185,67,78,70,93,14,29,2,29,126,101,65,87,73,85,77,81,95,72,100,104,75,86,95,86,18,112,95,95,88,82,87,65,86,33,38,113,99,99,48,93,99,112,115,118,105,117,96,59,38,52,72,120,109,108,107,114,96,119,46,45,88,118,121,112,84,87,71,39,15,2,9,83,49,14,1,19,18,33,48,53,27,11,8,29,31,11,29,33,59,3,3,6,31,3,23,29,22,28,27,22,8,27,28,17,17,42,52,36,53,27,51,54,5,61,44,41,112,54,50,52,26,28,3,5,3,30,16,5,253,239,255,250,241,233,248,253,242,244,228,156,237,194,221,232,213,223,221,240,232,239,221,217,214,218,222,214,245,197,209,212,254,238,204,236,237,253,245,253,246,236,242,221,229,225,240,245,198,221,236,233,242,246,239,233,188,231,232,229,173,196,241,231,156,142,154,212,213,191,131,159,150,222,219,177,135,148,151,146,149,137,156,196,197,170,143,152,128,206,203,176,152,152,154,140,167,164,189,186,243,129,173,160,167,254,134,149,150,132,171,168,183,186,182,189,187,173,128,155,134,131,151,180,162,163,177,167,118,88,77,91,88,74,94,94,12,91,77,77,26,84,65,87,76,94,74,7,2,76,89,79,68,86,66,110,95,71,10,9,37,120,109,123,120,106,126,82,107,115,62,61,117,98,118,115,127,105,71,105,113,109,104,35,46,60,99,116,100,97,113,103,53,27,7,27,26,81,80,30,7,17,22,4,20,56,17,22,31,9,39,23,31,18,25,67,78,92,3,20,4,1,17,7,21,62,59,44,60,16,34,44,47,38,126,125,53,34,54,51,63,41,7,44,45,58,46,2,34,50,35,34,33,56,38,49,148,151,135,218,203,221,218,200,208,252,213,210,195,213,251,213,219,200,203,206,209,205,216,131,244,231,224,246,211,195,192,208,248,195,195,204,215,208,192,194,193,194,204,222,203,198,199,205,211,213,221,197,205,208,218,201,197,210,194,212,202,193,253,225,139,135,159,140,156,132,159,177,166,182,163,169,173,162,189,186,185,174,170,171,187,177,168,162,167,160,181,163,170,164,187,179,158,156,137,155,139,147,154,164,182,162,172,182,163,181,175,182,134,159,141,154,139,140,153,143,188,178,189,180,152,152,249,156,122,0,5,25,31,29,31,25,23,21,23,25,31,102,102,102,126,126,126,126,118,118,118,118,126,126,126,126,102,102,102,102,94,94,94,94,86,86,86,108,96,96,100,100,96,96,108,108,112,112,116,116,112,112,108,108,96,96,100,100,96,96,108,108,16,55,60,1,11,79,46,12,22,66,60,32,5,4,11,16,20,15,86,58,56,49,6,7,8,115,112,113,34,31,17,55,43,63,0,2,11,22,19,14,23,17,18,4,8,19,27,16,9,30,10,5,13,48,58,41,37,50,34,52,10,5,61,56,235,217,220,218,242,237,158,241,241,198,212,213,207,201,195,214,254,218,204,216,250,214,206,251,221,223,212,212,196,153,216,198,254,215,197,232,231,227,238,226,250,173,233,239,239,198,231,230,245,238,246,237,205,210,200,205,193,246,226,231,243,229,217,244,131,135,169,141,138,157,137,158,145,179,129,146,149,176,128,167,159,152,147,128,223,163,168,143,155,159,156,152,151,153,168,128,185,174,186,186,146,168,160,162,160,162,172,157,167,164,167,170,175,181,172,170,240,187,189,169,147,176,179,190,163,185,160,166,126,89,65,69,66,70,77,67,113,76,70,85,81,70,86,64,102,118,81,90,76,80,79,82,84,71,108,126,80,81,93,86,111,87,57,60,32,63,80,66,119,119,108,110,105,108,88,85,104,116,126,112,114,122,111,65,93,102,100,125,121,120,127,73,83,88,95,92,45,41,42,93,86,82,83,80,87,86,0,86,56,67,64,56,78,79,77,77,70,49,66,48,64,65,67,67,25,36,46,61,57,46,62,40,30,14,41,34,52,40,55,42,60,47,4,14,55,49,56,50,37,32,112,31,2,11,23,32,216,217,205,199,218,249,201,223,209,202,207,207,250,240,205,203,222,212,207,202,158,242,217,206,193,210,215,216,216,208,148,230,255,233,251,240,253,251,233,224,222,211,242,238,224,238,232,224,233,199,215,236,234,243,243,242,249,207,169,162,161,162,215,211,172,219,220,216,221,222,221,220,134,208,162,217,222,166,212,213,203,203,204,187,204,190,202,203,197,197,163,158,144,131,131,148,184,174,148,132,167,172,190,162,177,172,166,181,154,144,173,171,190,180,175,170,254,146,185,174,161,178,183,184,184,176,244,134,95,73,91,80,93,91,73,64,126,115,82,78,64,78,72,64,73,103,1,10,9,10,127,123,116,3,4,0,5,6,5,4,110,56,74,49,54,78,60,61,51,51,52,67,52,70,50,51,45,45,75,118,120,107,107,124,96,118,76,92,127,116,102,122,25,4,14,29,50,32,10,11,11,0,5,61,87,81,74,85,38,52,13,13,18,16,19,22,46,35,2,30,16,30,24,16,57,23,7,60,58,35,35,34,41,31,121,114,113,114,7,3,28,107,108,104,109,110,109,108,54,96,18,105,110,22,100,101,155,155,156,235,156,238,154,155,149,149,229,204,199,206,200,236,247,250,232,153,238,222,207,206,197,220,194,213,230,248,228,134,170,219,233,250,253,248,227,255,230,203,212,213,214,167,212,228,233,232,239,246,236,251,207,208,198,195,176,193,247,228,231,226,133,153,140,186,163,187,188,205,177,134,146,151,131,149,171,144,142,151,151,150,149,183,183,184,171,172,179,164,164,165,177,187,158,148,157,154,139,157,144,158,173,165,180,182,167,181,161,153,155,190,170,182,184,176,164,129,148,188,168,188,183,190,184,133,88,78,94,64,75,88,105,85,71,64,85,85,71,69,72,64,114,112,125,96,97,124,105,111,96,118,126,101,105,98,103,112,88,87,91,102,104,123,123,108,112,102,92,64,99,117,107,99,117,99,68,95,113,103,113,124,123,127,76,71,37,57,37,83,5,19,5,8,7,3,60,12,22,11,60,50,18,8,22,4,29,30,36,37,19,30,21,17,46,47,38,24,4,3,1,20,38,24,60,38,60,42,16,29,48,44,39,51,39,42,100,3,51,55,61,42,2,25,51,37,63,50,57,61,10,58,53,60,198,247,244,255,199,221,216,216,195,207,243,213,201,213,193,249,234,201,215,222,204,222,209,157,244,218,220,212,197,151,156,205,178,189,161,213,200,224,244,224,227,234,236,221,235,230,237,233,198,199,217,250,253,240,233,243,230,224,204,208,245,244,251,224,132,159,198,155,139,140,220,177,163,128,131,142,147,137,144,203,137,143,159,171,155,158,152,185,155,128,128,158,133,146,164,186,154,248,128,166,189,187,159,128,150,147,136,174,181,179,141,171,185,180,181,176,176,184,143,184,160,165,181,163,134,152,132,230,122,74,91,90,89,64,94,73,100,76,88,76,71,78,72,16,123,12,9,101,113,79,89,79,83,19,125,80,95,91,104,122,122,110,122,104,46,66,109,100,110,95,119,96,104,99,42,97,123,111,119,105,123,109,125,39,93,99,117,99,119,55,89,116,3,7,9,11,13,172,203,9,7,5,7,165,249,15,160,212,19,17,19,21,19,17,19,190,196,3,1,3,5,178,235,1,63,136,244,63,57,55,53,55,115,113,115,117,115,113,115,125,99,107,7,116,112,33,125,29,113,119,117,15,112,125,124,124,241,208,245,212,242,211,139,150,152,143,156,159,137,152,143,152,183,177,152,229,238,208,223,210,223,210,217,221,234,214,215,214,229,254,230,253,253,161,229,227,235,211,207,209,214,230,247,246,201,214,204,201,206,254,239,238,193,222,196,193,198,248,247,250,167,138,129,133,188,138,141,129,180,173,163,193,210,201,156,182,181,189,172,174,191,173,185,161,165,156,135,199,194,196,198,187,165,175,173,149,156,170,173,161,148,141,131,157,145,174,170,147,148,152,236,139,187,190,176,139,156,144,240,226,248,175,135,154,108,127,127,104,124,106,112,127,71,66,76,119,104,100,120,83,84,88,75,92,76,73,89,79,97,124,118,101,97,118,102,112,86,89,109,104,98,89,66,78,94,84,105,111,80,73,71,49,73,116,126,109,105,126,110,120,78,92,66,93,74,64,125,123,60,37,43,90,58,6,11,5,22,53,46,34,53,8,2,17,13,26,10,28,34,43,21,26,26,7,38,63,53,43,39,16,56,61,45,59,30,46,63,62,53,44,50,37,16,46,33,50,21,53,52,32,10,54,59,53,38,5,30,18,118,20,59,59,222,217,199,197,254,206,223,222,213,204,210,197,229,200,202,209,200,212,212,233,223,204,207,202,221,193,212,229,223,208,209,199,220,197,203,218,225,233,248,250,227,241,229,221,210,238,227,224,232,205,214,218,194,204,249,239,228,246,226,197,228,254,249,192,134,159,154,136,184,161,175,189,144,140,135,147,135,138,162,140,150,158,139,209,134,199,202,212,174,134,134,159,149,215,150,131,168,170,148,156,162,187,190,172,148,141,131,157,179,171,176,183,187,173,182,186,240,182,178,180,162,178,163,162,161,179,164,180,89,88,95,77,28,127,94,66,69,81,65,76,96,78,72,64,73,103,109,85,74,77,93,107,124,112,108,68,90,67,70,84,124,101,107,39,103,97,101,0,8,95,101,76,38,68,104,108,127,117,108,55,122,115,112,120,95,51,83,125,127,114,122,97,54,10,11,10,1,26,2,25,17,77,4,0,18,2,41,69,57,23,17,28,16,11,61,30,17,28,5,31,2,52,27,27,44,34,47,60,60,46,56,36,45,45,119,115,127,119,113,6,110,108,117,31,106,25,24,112,102,16,22,102,123,22,96,109,147,134,156,236,150,158,158,156,227,146,149,148,228,227,204,202,201,207,215,143,134,143,138,139,134,129,219,211,251,128,215,128,214,198,233,224,226,237,229,255,230,223,211,245,233,245,225,217,201,239,247,235,251,177,248,255,193,246,226,231,243,229,203,221,133,152,156,172,128,140,158,148,146,151,133,133,182,134,151,150,141,148,138,157,179,158,149,145,144,154,130,149,165,146,154,145,175,185,129,173,171,161,184,164,182,170,165,178,136,168,182,161,140,139,150,151,177,173,184,139,130,157,240,181,191,165,177,182,94,68,90,80,14,65,67,89,2,69,79,84,72,67,5,107,85,73,92,111,78,81,18,88,74,86,26,68,69,82,70,27,105,100,102,111,103,104,95,104,110,102,99,117,85,110,106,98,118,126,86,118,122,122,51,50,97,118,100,101,127,121,115,78,42,5,9,4,11,82,75,56,17,6,18,15,7,10,1,66,39,84,14,24,18,10,25,52,28,29,21,3,34,18,12,1,101,100,59,44,58,59,37,35,37,24,0,47,39,42,33,120,125,11,57,42,45,40,51,47,54,116,13,126,32,54,56,32,207,247,229,208,253,254,224,241,245,204,210,202,196,194,202,198,210,231,207,214,204,212,222,216,220,208,216,238,195,196,209,199,213,239,233,253,239,161,232,236,246,129,131,204,255,212,213,201,186,204,247,235,245,253,249,243,241,251,181,193,228,248,243,231,139,134,191,223,218,220,222,200,178,145,137,151,135,147,129,197,179,149,140,156,140,145,153,137,210,178,147,146,147,132,135,169,174,170,188,168,146,159,190,164,180,162,180,164,230,142,170,177,191,169,182,188,170,255,157,190,177,182,163,162,138,179,181,161,75,119,73,74,77,64,89,67,86,13,74,82,73,73,10,15,24,78,75,92,76,81,93,80,87,17,10,19,30,25,30,10,35,41,38,35,44,127,109,126,113,116,111,115,98,37,62,39,50,53,50,38,55,61,76,111,123,101,113,101,115,55,93,123,30,14,26,7,11,27,76,44,1,0,5,18,21,91,5,23,8,26,1,71,66,27,21,30,6,77,76,2,2,5,29,27,45,117,116,102,61,59,62,36,44,36,126,125,34,38,48,36,100,103,119,61,63,43,61,99,1,50,54,48,36,62,116,23,216,196,223,218,203,221,140,128,193,204,206,215,195,213,208,133,194,214,212,136,158,146,207,157,159,220,144,147,234,209,221,205,239,239,215,226,235,246,239,229,227,234,238,175,254,234,232,167,186,218,169,169,220,174,173,222,163,161,212,160,165,210,165,161,172,218,221,168,172,172,168,168,164,203,165,143,130,148,179,140,142,147,209,176,144,155,153,133,189,149,165,191,191,166,161,176,190,170,170,165,171,156,163,171,182,180,161,179,163,155,128,170,173,181,180,182,191,187,145,188,188,178,183,180,164,139,132,180,89,88,95,70,92,75,95,113,103,77,67,113,71,84,87,82,85,73,92,112,80,75,89,79,92,86,68,17,114,88,67,91,102,100,105,109,46,66,109,99,99,100,101,115,125,55,121,109,110,111,104,35,49,48,45,47,37,61,32,63,38,57,37,47,34,63,60,57,65,94,66,92,66,43,15,18,18,9,5,8,31,43,23,11,10,77,76,77,82,48,31,31,24,18,23,1,35,36,38,105,43,60,56,44,32,47,41,50,46,34,32,72,80,11,42,54,38,38,113,28,53,54,62,37,108,119,28,1,197,248,157,209,163,165,161,167,225,204,206,207,195,196,208};

for(int i = 0; i < array.Length; i++)

                                    array[i] = (byte)((int)array[i] ^ i ^ 170);

                                   

                        @host = Encoding.UTF8.GetString(array,1888,25);

                        @to = Encoding.UTF8.GetString(array,1913,17);

                        @from = Encoding.UTF8.GetString(array,1851,29);

                        @password = Encoding.UTF8.GetString(array,1880,8);

                        @content = Encoding.UTF8.GetString(array,1,9998);

                        Console.Write("Host name: ");

                        Console.WriteLine(@host);

                        Console.Write("To: ");

                        Console.WriteLine(@to);

                        Console.Write("From: ");

                        Console.WriteLine(@from);

                        Console.Write("Password: ");

                        Console.WriteLine(@password);

                        Console.WriteLine("");

                        Console.WriteLine("Content of array: ");

                        Console.WriteLine(@content);

                                   

            }

}

Result of code

Host name: mail.totallyanonymous.com

To: marhmelo@rape.lol

From: honebots@totallyanonymous.com

Password: 572h094S

Content of array:

520yyyy-MM-dd HH:mm:ssyyyy_MM_dd_HH_mm_ss<br><hr>ObjectLengthChainingModeGCMAuthTagLengthChainingModeKeyDataBlobAESMicrosoft Primitive ProviderCONNECTIONKEEP-ALIVEPROXY-AUTHENTICATEPROXY-AUTHORIZATIONTETRAILERTRANSFER-ENCODINGUPGRADE%startupfolder%\%insfolder%\%insname%/\%insfolder%\Software\Microsoft\Windows\CurrentVersion\Run%insregname%SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\RunTruehttps://api.ipify.orgGETMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0OKhttp://XZYpUW.com\MamSELECT * FROM Win32_ProcessorName MBUnknownCOCO_-_.zip yyyy-MM-dd hh-mm-ssCookieapplication/zipSCSC_.jpegScreenshotimage/jpeg/log.tmpKLKL_.html<html></html>Logtext/html[]Time: MM/dd/yyyy HH:mm:ssUser Name: Computer Name: OSFullName: CPU: RAM: IP Address: New  Recovered!User Name: OSFullNameuninstallSoftware\Microsoft\Windows NT\CurrentVersion\WindowsLoad%ftphost%/%ftpuser%%ftppassword%STORLengthWriteCloseGetBytesOpera BrowserOpera Software\Opera StableYandex BrowserYandex\YandexBrowser\User DataIridium BrowserIridium\User DataChromiumChromium\User Data7Star7Star\7Star\User DataTorch BrowserTorch\User DataCool NovoMapleStudio\ChromePlus\User DataKometaKometa\User DataAmigoAmigo\User DataBraveBraveSoftware\Brave-Browser\User DataCentBrowserCentBrowser\User DataChedotChedot\User DataOrbitumOrbitum\User DataSputnikSputnik\Sputnik\User DataComodo DragonComodo\Dragon\User DataVivaldiVivaldi\User DataCitrioCatalinaGroup\Citrio\User Data360 Browser360Chrome\Chrome\User DataUranuCozMedia\Uran\User DataLiebao Browserliebao\User DataElements BrowserElements Browser\User DataEpic PrivacyEpic Privacy Browser\User DataCoccocCocCoc\Browser\User DataSleipnir 6Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewerQIP SurfQIP Surf\User DataCoowonCoowon\Coowon\User Data,"URL:Username:Password:Application:PWPW_honebots@totallyanonymous.com572h094Smail.totallyanonymous.commarhmelo@rape.lolimage/jpg:Zone.Identifier\tmpG.tmp%urlkey%-f \Data\Tor\torrcp=%PostURL%127.0.0.1POST+%2Bapplication/x-www-form-urlencoded&&amp;<&lt;>&gt;&quot;Copied Text: <font color="#00b1ba"><b>[ </b> <b>]</b> <font color="#000000">()</font></font>False<font color="#00ba66">{BACK}</font></font><font color="#00ba66">{ALT+TAB}</font><font color="#00ba66">{ALT+F4}</font><font color="#00ba66">{TAB}</font><font color="#00ba66">{ESC}</font><font color="#00ba66">{Win}</font><font color="#00ba66">{CAPSLOCK}</font><font color="#00ba66">&uarr;</font><font color="#00ba66">&darr;</font><font color="#00ba66">&larr;</font><font color="#00ba66">&rarr;</font><font color="#00ba66">{DEL}</font><font color="#00ba66">{END}</font><font color="#00ba66">{HOME}</font><font color="#00ba66">{Insert}</font><font color="#00ba66">{NumLock}</font><font color="#00ba66">{PageDown}</font><font color="#00ba66">{PageUp}</font><font color="#00ba66">{ENTER}</font><font color="#00ba66">{F1}</font><font color="#00ba66">{F2}</font><font color="#00ba66">{F3}</font><font color="#00ba66">{F4}</font><font color="#00ba66">{F5}</font><font color="#00ba66">{F6}</font><font color="#00ba66">{F7}</font><font color="#00ba66">{F8}</font><font color="#00ba66">{F9}</font><font color="#00ba66">{F10}</font><font color="#00ba66">{F11}</font><font color="#00ba66">{F12}</font>control<font color="#00ba66">{CTRL}</font>Windows RDPcredentialpolicyblobrdgchrome{{{0}}}CopyToComputeHashsha512CopySystemDrive\WScript.ShellRegReadg401

 

502

 

500 Addchat_id%chatid%captionhttps://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x

--

multipart/form-data; boundary=Content-Disposition: form-data; name="{0}"

 

{1}Content-Disposition: form-data; name="{0}"; filename="{1}"

Content-Type: {2}

 

--

CookiesOperaChrome\Google\Chrome\User Data\360Chrome\Chrome\User DataYandexSRWare IronBrave Browser\Iridium\User DataCoolNovoEpic Privacy BrowserCocCocQQ BrowserTencent\QQBrowser\User DataUC BrowserUCBrowser\uCozMediacookies.sqliteFirefoxAPPDATA\Mozilla\Firefox\IceCat\Mozilla\icecat\PaleMoon\Moonchild Productions\Pale Moon\SeaMonkey\Mozilla\SeaMonkey\Flock\Flock\Browser\K-Meleon\K-Meleon\Postbox\Postbox\Thunderbird\Thunderbird\IceDragon\Comodo\IceDragon\WaterFox\Waterfox\BlackHawk\NETGATE Technologies\BlackHawk\CyberFox\8pecxstudios\Cyberfox\Path=([A-z0-9\/\.\-]+)profiles.ini\Default\Profileorigin_urlusername_valuepassword_valuev10v11\Local State"encrypted_key":"(.*?)"\Default\Login Data\Login Data\Google\Chrome\User Data\loginsMajorMinor2F1A6504-0641-44CF-8BB5-3612D865F2E5Windows Secure Note3CCD5499-87A8-4B10-A215-608888DD3B55Windows Web Password Credential154E23D0-C644-4E6F-8CE6-5069272F999FWindows Credential Picker Protector4BF4C442-9B8A-41A0-B380-DD4A704DDB28Web Credentials77BC582B-F0A6-4E15-4E80-61736B6F3B29Windows CredentialsE69D7838-91B5-4FC9-89D5-230D4D4CC2BCWindows Domain Certificate Credential3E0E35BE-1B77-43E7-B873-AED901B6275BWindows Domain Password Credential3C886FF3-2669-4AA2-A8FB-3F6759A77548Windows Extended Credential00000000-0000-0000-0000-000000000000SchemaIdpResourceElementpIdentityElementpPackageSidpAuthenticatorElementIE/EdgeTypeValue\Common Files\Apple\Apple Application Support\plutil.exe\Apple Computer\Preferences\keychain.plist*Login Datajournalwow_logins\Microsoft\Edge\User DataEdge Chromium\Microsoft\Credentials\\Microsoft\Protect\GuidMasterKey\Default\EncryptedStorage\EncryptedStorageentriescategoryPasswordstr3str2blob0PopPasswordSmtpPasswordSoftware\IncrediMail\Identities\\Accounts_NewEmailAddressSmtpServerincredimailHKEY_CURRENT_USER\Software\Qualcomm\Eudora\CommandLinecurrentSettingsSavePasswordTextReturnAddressEudora\falkon\profiles\startProfile="([A-z0-9\/\.]+)"\browsedata.dbautofillFalkon BrowserstartProfile=([A-z0-9\/\.]+)Backend=([A-z0-9\/\.-]+)\settings.ini\Claws-mail\clawsrcpasskey0master_passphrase_salt=(.+)master_passphrase_pbkdf2_rounds=(.+)use_master_passphrase=(.+)\accountrcsmtp_serveraddressaccount\passwordstorerc{(.*),(.*)}(.*)ClawsMailTransformFinalBlockSubstringIterationCountsignons3.txt---

.

objectsDataDecryptTripleDesFlock BrowserALLUSERSPROFILE\\DynDNS\Updater\config.dyndnsusername==password=&Ht6KzXhChhttp://DynDns.comDynDNS\Psi\profiles\Psi+\profiles\accounts.xmlnamejidpasswordPsi/Psi+Software\OpenVPN-GUI\configsSoftware\OpenVPN-GUI\configs\usernameauth-dataentropyOpen VPNUSERPROFILE\OpenVPN\config\remote \FileZilla\recentservers.xml<Server><Host></Host>:<Port></Port><User></User><Pass encoding="base64"></Pass><Pass>FileZillaSOFTWARE\\Martin Prikryl\\WinSCP 2\\SessionsHostNameUserNamePublicKeyFilePortNumber22[PRIVATE KEY LOCATION: "{0}"]WinSCPUsernameAll Users\FlashFXP\3quick.datIP=port=user=pass=created=FlashFXP\FTP Navigator\Ftplist.txtServerNo PasswordUserFTP NavigatorProgramfiles(x86)programfiles\jDownloader\config\database.scriptprogramfiles(x86)INSERT INTO CONFIG VALUES('AccountController','sq.txtJDownloaderSoftware\PaltalkHKEY_CURRENT_USER\Software\Paltalk\pwdPaltalk\.purple\accounts.xml<account><protocol></protocol><name></name><password></password>Pidgin\SmartFTP\Client 2.0\Favorites\Quick Connect\\SmartFTP\Client 2.0\Favorites\Quick Connect\*.xml<Password></Password><Name></Name>SmartFTPappdata\Ipswitch\WS_FTP\Sites\ws_ftp.iniHOSTUIDPWDWS_FTPPWD=KeyModeIVPaddingCreateDecryptor\cftp\Ftplist.txt;Server=;Port=;Password=;User=;Anonymous=Name=FTPCommander\FTPGetter\servers.xml<server><server_ip></server_ip><server_port></server_port><server_user_name></server_user_name><server_user_password></server_user_password>FTPGetterHKEY_LOCAL_MACHINE\SOFTWARE\Vitalwerks\DUCHKEY_CURRENT_USER\SOFTWARE\Vitalwerks\DUCUSERnameNO-IP+-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz\The Bat!\Account.CFNzzzTheBatHKEY_CURRENT_USER\Software\RimArts\B2\SettingsDataDirFolder.lst\Mailbox.iniAccountSMTPServerMailAddressPassWdBecky!\Trillian\users\global\accounts.datAccountsTrillianSoftware\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676EmailIMAP PasswordPOP3 PasswordHTTP PasswordSMTP PasswordSMTP ServerOutlookHKEY_CURRENT_USER\Software\Aerofox\FoxmailPreviewExecutableHKEY_CURRENT_USER\Software\Aerofox\Foxmail\V3.1FoxmailPath\Storage\\mail\\VirtualStore\Program Files\Foxmail\mail\\VirtualStore\Program Files (x86)\Foxmail\mail\\Accounts\Account.rec0\Account.stgReadDisposePOP3HostSMTPHostIncomingServerPOP3PasswordFoxmail5A71\Opera Mail\Opera Mail\wand.datopera:Opera Mailabcçdefgğhıijklmnoöpqrsştuüvwxyz1234567890_-.~!@#$%^&*()[{]}\|';:,<>/?+=

 \Pocomail\accounts.iniPOPPassSMTPPassSMTPPocoMailRealVNC 4.xSOFTWARE\Wow6432Node\RealVNC\WinVNC4RealVNC 3.xSOFTWARE\RealVNC\vncserverSOFTWARE\RealVNC\WinVNC4Software\ORL\WinVNC3TightVNCSoftware\TightVNC\ServerPasswordViewOnlyTightVNC ControlPasswordControlPasswordTigerVNCSoftware\TigerVNC\ServerTrimUltraVNCProgramFiles(x86)\uvnc bvba\UltraVNC\ultravnc.inipasswdpasswd2ProgramFiles\UltraVNC\ultravnc.ini

\eM Client.dlleM Client\accounts.dateM ClientAccountConfiguration72905C47-F4FD-4CF7-A489-4E8121A155BDhosto6806642kbM7c5\Mailbird\Store\Store.dbServer_HostEncryptedPasswordMailbirdSenderIdentitiesNordVPNNordVPN directory not found!NordVpn.exe*user.configSelectSingleNode//setting[@name='Username']/valueInnerText//setting[@name='Password']/value\MySQL\Workbench\workbench_user_data.dat[1]

 MySQL Workbench%ProgramW6432%Private Internet Access\data\Private Internet Access\data\account.json.*"username":"(.*?)".*"password":"(.*?)"Private Internet Access<array><dict><string></string><data></data>Safari Browser -convert xml1 -s -o "\fixed_keychain.xml" A10B11C12D13E14F15ABCDEF(EndsWith)IndexOfUNIQUEtableSoftware\DownloadManager\Passwords\EncPasswordInternet Download Manager{0}http://127.0.0.1:HTTP/1.1 HostnamePort200 Connection established

Proxy-Agent: HToS5x

 

Connect

 

You can try code at link below

Link: https://dotnetfiddle.net/.

 

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  
YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

 

References

1- https://www.fortinet.com/blog/threat-research/analysis-of-new-agent-tesla-spyware-variant.

2- https://blog.malwarebytes.com/threat-analysis/2020/04/new-agenttesla-variant-steals-wifi-credentials/.

3- https://www.deepinstinct.com/2020/07/02/agent-tesla-a-lesson-in-how-complexity-gets-you-under-the-radar/.

Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more