Malware Analysis Report

2025-01-19 08:08

Sample ID 240605-1mkjwsba59
Target 99544ecb7f197bf2a4fbe3f2bd915eab_JaffaCakes118
SHA256 60815ff0818b32c789864d72bda2bb194514c79eaf12e211524820d6193ff1e7
Tags
discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

60815ff0818b32c789864d72bda2bb194514c79eaf12e211524820d6193ff1e7

Threat Level: Likely malicious

The file 99544ecb7f197bf2a4fbe3f2bd915eab_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries information about running processes on the device

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Queries information about active data network

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 21:51

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 21:45

Reported

2024-06-05 22:14

Platform

android-x86-arm-20240603-en

Max time kernel

179s

Max time network

187s

Command Line

com.zipingfang.wzx

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.zipingfang.wzx/mix.dex N/A N/A
N/A /data/data/com.zipingfang.wzx/mix.dex N/A N/A
N/A /data/data/com.zipingfang.wzx/mix.dex N/A N/A
N/A /data/data/com.zipingfang.wzx/mix.dex N/A N/A
N/A /data/data/com.zipingfang.wzx/mix.dex N/A N/A
N/A /data/data/com.zipingfang.wzx/mix.dex N/A N/A
N/A /data/data/com.zipingfang.wzx/mix.dex N/A N/A
N/A /data/data/com.zipingfang.wzx/mix.dex N/A N/A
N/A /data/data/com.zipingfang.wzx/mix.dex N/A N/A
N/A /data/data/com.zipingfang.wzx/mix.dex N/A N/A
N/A /data/data/com.zipingfang.wzx/mix.dex N/A N/A
N/A /data/data/com.zipingfang.wzx/mix.dex N/A N/A
N/A /data/data/com.zipingfang.wzx/mix.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.zipingfang.wzx

/system/bin/sh -c getprop ro.board.platform

sh -c getprop ro.yunos.version

getprop ro.board.platform

getprop ro.yunos.version

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.zipingfang.wzx/mix.dex --output-vdex-fd=54 --oat-fd=62 --oat-location=/data/data/com.zipingfang.wzx/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&

com.zipingfang.wzx:pushcore

sh -c getprop ro.yunos.version

getprop ro.yunos.version

com.zipingfang.wzx:pushcore

/system/bin/sh -c getprop ro.board.platform

getprop ro.board.platform

sh -c getprop ro.yunos.version

getprop ro.yunos.version

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 log.umsns.com udp
US 1.1.1.1:53 rs.easemob.com udp
CN 59.82.29.162:80 log.umsns.com tcp
GB 193.118.32.52:80 rs.easemob.com tcp
CN 59.82.29.162:80 log.umsns.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
CN 59.82.29.162:80 log.umsns.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 59.82.29.162:80 log.umsns.com tcp
GB 193.118.32.52:80 rs.easemob.com tcp
US 1.1.1.1:53 a2-v2.easemob.com udp
US 1.1.1.1:53 ulogs.umeng.com udp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 223.109.148.177:443 ulogs.umeng.com tcp
CN 36.156.202.68:443 plbslog.umeng.com tcp
CN 47.95.246.247:443 a2-v2.easemob.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 124.71.170.130:19000 s.jpush.cn udp
GB 142.250.187.206:443 tcp
GB 216.58.213.2:443 tcp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
US 1.1.1.1:53 sis.jpush.io udp
CN 1.92.70.140:19000 sis.jpush.io udp
US 1.1.1.1:53 easytomessage.com udp
CN 139.159.137.254:19000 easytomessage.com udp
US 1.1.1.1:53 im64.jpush.cn udp
CN 139.9.135.156:7005 im64.jpush.cn tcp
CN 139.9.135.156:7009 im64.jpush.cn tcp
CN 139.9.135.156:7006 im64.jpush.cn tcp
CN 139.9.135.156:7007 im64.jpush.cn tcp
CN 59.82.29.163:80 log.umsns.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 59.82.29.163:80 log.umsns.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 36.156.202.68:443 plbslog.umeng.com tcp
CN 101.201.233.110:443 a2-v2.easemob.com tcp
CN 139.9.135.156:7008 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7004 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 124.71.170.130:19000 easytomessage.com udp
CN 1.92.70.140:19000 easytomessage.com udp
CN 59.82.29.248:80 log.umsns.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 59.82.29.248:80 log.umsns.com tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
US 1.1.1.1:53 a4-v2.easemob.com udp
CN 101.201.233.110:443 a4-v2.easemob.com tcp
CN 139.159.137.254:19000 easytomessage.com udp
CN 139.9.135.156:7005 im64.jpush.cn tcp
CN 139.9.135.156:7004 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 139.9.135.156:7009 im64.jpush.cn tcp
CN 139.9.135.156:7007 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 59.82.29.249:80 log.umsns.com tcp
CN 139.9.135.156:7008 im64.jpush.cn tcp
CN 59.82.29.249:80 log.umsns.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
CN 47.95.246.247:443 a4-v2.easemob.com tcp
CN 139.9.135.156:7006 im64.jpush.cn tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 116.205.165.66:19000 s.jpush.cn udp
CN 1.92.70.140:19000 s.jpush.cn udp
CN 139.159.137.254:19000 easytomessage.com udp
CN 59.82.31.154:80 log.umsns.com tcp
CN 59.82.31.154:80 log.umsns.com tcp
CN 139.9.135.156:7007 im64.jpush.cn tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
US 1.1.1.1:53 a1.easemob.com udp
CN 47.95.246.247:443 a1.easemob.com tcp
CN 139.9.135.156:7009 im64.jpush.cn tcp
CN 139.9.135.156:7004 im64.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 139.9.135.156:7008 im64.jpush.cn tcp

Files

/data/data/com.zipingfang.wzx/databases/bugly_db_legu-journal

MD5 e86237de96160ed1bc2e411fbcdd766d
SHA1 cbedb9af2842993bebf01248e2b14201136cd6ee
SHA256 2d8dca057d64fcdd2e33c0ce2de006918d8bd85119c9e4174168846d471838d8
SHA512 373d2ba535cc016523eac796a184f0d2b3f7896f000c4715e08527e884dc405faed93439f132c2dbadbf07aa6bf1878ad60dbc058856bc21b6bd6322208f85d5

/data/data/com.zipingfang.wzx/databases/bugly_db_legu

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.zipingfang.wzx/databases/bugly_db_legu-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.zipingfang.wzx/databases/bugly_db_legu-wal

MD5 e67afa97e987883c246a853cba0ed47e
SHA1 b7ec35dbf00e97b6ab7e18b66219337f023043ab
SHA256 91bd7cedae804283678d7acdd31977d3ab2de8c4baa265cbcf41f3c98f4fc812
SHA512 699a0aac8a99a9ec3b93c1f162fb4bbb1b8787ffd29cf392623e63af4f28f56c28ce98d5a8fec830e897ad0d98ee6d6d36c282b3192ff75b3926f0353c53a3ce

/data/data/com.zipingfang.wzx/mix.dex

MD5 63f77f99bd2c2b772a479923bde11974
SHA1 c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA256 4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA512 3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

/data/data/com.zipingfang.wzx/files/jpush_stat_cache_history.json

MD5 4a5c4d7f999448a87419da32944d0e3a
SHA1 f75d0d6cb4e67576fbab907b79fc89057f24e278
SHA256 3c4e3364a14710889cc3b0dfbc4ba42b3b45fbf5b0b034ef423138bc7f9ba3e4
SHA512 3a6ccd0cf26bfe08e3106d452ebb7f713ea30d9b0c33f5543e4aa77583468f4bf77736de83005cebb12440ca30d530d6e0624ec4324e1b6cf6a295703b4693d7

/data/data/com.zipingfang.wzx/files/jpush_stat_cache_history.json

MD5 d9f17421e6f8993f55862e713cf7c492
SHA1 e82f34d59719ca62d58ebc294ae777360447a4c7
SHA256 a7fdf35225b038e17781f26778e6d0b543fa713dce8f36529c45c784f5be2559
SHA512 5bce076eea4fe87c6d39f2b68542caf64f169aeebbede4cb0f24997dcbcaba30c7801fa116300ec83813ea2663442cc8091fecc1ac4f34e79f4ec8d964a057f1

/storage/emulated/0/data/.push_deviceid

MD5 d9e2f06061846cb3b49e75b5bcbb5875
SHA1 b33da80602d2509048a09f8689be0780311ac82f
SHA256 b61a2f5f715aadaa9e0815848218671d31072b6635d37c762fb389bcae1a8578
SHA512 2dc62bae0ca088740c8d8a49d4c06e94ed771233d46b1068b7044b9ff020bd6e4666024881e93e48896d862f56c970e95ee5ad73ba92707b2d1057b046bd673e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 21:45

Reported

2024-06-05 22:13

Platform

android-x64-arm64-20240603-en

Max time kernel

20s

Max time network

132s

Command Line

com.zipingfang.wzx

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.zipingfang.wzx/mix.dex N/A N/A
N/A /data/data/com.zipingfang.wzx/mix.dex N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.zipingfang.wzx

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp

Files

/data/user/0/com.zipingfang.wzx/databases/bugly_db_legu-journal

MD5 a1f566ec8b2907cc01aa507ba0322677
SHA1 8ecc700cfaa20cc07bfe976005633053cc591f86
SHA256 bd3356dee1f1dbbdaa93d9781802c81dd8fdb7a423cbfa4c7b6e4af5692682b3
SHA512 3526db8043a98071ef96d7def3de725cdaf018f3ea13ab521d9be38f0a98c756c36e9a551ad12a0d4fa18ee1189ed7793b62f7f84ef8514b34d08edac24fa094

/data/user/0/com.zipingfang.wzx/databases/bugly_db_legu

MD5 3f5ff936ddd604001a7229ee5cfe8696
SHA1 6e4de4b54167b05e8e7ea5b969fcac19369ee2be
SHA256 b5a6b67a2487df066fa9ec37544c4c35d581886b4e56461f935c7664b680fe1b
SHA512 cc229c19c32947b24995b9919fa0f41d9b5d09b095726f853d6f673c81fcd3a789a6144d4b0f8140f3ce8bf6a7661a2621061bdc4a37b9c20c38ecc65308fe96

/data/user/0/com.zipingfang.wzx/databases/bugly_db_legu-journal

MD5 2fd7d27b1658513176285c5eac394b9c
SHA1 2b1e7a9655d4aeea13819905077898c471669f98
SHA256 65fa9c1a67f4adc4d65f05078585da9c39a5d943d9bceedd0ba836b06dee70f0
SHA512 4989db65f632ba1af6ce03fddff89ac96b1c50dd83dbe033d77ec09e36d5cfd01ae0086aca45b61e8571c28847ff6038fd08dae6c91631194ba48609892dcc75

/data/user/0/com.zipingfang.wzx/databases/bugly_db_legu-journal

MD5 62457b83cf1b09843b65b3feaa758eb7
SHA1 ec561a7c8a25cfd145205e5e05cfb9a7805955ae
SHA256 22223efcf6a686e88b36433530c469569859bc338a64c0c733af0078a5fe81ec
SHA512 1d6ad7b35e917a3001e72fb0b5740e44208361f253cff0b431de2d364a2ccb97f27eb05a5056b263ef62e3144079e2e469c7777e90e58b8903d3665ede007740

/data/user/0/com.zipingfang.wzx/databases/bugly_db_legu-journal

MD5 da5c9924849ced888ae0cb46d945490e
SHA1 aa3d6f2145a6785fa3f3bb9d6da43971ac57a82a
SHA256 ce49f3812ec9463dfb2a3804cb681189c09cb13b5b542151fcafa84016f22ef2
SHA512 e93e720ed30d6266de8772a28c69a2a8924c4dab93dfdb22cd83c174d58f48cad040f62f6a2435aed8e8ab12920d5fdda9506ae85fb7f4de97cdceef6341bd77

/data/user/0/com.zipingfang.wzx/databases/bugly_db_legu-journal

MD5 6ae7157c9a41460580a669584dd118e4
SHA1 fece9a5cfbbb00e780c445066291e0dc9d752955
SHA256 1162619503e0d3161932c65bb08eb9c3c49a03140c97111c53f7d69c3b010d83
SHA512 9e2d75144b8c5074d38960501d01c8bef072265576db2c5fc6e0434bd2b76378da185d657dff40e41c43163df4addcf83f79ae864d3733ea158f6a7eb16c105e

/data/user/0/com.zipingfang.wzx/databases/bugly_db_legu-journal

MD5 895b7d96b4a2a510e302b6fef64a9765
SHA1 47525b4dc2e01d093c4c59533a0b0edc1e0f944c
SHA256 a84883a39804c817a8d2d790e0ddf8431b89cfc36351b91d0a89bbf4fb033c91
SHA512 bc10a670f8ef128bb78440621ce19baa443807045bd2293ef122fe2397dcc3a094a0f883b1436eb2ebccb6970ab7ddb5f41f725715e1380612df5fe969efc519

/data/data/com.zipingfang.wzx/mix.dex

MD5 63f77f99bd2c2b772a479923bde11974
SHA1 c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA256 4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA512 3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

/data/user/0/com.zipingfang.wzx/app_bugly/tomb_1717625466270.txt

MD5 273325efc8791cb219aa5731fa4fc6ea
SHA1 22cdad094f6877eb8c7b252ff59f49081b748240
SHA256 8c642a0f9d15467239894d0afd51545188288b6cb8c3e5a68fe2aa2e1960463c
SHA512 eb9b0f69cc8028165c4cd276ce7537b00f04c60dd2428697ab8b01ad4ae6c56e9ff82e6dc5a31e594c418c3bfbf1bedd78921a041a7ec855860445e7e1cdd589

/data/user/0/com.zipingfang.wzx/app_bugly/rqd_record.eup

MD5 858bbad0449afc0137cab6bc09f25f0b
SHA1 43d922071f1a4a92e5d87c04caaccfe5fb50edb7
SHA256 4308e36be335c956727e55e2f478d80143c5cd8cda3f005b2867bcbfbac1fc2e
SHA512 9d616066bb0176eaca04afc925526da73873da367a13b3b9cb7ee42856faf04d95624289dd6a5639ecc59d3988bab2cb527ddfc8e76f41356085d349d83621fc

/data/user/0/com.zipingfang.wzx/app_bugly/rqd_record.eup

MD5 5ac1de230e31c8dc7853fe4111bc911e
SHA1 857af0e14e60618fd09741af204347f2ecda9bff
SHA256 324f390faa5c41d350871ec1d5dfa406cd3b90c0417ff0a604a1d474e52cd44c
SHA512 616fbb5e86cf13053d907486c19f38f6bc38829209a411356d0e652a4873522eb6b751e1a3543b6aa1d00bd941e158070dc1bb0e8eb1ef649c99ef97663f14c0

/data/user/0/com.zipingfang.wzx/cache/tomb.zip

MD5 4829f226beebb3070e793d1a143ce59b
SHA1 2f1037f88183cb7f28596f3c98a152c39989665c
SHA256 94a0b703f14c5185ec2f717c1aab400da052a1e73a700f5d3743ad13f83d8765
SHA512 fe832f0f5c32e21f42b46c0ff732b849c6e2cee6935ad60f43e7f191892ba6e64f0e034ae6734c4d5a7d60d4d6e9be7a8f917ca9fede0630b65bd294c533667b