Malware Analysis Report

2024-09-09 16:08

Sample ID 240629-1xtwba1blq
Target c0cf231fc9bbea9743fa3ad0376a0a97ab040291004eadc13bb755e08a04afb3.bin
SHA256 c0cf231fc9bbea9743fa3ad0376a0a97ab040291004eadc13bb755e08a04afb3
Tags
irata discovery execution persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c0cf231fc9bbea9743fa3ad0376a0a97ab040291004eadc13bb755e08a04afb3

Threat Level: Known bad

The file c0cf231fc9bbea9743fa3ad0376a0a97ab040291004eadc13bb755e08a04afb3.bin was found to be: Known bad.

Malicious Activity Summary

irata discovery execution persistence

Irata family

Irata payload

Requests dangerous framework permissions

Acquires the wake lock

Queries information about active data network

Reads information about phone network operator.

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-29 22:02

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-29 22:02

Reported

2024-06-29 22:09

Platform

android-x86-arm-20240624-en

Max time kernel

10s

Max time network

135s

Command Line

com.hoarycow.msg

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.hoarycow.msg

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 frgukufe.cloud udp
NL 185.73.113.55:443 frgukufe.cloud tcp

Files

/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-journal

MD5 3f987816df264c70926312e90b458b7a
SHA1 b080e66a8aae1dfe81aef964bdfa736809fa1434
SHA256 22a313fdb3125fd300cb70116ac27d0f24b0bee6a536921f327ecf2b6894dadd
SHA512 c41fae1c3cf507f8b41db8fbdfdaa98c8e790da986af03ffc3a452a9210ef88a29ea06dfbbd07ac5b835abb7cf38da6d55759afa99b484c7d05513608e6b9b14

/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-wal

MD5 90f4f7166fb5a5b8c5ac8c74757b952a
SHA1 e4b2b8daa36b137b0cbc80d1263042656b86f0b2
SHA256 21d1d23e8771a9d68a6916d85d71dce463c0abaaf8ae94450a0787238da4297e
SHA512 733db7d5f32ff7fb4728b4af032c8a31be5d99097afd13263210caf0fcc7374305a8477468c62af89d40b4758996b48fddad6a8d257512bc5b26760df878a9e4

/data/data/com.hoarycow.msg/files/PersistedInstallation6577193063115417073tmp

MD5 b86e71309847d1873dac953a2eff154e
SHA1 03839406411bc3e3321034b130162833b4033e8c
SHA256 76168f81ee5b4529417e4539023688e591971560dfd2335d4cbed13af283c3a3
SHA512 e866523662608f23598042efacc732b731033d026318b950ca8ba09c179ee3dd9be01280b1408e05605a25739af5d3425babb55ee88d764bf34ab50340ad472c

/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-wal

MD5 ccf33abf73e8cc5ea42ad9d72a5d6ac0
SHA1 cd36cf367bd104c1e403e0b5bf7f5610f2bb85ad
SHA256 73cfa1a45f6e838f033610b208a24af9e2b2ba405043b199dfa6e251da7739dd
SHA512 45f5dda3bd606e70515ced32c9be4a9e0283b70785f01e386d077091fd3260e80f4e6f1067c50b7a1a87fe35220cfc22103b298b80ae8733c27d1c3915955c68

/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-wal

MD5 292bdfa96671d6d267709f6c66ffa4eb
SHA1 1f4dc795b6d814a96f63bc2a83df74fc0240c374
SHA256 660691782c42638df3e1eebab73307047e80ac532c0fdc7e1ee99ef340dae6fb
SHA512 5c5cb6362fe6431619d8eb97f218c5dafb6a2ffad590753e04d410c7430c8f07365b3a306184c922cc170b7201a60391286f2552e04d5e8a44e488d8f503f776

/data/data/com.hoarycow.msg/files/PersistedInstallation6577484455942104356tmp

MD5 f099aa5c0ad1b2f1639fcbe69af8fb0e
SHA1 1fbc816d39ff40f7f0465892f98be8d91748be8b
SHA256 3ddea0a511375c06c0057039a2b4aa451835294e5e5db59bbda85d80698f2836
SHA512 35d55f5bb16d14db45f8be3c2740a6c312f1fb739055d405c084a11f2660458594125495fd783999a6a0212d7f6eef3e8a9ddc1bba743060581132f6e3244da8

/data/misc/profiles/cur/0/com.hoarycow.msg/primary.prof

MD5 b3ed04ca5cf1331fb379b9ecf1adce5b
SHA1 158c97c2f12835aaf6df01e1ba8e82ec10f785bd
SHA256 183d9008adce2f7d578bc548d014c67e2f8079d534c8c306b5886574c8bcf08a
SHA512 014440aa71ed66adc3ed1c616f24a7e2566a82e21fd4949713490ad1b74688aa1e3986712f74935f7c5b1de04aab71fd7c401871d1a21a21d24abfcd83078f4a

/data/data/com.hoarycow.msg/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 1dad4d1152e0051d2e0c5202f1f2e224
SHA1 9597c948c9b4cb63ad059beba96f84ad78faabd4
SHA256 87a89717b3aa3675acabb9ea50114788d6c672d1dc96c7a2637773a1f967d2eb
SHA512 4ee95f3c569eca3bda5333da7f4a13b93255022f9a63c771a50229c4b1cefc509bb0b80c9a1c745f7c75246d5aa0ee0b780e0dfd0163058fa87773099309b9f3

/data/data/com.hoarycow.msg/files/profileInstalled

MD5 75f936e5d24b93f23358aad447723a26
SHA1 8f0a8ac291783db17c7d6a4ee764f70ba31dfb34
SHA256 bf1f81101c8172d9e04ef2fa98c06b827697c73c1c57f40e666ec501c5e1d676
SHA512 dbc1b347baabf541ed9ab09cd64cc82b7e56383c099f7448e11eadd14b5c0149d01595150db8f492557f594030c738d6378c7ac03501b39b76666a9b18c00dfd

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-29 22:02

Reported

2024-06-29 22:07

Platform

android-x64-20240624-en

Max time kernel

48s

Max time network

164s

Command Line

com.hoarycow.msg

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.hoarycow.msg

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 frgukufe.cloud udp
NL 185.73.113.55:443 frgukufe.cloud tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 216.58.201.98:443 tcp
GB 172.217.169.46:443 tcp

Files

/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-journal

MD5 102da7fd9a9d8375a699c2fb2f393842
SHA1 f6cfb415bc2a1f302e2b3564e17dd114cce35dd1
SHA256 975cd3d575b62fb6c53052130545ca50057e3e45b88a183199c2d5b875e66fdf
SHA512 b6f9a9634c87892ddb4cea911c7763cd0ef9a4697a01e208da7038e940c10ec33bd106ddb1de6a6ead15240c4d87cddee16adcef2086036e0528142ee089f09a

/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-wal

MD5 6785e38949fab3e91a5d149fb996467c
SHA1 191027308b429a1b1fff47f836296e639e43152a
SHA256 300f7fd6498574bc589359b771e42ac54f2b4a4ad57d7e8f293edfd2e5bef689
SHA512 ad050902c2ad8776349afb237e2e533e066ebda3c3fdd4e3d7926f3b7ae7779cb5215e7aa49af9ce8eba47307f7b02f92ba9b019cd2031df398fab3d6a0f0d4e

/data/data/com.hoarycow.msg/files/PersistedInstallation2422907184624528656tmp

MD5 c0b487166c839704b812989e63f06da4
SHA1 97c239337fc7e55aaacab62ee0843bf0826a848a
SHA256 d71959dd6d9bd8103f4fd34226c294c624a0dacc0be506288c98aae2cee40259
SHA512 cfe34076a151914ee1b545670afb7cd924ed3704927b2e2cbeeda2b8aff184ceb79e86a887b3988c2ce24312e4857268e5b3f0375e39f40a323b29471fbcc1d7

/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-wal

MD5 56adff59582d30c12331a908e66e2fd9
SHA1 32120e0f78bee2a34d804120d9674e005f1fdd1c
SHA256 36aad183d46f21c10f9be636eebc38749e1e501ae8169385024230f8802f7e9a
SHA512 e4b6ddcab435fcfe7188de9cdc0f7e0bd4e9b331549e2298a02c164f7b622184e3cd75b7d3f5d4bb2cfd9008feabfccc6df7b48451cc3f3d117ec1bc0edbf91b

/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-wal

MD5 bf2a6d7a9fc2a8fd439004aa16f351db
SHA1 e7fbe17926bdeb0cd9a3cd8cae016f35f95f4a96
SHA256 19e21367374596055b29f97d1d14b0e791eda9c46fd9b235fa101fc3efdce533
SHA512 59723ef7d0e3c72be97d48177e192616ad5728a17ef93018b9e328a5f8ad04bff3fe03cc8f5dbc2c9c7be35021484df91deb15b172cac0703aad1df44e3b7983

/data/data/com.hoarycow.msg/files/PersistedInstallation5055833050445069894tmp

MD5 9b2f63c286d9eed93288b92e1a17ee64
SHA1 ece48a12ed5d94c73dd5b1b62b33c27e10e80240
SHA256 24f214d47b0ce3b7330194af1eaeea270580142f1bad99acfaa987c592c939b2
SHA512 848ec210aa14e981c4539759a1dc0f7ceb7e5e1733ef3de8e614e3cc4018c6dc83f686e0c70807adb0b2a74c12cda6f892fa79c58ba611410abffe6fa7d0ae36

/data/misc/profiles/cur/0/com.hoarycow.msg/primary.prof

MD5 b3ed04ca5cf1331fb379b9ecf1adce5b
SHA1 158c97c2f12835aaf6df01e1ba8e82ec10f785bd
SHA256 183d9008adce2f7d578bc548d014c67e2f8079d534c8c306b5886574c8bcf08a
SHA512 014440aa71ed66adc3ed1c616f24a7e2566a82e21fd4949713490ad1b74688aa1e3986712f74935f7c5b1de04aab71fd7c401871d1a21a21d24abfcd83078f4a

/data/data/com.hoarycow.msg/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 777efafeb996faf63f8fea7967c10b2a
SHA1 6d44411eff7716a6ba81f495a2b95a0c57dd8721
SHA256 10e66d47cac6e882010a83a950bbaa9a43645686a18370d3dba53b1f907889b9
SHA512 189a915a3da7b28e50fbbe858a8ba83de0900197f6596605beeb68f42bcea51f450c19eab21c45baec2dd5e1578dc08582f4da9de9beebfd9d465c387e6265c9

/data/data/com.hoarycow.msg/files/profileInstalled

MD5 7ff9dcade89addded498b85ec5781bde
SHA1 b593af05951b80e647f02242f15a3c52643d30d1
SHA256 3f0015cf5fc697d3cd93838839b267a0e86c032e4e2bbb70666dbc2df5d4cee1
SHA512 983cbb3e2deab837a45c43a31f2ba5fd0cff5fe3f2d14490c7bf46c32c780a6d4fc9594f22443a46dbb6644a0ace7e9b226e158cda2c151950638930fd4d9ccb

/data/misc/profiles/cur/0/com.hoarycow.msg/primary.prof

MD5 8bb312eed0c0766755a58f078644f0ce
SHA1 851d52ce3bcad559ccdcb9a2bd6fc70f1f1bd5d3
SHA256 635aaf673decd0fd4ec9d848ba95bbfbe3598b658ead18d6c974839c98856df3
SHA512 6a4be22c6b2a93fb7eeba0a572151c33bd06b01cb2b20ab9d61a3cb4c6aa0093931d5e56b99b3cbbbe0711d4d651f9f53c81f3d7159b1c1bd91bc07719bd8cd5

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-29 22:02

Reported

2024-06-29 22:07

Platform

android-x64-arm64-20240624-en

Max time kernel

9s

Max time network

132s

Command Line

com.hoarycow.msg

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.hoarycow.msg

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 frgukufe.cloud udp
NL 185.73.113.55:443 frgukufe.cloud tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/data/com.hoarycow.msg/files/PersistedInstallation4314335670290471056tmp

MD5 085fc612940f9ee363c1e77fc09116f6
SHA1 a93ea9caf8cff1bec184d78ad63ef9954e32fb65
SHA256 5fb25a95e5cd3f0197e692efde135fc6b7521eb6e23b3e4e49ce83ee1d5a7d9e
SHA512 4587aa6b85b73d96fe2a143f4ad9cdde01bba127dfd24be7f7e35e969434c1bb28e1d1f8f70a090bdf40357359eb9d7386774a3139b33859f80c1493a14b151b

/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-journal

MD5 e7a85c66e9f5111bae93d5fad18d6397
SHA1 964bd351e97b88af5863228487d169a4bc73f3b6
SHA256 2c97d38856d148d31c4dfd95edc8b395e2f7332247d95eab8cf6fa31f6791f69
SHA512 e09cb831a9d0d1b5bf6da8b4646089db9c5e9555e0c656174521e5880a1566c64b83a6f2d0ac13904c9b18f9c09f987440f1d07b77992b6507118a62cd76ba7e

/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-wal

MD5 5b8dacca48c60016daca38d2d5b5c74a
SHA1 f99d3882161d6fcedff9a3345eb20d370bd1fbd8
SHA256 beac716dbb6a6d17f0d377270d2bc396e8b1caf36171870234a0d8eee07264ca
SHA512 592ea26c429fac75dabe731792fd64709974ea9de2152bfdd2314ca3d87e20408a7498b08e69c67c248a0641f31bbe420e28b1fd8912cb1f777b305f276d1ba0

/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-wal

MD5 e7fb5e711aac7d0ba273286c53811441
SHA1 e952bac536978d9ef13fac48900c324edb3916aa
SHA256 ce5835bdb4e3a87d45a8e3032bbf01fc33b58a18bc6ae3d7e7b5d0e3152aff34
SHA512 6d2a5105b95f0d6897632a3af6e188e96ffecbe884d55d78c1c4912b34072467333f01620b6e96cc2b2ee770f863023a83aaee942567dbdfcde13a9940e4562a

/data/data/com.hoarycow.msg/files/PersistedInstallation2167764759371191179tmp

MD5 b545aa62180fa681d71c80e1d77ef077
SHA1 868188e949ed5a1bb969a2672eb408e827223b88
SHA256 30d5ec609827a11806095d64262fc78cb9732d826f22822b26e043ae3caea383
SHA512 13f2b93ea69d27d7699a065a4b8952483b2529345d13a29529c96b44a36b6fd9a90800c6079607b803cc44165995922794ee4f851f8efef18811e0bae41c1986

/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-wal

MD5 917ec5f4419bbbbec803e9921475e2cd
SHA1 360ec7f3b7bdcd4d1831429b6797718b988685a2
SHA256 f77a21d3dedefeec3e90f81ef939409db71ba6df3a0c6f2d06282deb290df35a
SHA512 01838a93dd6750602ac48366ecf1dfd148476d38fe885527eb0e970805a27e2ede4dd27cb95205537da11dc3baabf903d465ca8b419f642256773d02370c3c2d

/data/misc/profiles/cur/0/com.hoarycow.msg/primary.prof

MD5 b3ed04ca5cf1331fb379b9ecf1adce5b
SHA1 158c97c2f12835aaf6df01e1ba8e82ec10f785bd
SHA256 183d9008adce2f7d578bc548d014c67e2f8079d534c8c306b5886574c8bcf08a
SHA512 014440aa71ed66adc3ed1c616f24a7e2566a82e21fd4949713490ad1b74688aa1e3986712f74935f7c5b1de04aab71fd7c401871d1a21a21d24abfcd83078f4a

/data/data/com.hoarycow.msg/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 3a29138ad173f8df0dabe520a428fa85
SHA1 4e17ab0ea9bbd2280a0d76dd3f2172542d897381
SHA256 48cd721b910448615cf6504e00107daf43a6d9f62e2d0a142fbf89093a75f293
SHA512 d32030e2df005de6e20c381f0bbe9cf67f7a3b9b86a4e8b550477ae70ca87156e59032370cb6db037c084abb735ce314035064f74ae0bf7cc57b6f748bc91c6a